【ctf系列】练习题

网络安全CTF比赛模拟题

web:网络攻防
reverse:逆向工程
pwn:二进制
crypto:密码学
mobile:移动安全
misc:安全杂项

工具

hackbar

浏览器插件
右键 检查

burpsuite

java编写的用于测试网络应用程序安全性的图形化工具

dvwa靶场

本地访问
X-Forwarded-For:127.0.0.1

中文乱码:https://blog.csdn.net/weixin_46329243/article/details/112950158

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1

webshell管理工具

一句话木马

蚁剑、冰蝎、哥斯拉
浏览器:about:config

sqlmap

sql注入
用于探测目标是否存在sql注入

hackbar

双写绕过

view-source:http://a.y1ng.vip:1126/robots/robots.txt


【ctf系列】练习题
http://example.com/2023/07/24/ctf/【ctf系列】练习题/
作者
ningan123
发布于
2023年7月24日
许可协议