题目地址:https://ctf.show/challenges
简单的看了一下题,没有做,一来本周在java实训,没那个时间精力去做题;二来根据去年的36D练手赛(也是愚人节的题目,脑洞大)就是坑,三来吧,拿了好像也没啥奖励,四来,也就是最关键的,笑死根本不会做!!!
也就没做,明天就答辩了,看群友以及各位大佬们发的wp以及思路,就简单的复现一下。
这里就简单说下思路吧,以及可能踩到的坑吧,具体有哪里不懂的可以直接py出题人或者问我也行。
贴上套神的传送门,他那有详细的解题步骤:https://blog.csdn.net/qq_42880719/article/details/115380717

签到抽奖

呵呵,愚人节的题目那能正常?这个题估计都是附件下载数xx,解题人数xxx的这种。
flag直接在最后一句话,没包皮是一个小坑
说到签到抽奖,怎么就这么难中呢?一点参与感都没有

神仙姐姐

这道题我看很多人都硬生生拜了n次,得到了假flag,但是根据群里的各种交流,得知是在某一次随机的次数会有flag,附上exp
exp.py

import requests
url="http://80e6aeb7-dcc3-4f5c-a568-275fbddc1634.challenge.ctf.show:8080/sx.php"
cookie = {
    "PHPSESSID":"dnn4t78jhig307o5rht1jeqio0"
}

for i in range(0,1000):
    res = requests.get(url=url,cookies=cookie)
    if("j0ke" not in res.text):
        print(res.text)
    else:
        print("not flag")

阿拉丁

群主出的,emmm,算良心题吧
许愿,直接许愿要flag,他会告诉你第多少位是啥,直接就flag第1位?---问下去就能拿到flag了

这个题,之前群主也在群里说了,只要你记得这张图片就能做出这题,直接url/flag,回显“是____蒙蔽了我的双眼”,题目图片已经有了,是啥,不就是“菜”吗?然后url/菜 得到flag。

飘啊飘

直接url/mb.html 即可回显flag

感受下气氛

“flag是ctfshow{[0-9]{9}}”
正则

我跟你拼了

下载附件ttt,改高度就行了
什么?题目不是叫拼图吗?别问,只有你想不到

千里江山(难)

--

套神应援团.png

开头像brainfuck,找到对应关系(看套神的)
贴上套神的解题脚本:

from PIL import Image

img = Image.open("套神应援团.png")
w, h = img.size
for y in range(0,h,250):
    for x in range(0,w,230):
        s = img.getpixel((30+x,30+y))
        print(s)

然后去brainfuck解码的网站生成一个ctfshow{}
然后找到对应关系
(247, 230, 237)="+"
(154, 12, 8)="["
(250, 217, 244)="-"
(245, 246, 250)=">"
(244, 246, 250)="<"
(157, 8, 14)="]"
(220, 200, 199)="."
写出解密脚本:

from PIL import Image
flag = ''
img = Image.open("套神应援团.png")
w, h = img.size
for y in range(0, h, 250):
    for x in range(0, w, 230):
        test = img.getpixel((x + 30, y + 30))
        if(test==(247, 230, 237)):
            flag += "+"
        if(test==(154, 12, 8)):
            flag += "["
        if(test==(250, 217, 244)):
            flag += "-"
        if(test==(245, 246, 250)):
            flag += ">"
        if(test==(244, 246, 250)):
            flag += "<"
        if(test==(157, 8, 14)):
            flag += "]"
        if(test==(220, 200, 199)):
            flag += "."
print(flag)

得到:

+++++++++[->+++++++++<]>++++++++++++++++++.<++++[->++++<]>+.<+++[->---<]>-----.<+++[->+++<]>++++.<+++[->---<]>--.+++++++.++++++++.++++.<++++++[->------<]>----------.<++++++[->++++++<]>++++.--------.++++++++.<+++++[->-----<]>--.<++++++[->------<]>-----.<++++++[->++++++<]>++++++++++.<++++++[->------<]>----------.<+++++[->+++++<]>+++++++++.<+++[->+++<]>+++.<+++[->---<]>--.<++++[->++++<]>++++.<+++++++[->-------<]>----.<++++++[->++++++<]>++++++++.<+++[->---<]>--.<+++++[->+++++<]>+++++.+++.<++++++++[->--------<]>--.<++++++[->++++++<]>++++++++.<++++[->----<]>--------.<++++[->----<]>-------.<+++++++[->+++++++<]>+++.-----.<++++[->----<]>.<++++[->++++<]>+++++++.-------.<+++[->---<]>--.<+++[->+++<]>++++.<+++[->+++<]>+++++.<++++++++[->--------<]>--------------..<+++++[->+++++<]>++++++.<+++++[->-----<]>------.<+++++++++[->+++++++++<]>+++++++++++.<

拿去解密即可得到flag

贪吃蛇的秘密

别问,问就是套神牛逼!!!

from PIL import Image
s=[100,200,500,360,280,500,360,420,160,420,320,540,360,100,380,440,40,100,480,420,460,280,600,440,480,40,440,440,400,300,540,180,80,40,340,160,260,480,280,40,340,260,440,380,80,340,480,200,240,600,120,520,480,100,320,100,260,40,540,440,220,40,260,560,140,80,580,40,360,80,600,140,520,440,280,100,520,80,600,120,500,400,440,140,240,220,120,340,180,40,500,60,40,100,440,460,480,540,320,240,480,140,180,540,600,460,240,120,200,380,380,540,320,160,80,200,440,360,40,480,440,580,280,540,80,400,600,160,240,240,580,200,100,40,120,80,260,200,480,420,600,160,560,220,500,360,580,540,600,260,200,440,480,260,220,520,560,140,40,300,420,40,420,440,280,40,260,520,200,480,80,360,340,580,520,320,160,600,40,360,360,200,80,600,280,560,340,200,220,200,120,140,300,220,520,40,220,100,340,400,540,320,340,340,520,100,80,280,160,320,280,320,120,320,300,440,160,300,160,260,240,320,360,300,500,100,520,120,120,100,340,440,160,80,380,560,360,120,360,140,340,200,300,400,120,580,520,520,560,200,220,260,520,60,100,580,180,380,540,540,340,460,600,260,500,440,200,540,300,340,460,540,400,340,360,220,580,40,560,120,100,400,580,100,500,460,80,380,80,60,500,200,500,100,600,300,240,40,420,320,40,440,160,540,360,520,260,520,100,120,560,520,540,380,140,580,420,340,440,600,240,260,80,60,520,500,500,400,400,440,160,160,320,240,320,80,340,360,160,500,360,380,540,380,520,160,340,240,160,480,60,160,220,320,120,80,40,320,200,480,340,480,420,420,480,120,160,480,320,240,280,280,400,120,460,560,400,320,300,160,40,420,280,40,400,460,320,220,160,480,420,300,120,340,80,120,40,540,120,100,460,320,380,200,300,320,580,160,260,540,260,560,500,540,600,220,480,180,460,400,300,500,480,220,60,440,480,440,560]
t=[540,200,160,400,300,300,160,360,320,300,200,440,120,220,100,140,440,300,140,480,520,380,260,320,400,540,300,80,40,580,400,320,340,520,140,540,300,380,60,480,40,220,500,40,360,280,80,340,300,120,40,80,520,100,560,80,580,400,560,380,600,420,420,160,600,240,460,60,560,40,200,440,440,480,160,420,220,160,140,220,320,560,100,480,220,200,520,200,240,240,540,480,580,120,440,300,560,300,300,380,300,280,300,480,160,220,180,400,220,240,560,160,380,200,380,520,580,260,160,160,520,420,260,120,260,300,220,120,100,40,560,560,340,360,120,100,520,180,260,80,100,600,300,100,220,420,580,100,40,320,160,120,120,280,560,300,100,400,380,420,600,100,540,240,520,560,480,260,60,420,440,440,80,200,40,260,240,300,280,600,320,360,200,460,200,80,580,540,340,140,360,160,460,280,460,340,300,480,260,460,500,240,360,600,600,400,600,460,280,340,220,440,340,280,180,360,400,400,100,540,360,420,520,380,200,560,100,320,240,40,340,260,480,120,440,120,360,200,500,40,520,80,500,420,560,380,500,560,380,300,60,200,380,340,280,260,380,60,600,40,480,380,80,600,580,180,460,80,60,100,240,380,340,240,40,420,220,600,200,600,520,200,160,600,520,420,520,500,480,220,380,260,280,360,380,540,520,140,280,160,120,160,60,340,180,420,240,120,160,540,40,520,220,580,260,360,100,440,460,420,160,440,540,160,480,600,240,120,160,40,440,500,60,260,600,560,460,540,160,440,80,220,280,320,160,80,220,240,40,220,600,140,480,480,100,300,80,400,40,340,500,480,500,380,200,480,560,320,120,140,180,320,240,440,440,360,360,220,300,580,300,340,120,500,140,560,580,120,520,440,60,320,160,60,80,80,40,260,260,200,200,500,420,380,600,80,40,360,460,580,120,520,40,420,60,460,100,360,600,600,140,560,40,80,40,400,60,420,400]
img0 = Image.new('RGB', (1000, 1000), '#ffffff')
for i in range(len(s)):
    for j in range(20):
        for n in range(20):
            img0.putpixel ((s[i]+j,t[i]+n), (0,0,0))
img0.save("result.png")

得到二维码图片,扫码即可得到flag

RunTheELF

又是T佬的题,占个坑

简单二维码

题目下载有一个wp样式,照做,很明显是个假flag
正解:
QQ图片20210401235632.png

你以为是easyRSA吗,其实是我套娃之神哒

题目第一句就是解压密码
地址:https://offdev.net/demos/zwsp-steg-js
解压,打开easyRSA.txt,可看到e=62,base62
把c拿去16进制转字符串之后,得到4PNR3rDPYKOUENdjw4ovN8CILBFNmq
再拿去base62(cyberchef),得到解压密码password is ctfshowHHH
flag.zip是伪加密,把09改成00即可

LunaticRE

同T

我想要获得旗帜

i wanna 玩游戏,既能玩到游戏又能得到flag,何乐而不为呢?刚上手有点困难,习惯一下就好了,想拿到flag不难,注意flag格式:ctfshow{/d+],其他的没啥难的了,玩就完事了。

似曾相识

见:for /f命令之—Delims和Tokens用法&总结
参考链接:https://blog.csdn.net/hutuchongaini/article/details/35290989
https://blog.csdn.net/WuLex/article/details/104665741

Ez_Mysqli

payload:?username=Y4tácker

亚当和夏娃

也是看套神的非预期做的,binwalk 亚当和夏娃-Adam and s Eve n.png
提取出来保存,然后用notepad+±----插件-----converter----HEX–>ASCII
转了之后保存,然后winhex查看
把jpg文件头前面的都删掉,然后改成jpg打开就可以看到flag了

标签: none

  1. 菜菜 菜菜

    Ez_Mysqli那题,payload:?username=Y4tácker,为什么a上面会有一个点?

    回复
取消回复

仅有一条评论