中科大hackergame2018 wp
签到题 提交hackergame2018,但表单限制了长度,在url里补全就可以
猫咪问答 真·了解校史
并不是web题
游园会的集章卡片 拼图
猫咪和键盘 下载得到的源码分块平移一下得到正常的源码
按源码中给出的命令编译一下,运行得到flag
需要gcc版本7以上
Word 文档 docx改为zip,有flag.txt
猫咪银行 一个买币的系统,可以三种货币之间兑换,也可以存入银行,系统设置了最短两秒钟交易一次
漏洞在存银行这里,数据可以溢出
收益是买入份额 * 买入分钟 * 利息,取出时间是当前时间加上买入分钟
当买入分钟间够大,溢出为负数,取出时间也就回到过去,而收益正常
这样就有足够的TDSU来买flag了
黑曜石浏览器 很有意思(想法)的题。。
就是改UserAgent头为黑曜石浏览器,但是这个黑曜石浏览器UserAgent头并不知道
谷歌搜索黑曜石浏览器(HEICORE),能搜到一个网站
很像是真的网站
view-source:https://heicore.com/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 <!DOCTYPE HTML> <html> <head> <title>黑曜石浏览器 | HEICORE</title> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="description" content="黑曜石浏览器(HEICORE)是一个自主开发内核,针对 CTF 优化的智能国产浏览器。"/> <meta name="keywords" content="黑曜石浏览器 HEICORE 黑曜石科技 国产浏览器· CTF"/> <meta name="robots" content="index,follow" /> <meta name="google" content="index,follow" /> <meta name="googlebot" content="index,follow" /> <meta name="verify" content="index,follow" /> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700,800,600,300" rel='stylesheet' type='text/css'> <link href="css/bootstrap.css" rel="stylesheet" type="text/css" media="all"/> <link href="css/style.css?v2" rel="stylesheet" type="text/css" media="all"/> <link href="css/font-awesome.css" rel="stylesheet" type="text/css" media="all"/> <link href="css/carousel.css" rel="stylesheet" type="text/css" media="all"/> <link href="css/owl.carousel.css" rel="stylesheet" type="text/css" media="all"/> <script src="js/jquery-1.10.2.min.js" type="text/javascript"></script> <script src="js/bootstrap.js" type="text/javascript"></script> <script src="js/bootstrap.min.js" type="text/javascript"></script> <script src="js/owl.carousel.js" type="text/javascript"></script> <script> document.addEventListener('contextmenu', event => event.preventDefault()); onkeydown = (e) => { if (e.altKey || e.ctrlKey || e.metaKey) e.preventDefault(); }; window.history.replaceState({}, 'Copyright (c) HEICORE 2018', 'index.php'); setInterval(() => { var r = /./; r.toString = function () { eval("console.clear();"); document.documentElement.innerHTML = ''; }; if(navigator.userAgent.includes('Safari') && !navigator.userAgent.includes('Edge')) console.log('%c', r); }, 50); $(document).ready(function () { var owl = $("#owl-demo"); owl.owlCarousel({ items: 4, //10 items above 1000px browser width itemsDesktop: [1000, 4], //5 items between 1000px and 901px itemsDesktopSmall: [900, 3], // 3 items betweem 900px and 601px itemsTablet: [600, 2], //2 items between 600 and 0; itemsMobile: false // itemsMobile disabled - inherit from itemsTablet option }); // Custom Navigation Events $(".next").click(function () { owl.trigger('owl.next'); }); $(".prev").click(function () { owl.trigger('owl.prev'); }); $("#download_link").click(function() { if (!window.loggedIn) { alert("仅差一步!请于登录后下载黑曜石浏览器。"); } else { window.location.href="HEICORE.49.1.2623.213_installer_latest.exe"; } }); }); </script> <script type="text/javascript"> function isLatestHEICORE() { var ua = navigator.userAgent; var HEICORE_UA = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) HEICORE/49.1.2623.213 Safari/537.36"; return ua === HEICORE_UA; } // Login Form $(function () { var button = $('#loginButton'); var box = $('#loginBox'); var form = $('#loginForm'); button.removeAttr('href'); button.mouseup(function (login) { box.toggle(); button.toggleClass('active'); }); form.mouseup(function () { return false; }); $(this).mouseup(function (login) { if (!($(login.target).parent('#loginButton').length > 0)) { button.removeClass('active'); box.hide(); } }); form.submit(function () { if (!isLatestHEICORE()) { alert("为保证安全,请使用最新版黑曜石浏览器登录。"); event.preventDefault(); } else { window.loggedIn = true; //登录用户的接口也还没写好,先糊弄一下吧 } }); }); // Login Form $(function () { var button = $('#regButton'); var box = $('#regBox'); var form = $('#regForm'); button.removeAttr('href'); button.mouseup(function (login) { box.toggle(); button.toggleClass('active'); }); form.mouseup(function () { return false; }); $(this).mouseup(function (login) { if (!($(login.target).parent('#regButton').length > 0)) { button.removeClass('active'); box.hide(); } }); form.submit(function () { if (!isLatestHEICORE()) { alert("为保证安全,请使用最新版黑曜石浏览器注册。"); event.preventDefault(); } else { alert("注册成功!"); //注册用户的接口也还没写好,先糊弄一下吧 } }); }); </script> </head> <body> <!-- Start Header --> <div class="header"> <div class="header-top"> <div class="wrap"> <div class="header-top-left"> <p>黑曜石浏览器·开发人员预览版</p> </div> <div class="header-top-right"> <ul> <li><a href="#"><i class="fa fa-comments"></i>成为投资者</a></li> <li class="reg"> <div id="regContainer"> <a href="#" id="regButton"><span><i class="fa fa-lock"></i>注册</span></a> <div id="regBox" class="reg-form"> <h3>注册</h3> <form id="regForm"> <span> <i><img src="images/user.png" alt=""/></i> <input type="text" value="username@heicore.com" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'username@heicore.com';}"> </span> <span> <i><img src="images/lock.png" alt=""/></i> <input type="password" value="........." onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '.........';}"> </span> <input type="submit" value="注册" id="regSubmit"> </form> </div> </div> </li> <li class="login"> <div id="loginContainer"> <a href="#" id="loginButton"><span><i class="fa fa-lock"></i>登录</span></a> <div id="loginBox" class="login-form"> <h3>登录</h3> <form id="loginForm"> <span> <i><img src="images/user.png" alt=""/></i> <input type="text" value="username@heicore.com" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'username@heicore.com';}"> </span> <span> <i><img src="images/lock.png" alt=""/></i> <input type="password" value="........." onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '.........';}"> </span> <input type="submit" value="登录" id="loginSubmit"> </form> </div> </div> </li> </ul> </div> <div class="clear"></div> </div> </div> <div class="header-logo-nav"> <div class="navbar navbar-inverse navbar-static-top nav-bg" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <div class="logo"><a class="navbar-brand" href="index.html"><img src="images/logo.png" alt=""/></a> </div> <div class="clear"></div> </div> <div class="collapse navbar-collapse"> <ul class=" menu nav navbar-nav"> <li class="active"><a href="#">首页</a></li> <li><a href="#p-features">功能特性</a></li> <li><a href="#p-support">支持</a></li> <li><a href="#p-product">产品</a></li> <li><a href="#p-review">用户评价</a></li> <li><a href="#p-news">新闻动态</a></li> <li><a id="download_link">立即下载</a></li> </ul> </div><!--/.nav-collapse --> </div> </div> <div class="clear"></div> </div> <div class="header-banner"> <!-- Carousel ================================================== --> <div id="myCarousel" class="carousel slide" data-ride="carousel"> <div class="wrap"> <div class="carousel-inner"> <div class="item active"> <div class="row"> <div class="col-md-6"> <div class="banner-desc"> <h2>HeiCORE:为 CTF 增添无限欢乐</h2> <ul> <li><span><i class="fa fa-chevron-right"></i>强劲智能的国产浏览器</span></li> <li><span><i class="fa fa-chevron-right"></i>自主开发内核,突破效率屏障</span></li> <li><span><i class="fa fa-chevron-right"></i>尖端黑科技,打破 CTF 技术垄断</span></li> <li><span><i class="fa fa-chevron-right"></i>完整生态,支持 Windows 98 及更新的系统</span></li> <li><span><i class="fa fa-chevron-right"></i>深度集成人工智能和区块链技术,为比赛助力</span> </li> </ul> <div class="see-features"><a href="#p-features">查看更多特性</a></div> </div> </div> <div class="col-md-6"> <div class="banner-img"> <img src="images/devices.png" alt="1 slide"/> </div> </div> </div> </div> <div class="item"> <div class="row"> <div class="col-md-6"> <div class="banner-img"> <img src="images/devices.png" alt="2 slide"/> </div> </div> <div class="col-md-6"> <div class="banner-desc"> <h2>HeiCORE:值得骄傲的国产黑科技</h2> <ul> <li><span><i class="fa fa-chevron-right"></i>自动配置,开箱好用</span></li> <li><span><i class="fa fa-chevron-right"></i>自动整理保存测试历史</span></li> <li><span><i class="fa fa-chevron-right"></i>自动忽略登录失败和各种跳转</span></li> <li><span><i class="fa fa-chevron-right"></i>更有快速迭代更新的黑曜石模式,让效率再提高一个台阶</span></li> </ul> <div class="see-features"><a href="#p-features">查看更多特性</a></div> </div> </div> </div> </div> <div class="item"> <div class="row"> <div class="col-md-6"> <div class="banner-img"> <img src="images/devices.png" alt="3 slide"/> </div> </div> <div class="col-md-6"> <div class="banner-desc"> <h2>HeiCORE:关心 CTF,更关心你</h2> <ul> <li><span><i class="fa fa-chevron-right"></i>让黑客很容易找到攻击目标</span></li> <li><span><i class="fa fa-chevron-right"></i>集成生活提醒,定时提醒喝水,吃饼干,睡觉</span></li> <li><span><i class="fa fa-chevron-right"></i>基于区块链的分布式计算,让 CPU 温度再低一点</span> </li> <li><span><i class="fa fa-chevron-right"></i>主动探测,自动攻击,还有来自黑曜石浏览器社区的各种原创插件</span></li> </ul> <div class="see-features"><a href="#p-features">查看更多特性</a></div> </div> </div> </div> </div> </div> </div> <a class="left carousel-control left-arrow" href="#myCarousel" data-slide="prev"><span><i class="fa fa-chevron-left"></i></span></a> <a class="right carousel-control right-arrow" href="#myCarousel" data-slide="next"><span><i class="fa fa-chevron-right"></i></span></a> </div><!-- /.carousel --> </div> <span class="big-arrow"></span> </div> <!-- End Header --> <!-- Start Main Content --> <div class="main"> <div class="wrap" id="p-features"> <div class="features"> <div class="row"> <div class="col-lg-4"> <img src="images/dedicated-servers.png" alt=""/> <h2>共享 Cookies</h2> <p>黑曜石浏览器深度集成中国国产菜刀,BurpSuite, HackBar, Requests, cURL,更可查看队友进度,一键了解当前战况。</p> <p><a class="read-more" href="#p-features">了解更多</a></p> </div><!-- /.col-lg-4 --> <div class="col-lg-4"> <img src="images/private-cloud.png" alt=""/> <h2>Flag 自动机</h2> <p>黑曜石浏览器基于神经网络的强人工智能,网页加载完成即开始获取 FLAG,目标主动隐身也无法抵御攻击。 </p> <p><a class="read-more" href="#p-features">了解更多</a></p> </div><!-- /.col-lg-4 --> <div class="col-lg-4"> <img src="images/hybrid-cloud.png" alt=""/> <h2>云爆破</h2> <p>黑曜石浏览器将繁重的爆破工作提交到可信云端,使用大数据优化爆破过程(企业版功能)。</p> <p><a class="read-more" href="#p-features">了解更多</a></p> </div><!-- /.col-lg-4 --> </div> </div> <div class="support" id="p-support"> <div class="container-fluid"> <div class="row"> <div class="col-lg-10"> <h2>24/7 支持热线</h2> <p>(企业版功能)</p> <p>由专业人员值守的支持热线,可以在 HEICORE 黑曜石浏览器功能异常或者自动获取 FLAG 失败时提供专家级的帮助。</p> </div> <div class="col-lg-2"> <p><a class="read-more" href="#p-support">获取支持</a></p> </div> </div> </div> </div> <div class="list-performance" id="p-product"> <div class="row"> <div class="col-lg-6"> <h2>我们的产品</h2> <ul> <li><i class="fa fa-check"></i>国产浏览器</li> <li><i class="fa fa-check"></i>深度定制的全新内核</li> <li><i class="fa fa-check"></i>活跃的社区支持和快速迭代</li> <li><i class="fa fa-check"></i>人工智能和大数据无缝融合</li> <li><i class="fa fa-check"></i>主动智能攻击的黑曜石模式</li> <li><i class="fa fa-check"></i>全生态支持,支持 Windows 98/XP/Vista/7/8/10</li> </ul> </div> <div class="col-lg-6"> <h2>性能对比</h2> <ul class="progress-bars"> <li> <div class="progress"> <div class="bar" style="width:100%;">黑曜石浏览器</div> </div> </li> <li> <div class="progress"> <div class="bar" style="width:88%;">酷容浏览器</div> </div> </li> <li> <div class="progress"> <div class="bar" style="width:52%;">火狐浏览器</div> </div> </li> <li> <div class="progress"> <div class="bar" style="width:27%;">边缘浏览器</div> </div> </li> </ul> </div> </div> </div> </div> <div class="testimonials-news" id="p-review"> <div class="clients"> <h2>用户评价</h2> <div class="testimonials"> <div id="carousel-demo"> <div class="wrap"> <div id="owl-demo" class="owl-carousel"> <div class="item"> <img class="img-circle" src="images/clints-img.png" alt=""/> <h3>匿名用户</h3> <p>“黑曜石浏览器确实为我解决了很多问题,有一次我只花了数分钟就得到了全部 FLAG。”</p> </div> <div class="item"> <img class="img-circle" src="images/clints-img.png" alt=""/> <h3>匿名用户</h3> <p>“刚开始我半信半疑地试了下黑曜石浏览器,然后就交到了女朋友!我已经没法想象没有黑曜石浏览器的日子了!我要把这份喜悦分享给大家!”</p> </div> <div class="item"> <img class="img-circle" src="images/clints-img.png" alt=""/> <h3>匿名用户</h3> <p>“它的内核和 TNT 兼容得异常好,试用三天后,我将默认浏览器切换为了黑曜石浏览器。”</p> </div> <div class="item"> <img class="img-circle" src="images/clints-img.png" alt=""/> <h3>匿名用户</h3> <p>“……也许国产软件被贴上了难用老套的标签,但黑曜石浏览器显然不属于他们中的一员……”</p> </div> </div> </div> </div> </div> </div> <div class="news" id="p-news"> <div class="wrap"> <h2>新闻动态</h2> <div class="row"> <div class="col-lg-3 news-grid"> <img src="images/news-img.png" alt=""/> <div class="news-desc"> <h2>不忘初心,再创辉煌</h2> <p>黑曜石科技获得某 Linux 用户协会 2.5 美元的天使投资!黑曜石科技将会拿出其中 0.5 美元用于开源社区建设,剩下的资金全部投入国产新内核的后续研发项目[...]</p> <p><a class="read-more" href="#">阅读更多</a></p> <div class="news-desc-bottom"> <p class="left">分类: 公司动态</p> <p class="right"><i class="fa fa-comment"></i> 931</p> <div class="clear"></div> </div> </div> </div><!-- /.col-lg-4 --> <div class="col-lg-3 news-grid news-grid-middle"> <img src="images/news-img.png" alt=""/> <div class="news-desc"> <h2>黑曜石浏览器 v0.0.2 发布</h2> <p>本次更新:新增: 支持 Windows 98;自动识别并二分优化测试参数;默认打开敏感文件探测;[...]</p> <p><a class="read-more" href="#">阅读更多</a></p> <div class="news-desc-bottom"> <p class="left">分类: 产品发布</p> <p class="right"><i class="fa fa-comment"></i> 114</p> <div class="clear"></div> </div> </div> </div><!-- /.col-lg-4 --> <div class="col-lg-3 news-grid"> <img src="images/news-img.png" alt=""/> <div class="news-desc"> <h2>黑曜石浏览器 v0.0.1 发布</h2> <p>本次更新:新增:一键生成 Requests 代码的功能;地址栏智能补全 SQL 语句;默认禁止自动跳转;[...]</p> <p><a class="read-more" href="#">阅读更多</a></p> <div class="news-desc-bottom"> <p class="left">分类: 产品发布</p> <p class="right"><i class="fa fa-comment"></i> 514</p> <div class="clear"></div> </div> </div> </div><!-- /.col-lg-4 --> </div> </div> </div> </div> </div> <!-- End Main Content --> <!-- Start Footer --> <span class="footer-arrow"></span> <div class="footer"> <div class="wrap"> <div class="row"> <div class="col-lg-6"> <h2>关于黑曜石科技</h2> <p>黑曜石科技是一家专注于国产自主浏览器及其智能周边服务的科技公司,我们的愿景是打破技术垄断,将人工智能和云计算的强大能力带给普通用户, 产品已经得到多个合作伙伴的认可,并且得到了多家自媒体的报道。 </p> <ul class="links"> <li><a href="#">关于</a> /</li> <li><a href="#">服务条款</a> /</li> <li><a href="#">开发者</a> /</li> <li><a href="#">新闻</a></li> </ul> </div> <div class="col-lg-6"> <h2>产品</h2> <div class="products-list"> <ul> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石浏览器 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石浏览器尊享版 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石浏览器企业版 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石服务器 </a></li> </ul> <ul> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石反隐身网关 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石联盟链 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石分布式计算平台 </a></li> <li><a href="#"><i class="fa fa-chevron-right"></i> 黑曜石技术支持 </a></li> </ul> <div class="clear"></div> </div> <div class="subscribe"> <form> <input type="text" placeholder="yourname@domain.com"/> <input type="submit" value="订阅邮件"/> </form> </div> </div> </div> </div> </div> <div class="footer-bottom"> <div class="wrap"> <div class="copy-right"> <p>Copyright © 2018. HEICORE All rights reserved.</p> </div> <div class="social-icons"> <ul> <li><a href="#"><i class="fa fa-twitter"></i></a></li> <li><a href="#"><i class="fa fa-facebook"></i></a></li> <li><a href="#"><i class="fa fa-google-plus"></i></a></li> <li><a href="#"><i class="fa fa-rss"></i></a></li> <li><a href="#"><i class="fa fa-linkedin"></i></a></li> </ul> </div> <div class="clear"></div> </div> </div> <!-- End Footer --> <!-- Global site tag (gtag.js) - Google Analytics --> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-124183525-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-124183525-1'); </script> </body> </html>
在js里发现了验证是否是黑曜石浏览器的代码,发现它的UserAgent头为Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) HEICORE/49.1.2623.213 Safari/537.36
回到过去 用到的unix系统的ed命令
按照他给的顺序操作一下
w filename保存
要注意
应该是Ctrl+C,题目中说不小心退出了ed,应该就是这个了
我是谁 http协议的彩蛋。。
https://zh.wikipedia.org/zh-hans/%E8%B6%85%E6%96%87%E6%9C%AC%E5%92%96%E5%95%A1%E5%A3%B6%E6%8E%A7%E5%88%B6%E5%8D%8F%E8%AE%AE
RFC7168 此协议的扩展,正式支持茶壶
https://tools.ietf.org/html/rfc7168
打开网页,发现状态码不大对
Status Code: 418 I'M A TEAPOT
输入teapot得到flag,进入下一关
将请求方式改为POST,得到RRFC7168的提示
请求方式改为BREW,提示Please check if there is anything missing in your header.
加入Content-Type: message/teapot
返回
1 2 3 4 5 6 7 8 HTTP/1.0 300 MULTIPLE CHOICES Content-Type: text/html; charset=utf-8 Content-Length: 19 Alternates: {"/the_super_great_hidden_url_for_brewing_tea/black_tea" {type message/teapot}} Server: Werkzeug/0.14.1 Python/3.6.6 Date: Wed, 10 Oct 2018 12:50:29 GMT Supported tea type:
访问/the_super_great_hidden_url_for_brewing_tea/black_tea这个地址得到flag
猫咪遥控器 给的文件由U D L R四个字母组成,就是上下左右,画出来轨迹就能得到flag
1 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRDDDDDDDDDDDDDDDDDDDDLLLLLLLLLLLLLLLLLLDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUULLLLLLLLLLLLRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRLLLLLLLLLLLLLLLLLLLLLLLLRRRRDDDDDDDDRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUURRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRUUUUUUUULLLLLLLLLLLLLLLLRRRRRRRRRRRRRRRRRRRRLLLLDDDDDDDDDDDDDDDDDDDDDDDDDDDDLLLLLLLLLLLLLLLLLLLLUUUUUUUUUUUUUUUURRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUULLLLLLLLLLLLLLLLLLLLRRRRRRRRRRRRRRRRRRRRRRRRLLLLDDDDDDDDRRRRRRRRRRRRRRRRDDDDDDDDDDDDDDDDDDDDRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUUUUUUUUUUUUUULLLLLLLLLLLLLLLLLLLLDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUURRRRRRRRRRRRRRRRRRRRRRRRLLLLDDDDDDDDDDDDLLLLLLLLLLLLLLLLLLLLLLLLRRRRRRRRRRRRRRRRRRRRRRRRRRRRLLLLUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUDDDDDDDDRRRRRRRRRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUUUUUURRRRRRRRLLLLLLLLDDDDDDDDDDDDDDDDDDDDDDDDLLLLLLLLDDDDRRRRRRRRDDDDDDDDDDDDDDDDDDDDDDDDRRRRRRRRLLLLLLLLUUUUUUUUUUUUUUUUUUUUUUUULLLLLLLLUUUURRRRRRRRUUUURRRRRRRRRRRRRRRRRRRRRRRRDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUURRRRDDDDRRRRDDDDRRRRDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUURRRRRRRRUUUUUUUURRRRDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUURRRRRRRRRRRRUUUURRRRUUUURRRRRRRRRRRRRRRRDDDDRRRRDDDDRRRRDDDDDDDDLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLUUUURRRRUUUUDDDDLLLLDDDDDDDDRRRRDDDDRRRRDDDDRRRRRRRRRRRRUUUURRRRRRRRUUUUDDDDLLLLLLLLDDDDLLLLLLLLLLLLUUUULLLLUUUULLLLUUUUUUUURRRRUUUURRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRDDDDDDDDDDDDDDDDDRRRRRRRRRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUUUUUUUUUULLLLLLLLLLLLLLLLLLLLLLLLLLLLDDDDDDDDDDDDDDDDDDDDDDDDRRRRRRRRRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUURRRRRRRRUUUULLLLUUUUDDDDRRRRDDDDRRRRDDDDDDDDDDDDDDDDDDDDRRRRUUUUUUUUUUUURRRRUUUUUUUUDDDDDDDDRRRRDDDDDDDDDDDDRRRRUUUUUUUUUUUUUUUUUUUURRRRUUUURRRRUUUUDDDDLLLLDDDDRRRRRRRRRRRRUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUURRRRDDDDRRRRDDDDRRRRDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUURRRRUUUURRRRUUUURRRRDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUDDDDUUUURRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRLLLLLLLLLLLLLLLLUUUULLLLUUUULLLLLLLLDDDDLLLLDDDDLLLLDDDDDDDDDDDDRRRRDDDDRRRRDDDDRRRRRRRRUUUURRRRRRRRUUUUDDDDLLLLLLLLDDDDLLLLLLLLUUUULLLLUUUULLLLUUUUUUUURRRRRRRRRRRRRRRRRRRRRRRRUUUULLLLUUUUDDDDRRRRRRRRRRRRRRRRRRRRDDDDDDDDDDDDDDDDRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUUUUUULLLLLLLLLLLLLLLLLLLLDDDDDDDDUUUUUUUURRRRRRRRRRRRRRRRRRRRDDDDRRRRRRRRRRRRUUUULLLLUUUUDDDDRRRRDDDDRRRRDDDDDDDDDDDDDDDDDDDDRRRRUUUUUUUUUUUUUUUURRRRUUUUUUUUDDDDDDDDRRRRDDDDDDDDDDDDDDDDRRRRRRRRUUUUUUUUUUUUUUUURRRRUUUUUUUURRRRUUUUDDDDLLLLDDDDRRRRRRRRRRRRRRRRRRRRUUUUUUUUUUUUUUUULLLLLLLLRRRRRRRRDDDDDDDDDDDDDDDDDDDDRRRRRRRRDDDDLLLLLLLLDDDDDDDDDDDDDDDDDDDDLLLLLLLL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 from PIL import Image, ImageDraw, ImageFont, ImageFilter width = 600 height = 300 image = Image.new('RGB',(width,height)) draw = ImageDraw.Draw(image) x=0 y=200 draw.point((x, y), fill=(255,0,0)) code=open('seq.txt','r').read() for i in code : print 'x '+str(x)+' y '+str(y) # print i if i =='U': y+=1 draw.point((x, y), fill=(255,0,0)) if i =='D': y-=1 draw.point((x, y), fill=(255,0,0)) if i =='L': x-=1 draw.point((x, y), fill=(255,0,0)) if i =='R': x+=1 draw.point((x, y), fill=(255,0,0)) image.save('code.jpg', 'jpeg');
py画出来的图片还要翻转然后旋转一下
她的诗 给了密文和一个python文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 )+2TM+2TM+2TM @5&AE<F4@:7,@<V]M971H:6YG(&EN('1H:7,@=V]R;&1F A=&AA="!N;R!O;F4@:&%S(&5V97(@<V5E;B!B969O<F4N 7270@:7,@9V5N=&QE(&%N9"!S=V5E="YL :36%Y8F4@:68@:70@8V]U;&0@8F4@<V5E;BQA =979E<GEO;F4@=V]U;&0@9FEG:'0@;W9E<B!I="YG =5&AA="!I<R!W:'D@=&AE('=O<FQD(&AI9"!I="Q[ D<V\@=&AA="!N;R!O;F4@8V]U;&0@9V5T('1H96ER(&AA;F1S 0;VX@:70@<V\@96%S:6QY+E-4 G2&]W979E<BP@<V]M961A>2P@<V]M96]N92!W:6QL(&9I;F0@:70N C5&AE('!E<G-O;B!W:&\@9&5S97)V97,@:70@=&AE(&UO<W1E 8=VEL;"!D969I;FET96QY(&9I;F0@:70N )+2TM+2TM+2TM 81&\@>6]U(&QI:V4@=&AI<R!S8VAO;VP_ 922!R96%L;'DL(')E86QL>2!L;W9E(&ET+F=! ?0G5T(&YO=&AI;F<@8V%N('-T87D@=6YC:&%N9V5D+FXP =1G5N('1H:6YG<RXN+B!(87!P>2!T:&EN9W,N+BYG G5&AE>2!C86XG="!A;&P@<&]S<VEB;'D@<W1A>2!U;F-H86YG960N (179E;B!S;RQR @8V%N('EO=2!G;R!O;B!L;W9I;F<@=&AI<R!P;&%C93]! )+2TM+2TM+2TM 34V]M971I;65S($D@=V]N9&5R+%!H <=VAA="!I9B!T:&ES('1O=VX@=V%S(&%L:79E/WE? D5VAA="!I9B!I="!H860@=&AO=6=H=',@86YD(&9E96QI;F=S /;&EK92!O;F4@;V8@=7,_ *268@:70@9&ED+'<Q H22!T:&EN:R!I="!W;W5L9"!W86YT('1O(&UA:V4@=&AE('!E;W!L971( 4=VAO(&QI=F4@:&5R92!H87!P>2Y? )+2TM+2TM+2TM >17AP96-T871I;VYS(&%R92!W:&%T('EO=2!H879E 7=VAE;B!Y;W4@:&%V92!G:79E;B!U<"YU :17AP96-T871I;VYS(&%R92!B;W)N(&9R;VU5 I82!D97-P86ER:6YG;'D@;&%R9V4@9&EF9F5R96YC92!I;B!S:VEL;"YE )+2TM+2TM+2TM ?02!J;VME(&]N;'D@;&%S=',@9F]R(&$@;6]M96YT+$YC @:68@:70@;&5A=F5S(&$@;6ES=6YD97)S=&%N9&EN9RPP 1:70@8F5C;VUE<R!A(&QI92Y$ )+2TM+2TM+2TM A268@<V]M96]N92!D:61N)W0@:&%V92!A;GD@<')I9&4L ==V]U;&1N)W0@=&AE>2!A;'-O(&)E(&QA8VMI;F=% 3:6X@<V5L9BUC;VYF:61E;F-E/U]) =268@<V]M96]N92!W87,@9G)E92!O9B!G<F5E9"PU :=V]U;&1N)W0@=&AE>2!H879E('1R;W5B;&5? 8<W5P<&]R=&EN9R!T:&5I<B!F86UI;'D_ F06YD(&EF('!E;W!L92!D:61N)W0@96YV>2!O;F4@86YO=&AE<BPU H=V]U;&1N)W0@=&AE>2!S=&]P(&EN=F5N=&EN9R!N97<@=&AI;F=S/S!? )+2TM+2TM+2TM B268@22!D;VXG="!H879E('1O(&1O(&ET+"!)('=O;B=T+F9U A268@22!H879E('1O(&1O(&ET+"!))VQL(&UA:V4@:70N )+2TM+2TM+2TM >+RH@2&5R92!I<R!T:&4@96YD(&]F(&UY('!O96TN B2&%V92!Y;W4@979E<B!F;W5N9"!M>2!&3$%'/R Z*2 J+VY]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 #!/usr/bin/env python3 # This script helps you decode "her poem" from codecs import decode fin = open("poem.txt", "r") fout = open("poem.out", "w") for i in fin: data = "begin 666 <data>\n" + i + " \nend\n" decode_data = decode(data.encode("ascii"), "uu") print(decode_data) fout.write(decode_data.decode("ascii") + "\n") fin.close() fout.close()
运行这个python脚本能得到一首诗
1 ---------There is something in this worldthat no one has ever seen before.It is gentle and sweet.Maybe if it could be seen,everyone would fight over it.That is why the world hid it,so that no one could get their handson it so easily.However, someday, someone will find it.The person who deserves it the mostwill definitely find it.---------Do you like this school?I really, really love it.But nothing can stay unchanged.Fun things... Happy things...They can't all possibly stay unchanged.Even so,can you go on loving this place?---------Sometimes I wonder,what if this town was alive?What if it had thoughts and feelingslike one of us?If it did,I think it would want to make the peoplewho live here happy.---------Expectations are what you havewhen you have given up.Expectations are born froma despairingly large difference in skill.---------A joke only lasts for a moment,if it leaves a misunderstanding,it becomes a lie.---------If someone didn't have any pride,wouldn't they also be lackingin self-confidence?If someone was free of greed,wouldn't they have troublesupporting their family?And if people didn't envy one another,wouldn't they stop inventing new things?---------If I don't have to do it, I won't.If I have to do it, I'll make it.---------/* Here is the end of my poem.Have you ever found my FLAG? :) */
“非预期解” 这题是uudecodehttps://zh.wikipedia.org/wiki/Uuencode
谷歌了很多网站都解不出来
http://web.chacuo.net/charsetuuencode 这个可以解
解出来每隔一行或两行比原文多了一两个字符,这些字符拼接起来就是flag
最后得到的是flag{STegAn0grAPhy_w1tH_uUeNc0DE_l5_50_fu,好像不太对,读了下感觉应该最后是fun,再加个右花括号就对了
标准解 Uuencoding 编码的结构<length character><formatted characters><newline>
第一个是长度字符,通过长度 + 32,再转成 ASCII 的方式出现
之后每三个字节(字符)为一组,以如下的方式编码
但不是每一行的字符都是 3 的倍数,那么如果最后一组没法填充的话(即长度乘 4 模 3 不为 0),那么对应部分就会填 0
想要隐藏的东西就能这样塞在填 0 的部分里面
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 #!/usr/bin/env python3 # This script helps you decode "her poem" from codecs import decode fin = open("poem.txt", "r") fout = open("testpoem.out", "w") for i in fin: # print chr(ord(i[0])+4) # print i[1:] data = "begin 666 <data>\n" + chr(ord(i[0])+2) + i[1:] + " \nend\n" decode_data = decode(data.encode("ascii"), "uu") print(decode_data)[-2:] fout.write(decode_data.decode("ascii") + "\n") fin.close() fout.close()
这样解出隐藏在每行的字符,拼起来得到flagflag{STegAn0grAPhy_w1tH_uUeNc0DE_I5_50_fun}
猫咪克星 nc链接会给出许多算式,要一直限时之内给出正确答案,写个py脚本
一开始只有正常的算式,后来加入了exit() __import__('os').system('find ~') __import__('time').sleep(100) print() 这些奇奇怪怪的函数,如果执行会问题,而这些都是没有返回值的,可以用None代替
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 from pwn import * host = '202.38.95.46' port = '12009' s = remote(host, port) recv = s.recv() print recv while True: r = s.recv() print r recv = r.replace('exit()', 'None').replace( "__import__('os').system('find ~')", 'None').replace( "__import__('time').sleep(100)", 'None').replace( 'print(\'\\x1b\\x5b\\x33\\x3b\\x4a\\x1b\\x5b\\x48\\x1b\\x5b\\x32\\x4a\')', 'None') print recv ans = str(eval(recv)) print ans s.sendline(ans) #flag{'Life_1s_sh0rt_use_PYTH0N'*1000}
不用输入
