-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
971 lines (872 loc) · 38.1 KB
/
index.html
File metadata and controls
971 lines (872 loc) · 38.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
<!DOCTYPE html>
<html lang="zh-Hans">
<!-- title -->
<!-- keywords -->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="author" content="Huaji">
<meta name="renderer" content="webkit">
<meta name="copyright" content="Huaji">
<meta name="keywords" content="hexo,hexo-theme,hexo-blog">
<meta name="description" content="搞到现在总算有个博客了">
<meta name="description" content="搞到现在总算有个博客了">
<meta property="og:type" content="website">
<meta property="og:title" content="blog">
<meta property="og:url" content="http://huajihd.github.io/index.html">
<meta property="og:site_name" content="blog">
<meta property="og:description" content="搞到现在总算有个博客了">
<meta property="og:locale">
<meta property="article:author" content="Huaji">
<meta name="twitter:card" content="summary">
<meta http-equiv="Cache-control" content="no-cache">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<link rel="icon" href="/assets/favicon.ico">
<title>Huajiの小窝</title>
<!-- /*! loadCSS. [c]2017 Filament Group, Inc. MIT License */
/* This file is meant as a standalone workflow for
- testing support for link[rel=preload]
- enabling async CSS loading in browsers that do not support rel=preload
- applying rel preload css once loaded, whether supported or not.
*/ -->
<script>
(function (w) {
'use strict'
// rel=preload support test
if (!w.loadCSS) {
w.loadCSS = function () {}
}
// define on the loadCSS obj
var rp = (loadCSS.relpreload = {})
// rel=preload feature support test
// runs once and returns a function for compat purposes
rp.support = (function () {
var ret
try {
ret = w.document.createElement('link').relList.supports('preload')
} catch (e) {
ret = false
}
return function () {
return ret
}
})()
// if preload isn't supported, get an asynchronous load by using a non-matching media attribute
// then change that media back to its intended value on load
rp.bindMediaToggle = function (link) {
// remember existing media attr for ultimate state, or default to 'all'
var finalMedia = link.media || 'all'
function enableStylesheet() {
link.media = finalMedia
}
// bind load handlers to enable media
if (link.addEventListener) {
link.addEventListener('load', enableStylesheet)
} else if (link.attachEvent) {
link.attachEvent('onload', enableStylesheet)
}
// Set rel and non-applicable media type to start an async request
// note: timeout allows this to happen async to let rendering continue in IE
setTimeout(function () {
link.rel = 'stylesheet'
link.media = 'only x'
})
// also enable media after 3 seconds,
// which will catch very old browsers (android 2.x, old firefox) that don't support onload on link
setTimeout(enableStylesheet, 3000)
}
// loop through link elements in DOM
rp.poly = function () {
// double check this to prevent external calls from running
if (rp.support()) {
return
}
var links = w.document.getElementsByTagName('link')
for (var i = 0; i < links.length; i++) {
var link = links[i]
// qualify links to those with rel=preload and as=style attrs
if (
link.rel === 'preload' &&
link.getAttribute('as') === 'style' &&
!link.getAttribute('data-loadcss')
) {
// prevent rerunning on link
link.setAttribute('data-loadcss', true)
// bind listeners to toggle media back
rp.bindMediaToggle(link)
}
}
}
// if unsupported, run the polyfill
if (!rp.support()) {
// run once at least
rp.poly()
// rerun poly on an interval until onload
var run = w.setInterval(rp.poly, 500)
if (w.addEventListener) {
w.addEventListener('load', function () {
rp.poly()
w.clearInterval(run)
})
} else if (w.attachEvent) {
w.attachEvent('onload', function () {
rp.poly()
w.clearInterval(run)
})
}
}
// commonjs
if (typeof exports !== 'undefined') {
exports.loadCSS = loadCSS
} else {
w.loadCSS = loadCSS
}
})(typeof global !== 'undefined' ? global : this)
</script>
<style type="text/css">
@font-face {
font-family: 'Oswald-Regular';
src: url("/font/Oswald-Regular.ttf");
}
body {
margin: 0;
}
header,
footer,
.footer-fixed-btn,
.sidebar,
.container,
.site-intro-meta,
.toc-wrapper {
display: none;
}
.site-intro {
position: relative;
z-index: 3;
width: 100%;
/* height: 50vh; */
overflow: hidden;
}
.site-intro-placeholder {
position: absolute;
z-index: -2;
top: 0;
left: 0;
width: calc(100% + 300px);
height: 100%;
background: repeating-linear-gradient(
-45deg,
#444 0,
#444 80px,
#333 80px,
#333 160px
);
background-position: center center;
transform: translate3d(-226px, 0, 0);
animation: gradient-move 2.5s ease-out 0s infinite;
}
@keyframes gradient-move {
0% {
transform: translate3d(-226px, 0, 0);
}
100% {
transform: translate3d(0, 0, 0);
}
}
</style>
<link id="stylesheet-fancybox" rel="preload" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0.36/dist/fancybox/fancybox.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<link id="stylesheet-base" rel="preload" href="/css/style.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<link id="stylesheet-mobile" rel="preload" href="/css/mobile.css" as="style" onload="this.onload=null;this.rel='stylesheet';this.media='screen and (max-width: 960px)'">
<link id="stylesheet-theme-dark" rel="preload" href="/css/dark.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<link rel="preload" href="https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js" as="script">
<link rel="preload" href="/scripts/main.js" as="script">
<link rel="preload" href="/font/Oswald-Regular.ttf" as="font" crossorigin>
<link rel="preload" href="https://at.alicdn.com/t/font_327081_1dta1rlogw17zaor.woff" as="font" crossorigin>
<!-- algolia -->
<!-- 百度统计 -->
<!-- 谷歌统计 -->
<!-- Google tag (gtag.js) -->
<meta name="generator" content="Hexo 8.1.1"></head>
<script src="https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js"></script>
<script type="text/javascript">
if (typeof window.$ == undefined) {
console.warn('jquery load from jsdelivr failed, will load local script')
document.write('<script src="/lib/jquery.min.js" />')
}
</script>
<body class="home-body">
<!-- header -->
<header class="header header-mobile index-header">
<!-- top read progress line -->
<div class="header-element">
<div class="read-progress"></div>
</div>
<!-- sidebar menu button -->
<div class="header-element">
<div class="header-sidebar-menu">
<div style="padding-left: 1px;"></div>
</div>
</div>
<!-- header actions -->
<div class="header-actions">
<!-- theme mode switch button -->
<span class="header-theme-btn header-element">
<i class="fas fa-adjust"></i>
</span>
<!-- back to home page text -->
<span class="home-link header-element">
<a href="/">Huajiの小窝.</a>
</span>
</div>
<!-- toggle banner -->
<div class="banner">
<div class="blog-title header-element">
<a href="/">Huajiの小窝.</a>
</div>
<div class="post-title header-element">
<a href="#" class="post-name"></a>
</div>
</div>
</header>
<!-- fixed footer -->
<footer class="footer-fixed index-footer-fixed">
<!-- donate button -->
<!-- back to top button -->
<div class="footer-fixed-btn footer-fixed-btn--hidden back-top">
<div></div>
</div>
</footer>
<!-- wrapper -->
<div class="wrapper">
<div class="site-intro" style=" height:50vh;
">
<!-- 主页 -->
<!-- 文章页 -->
<div class="site-intro-placeholder"></div>
<div class="site-intro-img" style="background-image: url(/intro/index-bg.jpg)"></div>
<div class="site-intro-meta">
<!-- 标题 -->
<h1 class="intro-title">
<!-- 主页 -->
Huajiの小窝.
<!-- 文章页 -->
</h1>
<!-- 副标题 -->
<p class="intro-subtitle">
<!-- 主页副标题 -->
搞到现在总算有个博客用了
<!-- 文章页 -->
</p>
<!-- 文章页 meta -->
</div>
</div>
<script>
// get user agent
function getBrowserVersions() {
var u = window.navigator.userAgent
return {
userAgent: u,
trident: u.indexOf('Trident') > -1, //IE内核
presto: u.indexOf('Presto') > -1, //opera内核
webKit: u.indexOf('AppleWebKit') > -1, //苹果、谷歌内核
gecko: u.indexOf('Gecko') > -1 && u.indexOf('KHTML') == -1, //火狐内核
mobile: !!u.match(/AppleWebKit.*Mobile.*/), //是否为移动终端
ios: !!u.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/), //ios终端
android: u.indexOf('Android') > -1 || u.indexOf('Linux') > -1, //android终端或者uc浏览器
iPhone: u.indexOf('iPhone') > -1 || u.indexOf('Mac') > -1, //是否为iPhone或者安卓QQ浏览器
iPad: u.indexOf('iPad') > -1, //是否为iPad
webApp: u.indexOf('Safari') == -1, //是否为web应用程序,没有头部与底部
weixin: u.indexOf('MicroMessenger') == -1, //是否为微信浏览器
uc: u.indexOf('UCBrowser') > -1, //是否为android下的UC浏览器
}
}
var browser = {
versions: getBrowserVersions(),
}
console.log('userAgent: ' + browser.versions.userAgent)
// callback
function fontLoaded() {
console.log('font loaded')
if (document.getElementsByClassName('site-intro-meta')) {
document
.getElementsByClassName('intro-title')[0]
.classList.add('intro-fade-in')
document
.getElementsByClassName('intro-subtitle')[0]
.classList.add('intro-fade-in')
var postIntros = document.getElementsByClassName('post-intros')[0]
if (postIntros) {
postIntros.classList.add('post-fade-in')
}
}
}
// UC不支持跨域,所以直接显示
function asyncCb() {
if (browser.versions.uc) {
console.log('UCBrowser')
fontLoaded()
} else {
WebFont.load({
custom: {
families: ['Oswald-Regular'],
},
loading: function () {
// 所有字体开始加载
// console.log('font loading');
},
active: function () {
// 所有字体已渲染
fontLoaded()
},
inactive: function () {
// 字体预加载失败,无效字体或浏览器不支持加载
console.log('inactive: timeout')
fontLoaded()
},
timeout: 5000, // Set the timeout to two seconds
})
}
}
function asyncErr() {
console.warn('script load from CDN failed, will load local script')
}
// load webfont-loader async, and add callback function
function async(u, cb, err) {
var d = document,
t = 'script',
o = d.createElement(t),
s = d.getElementsByTagName(t)[0]
o.src = u
if (cb) {
o.addEventListener(
'load',
function (e) {
cb(null, e)
},
false
)
}
if (err) {
o.addEventListener(
'error',
function (e) {
err(null, e)
},
false
)
}
s.parentNode.insertBefore(o, s)
}
var asyncLoadWithFallBack = function (arr, success, reject) {
var currReject = function () {
reject()
arr.shift()
if (arr.length) async(arr[0], success, currReject)
}
async(arr[0], success, currReject)
}
asyncLoadWithFallBack(
[
'https://cdn.jsdelivr.net/npm/webfontloader@1.6.28/webfontloader.min.js',
'https://cdn.bootcss.com/webfont/1.6.28/webfontloader.js',
"/lib/webfontloader.min.js",
],
asyncCb,
asyncErr
)
</script>
<img class="loading" src="/assets/loading.svg" style="display: block; margin: 6rem auto 0 auto; width: 6rem; height: 6rem;" alt="loading">
<div class="container container-unloaded">
<main class="main index-page">
<article class="index-post">
<a class="abstract-title" href="/2026/03/16/2026ccsssc-wp/">
<span class="abstract-title-text">2026软件系统安全赛 WP</span>
</a>
<div class="abstract-content">
2026软件系统安全赛 WPsteganography解题步骤1.查看原始文件类型题目给的是一个没有后缀的文件:
1file steganography_challenge
结果并不能直接识别成常见文件格式,只显示成 data。
这类题第一反应就是查文件头 / 查魔数。扫描后能发现文件内部出现了 PNG 头:
123456from pathlib import Pathdata = Path("steganography_challenge").read_bytes()png_sig = b'\x89PNG\r\n\x1a\n'off ...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2026/03/16">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2026/03/16</span>
</div>
<!-- tags -->
<div class="abstract-tags" >
<a class="post-tag" href="javascript:void(0);" data-tags="CTF">CTF</a>
</div>
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2026/03/09/openclawusegpt/">
<span class="abstract-title-text">openclaw怎么调用gpt中的模型</span>
</a>
<div class="abstract-content">
这几天openclaw不知道为什么突然这么火,写一个调用模型教程,节点需要自备。
OpenClaw 官方文档写得很明确:它支持把 OpenAI 作为 provider,并且模型名要写成 provider/model 这种格式,例如 openai/gpt-5.2 或 openai-codex/gpt-5.2。
方案一:用 OpenAI API Key适合按量计费、直接走 API。
前置要求:一个api key
先准备好你的 OpenAI API Key,然后在命令行里执行:
1openclaw onboard --auth-choice openai-api-key
或者非交互方式:
1...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2026/03/09">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2026/03/09</span>
</div>
<!-- tags -->
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2026/02/03/2026UniCTF-web/">
<span class="abstract-title-text">UniCTF web单方向wp</span>
</a>
<div class="abstract-content">
UniCTF web单方向wp才发现哥几个都是懒勾,写脚本不写注释,下回得好好学学怎么写wp.
Websecure docai直出
解题思路(核心漏洞)
该站点只解析 XFA 表单(XML),/upload 接收 PDF,/download/.txt 回显解析文本
XFA XML 解析未禁用外部实体 → XXE 文件读取
通过在 XFA 中构造 <!ENTITY xxe SYSTEM "file:///flag">,即可回显 /flag 内容
Burp Suite + MCP 操作步骤(建议截图点)
抓包上传请...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2026/02/03">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2026/02/03</span>
</div>
<!-- tags -->
<div class="abstract-tags" >
<a class="post-tag" href="javascript:void(0);" data-tags="CTF">CTF</a>
<a class="post-tag" href="javascript:void(0);" data-tags="web">web</a>
</div>
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2026/01/31/2025chixi/">
<span class="abstract-title-text">2025下半年吃席回忆录</span>
</a>
<div class="abstract-content">
2025下半年吃席回忆录到了年终总结的时候,看看自己这学期吃了些啥,吃了什么不重要,重点在经历。
吃吃吃、吃吃吃
2025.8 青岛刚搬到吸嗨岸校区,和一直从未见过面的学长吃席,大一刚入学问了他很多问题,爽赤。
2025.9 北京第一次来北京上学,到一个学校,先品品里面的食堂,emm,这里给到拉完了(后续是点外卖比吃食堂次数多),又贵又难吃啊,吸嗨岸中的吸嗨岸qaq。
2025.9 北京都来北京上学了,总得和贵社的远古牢登吃个饭,于是和三万✌🏻、🏠博士一拍即合,16级、19级和24级顺利会晤,仨人吃了个羊蝎子。聊了聊贵社の往事。
2025.9 北京一个人被塞进了5人...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2026/02/02">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2026/01/31</span>
</div>
<!-- tags -->
<div class="abstract-tags" >
<a class="post-tag" href="javascript:void(0);" data-tags="CTF">CTF</a>
<a class="post-tag" href="javascript:void(0);" data-tags="吃席">吃席</a>
</div>
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/11/09/Pikachu/">
<span class="abstract-title-text">Pikachu</span>
</a>
<div class="abstract-content">
Pikachu靶场一直忘了刷这个靶场了,国庆结束想起来做一下,内容都非常基础所以写的比较简单,没有别的大佬的博客内容写的清晰。
暴力破解基于表单的暴力破解发现/vul/burteforce/bf_form.php是提交用的,post请求体里有username=123&password=123&submit=Login,所以扔到burpsuite里的intruder直接爆破即可
验证码绕过(onserver)输入验证码后发现验证码长期有效,所以内容应该同基于表单的暴力破解中的内容。
验证码绕过(onclient)123456789101112...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/11/10">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/11/09</span>
</div>
<!-- tags -->
<div class="abstract-tags" >
<a class="post-tag" href="javascript:void(0);" data-tags="CTF">CTF</a>
<a class="post-tag" href="javascript:void(0);" data-tags="web">web</a>
</div>
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/10/14/ycb2025-web/">
<span class="abstract-title-text">羊城杯2025-web</span>
</a>
<div class="abstract-content">
羊城杯2025-Web题目感觉出的不错,很有意思,尽力做了
ez_unserialize思路:H->__destruct() → A::start() 回显 $a->next,让它是 V。 V::__toString() 取 $this->go->$abc,设 $abc='secret' 且 go=E 触发 E::__get() → $found->check()。 F::check() 里 finalstep='u'(小写绕过 /U/),实例化 new u() 实际拿到类 U,再 ($this->step)() 触发 ...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/11/10">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/10/14</span>
</div>
<!-- tags -->
<div class="abstract-tags" >
<a class="post-tag" href="javascript:void(0);" data-tags="web">web</a>
</div>
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/10/07/bugkuawd-10-7/">
<span class="abstract-title-text">bugku-awd小记10.7</span>
</a>
<div class="abstract-content">
bugku-awd小记10.7WebSubrion CMS 4.1.4
先把源码copy下来,拿D盾扫一遍
1.文件包含漏洞fix:直接删除
2.弱口令+文件上传
管理员后台的账户密码是admin/admin,同时可以从config.inc.php 中得到数据库密码
fix:改admin弱密码
然后登录后台看到可以upload,所以攻击时考虑传马
3.sql注入在panel里
Database处可以进行SQL注入,不过flag是错的
这里去群里吹水去了,没来得及修
attack:1.文件包含访问,直接能读到flag
1http://192-168-1-67.pvp67...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/10/15">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/10/07</span>
</div>
<!-- tags -->
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/08/11/fengshentai/">
<span class="abstract-title-text">封神台2025</span>
</a>
<div class="abstract-content">
封神台wp两天的比赛,第一天好好看了,没做出来几个题,第二天出去玩拿手机看代码楞是出了俩。
技术不行,只有高校榜第四,没什么石粒,下回还要多练。
EzEchobun 内部shell的解析bug
先创建文件并将内容写入sh脚本里面,然后再执行sh
好像是1 被当作触发重定向的标识,没有写入,作为文本内容。
123/readflag1<huaji`sh<huaji`
flag{rce_eas1y_th3n_i_think}
参考https://blog.csdn.net/2401_83799022/article/details/141859729
EzPyeditor因为 t...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/10/15">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/08/11</span>
</div>
<!-- tags -->
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/07/20/NewStar-CTF-2024-Web-Week3/">
<span class="abstract-title-text">NewStar CTF 2024 Web Week3复现</span>
</a>
<div class="abstract-content">
NewStar CTF 2024 Web Week3复现平台链接https://ctf.xidian.edu.cn/training/14
紧跟上次week1和week2的题目
写于7.18和7.19
include me1234567891011121314151617181920<?phphighlight_file(__FILE__);function waf(){ if(preg_match("/<|\?|php|>|echo|filter|flag|system|file|%|&|=|`|eval/i",$_GET[...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/07/20">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/07/20</span>
</div>
<!-- tags -->
</div>
</article>
<div class="index-post-divider"></div>
<article class="index-post">
<a class="abstract-title" href="/2025/07/20/NewStar-CTF-2024-Web-Week2/">
<span class="abstract-title-text">NewStar CTF 2024 Web Week2复现</span>
</a>
<div class="abstract-content">
NewStar CTF 2024 Web Week2复现平台链接https://ctf.xidian.edu.cn/training/14
紧跟上次week1的题目
写于7.17
你能在一秒内打出八句英文吗看题目就像一个自动化测试的题,主包selenium写的比较好所以就用它了
1234567891011from selenium import webdriverfrom selenium.webdriver.common.by import Bydriver=webdriver.Firefox()driver.get("http://127.0.0.1:48254/"...
</div>
<!-- read more -->
<div class="abstract-post-meta">
<!-- date -->
<div class="abstract-date" title="Last updated: 2025/07/20">
<span class="abstract-calander iconfont-archer"></span><span class="abstract-time">2025/07/20</span>
</div>
<!-- tags -->
</div>
</article>
<div class="index-post-divider"></div>
<!-- paginator -->
<nav class="page-nav">
<span class="page-number current">1</span><a class="page-number" href="/page/2/">2</a><a class="page-number" href="/page/3/">3</a><a class="extend next" rel="next" href="/page/2/">NEXT ></a>
</nav>
</main>
<!-- profile -->
<div class="profile">
<img class="profile-avatar" alt="avatar" src="/avatar/dog.jpg" >
<div class="profile-name">Huaji</div>
<div class="profile-signature">
witness me
</div>
<div class="profile-social">
<a href="mailto:2185374541@qq.com" class="iconfont-archer email" title="email" ></a>
<a href="//github.com/HuajiHD" class="iconfont-archer github" target="_blank" title="github"></a>
</div>
<div class="friends">
<div>
FRIENDS
</div>
<span>
<a href="//www.baidu.com" target="_blank">friendA</a>
</span>
</div>
<div class="profile-link-item">
<a href="/about" class="about-me">
ABOUT ME
</a>
</div>
</div>
</div>
<footer class="footer footer-unloaded">
<!-- social -->
<div class="social">
<a href="mailto:2185374541@qq.com" class="iconfont-archer email" title="email" ></a>
<a href="//github.com/HuajiHD" class="iconfont-archer github" target="_blank" title="github"></a>
</div>
<!-- powered by Hexo -->
<div class="copyright">
<span id="hexo-power">Powered by <a href="https://hexo.io/" target="_blank">Hexo</a></span><span class="iconfont-archer power"></span><span id="theme-info">theme <a href="https://github.com/fi3ework/hexo-theme-archer" target="_blank">Archer</a></span>
</div>
<!-- website approve for Chinese user -->
<!-- 不蒜子 -->
<div class="busuanzi-container">
<span id="busuanzi_container_site_pv">PV: <span id="busuanzi_value_site_pv"></span> :)</span>
</div>
</footer>
</div>
<!-- toc -->
<!-- sidebar -->
<div class="sidebar sidebar-hide">
<ul class="sidebar-tabs sidebar-tabs-active-0">
<li class="sidebar-tab-archives"><span class="iconfont-archer"></span><span class="tab-name">Archive</span></li>
<li class="sidebar-tab-tags"><span class="iconfont-archer"></span><span class="tab-name">Tag</span></li>
<li class="sidebar-tab-categories"><span class="iconfont-archer"></span><span class="tab-name">Cate</span></li>
</ul>
<div class="sidebar-content sidebar-content-show-archive">
<div class="sidebar-panel-archives">
<!-- 在 ejs 中将 archive 按照时间排序 -->
<div class="total-and-search">
<div class="total-archive">
Total : 24
</div>
<!-- search -->
</div>
<div class="post-archive">
<div class="archive-year"> 2026 </div>
<ul class="year-list">
<li class="archive-post-item">
<span class="archive-post-date">03/16</span>
<a class="archive-post-title" href="/2026/03/16/2026ccsssc-wp/">2026软件系统安全赛 WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">03/09</span>
<a class="archive-post-title" href="/2026/03/09/openclawusegpt/">openclaw怎么调用gpt中的模型</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">02/03</span>
<a class="archive-post-title" href="/2026/02/03/2026UniCTF-web/">UniCTF web单方向wp</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">01/31</span>
<a class="archive-post-title" href="/2026/01/31/2025chixi/">2025下半年吃席回忆录</a>
</li>
</ul>
<div class="archive-year"> 2025 </div>
<ul class="year-list">
<li class="archive-post-item">
<span class="archive-post-date">11/09</span>
<a class="archive-post-title" href="/2025/11/09/Pikachu/">Pikachu</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">10/14</span>
<a class="archive-post-title" href="/2025/10/14/ycb2025-web/">羊城杯2025-web</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">10/07</span>
<a class="archive-post-title" href="/2025/10/07/bugkuawd-10-7/">bugku-awd小记10.7</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">08/11</span>
<a class="archive-post-title" href="/2025/08/11/fengshentai/">封神台2025</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/20</span>
<a class="archive-post-title" href="/2025/07/20/NewStar-CTF-2024-Web-Week2/">NewStar CTF 2024 Web Week2复现</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/20</span>
<a class="archive-post-title" href="/2025/07/20/NewStar-CTF-2024-Web-Week3/">NewStar CTF 2024 Web Week3复现</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/18</span>
<a class="archive-post-title" href="/2025/07/18/NewStar-CTF-2024-Web-Week1/">NewStar CTF 2024 Web Week1复现</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/12</span>
<a class="archive-post-title" href="/2025/07/12/YWB2025-Final/">御网杯2025线下赛</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/06</span>
<a class="archive-post-title" href="/2025/07/06/BlitzCTF-WP/">BlitzCTF-WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">07/02</span>
<a class="archive-post-title" href="/2025/07/02/Junior-Crypt-2025/">Junior.Crypt.2025 CTF</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">05/18</span>
<a class="archive-post-title" href="/2025/05/18/ISCC-WP/">ISCC2025-WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">04/20</span>
<a class="archive-post-title" href="/2025/04/20/UCSC-WP/">UCSC-WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">04/06</span>
<a class="archive-post-title" href="/2025/04/06/XYCTF-WP/">XYCTF-WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">02/16</span>
<a class="archive-post-title" href="/2025/02/16/EHAX-WP/">EHAX_WP</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">01/27</span>
<a class="archive-post-title" href="/2025/01/27/TUCTF-WP/">TUCTF_WP</a>
</li>
</ul>
<div class="archive-year"> 2024 </div>
<ul class="year-list">
<li class="archive-post-item">
<span class="archive-post-date">12/31</span>
<a class="archive-post-title" href="/2024/12/31/SQLByPass/">sql注入绕过技巧</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">12/25</span>
<a class="archive-post-title" href="/2024/12/25/vbsTestAutomation/">vbs自动化测试</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">12/06</span>
<a class="archive-post-title" href="/2024/12/06/ouc-rob-blue/">重生之我在牢山抢小蓝</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">11/27</span>
<a class="archive-post-title" href="/2024/11/27/oucBookSeminar/">研讨室预约填写信息自动化工具</a>
</li>
<li class="archive-post-item">
<span class="archive-post-date">10/27</span>
<a class="archive-post-title" href="/2024/10/27/oucAutoCheckIn/">ouc接龙管家自动晚打卡</a>
</li>
</ul>
</div>
</div>
<div class="sidebar-panel-tags">
<div class="sidebar-tags-name">
<span class="sidebar-tag-name" data-tags="CTF">
<span class="iconfont-archer"></span>
CTF
</span>
<span class="sidebar-tag-name" data-tags="吃席">
<span class="iconfont-archer"></span>
吃席
</span>
<span class="sidebar-tag-name" data-tags="web">
<span class="iconfont-archer"></span>
web
</span>
<span class="sidebar-tag-name" data-tags="ctf">
<span class="iconfont-archer"></span>
ctf
</span>
<span class="sidebar-tag-name" data-tags="writeup">
<span class="iconfont-archer"></span>
writeup
</span>
<span class="sidebar-tag-name" data-tags="writeups">
<span class="iconfont-archer"></span>
writeups
</span>
<span class="sidebar-tag-name" data-tags="python">
<span class="iconfont-archer"></span>
python
</span>
<span class="sidebar-tag-name" data-tags="青龙面板">
<span class="iconfont-archer"></span>
青龙面板
</span>
<span class="sidebar-tag-name" data-tags="vbs">
<span class="iconfont-archer"></span>
vbs
</span>
</div>
<div class="iconfont-archer sidebar-tags-empty"></div>
<div class="tag-load-fail" style="display: none; color: #ccc; font-size: 0.6rem;">
缺失模块,请参考主题文档进行安装配置:https://github.com/fi3ework/hexo-theme-archer#%E5%AE%89%E8%A3%85%E4%B8%BB%E9%A2%98
</div>
<div class="sidebar-tags-list"></div>
</div>
<div class="sidebar-panel-categories">
<div class="sidebar-categories-name">
</div>
<div class="iconfont-archer sidebar-categories-empty"></div>
<div class="sidebar-categories-list"></div>
</div>
</div>
</div>
<!-- site-meta -->
<script>
var siteMetaRoot = "/"
if (siteMetaRoot === "undefined") {
siteMetaRoot = '/'
}
var siteMeta = {
url: "http://huajihd.github.io",
root: siteMetaRoot,
author: "Huaji"
}
</script>
<!-- import experimental options here -->
<!-- Custom Font -->
<!-- main func -->
<script src="/scripts/main.js"></script>
<!-- fancybox -->
<script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0.36/dist/fancybox/fancybox.umd.js" onload="window.Fancybox.bind('[data-fancybox]')" defer></script>
<!-- algolia -->
<!-- busuanzi -->
<script src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script>
<!-- async load share.js -->
<!-- mermaid -->
</body>
</html>