基础赛题
题库来源:bugku web

源代码

补充

十六进制编码的特征是使用16个字符(0-9和A-F)来表示数值,每个字符代表4个比特(bit)。在编码中,每个字符都用 “%” 符号后跟其对应的十六进制数字表示,多个字符之间使用 “%” 分隔。

解题

得题
题目
对应网站

根据题目的提示,尝试查看网页源代码:

<html>
<title>BUGKUCTF-WEB13</title>
<body>
<div style="display:none;"></div>
<form action="index.php" method="post" >
看看源代码?<br>
<br>
<script>
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62';
var p2 = '%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%35%34%61%61%32' + p2));
</script>

<input type="input" name="flag" id="flag" /> 
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

得到要解码的代码:

%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62%35%34%61%61%32%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b

到在线工具网站使用URL解码

function checkSubmit(){
    var a=document.getElementById("password");
    if("undefined"!=typeof a{
            if("67d709b2b54aa2aa648cf6e87a7114f1"==a.value)return!0;
            alert("Error");
            a.focus();return!1
            }
        }
        document.getElementById("levelQuest").onsubmit=checkSubmit;

得到关键字符串

67d709b2b54aa2aa648cf6e87a7114f1

将字符串输入后,得到flag。
flag
max

总结

  1. 查看网页源代码,识别出对应字符串的编码格式。
  2. 识别编码后,使用对应的编码工具进行解码
  3. URL编码的特征:%+16进制字符串

文件包含

补充

php伪协议

解题

题目
文件包含,点击a标签后会跳转到特定的链接,而链接当中携带了两个php的文件信息。

跳转
尝试构造文件包含的URL,把file直接指向flag试试:

http://xxx.xxx.xxx.xxx:xxx/index.php?file=/flag

getflag
flag

总结

题目的目的:

  • 告诉我们文件包含是什么
  • 重点:必须学会Web经典十大漏洞
    • 懂理论有个鸟用,重点是实战。
  • 文件包含之PHP伪协议