Web/Apache Logs

###### tags: `DarkCTF` `Web` # Web/Apache Logs ### description - Our servers were compromised!! Can you figure out which technique they used by looking at Apache access logs. - flag format: DarkCTF{} - Files: https://mega.nz/file/m98S1YTC#WzatL7aoufzZZFO22u3595BruxD0VRsHx44WZgrpeho - 下載檔案後開啟，觀察可以語法，這邊我直接以sql injection下`union` - ![](https://i.imgur.com/SPjEcHk.png) - `union all select...`夠可疑了 - 直接丟url decode - ![](https://i.imgur.com/YiVrovJ.png) ### 方法一 - ![](https://i.imgur.com/Dw51YMr.png) - 線上工具decode - 自行python - ![](https://i.imgur.com/dNkntig.png) - 首先將數值丟進str - 利用split(',+')將值以`',+'`分開成不同字串 - 再利用int將字串識別成數字以便轉換 - 最後chr將數字轉成字元 ### 方法二 - ![](https://i.imgur.com/1szWA4i.png) - 線上工具decode - ![](https://i.imgur.com/VyyQA9D.png) - flag:`DarkCTF{5ql_1nj3ct10n}`