Lung-Yu,Tsai 的部落格

測試環境如下圖所示：

Ubuntu 16.04 安裝docker後pull測試用image後啟動container並進行測試.

This time Sam used a more temporary and "hidden" approach to authenticating users, but he didn't think about whether or not those users knew their way around javascript...

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

The password is yet again hidden in an unknown file. Sam's daughter has begun learning PHP, and has a small script to demonstrate her knowledge. Requirements: Knowledge of SSI (dynamic html executed by the server, rather than the browser)

The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.

An encryption system has been set up, which uses an unknown algorithm to change the text given. Requirements: Persistence, some general cryptography knowledge.

Similar to the previous challenge, but with some extra security measures in place. Requirements: HTML knowledge, JS or FF, an email address.

An email script has been set up, which sends the password to the administrator. Requirements: HTML knowledge, an email address

Some intuition is needed to find the location of the hidden password file. Requirements: Basic HTML knowledge

slightly more difficult challenge, involving an incomplete password script. Requirements: Common sense.

Basic test of your skills to see if you can do any of these missions. Requirements: HTML

Example 1

從網址來看系統是直接存取名為hacker.png的圖片檔案，一般而言Example 1 都是未進行驗證。

Attack 目標網站如下圖所示。由此頁面可發現 :

Example 1

Attack 目標網站如下圖所示。由此頁面可發現 :

Attack 目標網站如下圖所示。由此頁面可發現 :

Example 1

從網址來看系統是直接存取名為hacker.png的圖片檔案，一般而言Example 1 都是未進行驗證。

Attack 目標網站如下圖所示。由此頁面可發現 :

Attack 目標網站如下圖所示。由此頁面可發現 :

Attack 目標網站如下圖所示。由此頁面可發現 :