CTF竞赛100题 word完整版.docx

preview
试读
83页
网络
网络
web安全
sql
xss
需积分: 0 22 下载量 97 浏览量 更新于2023-05-08 收藏 5.99MB DOCX 举报
网络攻防平台writeup 1 Web安全基础: 4 1、信息泄露: 4 2、暴力破解: 5 3、SQL注入: 5 4、文件上传: 5 5、XSS: 5 6、鉴权绕过: 6 7、文件包含: 6 8、验证码1.0: 6 9、headers: 6 10、Limited access: 7 11、XML PATH: 8 加解密技术: 9 1、解密1: 9 2、解密2: 9 3、古典现代: 9 4、ZIP解密: 9 5、RSA挑战: 10 6、古典密码1.0: 11 7、古典密码2.0: 12 8、密码算法破解: 13 9、base解码: 14 10、AES-CBC: 15 11、RSA解密3: 17
网络攻防平台 writeup
目录
网络攻防平台 writeup...........................................................................................1
Web 安全基础:...................................................................................................4
1、信息泄露: .................................................................................................4
2、暴力破解: .................................................................................................5
3SQL 注入:..................................................................................................5
4、文件上传: .................................................................................................5
5XSS:............................................................................................................5
6、鉴权绕过:..................................................................................................6
7、文件包含:..................................................................................................6
8、验证码 1.0 ...............................................................................................6
9headers ...................................................................................................6
10Limited access ......................................................................................7
11XML PATH ................................................................................................8
加解密技术:.......................................................................................................9
1、解密 1......................................................................................................9
2、解密 2......................................................................................................9
3、古典现代:..................................................................................................9
4ZIP 解密: ..................................................................................................9
5RSA 挑战:.................................................................................................10
6、古典密码 1.0 ..........................................................................................11
7、古典密码 2.0 ..........................................................................................12
8、密码算法破解: .........................................................................................13
9base 解码: ...............................................................................................14
10AES-CBC................................................................................................15
11RSA 解密 3.............................................................................................17
12Bit 纠错: ...............................................................................................18
13RSA4.....................................................................................................19
14、密钥交换: ..............................................................................................20
15ECC Basic.............................................................................................21
日志分析: ........................................................................................................22
1、流量分析:................................................................................................22
2、安全日志分析: .........................................................................................22
3、无线破解:................................................................................................22
4、注入流量:................................................................................................23
5、注入日志:................................................................................................24
6、扫描包分析: ............................................................................................25
安全编程: ........................................................................................................26
1、编程基础:................................................................................................26
2、快速脚本:................................................................................................26
3、快速解密(socket: ..................................................................................27
4、简单算法:................................................................................................27
5hash 破解 ..............................................................................................28
6、大数据运算: ............................................................................................28
7、海量验证码: ............................................................................................29
8、解密脚本:................................................................................................30
9、计算有多快: ............................................................................................31
信息隐写: ........................................................................................................31
1、图片中有什么: .........................................................................................31
2、图片中的秘密: .........................................................................................31
3、中级隐写(含解密): ...............................................................................31
4、像素中的秘密: .........................................................................................32
5、白噪声: ...................................................................................................34
6、另一种隐写: ............................................................................................34
7、图像的背后: ............................................................................................35
8、白噪声 2 ................................................................................................37
9、不动声色:................................................................................................38
Web 安全进阶:.................................................................................................38
1PHP 代码审计: .........................................................................................38
2web 高级代码审计: ..................................................................................38
3PHP 代码绕过: .........................................................................................39
4PHP 代码审计 2.0....................................................................................40
5SQL 注入进阶: .........................................................................................41
6、重置密码:................................................................................................41
7、芒果: ......................................................................................................42
8SALT......................................................................................................42
9、变量覆盖:................................................................................................43
10、验证码 2.0............................................................................................44
11、信息泄露进阶: .......................................................................................44
12Numbers ..............................................................................................46
13、盲注: ....................................................................................................47
14Injection ..............................................................................................48
15、文件上传进阶: .......................................................................................48
16Injection2.............................................................................................49
17bypass&sqlinjection...............................................................................50
MISC .................................................................................................................52
1 卡安全: ..................................................................................................52
2、数据恢复:................................................................................................52
3、星号密码:................................................................................................57
4ShellCode...............................................................................................57
5、数学公式:................................................................................................58
6Regex....................................................................................................58
7NFC 进阶:................................................................................................59
8Bad Git ..................................................................................................59
逆向:...............................................................................................................60
1、小试牛刀:................................................................................................60
2、跳转条件:................................................................................................61
3、算法逆向:................................................................................................62
4DotNet 逆向: ...........................................................................................63
5、安卓逆向:................................................................................................65
6、数学分析:................................................................................................69
7PYC 分析:................................................................................................70
8、逆向解密:................................................................................................72
9ELF 逆向: ................................................................................................73
10Js 解码:.................................................................................................77
11ELF 逆向 2............................................................................................78
溢出(Pwn: ....................................................................................................79
1Pwn 基础: ...............................................................................................79
2ROP 基础: ...............................................................................................80
3、猜测 100:...............................................................................................81
4 INPUT...................................................................................................82
5EasyPwn ................................................................................................83
Web 安全基础:
1、信息泄露:
Task:
秘密藏在哪里...
url: /tasks/web1.php
根据提示得知本目录下可能存在备份文件,常见的备份包括 file~,file.bak,.file.swp
等,在 url 输入
http://URL/tasks/web1.php.bak
查看源代码,获得 key
2、暴力破解:
Task:
输入正确的密码...
url: /tasks/web2.php
从源码中获得密码表,注意提交的密码要计算 md5 值后提交,用 burpsuit 爆破。
3SQL 注入:
Task:
SQL 注入得到想要的...
url: /tasks/web3.php
源代码给出了注入的过滤过程:
$check=
eregi('select|insert|update|delete|from|or|and|=|\/\*|\*|\.\.\/|\.\/|union|into
|load_file|outfile', $pass);
说明以上 eregi 方法内的关键字被过滤,需要找出替代方法,万能密码公式:
' or '1'='1
or 可以用||替代(and &&);逻辑'1'='1 因为=过滤,所以找出一种不用等号的逻辑公
式,例如:'a'<'t 或者'sw'
IN 'swod'等等,即:
')||('a'<'t
输入,发现已经绕过了这个过滤,读代码,发现判断 SQL 结果集只能有 1 条并且
username=admin,所以我们增加条件:
')||('a'<'t')&&(username like 'admin
')||username in ('admin
获得 key.
xx') || 'a'<'b' && (username like 'admin
4、文件上传:
Task:
文件上传也存在漏洞...
url: /tasks/web4.php
通过上传测试,得知文件上传防御使用了服务器端扩展名检测、类型检测。以下几种绕过
方案均无效:
%00 截断;1.asp;.jpg1.JpG1.php.hehe
本题的要点在于利用上传路径 00 截断绕过,如:
filename='another.jpg'
filepatch='un.php(0x00).jpg'
filename 绕过了测试,而在拷贝时,最终生成的地址可能为:
C:\\XXXX\un.php(0x00).jpg/another.jpg
由于可能调用底层的 C 语言应用,碰到 0x00 会发生截断,最后保存地址为:
C:\\XXXX\un.php
5XSS:
Task:
跨站脚本,弹出框...
url: /tasks/web5.php
通过调试工具知道 xss 过滤是客户端过滤,所以直接用调试器的控制台进行输入 alert(1)
即可弹窗。也可构造”><svg/onload=alert(1)//<!—也可注入 xss

剩余82页未读,继续阅读

身份认证 购VIP最低享 7 折!
30元优惠券
资源推荐
资源评论
usp1994
  • 粉丝: 6264
  • 资源: 1049
上传资源 快速赚钱
voice
center-task 前往需求广场,查看用户热搜

最新资源