@app.route('/shrine/<path:shrine>') defshrine(shrine): defsafe_jinja(s): s = s.replace('(', '').replace(')', '') blacklist = ['config', 'self'] return''.join(['{{% set {}=None%}}'.format(c) for c in blacklist])+s return flask.render_template_string(safe_jinja(shrine))
<files flag.txt> order allow,deny deny from allow </files> <files "Dockerfile"> Order deny,allow Deny from all </files> <files "apache2.conf"> Order deny,allow Deny from all </files> <files ".htaccess"> Order deny,allow Deny from all </files>
然后不知道怎么办了,在uploads下弄了个.htaccess,然后访问uploads就Internal Server Error,可能被我弄坏了吧
过了几个小时又好了,应该是管理员重置了题目,这次uploads下文件较少,flag应该就在7H3-FL4G-1S-H3r3里,但仍don’t have permission to access /uploads/7H3-FL4G-1S-H3r3
最后ls -l查看权限时出了flag
Marcode
Marcode (Mr. Code in Hebrew), Ineed your help! I got a movie but I cant see it. It hypnotizes me. please help me! yours, Gveretcode (Mrs. Code in Hebrew)
#coding: utf-8 from PIL import Image from pyzbar.pyzbar import decode
urllist = [] picdict = {} pdic = {'https://drive.google.com/open?id=131OPuwNVggs0ZAsVie4dfA3k9zLWN-uu': 'T', 'https://drive.google.com/open?id=1c-go7QIZb_yqGDsRKlXG1j1Py7-wcSFG': 'H', 'https://drive.google.com/open?id=1upmw0QvLjzp6b7RjCrjJGjYfRijF82-g': 'E', 'https://drive.google.com/open?id=1vHlCNodJ84iw51C8gIz4hr0UpsWNx3fm': '_', 'https://drive.google.com/open?id=1mZivmNZ8uDiUb5YUoF8sj9kZXKkh7GNO': 'W', 'https://drive.google.com/open?id=1pXSHKhMzuKrUMg0x8ygZ36yTn0-9nBe8': 'O', 'https://drive.google.com/open?id=1b5wz-LsIBxnA7mp5ImbNLZQY0nob94OO': 'M', 'https://drive.google.com/open?id=1cZlhiRoZcEiaNEwScBQd0IA2PXh1Z1tX': 'N', 'https://drive.google.com/open?id=1OqacmR-Ccc2YLVYCS2co4dWtSqfEGxIl': 'A', 'https://drive.google.com/open?id=1DF2RneUWAb6wqp7YJ0vjOwDJGdENEc0Q': 'P', 'https://drive.google.com/open?id=1lKeCjQFcTSuUzMGUEeEzPj4d2x1MLTJm': 'R', 'https://drive.google.com/open?id=1JtDxAfX8AEC_mFzJPZofI1RyOL62MAmk': 'D', 'https://drive.google.com/open?id=1hjIQq2fEcduFF0CfRs-MJ2hlCuC5lkW6': 'U', 'https://drive.google.com/open?id=1rHGDe2F5vLws9fA0M3L9IELX9LYaU50x': 'F', 'https://drive.google.com/open?id=1p4m9gtvh31s2SJ9G1uNr8burIvQabm_k': '?', 'https://drive.google.com/open?id=1g2I1a09lO4m0imhIzJ60LUeDPNDIdIp_': 'Y', 'https://drive.google.com/open?id=1lSanpoEq3LeV0aaL6KEnUiJE2iGijdrt': 'S', 'https://drive.google.com/open?id=1Rw-Op049iTliLPFTTRj7p4gBXmm8IboN': 'I', 'https://drive.google.com/open?id=1H5DHyv0METKfLV7xdzw-SVXU_F1o1iKM': 'L', 'https://drive.google.com/open?id=1GLtL-X1IS4ms6fwC2OQV4jAmXjI_6bjQ': 'C', 'https://drive.google.com/open?id=1vPBtiNzUzYEOEKFK60vG305uPw9CDy8p': 'Q', 'https://drive.google.com/open?id=1DV0ACuyKWsFm2ApXgHHDP_DSzwqmtt5M': 'G', 'https://drive.google.com/open?id=1nlp-HIwnRbG61mf5SF_BzMdlNAR7tHLt': 'Z', 'https://drive.google.com/open?id=151y0xa6hnTR9yp9G0D-dyox08bV4-JZX': 'B', 'https://drive.google.com/open?id=1dtYor_A9Sf3DDTlczTLA0s9rBluVNoOX': 'K', 'https://drive.google.com/open?id=1UpU1_MTK-0XgCpcZKC4AVGsBswNpQTBO': 'X', 'https://drive.google.com/open?id=1apKMrqUwZn5dOkRWfjbYgYH_RvkmPD2P': 'V', 'https://drive.google.com/open?id=1uynnoN7ItBRls7MiqFa1rLE-W3o9CnY5': 'J'} sum = 0 code = [] codes = "THE_WOMNAPRDUF?YSILCQGZBKXVJ" string = '' for ac in codes: code.append(ac) '''print (code)''' for i in range(0,3490): name = "mp4-("+str(i)+").jpg" decode_result = decode(Image.open(name)) url = str(decode_result[0].data, encoding='utf-8') string = string + pdic[url] print (string) ''' if url not in urllist: picdict[url] = code[sum] sum = sum + 1 urllist.append(url) #print ('[+] '+name+' :'+url) ''' #print ("totla is "+str(sum)) #print (picdict) print (string)
以下是看wp后的记录
hiddenDOM
I decided to create a tool that searches for hidden elements inside a web pages. Few days ago someone told me that my website is not so /secure/… Can you check it yourself ?
在题目这句Welcome to the HackIT 2018 CTF, flag is somewhere here. ¯_(ツ)_/¯的W和e之间就隐藏着如下零宽度字符