首页 > 技术文章 > 拟态web3

buchuo 2020-06-21 09:42 原文


package main

import (

var (
	secret   = "xiaomo.wabzsy"
	banner   = "Golang HTTP Server (v2.3.3)"
	template = `<!DOCTYPE html>
		<title>San Check</title>
		<form method="POST">
			<input type="text" name="url" />
			<input type="submit" value="淦!" />
	<!-- ./sancheck.php -->

func SanCheck(input string) error {
	u, err := url.Parse(input)

	if err != nil {
		return err

	if u.Scheme != "http" {
		return fmt.Errorf("err: Invalid Scheme [%s]", u.Scheme)

	if u.Opaque != "" {
		return fmt.Errorf("err: WHAT AER YOU DOING ?!!! (%s)", u.Opaque)

	if u.Hostname() != "" {
		return fmt.Errorf("err: Invalid Hostname [%s]", u.Hostname())

	if u.Port() != "" && u.Port() != "80" {
		return fmt.Errorf("err: Invalid Port [%s]", u.Port())

	if u.User == nil {
		return fmt.Errorf("err: Authorization Required")

	if u.User.Username() != "root" {
		return fmt.Errorf("err: Invalid Username [%s]", u.User.Username())

	if password, set := u.User.Password(); !set || password != "P@ssw0rd!" {
		return fmt.Errorf("err: Invalid Password [%s]", password)

	if u.RequestURI() != "/flag.php" {
		return fmt.Errorf("err: Invalid RequestURI [%s]", u.RequestURI())

	if u.Fragment != "" {
		return fmt.Errorf("err: Invalid Fragment [%s]", u.Fragment)

	if !strings.Contains(u.String(), "'Pwned!'") {
		return fmt.Errorf("err: San Check failed")

	return nil

func DefaultHandler(w http.ResponseWriter, req *http.Request) {


	if input == "" {
		Response(w, template, "Where is the flag?")

	if err := SanCheck(input); err == nil {
		req, _ := http.NewRequest("GET", input, nil)
		req.Header.Add("Secret", secret)
		if resp, err := (&http.Client{}).Do(req); err == nil {
			if body, err := ioutil.ReadAll(resp.Body); err == nil {
				Response(w, template, string(body))
			_ = resp.Body.Close()
		} else {
			Response(w, template, err.Error())
	} else {
		Response(w, template, err.Error())

func FlagHandler(w http.ResponseWriter, req *http.Request) {
	if strings.Join(req.Header["Secret"], "") != secret {
	} else if !strings.HasPrefix(req.RemoteAddr, "") {
	} else {
		Response(w, "<h1>%s</h1>", readFlag())

func readFlag() string {
	if bs, err := ioutil.ReadFile("./flag.txt"); err == nil {
		return string(bs)
	} else {
		return fmt.Sprintf("Unable to read flag.txt, please contact technical support.(%s)", err.Error())

func CodeHandler(w http.ResponseWriter, _ *http.Request) {
	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
	w.Header().Set("Server", banner)
	if bs, err := ioutil.ReadFile("main.go"); err == nil {
		_, _ = w.Write(bs)
	} else {
		_, _ = w.Write(
				fmt.Sprintf("Unable to read main.go, please contact technical support.(%s)",

func Forbidden(w http.ResponseWriter) {
	Response(w, "<h1>%s</h1>", "403 Forbidden")

func Response(w http.ResponseWriter, tpl string, response string) {
	w.Header().Set("Content-Type", "text/html; charset=utf-8")
	w.Header().Set("Server", banner)
	if _, err := fmt.Fprintf(w, tpl, response); err != nil {

func main() {
	http.HandleFunc("/", DefaultHandler)
	http.HandleFunc("/flag.php", FlagHandler)
	http.HandleFunc("/sancheck.php", CodeHandler)
	log.Fatal(http.ListenAndServe(":80", nil))



