File tree 3 files changed +11
-8
lines changed
3 files changed +11
-8
lines changed Original file line number Diff line number Diff line change 33* /* /.DS_Store
44* /* /* /.DS_Store
55* .pyc
6- # Something can't upload
6+ # 其他人的项目
77/antSword /*
88/AWVS /WVS11 /* .exe
99/BurpSuite
1212/caidao
1313/HashExtensions
1414/dirsearch
15- # 不开放m0xiaoxi.php
15+ # 暂不开放
1616/AD /WAF /m0xiaoxi.php
17+ /AD /proxy
Original file line number Diff line number Diff line change 11# 线下赛
22
3- ![ CTF线下攻防赛] ( CTF线下攻防赛.png )
4-
53## Web
64
7- 1 . [ 流量混淆脚本] ( https://github.com/momomoxiaoxi/CTFtools/tree/master/AD/ConfuseTraffic )
8- 2 . [ WAF] ( https://github.com/momomoxiaoxi/CTFtools/tree/master/AD/WAF )
5+ 1 . 流量混淆脚本
6+ 2 . WAF
973 . 批量文件上传
1084 . 权限维持
119 - 不死马 删不死马
1210 - contrab
13- - 猥琐流Webshell
11+ - Webshell
14125 . [ 文件监控] ( https://github.com/rustyJ4ck/FSMon ) ,防止恶意上传(没用过)
15136 . 可视化流量分析 [ goaccess] ( https://github.com/allinurl/goaccess ) (没用过)
16- 7 . PHP中转工具 就是把你的服务器当成一个中转器 直接中转分数最高的那个网站
14+ 7 . PHP中转代理脚本
15+ - 类似反向代理,反向代理一个你想搞事情的网站
16+ - [ 7ghost] ( https://github.com/BevisGoh/7ghost ) 需要.htaccess解析
17+ - 其实,在中转的时候还可以顺带抓包记录。最骚的场景就是A以为在攻击你(B),你开启反向代理代理了C,与此同时你抓了A的payload...等于做了一个中间人的工作,在不损失自己flag的前提下还能获取到攻击信息。此外,在7ghost的配置中还能把C返回的flag给替换掉。。是不是很骚😂
1718
1819## Pwn
1920
Original file line number Diff line number Diff line change 3434 - [ weevely3] ( https://github.com/epinna/weevely3 )
353510 . CVE
363611 . 小工具
37+ 12 . 线下赛
3738
3839## Knowledge
You can’t perform that action at this time.
0 commit comments