Buuoj Day7

下班了~ 下班了~
啊~ 今天忘记写Writeup了~

神秘龙卷风

龙卷风摧毁停车场~

首先我们想要破解四位数的密码

破解出来的密码是：5463

输入密码，打开文件发现是一个
以+、.、>组成的编码

通过搜索引擎
我们发现这个是brainfuck编码

                  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                       +++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++
                            +++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++
                                   +++++++++++++++++++++++++++++++++++++++++++++++
                                         ++++++++++++++++++++++++++++++++++++
                                            ++++++.>++++++++++++++++++++++
                                              ++++++++++++++++++++++++++
                                               ++++++++++++++++++++++++
                                                ++++++++++++++++++++++
                                                 +++++++++.>+++++++++
                                                  ++++++++++++++++++
                                                  ++++++++++++++++++
                                                  ++++++++++++++++++
                                                  ++++++++++++++++++
                                                 ++++++++++++++++++++
                                               ++++++++++++++++++++++.>
                                             +++++++++++++++++++++++++++
                                           +++++++++++++++++++++++++++++++
                                        +++++++++++++++++++++++++++++++++++++
                                      ++++++.>++++++++++++++++++++++++++++++++++
                                    ++++++++++++++++++.>+++++++++++++++++++++++++++
                                  ++++++++++++++++++++++++++++++++++++++++++++++++++++
                                +++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++
                            ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++
                         ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                      +++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                   +++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++
                +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++
            +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++
       ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>

通过下列的网址进行解码

1	http://bf.doleczek.pl/

所以这道题的答案是
flag{e4bbef8bdf9743f8bf5b727a9f6332a8}

后门查杀

根据题目来说
我们就是要找一下webshell

解压打开，我们发现了一个html的源文件

使用一个“简单”的方法

我们直接打开webshell.php

所以这题的答案是
flag{6ac45fb83b3bc355c024f5034b947dd3}

数据包中的线索

我们人民JC会听你的鬼话.jpg

在线交流的流量包应该是http包
直接追踪http流吧

追踪流最后发现有一个
非常规base64的编码文件

通过这个在线网站

1	https://the-x.cn/base64

我们可以发现这其实是一张图片

打开图片一看

答案就是flag{209acebf6324a09671abc31c869de72c}

荷兰宽带数据泄露

直接解压打开，是一个bin文件
看文件这个应该是一个固件

使用RouterPassView
打开一看，好家伙~

所以这次的答案就是flag{053700357621}

BUU CODE REVIEW 1

今天的basic题
我们直接打开靶机

<?php
/**
 * Created by PhpStorm.
 * User: jinzhao
 * Date: 2019/10/6
 * Time: 8:04 PM
 */

highlight_file(__FILE__);                               //高亮显示当前页面源代码

class BUU {
   public $correct = "";
   public $input = "";

   public function __destruct() {                       //析构方法
       try {
           $this->correct = base64_encode(uniqid());    //uniqid() 函数基于以微秒计的当前时间，生成一个唯一的 ID
           if($this->correct === $this->input) {
               echo file_get_contents("/flag");
           }
       } catch (Exception $e) {
       }
   }
}

if($_GET['pleaseget'] === '1') {
    if($_POST['pleasepost'] === '2') {
        if(md5($_POST['md51']) == md5($_POST['md52']) && $_POST['md51'] != $_POST['md52']) {
            unserialize($_POST['obj']);
        }
    }
}

啊这，这居然是一题反序列化加md5绕过的题目
惹不起惹不起，溜了溜了
十二点啦~ 够钟觉觉🐖啦~
【学术不精的溃逃~】
看了解析的我👇