CTF-安恒19年二月月赛部分writeup
CTF-安恒19年二月月赛部分writeup
MISC1-来玩个游戏吧
题目:



第一关,一眼可以看出是盲文,之前做过类似题目

拿到在线网站解一下

??41402abc4b2a76b9719d911017c592,那么就奇怪了,这个??是什么东西,数一下加上??正好32位,应该是个MD5了,索性直接百度一下,

第一关答案出来了,试过了MD5值不对,hello是正确的,下一关。
第二关提示

没见过这种的,还是百度一下,

下载了这个脚本后执行命令
fastcoll_v1.0.0.5.exe -p C:\windows\notepad.exe -o D:\notepad1.exe D:\notepad2.exe
(因为没有规定文件名啥的就直接复制他的命令了)


直接将文件路径复制到文本框即可

Dear Professional ; Especially for you - this cutting-edge
intelligence ! If you no longer wish to receive our
publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our club .
This mail is being sent in compliance with Senate bill
, Title ; Section ! THIS IS NOT MULTI-LEVEL
MARKETING . Why work for somebody else when you can
become rich as few as weeks . Have you ever noticed
more people than ever are surfing the web and people
will do almost anything to avoid mailing their bills
. Well, now is your chance to capitalize on this !
WE will help YOU decrease perceived waiting time by
% & decrease perceived waiting time by % . You
can begin at absolutely no cost to you . But don't
believe us ! Mrs Jones of Minnesota tried us and says
"I was skeptical but it worked for me" . We assure
you that we operate within all applicable laws . Because
the Internet operates on "Internet time" you must act
now ! Sign up a friend and your friend will be rich
too . Warmest regards . Dear Cybercitizen , We know
you are interested in receiving red-hot announcement
! We will comply with all removal requests ! This mail
is being sent in compliance with Senate bill 1619 ;
Title 2 ; Section 301 . This is NOT unsolicited bulk
mail ! Why work for somebody else when you can become
rich within 53 MONTHS ! Have you ever noticed more
people than ever are surfing the web and more people
than ever are surfing the web . Well, now is your chance
to capitalize on this . We will help you use credit
cards on your website plus decrease perceived waiting
time by 150% . The best thing about our system is that
it is absolutely risk free for you ! But don't believe
us ! Mrs Simpson of Washington tried us and says "Now
I'm rich, Rich, RICH" . We assure you that we operate
within all applicable laws ! We beseech you - act now
! Sign up a friend and your friend will be rich too
. Thank-you for your serious consideration of our offer
! Dear Friend ; This letter was specially selected
to be sent to you ! If you no longer wish to receive
our publications simply reply with a Subject: of "REMOVE"
and you will immediately be removed from our mailing
list . This mail is being sent in compliance with Senate
bill 2716 , Title 2 ; Section 306 ! This is a ligitimate
business proposal . Why work for somebody else when
you can become rich inside 33 weeks . Have you ever
noticed more people than ever are surfing the web plus
more people than ever are surfing the web . Well, now
is your chance to capitalize on this ! WE will help
YOU SELL MORE and process your orders within seconds
. You can begin at absolutely no cost to you . But
don't believe us ! Mrs Jones of Kentucky tried us and
says "I was skeptical but it worked for me" ! This
offer is % legal ! We implore you - act now . Sign
up a friend and you'll get a discount of 50% . God
Bless .
题目提示了:需要一个在线的网站去解密,而这个网站使用了栅格密码。
栅格密码也没听说过,还是百度

搜索关键字Spam Mimic到网站 http://www.spammimic.com/解码

flag为:flag{a0dd1e2e6b87fe47e5ad0184dc291e04}
MISC2-简单的流量分析
题目:

过滤http协议,按照info排序一下

发现存在/xinhu/robots.txt
追踪http流到/xinhu/robots.txt

发现abc.html,继续跟进

发现MD5和两串DES
md5 0x99a98e067af6b09e64f3740767096c96 DES 0xb19b21e80c685bcb052988c11b987802d2f2808b2c2d8a0d (->) DES 0x684a0857b767672d52e161aa70f6bdd07c0264876559cb8b (->)
继续向下分析,发现都是IPSec加密后的流量,尝试使用前面给的MD5和DES解密

wireshark进入Preference菜单下的Profile,找到ESP, 配置如下:

此时再次过滤http发现有部分响应包带上了数字,102 108 转换为ASCII码则为f l 所以统一提取转换。

a = [102,108,97,103,123,50,55,98,48,51,98,55,53,56,102,50,53,53,50,55,54,101,53,97,57,56,100,97,48,101,49,57,52,55,98,101,100,125]
flag = ''
for i in a:
flag +=chr(i)
print flag

flag:flag{27b03b758f255276e5a98da0e1947bed}
CRYPTO1-hahaha
题目:

压缩包题目,其实看到这压缩包里的短位CRC32应该就能猜出是CRC32爆破了
当然也可以一步一步排除一下
首先binwalk分析得出非伪加密,爆破的话没有提示,不理想。
所以直接上脚本




所以加起来就是tanny_is_very_beautifu1_
哈哈

按照给的提示,flag应该是flag{1or! 2or@ sechn}
然后给了sha1值,应该是要爆破了。。。
当时做到这里就停了,因为不会写脚本了
下面献上一叶飘零大佬的脚本
import itertools
import hashlib def sha1(str):
sha = hashlib.sha1(str)
encrypts = sha.hexdigest()
return encrypts
a1 = '1!'
a2 = '2@'
a3 = '{'
a4 = '}'
for str1 in itertools.combinations(a1,1):
for str2 in itertools.combinations(a2,1):
str3 = str1[0]+str2[0]+'sechn'
for i in itertools.permutations(str3):
tmp = (''.join(i))
res = 'flag{'+tmp+'}'
# print sha1(res)
if sha1(res) == 'e6079c5ce56e781a50f4bf853cdb5302e0d8f054':
print res
break

flag:flag{sh@1enc}
小结:web没做出来太菜,pwn刚起步,压根没看,密码2也没做出来,需要的脑洞太大了,另外膜飘零师傅。
参考:https://www.anquanke.com/post/id/171543
CTF-安恒19年二月月赛部分writeup的更多相关文章
- CTF-安恒19年一月月赛部分writeup
CTF-安恒19年一月月赛部分writeup MISC1-赢战2019 是一道图片隐写题 linux下可以正常打开图片,首先到binwalk分析一下. 里面有东西,foremost分离一下 有一张二维 ...
- CTF-安恒18年十二月月赛部分writeup
CTF-安恒十二月月赛部分writeup 这次题目都比较简单蛤,连我这菜鸡都能做几道. WEB1-ezweb2 打开网站,啥也没有,审计源代码,还是啥都没有,也没什么功能菜单,扫了一下目录,扫到了ad ...
- CTF-安恒18年十一月月赛部分writeup
安恒十一月月赛writeup 昨天做了一下十一月的题目,不才只做出来几道 签到web1 这个是十月的原题,因为忘了截图所以只能提供思路 Web消息头包含了登陆框的密码 输入密码后进入上传页面,上传一句 ...
- 【CTF】2019湖湘杯 miscmisc writeup
题目来源:2019湖湘杯 题目链接:https://adworld.xctf.org.cn/task/answer?type=misc&number=1&grade=1&id= ...
- 安恒杯2月月赛-应该不是xss
1. 打开题目一看,是个留言板 2. 查看源码发现有几个js文件 依次打开发现在main.js里存在这样一段代码 3. 访问 /#login是登录的界面,/#chgpass是修改密码的界面,其中修改密 ...
- 安恒杯11月月赛web题目-ezsql详细记录
通过此题目可以学习到 1.通过load_file+like来盲注获取文件内容 2.php魔术方法__get函数的用法 3.bypass linux命令过滤 题目中给了注册和登录的功能,没有源码泄露 ...
- 2018安恒杯11月月赛 MISC
题目放评论了 Numeric password 这次隐写没有按照套路出牌,很强. 记录一下 看来自主学习的能力很有待提高. 打开Numeric password.txt 中华文化博大精深,近日在教小外 ...
- 安恒2018年三月月赛MISC蜘蛛侠呀
到处都是知识盲区hhh 下载了out.pcap之后,里面有很多ICMP包 看到ttl之后联想到西湖论剑里面的一道杂项题,无果 看WP知道可以使用wireshark的tshark命令提取流量包里面的文件 ...
- 【CTF】CTFHub 技能树 文件头检查 writeup
PHP一句话木马 <?php @eval($_POST["pass"]);?> <?php eval($_REQUEST["pass"]);? ...
随机推荐
- 1、Docker 架构详解
本文来自clouldman ,有增删. Docker 的核心组件包括: Docker 客户端 - Client Docker 服务器 - Docker daemon Docker 镜像 - Image ...
- 乘风破浪:LeetCode真题_020_Valid Parentheses
乘风破浪:LeetCode真题_020_Valid Parentheses 一.前言 下面开始堆栈方面的问题了,堆栈的操作基本上有压栈,出栈,判断栈空等等,虽然很简单,但是非常有意义. 二.Valid ...
- python3程序设计基本方法
实例 6.升级维护 总结: 打了多年的游击战.突然经过教官的指导,觉得很受益,程序自学需要总结和交流.
- Eclipse PHPEclipse 配置
最近偶来兴致趁着有些时间,看了看php的书. 说到php就不得不提php的开发环境了,一般的都是采用apache做服务器.mysql做数据库,再加上php组合成一个完备的运行环境,但是好像没有写代码的 ...
- java一些使用
随机数.输入.byte数组和string转换 一些可能会使用到的方法.供及时查找 ########################random类使用 Random random = new Rando ...
- rsync 服务器配置过程
rsync的原理和相关算法不赘述,资料很多 1.准备两台机器并确保都已经安装rsync a机器:192.168.1.150 ,用作客户端测试 b机器:192.168.1.151用作server端 先介 ...
- jq复制到剪切板插件clipboard.min.js(兼容IE9)
/*! * clipboard.js v1.5.5 * https://zenorocha.github.io/clipboard.js * * Licensed MIT 漏 Zeno Rocha * ...
- struts2 FilterDispatcher 和 StrutsPrepareAndExecuteFilter 的区别(转)
FilterDispatcher是struts2.0.x到2.1.2版本的核心过滤器.! StrutsPrepareAndExecuteFilter是自2.1.3开始就替代了FilterDispatc ...
- myeclipse解决JSP文件里script背景颜色的调整
版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/UP19910522/article/details/27971401 1导入MyEclipse的主题 ...
- 【[ZJOI2012]灾难】
好像很久之前就看过这道题,大概是刚学\(LCA\)的时候 之后当时肯定是不会的呀 现在发现这道题并不是非常难 首先我们发现这个灭绝的关系非常像一棵树,我们建出这个灭绝树求一个前缀和就可以啦 那么应该怎 ...