文章目录
- 签到
- pcap
- pcap analysis
- 可乐加冰
除了签到所有Misc题以上线到BMZCTF平台方便大家复现
BMZCTF:http://bmzclub.cn/challenges
签到
{echo,ZmxhZ3t3MzFjMG1lNX0=}|{base64,-d}|{tr,5,6}Linux下直接运行即可
flag{w31c0me6}pcap
challenge2.pcapng
根据提示查看dnp3协议,以长度为排序,在长度为91的Response包中发现每个包中藏有一位flag
以此类推读完这些包的flag即可
flag{d989e2b92ea671f5d30efb8956eab1427625c}pcap analysis
challenge.pcapng
查找Modbus协议,随便追踪其中一个包的TCP流,即可发现flag
flag{323f986d429a689d3b96ad12dc5cbc701db0af55}可乐加冰
data.png
将这些十六进制数据拿出来,当做十进制,然后转ASCII
834636363695438346369595364383469595954383469595364383463636363643834636363695438346369595364383469595364334453443834636953636438346369536954383463636953643834636369543344534438346369595438346369536954383463636363643834636363643344534438346369595364383463695953643834636369543834695363643344534438346363695364383463695369543834636369536438346369595954383469595364383469536954383463636363643834636953643834636369543834695369543834636959543834636369536with open('./test.txt','r') as file:
line = file.read()
for i in range(0,len(line),2):
print(chr(int(line[int(i):int(i+2)])),end="")
S.$$$_+S.$__$+S.___+S.__$+S.$$$$+S.$$$_+S.$__$+S.__$+"-"+S.$_$$+S.$_$_+S.$$_$+S.$$_+"-"+S.$__+S.$_$_+S.$$$$+S.$$$+"-"+S.$__$+S.$__$+S.$$_+S._$$+"-"+S.$$_$+S.$_$_+S.$$_$+S.$___+S.__$+S._$_+S.$$$$+S.$_$+S.$$_+S._$_+S.$__+S.$$_$将里面的S替换为$,如下:
$.$$$_+$.$__$+$.___+$.__$+$.$$$$+$.$$$_+$.$__$+$.__$+"-"+$.$_$$+$.$_$_+$.$$_$+$.$$_+"-"+$.$__+$.$_$_+$.$$$$+$.$$$+"-"+$.$__$+$.$__$+$.$$_+$._$$+"-"+$.$$_$+$.$_$_+$.$$_$+$.$___+$.__$+$._$_+$.$$$$+$.$_$+$.$$_+$._$_+$.$__+$.$$_$最后就是JJencode,在控制台中把上面这串密文加道alert();的jjencode密文后面或者直接套在alert();里面
JJencode在线加密:https://www.tooleyes.com/app/jjencode.html
alert($.$$$_+$.$__$+$.___+$.__$+$.$$$$+$.$$$_+$.$__$+$.__$+"-"+$.$_$$+$.$_$_+$.$$_$+$.$$_+"-"+$.$__+$.$_$_+$.$$$$+$.$$$+"-"+$.$__$+$.$__$+$.$$_+$._$$+"-"+$.$$_$+$.$_$_+$.$$_$+$.$___+$.__$+$._$_+$.$$$$+$.$_$+$.$$_+$._$_+$.$__+$.$$_$);
flag{e901fe91-bad6-4af7-9963-dad812f5624d}