Chive WriteUp

Sign in

small game

Work first to earn money to buy the "Remnant Volume of Far Ancient Classics" to be prompted, then enter -1 when buying spell power, the power will become large, and then work to buy health and defeat the evil dragon to get the flag.

magicCube

Press F12 to search for flag { in the debugger .

re

hypnotherapy

Drag to the first page in ida to display the flag

web

index.?

Finally, add /index.php to the url and press F12. The flag is in the comment.

Dragon Quest

F12 changed the maxlength of playing slime, leveled to just a little more than the 10,000 fighting power that can challenge the dragon (level 100), challenge the dragon, and receive the flag.

The brave lied about the dragon

The prompt is this . You can get the flag by

checking the source code and
typing if (power> = enemy) in the console.

catchME

Open to find that there is a 301 jump on the content of the blog and the home page, use BP to grab the first page of the package, send to repeater, send to see the response.

magicpassword

Master password

GITHUB

Search the author's name on GitHub, find the latest blog, click this.

One million guesses

Check the source code, guess is the number you enter, the
console can check the value of judge, md5 can be decoded.

happy Birthday

Pick the second card and 2000, just lose the month and day, use BP to grab the package, and blast the month and day in the intruder.

ezheader

Use BP to capture packets, add 127.0.0.1 according to the prompt requirements, and find that BAN has XFF header, use Client-IP, and then change User-Agent and Referer according to the prompts.

magicMD5

Scan the directory with dirsearch and find /index.php.bak, add this at the end of the url, and start the code audit.

<?php
    echo "do you know how i backup my file<br><br>";
    $a1=$_GET['a1'];
    $a2=$_GET['a2'];
    $b1=$_GET['b1'];
    $b2=$_GET['b2'];
    $c1=$_POST['c1'];
    $c2=$_POST['c2'];
    $d1=$_POST['d1'];
    $d2=$_POST['d2'];
    if(is_numeric($a1)&&(!is_numeric($a2))&&intval($a1)==intval($a2)){
        echo 'level 1 pass<br>';
    }else{
        die('get out');
    }

    if($b1!=$b2&&md5($b1)==md5($b2)){
        echo 'level 2 pass<br>';
    }else{
        die('get out');
    }

    if($c1!==$c2&&md5($c1)===md5($c2)){
        echo 'level 3 pass<br>';
    }else{
        die('get out');
    }

    if((string)$d1!==(string)$d2&&md5($d1)===md5($d2)){
        echo 'level 3 pass<br>';
    }else{
        die('get out');
    }

    $flag = 'flag_here';
    echo "<!-- ".$flag." -->";
?>

The md5 vulnerability using php is constructed as follows:

Princess Diary's Secret Diary

F12 found a regular expression in the notes

/^I?\sa+m*\sp{4}r{2,}i{1,2}(nc)*\w\s[of]?\s[a-z]{5}$/

The structure is as follows (there are many)
I amm pppprrincnce f aaaaa

loan

Found in the url
data = 5d4aace023dc088767b4e08c79415dcd80432911e07b111f6a05fd7c904c1bc9
md5 after encryption should be 32 bits, and this is 64 bits, divided into two ends from the middle md5 decoding and then base64 decoding, got 10 and 0, corresponding to the value of the money held and the amount owed , A base64 encrypted with a number greater than 100 and then md5 encrypted into the url can go to the store to buy the flag.

crypto

Do you think this is an ordinary fence?

W-type fence password

ez_RSA

Write py solution d according to e, p, q

import gmpy2

e = 17
p = 8169558889361
q = 1513871

d = gmpy2.invert(e, (p-1)*(q-1))
print(d)

use_the_keyboard

Decode base64 first and then look at the middle character circled by every four characters on the keyboard

Emperor's flag

Drag txt into winhex and
convert it to Morse code according to UTF-8's no-width characters and then decode

misc

No Bodhi tree, nor stand mirror

It is not correct to find Buddhism Zen. After the full selection, the font color is changed to red. There is a paragraph below. Put the following Buddhism Zen.

Are you afraid of darkness

Open the picture with stegsolve and press the left and right arrow keys

give_you_flag

A password is required, put the zip compressed package into winhex, and find that it is pseudo encryption.

Change this 9 to 0 and save it to open the png image inside. It is found that it is not in png format. Put it in winhex and see that the file header is 8BPS, which should be a .psd file.
Change it to .psd and put it into PS

Ctrl + i to invert the color and export it. Use the drawing software to fill in the three corners and scan the QR code.

Fight Fifth Space

The copyright of the attribute detailed information is base64, decode

Download exiftool, decode the base64 after Comment

Simple traffic analysis

Open the .pcapng file with Kali's wireshark, right click-trace stream-TCP stream and

change the "display and save data as" to the original data, export, and then separate the exported file with foremost, there is a compressed package in the output, there is a flag .TXT

You are more beautiful than 蔷 Wei

The picture is opened with winhex, change the width and height

B station to search for the BV number, download the video, use ffmpeg to separate the pictures, and convert the black and white small squares into binary and then into strings.