Take a brief look at the structure of the file,just reverse Vuln.class,we got source
import org.apache.logging.log4j.Logger;
import java.util.Scanner;
import org.apache.logging.log4j.LogManager;
//
// Decompiled by Procyon v0.5.36
//
public class Vuln
{
public static void main(final String[] array) {
try {
final Logger logger = LogManager.getLogger((Class)Vuln.class);
System.out.println("What is your favourite CTF?");
final String next = new Scanner(System.in).next();
if (next.toLowerCase().contains("dragon")) {
System.out.println("<3");
System.exit(0);
}
if (next.toLowerCase().contains("hxp")) {
System.out.println(":)");
}
else {
System.out.println(":(");
logger.error("Wrong answer: {}", (Object)next);
}
}
catch (Exception x) {
System.err.println(x);
}
}
}
Obviously the latest log4j vulnerability,just try for this
we got worng,so ,let see about Dockerfile
I got know,flag is in environment .
lets do this。
got flag!
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容