题目地址:https://buuoj.cn/challenges#%E8%A2%AB%E5%8A%AB%E6%8C%81%E7%9A%84%E7%A5%9E%E7%A7%98%E7%A4%BC%E7%89%A9

BUUCTF:被劫持的神秘礼物_php


BUUCTF:被劫持的神秘礼物_php_02


wireshark打开分析

BUUCTF:被劫持的神秘礼物_用户名_03


过滤http的包

BUUCTF:被劫持的神秘礼物_php_04


发现这个包貌似登录,追踪一下这个包

BUUCTF:被劫持的神秘礼物_用户名_05


貌似用户名和密码

PS C:\Users\Administrator> php -r "echo md5('adminaadminb');"
1d240aafe21a86afc11f38a45b541a49
flag{1d240aafe21a86afc11f38a45b541a49}