XMUTCTF 2021 Writeup [0x1]

Rank: 2

某校校赛,放到博客上水水,(为什么要水?题目很基础,可以用于对CTF的兴趣启蒙)

Misc

签到

战队成立的日期

word

Word文字上个色

flag{code_monster_word_hide}

哦?队标!(二)

看文件头,发现是 FF D8 FF E0(jpeg)格式,改后缀,得到小恐龙

最后,右键属性打开得到flag

pdf

熟悉的pdf题,转成Word,把图片挪开即可

flag{xmutsec_pdf_hide}

你对程序熟悉吗

运行程序,回显 Maybe flag in Resource! 使用 Resource Hacker 打开

在窗体Label处发现 Hex 编码后的 flag

解密后得到一半flag a_nice_place}

最后在文件末尾处发现逆序后的另一半flag

flag{this_is_a_nice_place}

哥谭恶梦

hex打开,发现文件头被修改了,拉到文件尾,输入正确值

压缩包解压后得到

仔细看可以发现password.txt里的内容

解码过程:Hex->Str->base32->base64,解出来的值就是 第二重梦境.zip 的密码

密码:getan

第二重梦境.zip 内容 emo.zip(有密码)

翻了半天,发现密码在文件尾╰(‵□′)╯

解压后得到一个视频,在视频第47帧的时候出现一个BV号

输入视频地址,查看留言板得到flag

flag{This_is_a_getan_emeng}

你会倒立洗头吗

题目打开,发现是一堆十六进制编码

Winhex打开拉到末尾发现文件头为zip,每俩位反转一下,在总体反一下

exp

str = "那坨hex"
flag = "" 
for i in range(len(str),0,-2): 
    t=str[i-2:i] 
    flag=flag+t 
print(flag)

脚本跑出来后,解压得到一张图片。图片内容为flag

flag{xmut_sec_daoli_xitou}

简单的流量分析

题目得到一堆键位表,写个脚本跑一下就好了0009

000f
0004
000a
202f 
201C
0027 
0018 
002D
2004
0015
0008
002D
0019
0008
0015
001C
002D
0011
001E
0006
0008
2030

exp

key="0009 000f 0004 000a 202f 201C 0027 0018 002D 2004 0015 0008 002D 0019 0008 0015 001C 002D 0011 001E 0006 0008 2030"
normalKeys = {
    "04":"a", "05":"b", "06":"c", "07":"d", "08":"e",
    "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j",
     "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o",
      "13":"p", "14":"q", "15":"r", "16":"s", "17":"t",
       "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y",
        "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4",
         "22":"5", "23":"6","24":"7","25":"8","26":"9",
         "27":"0","28":"","29":"","2a":"", "2b":"\t",
         "2c":"","2d":"-","2e":"=","2f":"[","30":"]","31":"\\",
         "32":"","33":";","34":"'","35":"","36":",","37":".",
         "38":"/","39":"","3a":"","3b":"", "3c":"","3d":"",
         "3e":"","3f":"","40":"","41":"","42":"","43":"",
         "44":"","45":""}
shiftKeys = {
    "04":"A", "05":"B", "06":"C", "07":"D", "08":"E",
     "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J",
      "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O",
       "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T",
        "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y",
         "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$",
          "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")",
          "28":"","29":"","2a":"", "2b":"\t","2c":"",
          "2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"","33":"\"",
          "34":":","35":"","36":"<","37":">","38":"?","39":"","3a":"",
          "3b":"", "3c":"","3d":"","3e":"","3f":"","40":"",
          "41":"","42":"","43":"","44":"","45":""}
a = key.split(' ')
flag=""
t=""
for i in range(len(a)):
    t = a[i].lower()
    if(t[:2] == "20"):
        flag += shiftKeys[t[2:]]
    else:
        flag += normalKeys[t[2:]]
print(flag)

flag{Y0u-Are-very-n1ce}

审查日志,就这吗

文件打开,一堆log

当状态为500的时候出现了base64编码,解码一下即是flag

flag{YouShouJiuXing}

你会破解密码吗

flag文件打开,发现flag(base64后的)

直接上脚本跑

exp

import base64 str="MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,NTAgNEIgMDMgMDQgMTQgMDAgMDEgMDAgMDAgMDAgMzIgOUYgN0MgNTMgMkQgMEQ=,NDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDAgMDAgMDggMDAgMDAgMDAgNjYgNkM=,NjEgNjcgMkUgNzQgNzggNzQgMjcgMEEgNTcgM0QgMDEgOUUgMjYgMDIgQUUgN0U=,REMgQjIgMTkgQjYgNDEgNUUgQzkgMzUgM0YgMDEgQkMgNjIgNEMgOUUgN0QgRUE=,OUYgMDUgNEQgMDcgMUIgOTEgMkYgODMgNDUgNTIgRUYgREEgOTQgRjMgNjYgNDM=,Q0IgQjYgMTggRkEgQjAgNTAgNEIgMDEgMDIgM0YgMDAgMTQgMDAgMDEgMDAgMDA=,MDAgMzIgOUYgN0MgNTMgMkQgMEQgNDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDA=,MDAgMDggMDAgMjQgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMjAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgNjYgNkMgNjEgNjcgMkUgNzQgNzggNzQgMEEgMDAgMjAgMDAgMDA=,MDAgMDAgMDAgMDEgMDAgMTggMDAgNDkgNkMgRUEgMjEgNEYgRTQgRDcgMDEgMjQ=,MEEgMTUgODQgNEYgRTQgRDcgMDEgMjYgNDMgQkYgMTYgNEYgRTQgRDcgMDEgNTA=,NEIgMDUgMDYgMDAgMDAgMDAgMDAgMDEgMDAgMDEgMDAgNUEgMDAgMDAgMDAgNTU=,MDAgMDAgMDAgMDAgMDA=" #str="MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,NTAgNEIgMDMgMDQgMTQgMDAgMDEgMDAgMDAgMDAgMzIgOUYgN0MgNTMgMkQgMEQ,NDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDAgMDAgMDggMDAgMDAgMDAgNjYgNkM,NjEgNjcgMkUgNzQgNzggNzQgMjcgMEEgNTcgM0QgMDEgOUUgMjYgMDIgQUUgN0U,REMgQjIgMTkgQjYgNDEgNUUgQzkgMzUgM0YgMDEgQkMgNjIgNEMgOUUgN0QgRUE,OUYgMDUgNEQgMDcgMUIgOTEgMkYgODMgNDUgNTIgRUYgREEgOTQgRjMgNjYgNDM,Q0IgQjYgMTggRkEgQjAgNTAgNEIgMDEgMDIgM0YgMDAgMTQgMDAgMDEgMDAgMDA,MDAgMzIgOUYgN0MgNTMgMkQgMEQgNDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDA,MDAgMDggMDAgMjQgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMjAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgNjYgNkMgNjEgNjcgMkUgNzQgNzggNzQgMEEgMDAgMjAgMDAgMDA,MDAgMDAgMDAgMDEgMDAgMTggMDAgNDkgNkMgRUEgMjEgNEYgRTQgRDcgMDEgMjQ,MEEgMTUgODQgNEYgRTQgRDcgMDEgMjYgNDMgQkYgMTYgNEYgRTQgRDcgMDEgNTA,NEIgMDUgMDYgMDAgMDAgMDAgMDAgMDEgMDAgMDEgMDAgNUEgMDAgMDAgMDAgNTU,MDAgMDAgMDAgMDAgMDA" 
a = str.split(',') 
for i in range(len(a)): 
    flag = "" 
    flag = base64.b64decode(a[i]).decode("utf-8") 
print(flag)

最后得到一个zip

john跑一下shadow即可,密码为:e10adc3949ba59abbe56e057f20f883e

flag(welcome_to_the_codemonsterCTF}

Crypto

一顿午饭

培根密码,把阿替换成A,巴替换成B,即可

flag{peigenbuhaochi}

高等数学

高数题。。。。学长的字真好看

(1)

$$\lim\limits_{x \to 0}\frac{sinx-tanx}{(^3\sqrt{1+x^2}-1)(\sqrt{1+sinx}-1)}$$

(2)

$$\lim\limits_{x \to 0}\frac{tanx-sinx}{x^3}$$

(3)

$$\lim\limits_{x \to 0}\frac{tanx-x}{x-sinx}$$

(4)

$$\lim\limits_{x \to 1}\frac{x-x^x}{1-x+\ln{x}}$$

(5)

$$\lim\limits_{x \to 0}x^{\sin{x}}

flag{-3-1/2-2-2-1}

flag{-3-0.5-2-2-1}

线性代数

(1)

$$\begin{vmatrix}
1 & 2 & 3 \\
3 & 1 & 2 \\
2 & 3 & 1 \\
\end{vmatrix}$$

$$1*1*1+3*3*3+2*2*2-3*1*2-2*3*1-2*3*1=18$$

(2)

$$\begin{pmatrix}
1 & 1 & 2 \\
1 & -1 & 0 \\
\end{pmatrix}
\begin{pmatrix}
3 & 4 \\
5 & 4 \\
2 & 7 \\
\end{pmatrix}$$

 

easy_rsa

给出q、p、c、e

q= 9961202707366965556741565662110710902919441271996809241009358666778850435448710324711706845973820669201482939820488174382325795134659313309606698334978471
p= 12525187149887628510447403881107442078833803097302579419605689530714690308437476207855511625840027119860834633695330551080761572835309850579517639206740101
c= 99825057183614908787750492272634823904256549969848320330845017733290231024958858406831408456826620972650757755414065865320048636359693704223195650116200245278927814135297919980128020846659999925380668668207081398871867586714713412635145486121523684408692869804472866624405914184425850720049825033051018623742
e = 65537

这题不难,求出n,在求出d就可以了

import gmpy2
q=
99612027073669655567415656621107109029194412719968092410093586667788504354487103
24711706845973820669201482939820488174382325795134659313309606698334978471
p=
12525187149887628510447403881107442078833803097302579419605689530714690308437476
207855511625840027119860834633695330551080761572835309850579517639206740101
c=
99825057183614908787750492272634823904256549969848320330845017733290231024958858
40683140845682662097265075775541406586532004863635969370422319565011620024527892
78141352979199801280208466599999253806686682070813988718675867147134126351454861
21523684408692869804472866624405914184425850720049825033051018623742
e = 65537
n = q * p
d = gmpy2.invert(e,(p-1)*(q-1))
m = pow(c,d,n)
print(hex(m))

flag{xmut_sec_rsa_fun}

在社会主义下的base家族

主要考查社会主义编码(SC+999999999999999999999999999999999999999)

解出来得:SFJ4Ukw3a3drcDlvNUFNZ1NMeDFGVjVNcmZkYUFqYXc5RVBqaVBrTlFtelBj

这串为base64,然后根据题意base大家族,base1-100,全部解一遍,最后解码方式base58->base85->base92

flag{family_is_base}

对称加密

科普:常见的对称加密有DES、AES、RC、Rabbit

这里题目用到的是DES-ECB方式

压缩包解压后得到

ook!编码,解得密码为:crypto,解压后分别扫码

Code1为:BuB+pJN5H0UFTZ02R+

Code2为:IMCYZ0YvimZWU49h8Nh2IXyPtB6YdfmlV7V79/VxVzw+bx

密码为:XMUTSEC

最后解得:flag{this_a_des_code}

探索中世纪城堡

题目描述(要素察觉)

xxxxxxxxxx 年轻的大帝率领着64位皇珈骑士冲破了双重阻栏夺下了城池。
ReX7vPFqQd9nOYXfQN9zt2XftYvrQeFhRPJxsO53teJlv259

凯撒解密后得到

fa{usrb_oXaga_aoaglgsbciet_inwndmwn}

最后栏数设置为2即可

flag{subscribe_to_Xiangwan_damowang}

文章《XMUTCTF 2021 Writeup [0x1]》采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: www.bilibili.com
Source: ななひら
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
嘉然
ななひら
小恐龙
花!
上一篇
下一篇