文章 标签 分类 关于 友链
/images/zsm.jpg

HTB Editor&Cypher

 published on  included in 靶场

Editor

外网打点

rustscan不知道为什么扫不出来8080,感觉被资本做局了

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

nmap -sC -sV -Pn -p- 10.10.11.80 --min-rate=5000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-08-05 13:06 CST
Nmap scan report for 10.10.11.80
Host is up (0.11s latency).
Not shown: 52865 filtered tcp ports (no-response), 12667 closed tcp ports (conn-refused)
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_  256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp   open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://editor.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
8080/tcp open  http    Jetty 10.0.20
| http-cookie-flags: 
|   /: 
|     JSESSIONID: 
|_      httponly flag not set
| http-title: XWiki - Main - Intro
|_Requested resource was http://10.10.11.80:8080/xwiki/bin/view/Main/
| http-robots.txt: 50 disallowed entries (15 shown)
| /xwiki/bin/viewattachrev/ /xwiki/bin/viewrev/ 
| /xwiki/bin/pdf/ /xwiki/bin/edit/ /xwiki/bin/create/ 
| /xwiki/bin/inline/ /xwiki/bin/preview/ /xwiki/bin/save/ 
| /xwiki/bin/saveandcontinue/ /xwiki/bin/rollback/ /xwiki/bin/deleteversions/ 
| /xwiki/bin/cancel/ /xwiki/bin/delete/ /xwiki/bin/deletespace/ 
|_/xwiki/bin/undelete/
| http-webdav-scan: 
|   WebDAV type: Unknown
|   Allowed Methods: OPTIONS, GET, HEAD, PROPFIND, LOCK, UNLOCK
|_  Server Type: Jetty(10.0.20)
|_http-server-header: Jetty(10.0.20)
| http-methods: 
|_  Potentially risky methods: PROPFIND LOCK UNLOCK
|_http-open-proxy: Proxy might be redirecting requests
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 106.22 seconds

先把域名加进去,然后访问80发现什么都没有bro,看看8080,发现了xwiki这个词 直接在网上搜一下,找到CVE

Read More
 渗透

Terminal Configuration

 published on  included in 配置 杂谈

前言

最近看了一些关于终端的视频,心血来潮,所以自己也更新一下我的配置和软件,正好感觉iterm2有点老且卡

kitty

一个印度佬开发的终端模拟器,非常的nb,看了一下,是go&python&c混合开发的,性能也是非常的好,所以这里换成kitty.

Read More
 终端

Seccon beginner 2025 Wp

 published on  included in CTF

整体概况

rank 135/880

感觉可以更高的,毕竟没有一直打,这次主要水了一下cry和re,下面是整体题目情况

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

## crypto

### seesaw (100pt / 612 solves)

### 01-Translator (100pt / 280 solves)

### Elliptic4b (272pt / 171 solves)

### Golden Ticket (491pt / 35 solves)

### mathmyth (452pt / 79 solves)

## reversing

### CrazyLazyProgram1 (100pt / 654 solves)

### CrazyLazyProgram2 (100pt / 468 solves)

### D-compile (100pt / 335 solves)

### wasm_S_exp (100pt / 330 solves)

### MAFC (339pt / 144 solves)

### code_injection (441pt / 88 solves)

*号的是没出来的

Read More
 Crypto

Mocsctf2025 Wp

 published on  included in CTF

前言

澳门的一个比赛,奖品比较好,就冲了xd,复盘一下,后面会补题

web

shuke-beita

这个真的是签到了xd,f12进去可以看见一行(document.body.innerHTML = "请关闭开发者工具以继续使用本网站"),我们比较叛逆,直接打开,然后运行游戏抓个包,f12里面就看见flag了,无敌了

Read More
 Crypto

L3HCTF Wp

 published on  included in CTF

前言

密码这次真的简单吧xd,当作记录帖子了

题目

math_problem

task.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

import gmpy2
from gmpy2 import *
from Crypto.Util.number import *
from random import randint
from gmpy2 import invert
from scret import flag

def myfunction(num):
    output = 0
    output=num**3
    return output

if __name__ == '__main__':
    flag_len = len(flag)
    p, q = getPrime(512), getPrime(512)

    while True:
        r = getPrime(512)
        R = bytes_to_long(str(r).encode())
        if isPrime(R):
            break

    n = p * q * r
    hint1 = R * r
    mod = myfunction(n)
    hint2 = pow(3*n+1, p % (2 ** 400), mod)
    m = bytes_to_long(flag)
    c = pow(m, 65537, n)

    print('All data:')
    print(f'n = {n}')
    print(f'c = {c}')
    print(f'hint1 = {hint1}')
    print(f'hint2 = {hint2}')

非预期

GCD把r求出来,然后直接求解

Read More
 Crypto