BugKu Web 刷题记录1
BugKu Web 刷题记录1
参考:
BugKu-Web-wp1
BugKu-Web-wp2
BugKu-Web-wp3
flask之ssti模版注入从零到入门
Simple_SSTI_1F12查看源码
输入
http://114.67.175.224:17350/?flag={{config.SECRET_KEY}}
Simple_SSTI_2
Flask_FileUpload创建111.txt并输入
import osos.system('cat /flag')
修改文件名为111.jpg后上传文件即可得到flag
滑稽
F12后,ctrl+f搜索flag即可
计算器F12,修改长度限制,随后输入正确计算结果即可。
GET
POST
矛盾第一个条件是不能为数字,第二个条件是==比较,和整型比较是会先把字符串转化为整型,’1admin’在比较时候会变成1
alert查看源代码
放到html中显示
你必须让他停下burp suite抓包
变量1关键在于这一句
eval(" ...
pikachu靶场刷题记录
CTF Web pikachu靶场记录
简单记录下pikachu靶场刷题历程
参考资料:
全程讲解视频
pikachu靶场wp1
pikachu靶场wp2
靶场环境配置
可以参照本篇博客:https://www.webxlab.net/article/detail/OmAE5oMAar
初始界面如下:
暴力破解使用burp suite即可
burpsuite无法拦截本地包:https://blog.csdn.net/qq_38923350/article/details/112497437?spm=1001.2101.3001.6661.1&utm_medium=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_antiscanv2&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_antisc ...
2022StarCTF-Misc-babyFL
2022 *CTF Misc babyFL WP(AI安全)题目描述:
源码链接:
链接:https://pan.baidu.com/s/14eOkeEAxO5byopzZhgyh8A提取码:pl5w
推荐使用jupyter
题目分析:先看源码
if __name__ == '__main__': try: if not os.path.exists('/home/ctf/model'): os.mkdir("/home/ctf/model") train_models() #训练模型 parameters = load_parameters() #加载正确识别的模型的参数 parameters = get_input_parameter(parameters) #添加自己输入的权重 model = aggregation(parameters) #用更新后的权重组合更新模型 test(model) # ...
Auto-Traffic-Analysis
New Directions in Automated Traffic Analysis论文学习
论文链接:New Directions in Automated Traffic Analysis | Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
文章主要信息
论文名称
New Directions in Automated Traffic Analysis
录用信息
CCS 2021(CCF-A)
作者
Jordan Holland, Paul Schmitt, Nick Feamster, Prateek Mittal
论文链接
https://dl.acm.org/doi/10.1145/3460120.3484758
源码
https://github.com/nprint/nprint
数据集
https://drive.google.com/drive/folders/158Lwb9TwopIJ0lGPuFik5744 ...
python爬虫
Python爬虫学习整理了一下以前写过的一些小爬虫。
12306查票# 12306Check.pyimport requestsimport pandas as pdimport json# 反复查询加循环即可f = open('stations.json',mode='r',encoding='utf-8')text = f.read()city_json = json.loads(text)f.close()from_station = input('始发站:')to_station = input('终点站:')train_date = input('发车日期(格式:2022-04-03):')# from_station = '武汉'# to_station = '长沙'# train_date = '2022-04-06'# print(city_json[from_station])# print ...
Hello World
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.
Quick StartCreate a new post$ hexo new "My New Post"
More info: Writing
Run server$ hexo server
More info: Server
Generate static files$ hexo generate
More info: Generating
Deploy to remote sites$ hexo deploy
More info: Deployment