Login - Web Medium
登录界面只有一个登录框,经过测试用户名是admin,密码不知道,由于抓不到包,怀疑只有前端验证,F12查看index.js内容:
(async()=>{await new Promise((e=>window.addEventListener("load",e))),document.querySelector("form").addEventListener("submit",(e=>{e.preventDefault();const r={u:"input[name=username]",p:"input[name=password]"},t={};for(const e in r)t[e]=btoa(document.querySelector(r[e]).value).replace(/=/g,"");return"YWRtaW4"!==t.u?alert("Incorrect Username"):"cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ"!==t.p?alert("Incorrect Password"):void alert(`Correct Password! Your flag is ${atob(t.p)}.`)}))})();
其中YWRtaW4正好是admin的base64编码, 将cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ解码后获得flag
picoCTF{53rv3r_53rv3r_53rv3r_53rv3r_53rv3r}
Insp3ct0r - Web Easy
根据题目提示在html,css,js中获得三部分flag拼接起来:
picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?}
Irish Name Repo 3
打开菜单发现有个登录界面,随便输入密码不对抓包后看见有个debug关键字等于0,修改为1后看到SQL语句,发现传入的字母会进行凯撒密码加密移位,构造payload获得flag
POST
debug=1&password=1' be 1>0--+
picoCTF{3v3n_m0r3_SQL}
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至1004454362@qq.com