PolarCTF網路安全2024夏季個人挑戰賽
WRITE UP
參賽人員: |
楚穎i |
PolarCTF網路安全個人挑戰賽組委會 制
目錄
第一部分:MISC 1
1-1 祺貴人告發 1
1-2 費眼睛的flag 2
1-5 你耳機聽什麼 5
第二部分:CRYPTO 7
2-1 pici 7
2-2 翻柵欄 8
2-3 Hello 9
第三部分:WEB 13
3-2 審計 14
3-3 掃掃看 15
3-4 debudao 16
3-5 Dragon 17
第四部分:REVERSE 25
4-1 crc 25
第一部分:MISC
1-1 祺貴人告發
Png圖片尾藏zip,foremost提取得到加密壓縮包 爆破得到密碼1574 flag{3bb6fa896968f804033fb85af5576762} |
1-2 費眼睛的flag
典題 字型選擇加粗,背景填充黑色 flag{4d58a180010fcce87d331c9ba36e3b93} |
1-5 你耳機聽什麼
本題思路如下: 三個zip 第一個: https://qr61.cn/oLHDAn/qYdgRdp 下載得到程式碼第一部分 第二個: 壓縮包備註102 49 64 57 105 36 72 101 114 69 ascll轉字元 密碼f1@9i$HerE Word改顏色 Base64解碼得到第二部分程式碼 第三個 備註steghide Stegseek爆破一下 得到第三部分程式碼 完整程式碼 #include <iostream> #include <Windows.h> #pragma comment(lib,"winmm.lib") using namespace std; enum Scale { Rest = 0, C8 = 108, B7 = 107, A7s = 106, A7 = 105, G7s = 104, G7 = 103, F7s = 102, F7 = 101, E7 = 100, D7s = 99, D7 = 98, C7s = 97, C7 = 96, B6 = 95, A6s = 94, A6 = 93, G6s = 92, G6 = 91, F6s = 90, F6 = 89, E6 = 88, D6s = 87, D6 = 86, C6s = 85, C6 = 84, B5 = 83, A5s = 82, A5 = 81, G5s = 80, G5 = 79, F5s = 78, F5 = 77, E5 = 76, D5s = 75, D5 = 74, C5s = 73, C5 = 72, B4 = 71, A4s = 70, A4 = 69, G4s = 68, G4 = 67, F4s = 66, F4 = 65, E4 = 64, D4s = 63, D4 = 62, C4s = 61, C4 = 60, B3 = 59, A3s = 58, A3 = 57, G3s = 56, G3 = 55, F3s = 54, F3 = 53, E3 = 52, D3s = 51, D3 = 50, C3s = 49, C3 = 48, B2 = 47, A2s = 46, A2 = 45, G2s = 44, G2 = 43, F2s = 42, F2 = 41, E2 = 40, D2s = 39, D2 = 38, C2s = 37, C2 = 36, B1 = 35, A1s = 34, A1 = 33, G1s = 32, G1 = 31, F1s = 30, F1 = 29, E1 = 28, D1s = 27, D1 = 26, C1s = 25, C1 = 24, B0 = 23, A0s = 22, A0 = 21 }; enum Voice { X1 = C2, X2 = D2, X3 = E2, X4 = F2, X5 = G2, X6 = A2, X7 = B2, L1 = C3, L2 = D3, L3 = E3, L4 = F3, L5 = G3, L6 = A3, L7 = B3, M1 = C4, M2 = D4, M3 = E4, M4 = F4, M5 = G4, M6 = A4, M7 = B4, H1 = C5, H2 = D5, H3 = E5, H4 = F5, H5 = G5, H6 = A5, H7 = B5, LOW_SPEED = 500, MIDDLE_SPEED = 400, HIGH_SPEED = 300, _ = 0XFF }; void Wind() { HMIDIOUT handle; midiOutOpen(&handle, 0, 0, 0, CALLBACK_NULL); // midiOutShortMsg(handle, 2 << 8 | 0xC0); int volume = 0x7f; int voice = 0x0; int sleep = 350; int wind[] = { 500, L6, 700, M1, 700, M5, 700, M1, 700, L4, 700, L5, 700, M5, 700, M1, 500, L1, 400, L5, M5, M1, L1, M5, L7, M5, _, L6, M1, M5, M1, L4, L5, M5, M1, L1, L5, M5, M1, L1, M5, L7, M5, _, _, _, 300, M5, M5, M1, _, M1, _, M2, M3, _, _, M5, M5, M1, M1, M2, M3, 0, M2, M1, _, _, _, 500, 300, 300, M5, M5, M1, _, M1, _, M2, M3, _, 500, M3, _, 300, M2, M3, M4, M3, M2, M4, M3, M2, _, 500, 300, 300, L5, M1, M1, M3, M4, M3, M2, _, M1, M2, _, 300, M3, M3, M3, M3, _, M2, M3, M2, M1, 300, 400, L5, M1, _, M2, M3, M4, M3, M2, M1, M2, _, M3, M3, M3, M3, 0, M2, M3, 0, M2, M1, _, _, 500, 300, 300, L7, 300, M1, 300, M1, 300, M1, 300, M1, L7, M1, M1, _, _, M1, M1, M1, L7, M1, M1, _, _, M1, M1, M1, L7, M1, M1, _, M1, M1, M1, M5, M5, M5, _, M5, M5, M5, M5, 0, M5, M5, _, _, _, 500, 300, 300, M5, M5, M5, _, M5, M4, M3, M3, 0, 500, 300, _, _, _, 300, M1, M1, M1, M1, L6, _, L7, M1, M5, M4, M3, M1, M1, _, _, 300, M1, M1, M1, M1, _, M3, M1, _, _, L6, L7, M1, M5, M4, M3, M1, M2, _, _, _, 400, _, _, _, _, M3, M2, M4, M3, _, _, M1, M5, M7, L7, M7, M5, M1, _, _, M1, M6, M6, _, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, 400, M3, M4, M5, M3, _, _, M4, M5, M7, H2, M7, H1, H1, _, _, 400, H1, H1, M5, M5, M6, M5, M4, _, M2, M3, M4, M5, M6, M1, M6, _, 0, M7, M7, _, _, 500, 300, 400, M3, M2, M4, M3, _, M1, M5, M7, H1, M7, M1, M1, _, M1, M6, M6, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, 400, M3, M4, M5, M3, _, M4, M5, M7, H2, M7, H1, H1, _, _, 400, H1, H1, M5, M5, M6, M5, M4, M2, M3, M4, M5, M6, M1, M6, M7, _, M7, _, _, 300, M3, M2, M4, M3, _, M1, M5, M7, H1, M7, H2, H1, _, _, 300, M1, M6, M6, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, _, 300, M3, M4, M5, M3, _, M4, M5, M7, H2, M7, H1, H1, _, _, 500, H1, H1, M5, M5, M6, M5, M4, L6, L7, M1, M2, M3, M2, _, _, 500, M3, _, M1, _, _, _, }; for (auto i: wind) { if (i == 0) {sleep = 175;continue;} if (i == 700) {Sleep(175);continue;} if (i == 300) {sleep = 350;continue;} if (i == _) { Sleep(350); continue; } // if (i == 900) volume += 100; voice = (volume << 16) + ((i) << 8) + 0x90; midiOutShortMsg(handle, voice); cout << voice << endl; Sleep(sleep); // midiOutShortMsg(handle, 0x7BB0); } midiOutClose(handle); } int main() { Wind(); return 0; } Dev手動連結一下庫 聽一下歌,結合第三個zip圖片,周杰倫的晴天 flag{cbbe546304037478ce0c36437d036711} |
第二部分:CRYPTO
2-1 pici
本題思路如下: 5paw5L2b5puw77ya6Ku45q+Y6Zq45YOn6ZmN5ZC96Ku45q+Y6ZmA5q+Y5pGp5q+Y6Zq45YOn57y96Jap5q+Y6aGY5q+Y5YOn6aGY5ZKk6aGY5q+Y5rOi5Zqk5q+Y6ZeN6aGY6ZeN5q+Y5Zqk5Zia5L+u5q+Y6Zq45amG6Zq45q+Y5L+u6Kum5b2M5ZOG5oSN6IGe5q+Y5amG6aCI6aCI55y+5q+Y6I6K5b+D6ZmN55y+6Jap5q+Y5ZOG5oWn5Y+75ZKk6ZeN6aGY5YWc5q+Y5Zqk5q+Y5aaCCg== Base64:新佛曰:諸毘隸僧降吽諸毘陀毘摩毘隸僧缽薩毘願毘僧願吒願毘波嚤毘闍願闍毘嚤嘚修毘隸婆隸毘修諦彌哆愍聞毘婆須須眾毘莊心降眾薩毘哆慧叻吒闍願兜毘嚤毘如 新約佛論禪/佛曰加密 - 萌研社 - PcMoe! 新約佛論禪:huanyinglaidaowangzherongyao flag{39c6acff08d543f5cb892bdbbdc2841f} |
2-2 翻柵欄
本題思路如下: 第一個txt是獸音譯者編碼 第二個txt給了柵欄的key flag{d531d5be4f3737afa979a0f77dd8b180} |
2-3 Hello
本題思路如下: m = 7269767679 flag{124198634960} |
第三部分:WEB
3-2 審計
本題思路如下: 拿自己筆記過 flag{1bc29b36f623ba82aaf6724fd3b16718} |
3-3 掃掃看
本題思路如下: 御劍開掃,ctrl u 原始碼 flag{094c9cc14068a7d18ccd0dd3606e532f} |
3-4 debudao
本題思路如下: Ctrl u有個假flag 真正flag在cookie裡 flag{72077a55w312584wb1aaa88888cd41af} |
3-5 Dragon
本題思路如下: 懵逼,又是cookie flag{72077a551386b19fb1aea77814cd41af} |
3-7 你知道sys還能這樣玩嗎
本題思路如下: |
第四部分:REVERSE
4-1 crc
本題思路如下: 餵給gpt Exp: import zlib flag{ezrebyzhsh} |