buuctf
大白 | png图片改高度
png图片改高度
[外链图片转存失败(img-PojN2D3v-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2321)]
基础破解 | archpr爆破
你竟然赶我走 | 打开
010editor打开 最后面flag
ningen | easy
binwalk
foremost
爆破
LSB | ss
[外链图片转存失败(img-3ZEH1eki-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2322)]
[外链图片转存失败(img-73OkHr5k-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2323)]
save bin
二维码扫描
rar | archpr爆破
qr | 二维码扫描
乌镇峰会种图 | 记事本打开
wireshark | 导出http对象
导出http对象
搜索flag
[外链图片转存失败(img-yRdrxVGS-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2324)]
找到password
文件中的秘密 | 右键属性
假如给我三天光明
盲文
wav文件
audacity打开
摩尔斯密码
来首歌吧 | 摩尔斯密码
镜子里面的世界 | ss
[外链图片转存失败(img-hwXdn7em-1567086301374)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2325)]
爱因斯坦
binwalk
foremost
图片属性
this_is_not_password
为解压密码
小明的保险箱
binwalk
foremost
爆破四位数字密码
FLAG
ss打开
[外链图片转存失败(img-KTNksaov-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2326)]
save bin
解压缩 一个elf文件
ida打开看到hctf
strings 1 | grep “hctf”
easycap
追踪tcp流
被嗅探的流量
导出http对象
一个php文件 实际上不是php 用010editor打开 十六进制视图
flag
梅花香之苦寒来
010editor打开 后面很多0-9 a-f
with open('1.txt','r') as h:
h=h.read()
bb = ''
tem=''
for i in range(0,len(h),2):
tem='0x'+h[i]+h[i+1]
tem=int(tem,base=16)
bb += (chr(tem))
png图片改高度
[外链图片转存失败(img-PojN2D3v-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2321)]
基础破解 | archpr爆破
你竟然赶我走 | 打开
010editor打开 最后面flag
ningen | easy
binwalk
foremost
爆破
LSB | ss
[外链图片转存失败(img-3ZEH1eki-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2322)]
[外链图片转存失败(img-73OkHr5k-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2323)]
save bin
二维码扫描
rar | archpr爆破
qr | 二维码扫描
乌镇峰会种图 | 记事本打开
wireshark | 导出http对象
导出http对象
搜索flag
[外链图片转存失败(img-yRdrxVGS-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2324)]
找到password
文件中的秘密 | 右键属性
假如给我三天光明
盲文
wav文件
audacity打开
摩尔斯密码
来首歌吧 | 摩尔斯密码
镜子里面的世界 | ss
[外链图片转存失败(img-hwXdn7em-1567086301374)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2325)]
爱因斯坦
binwalk
foremost
图片属性
this_is_not_password
为解压密码
小明的保险箱
binwalk
foremost
爆破四位数字密码
FLAG
ss打开
[外链图片转存失败(img-KTNksaov-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2326)]
save bin
解压缩 一个elf文件
ida打开看到hctf
strings 1 | grep “hctf”
easycap
追踪tcp流
被嗅探的流量
导出http对象
一个php文件 实际上不是php 用010editor打开 十六进制视图
flag
梅花香之苦寒来
010editor打开 后面很多0-9 a-f
with open('1.txt','r') as h:
h=h.read()
bb = ''
tem=''
for i in range(0,len(h),2):
tem='0x'+h[i]+h[i+1]
tem=int(tem,base=16)
bb += (chr(tem))
with open('2.txt','w') as ff:
ff.write(bb)
1234567891011
[外链图片转存失败(img-YNWznUSR-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2327)]
with open('2.txt','r') as f:
f = f.read()
b = open('3.txt','w')
for i in f.split('\n'):
b.write(i.lstrip('(').rstrip(')').replace(',',' ')+'\n')
12345
[外链图片转存失败(img-bveFTjxS-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2328)]
gnuplot
plot ‘3.txt’
https://tu.sioe.cn/gj/huidu/
灰度处理
后门查杀
d盾扫一下
[外链图片转存失败(img-whpjC0No-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2329)]
snake
binwalk
foremost
base64
https://blog.csdn.net/zz_Caleb/article/details/91973626
http://serpent.online-domain-tools.com/
[外链图片转存失败(img-Xyvb5Jvq-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2330)]
a = '''C T F { w h o _ k n e w _ s e r
p e n t _ c i p h e r _ e x i s
t e d } .'''
print a.replace(' ','').replace(' ','').replace('\n','')
1234
荷兰宽带数据泄露
RouterPassView
打开
搜索username
九连环
binwalk
foremost
steghide info xx.jpg
steghide extract -sf xx.jpg
ko.txt
解压
另外一个世界
记事本打开
最后010
八个一组 转字符
import binascii
ff.write(bb)
1234567891011
[外链图片转存失败(img-YNWznUSR-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2327)]
with open('2.txt','r') as f:
f = f.read()
b = open('3.txt','w')
for i in f.split('\n'):
b.write(i.lstrip('(').rstrip(')').replace(',',' ')+'\n')
12345
[外链图片转存失败(img-bveFTjxS-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2328)]
gnuplot
plot ‘3.txt’
https://tu.sioe.cn/gj/huidu/
灰度处理
后门查杀
d盾扫一下
[外链图片转存失败(img-whpjC0No-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2329)]
snake
binwalk
foremost
base64
https://blog.csdn.net/zz_Caleb/article/details/91973626
http://serpent.online-domain-tools.com/
[外链图片转存失败(img-Xyvb5Jvq-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2330)]
a = '''C T F { w h o _ k n e w _ s e r
p e n t _ c i p h e r _ e x i s
t e d } .'''
print a.replace(' ','').replace(' ','').replace('\n','')
1234
荷兰宽带数据泄露
RouterPassView
打开
搜索username
九连环
binwalk
foremost
steghide info xx.jpg
steghide extract -sf xx.jpg
ko.txt
解压
另外一个世界
记事本打开
最后010
八个一组 转字符
import binascii
a = '''01101011
01101111
01100101
01101011
01101010
00110011
01110011'''
b = ''
for ii in a.split('\n'):
b += chr(int(ii,2))
print b
12345678910111213
神秘龙卷风
爆破
++++++.>+++++++++++++
ook
brainfuck
https://www.splitbrain.org/services/ook
面具下的flag
binwalk
foremost
7z解压vmdk
7z x filename
https://www.splitbrain.org/services/ook
刷新过的图片
F5-steganography
java Extract ./Misc.jpg -e misc
得到一个压缩包 伪加密直接解压
穿越时空的思念
audacity 打开
摩尔斯密码
Mysterious ✨
输入
122xyz
od也应该可以
webshell后门
d盾扫描
隐藏的钥匙
记事本
搜索flag
数据包中的线索
导出http对象
由开头”/9j/”,可知以下数据为jpg图片,“/9j/”经base64解码后结果为“\xff \xd8 \xff”,该三字节为jpg文件的开头三字节,所以可推断出以下文件为jpg文件。
data:image/jpeg;base64,
浏览器
菜刀666
导出http对象
压缩包 需要密码
图片 画着密码
https://4hou.win/wordpress/?paged=2&cat=1023
喵喵喵
ss得到png
[外链图片转存失败(img-BSze7Mml-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2331)]
[外链图片转存失败(img-thOxtvcm-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2332)]
修改高度
[外链图片转存失败(img-hvbdSnNI-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2333)]
win10画图 反色
扫描二维码
下载一个压缩包
只能用winrar解压
ntfstreamseditor扫描
pyc文件
https://tool.lu/pyc/
反编译 得到加密脚本和c 逆向
def decrypt(c):
c = c[::-1]
flag = ''
for i in range(len(c)):
if i%2 == 0:
s = int(c[i])-10
else:
s = int(c[i])+10
s = chr(s^i)
flag += s
return flag
1234567891011
弱口令
压缩包打开 注释中不可见字符
复制到sublime text3 全选 显示摩尔斯密码
解码 转大写
解压
lsb隐写
lsb.py
蜘蛛侠呀 ✨
时间隐写
https://coxxs.me/642
http://yulige.top/?p=236
tshark -r out.pcap -T fields -e data >out.txt
lines = open("out00.txt",'rb').readlines()
files = open("out01.txt","wb")
for line in lines:
files.write(line.strip().decode('hex'))
files.close()
12345
01101111
01100101
01101011
01101010
00110011
01110011'''
b = ''
for ii in a.split('\n'):
b += chr(int(ii,2))
print b
12345678910111213
神秘龙卷风
爆破
++++++.>+++++++++++++
ook
brainfuck
https://www.splitbrain.org/services/ook
面具下的flag
binwalk
foremost
7z解压vmdk
7z x filename
https://www.splitbrain.org/services/ook
刷新过的图片
F5-steganography
java Extract ./Misc.jpg -e misc
得到一个压缩包 伪加密直接解压
穿越时空的思念
audacity 打开
摩尔斯密码
Mysterious ✨
输入
122xyz
od也应该可以
webshell后门
d盾扫描
隐藏的钥匙
记事本
搜索flag
数据包中的线索
导出http对象
由开头”/9j/”,可知以下数据为jpg图片,“/9j/”经base64解码后结果为“\xff \xd8 \xff”,该三字节为jpg文件的开头三字节,所以可推断出以下文件为jpg文件。
data:image/jpeg;base64,
浏览器
菜刀666
导出http对象
压缩包 需要密码
图片 画着密码
https://4hou.win/wordpress/?paged=2&cat=1023
喵喵喵
ss得到png
[外链图片转存失败(img-BSze7Mml-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2331)]
[外链图片转存失败(img-thOxtvcm-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2332)]
修改高度
[外链图片转存失败(img-hvbdSnNI-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2333)]
win10画图 反色
扫描二维码
下载一个压缩包
只能用winrar解压
ntfstreamseditor扫描
pyc文件
https://tool.lu/pyc/
反编译 得到加密脚本和c 逆向
def decrypt(c):
c = c[::-1]
flag = ''
for i in range(len(c)):
if i%2 == 0:
s = int(c[i])-10
else:
s = int(c[i])+10
s = chr(s^i)
flag += s
return flag
1234567891011
弱口令
压缩包打开 注释中不可见字符
复制到sublime text3 全选 显示摩尔斯密码
解码 转大写
解压
lsb隐写
lsb.py
蜘蛛侠呀 ✨
时间隐写
https://coxxs.me/642
http://yulige.top/?p=236
tshark -r out.pcap -T fields -e data >out.txt
lines = open("out00.txt",'rb').readlines()
files = open("out01.txt","wb")
for line in lines:
files.write(line.strip().decode('hex'))
files.close()
12345
import base64
lines = open("out0.txt",'rb').readlines()
file1 = open("new",'wb')
result = ''
for line in lines[4:-4]:
result += line[9:].strip()
file1.write(base64.b64decode(result))
lines = open("out0.txt",'rb').readlines()
file1 = open("new",'wb')
result = ''
for line in lines[4:-4]:
result += line[9:].strip()
file1.write(base64.b64decode(result))
'''
result = ''
lines = open("out.txt",'rb').readlines()
print lines[4:-4]
'''
1234567891011121314
a = open("out01.txt",'rb').readlines()
file1 = open("result1",'wb')
for i in range(len(a)):
bb = a[i].strip()
if bb == a[i-1].strip():
continue
file1.write(bb+'\n')
1234567
解压 flag.gif
identify -format “%T” flag.gif
[外链图片转存失败(img-W46ai2jZ-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2334)]
明显的二进制了,把20换0,把50换1.
binary转hex转ascii码
# coding:utf-8
import binascii
import hashlib
# import base64
# lines = open('result1.txt','rb').readlines()
# file = open('file','wb')
# flag = ''
# for line in lines[1:-1]:
# flag += line[9:]
# file.write(base64.b64decode(flag))
result = ''
lines = open("out.txt",'rb').readlines()
print lines[4:-4]
'''
1234567891011121314
a = open("out01.txt",'rb').readlines()
file1 = open("result1",'wb')
for i in range(len(a)):
bb = a[i].strip()
if bb == a[i-1].strip():
continue
file1.write(bb+'\n')
1234567
解压 flag.gif
identify -format “%T” flag.gif
[外链图片转存失败(img-W46ai2jZ-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2334)]
明显的二进制了,把20换0,把50换1.
binary转hex转ascii码
# coding:utf-8
import binascii
import hashlib
# import base64
# lines = open('result1.txt','rb').readlines()
# file = open('file','wb')
# flag = ''
# for line in lines[1:-1]:
# flag += line[9:]
# file.write(base64.b64decode(flag))
a = open("11",'r')
b = a.read().replace("“",'').replace("”","").replace("20",'0').replace("50",'1').replace('6','')
b = a.read().replace("“",'').replace("”","").replace("20",'0').replace("50",'1').replace('6','')
bb = binascii.unhexlify(hex(int(b,2))[2:-1])
print 'flag{'+hashlib.md5(bb).hexdigest()+'}'
12345678910111213141516
identify -format “%s %T \n” flag.gif
我爱Linux
https://www.cnblogs.com/puluotiya/p/5462114.html
https://www.cnblogs.com/harmonica11/p/11365782.html
python序列化文件的数据
将FF D9后保存出来,将序列化文件读出来
import pickle
with open('q', 'rb') as f:
f= pickle.load(f)
data = list()
for i in range(len(f)):
tem = [' ']*100
data.append(tem)
for i, j in enumerate(f):
for m in j:
data[i][m[0]] = m[1]
for i in data:
print(''.join(i))
123456789101112
[外链图片转存失败(img-gNVt98SV-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2335)]
usb ✨
https://wenku.baidu.com/view/b7889b64783e0912a2162aa4.html
rar文件结构
[外链图片转存失败(img-swFxOcqG-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2336)]
[外链图片转存失败(img-69v6RI79-1567086301380)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2337)]
https://blog.csdn.net/like98k/article/details/79533536
https://blog.csdn.net/qq_36609913/article/details/78578406
https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:" ", 0x2C:" ", 0x2D:"-", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~", 0x33:";", 0x34:"'", 0x36:",", 0x37:"." }
nums = []
keys = open('usbdata.txt')
for line in keys:
if line[0]!='0' or line[1]!='0' or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0':
continue
nums.append(int(line[6:8],16))
keys.close()
output = ""
for n in nums:
if n == 0 :
continue
if n in mappings:
output += mappings[n]
else:
output += '[unknown]'
print 'output :\n' + output
print 'flag{'+hashlib.md5(bb).hexdigest()+'}'
12345678910111213141516
identify -format “%s %T \n” flag.gif
我爱Linux
https://www.cnblogs.com/puluotiya/p/5462114.html
https://www.cnblogs.com/harmonica11/p/11365782.html
python序列化文件的数据
将FF D9后保存出来,将序列化文件读出来
import pickle
with open('q', 'rb') as f:
f= pickle.load(f)
data = list()
for i in range(len(f)):
tem = [' ']*100
data.append(tem)
for i, j in enumerate(f):
for m in j:
data[i][m[0]] = m[1]
for i in data:
print(''.join(i))
123456789101112
[外链图片转存失败(img-gNVt98SV-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2335)]
usb ✨
https://wenku.baidu.com/view/b7889b64783e0912a2162aa4.html
rar文件结构
[外链图片转存失败(img-swFxOcqG-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2336)]
[外链图片转存失败(img-69v6RI79-1567086301380)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2337)]
https://blog.csdn.net/like98k/article/details/79533536
https://blog.csdn.net/qq_36609913/article/details/78578406
https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:" ", 0x2C:" ", 0x2D:"-", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~", 0x33:";", 0x34:"'", 0x36:",", 0x37:"." }
nums = []
keys = open('usbdata.txt')
for line in keys:
if line[0]!='0' or line[1]!='0' or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0':
continue
nums.append(int(line[6:8],16))
keys.close()
output = ""
for n in nums:
if n == 0 :
continue
if n in mappings:
output += mappings[n]
else:
output += '[unknown]'
print 'output :\n' + output
output :
KEYXINAN
[Finished in 0.1s]
KEYXINAN
[Finished in 0.1s]
123456789101112131415161718192021222324
binwalk xxx
foremost xxx
tshark -r key.pcap -T fields -e usb.capdata > usbdata.txt
ci{v3erf_0tygidv2_fc0}
fa{i3eei_0llgvgn2_sc0}
栅栏
flag{vig3ne2e_is_c00l}
sqltest 未完成
import requests
import os
import urllib
import re
oo = []
pp = []
a = os.listdir('.')
for ii in a:
vv = open(ii,'r')
if "This's Title!" in vv.read() and 'ascii(substr(((select concat_ws(char(94), flag)' in urllib.unquote(ii):
oo.append(urllib.unquote(ii))
for ii in oo:
# print ii
# print ii[ii.find('>')+1:]
print re.findall(r', (.*?),',ii)[1]
123456789101112131415
被劫持的神秘礼物
http过滤
追踪tcp流
import hashlib
print hashlib.md5('adminaadminb').hexdigest()
————————————————
版权声明:本文为CSDN博主「mo0rain」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_41173457/article/details/100147514
binwalk xxx
foremost xxx
tshark -r key.pcap -T fields -e usb.capdata > usbdata.txt
ci{v3erf_0tygidv2_fc0}
fa{i3eei_0llgvgn2_sc0}
栅栏
flag{vig3ne2e_is_c00l}
sqltest 未完成
import requests
import os
import urllib
import re
oo = []
pp = []
a = os.listdir('.')
for ii in a:
vv = open(ii,'r')
if "This's Title!" in vv.read() and 'ascii(substr(((select concat_ws(char(94), flag)' in urllib.unquote(ii):
oo.append(urllib.unquote(ii))
for ii in oo:
# print ii
# print ii[ii.find('>')+1:]
print re.findall(r', (.*?),',ii)[1]
123456789101112131415
被劫持的神秘礼物
http过滤
追踪tcp流
import hashlib
print hashlib.md5('adminaadminb').hexdigest()
————————————————
版权声明:本文为CSDN博主「mo0rain」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_41173457/article/details/100147514
buuctf的更多相关文章
- 刷题记录:[BUUCTF 2018]Online Tool
目录 刷题记录:[BUUCTF 2018]Online Tool 一.知识点 1.escapeshellarg和escapeshellcmd使用不当导致rce 刷题记录:[BUUCTF 2018]On ...
- BUUCTF 部分wp
目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...
- buuctf misc 刷题记录
1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...
- BUUCTF知识记录
[强网杯 2019]随便注 先尝试普通的注入 发现注入成功了,接下来走流程的时候碰到了问题 发现过滤了select和where这个两个最重要的查询语句,不过其他的过滤很奇怪,为什么要过滤update, ...
- buuctf misc wp 01
buuctf misc wp 01 1.金三胖 2.二维码 3.N种方法解决 4.大白 5.基础破解 6.你竟然赶我走 1.金三胖 root@kali:~/下载/CTF题目# unzip 77edf3 ...
- buuctf misc wp 02
buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...
- BUUCTF WEB-WP(3)
BUUCTF WEB 几道web做题的记录 [ACTF2020 新生赛]Exec 知识点:exec命令执行 这题最早是在一个叫中学生CTF平台上看到的类似,比这题稍微要复杂一些,多了一些限制(看看大佬 ...
- BUUCTF Crypto_WP(2)
BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...
- BUUCTF WEB
BUUCTF 几道WEB题WP 今天做了几道Web题,记录一下,Web萌新写的不好,望大佬们见谅○| ̄|_ [RoarCTF 2019]Easy Calc 知识点:PHP的字符串解析特性 参考了一下网 ...
- BUUCTF Crypto
BUUCTF 几道crypto WP [AFCTF2018]Morse 简单的莫尔斯密码,最直观的莫尔斯密码是直接采用空格分割的点和划线,这题稍微绕了一下使用的是斜杠来划分 所以首先将斜杠全部替换为空 ...
随机推荐
- leetcode - 01
只出现一次的数字 给定一个非空整数数组,除了某个元素只出现一次以外,其余每个元素均出现两次.找出那个只出现了一次的元素. 你的算法应该具有线性时间复杂度. 你可以不使用额外空间来实现吗? 示例 1: ...
- P5331 [SNOI2019]通信 [线段树优化建图+最小费用最大流]
这题真让人自闭-我EK费用流已经死了?- (去掉define int long long就过了) 我建的边害死我的 spfa 还是spfa已经死了? 按费用流的套路来 首先呢 把点 \(i\) 拆成两 ...
- jdk1.8的HashMap和ConcurrentHashMap
原文地址:https://my.oschina.net/pingpangkuangmo/blog/817973 本文针对jdk1.8的ConcurrentHashMap 1 1.8的HashMap设计 ...
- 多个iframe,删除详情页时刷新同级iframe的table list
说明:在使用iframe开发时,经常遇到多个iframe之间的操作. 下面就是一个需求:在一个iframe中关闭时,刷新指定的iframe: 添加需要刷新的标识reload=true //添加npi2 ...
- 清除ios系统alert弹出框的域名
清除ios系统alert弹出框的域名 <script> window.alert = function(name) { var iframe = document.createElemen ...
- 松软科技课堂:jQuery 事件函数
jQuery 事件函数 jQuery 事件处理方法是 jQuery 中的核心函数. 事件处理程序指的是当 HTML 中发生某些事件时所调用的方法.术语由事件“触发”(或“激发”)经常会被使用. 通常会 ...
- QT版本
最近在linux下安装qt:发现主要的问题是qt的版本问题:下面来谈谈各个版本的理解 Qt 的版本是按照不同的图形系统来划分的,目前分为五个版本: Win: 适用于Miccrosoft Windows ...
- Android 开发替换Launcher
做android产品的时候,根据需求会制定各种各样的Launcher,因此,在此记录替换系统Launcher的流程. 1.修改frameworks/base/core/java/android/con ...
- 一看就会一做就废系列:说说 RECOVER DATABASE(下)
这里是:一看就会,一做就废系列 数据库演示版本为 19.3 (12.2.0.3) 该系列涉及恢复过程中使用的 个语句: 1. recover database 2. recover database ...
- sql注入学习笔记 详解篇
sql注入的原理以及怎么预防sql注入(请参考上一篇文章) https://www.cnblogs.com/KHZ521/p/12128364.html (本章主要针对MySQL数据库进行注入) sq ...