AI智能
改变未来

2021 长安“战疫”网络安全卫士守护赛 WriteUp

麻薯星的zyz想要生猴子!!!麻薯星的zyz想要生猴子!!!麻薯星的zyz想要生猴子!!!
队友第一轮做了俩Web之后就摆烂了 寄
总体来说长安战疫基本大部分题都偏向入门,适合大一新生练练手
少部分多百度也能做。
还有很小部分就看积累吧。

文章目录

  • Misc
  • 八卦迷宫
  • 朴实无华的取证
  • 无字天书
  • 西安加油
  • binary
  • Ez_Steg
  • ez_Encrypt
  • Crypto
    • no_cry_no_can
    • no_can_no_bb
    • no_math_no_cry
  • Reverse
    • combat_slogan
    • cute_doge
    • hello_py

    Misc

    八卦迷宫

    按照迷宫走然后取字的拼音即可

    字是战长恙长战恙河长山山安战疫疫战疫安疫长安恙

    flag是:

    cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang}

    朴实无华的取证

    首先查看版本 imageinfo得到WinXPSP2x86

    然后pslist,注意到

    于是:

    发现目录是桌面而并非Desktop,重新filescan一下,导出有用信息

    首先zip的密码是上面说的20211209

    其次,得到的txt是加密函数,而密文在flag.png上。反过来写一个脚本

    但是我写了几次都没写对

    。。。。于是有了这个脚本

    s = 'fdcb[8ldq?zloo?fhuwdlqob?vxffhhg?lq?iljkwlqj?wkh?hslghplf]'for i in s:20000if(ord(i)>=ord('a') and ord(i)<=ord('w')):print(chr(ord(i)-3),end='')elif(i == 'a'):print('x',end='')elif(i == 'b'):print('y',end='')elif(i == 'c'):print('z',end='')elif(i == "|"):print('_')else:print(chr(ord(i)+32),end='')#ca`_{Xian_šill_certainl__s˜cceed_in_fighting_the_epidemic}

    查了一下certainl后面应该还有个y

    然后前面那个单词是will,后面那个单词是succeed,于是得到flag提交正确

    cazy{Xian_will_certainly_succeed_in_fighting_the_epidemic}

    无字天书

    导出HTTP流,在导出的其中两个文件发现hex串,都是很明显的zip,hex–>ascii,得到zip,打开zip得到两文件,一个key.ws一个flag.txt

    ws很明显的whitespace,直接https://vii5ard.github.io/whitespace/得到key:XiAnWillBeSafe

    然后flag.txt很明显的SNOW

    .\\SNOW.EXE -p XiAnWillBeSafe -C .\\flag.txt

    cazy{C4n_y0u_underSt4nd_th3_b0oK_With0ut_Str1ng}

    西安加油

    查看流量包发现大量的base64串,导出http发现secret.txt,base64解码发现是zip,保存后打开发现是拼图

    因为不知道大小,所以猜了一个12*4

    命令montage *png -tile 12×4 -geometry 100×100+0+0 out2.png

    然后用gaps

    python3 gaps –image=out2.png –generations=10 –population=48 –size=100 –save
    我gaps有问题,代数太多跑一会就报错,不加save跑完就直接报错。。。

    得到flag,X的大小写记不住了

    cazy{make_XiAN_great_Again}

    binary

    文件头能看出来是class文件,直接扔jadx

    数组转出来

    s = [77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 70, 120, 117, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 70, 120, 117, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 86, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 65, 61, 61]for i in s:print(chr(i),end='')

    得到base64,解码是01串,明显的二维码

    s = '0000000101110000000011111101110000000\\n0111110101101010111110001110110111110\\n0100010100001111000111010110110100010\\n0100010110000011000111000001010100010\\n0100010111011011001101101011110100010\\n0111110101110100000001001000010111110\\n0000000101010101010101010101010000000\\n1111111100100000000100110011111111111\\n1100010101010000101111110100000011000\\n0101101000110010010000100110101011101\\n1011000001001111001100011010000010010\\n1110111111110010101101000110101011100\\n1010110001110000000110100000000000010\\n0110101001000100011011101011101111101\\n0010100100111111101110000110010100010\\n0010001101110110110011001100110011101\\n1110100110001111111011010011000000010\\n0000111010100011100000101101111110111\\n1101100110101101001100010100110000100\\n0101001001111001000001001110010010111\\n0101010011000111000110010000010101000\\n1001101111101110110010011111101011101\\n1101100010111000000101110110001011010\\n0011001000111101100011110100100111101\\n0101000001110101110110101111110100010\\n0101011011001001000000110100010011111\\n0110100010001110010110011011111001100\\n0111001111100000010110110111001111100\\n0100110010110010100010111011000000000\\n1111111101011001110011100101011101011\\n0000000111000111011010110001010100100\\n0111110111001101010110101100011101111\\n0100010100110000110011010000000000010\\n0100010101111101100011111111110100111\\n0100010101101111111100000010101010110\\n0111110111111000101101001111000110110\\n0000000111111011110110000000100011000's = s.split('\\n')from PIL import Imagepic = Image.new('RGB',(37,37),(255,255,255))for i in range(37):for j in range(37):if(s[i][j] == '0'):pic.putpixel((j,i),(0,0,0))pic.show()pic.save('fllllag.png')

    扫码得到flag

    flag{932b2c0070e4897ea7df0190dbf36ece}

    Ez_Steg

    pyc的steg很明显是剑龙,注意python版本号,我用3.9没跑出来,3.6能跑

    跑出来得到key:St3g1sV3ryFuNny

    当然密文更明显是emoji-aes,解密得到flag

    cazy{Em0j1s_AES_4nd_PyC_St3g_D0_yoU_l1ke}

    ez_Encrypt

    这次题目的流量包都只需要导出HTTP就能做了

    导出之后有个web123,是base64,同样cyberchef解码得到zip文件,用D盾扫

    百度找一个解php混淆的,除去广告第一个就是https://www.zhaoyuanma.com/phpjm.html

    解密得到flag

    cazy{PHP_ji4m1_1s_s00000_3aSyyyyyyyyyyy}

    Crypto

    no_cry_no_can

    就单纯的异或,通过格式cazy{找出key的值

    key = b'\\x5f\\x11\\x32\\xff\\x61's = b'<pH\\x86\\x1a&"m\\xce\\x12\\x00pm\\x97U1uA\\xcf\\x0c:NP\\xcf\\x18~l'for i in range(len(s)):print(chr(key[i%5]^s[i]),end='')
    cazy{y3_1s_a_h4nds0me_b0y!}

    no_can_no_bb

    单纯的爆破key,给了key的范围是1,1<<20,还好简单,要不然就不会做了

    from Crypto.Util.number import *from Crypto.Cipher import AESfrom tqdm import tqdmdef pad(m):tmp = 16-(len(m)%16)return m + bytes([tmp for _ in range(tmp)])enc=b'\\x9d\\x18K\\x84n\\xb8b|\\x18\\xad4\\xc6\\xfc\\xec\\xfe\\x14\\x0b_T\\xe3\\x1b\\x03Q\\x96e\\x9e\\xb8MQ\\xd5\\xc3\\x1c'for i in tqdm(range(1<<20)):key=pad(long_to_bytes(i))aes=AES.new(key,AES.MODE_ECB)s = aes.decrypt(enc)if b'cazy{' in s:print(s)

    no_math_no_cry

    真就太久没学数学呗,还有负根,一开始都忘干净了,果然我不适合做cry,但还好这三道和密码学关系不是特别的大。

    from Crypto.Util.number import*import gmpy2s = 10715086071862673209484250490600018105614048117055336074437503883703510511248211671489145400471130049712947188505612184220711949974689275316345656079538583389095869818942817127245278601695124271626668045250476877726638182396614587807925457735428719972874944279172128411500209111406507112585996098530169s -= 0x0338470s = gmpy2.iroot(s,2)[0]s = -ss += (1<<500)print(long_to_bytes(s))
    cazy{1234567890_no_m4th_n0_cRy}

    Reverse

    combat_slogan

    jdgui打开看main就看见加密的flag了,上面函数明显的rot13

    在线rot13解一下就行了,然后套上flag{}

    flag{We_w11l_f1ght_t0_end_t0_end_cazy}

    cute_doge

    IDA打开ctf1.exe,搜字符串,看见ZmxhZ3tDaDFuYV95eWRzX2Nhenl9

    base64解码就是flag

    flag{Ch1na_yyds_cazy}

    hello_py

    uncompyle6 easy_py.cpython-38.pyc > easy_py.py

    出来一个py文件,看了下,首先进encrypt1进行异或,再进入encrypt2进行异或,然后输出和Happy进行比较

    既然是这样,那不妨反过来,把num从9到0改成从0到9,把该减的地方改成加,该执行的顺序也换一下。

    # uncompyle6 version 3.7.4# Python bytecode 3.8 (3413)# Decompiled from: Python 3.8.7 (default, Dec 22 2020, 10:37:26)# [GCC 10.2.1 20201207]# Embedded file name: C:\\Users\\Administrator\\Desktop\\easy_py.py# Compiled at: 2021-12-28 15:45:17# Size of source mod 2**32: 1099 bytesimport threading, timedef encode_1(n):global numwhile True:if num <= 9:flag[num] = flag[num] ^ numnum += 1time.sleep(0.1)if num > 9:breakdef encode_2(n):global numwhile True:if num <= 9:flag[num] = flag[num] ^ flag[(num + 1)]num += 1time.sleep(0.1)if num > 9:breakwhile True:Happy = [44, 100, 3, 50, 106, 90, 5, 102, 10, 112]num = 0f = input('Please input your flag:')if len(f) == 10:print('Your input is illegal')else:flag = [44, 100, 3, 50, 106, 90, 5, 102, 10, 112]if(1 == 2):print('crazymumuzi!')else:print("flag to 'ord':", flag)t1 = threading.Thread(target=encode_1, args=(1, ))t2 = threading.Thread(target=encode_2, args=(2,))t2.start()t1.start()t1.join()t2.join()for i in flag:print(chr(i),end='')if flag == Happy:print('Good job!')else:print('No no no!')# okay decompiling easy_py.cpython-38.pyc

    得到flag,包上flag{}即可

    flag{He110_cazy}
  • 赞(0) 打赏
    未经允许不得转载:爱站程序员基地 » 2021 长安“战疫”网络安全卫士守护赛 WriteUp