15 Web knowledge of CTF quiz routines

First, blasting, including including MD5, blasting random number, verification code identification, etc.

Second, around the WAF, including the fancy around MySQL, around the file read keyword detection and other interception

Three, fancy playing a few PHP features, including the weak type, strpos and = = =, deserialization +destruct,/-truncation, iconv truncation,

Four, password problems, including hash length extension, XOR, shift encryption of various variants, 32-bit random number is too small

Five, a variety of source-seeking skills, including Git, SVN, XXX.PHP.SWP, *www*. (zip|tar.gz|rar|7z), Xxx.php.bak,

Vi. file upload, including fancy file suffix. php345. Inc phtml PHPT Phps, various file content detection

Vii. MySQL type differences, including features similar to PHP weak type, 0x, 0b, 1e, and so on, varchar and integer conversion to each other

Eight, Open_basedir, disable_functions fancy bypass techniques, including DL, Mail, Imagick, bash vulnerability, directoryiterator, and various binary player approaches

Nine, conditional competition, including the creation of shells before the deletion of the competition database without lock more money

Ten, social workers, including the flower-type search social work pool, Weibo, QQ signature, Whois

Xi. Windows features, including short file names, IIS parsing vulnerabilities, NTFS file system wildcard characters,:: $DATA, colon truncation

12, SSRF, including fancy probe port, 302 jump, fancy protocol utilization, Gophar directly take shell, etc.

13, XSS, various browser auditor bypass, Rich text filter black and white list bypass, Flash XSS, CSP bypass

14, XXE, various XML existence place (rss/word/streaming media), various XXE utilization methods (SSRF, file read)

XV, protocol, fancy IP forgery X-forwarded-for/x-client-ip/x-real-ip/cdn-src-ip, fancy change ua, fancy Tibetan flag, fancy analysis packet

15 Web knowledge of CTF quiz routines