This post is to record the content of the second assessment question of the long right cyberspace security team. I hope to remember the questions I have done so that I can make better progress.
Sign
To sign the question, simply submit the flag.
Misc
1. Red panda becomes a bunny rabbit
The attachment is a file named zip, without a suffix. Add .zip (the suffix name of the compressed file) after the file name, and the file becomes a compressed file. Open the compressed file and find a picture.
Based on the question "Longer panda stretches a bit", guess that you need to change the height or width of the picture. Right-click the mouse to view the image properties: the
image height is relatively low, so consider increasing the image height. The tool used here is WinHex.
For the specific operation method, please refer to CTF Picture Steganography. Modify the picture height and width.
Simply put, the height of the picture is 380 pixels, so convert 380 to hexadecimal, which is 017c. The hexadecimal form of the value to be corrected.
In the specific operation, I changed the height of the picture to 420 pixels (the hexadecimal form is 01a4), and I successfully obtained the string below the picture: the
string is: olee {qlr3y_16q51_y3q1l_rc654_yap45}
The flag form given in the title is found. This string of characters has the same form as the flag. The prompt gives "Look down at the keyboard", so I searched for the keyboard-related decoding and found the keyboard password (the alphabetical order on the keyboard corresponds to the alphabetical order in the alphabet, such as QWE corresponds to ABC), and OLEE corresponds to ISCC, so Use the keyboard password to get the final flag.
iscc{asd3f_16a51_f3a1s_dv654_fkj45}
2.Broken WUHAN
Download the attachment as an unreadable picture. Use WinHex to open the picture, and
found that the picture file header is wrong (the header of the .jpg file should be FFD8FF), so modify the header logo,
save it, open the picture successfully, and get the flag.
For the header of the file , please refer to: various files File header logo
flag {wu_Han_jia_Y0u!}
3. QRQRQRQRQRQRQRQRQRQRQRQRQR
The download attachment is a dynamic picture of a two-dimensional code.
Since it is a dynamic picture, you must check each frame one by one to find the most special one. You can use ps to open the dynamic picture and view it one by one, but there are 100 frames, which is a little troublesome. I use a software Namo GIF editor here, which is more convenient:
so take out the 62nd frame,
the biggest difference between the 62nd frame and other QR codes is the small box in the lower right corner. Compared with the general QR code, this QR code lacks three locators, so use ps to add the locator to the picture and
scan it with WeChat or Alipay to get the flag. (If you ca n’t scan it, please scan it more, the picture is not restored. High will result in low recognition rate)
flag{GYSEC_GOGOGO}
4. Come and play the puzzle
The accompanying music is: Time, very nice. At first, I really didn't expect the meaning of this song. The attachment is more than two hundred puzzles, and the order is chaotic. I really want to spell it out. Thank you. In fact, the real meaning of Time is to sort the pictures according to time, you can get the pictures in order, and then use ps to puzzle, it is very easy.
flag{fate_stay_nt}
Web
1.var_dump (
Open the webpage, is some code:
Although I didn't understand it very well, I went directly to the topic and got: var_dump () function is used to output information about variables. Then go to check $ _REQUEST: You can get the data submitted by POST method and GET method. After referring to many websites, get index.php? Hello = 1); print_r (file ("./ flag.php "), Visit the URL, you can get the flag.
Reference article
flag{your_php_is_very_good_my_bro}
2.Easy_Challenge
I have said that it is an old question, then go directly to the link: I am the original question
Reverse
1.Simple_py
This is a python reverse question, the attachment is a .pyc file, so you need to find a way to restore the .pyc file to a .py file. For the specific method, please refer to the link: Python decompilation exe
This article introduces the method of turning the .exe file into a .pyc file and then reverting it to a .py file. In this question, we only need to execute .pyc to restore .py. .
// 这是还原后的.py代码:
// import base64
def encode(mess):
s = ''
for i in mess:
x = ord(i) + 16
x = x ^ 32
s += chr(x)
return base64.b64encode(bytes(s, encoding='utf-8'))
correct = b'VlxRV8KreGFCYU9ZwqNPwqDCqVNPQlVPdmFRV8Kt'
flag = input('input flag:')
if encode(flag) == correct:
print('you are correct')
else:
print('you are wrong')
Among them, the core code has only the middle part:
// 核心代码
// for i in mess:
x = ord(i) + 16
x = x ^ 32
s += chr(x)
To get the flag, we have to write the program in reverse, and run the program in reverse to get the original flag. Therefore, by changing the core code, we get:
// 修改后的代码
// import base64
mess='VlxRV8KreGFCYU9ZwqNPwqDCqVNPQlVPdmFRV8Kt'
s = ''
mess = base64.b64decode(mess)
for i in mess:
x = i ^ 32
x = x - 16
s += chr(x)
print(s)
After running, I get:
flagÒ{H1R1_iÒs_ÒpÒyc_Re_F1agÒ}
Remove the Ò which is obviously not the password to get the final flag:
flag{H1R1_is_pyc_Re_F1ag}
2.Easy Reverse
The download attachment is an .exe file, because it is not a python file, so we cannot use the same method as the previous question to restore its code. So consider other decompilers, use IDA to decompile here, get C pseudo code
// 伪C代码
// #include <stdio.h>
void main() {
int a;
char v4; // [esp+16h] [ebp-1Ah]
char v5; // [esp+17h] [ebp-19h]
char v6; // [esp+18h] [ebp-18h]
char v7; // [esp+19h] [ebp-17h]
char v8; // [esp+1Ah] [ebp-16h]
char v9; // [esp+1Bh] [ebp-15h]
char v10; // [esp+1Ch] [ebp-14h]
char v11; // [esp+1Dh] [ebp-13h]
char v12; // [esp+1Eh] [ebp-12h]
char v13; // [esp+1Fh] [ebp-11h]
char v14; // [esp+20h] [ebp-10h]
char v15; // [esp+21h] [ebp-Fh]
char v16; // [esp+22h] [ebp-Eh]
char v17; // [esp+23h] [ebp-Dh]
char v18; // [esp+24h] [ebp-Ch]
char v19; // [esp+25h] [ebp-Bh]
char v20; // [esp+26h] [ebp-Ah]
char v21; // [esp+27h] [ebp-9h]
int v22; // [esp+28h] [ebp-8h]
int i;
printf("请输入数字:");
while (scanf("%d", &v22))
{
v4 = -125;
v5 = 124;
v6 = -122;
v7 = 127;
v8 = 106;
v9 = -113;
v10 = -109;
v11 = -118;
v12 = -126;
v13 = 119;
v14 = 108;
v15 = 127;
v16 = -122;
v17 = 116;
v18 = 122;
v19 = 102;
v20 = -102;
v21 = 91;
for (i = 0; i <= 17; ++i) {
putchar(v22 - *(&v4 + i) - i);
}
putchar(10);
putchar(10);
printf("请输入数字:");
}
}
flag The first letter "f" asII code is 0x66, decimal 102. That is
x-(-125) = 102, x = -23
So write the code:
show some below 内联代码片.
//编写出生成flag的代码
// #include <stdio.h>
void main()
{
int i;
int s[]={-125,124,-122,127,106,-113,-109,-118,-126,119,108,127,-122,116,122,102,-102,91};
for(i=0;i<=17;i++)
{
putchar(-23- (s【i】)-i);
}
putchar(10);
}
Run, generate flag:
flag{UPX_is_What?}
Reference site: a simple ctf reverse
