当前位置:网站首页>Ctfhub web information disclosure directory traversal
Ctfhub web information disclosure directory traversal
2022-06-25 06:40:00 【Long street 395】
Here we have two ways :
1. Manually open the files one by one to find
2. Use python Code crawl web site files
I use the second method :
import requests
url = "http://challenge-011f662b1a24880f.sandbox.ctfhub.com:10800/flag_in_here"
for i in range(5):
for j in range(5):
url_final = url + "/" + str(i) + "/" + str(j)
r = requests.get(url_final)
r.encoding = "utf-8"
get_file = r.text
if "flag.txt" in get_file:
print(url_final)
So the output contains flag.txt Link to
Click the link , You can get flag
flag by :
ctfhub{9313b9e3a2b2169610bc4ec4}Tips:requests.get You can get information about web pages
r.text It's a web page HTML Code
Finally, judge flag.txt Whether in a link
The reference link here is :http://Admiralll https://www.bilibili.com/read/cv15764985 Source :bilibili
边栏推荐
- Cs8126t 3.1w mono ultra low EMI unfiltered class D audio power amplifier IC
- 【ROS2】为什么要使用ROS2?《ROS2系统特性介绍》
- レレ / 蕾蕾
- cos(a-b)=cosa*cosb+sina*sinb的推导过程
- How to use asemi FET 7n80 and how to use 7n80
- ACWING/2004. Misspelling
- Viewing Chinese science and technology from the Winter Olympics (V): the Internet of things
- Metauniverse in 2022: robbing people, burning money and breaking through the experience boundary
- [speech discrimination] discrimination of speech signals based on MATLAB double threshold method [including Matlab source code 1720]
- ASP. Net core - Safety of asynclocal in asp NET Core
猜你喜欢
Viewing Chinese science and technology from the Winter Olympics (V): the Internet of things
【ROS2】为什么要使用ROS2?《ROS2系统特性介绍》
What is the slice flag bit
Three laws of go reflection
DNS domain name system
Flask 的入门级使用
sin(a+b)=sina*cosb+sinb*cosa的推导过程
アルマ / 炼金妹
JSON. toJSONString(object, SerializerFeature.WriteMapNullValue); Second parameter action
Derivation of COS (a+b) =cosa*cosb-sina*sinb
随机推荐
Difference between rest and WebServices
[ACNOI2022]王校长的构造
有能力的人从不抱怨大环境!
[network security] sharing of experience and ideas of an emergency battle
Analysis on the scale of China's smart airport industry in 2020: there is still a large space for competition in the market [figure]
delphi-UUID
Comparison test of mono 120W high power class D power amplifier chip cs8683-tpa3116
From file system to distributed file system
Leetcode 2163. Minimum difference of sum after element deletion
Detailed explanation of @jsoninclude annotation in Jackson
使用OpenGL绘制shp文件
Kubernetes core components etcd details
原子Alpha开发板--SD卡和emmc烧录工具
Large funds support ecological construction, and Plato farm builds a real meta universe with Dao as its governance
レレ / 蕾蕾
Sleep quality today 67 points
Zero foundation wants to learn web security, how to get started?
2022 AI trend 8 forecast!
CTFHub-Web-信息泄露-目录遍历
Wechat applet simply realizes chat room function