###### tags: `1111` 第二次社課: Web 01 === :::success 簽到： B094020037 黃子耘 B082040013 馬嘉 B093012033 王勤 B093040044 蔡明軒 B112040003 張景旭 B113012008 賴朝岳 B113015025 簡榆軒 B113040006 吳書禎 B113040007 蔡誌桓 B113012032 張博翔 M113140001 連昱婷 M113140002 張禮恩 M113140003 林哲緯 M113140005 王歆硯 M113140011 邱偉綸 M113140018 林啟謙 M113040109 蘇軒正 B104020044 黎懿綺 B093040027 施采廷 B113040016 蔡俊驊 M114020033 李庭瑋 B093040038 徐睿鍾 B093040030 吳國成 B093040032 林鉉閎 B102040045 曾新惟 B113025007 吳鈞鎧 B084012023 鄭鈺丞 B104020010 邱筠婷 B104020017 沈蕎萱 B094020021 戴辰昊 B113040005 孫建昌 B103021042 王翊瑋 M113010110 陳約綸 M113140010 羅子聘 B117610009 黑穎馨 ::: # Web Basics 01 ## [環境](https://drive.google.com/file/d/1bgd4gJzcE0LP8Jc0csqO3d6fvmyWMKn_/view?usp=sharing) 下載網址: https://ppt.cc/fVzYyx 解壓縮密碼: `macaca` ```bash= sudo apt-get install unrar -y unrar x 0bwapp.rar sudo ./install.sh # if you have already installed docker-compose, you dont have to do this command sudo ./deploy.sh sudo ./check.sh # clean up after the gathering sudo ./down.sh ``` * 進入 bWAPP URL: http://127.0.0.1:8888/bwapp/install.php > **Login:** bee > **Password:** bug ## [簡報](https://drive.google.com/file/d/16DG0o9Wvgii5Wf9PWyfsPwtuPKUgcLLp/view?usp=sharing) http://127.0.0.1:8888/bwapp/rlfi.php?language=message.txt&action=go ## picoCTF - Forbidden Paths * 題目: https://play.picoctf.org/practice/challenge/270 * 靶場: http://saturn.picoctf.net:52683/ >Can you get the flag? > Here's the [website](http://saturn.picoctf.net:52683/). > We know that the website files live in `/usr/share/nginx/html/` and the flag is at `/flag.txt` but the website is filtering absolute file paths. Can you get past the filter to read the flag? :::info 找到 flag.txt :::