Try   HackMD

Local Authority

link: https://play.picoctf.org/practice/challenge/278

題目

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

連結

website

解法

這題的 like 數超高!

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

連我寫完也送了一個 like 給他呢 wwww

這題雖然 100 points,但實際上絕對不值,因為真的太太太太簡單了!

這也象徵著再打 CTF 時千萬不能有分數迷思,一定要審題一下,跟考大考一樣 www

我們就來解這題!

首先打開網站:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

然後打開 dev-tools:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

打 CTF 的好習慣,正確說是進行紅隊時的好習慣:偵查、偵查、再偵查。

再打 Web 時,看到 input 就是會興奮,因為這代表其有洞可以鑽,雖然不知道這個洞會鑽出什麼,但是就鑽鑽看。

先看一下原始網頁碼:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

這邊 login 會送到 login.php,那麼就會是跟後面的 DB 進行交互。

我們就先試試看 sql injection 的做法進行盲注看看會發生什麼事情:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

密碼部分我打上 1=1 --,我就先預設他是 MySQL 的語法。

然後送出後看到:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

往右一瞥發現多了個 js ,我們再繼續看一下:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

有程式 sense 的應該都清楚了

真的不要以為這件事情是不會發生的!

之前看過有內部系統,就是這樣寫的

然後就把東西輸入吧:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

密碼我就是用 strongPassword098765

最後就

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

結案!

結語

這題好適合作為給學生破題使用,因為實在是太簡單了。

但是卻是需要一點點好習慣才能變得簡單!

不然你在第一頁做分析做到死大概也得不出結果。

So,開打前先偵查,摸清楚所有情報,是重要的!

Last changed by 
CXPhoenix
0
135

Read more

login

picoCTF 2021, Web Exploitation, 40 points

Jul 7, 2023
Cookies

picoCTF 2021, Web Exploitation, 40 points

Jul 7, 2023
GET aHEAD

picoCTF 2021, Web Exploitation, 20 points

Jul 7, 2023
Python Wrangling

picoCTF 2021, General Skills, 10 points

Jun 27, 2023
Read more from CXPhoenix
Published on HackMD