CTF-安恒19年二月月赛部分writeup

MISC1-来玩个游戏吧

题目:

第一关,一眼可以看出是盲文,之前做过类似题目

拿到在线网站解一下

??41402abc4b2a76b9719d911017c592,那么就奇怪了,这个??是什么东西,数一下加上??正好32位,应该是个MD5了,索性直接百度一下,

第一关答案出来了,试过了MD5值不对,hello是正确的,下一关。

第二关提示

没见过这种的,还是百度一下,

下载了这个脚本后执行命令

fastcoll_v1.0.0.5.exe -p C:\windows\notepad.exe -o D:\notepad1.exe D:\notepad2.exe

(因为没有规定文件名啥的就直接复制他的命令了)

直接将文件路径复制到文本框即可

Dear Professional ; Especially for you - this cutting-edge
intelligence ! If you no longer wish to receive our
publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our club .
This mail is being sent in compliance with Senate bill
, Title ; Section ! THIS IS NOT MULTI-LEVEL
MARKETING . Why work for somebody else when you can
become rich as few as weeks . Have you ever noticed
more people than ever are surfing the web and people
will do almost anything to avoid mailing their bills
. Well, now is your chance to capitalize on this !
WE will help YOU decrease perceived waiting time by
% & decrease perceived waiting time by % . You
can begin at absolutely no cost to you . But don't
believe us ! Mrs Jones of Minnesota tried us and says
"I was skeptical but it worked for me" . We assure
you that we operate within all applicable laws . Because
the Internet operates on "Internet time" you must act
now ! Sign up a friend and your friend will be rich
too . Warmest regards . Dear Cybercitizen , We know
you are interested in receiving red-hot announcement
! We will comply with all removal requests ! This mail
is being sent in compliance with Senate bill 1619 ;
Title 2 ; Section 301 . This is NOT unsolicited bulk
mail ! Why work for somebody else when you can become
rich within 53 MONTHS ! Have you ever noticed more
people than ever are surfing the web and more people
than ever are surfing the web . Well, now is your chance
to capitalize on this . We will help you use credit
cards on your website plus decrease perceived waiting
time by 150% . The best thing about our system is that
it is absolutely risk free for you ! But don't believe
us ! Mrs Simpson of Washington tried us and says "Now
I'm rich, Rich, RICH" . We assure you that we operate
within all applicable laws ! We beseech you - act now
! Sign up a friend and your friend will be rich too
. Thank-you for your serious consideration of our offer
! Dear Friend ; This letter was specially selected
to be sent to you ! If you no longer wish to receive
our publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our mailing
list . This mail is being sent in compliance with Senate
bill 2716 , Title 2 ; Section 306 ! This is a ligitimate
business proposal . Why work for somebody else when
you can become rich inside 33 weeks . Have you ever
noticed more people than ever are surfing the web plus
more people than ever are surfing the web . Well, now
is your chance to capitalize on this ! WE will help
YOU SELL MORE and process your orders within seconds
. You can begin at absolutely no cost to you . But
don't believe us ! Mrs Jones of Kentucky tried us and
says "I was skeptical but it worked for me" ! This
offer is % legal ! We implore you - act now . Sign
up a friend and you'll get a discount of 50% . God
Bless .

题目提示了:需要一个在线的网站去解密,而这个网站使用了栅格密码。

栅格密码也没听说过,还是百度

搜索关键字Spam Mimic到网站 http://www.spammimic.com/解码

flag为:flag{a0dd1e2e6b87fe47e5ad0184dc291e04}

MISC2-简单的流量分析

题目:

过滤http协议,按照info排序一下

发现存在/xinhu/robots.txt

追踪http流到/xinhu/robots.txt

发现abc.html,继续跟进

发现MD5和两串DES

md5 0x99a98e067af6b09e64f3740767096c96

DES 0xb19b21e80c685bcb052988c11b987802d2f2808b2c2d8a0d    (->)

DES 0x684a0857b767672d52e161aa70f6bdd07c0264876559cb8b    (->)

继续向下分析,发现都是IPSec加密后的流量,尝试使用前面给的MD5和DES解密

wireshark进入Preference菜单下的Profile,找到ESP, 配置如下:

此时再次过滤http发现有部分响应包带上了数字,102 108 转换为ASCII码则为f l 所以统一提取转换。

a = [102,108,97,103,123,50,55,98,48,51,98,55,53,56,102,50,53,53,50,55,54,101,53,97,57,56,100,97,48,101,49,57,52,55,98,101,100,125]
flag = ''
for i in a:
flag +=chr(i)
print flag

flag:flag{27b03b758f255276e5a98da0e1947bed}

CRYPTO1-hahaha

题目:

压缩包题目,其实看到这压缩包里的短位CRC32应该就能猜出是CRC32爆破了

当然也可以一步一步排除一下

首先binwalk分析得出非伪加密,爆破的话没有提示,不理想。

所以直接上脚本

所以加起来就是tanny_is_very_beautifu1_

哈哈

按照给的提示,flag应该是flag{1or! 2or@ sechn}

然后给了sha1值,应该是要爆破了。。。

当时做到这里就停了,因为不会写脚本了

下面献上一叶飘零大佬的脚本

import itertools
import hashlib def sha1(str):
sha = hashlib.sha1(str)
encrypts = sha.hexdigest()
return encrypts
a1 = '1!'
a2 = '2@'
a3 = '{'
a4 = '}'
for str1 in itertools.combinations(a1,1):
for str2 in itertools.combinations(a2,1):
str3 = str1[0]+str2[0]+'sechn'
for i in itertools.permutations(str3):
tmp = (''.join(i))
res = 'flag{'+tmp+'}'
# print sha1(res)
if sha1(res) == 'e6079c5ce56e781a50f4bf853cdb5302e0d8f054':
print res
break

flag:flag{sh@1enc}

小结:web没做出来太菜,pwn刚起步,压根没看,密码2也没做出来,需要的脑洞太大了,另外膜飘零师傅。

参考:https://www.anquanke.com/post/id/171543

CTF-安恒19年二月月赛部分writeup的更多相关文章

  1. CTF-安恒19年一月月赛部分writeup

    CTF-安恒19年一月月赛部分writeup MISC1-赢战2019 是一道图片隐写题 linux下可以正常打开图片,首先到binwalk分析一下. 里面有东西,foremost分离一下 有一张二维 ...

  2. CTF-安恒18年十二月月赛部分writeup

    CTF-安恒十二月月赛部分writeup 这次题目都比较简单蛤,连我这菜鸡都能做几道. WEB1-ezweb2 打开网站,啥也没有,审计源代码,还是啥都没有,也没什么功能菜单,扫了一下目录,扫到了ad ...

  3. CTF-安恒18年十一月月赛部分writeup

    安恒十一月月赛writeup 昨天做了一下十一月的题目,不才只做出来几道 签到web1 这个是十月的原题,因为忘了截图所以只能提供思路 Web消息头包含了登陆框的密码 输入密码后进入上传页面,上传一句 ...

  4. 【CTF】2019湖湘杯 miscmisc writeup

    题目来源:2019湖湘杯 题目链接:https://adworld.xctf.org.cn/task/answer?type=misc&number=1&grade=1&id= ...

  5. 安恒杯2月月赛-应该不是xss

    1. 打开题目一看,是个留言板 2. 查看源码发现有几个js文件 依次打开发现在main.js里存在这样一段代码 3. 访问 /#login是登录的界面,/#chgpass是修改密码的界面,其中修改密 ...

  6. 安恒杯11月月赛web题目-ezsql详细记录

    通过此题目可以学习到 1.通过load_file+like来盲注获取文件内容 2.php魔术方法__get函数的用法 3.bypass  linux命令过滤 题目中给了注册和登录的功能,没有源码泄露 ...

  7. 2018安恒杯11月月赛 MISC

    题目放评论了 Numeric password 这次隐写没有按照套路出牌,很强. 记录一下 看来自主学习的能力很有待提高. 打开Numeric password.txt 中华文化博大精深,近日在教小外 ...

  8. 安恒2018年三月月赛MISC蜘蛛侠呀

    到处都是知识盲区hhh 下载了out.pcap之后,里面有很多ICMP包 看到ttl之后联想到西湖论剑里面的一道杂项题,无果 看WP知道可以使用wireshark的tshark命令提取流量包里面的文件 ...

  9. 【CTF】CTFHub 技能树 文件头检查 writeup

    PHP一句话木马 <?php @eval($_POST["pass"]);?> <?php eval($_REQUEST["pass"]);? ...

随机推荐

  1. windows10 彻底卸载 Docker 和 DockerNAT

    删除docker程序 记事本新建脚本文件 a.ps1,内容如下: $ErrorActionPreference = "SilentlyContinue" kill -force - ...

  2. scala基础入门

    1.scala当中申明值和变量 scala当中的变量申明可以使用两种方式,第一种使用val来申明变量.第二种使用var来申明变量. 申明变量语法 val/var 变量名 [:变量类型] = 变量值 其 ...

  3. Angular2 *ngFor把数据显示在多个input中出错解决方法

    点击添加按钮会自动添加一个空的input组 html <div class="form-inline"> <label class="form-cont ...

  4. 【OpenCV】透视变换矫正

    演示结果参考: 功能实现:运行程序,会显示图片的尺寸,按回车键后,依次点击需矫正的图片的左上.右上.左下.右下角,并能显示其坐标,结果弹出矫正后的图片,如图上的PIC2对话框.可以继续选择图片四个点进 ...

  5. Java对html标签的过滤和清洗

    OWASP HTML Sanitizer 是一个简单快捷的java类库,主要用于放置XSS 优点如下: 1.使用简单.不需要繁琐的xml配置,只用在代码中少量的编码 2.由Mike Samuel(谷歌 ...

  6. python中执行shell命令

    查看输出结果 import os output = os.popen('cat 6018_gap_5_predict/solusion2/solusion2_0-1.txt | wc -l') pri ...

  7. [POI2006]TET-Tetris 3D

    题目 二维线段树板子题啊 但是惊讶的发现我不会打标记 毕竟内层是线段树不能\(pushup\)也不能\(pushdown\) 于是考虑一下标记永久化 其实非常显然\(mx_i\)表示区间最大值,\(t ...

  8. 3、Spring Cloud - Eureka(构建服务端/客户端)

    3.1.Eureka简介 3.1.1.什么是 Eureka 和Consul.Zookeeper 类似, Eureka 是一个用于服务注册和发现的组件,最开始主要应用 于亚马逊公司旗下的云计算服务平台 ...

  9. java动态代理的基本思想以及简单的实现

    代理模式 本人参考于代理模式及Java实现动态代理  不作为商业用途,只是借鉴于其思路.侵权即删. 原理:给某个对象提供一个代理对象,并且由代理对象控制原对象的访问,即不直接操控原对象,而是通过代理对 ...

  10. Gradle Goodness: Parse Files with SimpleTemplateEngine in Copy Task

    With the copy task of Gradle we can copy files that are parsed by Groovy's SimpleTemplateEngine. Thi ...