[CTF]-HECTF2021部分复现
2024-06-01 11:18:25
HECTF2021部分复现
- MISC
- 快来公众号ya
- JamesHarden
- 捉迷藏
- 迷途的狗狗
- snake
- CRYPTO
- 签到
- encode
- RSA_e_n
- re_rsa
- LittleRSA
- Web
- mmmmd5d5d5d5
- EDGnb(签到)
- 时光塔的宝藏
- ez_py
- LFI_RCE
- 反序列化
- 总结
MISC
快来公众号ya
关注公众号回复即可
JamesHarden
拖到010 PK开头 修改拓展名.rar
解压文件拖进010发现变异flag
URPGS{Jr1p0zr_G0_U3pg6_!}
凯撒解密 位移13
HECTF{We1c0me_T0_H3ct6_!}
捉迷藏
打开.docx发现一串JSfuck
复制进入Firefox控制台进行解密
HECTF{dfdfj234kflfj3fadfdsv}
迷途的狗狗
解压.zip有密码,直接爆破
报错,提示版本号有问题
进010修改版本信息
保存之后用win rar修复压缩包,之后再爆破
142345
解压得到一只小金毛
然后分离图片得到flag
HECTF{fdskx938fxfsafx}
snake
打开题目是.exe,猜测是反编译逆向
使用工具python-exe-unpacker-masterb逆向
py .\pyinstxtractor.py .\snake.exe
生成新的文件夹 打开找到
struct
snake
分别用010打开文件
把struct的文件头复制到 snake的文件头
然后保存文件,设置后缀名为.pyc
用uncompyle6进行下一步
pip install uncompyle6
然后配置环境变量
%python_home%\Scripts\
我的环境是
所以
配置好之后就可以直接用了
$ uncompyle6 --help
uncompyle6 .\snake.exe //直接查看文件内容uncompyle6 -o . .\snake.py .\snake.pyc //把文件内容转到 .py文件中
#文件内容
# uncompyle6 version 3.7.4
# Python bytecode 3.7 (3394)
# Decompiled from: Python 3.8.5 (tags/v3.8.5:580fbb0, Jul 20 2020, 15:43:08) [MSC v.1926 32 bit (Intel)]
# Embedded file name: snake.py
# Compiled at: 1995-09-28 00:18:56
# Size of source mod 2**32: 272 bytes
import pygame, sys, random
SCREEN_X = 700
SCREEN_Y = 700class Snake(object):def __init__(self):self.dirction = pygame.K_RIGHTself.body = []for x in range(5):self.addnode()def addnode(self):left, top = (0, 0)if self.body:left, top = self.body[0].left, self.body[0].topelse:node = pygame.Rect(left, top, 20, 20)if self.dirction == pygame.K_LEFT:node.left -= 20else:if self.dirction == pygame.K_RIGHT:node.left += 20else:if self.dirction == pygame.K_UP:node.top -= 20else:if self.dirction == pygame.K_DOWN:node.top += 20self.body.insert(0, node)def delnode(self):self.body.pop()def isdead(self):if self.body[0].x not in range(SCREEN_X):return Trueif self.body[0].y not in range(SCREEN_Y):return Trueif self.body[0] in self.body[1:]:return Truereturn Falsedef move(self):self.addnode()self.delnode()def changedirection(self, curkey):LR = [pygame.K_LEFT, pygame.K_RIGHT]UD = [pygame.K_UP, pygame.K_DOWN]if curkey in LR + UD:if curkey in LR:if self.dirction in LR:returnif curkey in UD:if self.dirction in UD:returnself.dirction = curkeyclass Food:def __init__(self):self.rect = pygame.Rect(-20, 0, 20, 20)def remove(self):self.rect.x = -20def set(self):if self.rect.x == -20:allpos = [(220, 620), (140, 580), (380, 280), (320, 260), (440, 500), (320, 100), (420, 240), (380, 260), (160, 280), (480, 460), (340, 260), (420, 580), (140, 460), (180, 380), (60, 160), (200, 100), (320, 620), (120, 540), (360, 480), (420, 460), (100, 40), (280, 100), (60, 60), (100, 480), (20, 60), (100, 80), (500, 320), (300, 500), (60, 320), (560, 220), (400, 100), (360, 20), (460, 380), (100, 400), (100, 500), (400, 60), (520, 320), (160, 60), (480, 440), (360, 600), (140, 540), (520, 220), (500, 220), (80, 60), (520, 280), (260, 60), (320, 320), (320, 240), (460, 280), (580, 20), (140, 80), (40, 240), (420, 420), (100, 440), (180, 60), (140, 420), (220, 400), (440, 300), (240, 380), (420, 480), (360, 260), (460, 320), (160, 100), (260, 80), (520, 40), (200, 260), (360, 580), (100, 380), (80, 620), (360, 620), (340, 440), (200, 60), (200, 300), (20, 500), (400, 20), (120, 620), (540, 220), (240, 420), (320, 200), (60, 300), (260, 320), (300, 580), (160, 480), (140, 200), (100, 420), (420, 20), (360, 500), (240, 500), (140, 620), (260, 620), (100, 100), (540, 60), (420, 380), (240, 400), (60, 180), (480, 380), (40, 500), (560, 320), (320, 280), (260, 280), (160, 540), (300, 440), (60, 200), (560, 280), (240, 260), (200, 280), (180, 500), (100, 20), (540, 20), (320, 300), (80, 600), (380, 200), (20, 40), (440, 580), (580, 60), (420, 400), (140, 60), (120, 440), (520, 20), (260, 40), (320, 220), (360, 560), (100, 460), (200, 20), (80, 520), (60, 500), (300, 600), (520, 60), (420, 260), (260, 260), (140, 100), (380, 240), (160, 300), (500, 260), (400, 540), (560, 60), (480, 400), (380, 320), (400, 80), (580, 500), (240, 480), (160, 600), (440, 380), (540, 280), (160, 620), (380, 20), (460, 440), (400, 620), (400, 40), (300, 480), (420, 560), (20, 20), (500, 280), (300, 100), (60, 280), (360, 200), (240, 460), (520, 100), (340, 200), (500, 300), (440, 20), (420, 300), (240, 620), (140, 20), (300, 20), (420, 280), (20, 80), (220, 500), (320, 20), (60, 260), (300, 460), (200, 320), (520, 80), (140, 40), (420, 440), (60, 220), (480, 480), (180, 20), (180, 100), (320, 440), (160, 580), (80, 560), (360, 460), (100, 60), (120, 580), (420, 320), (560, 20), (300, 620), (40, 60), (360, 440), (420, 500), (60, 240), (100, 240), (240, 440), (260, 300), (260, 500), (120, 260), (140, 320), (480, 500), (20, 100), (500, 240), (120, 560), (380, 300), (80, 580), (420, 600), (140, 260), (80, 140), (300, 560), (120, 200), (220, 260), (160, 400), (280, 20), (160, 20), (100, 220), (540, 500), (380, 220), (460, 500), (560, 500), (120, 320), (540, 320), (80, 340), (340, 620)]random.shuffle(allpos)self.rect.left, self.rect.top = random.choice(allpos)def show_text(screen, pos, text, color, font_bold=False, font_size=30, font_italic=False):cur_font = pygame.font.SysFont('宋体', font_size)cur_font.set_bold(font_bold)cur_font.set_italic(font_italic)text_fmt = cur_font.render(text, 1, color)screen.blit(text_fmt, pos)def main():pygame.init()screen_size = (SCREEN_X, SCREEN_Y)screen = pygame.display.set_mode(screen_size)pygame.display.set_caption('Welcome to HECTF,enjoy!')clock = pygame.time.Clock()scores = 0isdead = Falsesnake = Snake()food = Food()while True:for event in pygame.event.get():if event.type == pygame.QUIT:sys.exit()if event.type == pygame.KEYDOWN:snake.changedirection(event.key)if event.key == pygame.K_SPACE and isdead:return main()screen.fill((205, 205, 205))if not isdead:snake.move()for rect in snake.body:pygame.draw.rect(screen, (0, 220, 0), rect, 0)isdead = snake.isdead()if isdead:show_text(screen, (100, 200), 'You lose :(', (227, 29, 18), False, 100)show_text(screen, (150, 260), 'press SAPCE to try again...', (0, 0, 22), False, 30)if food.rect == snake.body[0]:scores += 100food.remove()snake.addnode()food.set()pygame.draw.rect(screen, (136, 0, 21), food.rect, 0)show_text(screen, (50, 600), 'Scores: ' + str(scores), (223, 0, 0))if scores > 400:show_text(screen, (100, 650), 'f', (223, 223, 0))if scores > 500:show_text(screen, (110, 650), 'l', (223, 223, 0))if scores > 600:show_text(screen, (120, 650), 'a', (223, 223, 0))if scores > 700:show_text(screen, (130, 650), 'g', (223, 223, 0))if scores > 800:show_text(screen, (150, 650), 'i', (223, 223, 0))if scores > 900:show_text(screen, (160, 650), 's', (223, 223, 0))show_text(screen, (450, 650), 'Try to get 6000 points', (223, 223, 223))if scores >= 6000:show_text(screen, (100, 670), 'wtf,you really got 6000 points?check the source code', (223,223,223))show_text(screen, (100, 470), 'the original author is codetask from', (223,223,223))show_text(screen, (100, 490), 'https://gitee.com/codetimer,thanks to him', (223,223,223))pygame.display.update()clock.tick(10)if __name__ == '__main__':main()
在其中发现有坐标点
写脚本提取出代码点
f = open("123.txt","w")
key = [(220, 620), (140, 580), (380, 280), (320, 260), (440, 500), (320, 100), (420, 240), (380, 260), (160, 280), (480, 460), (340, 260), (420, 580), (140, 460), (180, 380), (60, 160), (200, 100), (320, 620), (120, 540), (360, 480), (420, 460), (100, 40), (280, 100), (60, 60), (100, 480), (20, 60), (100, 80), (500, 320), (300, 500), (60, 320), (560, 220), (400, 100), (360, 20), (460, 380), (100, 400), (100, 500), (400, 60), (520, 320), (160, 60), (480, 440), (360, 600), (140, 540), (520, 220), (500, 220), (80, 60), (520, 280), (260, 60), (320, 320), (320, 240), (460, 280), (580, 20), (140, 80), (40, 240), (420, 420), (100, 440), (180, 60), (140, 420), (220, 400), (440, 300), (240, 380), (420, 480), (360, 260), (460, 320), (160, 100), (260, 80), (520, 40), (200, 260), (360, 580), (100, 380), (80, 620), (360, 620), (340, 440), (200, 60), (200, 300), (20, 500), (400, 20), (120, 620), (540, 220), (240, 420), (320, 200), (60, 300), (260, 320), (300, 580), (160, 480), (140, 200), (100, 420), (420, 20), (360, 500), (240, 500), (140, 620), (260, 620), (100, 100), (540, 60), (420, 380), (240, 400), (60, 180), (480, 380), (40, 500), (560, 320), (320, 280), (260, 280), (160, 540), (300, 440), (60, 200), (560, 280), (240, 260), (200, 280), (180, 500), (100, 20), (540, 20), (320, 300), (80, 600), (380, 200), (20, 40), (440, 580), (580, 60), (420, 400), (140, 60), (120, 440), (520, 20), (260, 40), (320, 220), (360, 560), (100, 460), (200, 20), (80, 520), (60, 500), (300, 600), (520, 60), (420, 260), (260, 260), (140, 100), (380, 240), (160, 300), (500, 260), (400, 540), (560, 60), (480, 400), (380, 320), (400, 80), (580, 500), (240, 480), (160, 600), (440, 380), (540, 280), (160, 620), (380, 20), (460, 440), (400, 620), (400, 40), (300, 480), (420, 560), (20, 20), (500, 280), (300, 100), (60, 280), (360, 200), (240, 460), (520, 100), (340, 200), (500, 300), (440, 20), (420, 300), (240, 620), (140, 20), (300, 20), (420, 280), (20, 80), (220, 500), (320, 20), (60, 260), (300, 460), (200, 320), (520, 80), (140, 40), (420, 440), (60, 220), (480, 480), (180, 20), (180, 100), (320, 440), (160, 580), (80, 560), (360, 460), (100, 60), (120, 580), (420, 320), (560, 20), (300, 620), (40, 60), (360, 440), (420, 500), (60, 240), (100, 240), (240, 440), (260, 300), (260, 500), (120, 260), (140, 320), (480, 500), (20, 100), (500, 240), (120, 560), (380, 300), (80, 580), (420, 600), (140, 260), (80, 140), (300, 560), (120, 200), (220, 260), (160, 400), (280, 20), (160, 20), (100, 220), (540, 500), (380, 220), (460, 500), (560, 500), (120, 320), (540, 320), (80, 340), (340, 620)]
key = [str(i) for i in key]
key = '\n'.join(key)
key = key.replace("(","")
key = key.replace(")","")
f.write(key)
然后用 gunplot画图 把像素点显现出来
有点HECTF的样子,操作一下
HECTF{SnAkE_K1nG_is_u}
CRYPTO
签到
与佛论禅->base64->base32
HECTF{good_luck_for_you}
encode
题目没有后缀,用010打开发现是RAR文件,解压
解压下来是一串emoji密码
解密网站:
http://www.atoolbox.net/Tool.php?Id=937
[CTF]-HECTF2021部分复现相关推荐
- [CTF]SCTF2021 WEB复现(详细版)
前言 认真复现还是收获挺多的,做这些就算看wp也会卡很久的题目才容易提高.最后感谢下NSSCTF平台提供的靶机,虽然flag只有一半 Loginme 下载附件得到源码,题目让我们本地访问,也就是要伪造 ...
- 2019某行业CTF大赛题目复现——图片隐写
0x01上题目附件: 百度网盘地址 提取码 https://pan.baidu.com/s/13hDSgmW4cn9gEWqHjJrWIw 20ra 0x02WP复现: 1.打开图片:发现宽和高好像没 ...
- 2019某行业CTF大赛题目复现——音频隐写+图片隐写
0x01:上附件 百度网盘链接地址 提取码 https://pan.baidu.com/s/1OIh8ef5sopI8hoqkX3TJ9g qwky 0x02:WP复现过程 1.打开压缩的附件: ①发 ...
- 接第一篇博客:fw的第二场CTF——HECTF2021 WP
第一篇博客,第一次参加比赛https://blog.csdn.net/qq_42880719/article/details/110139040就是HECTF 所以这HECTF我非打不可了 想当年,刚 ...
- 第一次改变root密码_密码学永远改变的一天
第一次改变root密码 On 1 August 1977, Scientific American, a popular science magazine, released its monthly ...
- python 字节流分段_一文掌握CTF中Python全部考点
声明:Tide安全团队原创文章,转载请声明出处!文中所涉及的技术.思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担! 前 言 一次偶然的机会,让自己 ...
- Zer0pts CTF 2020的web赛后记录+复现环境
前言 打了Zer0pts CTF 2020感觉题目不错就总结一下. 复现环境地址: https://gitlab.com/zer0pts/zer0pts-ctf-2020/ 0x01 notepad ...
- 第二届BJD CTF做题总结与题目复现-MISCCrypto
0x00 前言 上周参加了第二届BJD CTF,本Web dog太垃圾,就做出两道Web.不过还好MISC和Crypto做的还行.那就先总结复现一下.标*表示未作出的 0x01 MISC 这个做的还行 ...
- i 春秋CTF题目 百度杯 9月场 再见CMS Upload 复现
今天花了点时间刷了下题目,遇到几道相对来说进阶的题目,学习一下储备一些CTF思路,这些题..脑洞有点开. 目录 再见CMS 总结 Upload 绕过方法 总结 再见CMS 昨天刚做一道 [WEB攻防] ...
最新文章
- css3实现3D立体翻转效果
- 程序员内卷的结局 | 每日趣闻
- 独立开放者入行之前应该知道的8件事
- 摆脱阅读黑洞,退订RSS
- echarts 表格与 div 之间 空白的设置
- matlab 中max函数用法
- 【常见笔试面试算法题12】动态规划算法案例分析
- getset原子性 redis_一文看透 Redis 分布式锁进化史(解读 + 缺陷分析)
- 为什么c语言读文件少内容,这个程序为什么在读文件时候读不全数据?
- redis主从复制_技术干货分享:一文了解Redis主从复制
- 【Flink】Could not complete the operation,Number of retries has been exhausted
- 电脑显示没有被指定在上运行_可以桌面显示的便条便签怎么弄?有没有电脑桌面上的便条贴...
- IE无法执行JavaScript解决办法
- 1.3-----Simplify 3D切片软件简单设置
- H5链接跳转到微信小程序开发流程记录
- FPGA开发中常见报错或警告汇总
- Python快速读取超大文件
- android tv 实现弹出通知
- 如何使用cocos2dx3.0制作基于tilemap的游戏:第二部分
- android资源文件转bitmap,Android 之 Bitmap 和 File 相互转换
热门文章