HTTP (Hyper Text Transfer Protocol), also known as Hypertext Transfer Protocol, is an application layer protocol for distributed, collaborative, and hypermedia information systems.
HTTP is the basis for data communication on the World Wide Web.
> Topic: Jiangsu Province Navigator Cup - 2017: hack
The overall observation can be drawn:
HTTPfor the main
18.104.22.168for the main
- no attachments exist
From this picture, it can be basically judged that this is a traffic packet generated during the `sql injection-blind".
At this point, you can basically determine the direction of the flag, extract all the urls, use the
python helper to get the flag
tshark -r hack.pcap -T fields -e http.request.full_uri|tr -s '\n'|grep flag > log
Get blind results
import re with open('log') as f: tmp = f.read() flag = '' data = re.findall(r'=(\d*)%23',tmp) data = [int(i) for i in data] for i,num in enumerate(data): try: if num > data[i+1]: flag + = chr (num) except Exception: pass print flag
本页面的全部内容在 CC BY-NC-SA 4.0 协议之条款下提供，附加条款亦可能应用。