Article directory
Misc
Adhere 60s
Open and found a small program written in java seems, I saw a look of ignorant *.
Totally did not get to know how to play, it will not move. Some ideas are not.
Look wp, referred to a java decompiler tools. Never seen such a problem. Never seen going down well, but my favorite is to play this instrument I do not know, and can receive a.
jd-gui, tool, download link jd-gui extraction code 9ggk
after download without decompression, I share a folder. Open the tool directly (without installation)
simple and crude way is to directly to the java applet directly dragged into
seeing the flag, saw that it was base64, so the code off his submission on the right. Good luck, chicken tonight.
webshell backdoor
This a big archive, just started to see the webshell thought it was connected to ants sword, the results did not, they learned a way to record it. Because it is not clear what the problem is, and then went to look and found that the direct killing by anti-virus software on the line. Served hot. . . This is also the line? ?
Then open the specified path to find. harm.
There is a question, called backdoor killing, like this question.
Hidden key
Open and found a picture, then it is naturally foremost separated.
Do not say something really, really separate out one, but life and death can not find the next idea, and change the height, width. We have tried, not all. Really no way to find the results of my wp served hot. Will be able to directly search text flag came out. ¬_¬. See me
I wonder TM directly. (→ _ →), then look at wp, they did not seem to separate pictures,? ? ? I try. And still can not find. ¯ (° _o) / ¯, I come back all deleted again.
(¯┰¯ *) (¯┰¯ *) (¯┰¯ *) (→ _ →) This question I was speechless. Powerless.
What no.
Mysterious tornado
See title capture the information, four digits. Speculation may be let to crack archive passwords.
Then open like that,
and then extract the saw strange things.
Martian? ?
Then I copy a few lines of "Martian" immediate investigation into what password Baidu, found after screening, is a never seen before, called brainfuck,
then get online decryption flag
flag under the mask
After a picture is open, then it is natural to separate the foremost compressed package, and then found the password, first brute force, one minute to no avail. That may be a pseudo encryption, open winhex Chou Chou, search hex "504B" for a long time, been looking for, fast suspect not want to be wrong, and finally in the "last face" to find a pseudo-encrypted location
change it, flag.vmdk then open a file, check Baidu, then going to be kali, kali dragged, then enter the terminal 7z x flag.vmdk的位置, then there will be
seen that the above two files, open
the first section is brainfuck password,
online password cracking out
the second paragraph OOK is the
same online decryption site solved
flag stitching available.
Nine serial
Or see pictures foremost separating out a compressed package and the original picture. But the archive is password,
because the password jpg image. Then open, causing the entire archive can not unpack, but you can directly drag out the compression molding package (qwe.zip),
then you can see the inside of a flag txt file, and then went to the jpg, since it gave jpg, then that would certainly not flag.txt weak password, no way a short blast, to give up this idea.
Look jpg, analysis should be pseudo-encrypted (because I currently do not know what other way), then separated directly foremost out of the archive directly dragged into winhex in view, to look back, because a pseudo-encrypted files is behind jpg, so we'll go back to find, but also save time, found him, he changed it.
After the results changed, not found or did not answer the pseudo encryption, cut off the idea, I thought it can not find other ideas (as do questions less), it looked wp other master, I found the idea in front of the it is not wrong, but more surprised me is that it places more than a pseudo encryption, this operation really did not expect that to change, the change in the end, has been looking 504B, and I forgot to change a few, finally solved the problem, it can be opened. Foremost again, nothing, I went to watch the chefs in the blog, and then I and harvest a tool steghide
command kali installed
root账户下
apt-get install steghide
普通管理员账户
sudo apt-get install steghide
The next problem-solving
steghide info 路径and then have to find the file called ko.txt
then enter the command steghide extract -sf 路径in the main folder you create a file
open is .................. Hey, but also onto the Windows system to open, kali open txt file.
Then this certainly is flag.txt the password.
get! ! ! !
Web
Injection experiments it off the most simple SQL injection
I found a form submission. Then said the title of the topic, there are simple tips, then go look at the source code. 
User requirements with the admin, it should be a universal right password. Configuration admin' or '1'='1#
password easily fill, fill out a verification code
the answer out.
HAHA browser
,,, sure not to install the browser.
Grab a package, sent to the repeater, the browser instead HAHA on it and then Go. Get flag
I can not find the key
This point into a link, so to find key,
then the speculation may be the middle of a jump, and had such a problem before, do it again
back to the initial page copy topic Link (I caught in Firefox)
Click here to find the key, caught after the packet, send to repeater
point Go
see information, change information about the url
and then Go
find the key
Impersonate a user logs
This question points to go directly to see most of them are no results, or look at. Not surprisingly, still nothing. Direct capture
send to repeater,
see the cookie, as well as login = 0. It is impossible to change a 0 1, Go
get the key
Will not let you access
I universal Ethereal whether to use it ,,,, what information is not found. .
Let admin find that page, the key is to change the admin index it is not right ah
a dust on the tools already think of it - Sword
sweep for a long time out of a robots protocol.
To see what's inside it
to prevent access to this? ? Then do it.
No ,, then find?
login, anyway, no other information, then try this
plus login.php in the back url, really did not expect to come out
to get the key. Here, the foundation of a network security laboratory on the break is over. Later you can try to back up.
Crypto
Lost MD5
Open a python file, and then ran into a bit kali, the flag came out. (The process is relatively fast, I take the phone to shoot down o ((⊙﹏⊙)) o.)
Some base64
This question is too long coding, online decryption tool can not be used, not the solution. This artifact is to use a converter. The full-page copy of base64 encoded into the input box
this really long password, the software gave me my whole card.
Then copy the output to the input, then decodes Unescape
copy output to the input, for decoding Hex to Text
copy output to the input, for decoding Unescape again
and this appeared
here string fromCharCode Javascript which is a function of the parameter which is braces.
Replication inside the parameters into the input box, a decoder Dec to Text
copy output to the input, for Decode HTML decoding
and decryption find online site Unicode code conversion
In Flag 7Bctf_tfc201717qwe% 7D%
%% 7D and 7B represent} {
┏┛ tomb ┗┓ ... (((m -__-) m this question is not who had. well, good memory as bad written.
Bass family
Bass family, I knew base16, base32, base64. Other do not know, by this question learned there base36, base58, base62, base91, base92, base85, harm, who have served their own dish up really, this question It is base91. You can first understand yourself, the online decryption sites to find the solution.
fuqiangminzhu
This question is I have not seen a nice coding, but look for wp, find an online solution out of the decoding site.
While watching a simple step, but I have not seen. Record it.
Scattered ciphertext
This thought for a long time, and tried several times to decrypt the other way, will not work. Caesar does not, nor is it ...... variation Caesar fence, Wi-type fence, not right. Really have no idea what encryption of @@ inside. But obviously looking at no other encryption, and can see the second letter f, only to find in the top 216,534. Suddenly thought of an idea of what the routine does not, does not feel right, or tried. But it caught a clue
this is the first attempt failed. . . . A second ......
here and then be able to decrypt the fence success. 6 word column
last time April 1, said loudly: Happy April Fool's Day! ! !
