天天干夜夜干,亚洲精品久久久蜜桃直播,日本女人受爱高潮视频网站,精品婷婷在线,免费看按摩AAAAAA片,青青草97,经典一区二区,俺去了网

本文來(lái)自“白帽子社區(qū)知識(shí)星球”

作者：WHT戰(zhàn)隊(duì)

白帽子社區(qū)知識(shí)星球

加入星球，共同進(jìn)步

解題情況

解題過(guò)程

題目一 ez_Encrypt

操作內(nèi)容:

提取/public/web123 內(nèi)容，文件為 zip 的 base64 加密

對(duì)/app/controller/Index.php 進(jìn)行運(yùn)行即可得到 flag

flag 值:

cazy{PHP_ji4m1_1s_s00000_3aSyyyyyyyyyyy}

題目二 Ez_Steg

操作內(nèi)容:

六位數(shù)字密碼爆破

解壓壓縮包，得到一個(gè) aes 加密的文件和一個(gè) steg.pyc 文件。該隱寫(xiě)為劍龍隱寫(xiě)，使用工具解密

根據(jù)得到的 key 對(duì) aes 進(jìn)行解密:

flag 值:

cazy{Em0j1s_AES_4nd_PyC_St3g_D0_yoU_l1ke}

題目三 binary

操作內(nèi)容:

jadx 進(jìn)行反編譯

猜測(cè)字符串為 ascii 編碼，編寫(xiě)腳本進(jìn)行解碼

data = [77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77,68, 69, 120, 77, 84, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 70, 120, 117, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 70, 120, 117, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77,84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 86, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77,68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68,69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 65, 61,61]for i in range(0,len(data)): print(chr(data[i]),end="")

執(zhí)行結(jié)果為:

MDAwMDAwMDEwMTExMDAwMDAwMDAxMTExMTEwMTExMDAwMDAwMFxuM DExMTExMDEwMTEwMTAxMDExMTExMDAwMTExMDExMDExMTExMFxuMDEwMD AxMDEwMDAwMTExMTAwMDExMTAxMDExMDExMDEwMDAxMFxuMDEwMDAxM DExMDAwMDAxMTAwMDExMTAwMDAwMTAxMDEwMDAxMFxuMDEwMDAxMDEx MTAxMTAxMTAwMTEwMTEwMTAxMTExMDEwMDAxMFxuMDExMTExMDEwMTExM DEwMDAwMDAwMTAwMTAwMDAxMDExMTExMFxuMDAwMDAwMDEwMTAxMDE wMTAxMDEwMTAxMDEwMTAxMDAwMDAwMFxuMTExMTExMTEwMDEwMDAwMD AwMDEwMDExMDAxMTExMTExMTExMVxuMTEwMDAxMDEwMTAxMDAwMDEwM TExMTExMDEwMDAwMDAxMTAwMFxuMDEwMTEwMTAwMDExMDAxMDAxMDAw MDEwMDExMDEwMTAxMTEwMVxuMTAxMTAwMDAwMTAwMTExMTAwMTEwMDAxMTAxMDAwMDAxMDAxMFxuMTExMDExMTExMTExMDAxMDEwMTEwMTAwMDEx MDEwMTAxMTEwMFxuMTAxMDExMDAwMTExMDAwMDAwMDExMDEwMDAwMD AwMDAwMDAxMFxuMDExMDEwMTAwMTAwMDEwMDAxMTAxMTEwMTAxMTEwM TExMTEwMVxuMDAxMDEwMDEwMDExMTExMTEwMTExMDAwMDExMDAxMDEw MDAxMFxuMDAxMDAwMTEwMTExMDExMDExMDAxMTAwMTEwMDExMDAxMTEw MVxuMTExMDEwMDExMDAwMTExMTExMTAxMTAxMDAxMTAwMDAwMDAxMFxu MDAwMDExMTAxMDEwMDAxMTEwMDAwMDEwMTEwMTExMTExMDExMVxuMTE wMTEwMDExMDEwMTEwMTAwMTEwMDAxMDEwMDExMDAwMDEwMFxuMDEwM TAwMTAwMTExMTAwMTAwMDAwMTAwMTExMDAxMDAxMDExMVxuMDEwMTAx MDAxMTAwMDExMTAwMDExMDAxMDAwMDAxMDEwMTAwMFxuMTAwMTEwMTE xMTEwMTExMDExMDAxMDAxMTExMTEwMTAxMTEwMVxuMTEwMTEwMDAxMDEx MTAwMDAwMDEwMTExMDExMDAwMTAxMTAxMFxuMDAxMTAwMTAwMDExMTE wMTEwMDAxMTExMDEwMDEwMDExMTEwMVxuMDEwMTAwMDAwMTExMDEwM TExMDExMDEwMTExMTExMDEwMDAxMFxuMDEwMTAxMTAxMTAwMTAwMTAwM DAwMDExMDEwMDAxMDAxMTExMVxuMDExMDEwMDAxMDAwMTExMDAxMDEx MDAxMTAxMTExMTAwMTEwMFxuMDExMTAwMTExMTEwMDAwMDAxMDExMDEx MDExMTAwMTExMTEwMFxuMDEwMDExMDAxMDExMDAxMDEwMDAxMDExMTAx MTAwMDAwMDAwMFxuMTExMTExMTEwMTAxMTAwMTExMDAxMTEwMDEwMTAx MTEwMTAxMVxuMDAwMDAwMDExMTAwMDExMTAxMTAxMDExMDAwMTAxMDE wMDEwMFxuMDExMTExMDExMTAwMTEwMTAxMDExMDEwMTEwMDAxMTEwMTE xMVxuMDEwMDAxMDEwMDExMDAwMDExMDAxMTAxMDAwMDAwMDAwMDAxM FxuMDEwMDAxMDEwMTExMTEwMTEwMDAxMTExMTExMTExMDEwMDExMVxuM DEwMDAxMDEwMTEwMTExMTExMTEwMDAwMDAxMDEwMTAxMDExMFxuMDExM TExMDExMTExMTAwMDEwMTEwMTAwMTExMTAwMDExMDExMFxuMDAwMDAwM DExMTExMTAxMTExMDExMDAwMDAwMDEwMDAxMTAwMA==

利用工具進(jìn)行 base64 解碼:

得到二進(jìn)制字符串，還有換行符，猜測(cè)是二維碼，編寫(xiě)腳本解析:

str="0000000101110000000011111101110000000011111010110101011111000111011011111001000101 00001111000111010110110100010010001011000001100011100000101010001001000101110110110 01101101011110100010011111010111010000000100100001011111000000001010101010101010101 01010000000111111110010000000010011001111111111111000101010100001011111101000000110 00010110100011001001000010011010101110110110000010011110011000110100000100101110111 11111001010110100011010101110010101100011100000001101000000000000100110101001000100 01101110101110111110100101001001111111011100001100101000100010001101110110110011001 10011001110111101001100011111110110100110000000100000111010100011100000101101111110 11111011001101011010011000101001100001000101001001111001000001001110010010111010101 00110001110001100100000101010001001101111101110110010011111101011101110110001011100 00001011101100010110100011001000111101100011110100100111101010100000111010111011010 11111101000100101011011001001000000110100010011111011010001000111001011001101111100 11000111001111100000010110110111001111100010011001011001010001011101100000000011111 11101011001110011100101011101011000000011100011101101011000101010010001111101110011 01010110101100011101111010001010011000011001101000000000001001000101011111011000111 11111110100111010001010110111111110000001010101011001111101111110001011010011110001 101100000000111111011110110000000100011000"MAX = 37img = Image.new("RGB",(MAX,MAX)) i=0for y in range(0,MAX):  for x in range(0,MAX):     if str[i] == '1':      img.putpixel([x,y],(0,0,0))???  else:      img.putpixel([x,y],(255,255,255)) i=i+1img.show()

得到二維碼圖片，掃一掃得到 flag

flag 值:

flag{932b2c0070e4897ea7df0190dbf36ece}

題目四 no_can_no_bb

操作內(nèi)容:

import randomfrom Crypto.Util.number import long_to_bytes from Crypto.Cipher import AESdef pad(m):  tmp = 16-(len(m)%16)  return?m?+?bytes([tmp?for?_?in?range(tmp)])def encrypt(m,key):  aes = AES.new(key,AES.MODE_ECB)   return aes.encrypt(m)def decrypt(c, key):  aes = AES.new(key,AES.MODE_ECB)   return aes.decrypt(c)c= b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ \xd5\xc3\x1c'for i in range(1, 1<<20 + 1):  key = pad(long_to_bytes(random.randrange(1,1<<20)))   flag = decrypt(c, key)  if?flag[:5]?==b'cazy{':    print(flag)

flag 值:

cazy{n0_c4n,bb?n0p3!}

題目五 LinearEquations

操作內(nèi)容:

from Crypto.Util.number import long_to_bytesimport gmpy2data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]n = 10104483468358610819r = []for i in range(10):  r.append([])  for j in range(10):    r[i].append(0)????for i in range(3):  for j in range(3):    r[i][j] = data[i + j]
for i in range(2):  for j in range(3):    r[i][j] = (r[i][j] - r[i + 1][j]) % n 
k?=?gmpy2.invert(r[0][0],?n)for j in range(3):  r[0][j] = (r[0][j] * k) % n
k = r[1][0]for j in range(3):  r[1][j] = (r[1][j] - k * r[0][j]) % n
k = gmpy2.invert(r[1][1], n)
for j in range(3):  r[1][j] = (r[1][j] * k) % n
k = r[0][1]for j in range(3):  r[0][j] = (r[0][j] - k * r[1][j]) % n #解出a和b#用a和b求ca = 8175498372211240502b = 5490290802446982981c = data[2] - a * data[0] - b * data[1]c=c%nprint(long_to_bytes(b) + long_to_bytes(a) + long_to_bytes(c))

flag 值:

cazy{L1near_Equ4t1on6_1s_34sy}

題目六 no_cry_no_can

操作內(nèi)容:

c = b'def decrypt(flag,key):  block_len = len(flag) // len(key) + 1   new_key = key * block_len  return bytes([i^j for i,j in zip(flag,new_key)])flag = decrypt(c, key) print(flag)

flag 值:

cazy{y3_1s_a_h4nds0me_b0y!}

題目七無(wú)字天書(shū)

操作內(nèi)容:

從流量包中提取 1.zip

使用 whitespace 對(duì) key.ws 進(jìn)行解密

Flag.txt 為 snow 隱寫(xiě)，key 為上面解出的 key

flag 值:

cazy{C4n_y0u_underSt4nd_th3_b0oK_With0ut_Str1ng}

題目八樸實(shí)無(wú)華的取證?

操作內(nèi)容:

對(duì) raw 進(jìn)行文件掃描，并尋找 flag 文件

提取 flag.png

根據(jù)內(nèi)容猜測(cè)是凱撒密碼:

flag 值:

cazy{Xian_will_certainly_succeed_in_fighting_the_epidemic}

題目九西安加油?

操作內(nèi)容:

從流量包中提取 hint.txt 和 secret.txt。對(duì) hint.txt 進(jìn)行 base32 解碼:

Secret 為 zip 文件的 base64 編碼

查看壓縮包，根據(jù) hint 的解密內(nèi)容進(jìn)行拼圖

flag 值:

cazy{make_XiAN_great_Again}

題目十 RCE_No_Para

操作內(nèi)容:

無(wú)參 rce 過(guò)濾 session,end,next,header 和 dir。構(gòu)建payload:/?b=phpinfo();&code=eval(reset(current(get_defined_vars())));

通過(guò)參數(shù) b 進(jìn)行 rce

flag 值:

flag{4c217b2f6b92bf949d2cf10fdfbdbf6f}

題目十一八卦迷宮

操作內(nèi)容:

走迷宮游戲

根據(jù)迷宮路線(xiàn)得到 flag，注意前綴

flag 值:

cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang}

如果覺(jué)得本文不錯(cuò)的話(huà)，歡迎加入知識(shí)星球，星球內(nèi)部設(shè)立了多個(gè)技術(shù)版塊，目前涵蓋“WEB安全”、“內(nèi)網(wǎng)滲透”、“CTF技術(shù)區(qū)”、“漏洞分析”、“工具分享”五大類(lèi)，還可以與嘉賓大佬們接觸，在線(xiàn)答疑、互相探討。

▼掃碼關(guān)注白帽子社區(qū)公眾號(hào)&加入知識(shí)星球▼

長(zhǎng)安“戰(zhàn)疫”網(wǎng)絡(luò)安全衛(wèi)士守護(hù)賽 writeup WHT 戰(zhàn)隊(duì) WRITEUP