Skip to content

0xGame 第一周-Web

WriteUp by Casio

1. robots

目录下直接访问http://web.game.0xctf.com:30051/robots.txt可得

1
2
3
4
User-agent: *
Allow: /
User-agent: CTFer
Disallow: /flaaaggg.php

进一步访问http://web.game.0xctf.com:30051/flaaaggg.php

==>>0xGame{now_you_k0nw_robots_Protocol}

附图:image-20201019170713703

2. view_source

Ctrl+U / F12 查看源码

注释==>>0xGame{web_sign_in}

附图:image-20201019170757073

3. Get&Post

阅读php,Hackbar发送请求

GET 0xGame=acd666tql

POST X1cT34m=acdtql666

==>>0xGame{Get_4nd_P0sT_1s_eA5y}

附图:image-20201019170924043

4. readflag

由题意,可知应该是要用cat命令读取flag

F12查看body style,有注释:

1
2
<!-- Where is flag? -->
<!-- Oh! It's in / -->

故输入cat /flag

==>>0xGame{fl4g_1s_c0ntent}

附图:image-20201019171040822

5. secret

进入网页可知用Burp Suite改包

修改如下:

1
2
3
User-Agent: wh1sper
Referer: https://ctf.njupt.edu.cn/
X-Forwarded-For: 127.0.0.1

==>>0xGame{宁就是接头霸王?}

附图:image-20201019171415088

Back to top