Rank: 2
某校校赛,放到博客上水水,(为什么要水?题目很基础,可以用于对CTF的兴趣启蒙)
Misc
签到
战队成立的日期
word
Word文字上个色
flag{code_monster_word_hide}
哦?队标!(二)
看文件头,发现是 FF D8 FF E0(jpeg)格式,改后缀,得到小恐龙
最后,右键属性打开得到flag
熟悉的pdf题,转成Word,把图片挪开即可
flag{xmutsec_pdf_hide}
你对程序熟悉吗
运行程序,回显 Maybe flag in Resource! 使用 Resource Hacker 打开
在窗体Label处发现 Hex 编码后的 flag
解密后得到一半flag a_nice_place}
最后在文件末尾处发现逆序后的另一半flag
flag{this_is_a_nice_place}
哥谭恶梦
hex打开,发现文件头被修改了,拉到文件尾,输入正确值
压缩包解压后得到
仔细看可以发现password.txt里的内容
解码过程:Hex->Str->base32->base64,解出来的值就是 第二重梦境.zip 的密码
密码:getan
第二重梦境.zip 内容 emo.zip(有密码)
翻了半天,发现密码在文件尾╰(‵□′)╯
解压后得到一个视频,在视频第47帧的时候出现一个BV号
输入视频地址,查看留言板得到flag
flag{This_is_a_getan_emeng}
你会倒立洗头吗
题目打开,发现是一堆十六进制编码
Winhex打开拉到末尾发现文件头为zip,每俩位反转一下,在总体反一下
exp
str = "那坨hex" flag = "" for i in range(len(str),0,-2): t=str[i-2:i] flag=flag+t print(flag)
脚本跑出来后,解压得到一张图片。图片内容为flag
flag{xmut_sec_daoli_xitou}
简单的流量分析
题目得到一堆键位表,写个脚本跑一下就好了0009
000f 0004 000a 202f 201C 0027 0018 002D 2004 0015 0008 002D 0019 0008 0015 001C 002D 0011 001E 0006 0008 2030
exp
key="0009 000f 0004 000a 202f 201C 0027 0018 002D 2004 0015 0008 002D 0019 0008 0015 001C 002D 0011 001E 0006 0008 2030" normalKeys = { "04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9", "27":"0","28":"","29":" ","2a":" ", "2b":"\t", "2c":"","2d":"-","2e":"=","2f":"[","30":"]","31":"\\", "32":" ","33":";","34":"'","35":" ","36":",","37":".", "38":"/","39":" ","3a":" ","3b":" ", "3c":" ","3d":" ", "3e":" ","3f":" ","40":" ","41":" ","42":" ","43":" ", "44":" ","45":" "} shiftKeys = { "04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")", "28":" ","29":" ","2a":" ", "2b":"\t","2c":"", "2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":" ","33":"\"", "34":":","35":" ","36":"<","37":">","38":"?","39":" ","3a":" ", "3b":" ", "3c":" ","3d":" ","3e":" ","3f":" ","40":" ", "41":" ","42":" ","43":" ","44":" ","45":" "} a = key.split(' ') flag="" t="" for i in range(len(a)): t = a[i].lower() if(t[:2] == "20"): flag += shiftKeys[t[2:]] else: flag += normalKeys[t[2:]] print(flag)
flag{Y0u-Are-very-n1ce}
审查日志,就这吗
文件打开,一堆log
当状态为500的时候出现了base64编码,解码一下即是flag
flag{YouShouJiuXing}
你会破解密码吗
flag文件打开,发现flag(base64后的)
直接上脚本跑
exp
import base64 str="MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA=,NTAgNEIgMDMgMDQgMTQgMDAgMDEgMDAgMDAgMDAgMzIgOUYgN0MgNTMgMkQgMEQ=,NDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDAgMDAgMDggMDAgMDAgMDAgNjYgNkM=,NjEgNjcgMkUgNzQgNzggNzQgMjcgMEEgNTcgM0QgMDEgOUUgMjYgMDIgQUUgN0U=,REMgQjIgMTkgQjYgNDEgNUUgQzkgMzUgM0YgMDEgQkMgNjIgNEMgOUUgN0QgRUE=,OUYgMDUgNEQgMDcgMUIgOTEgMkYgODMgNDUgNTIgRUYgREEgOTQgRjMgNjYgNDM=,Q0IgQjYgMTggRkEgQjAgNTAgNEIgMDEgMDIgM0YgMDAgMTQgMDAgMDEgMDAgMDA=,MDAgMzIgOUYgN0MgNTMgMkQgMEQgNDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDA=,MDAgMDggMDAgMjQgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMjAgMDAgMDAgMDAgMDA=,MDAgMDAgMDAgNjYgNkMgNjEgNjcgMkUgNzQgNzggNzQgMEEgMDAgMjAgMDAgMDA=,MDAgMDAgMDAgMDEgMDAgMTggMDAgNDkgNkMgRUEgMjEgNEYgRTQgRDcgMDEgMjQ=,MEEgMTUgODQgNEYgRTQgRDcgMDEgMjYgNDMgQkYgMTYgNEYgRTQgRDcgMDEgNTA=,NEIgMDUgMDYgMDAgMDAgMDAgMDAgMDEgMDAgMDEgMDAgNUEgMDAgMDAgMDAgNTU=,MDAgMDAgMDAgMDAgMDA=" #str="MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDA,NTAgNEIgMDMgMDQgMTQgMDAgMDEgMDAgMDAgMDAgMzIgOUYgN0MgNTMgMkQgMEQ,NDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDAgMDAgMDggMDAgMDAgMDAgNjYgNkM,NjEgNjcgMkUgNzQgNzggNzQgMjcgMEEgNTcgM0QgMDEgOUUgMjYgMDIgQUUgN0U,REMgQjIgMTkgQjYgNDEgNUUgQzkgMzUgM0YgMDEgQkMgNjIgNEMgOUUgN0QgRUE,OUYgMDUgNEQgMDcgMUIgOTEgMkYgODMgNDUgNTIgRUYgREEgOTQgRjMgNjYgNDM,Q0IgQjYgMTggRkEgQjAgNTAgNEIgMDEgMDIgM0YgMDAgMTQgMDAgMDEgMDAgMDA,MDAgMzIgOUYgN0MgNTMgMkQgMEQgNDYgNkMgMkYgMDAgMDAgMDAgMjMgMDAgMDA,MDAgMDggMDAgMjQgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMjAgMDAgMDAgMDAgMDA,MDAgMDAgMDAgNjYgNkMgNjEgNjcgMkUgNzQgNzggNzQgMEEgMDAgMjAgMDAgMDA,MDAgMDAgMDAgMDEgMDAgMTggMDAgNDkgNkMgRUEgMjEgNEYgRTQgRDcgMDEgMjQ,MEEgMTUgODQgNEYgRTQgRDcgMDEgMjYgNDMgQkYgMTYgNEYgRTQgRDcgMDEgNTA,NEIgMDUgMDYgMDAgMDAgMDAgMDAgMDEgMDAgMDEgMDAgNUEgMDAgMDAgMDAgNTU,MDAgMDAgMDAgMDAgMDA" a = str.split(',') for i in range(len(a)): flag = "" flag = base64.b64decode(a[i]).decode("utf-8") print(flag)
最后得到一个zip
john跑一下shadow即可,密码为:e10adc3949ba59abbe56e057f20f883e
flag(welcome_to_the_codemonsterCTF}
Crypto
一顿午饭
培根密码,把阿替换成A,巴替换成B,即可
flag{peigenbuhaochi}
高数题。。。。学长的字真好看
(1)
$$\lim\limits_{x \to 0}\frac{sinx-tanx}{(^3\sqrt{1+x^2}-1)(\sqrt{1+sinx}-1)}$$
(2)
$$\lim\limits_{x \to 0}\frac{tanx-sinx}{x^3}$$
(3)
$$\lim\limits_{x \to 0}\frac{tanx-x}{x-sinx}$$
(4)
$$\lim\limits_{x \to 1}\frac{x-x^x}{1-x+\ln{x}}$$
(5)
$$\lim\limits_{x \to 0}x^{\sin{x}}
flag{-3-1/2-2-2-1}
flag{-3-0.5-2-2-1}
线性代数
(1)
$$\begin{vmatrix}
1 & 2 & 3 \\
3 & 1 & 2 \\
2 & 3 & 1 \\
\end{vmatrix}$$
$$1*1*1+3*3*3+2*2*2-3*1*2-2*3*1-2*3*1=18$$
(2)
$$\begin{pmatrix}
1 & 1 & 2 \\
1 & -1 & 0 \\
\end{pmatrix}
\begin{pmatrix}
3 & 4 \\
5 & 4 \\
2 & 7 \\
\end{pmatrix}$$
给出q、p、c、e
q= 9961202707366965556741565662110710902919441271996809241009358666778850435448710324711706845973820669201482939820488174382325795134659313309606698334978471 p= 12525187149887628510447403881107442078833803097302579419605689530714690308437476207855511625840027119860834633695330551080761572835309850579517639206740101 c= 99825057183614908787750492272634823904256549969848320330845017733290231024958858406831408456826620972650757755414065865320048636359693704223195650116200245278927814135297919980128020846659999925380668668207081398871867586714713412635145486121523684408692869804472866624405914184425850720049825033051018623742 e = 65537
这题不难,求出n,在求出d就可以了
import gmpy2 q= 99612027073669655567415656621107109029194412719968092410093586667788504354487103 24711706845973820669201482939820488174382325795134659313309606698334978471 p= 12525187149887628510447403881107442078833803097302579419605689530714690308437476 207855511625840027119860834633695330551080761572835309850579517639206740101 c= 99825057183614908787750492272634823904256549969848320330845017733290231024958858 40683140845682662097265075775541406586532004863635969370422319565011620024527892 78141352979199801280208466599999253806686682070813988718675867147134126351454861 21523684408692869804472866624405914184425850720049825033051018623742 e = 65537 n = q * p d = gmpy2.invert(e,(p-1)*(q-1)) m = pow(c,d,n) print(hex(m))
flag{xmut_sec_rsa_fun}
主要考查社会主义编码(SC+999999999999999999999999999999999999999)
解出来得:SFJ4Ukw3a3drcDlvNUFNZ1NMeDFGVjVNcmZkYUFqYXc5RVBqaVBrTlFtelBj
这串为base64,然后根据题意base大家族,base1-100,全部解一遍,最后解码方式base58->base85->base92
flag{family_is_base}
科普:常见的对称加密有DES、AES、RC、Rabbit
这里题目用到的是DES-ECB方式
压缩包解压后得到
ook!编码,解得密码为:crypto,解压后分别扫码
Code1为:BuB+pJN5H0UFTZ02R+
Code2为:IMCYZ0YvimZWU49h8Nh2IXyPtB6YdfmlV7V79/VxVzw+bx
密码为:XMUTSEC
探索中世纪城堡
题目描述(要素察觉)
xxxxxxxxxx 年轻的大帝率领着64位皇珈骑士冲破了双重阻栏夺下了城池。 ReX7vPFqQd9nOYXfQN9zt2XftYvrQeFhRPJxsO53teJlv259
凯撒解密后得到
fa{usrb_oXaga_aoaglgsbciet_inwndmwn}
最后栏数设置为2即可
flag{subscribe_to_Xiangwan_damowang}