SEETF | 风尘孤狼

.use-motion .brand,.use-motion .menu-item,.sidebar-inner,.use-motion .post-block,.use-motion .pagination,.use-motion .comments,.use-motion .post-header,.use-motion .post-body,.use-motion .collection-header{opacity:initial;}.use-motion .site-title,.use-motion .site-subtitle{opacity:initial;top:initial;}.use-motion .logo-line-before i{left:initial;}.use-motion .logo-line-after i{right:initial;}

0%

SEETF

发表于 2022-06-04 更新于 2022-07-07 分类于赛后复盘， CTF 阅读次数： Valine：
本文字数： 769 阅读时长 ≈ 1 分钟

今天一天打了几个国外的比赛，这个比赛直接给我打自闭了，web就会一题，我是fw。。。

web

Sourceless Guessy Web (Baby Flag)

WHY SO SERIOUS? WHY NEED SOURCE?

Contrary to the title of this challenge, you do not need to guess. As usual, do not bruteforce or scan our infrastructure, it is not allowed.

Note: There are two flags for this challenge.

http://sourcelessguessyweb.chall.seetf.sg:1337

For beginners:

https://portswigger.net/web-security/file-path-traversal

目录遍历漏洞../../../etc/passwd,看源码得到flag

MISC

Regex101

Our team stored a flag on our machine, however, we were hacked by someone, and he generated 2999 flags and hid our original flag in the .txt file. The flag consists of 5 uppercase letters, followed by 5 digits and another 6 uppercase letters. Can you find it for us?

签到题，一个一个找自然能找到，但是学到了一个新的方法

直接使用

SEE{[A-Z]{5}\d{5}[A-Z]{6}}

即可找到flag

SEE{RGSXG13841KLWIUO}

制作不易，如若感觉写的不错，欢迎打赏

本文作者： 故里
本文链接： https://hzy2003628.top/2022/06/04/SEETF/
版权声明： 本博客所有文章除特别声明外，均采用 BY-NC-SA 许可协议。转载请注明出处！