[20 Points] Lernaean [by [Arrexel]
问题描述:
Your target is not very good with computers. Try and guess their password to see if they may be hiding anything!
网站首页登陆界面
根据提示进行密码猜解
BP爆破得到密码,同时在响应包里面得到flag
[30 Points] Cartographer [by Arrexel]
问题描述:
Some underground hackers are developing a new command and control server. Can you break in and see what they are up to?
因为不知道账号没办法爆破,先使用bp扫描,发现存在高危漏洞
可以看到是一个简单的布尔盲注,万能密码得到提示
提示Under Construction
可能是文件读取,尝试将home替换为flag,读取得到flag
[30 Points] HDC [by Thiseas]
问题描述:
We believe a certain individual uses this website for shady business. Can you find out who that is and send him an email to check, using the web site's functionality?
Note: The flag is not an e-mail address.
初始界面
先使用bp scan发现并没有什么Hig漏洞
尝试注入和bp爆破密码最终无效,猜测站点JS可能存在问题
myscript.js可能和用户登陆有关系,其代码很少看不到什么,但是网站存在jQuery,网上找到jQuery JavaScript Library v3.2.1源代码(https://www.cnblogs.com/Python666/p/6929003.html)和该jQuery进行比较,看是否存在特殊代码
在线文本比较:http://wenbenbijiao.renrensousuo.com
比较发现站点Jquery存在一些多余的代码
可以看到Jquery中多出的代码函数function doProcess()和myscript中的函数一样
通过比较分析可以得到站点的账户和密码:TXlMaXR0bGU/cDB3bmll
Login Success
查看邮件列表发现无法列出
查看站点发现存在目录secret_area_
访问该目录得到mails.txt
根据问题描述需要我们给这些邮件列表中的地址发送邮件,最后可以发现在邮件fishroesalad@mail.com中可以得到flag
[50 Points] I know Mag1k [by rkmylo]
问题描述:
Can you get to the profile page of the admin?
[70 Points] Grammar [by forGP]
问题描述:
When we access this page we get a Forbidden error. However we believe that something strange lies behind... Can you find a way in and retrieve the flag?
