码上快乐

相关内容   简体   繁体

2020-第三届江西省高校网络安全技能大赛

本文转载自  查看原文  2020-08-29 21:39  955    CTF

Misc-Hello

拿到一串字符串Q01JU0NDVEZ7V2VsY29tZV9DVEZlciF9

猜测是base64编码

image-20200828120454894

解得CMISCCTF{Welcome_CTFer!}

Misc-encrypt

打开flag.txt

经过两次base64解码得到

  1. UTAxSlUwTkRWRVo3Um1GclpWOWxibU55ZVhCMGFXOXVmUT09
  2. Q01JU0NDVEZ7RmFrZV9lbmNyeXB0aW9ufQ==
  3. CMISCCTF{Fake_encryption}

Misc-jump

010editor打开发现是gif动态图

使用stegsolve分割帧即可看到flag

image-20200828172653884

Misc-Trees

使用stegsolve软件打开图片,

打开red plane7通道

image-20200828121912312

发现可以看到一些点组成的字母

观察可得flag,值得注意的是的是中间有一个下划线

CMISCCTF{coconut_tree}

正解

from PIL import Image
img=Image.open('enc.png')
w,h=img.width,img.height
ans=Image.new("RGB",(w//16,h//16))
for x in range(w//16):
	for y in range(h//16):
		(r,g,b)=img.getpixel((x*16,y*16))
#		print (r,g,b)
		ans.putpixel((x,y),(r,g,b))
ans.save('ok.png')

ok

Misc-Burps

image-20200829233336663

根据压缩包和题目提示应该是CRC碰撞

#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: crc.py
@time: 2020/8/29 22:47
'''
import binascii
import string

dic = string.printable  # 打印出字符表
# print dic
dic = "abcdefghijklmnopqrstuvwxyz_"

crc1 = 0x6083a1c8

crc2 = 0xce70d424
crc3 = 0xc3f17511
crc4 = 0x526fd582

crc5 = 0x30e25038
crc6 = 0xaa3e6aea
text1 = ''
text2 = ''
text3 = ''
text4 = ''
text5 = ''
text6 = ''
# 4字节所以四个循环
for i in dic:
    for j in dic:
        for n in dic:
            for m in dic:
                s = i + j + n + m
                if (crc1 == (binascii.crc32(s) & 0xffffffff)):
                    text1 = s
                if (crc2 == (binascii.crc32(s) & 0xffffffff)):
                    text2 = s
                if (crc3 == (binascii.crc32(s) & 0xffffffff)):
                    text3 = s
                if (crc4 == (binascii.crc32(s) & 0xffffffff)):
                    text4 = s
                if (crc5 == (binascii.crc32(s) & 0xffffffff)):
                    text5 = s
                if (crc6 == (binascii.crc32(s) & 0xffffffff)):
                    text6 = s
print text1 + text2 + text3 + text4 + text5 + text6

出密码the_password_here_cipher

出flagCMISCCTF{how_to_burp_by_coding}

how_to_burp_by_coding

参考博客

Misc-qrcode


image-20200829221021489

image-20200829221040803

image-20200829220956869

CMISCCTF{qr_c0de_r3c0very}

Crypto-Round

观察推测应该是凯撒密码

于是写脚本

#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: 4.py
@time: 2020/8/28 13:43
'''

lstr = """:D@J::K=r<ecXi^\[V:X\jXit"""

for p in range(127):
    str1 = ''
    for i in lstr:
        temp = chr((ord(i) + p) % 127)
        if 32 < ord(temp) < 127:
            str1 = str1 + temp
            feel = 1
        else:
            feel = 0
            break
    if feel == 1:
        print(str1)

得到结果

:D@J::K=r<ecXi^\[V:X\jXit
;EAK;;L>s=fdYj_]\W;Y]kYju
<FBL<<M?t>geZk`^]X<Z^lZkv
=GCM==N@u?hf[la_^Y=[_m[lw
>HDN>>OAv@ig\mb`_Z>\`n\mx
?IEO??PBwAjh]nca`[?]ao]ny
@JFP@@QCxBki^odba\@^bp^oz
AKGQAARDyClj_pecb]A_cq_p{
BLHRBBSEzDmk`qfdc^B`dr`q|
CMISCCTF{Enlarged_Caesar}
DNJTDDUG|Fombshfe`Dbftbs~
!+'1!!2$Y#LJ?PECB=!?CQ?P[
",(2""3%Z$MK@QFDC>"@DR@Q\
#-)3##4&[%NLARGED?#AESAR]
$.*4$$5'\&OMBSHFE@$BFTBS^
%/+5%%6(]'PNCTIGFA%CGUCT_
&0,6&&7)^(QODUJHGB&DHVDU`
'1-7''8*_)RPEVKIHC'EIWEVa
(2.8((9+`*SQFWLJID(FJXFWb
)3/9)):,a+TRGXMKJE)GKYGXc
*40:**;-b,USHYNLKF*HLZHYd
+51;++<.c-VTIZOMLG+IM[IZe
,62<,,=/d.WUJ[PNMH,JN\J[f
-73=-->0e/XVK\QONI-KO]K\g
.84>..?1f0YWL]RPOJ.LP^L]h
/95?//@2g1ZXM^SQPK/MQ_M^i
0:6@00A3h2[YN_TRQL0NR`N_j
1;7A11B4i3\ZO`USRM1OSaO`k
2<8B22C5j4][PaVTSN2PTbPal
3=9C33D6k5^\QbWUTO3QUcQbm
4>:D44E7l6_]RcXVUP4RVdRcn
5?;E55F8m7`^SdYWVQ5SWeSdo
6@<F66G9n8a_TeZXWR6TXfTep
7A=G77H:o9b`Uf[YXS7UYgUfq
8B>H88I;p:caVg\ZYT8VZhVgr
9C?I99J<q;dbWh][ZU9W[iWhs

找到flag

CMISCCTF{Enlarged_Caesar}

Reverse-Babyre

常规逆向

使用IDA打开

使用Hex-view查看字符串

于是发现了flag

image-20200828174226509

CMISCCTF{Hello_CTF_Player_this_is_singin2}

Web-Audit

因为得到的是log日志文件

用vscode打开

使用网站http://ctf.ssleye.com/url.html进行URL编码的解码

观察发现应该是sqlmap的盲注日志

写脚本

#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: 3.py
@time: 2020/8/28 13:07
'''
import re
import urllib
# ‪D:/ide/VMware 15.5.0/unite1/s/sj.log
f = open('D:/sj.log', 'r')  
lines = f.readlines()
datas = []
for line in lines:
    t = urllib.unquote(line)  
    if '1765' in t and 'flag' in t: 
        datas.append(t)

flag_ascii = {}
for data in datas:
    matchObj = re.search(r'LIMIT 0,1\),(.*?),1\)\)>(.*?) AND', data)  
    if matchObj:
        key = int(matchObj.group(1))  
        value = int(matchObj.group(2)) + 1  
        flag_ascii[key] = value  

flag = ''
for value in flag_ascii.values():
    flag += chr(value)
print flag

运行得到答案CMISCCTF{boring_audit}

web_scanner

sadafadas

总结

image-20200829222021518

算是第二场CTF,

尽管成绩不理想,无缘决赛,但是还是有所收获的,点名表扬中国好队友@校草


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 2020第三届江西省高校网络安全技能大赛线下解题赛部分wp 第三届江西省网络安全大赛-部分Crypto 第三届“百越杯”福建省高校网络空间安全大赛_Do you know upload? CTF-i春秋-Web-文件包含漏洞、文件上传漏洞-Do you know upload?-第三届“百越杯”福建省高校网络空间安全大赛 第三届4.29“安恒杯”网络安全技术大赛初赛wirteup心得-WEB 2021年江西省网络安全大赛初赛MISC:extractall(循环解压+斐波那契脑洞) [第三届全国中学生网络安全竞赛初赛] WriteUp 第三届山东省青少年创意编程与智能设计大赛总结 第三届“传智杯”全国大学生IT技能大赛(初赛A组)题解 浙江省第三届大学生网络与信息安全竞赛WP
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM