PolarCTF网络安全2024夏季个人挑战赛
WRITE UP
参赛人员: |
楚颖i |
PolarCTF网络安全个人挑战赛组委会 制
目录
第一部分:MISC
1-1 祺贵人告发
Png图片尾藏zip,foremost提取得到加密压缩包 爆破得到密码1574 flag{3bb6fa896968f804033fb85af5576762} |
1-2 费眼睛的flag
典题 字体选择加粗,背景填充黑色 flag{4d58a180010fcce87d331c9ba36e3b93} |
1-5 你耳机听什么
本题思路如下: 三个zip 第一个: https://qr61.cn/oLHDAn/qYdgRdp 下载得到代码第一部分 第二个: 压缩包备注102 49 64 57 105 36 72 101 114 69 ascll转字符 密码f1@9i$HerE Word改颜色 Base64解码得到第二部分代码 第三个 备注steghide Stegseek爆破一下 得到第三部分代码 完整代码 #include <iostream> #include <Windows.h> #pragma comment(lib,"winmm.lib") using namespace std; enum Scale { Rest = 0, C8 = 108, B7 = 107, A7s = 106, A7 = 105, G7s = 104, G7 = 103, F7s = 102, F7 = 101, E7 = 100, D7s = 99, D7 = 98, C7s = 97, C7 = 96, B6 = 95, A6s = 94, A6 = 93, G6s = 92, G6 = 91, F6s = 90, F6 = 89, E6 = 88, D6s = 87, D6 = 86, C6s = 85, C6 = 84, B5 = 83, A5s = 82, A5 = 81, G5s = 80, G5 = 79, F5s = 78, F5 = 77, E5 = 76, D5s = 75, D5 = 74, C5s = 73, C5 = 72, B4 = 71, A4s = 70, A4 = 69, G4s = 68, G4 = 67, F4s = 66, F4 = 65, E4 = 64, D4s = 63, D4 = 62, C4s = 61, C4 = 60, B3 = 59, A3s = 58, A3 = 57, G3s = 56, G3 = 55, F3s = 54, F3 = 53, E3 = 52, D3s = 51, D3 = 50, C3s = 49, C3 = 48, B2 = 47, A2s = 46, A2 = 45, G2s = 44, G2 = 43, F2s = 42, F2 = 41, E2 = 40, D2s = 39, D2 = 38, C2s = 37, C2 = 36, B1 = 35, A1s = 34, A1 = 33, G1s = 32, G1 = 31, F1s = 30, F1 = 29, E1 = 28, D1s = 27, D1 = 26, C1s = 25, C1 = 24, B0 = 23, A0s = 22, A0 = 21 }; enum Voice { X1 = C2, X2 = D2, X3 = E2, X4 = F2, X5 = G2, X6 = A2, X7 = B2, L1 = C3, L2 = D3, L3 = E3, L4 = F3, L5 = G3, L6 = A3, L7 = B3, M1 = C4, M2 = D4, M3 = E4, M4 = F4, M5 = G4, M6 = A4, M7 = B4, H1 = C5, H2 = D5, H3 = E5, H4 = F5, H5 = G5, H6 = A5, H7 = B5, LOW_SPEED = 500, MIDDLE_SPEED = 400, HIGH_SPEED = 300, _ = 0XFF }; void Wind() { HMIDIOUT handle; midiOutOpen(&handle, 0, 0, 0, CALLBACK_NULL); // midiOutShortMsg(handle, 2 << 8 | 0xC0); int volume = 0x7f; int voice = 0x0; int sleep = 350; int wind[] = { 500, L6, 700, M1, 700, M5, 700, M1, 700, L4, 700, L5, 700, M5, 700, M1, 500, L1, 400, L5, M5, M1, L1, M5, L7, M5, _, L6, M1, M5, M1, L4, L5, M5, M1, L1, L5, M5, M1, L1, M5, L7, M5, _, _, _, 300, M5, M5, M1, _, M1, _, M2, M3, _, _, M5, M5, M1, M1, M2, M3, 0, M2, M1, _, _, _, 500, 300, 300, M5, M5, M1, _, M1, _, M2, M3, _, 500, M3, _, 300, M2, M3, M4, M3, M2, M4, M3, M2, _, 500, 300, 300, L5, M1, M1, M3, M4, M3, M2, _, M1, M2, _, 300, M3, M3, M3, M3, _, M2, M3, M2, M1, 300, 400, L5, M1, _, M2, M3, M4, M3, M2, M1, M2, _, M3, M3, M3, M3, 0, M2, M3, 0, M2, M1, _, _, 500, 300, 300, L7, 300, M1, 300, M1, 300, M1, 300, M1, L7, M1, M1, _, _, M1, M1, M1, L7, M1, M1, _, _, M1, M1, M1, L7, M1, M1, _, M1, M1, M1, M5, M5, M5, _, M5, M5, M5, M5, 0, M5, M5, _, _, _, 500, 300, 300, M5, M5, M5, _, M5, M4, M3, M3, 0, 500, 300, _, _, _, 300, M1, M1, M1, M1, L6, _, L7, M1, M5, M4, M3, M1, M1, _, _, 300, M1, M1, M1, M1, _, M3, M1, _, _, L6, L7, M1, M5, M4, M3, M1, M2, _, _, _, 400, _, _, _, _, M3, M2, M4, M3, _, _, M1, M5, M7, L7, M7, M5, M1, _, _, M1, M6, M6, _, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, 400, M3, M4, M5, M3, _, _, M4, M5, M7, H2, M7, H1, H1, _, _, 400, H1, H1, M5, M5, M6, M5, M4, _, M2, M3, M4, M5, M6, M1, M6, _, 0, M7, M7, _, _, 500, 300, 400, M3, M2, M4, M3, _, M1, M5, M7, H1, M7, M1, M1, _, M1, M6, M6, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, 400, M3, M4, M5, M3, _, M4, M5, M7, H2, M7, H1, H1, _, _, 400, H1, H1, M5, M5, M6, M5, M4, M2, M3, M4, M5, M6, M1, M6, M7, _, M7, _, _, 300, M3, M2, M4, M3, _, M1, M5, M7, H1, M7, H2, H1, _, _, 300, M1, M6, M6, _, M6, M5, M5, _, M5, M4, M3, M2, M3, M4, M3, _, _, _, 300, M3, M4, M5, M3, _, M4, M5, M7, H2, M7, H1, H1, _, _, 500, H1, H1, M5, M5, M6, M5, M4, L6, L7, M1, M2, M3, M2, _, _, 500, M3, _, M1, _, _, _, }; for (auto i: wind) { if (i == 0) {sleep = 175;continue;} if (i == 700) {Sleep(175);continue;} if (i == 300) {sleep = 350;continue;} if (i == _) { Sleep(350); continue; } // if (i == 900) volume += 100; voice = (volume << 16) + ((i) << 8) + 0x90; midiOutShortMsg(handle, voice); cout << voice << endl; Sleep(sleep); // midiOutShortMsg(handle, 0x7BB0); } midiOutClose(handle); } int main() { Wind(); return 0; } Dev手动链接一下库 听一下歌,结合第三个zip图片,周杰伦的晴天 flag{cbbe546304037478ce0c36437d036711} |
第二部分:CRYPTO
2-1 pici
本题思路如下: 5paw5L2b5puw77ya6Ku45q+Y6Zq45YOn6ZmN5ZC96Ku45q+Y6ZmA5q+Y5pGp5q+Y6Zq45YOn57y96Jap5q+Y6aGY5q+Y5YOn6aGY5ZKk6aGY5q+Y5rOi5Zqk5q+Y6ZeN6aGY6ZeN5q+Y5Zqk5Zia5L+u5q+Y6Zq45amG6Zq45q+Y5L+u6Kum5b2M5ZOG5oSN6IGe5q+Y5amG6aCI6aCI55y+5q+Y6I6K5b+D6ZmN55y+6Jap5q+Y5ZOG5oWn5Y+75ZKk6ZeN6aGY5YWc5q+Y5Zqk5q+Y5aaCCg== Base64:新佛曰:諸毘隸僧降吽諸毘陀毘摩毘隸僧缽薩毘願毘僧願咤願毘波嚤毘闍願闍毘嚤嘚修毘隸婆隸毘修諦彌哆愍聞毘婆須須眾毘莊心降眾薩毘哆慧叻咤闍願兜毘嚤毘如 新约佛论禅:huanyinglaidaowangzherongyao flag{39c6acff08d543f5cb892bdbbdc2841f} |
2-2 翻栅栏
本题思路如下: 第一个txt是兽音译者编码 第二个txt给了栅栏的key flag{d531d5be4f3737afa979a0f77dd8b180} |
2-3 Hello
本题思路如下: m = 7269767679 flag{124198634960} |
第三部分:WEB
3-2 审计
本题思路如下: 拿自己笔记过 flag{1bc29b36f623ba82aaf6724fd3b16718} |
3-3 扫扫看
本题思路如下: 御剑开扫,ctrl u 源码 flag{094c9cc14068a7d18ccd0dd3606e532f} |
3-4 debudao
本题思路如下: Ctrl u有个假flag 真正flag在cookie里 flag{72077a55w312584wb1aaa88888cd41af} |
3-5 Dragon
本题思路如下: 懵逼,又是cookie flag{72077a551386b19fb1aea77814cd41af} |
3-7 你知道sys还能这样玩吗
本题思路如下: |
第四部分:REVERSE
4-1 crc
本题思路如下: 喂给gpt Exp: import zlib flag{ezrebyzhsh} |