给了一个没有后缀的文件010打开发现是7z压缩包文件改后缀名解压
得到一个流量包丢入whereshark中,再导出HTML对象的时候发现可疑数据
对shell.jps进行追流的时候发现key是base64
而对connect.jsp进行追流的时候发现一个java脚本
flag i am not 猜测 key就是flag
对java脚本进行微改把上面得到的base64放入到脚本中进行运行就会得到flag
脚本如下
mport javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
String key = "flag{i_a";
String encryptedData = "eyIy/yvlH6zwsT9xGJCSGg2ZCm2YBO/VqEpEwPjCo04=";
//shell.jsp中的base64
String decrypted = Main.decrypt(encryptedData, key);
System.out.println("Decrypted data: " + decrypted);
}
private static final String DES = "DES";
public static String decrypt(String data, String key) throws Exception {
DESKeySpec desKey = new DESKeySpec(key.getBytes(StandardCharsets.UTF_8));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(DES);
SecretKey securekey = keyFactory.generateSecret(desKey);
Cipher cipher = Cipher.getInstance(DES);
cipher.init(Cipher.DECRYPT_MODE, securekey);
byte[] result = Base64.getDecoder().decode(data);
result = cipher.doFinal(result);
return new String(result, StandardCharsets.UTF_8);
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
