2021 [线下]陇剑杯 wp

前言
1.1
1.2
1.3
1.4
1.5
3.1
3.3
4.1
4.2
5.1
5.2
Tip

前言

wp由EDI yanshu师傅投稿，感谢yanshu师傅。
部分题目为赛后复现。
部分题目复现方法由一些师傅提供解题思路，感谢。
题目附件获取方法在文章末尾。

1.1

导出对象发现 6.html 中有颜文字

解开后 alert(“EBA01E64-416C-419E-9C9A-C807AD9741D2”);

1.2

全局搜X-Forwarded-For，会发现它ip是五位的，答案长度为8，那么不需要标点，去掉最后一位，所以答案是 34244579

1.3

木马密码MD5值 161ebd7d45089b3446ee4e0d86dbcf92

1.4

找zip 文件，在173 流会看见一个压缩包

188 流中看见PK 头
对命令解码发现读取的文件就是 /tmp/1.zip

去掉混淆字符后提出文件，但是需要密码
主办方的提示好像是社工来着，觉得可能会是脑洞，就没找到

1.5

这题是把1.bin 和 2.bin 内容拼接
所以根据蚁剑读取文件的规则，把/tmp/1.bin 编码，找base64后的文件名会在哪出现
http contains “L3RtcC8xLmJpbg” 过滤一下，在234 流找到了

然后把前后混淆字符去掉得到答案
F3C4426E-8A4F-49F7-A658-2E33D85BA665

3.1

初赛机密内存的考点，线下有脚本就出了

https://github.com/axcheron/pyvmx-cracker

原文件名enc.bin

"key/list/(pair/(phrase/UmBuYyhuIW8%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3d0kVDY4OIuvr2WAG%2bo639Lw%253d%253d,,JV9HGrSxPYiDk%2bJYP0KxHqceNnA%2fB0vLXtXVmrUSGINNbFmXRCX5smPN3Ny0hTcjtSGVTOXie5xUK2HdJaj6NxmgyTtc38Xy80co%2f3swAflWoKvMFxRB86AtVqZZ7Sv%2fbUAjCwVUd7uplXhLUfdCk12BMY0%3d))"
"etHKaa2gijMJ4n3hP9NjN9uNnI10E96xhqVa1P30TCTHr8BUkALO6RiD7mJSzlpX7hX1TF23UV7zhXhvip/8tBaAZYBXFYJHcBEnfVWQ23VetQwm5y+l3K29U14Tpz2jQMC920wxA9joTKs67CaiqdGixKZF/TZ7Mvdm5zc60HaB9Yj/OI4KGdJEjVstAu9U6hryfTRC8MIANadKuRy2rwJR9EkMHyPwNTyQwsDgVPwkvE1evA6tB7Q7RmiWDSEJamCEfo/SaSuky4NIaaGaquczBmMkhphQ7zTmL6nhZYjClcCuWsuzCwGrAeVX3UTShJjmIkbq6w4GRuxvpjt8swV+BmgleU6UEQIFlyqFYvk1a2oe314FootRsJiS4XEW6ngkthe5hw053SfN/GP85RS/uIKsCH11vCrD2Ew029fgBq0yy1YeOZQ/QEYlwrKPtd0eRT83dbZJs/XzM+ehZpKVS+nfJdQjGOlROluXnj9VXBrEK/9MT9qyNca4xOpKKkjmmH+vMpqiZHFwjdRl3NUeiy0bh0hj4YeMAo7L0/Uk77A09E9jrNKnkZ2hILX1+yXbGLyvW9OdDhALGj4QaGNdkfPGDYwv7U6CrjoTlCMXDyZY0idFtPwn7NfdAviPjsDWZonDsILX7LjZDrUTkYvoceGKiSQFOUQ3NlI9c3fzaCRfrnxQ6wLncp0WV8HfFF5+FfLt8HgzYCdGx1d8itwGkvwgy/RtSazrAY88OtpInKAhBZgZfdN4paq5FFdWfWQnB5Rjq20FuUzlv5TUfAUkBalO0zJhQl97R6REHoc5kLK9NxWMQJQ5H/B4/pEifTVSxo5QTLt+xsvWlxo7WnVhZGmdvqNgocLn8l4KzcNKxx7wlzMqWtjSYH6ocBk+atbR1dRNEEYH6ii0ZKdOo0ujlXk0HFUCNozR06WMv1zPQqDaHh2wQaqevX/rFEfWE0P0McISpxW0DMeEjsA3j6YLACcE14GadaGAUc7PrOFMPsPujdhAWjv9KvO8/H0rgkPDza0Tu6yUFBVb6tXhri3t2XtlWuuivU/W8sfh/+MUYXddU/1hUqV/qZ3dgxWYlunywMlBeT1TKKtJQTeq5zmILRy0tKvBU2fsQYuElRVpXWXeMsVDLnCvH+Kr+2MR8MfHt1LG+/OOWRmFe2M12zTIX1m4KZHdB1B+fIHBVC2AKD1e2DAMFjDyccCsB1unyDl07LpVpnrC45Iysbj+iwWT/++exiDR1cntMd/4NgzDbJlWlcjCZNvfPsjvyQznqdUdXy00YivLXrQxwyK8D6PStzIsH5kY/P+08G/KzW7EbT3LWFBT72VPYNAAf3EeL2nM40AyUOU5jfVzAC3WZKAzBwb+B7ZB43LfNzNL83E4G/BAh0onWSlFDzf+oS5wFw/qd7TVjjPYdkZ4D6or3fD+lHLlpkMzROlGuJgQeTpF8A89WMWQpkokbxGVWhunbz7t6hMLdQ507mf/uIQu75eczxTDG0rNvkptX1IJUBXYeh34xRmn/RVzLB55WLsbrrcKyQ9xjHrlrUyCsE9jaJh5AvqNbEC6pPsjnnXcb8mzZXwc876QDuwPZsLGJJ+FZwEpQ1TS89Rwt/MoZdDYlGu/J1AXnYf4fB/9EvAH1rzpyH6m1tSqlCdbPt4pfCO3QGydXVyzfNAARh7wD6KIMlYRja9pDj++OxSfLgQgaSW8u+pJ2q09rYJcGxg7HZEJnt35nlMb3wgCsptw+iSMbUdgr++ApX3fQWBkzAvSb4EjH95bNF0U7E8nkc9M9tcalOYb+EPThSdxgi8iFGP0b+DWHrF5BJQm9mzmntraOSNmnpAAORGW3F4XLmcRN+w3Gm2StQvHWF1td1wtIzHSRHoxSwcVR15Z7IPT4Zi/YU45SLO3xbnL2SlUu0/uaj7kHMqpIYyXdAYi+aeGpl5w+mQjb603Z/L/OZvzkn30RE8IrdBqB+bDl+c7opsu9TBssPV4hO+VWOtswMPSvk4TWn0/57HhSAMwFP5K/mDcW4gYEinHS10tkC7+ssHWUDMDzPmN8FH3JS8YxLJ754M5BF0H3fnTCUylvaXq3oLnHJrzbq+sGNZf9KUsefer/Qh5rWTYgJ0cG73KLQ0KFNaMZdbhJ/IYFI9RMKVyS+yKrD08GqvzyOdjjLThx9Tzbj/E/IAJyw1mQzbi5abrst957zSEzNyJXrFHisjteX56o1YAWNVteqYjSD6GuG6b1QBP0hPLElbc8mjNsF0anuy2EETHO5GRqOIiDEwZIQFLYGfDS09aWXXxOLV7Mqoj8VZ+xkRUuxJwhd8hfEeyQsB3U/hhJTXTFKHWOIwZW7fKK46ZNQPVFR0aaYNxJX9l/BHz3QtUV+PSMZkhcUzd7UjpGOyrVFSgz7kDZN2oeCc/LaH+fJEkLhslUvRf4hZNG+O6zpmt1IB00Jc417l2tpnWlnUyxhIzNdLd5xnRztIUmdKG4dj1mRUUf2JMLZiZMTCys2noq1DweOHSyEh+jzSPjz3QMlZNJcwZ3X8EIb9AV0e7nyyliBZ6Qs1OXQLYTo8ada3uNU+aCTQTlymrFDLWX5RinknPzzDGipX/yMLnkVcZSy7UdIUNviJNyzQzoxKg24DpPibTo0v5eGWMgtG7tp8Bk23Ih1TYOlHdMvnoEGTdskWRBWWPsapUiYbu5T7plRfghtcVkEOv4F1OW6058cSohS5TLFK/aqyfSxl/zKGCuZQhhWbYJSObIHvvLoT+lw2Vm4vqrIXBkJ3jLl0BiNy8AtnVWB1kgA/9+xTUFXpS8LUCApdq/52/VluCbXb4y8e7Soa3HCdmrVUVt/vpGkqCIxRmKrKvibUztbwQfBxCZWuf5NFAubxGnPXx2dyo6Edhz+aZ2bs9BS1pEWhsCurW4t8Zg50lZ3jVhJFaht8iLdH3VOYqUmYs0+gk5yzsvBQ426H1Z0EK0TaPxhEbSKtT1pEPcJ5Y+oNCOKIYZFIhgVqX+GcY+xj1GKbvmGKIo3f94HUxmK/Wv8vJb756mzuRqz75qoFjftOG9XpcpAUtuVyFLa4tzCKhekSetmfA84q2PZ4cjOnva8rAkPCd83qMhcBZnXDOcXWlQEcom9C+S26qqM+5e9AQKceBrtWK56iMTGQloylqck+SnwPAQvb5EAdPS5OuzBPjZrogsX0CZihiMiykX9YOLbuI1YeVz5WYFcKQEYc5cIWpM7n0PHyFqyOaNP14tKaiB1Z2SP3xJFek4U0OHxhjPNdPmRDSNy+owAL+d5MR2f71X7CQwVAm1U0PZ/YB6bsTSM3XoIFPUylWR+hPVBCO2wKuTze7wEgIqVa6LhrUbelnRUy9G0QzZ2X9NKj/mDFuvN3RSodxFI2bArCupjtVzLVQgySQkkhReH3Yfjm0bRk0CPCYH6MpeugzolTPOOZL4F8h0wuq5YMSq+Yg1ZRnVWcbyiESJ9DFiNIhTThxbswtMeGAF4feGxYr56sU70gJN21FMfai8A7vHPQrpMkrJCULOeMjqE0Ys9tyzRcryr2MfvxxoQAvCLpyhTzWMPTvaCbKW8eq9b15vblaYb2kR8H7A/E3N7w7IFPLM6ZmNT8d/AIKTxn/theEhwZXghPD/HONBr4wNEdVYKRZx0Ckr6NqgpfvPv87O0ad4OyFXL1G2avCrP+r8wLtfZ4ZvHSqIXIyR8ZHUkfZR+7ePl6nD1YGzUQo8OEd+7MIBGMmGW6MuiF4WQskycp9QncuadzIhUxGcbvQAOyF8YBSga/FfMntT1cAQNAfWASxGeg/ihBFPGmgD4atgN+gaYPilaCs0odJSEF/XXkA9ed3AnA3H0kChvX9s0AZoQ=="

参考 pyvmx-cracker 上的readme 可知文件类型是 vmx

3.3

将格式改一下

.encoding = "UTF-8"
displayName = "Encrypted"
encryption.keySafe = "vmware:key/list/(pair/(phrase/UmBuYyhuIW8%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3d0kVDY4OIuvr2WAG%2bo639Lw%253d%253d,,JV9HGrSxPYiDk%2bJYP0KxHqceNnA%2fB0vLXtXVmrUSGINNbFmXRCX5smPN3Ny0hTcjtSGVTOXie5xUK2HdJaj6NxmgyTtc38Xy80co%2f3swAflWoKvMFxRB86AtVqZZ7Sv%2fbUAjCwVUd7uplXhLUfdCk12BMY0%3d))"
encryption.data = "etHKaa2gijMJ4n3hP9NjN9uNnI10E96xhqVa1P30TCTHr8BUkALO6RiD7mJSzlpX7hX1TF23UV7zhXhvip/8tBaAZYBXFYJHcBEnfVWQ23VetQwm5y+l3K29U14Tpz2jQMC920wxA9joTKs67CaiqdGixKZF/TZ7Mvdm5zc60HaB9Yj/OI4KGdJEjVstAu9U6hryfTRC8MIANadKuRy2rwJR9EkMHyPwNTyQwsDgVPwkvE1evA6tB7Q7RmiWDSEJamCEfo/SaSuky4NIaaGaquczBmMkhphQ7zTmL6nhZYjClcCuWsuzCwGrAeVX3UTShJjmIkbq6w4GRuxvpjt8swV+BmgleU6UEQIFlyqFYvk1a2oe314FootRsJiS4XEW6ngkthe5hw053SfN/GP85RS/uIKsCH11vCrD2Ew029fgBq0yy1YeOZQ/QEYlwrKPtd0eRT83dbZJs/XzM+ehZpKVS+nfJdQjGOlROluXnj9VXBrEK/9MT9qyNca4xOpKKkjmmH+vMpqiZHFwjdRl3NUeiy0bh0hj4YeMAo7L0/Uk77A09E9jrNKnkZ2hILX1+yXbGLyvW9OdDhALGj4QaGNdkfPGDYwv7U6CrjoTlCMXDyZY0idFtPwn7NfdAviPjsDWZonDsILX7LjZDrUTkYvoceGKiSQFOUQ3NlI9c3fzaCRfrnxQ6wLncp0WV8HfFF5+FfLt8HgzYCdGx1d8itwGkvwgy/RtSazrAY88OtpInKAhBZgZfdN4paq5FFdWfWQnB5Rjq20FuUzlv5TUfAUkBalO0zJhQl97R6REHoc5kLK9NxWMQJQ5H/B4/pEifTVSxo5QTLt+xsvWlxo7WnVhZGmdvqNgocLn8l4KzcNKxx7wlzMqWtjSYH6ocBk+atbR1dRNEEYH6ii0ZKdOo0ujlXk0HFUCNozR06WMv1zPQqDaHh2wQaqevX/rFEfWE0P0McISpxW0DMeEjsA3j6YLACcE14GadaGAUc7PrOFMPsPujdhAWjv9KvO8/H0rgkPDza0Tu6yUFBVb6tXhri3t2XtlWuuivU/W8sfh/+MUYXddU/1hUqV/qZ3dgxWYlunywMlBeT1TKKtJQTeq5zmILRy0tKvBU2fsQYuElRVpXWXeMsVDLnCvH+Kr+2MR8MfHt1LG+/OOWRmFe2M12zTIX1m4KZHdB1B+fIHBVC2AKD1e2DAMFjDyccCsB1unyDl07LpVpnrC45Iysbj+iwWT/++exiDR1cntMd/4NgzDbJlWlcjCZNvfPsjvyQznqdUdXy00YivLXrQxwyK8D6PStzIsH5kY/P+08G/KzW7EbT3LWFBT72VPYNAAf3EeL2nM40AyUOU5jfVzAC3WZKAzBwb+B7ZB43LfNzNL83E4G/BAh0onWSlFDzf+oS5wFw/qd7TVjjPYdkZ4D6or3fD+lHLlpkMzROlGuJgQeTpF8A89WMWQpkokbxGVWhunbz7t6hMLdQ507mf/uIQu75eczxTDG0rNvkptX1IJUBXYeh34xRmn/RVzLB55WLsbrrcKyQ9xjHrlrUyCsE9jaJh5AvqNbEC6pPsjnnXcb8mzZXwc876QDuwPZsLGJJ+FZwEpQ1TS89Rwt/MoZdDYlGu/J1AXnYf4fB/9EvAH1rzpyH6m1tSqlCdbPt4pfCO3QGydXVyzfNAARh7wD6KIMlYRja9pDj++OxSfLgQgaSW8u+pJ2q09rYJcGxg7HZEJnt35nlMb3wgCsptw+iSMbUdgr++ApX3fQWBkzAvSb4EjH95bNF0U7E8nkc9M9tcalOYb+EPThSdxgi8iFGP0b+DWHrF5BJQm9mzmntraOSNmnpAAORGW3F4XLmcRN+w3Gm2StQvHWF1td1wtIzHSRHoxSwcVR15Z7IPT4Zi/YU45SLO3xbnL2SlUu0/uaj7kHMqpIYyXdAYi+aeGpl5w+mQjb603Z/L/OZvzkn30RE8IrdBqB+bDl+c7opsu9TBssPV4hO+VWOtswMPSvk4TWn0/57HhSAMwFP5K/mDcW4gYEinHS10tkC7+ssHWUDMDzPmN8FH3JS8YxLJ754M5BF0H3fnTCUylvaXq3oLnHJrzbq+sGNZf9KUsefer/Qh5rWTYgJ0cG73KLQ0KFNaMZdbhJ/IYFI9RMKVyS+yKrD08GqvzyOdjjLThx9Tzbj/E/IAJyw1mQzbi5abrst957zSEzNyJXrFHisjteX56o1YAWNVteqYjSD6GuG6b1QBP0hPLElbc8mjNsF0anuy2EETHO5GRqOIiDEwZIQFLYGfDS09aWXXxOLV7Mqoj8VZ+xkRUuxJwhd8hfEeyQsB3U/hhJTXTFKHWOIwZW7fKK46ZNQPVFR0aaYNxJX9l/BHz3QtUV+PSMZkhcUzd7UjpGOyrVFSgz7kDZN2oeCc/LaH+fJEkLhslUvRf4hZNG+O6zpmt1IB00Jc417l2tpnWlnUyxhIzNdLd5xnRztIUmdKG4dj1mRUUf2JMLZiZMTCys2noq1DweOHSyEh+jzSPjz3QMlZNJcwZ3X8EIb9AV0e7nyyliBZ6Qs1OXQLYTo8ada3uNU+aCTQTlymrFDLWX5RinknPzzDGipX/yMLnkVcZSy7UdIUNviJNyzQzoxKg24DpPibTo0v5eGWMgtG7tp8Bk23Ih1TYOlHdMvnoEGTdskWRBWWPsapUiYbu5T7plRfghtcVkEOv4F1OW6058cSohS5TLFK/aqyfSxl/zKGCuZQhhWbYJSObIHvvLoT+lw2Vm4vqrIXBkJ3jLl0BiNy8AtnVWB1kgA/9+xTUFXpS8LUCApdq/52/VluCbXb4y8e7Soa3HCdmrVUVt/vpGkqCIxRmKrKvibUztbwQfBxCZWuf5NFAubxGnPXx2dyo6Edhz+aZ2bs9BS1pEWhsCurW4t8Zg50lZ3jVhJFaht8iLdH3VOYqUmYs0+gk5yzsvBQ426H1Z0EK0TaPxhEbSKtT1pEPcJ5Y+oNCOKIYZFIhgVqX+GcY+xj1GKbvmGKIo3f94HUxmK/Wv8vJb756mzuRqz75qoFjftOG9XpcpAUtuVyFLa4tzCKhekSetmfA84q2PZ4cjOnva8rAkPCd83qMhcBZnXDOcXWlQEcom9C+S26qqM+5e9AQKceBrtWK56iMTGQloylqck+SnwPAQvb5EAdPS5OuzBPjZrogsX0CZihiMiykX9YOLbuI1YeVz5WYFcKQEYc5cIWpM7n0PHyFqyOaNP14tKaiB1Z2SP3xJFek4U0OHxhjPNdPmRDSNy+owAL+d5MR2f71X7CQwVAm1U0PZ/YB6bsTSM3XoIFPUylWR+hPVBCO2wKuTze7wEgIqVa6LhrUbelnRUy9G0QzZ2X9NKj/mDFuvN3RSodxFI2bArCupjtVzLVQgySQkkhReH3Yfjm0bRk0CPCYH6MpeugzolTPOOZL4F8h0wuq5YMSq+Yg1ZRnVWcbyiESJ9DFiNIhTThxbswtMeGAF4feGxYr56sU70gJN21FMfai8A7vHPQrpMkrJCULOeMjqE0Ys9tyzRcryr2MfvxxoQAvCLpyhTzWMPTvaCbKW8eq9b15vblaYb2kR8H7A/E3N7w7IFPLM6ZmNT8d/AIKTxn/theEhwZXghPD/HONBr4wNEdVYKRZx0Ckr6NqgpfvPv87O0ad4OyFXL1G2avCrP+r8wLtfZ4ZvHSqIXIyR8ZHUkfZR+7ePl6nD1YGzUQo8OEd+7MIBGMmGW6MuiF4WQskycp9QncuadzIhUxGcbvQAOyF8YBSga/FfMntT1cAQNAfWASxGeg/ihBFPGmgD4atgN+gaYPilaCs0odJSEF/XXkA9ed3AnA3H0kChvX9s0AZoQ=="

python3 pyvmx-cracker.py -v enc.vmx -d 字典.txt

把默认字典换了

4.1

泄露的信息 (盲注flag)
QL盲注的流量被base64 编码了，wireshark 过滤出盲注流量

http contains "id=LTE2MTAgT1IgKE9SRChNSUQoKFNFTEVDVCBJRk5VTEwoQ0FTVChmbGFnIEFTIENIQVIpLDB4MjApIEZST00gY3RmX3Rlc3QuZmxhZyBPUkRFUiBCWSBJZCBMSU1JVCAwL"

用tshark 过滤出流量到txt中，解base64

tshark -r http.pcapng -T fields -e http.request.uri.query.parameter > data.txt

二分法SQL注入流量，最后半小时手动拼接没拼对，还错了两回
赛后拍的别的师傅的正确的flag

4.2

webshell 命令
rot13 解开混淆后，查看混淆字符，去掉前后混淆字符后回显就可以解开了

&hcd2b0e72ddf36=Y2QgL2QgIkM6L2N0ZiImd2hvYW1pJmVjaG8gW1NdJmNkJmVjaG8gW0Vd
=>  cd /d "C:/ctf"&whoami&echo [S]&cd&echo [E]
&w53596b0408df4=Y21k
=> cmd

最后三个流对应三个系统命令

config.exe#ipconfig#whoami

5.1

win10 的内存结构有点不太一样，线下只有vol2 的我们只能罚座
后面发现取证大师的解析工具可以解析内存，但是无法导出注册表。

用vol3 去查看注册表

python3 vol.py -f mem_sec.vmem windows.registry.printkey --offset 0x8084ac206000 --key "Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" | grep BackupProductKeyDefault

2021-09-10 16:29:33.000000      0x8084ac206000inREG_SZ  \SystemRoot\System32\Config\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform   BackupProductKeyDefault "F48BJ-8NX82-MRVY9-PF8BW-HMHY2" False

产品密钥为 F48BJ-8NX82-MRVY9-PF8BW-HMHY2

5.2

vol2 打不开内存镜像
用 Magent AXIOM 跑，选了Win10x64 就打开了
匿名邮箱:
https://mail.td/zh

Tip

关注公众号回复【2021陇剑杯】获取附件
你是否想要加入一个安全团
拥有更好的学习氛围？
那就加入EDI安全，这里门槛不是很高，但师傅们经验丰富，可以带着你一起从基础开始，只要你有持之以恒努力的决心
EDI安全的CTF战队经常参与各大CTF比赛，了解CTF赛事，我们在为打造安全圈好的技术氛围而努力，这里绝对是你学习技术的好地方。这里门槛不是很高，但师傅们经验丰富，可以带着你一起从基础开始，只要你有持之以恒努力的决心，下一个CTF大牛就是你。

欢迎各位大佬小白入驻，大家一起打CTF，一起进步。

我们在挖掘，不让你埋没！

你的加入可以给我们带来新的活力，我们同样也可以赠你无限的发展空间。
有意向的师傅请联系邮箱root@edisec.net（带上自己的简历，简历内容包括自己的学习方向，学习经历等）

2021 [线下]陇剑杯 wp相关推荐

[第五空间 2021]签到题[陇剑杯 2021]签到
flag: NSSCTF{welcometo5space} 1.该数据包分析过后使用http服务进行攻击 1.将编码放入十六进制编辑器进行查看得到下一串密文 2.使用base64解密得到flag
[陇剑杯2021] 复现
签到此时正在进行的可能是__________协议的网络攻击.(如有字母请全部使用小写,填写样例:http.dns.ftp) NSSCTF{http} jwt-1 昨天,单位流量系统捕获了黑客攻击流量 ...
2021陇剑杯线下记录
很久没有发博客了,之前写都是存笔记,但这次觉得有必要发一下,题目也分享一下,自我感受收获挺大的一次比赛. 第一次线下做修复的题目,赛前一直以为陇剑线下只有rhg赛道的pwn和一些流量分析题目,结果还出 ...
2021陇剑杯部分wp
2021陇剑杯全是流量分析.麻了.只做了一部分. 参考链接陇剑杯个人 'WriteUp'-魔法少女雪殇 (snowywar.top) 陇剑杯Writeup(部分) - 惊觉 (leheaveng ...
首届“陇剑杯”网络安全大赛线上赛圆满结束
9月14日,集结了各行业领域3020支战队.11135名网络安全精英的首届"陇剑杯"网络安全大赛线上赛圆满结束,成功拉开将于9月25日在甘肃兰州新区举行的总决赛战幕.届时,涵盖网络 ...
[2021首届“陇剑杯”网络安全大赛决赛]内存取证writeup
决赛不能联网-手上有只有vol2.6,这道题完全死了文章目录 [2021首届"陇剑杯"网络安全大赛决赛]内存取证 writeup 产品密钥匿名邮箱远控后门数据清除时间 [ ...
[2021首届“陇剑杯”网络安全大赛] webshell
[2021首届"陇剑杯"网络安全大赛] webshell 题目描述单位网站被黑客挂马,请您从流量中分析出webshell,进行回答: 1.黑客登录系统使用的密码是___Admin ...
AAAI 2021线下论文预讲会讲者征集
厌倦了线上开会?期待一场面对面的线下学术交流? 想和业界技术大咖.学界专家学者面对面交流前沿热点? 这样的机会来了! 中国中文信息学会青工委拟于12月19日在北京举行AAAI 2021线下论文预讲会( ...
【CTF大赛】陇剑杯-机密内存-解题过程分析
前言机密内存这道题是陇剑杯中的压轴题,题目中涉及到使用VMware加密功能进行加密的内存镜像,难度极大.我在这里详细的记录一下解题思路和过程,如有错误或疏漏的地方还请大佬们在评论区指出. 题目初探 ...

2021 [线下]陇剑杯 wp

2021 [线下]陇剑杯 wp

前言

1.1

1.2

1.3

1.4

1.5

3.1

3.3

4.1

4.2

5.1

5.2

Tip

2021 [线下]陇剑杯 wp相关推荐

最新文章

热门文章