QMSCTFshow-web入门(1-20)-信息搜集 - Powered by Discuz! Archiver

前进之路 发表于 2024-10-14 10:09:44

CTFshow-web入门(1-20)-信息搜集

信息搜集

目录

[*]信息搜集

[*]web1
[*]web2
[*]web3
[*]web4
[*]web5
[*]web6
[*]web7
[*]web8
[*]web9
[*]web10
[*]web11
[*]web12
[*]web13
[*]web14
[*]web15
[*]web16
[*]web17
[*]web18
[*]web19
[*]web20

web1

打开网页发现没有东西
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524828-416532550.png
查看源代码
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524221-1479488035.png
发现flag
flag：ctfshow{c530c49f-f86e-49bc-bc58-8a493b179adb}
web2

https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113522998-596225612.png
手动添加view-source:
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524329-1193595096.png
flag：ctfshow{7d18c83c-6625-483c-b7e3-144265b7a6d5}
web3

游览器F12
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113529941-254193550.png
burp抓包
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113614586-439848725.png
flag：ctfshow{b53aabea-cdac-41b5-adfa-4a95d6ba2cac}
web4

发现源代码和抓包都没有。爬虫一下，查看可爬取内容
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525569-326286525.png
或者手动
https://972cd27d-e505-4039-bb78-9cbae64ddd13.challenge.ctf.show/robots.txthttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523328-454322171.png
访问一下
https://972cd27d-e505-4039-bb78-9cbae64ddd13.challenge.ctf.show/flagishere.txthttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523207-1169256067.png
flag：ctfshow{d98801ca-0887-4959-98e0-eb35aaf2776e}
web5

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525013-766372823.png
burp抓包
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113540789-1962457307.png
由此可见当前网站的主页是PHP语言编写的,因此我们不难猜测主页文件应该是:index.php
接着我们访问index.php文件，发现跳转的正是当前页面，因此猜测成立！
https://f9ae6211-6382-421a-a7fe-93be712fe9dc.challenge.ctf.show/index.phphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524305-1833093867.png
所以访问
https://f9ae6211-6382-421a-a7fe-93be712fe9dc.challenge.ctf.show/index.phps主动下载phps
打开查看
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523681-635197696.png
flag：ctfshow{b848ed23-3b71-4f14-906e-027e647675fa}
web6

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113527309-490248654.png
这是要扫描目录，扫描备录文件
使用密探
https://de076103-7fd4-4636-a676-1588e501fa0e.challenge.ctf.show/https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524674-1114680264.png
发现长度不一样，打开主动下载
https://de076103-7fd4-4636-a676-1588e501fa0e.challenge.ctf.show/www.ziphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524197-588456653.png
解压发现没有flag
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113522990-180402163.png
访问一下
https://de076103-7fd4-4636-a676-1588e501fa0e.challenge.ctf.show/fl000g.txthttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523264-289411983.png
flag：ctfshow{c3ab2267-32b5-44ad-b67b-4d9c25a868a3}
web7

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525979-27854649.png
可能是git,svn,等扫描一下
python dirsearch.py -u https://2515945b-6305-4a64-8013-055260e16a6e.challenge.ctf.show/ -e * -i 200发现有git文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524232-1642241641.png
访问git文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524152-605541944.png
flag：ctfhub{2fa56a68f55499a3ce897de2}
web8

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524631-592239955.png
可能是git,svn,等扫描一下
python dirsearch.py -u https://cf17b8b7-f9f1-478f-94c1-ca113f3662f9.challenge.ctf.show/ -e * -i 200 扫描出来.svn文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525709-1021408617.png
访问
https://cf17b8b7-f9f1-478f-94c1-ca113f3662f9.challenge.ctf.show/.svnhttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524293-1645212552.png
flag:ctfshow{814f075f-ecc2-46c7-b56b-544692a6df9b}
web9

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523821-727319194.png
vim突然断开会主动保存.swp的文件
另有在编辑文件这个文件应该是index.php
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523825-1040871660.png
发现可以访问
再加上.swp
https://998be20b-7185-4f0a-896c-e69a9feb92c9.challenge.ctf.show/index.php.swp主动下载文件，查看进行
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523245-2090711358.png
使用dirsearch扫描
python dirsearch.py -u https://998be20b-7185-4f0a-896c-e69a9feb92c9.challenge.ctf.show/ -e * -i 200这里扫描不出来可能方法不对
web10

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523658-105748347.png
F12
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523855-1448876333.png
或者burp抓包
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524890-820392244.png
ctfshow%7B8f04d1bf-c677-40fe-b1c6-dd9addfb5fd8%7D
将url编码解码https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523339-172397441.png
flag:ctfshow{8f04d1bf-c677-40fe-b1c6-dd9addfb5fd8}
web11

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524952-968206737.png
但是出不来
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523696-398556418.png
大概就是这样
flag：flag{just_seesee}
web12

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523144-57395929.png
爬虫一下
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523816-1442789439.png
发现可以访问/admin/
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523603-1624648284.png
联合提示拉到底出现
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524230-1325991229.png
暗码372619038
登录
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113526578-376890588.png
flag：ctfshow{3e16efea-5d19-48ba-a25c-c0a06313b668}
web13

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523813-361220179.png
查看页面，发现文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113532051-126728877.png
点击查看，拉到下面
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523790-1272695281.png
登录
https://e4bd9763-d090-453a-959f-5d924661bfc7.challenge.ctf.show/system1103/login.phphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523423-455999184.png
flag：ctfshow{e8512bdc-fffc-4250-bf4d-0716ab711ee4}
web14

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113526480-1402438946.png
源代码搜索editor（文本编辑器）
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523515-117942347.png
发现页面访问一下
只有
https://995a2509-401c-4aca-af33-600e721f269f.challenge.ctf.show/editor/可以访问，再看源代码没有flag
查找文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523548-955412475.png
文件位置
/editor/attached/file/var/www/html/nothinghere/fl000g.txt那么访问
https://995a2509-401c-4aca-af33-600e721f269f.challenge.ctf.show/nothinghere/fl000g.txthttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525813-739774749.png
flag：ctfshow{28abcd51-5bf6-488a-8ce4-376445a9fd38}
web15

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523498-70336948.png
扫描
python dirsearch.py -u https://ae0d9c1c-73e0-4fb7-8e84-5c1a3e67fb5e.challenge.ctf.show/ -e * -i 200看一下管理员页面是那个
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113527702-747785412.png
访问
https://ae0d9c1c-73e0-4fb7-8e84-5c1a3e67fb5e.challenge.ctf.show/admin/index.phphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523765-1256152335.png
选择忘记暗码
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113526332-215446359.png
联合提示地点只能在邮箱找
找到页面最下面
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523152-584847080.png
去QQ搜索一下
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523573-1402191052.png
提交城市西安
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523974-946183580.png
admin7789
这里可以爆破用户名，但是一样平常是admin
登录
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523801-2117363949.png
flag：ctfshow{0003c304-eb51-4753-9c27-dc0e6fe69c9b}
web16

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523641-1959814642.png
php探针
访问
https://3d8fbea0-7c25-4389-b0f9-ba6e55dfbc97.challenge.ctf.show/tz.phphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524172-77903067.png
访问phpinfo，搜索flag
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113525277-2086308958.png
web17

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113529973-95864191.png
备份文件sql
扫描一下
python dirsearch.py -u https://9ce4e447-494c-4dae-b309-b9a2f0fd1a51.challenge.ctf.show/ -e * -i 200发现sql文件
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523172-1759684582.png
访问
https://9ce4e447-494c-4dae-b309-b9a2f0fd1a51.challenge.ctf.show/backup.sql主动下载sql文件
打开查看，或者使用sql查看工具
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523285-681752578.png
flag：ctfshow{a9a4658c-4fdc-423a-8210-f032630d8760}
web18

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524608-1647930298.png
我认为不是很有用
有打开就没了
查看源代码
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113531129-1347722830.png
发现link到Flappy_js.js，访问
https://5a8cdad9-e2be-4a3c-b8c5-e2a52ef1e924.challenge.ctf.show/js/Flappy_js.js代码审计
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113526345-1774371433.png
if(score>100)
{
var result=window.confirm("\u4f60\u8d62\u4e86\uff0c\u53bb\u5e7a\u5e7a\u96f6\u70b9\u76ae\u7231\u5403\u76ae\u770b\u770b");解密
!信息搜集.assets\image-20240902163512581.png)
去到110.php
https://0b0f7c10-b005-4c05-950f-758fc9b3cc90.challenge.ctf.show/110.phphttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523445-1718589639.png
flag：ctfshow{b274555a-07c0-4162-b229-219a47c528ea}
web19

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523581-1386768789.png
查看源代码
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524669-655248361.png
方法一
使用bp抓包
user是admin
pass是a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524136-1103254850.png
方法一
bp抓包修改暗码为
a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524088-504742780.png
方法2
解密
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113558804-95922515.png
暗码是
i_want_a_36d_girlhttps://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113524274-1068476757.png
flag：ctfshow{9ffd3cbd-8dc9-4a4e-99d9-7c7a681807c8}
web20

提示
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113529587-166859262.png
扫描目录
python dirsearch.py -uhttps://bd1c0eed-744c-4104-bc38-da918cdb6707.challenge.ctf.show/ -e * https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113522968-512876982.png
发现存在这个目录继续扫描
python dirsearch.py -u http://bd1c0eed-744c-4104-bc38-da918cdb6707.challenge.ctf.show/db/ -e * 发现存在文件db.mab
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113527413-1850630052.png
访问。主动下载文件
使用记事本等查看，搜索flag
https://img2024.cnblogs.com/blog/3493431/202410/3493431-20241014113523447-1828218173.png
flag：flag{ctfshow_old_database}

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

页: [1]

ToB企服应用市场:ToB评测及商务社交产业平台's Archiver

CTFshow-web入门(1-20)-信息搜集