随笔分类 - XCTF
摘要:According to the above page, it means that we can input a IP Address and then ping it. We gonna try to figure out what the page returns. It reutns all
阅读全文
摘要:It's a typical One Word Trojan, we can utilize AntSword(you can download this tool from github) to penetrate that above stuff. 'Shell pwd' is the POST
阅读全文
摘要:The hint where on the web page hints us to request this URI with sepcific IP address. What attribute represents the host IP address? The answer is 'X-
阅读全文
摘要:We need to upload a parameter 'a' that value is '1' in GET method. You know that the way to add someting behind URI like '?a=1' is GET method, so the
阅读全文
摘要:We notice taht the first condition needs us upload parameter 'a' which is equal to 0 and is TRUE value. So if the parameter 'a' is 0, it represents FA
阅读全文
摘要:It's a simple login page, so first, we try to catch a HTTP Header with BurpSuite to analyze. The annotation hints us the true username is admin and th
阅读全文
摘要:Open the web page, it shows a button you can't click. So we inspect the source code. We find the code "disabled=''" , it gives the button that specifi
阅读全文
摘要:The knowledge point of this question is cookie what contains some necessary information about personal status so that Web server could remember you. W
阅读全文
摘要:So the hint is very obvious :) .bak uesd to be the postfix of backup file. Download this backup file and the flag is hidden in source code.
阅读全文
摘要:It is a blank web page. So get the help from the hint: X老师上课讲了Robots协议,小宁同学却上课打了瞌睡,赶紧来教教小宁Robots协议是什么吧。 Robots Protocal is uesd to constrain the range
阅读全文
摘要:Nothing we can get from the original web page in Firefox. According to the hint: X老师让小宁同学查看一个网页的源代码,但小宁同学发现鼠标右键好像不管用了。 Just press the F12 key and the
阅读全文
浙公网安备 33010602011771号