Your target is not very good with computers. Try and guess their password to see if they may be hiding anything!
网站首页登陆界面
根据提示进行密码猜解
BP爆破得到密码,同时在响应包里面得到flag
Some underground hackers are developing a new command and control server. Can you break in and see what they are up to?
因为不知道账号没办法爆破,先使用bp扫描,发现存在高危漏洞
可以看到是一个简单的布尔盲注,万能密码得到提示
提示Under Construction
可能是文件读取,尝试将home替换为flag,读取得到flag
原文:https://www.cnblogs.com/qftm/p/11257493.html