Misc-Hello
拿到一串字符串Q01JU0NDVEZ7V2VsY29tZV9DVEZlciF9
猜测是base64编码
解得CMISCCTF{Welcome_CTFer!}
Misc-encrypt
打开flag.txt
经过两次base64解码得到
- UTAxSlUwTkRWRVo3Um1GclpWOWxibU55ZVhCMGFXOXVmUT09
- Q01JU0NDVEZ7RmFrZV9lbmNyeXB0aW9ufQ==
- CMISCCTF{Fake_encryption}
Misc-jump
用010editor打开发现是gif动态图
使用stegsolve分割帧即可看到flag
Misc-Trees
使用stegsolve软件打开图片,
打开red plane7通道
发现可以看到一些点组成的字母
观察可得flag,值得注意的是的是中间有一个下划线
CMISCCTF{coconut_tree}
正解
from PIL import Image
img=Image.open('enc.png')
w,h=img.width,img.height
ans=Image.new("RGB",(w//16,h//16))
for x in range(w//16):
for y in range(h//16):
(r,g,b)=img.getpixel((x*16,y*16))
# print (r,g,b)
ans.putpixel((x,y),(r,g,b))
ans.save('ok.png')
Misc-Burps
根据压缩包和题目提示应该是CRC碰撞
#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: crc.py
@time: 2020/8/29 22:47
'''
import binascii
import string
dic = string.printable # 打印出字符表
# print dic
dic = "abcdefghijklmnopqrstuvwxyz_"
crc1 = 0x6083a1c8
crc2 = 0xce70d424
crc3 = 0xc3f17511
crc4 = 0x526fd582
crc5 = 0x30e25038
crc6 = 0xaa3e6aea
text1 = ''
text2 = ''
text3 = ''
text4 = ''
text5 = ''
text6 = ''
# 4字节所以四个循环
for i in dic:
for j in dic:
for n in dic:
for m in dic:
s = i + j + n + m
if (crc1 == (binascii.crc32(s) & 0xffffffff)):
text1 = s
if (crc2 == (binascii.crc32(s) & 0xffffffff)):
text2 = s
if (crc3 == (binascii.crc32(s) & 0xffffffff)):
text3 = s
if (crc4 == (binascii.crc32(s) & 0xffffffff)):
text4 = s
if (crc5 == (binascii.crc32(s) & 0xffffffff)):
text5 = s
if (crc6 == (binascii.crc32(s) & 0xffffffff)):
text6 = s
print text1 + text2 + text3 + text4 + text5 + text6
出密码the_password_here_cipher
出flagCMISCCTF{how_to_burp_by_coding}
how_to_burp_by_coding
Misc-qrcode
CMISCCTF{qr_c0de_r3c0very}
Crypto-Round
观察推测应该是凯撒密码
于是写脚本
#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: 4.py
@time: 2020/8/28 13:43
'''
lstr = """:D@J::K=r<ecXi^[V:XjXit"""
for p in range(127):
str1 = ''
for i in lstr:
temp = chr((ord(i) + p) % 127)
if 32 < ord(temp) < 127:
str1 = str1 + temp
feel = 1
else:
feel = 0
break
if feel == 1:
print(str1)
得到结果
:D@J::K=r<ecXi^[V:XjXit
;EAK;;L>s=fdYj_]W;Y]kYju
<FBL<<M?t>geZk`^]X<Z^lZkv
=GCM==N@u?hf[la_^Y=[_m[lw
>HDN>>OAv@igmb`_Z>\`nmx
?IEO??PBwAjh]nca`[?]ao]ny
@JFP@@QCxBki^odba@^bp^oz
AKGQAARDyClj_pecb]A_cq_p{
BLHRBBSEzDmk`qfdc^B`dr`q|
CMISCCTF{Enlarged_Caesar}
DNJTDDUG|Fombshfe`Dbftbs~
!+'1!!2$Y#LJ?PECB=!?CQ?P[
",(2""3%Z$MK@QFDC>"@DR@Q
#-)3##4&[%NLARGED?#AESAR]
$.*4$$5'&OMBSHFE@$BFTBS^
%/+5%%6(]'PNCTIGFA%CGUCT_
&0,6&&7)^(QODUJHGB&DHVDU`
'1-7''8*_)RPEVKIHC'EIWEVa
(2.8((9+`*SQFWLJID(FJXFWb
)3/9)):,a+TRGXMKJE)GKYGXc
*40:**;-b,USHYNLKF*HLZHYd
+51;++<.c-VTIZOMLG+IM[IZe
,62<,,=/d.WUJ[PNMH,JNJ[f
-73=-->0e/XVKQONI-KO]Kg
.84>..?1f0YWL]RPOJ.LP^L]h
/95?//@2g1ZXM^SQPK/MQ_M^i
0:6@00A3h2[YN_TRQL0NR`N_j
1;7A11B4i3O`USRM1OSaO`k
2<8B22C5j4][PaVTSN2PTbPal
3=9C33D6k5^QbWUTO3QUcQbm
4>:D44E7l6_]RcXVUP4RVdRcn
5?;E55F8m7`^SdYWVQ5SWeSdo
6@<F66G9n8a_TeZXWR6TXfTep
7A=G77H:o9b`Uf[YXS7UYgUfq
8B>H88I;p:caVgYT8VZhVgr
9C?I99J<q;dbWh][ZU9W[iWhs
找到flag
CMISCCTF{Enlarged_Caesar}
Reverse-Babyre
常规逆向
使用IDA打开
使用Hex-view查看字符串
于是发现了flag
CMISCCTF{Hello_CTF_Player_this_is_singin2}
Web-Audit
因为得到的是log日志文件
用vscode打开
使用网站http://ctf.ssleye.com/url.html进行URL编码的解码
观察发现应该是sqlmap的盲注日志
写脚本
#!/usr/bin/python
# encoding:utf-8
'''
@author: lance
@version: 1.0.0
@license: Apache Licence
@file: 3.py
@time: 2020/8/28 13:07
'''
import re
import urllib
# D:/ide/VMware 15.5.0/unite1/s/sj.log
f = open('D:/sj.log', 'r')
lines = f.readlines()
datas = []
for line in lines:
t = urllib.unquote(line)
if '1765' in t and 'flag' in t:
datas.append(t)
flag_ascii = {}
for data in datas:
matchObj = re.search(r'LIMIT 0,1),(.*?),1))>(.*?) AND', data)
if matchObj:
key = int(matchObj.group(1))
value = int(matchObj.group(2)) + 1
flag_ascii[key] = value
flag = ''
for value in flag_ascii.values():
flag += chr(value)
print flag
运行得到答案CMISCCTF{boring_audit}
web_scanner
sadafadas
总结
算是第二场CTF,
尽管成绩不理想,无缘决赛,但是还是有所收获的,点名表扬中国好队友@校草