Learn the explosion of the Web from scratch

Web21 ~ password blasting

Blasting and all that, you knowCopy the code

Download the attachment and drag into Winhex. The file header begins with 504B0304, which is the compressed package header.

Or kali binwalk.

Change the suffix. Decompression is for the dictionary to let pop.

I thought it was a pack explosion…

After decoding is caught the input user name: password.

So I guess the user name is admin, blasting secret.

Write a script to change the format of the dictionary.

import base64
fp = open('pinjie.txt','w')
with open("1000-top.txt", "r") as f:
	for line in f.readlines():
		line = line.strip('\n')
		line = 'admin:'+line
		print (line)
		line1=base64.b64encode(line.encode('utf-8'))
		#print(str(line1,'utf-8')) 		fp.write(str(line1,'utf-8')+'\n')
Copy the code

Then import dictionary blast.

But reading other people’s blogs, someone learned a way to burp directly.

Use a Custom iterator for blasting

Web22 ~ subdomain name mining

Domain names can also be popped. Try popping the ctfer.com subdomainCopy the code

Subdomain name mining. Flag.cfl. show/index.php

Available tools

Github.com/ring04h/wyd…

Github.com/lijiejie/su…

Layer subdomain name excavator

Web23 ~ script blasting

Still blasting? So much code, bye-bye!Copy the code

Title source code:

<? php /* # -*- coding: utf-8 -*- # @Author: h1xa # @Date: 2020-09-03 11:43:51 # @Last Modified by: h1xa # @Last Modified time: 2020-09-03 11:56:11 # @email: [email protected] # @link: https://ctfer.com */ error_reporting(0); include('flag.php'); if(isset($_GET['token'])){ $token = md5($_GET['token']); If (substr ($token, 1, 1) = = = substr ($token, 14, 1) && substr ($token, 14, 1) = = = substr ($token, 17, 1)) {if ((intval (substr ($token, 1, 1)) + intval (substr ($token, 14, 1)) + substr ($token, 17, 1))/substr ($token, 1, 1) = = = intval (substr ($token, 31, 1))) {echo $flag; } } }else{ highlight_file(__FILE__); }? >Copy the code

Need to pass a token value, write the script burst (assuming two characters).

<? php error_reporting(0); $string = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $len = strlen($string); # echo $len; for($i=0; $i<$len; $i++) for($j=0; $j<$len; $j++) { $flag = $string[$i].$string[$j]; # echo $flag."\n"; $token = md5($flag); # echo $token."\n"; If (substr ($token, 1, 1) = = = substr ($token, 14, 1) && substr ($token, 14, 1) = = = substr ($token, If (substr($token, 1,1) +substr($token, 14,1)) /substr($token, 1,1) 1, 1) = = = intval (substr ($token, 31, 1))) {echo $flag. "\ n"; }}? >Copy the code

Succeed in:

G:\ctf\ctfshow>php 1.php
 ZE
3j
Copy the code

Web24 ~ pseudorandom number

A blastingCopy the code