XCTF final 7th Misc - checkin Let's play mazegame && Let's play shellgame Writeup
checkin Let’s play mazegame:本来是作为签到题的 但是我的col写成了row 但是不让动态patch 所以公告上的patch给选手带来了很多不便在此表示抱歉
其主要思路就是dp选最大路径
exp:
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364from pwn import *import stringfrom hashlib import sha256from tqdm import tqdmr = remote('127.0.0.1', 10002)N = 750def PoW(r, l): r.recvuntil(b'XXXX+') nonce = r.recvuntil(b')')[:-1].decode() r.recvuntil(b'== ') target ...
DiceCTF 2023 Misc Writeup
DiceCTF 2023 Misc WriteupThis past week, during the Lantern Festival holiday, I checked out the DiceCTF 2023 with r3kapig. there were some good challenges. Overall the quality was very good and I learnt a lot from it. Here is a writeup of some of the Misc challenges, with * as a replay after the game
mlog:Challenge Description:
123456789101112Author:jim & asphyxiaThe future of log lines is here! Get your ML infused log lines and never worry about missing information in your logs.nc mc.ax 312 ...
第六届西湖论剑网络安全大赛-Misc Isolated Machine Memory Analysis Writeup
第六届西湖论剑网络安全大赛-Misc Isolated Machine Memory Analysis Writeup本文赛后与zysgmzb共同完成
Isolated Machine Memory Analysis:123456789101112131415题目名称:Isolated Machine Memory Analysis题目内容:张三,现用名叫Charlie,在一家外企工作,负责flag加密技术的研究。为了避免flag泄露,这家企业制定了严格的安全策略,严禁flag离开研发服务器,登录服务器必须经过跳板机。张三使用的跳板机是一台虚拟机,虽然被全盘加密没法提取,但好消息是至少还没关机。 免责声明:本题涉及的人名、单位名、产品名、域名及IP地址等均为虚构,如有雷同纯属巧合。 注:本题模拟真实研发环境,解题有关的信息不会出现在人名、域名或IP地址等不合常理的地方。链接:https://pan.baidu.com/s/1WESej-pyjWKZni7drZGTig?pwd=cq46 提取码:cq46题目难度:中等Hint:hint1:在张三的电脑上发现一张截图,看起来应该是配置跳板 ...
第六届西湖论剑网络安全大赛-Misc 机你太美 Writeup
第六届西湖论剑网络安全大赛2022-Misc 机你太美 Writeup机你太美1234567891011121314151617题目名称:机你太美题目内容:坤坤的手机里面,隐藏着什么秘密呢 链接:https://pan.baidu.com/s/1iWy1p9uDV4_15yCQ6jJMgw?pwd=7dfk 提取码:7dfk题目难度:困难Hint:hint1:adbshellhint2:看看找到的图片?hint3:在线exif附件更新https://dasctf-1251267611.file.myqcloud.com/gcsis2022/jntm-update.7z9ecf123c75b34f5ab1055796ae521d84 dasctf.npbk(这个附件是可以解决的,上面题目内容的附件有误)
导入npbk:下载发现是npbk文件
npbk文件可以通过夜神模拟器导入进行分析 https://whatext.com/npbk
下载夜神模拟器后可以修改一下npbk的打开方式这样直接点开后就可以在多开的部分看到导入,导入dasctf.npbk可以得到
需要先创建一个基于Andr ...
Hgame 2023 week3 - Tunnel && Tunnel Revenge Writeup(EN)
Hgame 2023 week3 - Tunnel && Tunnel Revenge Writeup(EN):There is nothing to do on the third day of the Lunar New Year. I basically finished worshiping and started normal work and study. Hgame 2023 week3 just started. There is a misc question. A friend told me that it is very interesting, so I will take a look. Then I successfully got the first blood. The following is the idea of solving the problem
Tunnel:Unexpected pinch
Direct strings | grep hgame will come out
12345crazyman@ubuntu:~/D ...
Hgame 2023 week3 - Tunnel && Tunnel Revenge Writeup(CN)
Hgame 2023 week3 - Tunnel && Tunnel Revenge Writeup(CN):大年初三没啥事,基本上都拜完了,开始正常的工作和学习了.正好Hgame 2023的week3开了.有一个misc题.朋友跟我说蛮有意思的,我就来看看.然后顺利拿到了一血.以下是解题思路
Tunnel:有非预期捏
直接strings | grep hgame就出了
12345crazyman@ubuntu:~/Desktop$ strings tunnel.pcapng | grep hgamehgame{ikev1_may_not_safe_aw987rtgh}hgame{ikev1_may_not_safe_aw987rtgh}hgame{ikev1_may_not_safe_aw987rtgh}hgame{ikev1_may_not_safe_aw987rtgh}
flag是–> hgame{ikev1_may_not_safe_aw987rtgh} ...
RealWorld CTF 5th - Paddle Writeup
RealWorld CTF 5th - Paddle Writeup:solved this challenge with thezzisu
By reading docker, it is mainly the following modules:
1234paddle-serving-server==0.9.0 \paddle-serving-client==0.9.0 \paddle-serving-app==0.9.0 \paddlepaddle==2.3.0
From WORKDIR /usr/local/lib/python3.6/site-packages/paddle_serving_server/env_check/simple_web_service,CMD ["python", "web_service.py"] in dockerfile, it is known that the loading of its main body is mainly paddle-serving-server
Search throug ...
Insomni’hack teaser 2023 - Autopsy
Insomni’hack teaser 2023 - Autopsy:In the Lunar New Year, I played Insomni’hack teaser 2023, one of the topics labeled forensics, realistic, windows aroused my interest, I solved him. And I learned some knowledge from it. This is the record writeup
Autopsy:Wireshark loads through the export object and selects http, save all and then filters to get three files SYSTEM, SECURITY, ntds.dit
Then after searching, you can learn some relevant content about credential extraction
https://github.com/Secur ...
idek 2022* CTF Pyjail && Pyjail Revenge Writeup
idek 2022* CTF Pyjail && Pyjail Revenge WriteupPyjail:The code looks like this
123blocklist = ['.', '\\', '[', ']', '{', '}',':']DISABLE_FUNCTIONS = ["getattr", "eval", "exec", "breakpoint", "lambda", "help"]DISABLE_FUNCTIONS = {func: None for func in DISABLE_FUNCTIONS}
There is a blocklist ban off '.' , '\\', '[', ...
idek CTF 2022* Forensics - HiddenGem Mixtape Writeup
idek CTF 2022* Forensics - HiddenGem Mixtape WriteupThis week is the Preliminary Eve in China, and most of my time is resting and partying. At the same time, there are some good challenges in idek CTF, among which I prefer the HiddenGem Mixtape series of challenges. Since I am a forensics enthusiast, and I I am also a malware analyst. So I prefer this challenge that is close to the realworld. Although some people may feel that this challenge is strange,guessing. Including some designs that may c ...