没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示


试读
83页
CTF是一种流行的信息安全竞赛形式,其英文名可直译为“夺得Flag”,也可意译为“夺旗赛”。其大致流程是,参赛团队之间通过进行攻防对抗、程序分析等形式,率先从主办方给出的比赛环境中得到一串具有一定格式的字符串或其他内容,并将其提交给主办方,从而夺得分数。为了方便称呼,我们把这样的内容称之为“Flag”。 CTF竞赛模式具体分为以下三类: 一、解题模式(Jeopardy) 在解题模式CTF赛制中,参赛队伍可以通过互联网或者现场网络参与,这种模式的CTF竞赛与ACM编程竞赛、信息学奥赛比较类似,以解决网络安全技术挑战题目的分值和时间来排名,通常用于在线选拔赛。题目主要包含逆向、漏洞挖掘与利用、Web渗透、密码、取证、隐写、安全编程等类别。 二、攻防模式(Attack-Defense) 在攻防模式CTF赛制中,参赛队伍在网络空间互相进行攻击和防守,挖掘网络服务漏洞并攻击对手服务来得分,修补自身服务漏洞进行防御来避免丢分。攻防模式CTF赛制可以实时通过得分反映出比赛情况,最终也以得分直接分出胜负,是一种竞争激烈,具有很强观赏性和高度透明性的网络安全赛制。在这种赛制中,不仅仅是比参赛队员的智力和
资源推荐
资源详情
资源评论
















网络攻防平台 writeup
目录
网络攻防平台 writeup ............................................................................................................. 1
Web 安全基础: ...................................................................................................................... 4
1、信息泄露: ..................................................................................................................... 4
2、暴力破解: ..................................................................................................................... 4
3、SQL 注入: ...................................................................................................................... 4
4、文件上传: ..................................................................................................................... 4
5、XSS: ................................................................................................................................. 5
6、鉴权绕过: ..................................................................................................................... 5
7、文件包含: ..................................................................................................................... 5
8、验证码 1.0: .................................................................................................................. 5
9、headers: ....................................................................................................................... 6
10、Limited access: ....................................................................................................... 7
11、XML PATH: ................................................................................................................... 7
加解密技术: ........................................................................................................................... 8
1、解密 1: .......................................................................................................................... 8
2、解密 2: .......................................................................................................................... 9
3、古典现代: ..................................................................................................................... 9
4、ZIP 解密: ...................................................................................................................... 9
5、RSA 挑战: ...................................................................................................................... 9
6、古典密码 1.0: ............................................................................................................ 11
7、古典密码 2.0: ............................................................................................................ 12
8、密码算法破解: ........................................................................................................... 13
9、base 解码: .................................................................................................................. 14
10、AES-CBC: ................................................................................................................... 15
11、RSA 解密 3: ............................................................................................................... 17
12、Bit 纠错: .................................................................................................................. 18
13、RSA4: ......................................................................................................................... 19

14、密钥交换: ................................................................................................................. 20
15、ECC Basic: ............................................................................................................... 21
日志分析: ............................................................................................................................. 22
1、流量分析: ................................................................................................................... 22
2、安全日志分析: ........................................................................................................... 22
3、无线破解: ................................................................................................................... 22
4、注入流量: ................................................................................................................... 23
5、注入日志: ................................................................................................................... 24
6、扫描包分析: ............................................................................................................... 25
安全编程: ............................................................................................................................. 26
1、编程基础: ................................................................................................................... 26
2、快速脚本: ................................................................................................................... 27
3、快速解密(socket): ................................................................................................... 27
4、简单算法: ................................................................................................................... 27
5、hash 破解 : ................................................................................................................. 28
6、大数据运算: ............................................................................................................... 28
7、海量验证码: ............................................................................................................... 29
8、解密脚本: ................................................................................................................... 30
9、计算有多快: ............................................................................................................... 31
信息隐写: ............................................................................................................................. 31
1、图片中有什么: ........................................................................................................... 31
2、图片中的秘密: ........................................................................................................... 31
3、中级隐写(含解密): ............................................................................................... 32
4、像素中的秘密: ........................................................................................................... 32
5、白噪声: ....................................................................................................................... 34
6、另一种隐写: ............................................................................................................... 34
7、图像的背后: ............................................................................................................... 36
8、白噪声 2: .................................................................................................................... 37
9、不动声色: ................................................................................................................... 38
Web 安全进阶: .................................................................................................................... 38
1、PHP 代码审计: ........................................................................................................... 38
2、web 高级代码审计: ................................................................................................... 38
3、PHP 代码绕过: ........................................................................................................... 40
4、PHP 代码审计 2.0: ..................................................................................................... 40

5、SQL 注入进阶: ............................................................................................................ 41
6、重置密码: ................................................................................................................... 41
7、芒果: ........................................................................................................................... 42
8、SALT: ........................................................................................................................... 42
9、变量覆盖: ................................................................................................................... 43
10、验证码 2.0: ............................................................................................................... 44
11、信息泄露进阶: ......................................................................................................... 44
12、Numbers: .................................................................................................................. 46
13、盲注: ......................................................................................................................... 47
14、Injection: ................................................................................................................... 48
15、文件上传进阶: ......................................................................................................... 48
16、Injection2: ................................................................................................................. 49
17、bypass&sqlinjection:................................................................................................. 50
MISC ......................................................................................................................................... 52
1、卡安全: ....................................................................................................................... 52
2、数据恢复: ................................................................................................................... 52
3、星号密码: ................................................................................................................... 57
4、ShellCode: ................................................................................................................... 57
5、数学公式: ................................................................................................................... 58
6、Regex: ......................................................................................................................... 58
7、NFC 进阶: ................................................................................................................... 59
8、Bad Git: ....................................................................................................................... 60
逆向: ..................................................................................................................................... 60
1、小试牛刀: ................................................................................................................... 60
2、跳转条件: ................................................................................................................... 61
3、算法逆向: ................................................................................................................... 62
4、DotNet 逆向: .............................................................................................................. 63
5、安桌逆向: ................................................................................................................... 65
6、数学分析: ................................................................................................................... 69
7、PYC 分析: .................................................................................................................... 70
8、逆向解密: ................................................................................................................... 72
9、ELF 逆向: .................................................................................................................... 73
10、Js 解码: ..................................................................................................................... 77
11、ELF 逆向 2: ............................................................................................................... 78

溢出(Pwn): ......................................................................................................................... 79
1、Pwn 基础: ................................................................................................................... 79
2、ROP 基础: ................................................................................................................... 80
3、猜测 100:: ................................................................................................................... 81
4、 INPUT: ........................................................................................................................ 82
5、EasyPwn: ..................................................................................................................... 83
Web 安全基础:
1、信息泄露:
Task:
秘密藏在哪里...
url: /tasks/web1.php
根据提示得知本目录下可能存在备份文件,常见的备份包括 file~,file.bak,.file.swp
等,在 url 输入:
http://URL/tasks/web1.php.bak
查看源代码,获得 key。
2、暴力破解:
Task:
输入正确的密码...
url: /tasks/web2.php
从源码中获得密码表,注意提交的密码要计算 md5 值后提交,用 burpsuit 爆破。
3、SQL 注入:
Task:
SQL 注入得到想要的...
url: /tasks/web3.php
源代码给出了注入的过滤过程:
$check=
eregi('select|insert|update|delete|from|or|and|=|\/\*|\*|\.\.\/|\.\/|union|into
|load_file|outfile', $pass);
说明以上 eregi 方法内的关键字被过滤,需要找出替代方法,万能密码公式:
' or '1'='1
or 可以用||替代(and 用&&);逻辑'1'='1 因为=过滤,所以找出一种不用等号的逻辑公
式,例如:'a'<'t 或者'sw'
IN 'swod'等等,即:
')||('a'<'t
输入,发现已经绕过了这个过滤,读代码,发现判断 SQL 结果集只能有 1 条并且
username=admin,所以我们增加条件:
')||('a'<'t')&&(username like 'admin
或')||username in ('admin
获得 key.
xx') || 'a'<'b' && (username like 'admin
4、文件上传:
Task:
文件上传也存在漏洞...

url: /tasks/web4.php
通过上传测试,得知文件上传防御使用了服务器端扩展名检测、类型检测。以下几种绕过
方案均无效:
%00 截断;1.asp;.jpg;1.JpG;1.php.hehe;
本题的要点在于利用上传路径 00 截断绕过,如:
filename='another.jpg'
filepatch='un.php(0x00).jpg'
则 filename 绕过了测试,而在拷贝时,最终生成的地址可能为:
C:\\XXXX\un.php(0x00).jpg/another.jpg
由于可能调用底层的 C 语言应用,碰到 0x00 会发生截断,最后保存地址为:
C:\\XXXX\un.php
5、XSS:
Task:
跨站脚本,弹出框...
url: /tasks/web5.php
通过调试工具知道 xss 过滤是客户端过滤,所以直接用调试器的控制台进行输入 alert(1)
即可弹窗。也可构造”><svg/onload=alert(1)//<!—也可注入 xss
6、鉴权绕过:
Task:
逻辑绕过,获得管理员权限...
url: /tasks/web6.php
使用 burpsuit 修改参数即可,设置 Cookie 中 level=admin,login=1
7、文件包含:
Task:
包含本地文件获取重要信息...
url: /tasks/web7.php
从题目得知查看源码即可,因为是文件包含题目,尝试用元封装器查看:
转码成 base64:
?file=php://filter/read=convert.base64-encode/resource=web7.php
或者转码成 rot13:
?file=php://filter/read=string.rot13/resource=web7.php
进行相应的 base64 解码就得到 key
8、验证码 1.0:
Task:
验证码漏洞基础...
url: /tasks/wcode1.php
vcode 留空且 cookie 留空,返回提示密码错误,表示可以绕过验证码。利用页面源代
码中的弱口令库 pass.txt 在 burpsuit 中爆破即可。
剩余82页未读,继续阅读

weixin_40191861_zj
- 粉丝: 40
- 资源: 1万+
上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助


安全验证
文档复制为VIP权益,开通VIP直接复制

- 1
- 2
前往页