相关阅读
8个月前视频讲解
本期视频将针对文件上传漏洞中,如果提供denylist去拒绝php后缀的文件,如何进行绕过?我们给出一个新的技巧,可以通过上传.htaccess文件来指定文件后缀解析php文件,最终上传webshell。当然,除了视频中作者给出的方式您也可以利用apache服务的一些特性,如evil.php%00.jpg上传webshell
NahamConCTF
相关CTF靶场链接
相关代码
如果您想对代码进行审计
可以下载php相关代码byepass.7z
Writeup
除了byepass题目之外,还有很多有趣的题目,如果您想寻找相关的攻略可以参考下面的资料
https://github.com/jselliott/NahamConEU22
Challenges
标有”✅”字样的挑战,都有相应的writeup。
热身
- Arjeebee (easy) ✅
- Banjo (easy) ✅
- catscii (easy) ✅
- Hashstation (easy) ✅
- Read The Rules (easy) ✅
- Way 2 Basic (easy) ✅
- Baby’s First Heartbleed (easy) ✅
- Technical Support (easy) ✅
逆向工程
- padlock (easy)
- rick (easy) ✅
- Go Jargon Go (hard) ✅
- Vasily’s Pride (hard)
密码学
- dont_hack_my_d (easy)
- Shapeshifter (easy) ✅
- rektcursion (hard)
Web
- Byepass (medium)
- Dogos (hard)
- Use After Exit (medium)
- Dirty Bird 2 (hard)
- Flink (medium)
- Chatter (hard)
- Recurse CTF (hard)
杂项
- The Space Between Us (medium)
- MMORPG (easy)
- CLEAVE (hard)
- Squid Game (medium)
脚本
- Math Smasher (medium)
网络相关
- IP Man (easy)
二进制
- Hexploit (easy)
- The Imagicator Redux (medium)
- The Imagicator (medium)
- The Imagicator – Family Friendly (hard)
- Limited Resources (hard)
- Wacky Service (easy)
- The Imagicator – Almost Family Friendly (hard)
移动端
- Got Any Games? (hard)
DevOps
Web3
- Welcome (easy)
- Merkle Heist (easy)
- Jump (medium)
- NFT Lottery (medium)
- Broken Storage (hard)
- Proposal Unlock (medium)
- Sigma (hard)
- NFT Lottery Revisited (hard)
硬件/RF
- Darren’s Circuit (easy)
- Project Circuit Breaker (medium)
云端
- Mode Incognito (hard) ✅
© 版权声明
THE END
暂无评论内容