What is CSDN, I set the timing to publish it to me directly, so I deleted it and re-posted it.
Misc
sign in question
Send TQLCTF2022 sign-in to the DataCon Big Data Security Analysis Competition. Enter the message that pops up, select all and copy and paste it to see the flag
TQLCTF{cbe33c52-a4b8-4753-a5d8-8b72b1ab3bb5}
Wizard
I blasted straight away. . . . . . Shouldn't be beaten
ok, ok, don't look at me
from pwn import *
import hashlib
import string
def sha256(enc):
table = string.ascii_letters+string.digits
for i in table:
for j in table:
for k in table:
for n in table:
s = 'TQLCTF'+i+j+k+n
m = hashlib.sha256(s.encode())
mi = m.hexdigest()[:5]
if(enc == mi):
return s[6:]
while 1:
context.log_level='debug'
p = remote('120.79.12.160',23548)
rec = p.recvuntil(b'Please input the string:').decode()
ans = sha256(rec[33:38])
p.sendline(ans)
p.recvuntil(b"Let's start!")
rec = p.recv().decode()[-4:-1]
print(int(rec))
ans = 'G 100'
p.sendline(ans.encode())
rec = p.recvuntil(b'\n').decode()
if('smart!' in rec):
p.recv()
p.recv()
p.recv()
exit(0)
Ranma½
It is a simple question, first use cyberchef shuttle
get
KGR/QRI 10646-1 zswtqgg d tnxcs tsdtofbrx osk ndnzhl gna Ietygfviy Idoilfvsu Arz (QQJ) hkkqk maikaglvusv ubyp cw ekg krzyj'o kitwkbj alypsdd. Wjs rzvmebrwoa duwcuosu pqecgqamo cw ekg IFA, uussmpu, ysum aup qfxschljyk swks pcbb khxnsee drdoqpgpwfyv cbg xeupctzou, oql gneg ylv nsg bb zds upygzrxzkjh fq XVT-8, wpr uxxvnw qt wpvy isdz. XVT-8 kif zds tsdtofbrxegktf qt szryafmtqi hkm sahz LD-DUQLQ egjuv, auqjllvtc qfxschljvrehp hlvv iqyk omjehog, sieyafj lqf cwprx ocwezcfh bugp fvwb qb XA-NYYWZ gdniha oap oip wtoqacgnsee wq cwprx rocfhu. HTTPZB{QFOLP6_KRZ1Q}
TQL and HTT directly Caesar is definitely wrong, the first reaction is to blast Virginia: https://www.guballa.de/vigenere-solver
TQLCTF{CODIN6_WOR1D}
the Ohio State University
Because I downloaded it by default, so I opened my OSU directly after downloading.
Then downloaded it again and only saved. change zip decompression
It is found that the modification time has been manipulated
First look at the picture and see its propertiespwd: VVelcome!!
This picture of steghide can get the first part of the flag: TQLCTF{VVElcOM3
See MisoilePunch - VVelcome!! (Fresh Chicken) [BASIC].osu can find WAVPassword: MisoilePunch
The first reaction related to wav should be silenteye. Decrypt boom.wav with this password
The third part is the pavement.
To be honest, I got this question first: because it is turned on by default, I chose vivid directly. Of course, I am a dish ratio, only 60% PASS
The first time I really felt it was disgusting at the back, I really wondered how this score suddenly became a dung score in the back. Can someone really hit this 16-point vertical line? I'm a double bet when it comes to interaction
Hey, go to OSU to find this ID and download the original score
Don't say it, then look at the notepad and compare the two for a long time, and finally I can see it in OSU
Each of the above paragraphs is repetitive, so just take a small part of each paragraph and look at it
From bottom to top 01111101 = }
Just take a part of the repeated part and follow this rule.
TQLCTF{VVElcOM3_TO_O$u_i7s_5HoWtIme}
[not made] wordle
The idea is from the algorithm question -> I don't really rely on the algorithm question to make me confused
Because 3b1b wrote this kind of algorithm a long time ago, the average number of times is optimized to 3.5, but the maximum number of guesses is still 6
The first is mode=0, which must be passed. After passing, I was scolded by the questioner in the question.
Followed by mode=1, the number of allowed submissions is 6 times. This number of times is also passed casually, and finally you can get a string asUWNYZ1c5dzR3UWQ9dj9oY3Rhdy9tb2MuZWJ1dHVveS53d3cvLzpzcHR0aA==
Then there is mode=2, and the number of allowed submissions is 5. It's a little tricky after 512 times, but after trying for more than an hour, I still managed to get it. F7_7__S324rsT3_T}L3_CUt1R~s_tn@WITO_eCbQ{rRh1lty1EDlF5.
Well, it looks like a flag, but the fence can't get out at all.
It's not really mode=3, I can't even run 10 if I try to run it, but it's not easy to get the first character after 10 runs.
I sent it, and it looks like mode=3 to get the flag
The problem has arisen again. The 3b1b world cannot guarantee that 512 times will not exceed 4 times, and in the case of 4090, you must know that the number of samples they tested at that time was 2135.
And the record is 3.42117, in fact, this also happened in mode=2.
At this time, only the id is not used, and it has not been discussed before that the id thinks that it can run directly. I didn't expect to have to run 3, which can be fixed.
One thing that can be noticed here is that the game does not quit after the entire answer is over. Observing the script here can also find while True
Then I found out... I wrote a random.seed(os.urandom(64)) at the beginning. Combined with the previous experience of doing password questions, you can guess the original id based on id and answer
Because mode=0 is infinite mode, as long as you play, you can clear the level. Here you can find the original id by going to the test
Through the method of mt19937 pseudo-random number prediction, the correct seed can be predicted by id, so as to obtain all id&answers.
Well, it has nothing to do with the algorithm. The script can't be written, it's just a rough idea.
Questionnaire
fill in the questionnaire