World of Attack&Defense Day1

Hey guys, here’s CHENNIGHT, the best programmer one day in the future. Today is the second last day of my winter break and I still have a lot of essays to write and I did not start doing my HW for the winter break yet.

Whatever, today is a boring day, when I browse a boring forum about CS, I found a really interesting thing(with a really silly name: The world of attack&defense, a Chinese CS website) and it seems that I can find a lot of thing fun here and Let’s go.

I am more interested in web and definitely and new for this stuff so choose exercise area (after I click this, I find there are a lot of practice problems for me to do, just like the picture below shows)

Actually not a lot. There are just only twelve questions.

Start from the first one: view_Source(Sounds really easy for me hn?)

It’s actually pretty confusing for me, as you can see below(hope you can understand English, the description of this question is that a teacher asks Ning to find out a resource code for a website but Ning found the right click of his mouse does not work…hmmm…). This description is not helpful at all.

Let me try what will happen if I click the button here(showing the scene).

After I click the button, I got an IP address and also I got the source code of that IP address. (Ctrl+U)

But I still do not know what I am doing and what should I do

Maybe I should just type in the cyberpeace#? (I do not know what does cyberspeace mean though)

And…. It’s incorrect.

I tried a lot of ways and all of them do not work. I even tried looking the “answer” of it and it’s still pretty confusing.

This is what I did but I did not get the thing that I want.

After a few thousands year, I type in the same thing and it works. (so confused)

Anyway, let us focus on the second question.

It’s a question about the “robot” protocol on the web.

This one is much easier than the first one. The IP address I got is ” http://111.198.29.45:45769/ ” and what should I do is just add “robots.txt” after this address. Therefore I go to the address” http://111.198.29.45:45769/robots.txt” and then I got information from this address.

And then go the address” http://111.198.29.45:45769/flag_1s_h3re.php” so that we can get the flag.

EZ question. Move to the next question.

Btw, here’s the information on what’s robots protocol.

It’s a question about back-up. This is another easy question. The back-up file should be/index.php.bak

I can not open this .bak file directly so I choose to open cmd and use “type” to show the information.

And…. The flag is here. I can move to the next question.


This question is quite interesting. Cookie in web does not equal to the cookie that we eat. Fun.

Do not want to say much trash talk here. Just move to the next question.

How to click the disabled button?

Got the Flag

Attention, please!

In order to finish these easy questions Faster, I am gonna put the questions and pictures. Only a little trash talk you will see later.

WAD WEB-weak_auth

Problem

This is a really difficult question. For all the things that I do not know how to do it, I choose to use google or Youtube. And for this problem, I need to use a tool called BurpSuite.

It may take a while for me to finish this question.

So. that’s all for today.

Leave a Reply