-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
3 lines (3 loc) · 16.6 KB
/
index.html
File metadata and controls
3 lines (3 loc) · 16.6 KB
1
2
3
<!DOCTYPE html><html lang="zh-CN"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="black-translucent" name="apple-mobile-web-app-status-bar-style"><meta content="telephone=no" name="format-detection"><meta name="description"><title>watch0ut Notebook | echo "TXIuQ2VuZytHcmVhdFlZWCtKYWNrUGFuPXdhdGNoMHV0LCBhIHRlYW0gb2YgMyBjb21wdXRlciBnZWVrcy4" | base64 -d</title><link rel="stylesheet" type="text/css" href="//cdn.bootcss.com/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" type="text/css" href="//cdn.bootcss.com/pure/0.6.0/pure-min.css"><link rel="stylesheet" type="text/css" href="//cdn.bootcss.com/pure/0.6.0/grids-responsive-min.css"><link rel="stylesheet" type="text/css" href="/css/style.css?v=0.0.0"><link rel="stylesheet" href="//cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css"><script type="text/javascript" src="//cdn.bootcss.com/jquery/3.1.1/jquery.min.js"></script><link rel="Shortcut Icon" type="image/x-icon" href="/favicon.ico"><link rel="apple-touch-icon" href="/apple-touch-icon.png"><link rel="apple-touch-icon-precomposed" href="/apple-touch-icon.png"><link rel="alternate" type="application/atom+xml" href="/atom.xml"></head><body><div class="body_container"><div id="header"><div class="site-name"><h1 class="hidden">watch0ut Notebook</h1><a id="logo" href="/.">watch0ut Notebook</a><p class="description">echo "TXIuQ2VuZytHcmVhdFlZWCtKYWNrUGFuPXdhdGNoMHV0LCBhIHRlYW0gb2YgMyBjb21wdXRlciBnZWVrcy4" | base64 -d</p></div><div id="nav-menu"><a href="/"><i class="fa icon-home"> 首页</i></a><a href="/about/"><i class="fa icon-about"> 关于</i></a><a href="/atom.xml"><i class="fa icon-rss"> 订阅</i></a></div></div><div id="layout" class="pure-g"><div class="pure-u-1 pure-u-md-3-4"><div class="content_container"><div class="post"><h2 class="post-title"><a href="/2015/12/08/HCTF-2015-Write-ups/">HCTF 2015 Write-ups</a></h2><div class="post-meta">2015-12-08</div><div class="post-content"><h2 id="404"><a href="#404" class="headerlink" title="404"></a>404</h2><p>咦,404了 <a href="http://120.26.93.115:12340/3d9d48dc016f0417558ff26d82ec13cc/webI.php" target="_blank" rel="external">http://120.26.93.115:12340/3d9d48dc016f0417558ff26d82ec13cc/webI.php</a> 奖励金币:50</p></div><p class="readmore"><a href="/2015/12/08/HCTF-2015-Write-ups/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2015/11/29/9447-CTF-2015-Write-ups/">9447 CTF 2015 Write-ups</a></h2><div class="post-meta">2015-11-29</div><div class="post-content"><h1 id="Reverse-engineering"><a href="#Reverse-engineering" class="headerlink" title="Reverse engineering"></a>Reverse engineering</h1><h2 id="flag-finder-1pts"><a href="#flag-finder-1pts" class="headerlink" title="flag finder (1pts)"></a>flag finder (1pts)</h2><p>I’ve forgotten my flag. I remember it has the format <code>9447{<some string>}</code>, but what could it be?</p></div><p class="readmore"><a href="/2015/11/29/9447-CTF-2015-Write-ups/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/11/10/HCTF-2014-Write-ups/">HCTF 2014 Write-ups</a></h2><div class="post-meta">2014-11-10</div><div class="post-content"><h1 id="丘比龙的最爱"><a href="#丘比龙的最爱" class="headerlink" title="丘比龙的最爱"></a>丘比龙的最爱</h1><p>丘比龙的最爱传说,丘比龙是丘比特的弟弟,丘比龙是一只小爱神,虽然有两只翅膀,但因为吃多了,导致身体太胖,所以飞不起来~那么问题来了?!丘比龙吃什么食物吃多了变胖了<br>没什么好说的,就是<code>甜甜圈</code>。</p></div><p class="readmore"><a href="/2014/11/10/HCTF-2014-Write-ups/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/10/08/XD-CTF-2014-Write-ups/">XD CTF 2014 Write-ups</a></h2><div class="post-meta">2014-10-08</div><div class="post-content"><h1 id="Web"><a href="#Web" class="headerlink" title="Web"></a>Web</h1><h2 id="Web20"><a href="#Web20" class="headerlink" title="Web20"></a>Web20</h2><p>主要考的是PHP彩蛋,在URL后添加如下参数:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">?=PHPE9568F36-D428-11d2-A769-00AA001ACF42</div><div class="line">?=PHPE9568F34-D428-11d2-A769-00AA001ACF42</div><div class="line">?=PHPE9568F35-D428-11d2-A769-00AA001ACF42</div><div class="line">?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000</div></pre></td></tr></table></figure></p></div><p class="readmore"><a href="/2014/10/08/XD-CTF-2014-Write-ups/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/09/29/ISG-CTF-2014-Write-up-SQLMAP-Up-to-Date/">ISG CTF 2014 Write-up (SQLMAP, Up-to-Date)</a></h2><div class="post-meta">2014-09-29</div><div class="post-content"><h1 id="SQLMAP"><a href="#SQLMAP" class="headerlink" title="SQLMAP"></a>SQLMAP</h1><p>题目很简单,就给了一个数据包:</p>
<p>数据包下载:sqlmap</p>
<p>从数据包看,<code>http://10.0.0.201/message.php?id=``?存在注入点,利用</code>sqlmap<code>进行拖库。前段时间刚好分析过</code>sqlmap`拖库过程,还算比较熟悉。</p></div><p class="readmore"><a href="/2014/09/29/ISG-CTF-2014-Write-up-SQLMAP-Up-to-Date/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/09/29/ISG-CTF-2014-Write-up-Out-of-Space-X-Area/">ISG CTF 2014 Write-up (Out of Space, X-Area)</a></h2><div class="post-meta">2014-09-29</div><div class="post-content"><h1 id="Out-of-Space"><a href="#Out-of-Space" class="headerlink" title="Out of Space"></a>Out of Space</h1><p>这个程序不能直接运行,我队友试了,直接死机。看了看是用C#写的,直接用.NET Reflector反编译,源码如下:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div></pre></td><td class="code"><pre><div class="line">public static void Main()</div><div class="line">{</div><div class="line"> Console.WriteLine("Generating data...");</div><div class="line"> StreamWriter writer = new StreamWriter("temp.txt");</div><div class="line"> ulong num = 1L;</div><div class="line"> do</div><div class="line"> {</div><div class="line"> writer.Write("ISG");</div><div class="line"> num += (ulong) 1L;</div><div class="line"> }</div><div class="line"> while (num <= 0xfa00000000L);</div><div class="line"> writer.Close();</div><div class="line"> Console.WriteLine("Almost done...");</div><div class="line"> SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider();</div><div class="line"> FileStream inputStream = new FileStream("temp.txt", FileMode.Open, FileAccess.Read);</div><div class="line"> byte[] buffer = provider.ComputeHash(inputStream);</div><div class="line"> inputStream.Close();</div><div class="line"> File.Delete("temp.txt");</div><div class="line"> Console.WriteLine("ISG{" + BitConverter.ToString(buffer).ToLower() + "}");</div><div class="line"> Console.ReadKey();</div><div class="line">}</div></pre></td></tr></table></figure></p></div><p class="readmore"><a href="/2014/09/29/ISG-CTF-2014-Write-up-Out-of-Space-X-Area/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/09/29/ISG-CTF-2014-Write-up-Smile-Chopper-Cryptobaby-GIF/">ISG CTF 2014 Write-up (Smile, Chopper, Cryptobaby, GIF)</a></h2><div class="post-meta">2014-09-29</div><div class="post-content"><h1 id="Smile"><a href="#Smile" class="headerlink" title="Smile"></a>Smile</h1><p>点击界面上的链接<code>http://202.120.7.104:8888/?view-source</code>即可看到界面源码,其中php部分如下:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div></pre></td><td class="code"><pre><div class="line"><?php </div><div class="line"> if (isset($_GET['view-source'])) { </div><div class="line"> show_source(__FILE__); </div><div class="line"> exit(); </div><div class="line"> } </div><div class="line"></div><div class="line"> include('flag.php'); </div><div class="line"></div><div class="line"> $smile = 1; </div><div class="line"></div><div class="line"> if (!isset ($_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('\.', $_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('%', $_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('[0-9]', $_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('http', $_GET['^_^']) ) $smile = 0; </div><div class="line"> if (ereg ('https', $_GET['^_^']) ) $smile = 0; </div><div class="line"> if (ereg ('ftp', $_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('telnet', $_GET['^_^'])) $smile = 0; </div><div class="line"> if (ereg ('_', $_SERVER['QUERY_STRING'])) $smile = 0; </div><div class="line"> if ($smile) { </div><div class="line"> if (@file_exists ($_GET['^_^'])) $smile = 0; </div><div class="line"> } </div><div class="line"> if ($smile) { </div><div class="line"> $smile = @file_get_contents ($_GET['^_^']); </div><div class="line"> if ($smile === "(●'◡'●)") die($flag); </div><div class="line"> } </div><div class="line">?></div></pre></td></tr></table></figure></p></div><p class="readmore"><a href="/2014/09/29/ISG-CTF-2014-Write-up-Smile-Chopper-Cryptobaby-GIF/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/08/26/HITCON-CTF-2014-Tarmful-Write-up/">HITCON CTF 2014 Tarmful Write-up</a></h2><div class="post-meta">2014-08-26</div><div class="post-content"><h1 id="Tarmful"><a href="#Tarmful" class="headerlink" title="Tarmful"></a>Tarmful</h1><p>Description<br>Just decompress them all.<br><a href="https://raw.githubusercontent.com/hitcon2014ctf/ctf/master/tarmful-3f13b82f7794de783adfd6fa9928ad2c.zip" target="_blank" rel="external">https://raw.githubusercontent.com/hitcon2014ctf/ctf/master/tarmful-3f13b82f7794de783adfd6fa9928ad2c.zip</a><br><a href="https://dl.dropbox.com/s/oh8cb6i63x7zggh/tarmful-3f13b82f7794de783adfd6fa9928ad2c.zip" target="_blank" rel="external">https://dl.dropbox.com/s/oh8cb6i63x7zggh/tarmful-3f13b82f7794de783adfd6fa9928ad2c.zip</a></p></div><p class="readmore"><a href="/2014/08/26/HITCON-CTF-2014-Tarmful-Write-up/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/08/22/HITCON-CTF-2014-DIAGCGI-Write-up/">HITCON CTF 2014 DIAGCGI Write-up</a></h2><div class="post-meta">2014-08-22</div><div class="post-content"><h1 id="DIAGCGI"><a href="#DIAGCGI" class="headerlink" title="DIAGCGI"></a>DIAGCGI</h1><p>Description<br><a href="http://54.92.127.128:16888/" target="_blank" rel="external">http://54.92.127.128:16888/</a></p></div><p class="readmore"><a href="/2014/08/22/HITCON-CTF-2014-DIAGCGI-Write-up/">阅读更多</a></p></div><div class="post"><h2 class="post-title"><a href="/2014/08/20/HITCON-CTF-2014-PY4H4SHER-Write-up/">HITCON CTF 2014 PY4H4SHER Write-up</a></h2><div class="post-meta">2014-08-20</div><div class="post-content"><h1 id="PY4H4SHER"><a href="#PY4H4SHER" class="headerlink" title="PY4H4SHER"></a>PY4H4SHER</h1><p>Category: Web Points: 200<br>Description:<br><a href="http://203.66.14.43/cgi-bin/py4h4sher" target="_blank" rel="external">http://203.66.14.43/cgi-bin/py4h4sher</a></p></div><p class="readmore"><a href="/2014/08/20/HITCON-CTF-2014-PY4H4SHER-Write-up/">阅读更多</a></p></div></div></div><div class="pure-u-1-4 hidden_mid_and_down"><div id="sidebar"><div class="widget"><form action="//www.baidu.com/baidu" method="get" accept-charset="utf-8" target="_blank" class="search-form"><input type="search" name="word" maxlength="20" placeholder="Search"/><input type="hidden" name="si" value="http://blog.watch0ut.com"/><input name="tn" type="hidden" value="bds"/><input name="cl" type="hidden" value="3"/><input name="ct" type="hidden" value="2097152"/><input name="s" type="hidden" value="on"/></form></div><div class="widget"><div class="widget-title"><i class="fa fa-folder-o"> 分类</i></div><ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/CTF/">CTF</a></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-star-o"> 标签</i></div><div class="tagcloud"><a href="/tags/CTF/" style="font-size: 15px;">CTF</a> <a href="/tags/Web/" style="font-size: 15px;">Web</a> <a href="/tags/Misc/" style="font-size: 15px;">Misc</a></div></div><div class="widget"><div class="widget-title"><i class="fa fa-file-o"> 最新文章</i></div><ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/2015/12/08/HCTF-2015-Write-ups/">HCTF 2015 Write-ups</a></li><li class="post-list-item"><a class="post-list-link" href="/2015/11/29/9447-CTF-2015-Write-ups/">9447 CTF 2015 Write-ups</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/11/10/HCTF-2014-Write-ups/">HCTF 2014 Write-ups</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/10/08/XD-CTF-2014-Write-ups/">XD CTF 2014 Write-ups</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/09/29/ISG-CTF-2014-Write-up-SQLMAP-Up-to-Date/">ISG CTF 2014 Write-up (SQLMAP, Up-to-Date)</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/09/29/ISG-CTF-2014-Write-up-Out-of-Space-X-Area/">ISG CTF 2014 Write-up (Out of Space, X-Area)</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/09/29/ISG-CTF-2014-Write-up-Smile-Chopper-Cryptobaby-GIF/">ISG CTF 2014 Write-up (Smile, Chopper, Cryptobaby, GIF)</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/08/26/HITCON-CTF-2014-Tarmful-Write-up/">HITCON CTF 2014 Tarmful Write-up</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/08/22/HITCON-CTF-2014-DIAGCGI-Write-up/">HITCON CTF 2014 DIAGCGI Write-up</a></li><li class="post-list-item"><a class="post-list-link" href="/2014/08/20/HITCON-CTF-2014-PY4H4SHER-Write-up/">HITCON CTF 2014 PY4H4SHER Write-up</a></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-external-link"> 友情链接</i></div></div></div></div><div class="pure-u-1 pure-u-md-3-4"><div id="footer">© <a href="/." rel="nofollow">watch0ut Notebook.</a> Powered by<a rel="nofollow" target="_blank" href="https://hexo.io"> Hexo.</a><a rel="nofollow" target="_blank" href="https://github.com/tufu9441/maupassant-hexo"> Theme</a> by<a rel="nofollow" target="_blank" href="https://github.com/pagecho"> Cho.</a></div></div></div><a id="rocket" href="#top" class="show"></a><script type="text/javascript" src="/js/totop.js?v=0.0.0" async></script><script type="text/javascript" src="//cdn.bootcss.com/fancybox/2.1.5/jquery.fancybox.pack.js" async></script><script type="text/javascript" src="/js/fancybox.js?v=0.0.0" async></script><link rel="stylesheet" type="text/css" href="/css/jquery.fancybox.css?v=0.0.0"><script type="text/javascript" src="/js/codeblock-resizer.js?v=0.0.0"></script><script type="text/javascript" src="/js/smartresize.js?v=0.0.0"></script></div></body></html>