Long-term update a wave of offensive and defensive World Miscellaneous solution to a problem of
This thing depends mainly on the accumulation of it
Offensive and defensive world: https: //adworld.xctf.org.cn
Novice practice area
1、this_is_flag
Title given directly flag
2、ext3
Mainly on the CD under linux mount
strings filename | grep flag
Search for files in printable characters grep: Full regular expression search and print out the line
Use the command: mount linux ./linux_cd
The linux (file name) to mount linux_cd directory, normal access O7avZhikgKgbF folder to see the flag file, and then through the base64 decoded to get the final flag
3、give_you_flag
FIG dynamic, a look at one (I use iQIYI universal player), there is a two-dimensional code in the frame 50, but less three positioning pattern, with the PS up, scan code flag to give
4、pdf
Downloaded directly edit the PDF, to take away the picture you can see the flag
5, adhere to the 60s
A java game, with jd-gui open, direct search: flag, to get the results needed to decode base64
6. Hebrews 13 palm
Open the doc, and Zen Buddhism on coding: http: //www.keyfc.net/bbs/tools/tudoucode.aspx
Solution out to rot-13, and then base64
7、gif
0 is white, black 1
01100110011011000110000101100111011110110100011001110101010011100101111101100111011010010100011001111101
Binary string flag to give
8 SimpleRAR
Open only a flag.txt, but found open, there should be a png file with winhex,
74 will be changed here
Then open to see the png file, winhex discovered that in fact is the suffix into gif gif
分离出来(我用的是 PS),然后用 Stegsolve 查看
把这个二维码拼起来,再把定位标志补上扫码得到 flag
9、掀桌子
网上师傅们给出的解密代码
string = "c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2"flag = ''for i in range(0,len(string), 2):s = "0x" + string[i] + string[i+1]flag += chr(int(s, 16) - 128)print(flag)
每两个一组,将16进制转换为10进制,减去128以后输出 ascii
10、功夫再高也怕菜刀
下载到一个流量包,有 foremost 分离一下
(补充windows使用foremost:http://www.mamicode.com/info-detail-2283219.html)
得到一个压缩包,里面有 flag 文件,爆破就别想了(太复杂),
分析流量包!!
ctrl+F 搜索字符
选择第1150个,右键,追踪流 -> TCP 流
把这些保存下来
从 FFD8FF 开始到 FFD9 复制出来
打开 winhex 新建一个文件,把上面的粘贴进去,注意,选择 hex
可以看出是个 jpg 了
保存后打开图片:
用这个密码打开压缩包里的 flag.txt
11、stegano
下载 PDF 在火狐浏览器打开,控制台输入:
document.documentElement.textContent
看一下内容,会有一串
BABA BBB BA BBA ABA AB B AAB ABAA AB B AA BBB BA AAA BBAABB AABA ABAA AB BBA BBBAAA ABBBB BA AAAB ABBBB AAAAA ABBBB BAAA ABAA AAABB BB AAABB AAAAA AAAAA AAAAB BBA AAABB
把“A”换成“.”,把“B”换成“-”,得到:
-.-. --- -. --. .-. .- - ..- .-.. .- - .. --- -. ... --..-- ..-. .-.. .- --. ---... .---- -. ...- .---- ..... .---- -... .-.. ...-- -- ...-- ..... ..... ....- --. ...--
解密摩斯密码,得到:
CONGRATULATIONSFLAG1NV151BL3M3554G3
真正的 flag 是:flag{1NV151BL3M3554G3}
这里因为格式不对,浪费了几个金币查看 writeup,结果 writeup 也没说格式,还是自己试出来的
12、base64stego
这个题接触了一种叫 base64 隐写的类型
python2 解密脚本:
#coding=utf-8def get_base64_diff_value(s1, s2):base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'res = 0for i in xrange(len(s2)):if s1[i] != s2[i]:return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))return resdef solve_stego():with open('1.txt', 'rb') as f:file_lines = f.readlines()bin_str = ''for line in file_lines:steg_line = line.replace('\n', '')norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')diff = get_base64_diff_value(steg_line, norm_line)print diffpads_num = steg_line.count('=')if diff:bin_str += bin(diff)[2:].zfill(pads_num * 2)else:bin_str += '0' * pads_num * 2print goflag(bin_str)def goflag(bin_str):res_str = ''for i in xrange(0, len(bin_str), 8):res_str += chr(int(bin_str[i:i + 8], 2))return res_strif __name__ == '__main__':solve_stego()
高手进阶区
1、Excaliflag
使用 Stegsolve 在蓝色通道为0的时候发现 flag
2、签到题
base64 -> 凯撒 -> 栅栏
注意根据题目背景,是SSCTF,凯撒的时候看到 ssC 选择那一个进行栅栏
未完待续...