CTF-安恒19年二月月赛部分writeup
CTF-安恒19年二月月赛部分writeup
MISC1-来玩个游戏吧
题目:
第一关,一眼可以看出是盲文,之前做过类似题目
拿到在线网站解一下
??41402abc4b2a76b9719d911017c592,那么就奇怪了,这个??是什么东西,数一下加上??正好32位,应该是个MD5了,索性直接百度一下,
第一关答案出来了,试过了MD5值不对,hello是正确的,下一关。
第二关提示
没见过这种的,还是百度一下,
下载了这个脚本后执行命令
fastcoll_v1.0.0.5.exe -p C:\windows\notepad.exe -o D:\notepad1.exe D:\notepad2.exe
(因为没有规定文件名啥的就直接复制他的命令了)
直接将文件路径复制到文本框即可
Dear Professional ; Especially for you - this cutting-edge
intelligence ! If you no longer wish to receive our
publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our club .
This mail is being sent in compliance with Senate bill
, Title ; Section ! THIS IS NOT MULTI-LEVEL
MARKETING . Why work for somebody else when you can
become rich as few as weeks . Have you ever noticed
more people than ever are surfing the web and people
will do almost anything to avoid mailing their bills
. Well, now is your chance to capitalize on this !
WE will help YOU decrease perceived waiting time by
% & decrease perceived waiting time by % . You
can begin at absolutely no cost to you . But don't
believe us ! Mrs Jones of Minnesota tried us and says
"I was skeptical but it worked for me" . We assure
you that we operate within all applicable laws . Because
the Internet operates on "Internet time" you must act
now ! Sign up a friend and your friend will be rich
too . Warmest regards . Dear Cybercitizen , We know
you are interested in receiving red-hot announcement
! We will comply with all removal requests ! This mail
is being sent in compliance with Senate bill 1619 ;
Title 2 ; Section 301 . This is NOT unsolicited bulk
mail ! Why work for somebody else when you can become
rich within 53 MONTHS ! Have you ever noticed more
people than ever are surfing the web and more people
than ever are surfing the web . Well, now is your chance
to capitalize on this . We will help you use credit
cards on your website plus decrease perceived waiting
time by 150% . The best thing about our system is that
it is absolutely risk free for you ! But don't believe
us ! Mrs Simpson of Washington tried us and says "Now
I'm rich, Rich, RICH" . We assure you that we operate
within all applicable laws ! We beseech you - act now
! Sign up a friend and your friend will be rich too
. Thank-you for your serious consideration of our offer
! Dear Friend ; This letter was specially selected
to be sent to you ! If you no longer wish to receive
our publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our mailing
list . This mail is being sent in compliance with Senate
bill 2716 , Title 2 ; Section 306 ! This is a ligitimate
business proposal . Why work for somebody else when
you can become rich inside 33 weeks . Have you ever
noticed more people than ever are surfing the web plus
more people than ever are surfing the web . Well, now
is your chance to capitalize on this ! WE will help
YOU SELL MORE and process your orders within seconds
. You can begin at absolutely no cost to you . But
don't believe us ! Mrs Jones of Kentucky tried us and
says "I was skeptical but it worked for me" ! This
offer is % legal ! We implore you - act now . Sign
up a friend and you'll get a discount of 50% . God
Bless .
题目提示了:需要一个在线的网站去解密,而这个网站使用了栅格密码。
栅格密码也没听说过,还是百度
搜索关键字Spam Mimic到网站 http://www.spammimic.com/解码
flag为:flag{a0dd1e2e6b87fe47e5ad0184dc291e04}
MISC2-简单的流量分析
题目:
过滤http协议,按照info排序一下
发现存在/xinhu/robots.txt
追踪http流到/xinhu/robots.txt
发现abc.html,继续跟进
发现MD5和两串DES
md5 0x99a98e067af6b09e64f3740767096c96 DES 0xb19b21e80c685bcb052988c11b987802d2f2808b2c2d8a0d (->) DES 0x684a0857b767672d52e161aa70f6bdd07c0264876559cb8b (->)
继续向下分析,发现都是IPSec加密后的流量,尝试使用前面给的MD5和DES解密
wireshark进入Preference菜单下的Profile,找到ESP, 配置如下:
此时再次过滤http发现有部分响应包带上了数字,102 108 转换为ASCII码则为f l 所以统一提取转换。
a = [102,108,97,103,123,50,55,98,48,51,98,55,53,56,102,50,53,53,50,55,54,101,53,97,57,56,100,97,48,101,49,57,52,55,98,101,100,125]
flag = ''
for i in a:
flag +=chr(i)
print flag
flag:flag{27b03b758f255276e5a98da0e1947bed}
CRYPTO1-hahaha
题目:
压缩包题目,其实看到这压缩包里的短位CRC32应该就能猜出是CRC32爆破了
当然也可以一步一步排除一下
首先binwalk分析得出非伪加密,爆破的话没有提示,不理想。
所以直接上脚本
所以加起来就是tanny_is_very_beautifu1_
哈哈
按照给的提示,flag应该是flag{1or! 2or@ sechn}
然后给了sha1值,应该是要爆破了。。。
当时做到这里就停了,因为不会写脚本了
下面献上一叶飘零大佬的脚本
import itertools
import hashlib def sha1(str):
sha = hashlib.sha1(str)
encrypts = sha.hexdigest()
return encrypts
a1 = '1!'
a2 = '2@'
a3 = '{'
a4 = '}'
for str1 in itertools.combinations(a1,1):
for str2 in itertools.combinations(a2,1):
str3 = str1[0]+str2[0]+'sechn'
for i in itertools.permutations(str3):
tmp = (''.join(i))
res = 'flag{'+tmp+'}'
# print sha1(res)
if sha1(res) == 'e6079c5ce56e781a50f4bf853cdb5302e0d8f054':
print res
break
flag:flag{sh@1enc}
小结:web没做出来太菜,pwn刚起步,压根没看,密码2也没做出来,需要的脑洞太大了,另外膜飘零师傅。
参考:https://www.anquanke.com/post/id/171543
CTF-安恒19年二月月赛部分writeup的更多相关文章
- CTF-安恒19年一月月赛部分writeup
CTF-安恒19年一月月赛部分writeup MISC1-赢战2019 是一道图片隐写题 linux下可以正常打开图片,首先到binwalk分析一下. 里面有东西,foremost分离一下 有一张二维 ...
- CTF-安恒18年十二月月赛部分writeup
CTF-安恒十二月月赛部分writeup 这次题目都比较简单蛤,连我这菜鸡都能做几道. WEB1-ezweb2 打开网站,啥也没有,审计源代码,还是啥都没有,也没什么功能菜单,扫了一下目录,扫到了ad ...
- CTF-安恒18年十一月月赛部分writeup
安恒十一月月赛writeup 昨天做了一下十一月的题目,不才只做出来几道 签到web1 这个是十月的原题,因为忘了截图所以只能提供思路 Web消息头包含了登陆框的密码 输入密码后进入上传页面,上传一句 ...
- 【CTF】2019湖湘杯 miscmisc writeup
题目来源:2019湖湘杯 题目链接:https://adworld.xctf.org.cn/task/answer?type=misc&number=1&grade=1&id= ...
- 安恒杯2月月赛-应该不是xss
1. 打开题目一看,是个留言板 2. 查看源码发现有几个js文件 依次打开发现在main.js里存在这样一段代码 3. 访问 /#login是登录的界面,/#chgpass是修改密码的界面,其中修改密 ...
- 安恒杯11月月赛web题目-ezsql详细记录
通过此题目可以学习到 1.通过load_file+like来盲注获取文件内容 2.php魔术方法__get函数的用法 3.bypass linux命令过滤 题目中给了注册和登录的功能,没有源码泄露 ...
- 2018安恒杯11月月赛 MISC
题目放评论了 Numeric password 这次隐写没有按照套路出牌,很强. 记录一下 看来自主学习的能力很有待提高. 打开Numeric password.txt 中华文化博大精深,近日在教小外 ...
- 安恒2018年三月月赛MISC蜘蛛侠呀
到处都是知识盲区hhh 下载了out.pcap之后,里面有很多ICMP包 看到ttl之后联想到西湖论剑里面的一道杂项题,无果 看WP知道可以使用wireshark的tshark命令提取流量包里面的文件 ...
- 【CTF】CTFHub 技能树 文件头检查 writeup
PHP一句话木马 <?php @eval($_POST["pass"]);?> <?php eval($_REQUEST["pass"]);? ...
随机推荐
- windows10 彻底卸载 Docker 和 DockerNAT
删除docker程序 记事本新建脚本文件 a.ps1,内容如下: $ErrorActionPreference = "SilentlyContinue" kill -force - ...
- scala基础入门
1.scala当中申明值和变量 scala当中的变量申明可以使用两种方式,第一种使用val来申明变量.第二种使用var来申明变量. 申明变量语法 val/var 变量名 [:变量类型] = 变量值 其 ...
- Angular2 *ngFor把数据显示在多个input中出错解决方法
点击添加按钮会自动添加一个空的input组 html <div class="form-inline"> <label class="form-cont ...
- 【OpenCV】透视变换矫正
演示结果参考: 功能实现:运行程序,会显示图片的尺寸,按回车键后,依次点击需矫正的图片的左上.右上.左下.右下角,并能显示其坐标,结果弹出矫正后的图片,如图上的PIC2对话框.可以继续选择图片四个点进 ...
- Java对html标签的过滤和清洗
OWASP HTML Sanitizer 是一个简单快捷的java类库,主要用于放置XSS 优点如下: 1.使用简单.不需要繁琐的xml配置,只用在代码中少量的编码 2.由Mike Samuel(谷歌 ...
- python中执行shell命令
查看输出结果 import os output = os.popen('cat 6018_gap_5_predict/solusion2/solusion2_0-1.txt | wc -l') pri ...
- [POI2006]TET-Tetris 3D
题目 二维线段树板子题啊 但是惊讶的发现我不会打标记 毕竟内层是线段树不能\(pushup\)也不能\(pushdown\) 于是考虑一下标记永久化 其实非常显然\(mx_i\)表示区间最大值,\(t ...
- 3、Spring Cloud - Eureka(构建服务端/客户端)
3.1.Eureka简介 3.1.1.什么是 Eureka 和Consul.Zookeeper 类似, Eureka 是一个用于服务注册和发现的组件,最开始主要应用 于亚马逊公司旗下的云计算服务平台 ...
- java动态代理的基本思想以及简单的实现
代理模式 本人参考于代理模式及Java实现动态代理 不作为商业用途,只是借鉴于其思路.侵权即删. 原理:给某个对象提供一个代理对象,并且由代理对象控制原对象的访问,即不直接操控原对象,而是通过代理对 ...
- Gradle Goodness: Parse Files with SimpleTemplateEngine in Copy Task
With the copy task of Gradle we can copy files that are parsed by Groovy's SimpleTemplateEngine. Thi ...