LoRexxar's Blog

hctf_game_week0_writeup

2016/02/18

鍋囨湡闅惧緱鏈夋椂闂寸┖闂蹭笅鏉ワ紝灏卞拰鍗忎細鐨勫皬浼欎即缁勭粐浜嗕竴娆℃瘮杈冪畝鍗曠殑ctf姣旇禌閽堝瀛︽牎鐨勫寮熷濡逛滑锛岃繖閲屽氨璐翠笂姣忎竴娆$殑writeup锛屼互渚涙暣鐞嗗涔犵敤銆

WEB

WEB浠0寮濮嬩箣0 POINT: 10 DONE

棰樼洰ID锛 26
棰樼洰鎻忚堪锛 WEB椤甸潰鐨凥TML锛孋SS锛孞S瀹㈡埛绔槸鍙互鏌ョ湅鐨勫摝锝炰綘鑳藉湪骞冲彴婧愮爜涓壘鍒癋LAG涔堬紵
Hint: 涓嶇煡浣犳湁娌℃湁鍙戠幇锛岄氳繃鍙抽敭鐪嬪埌鐨勬簮鐮佷腑娌℃湁棰樼洰锛屾病鏈夋帓鍚嶄俊鎭
鎺ㄨ崘锛歝hrome -> F12; firefox -> firebug

棰樼洰鎻忚堪鎴戣寰楄鐨勫緢娓呮浜嗭紝灏辨槸瑕佷粠婧愮爜涓壘鍒癴lag锛岃屼箣鎵浠ユ彁绀轰腑璇撮亾鍙抽敭婧愮爜涓病鏈夐鐩紝娌℃湁鎺掑悕淇℃伅锛屾槸鐢变簬閭d竴閮ㄥ垎浣跨敤浜哸jax锛屾湁鍏磋叮鐨勫彲浠ュ幓灏濊瘯涓嬨

WEB浠0寮濮嬩箣0.1 POINT: 20 DONE

棰樼洰ID锛 27
棰樼洰鎻忚堪锛 浣犵煡閬撲竴涓綉椤典粠杈撳叆URL鍒版樉绀哄嚭椤甸潰锛岄兘缁忓巻浜嗗暐涔堬紵
http://ctf.lazysheep.cc:8080/
Hint: Do you know HTTP headers?

杩欓棰樼洰鏄湪hctf2015涓殑绛惧埌棰橈紝澶ф灏辨槸鐐硅繘鍘绘湁涓302鐨勮烦杞紝浠巌ndex.php璺冲埌index.html锛屾湁寰堝涓姙娉曞彲浠ュ仛鍒帮紝鍖呮嫭鎶撳寘锛屽彲浠ョ敤temper data鎴栬卋urp锛宖12搴旇涔熸槸鍙互鐪嬪埌鐨勶紝杩樻湁涓绉嶅氨鏄痗rul -I鍛戒护锛屼篃鍙互鐪嬪埌锛屽緢绠鍗曞氨涓嶈禈杩颁簡銆

WEB浠0寮濮嬩箣0.2 POINT: 20 DONE

棰樼洰ID锛 35
棰樼洰鎻忚堪锛 浣犵煡閬撳暐鏄痗ookie鍚楋紵
閭d箞浣犱細淇敼瀹冨悧锛
http://ctf.lazysheep.cc:8080/web0-2.php

棰樼洰鎻忚堪姣旇緝鏄庣櫧浜嗭紝灏辨槸璇撮渶瑕佷慨鏀筩ookie锛屽悓鏍峰伐鍏锋瘮杈冮噸瑕侊紝涓鑸娇鐢╟hrome -> F12; firefox -> firebug锛屾姄鍖呮敼鍖呭綋鐒朵篃鍙互锛屼慨鏀逛负true灏卞ソ浜

MISC

MISC浠0寮濮嬩箣缂栫爜0 POINT: 10 DONE

棰樼洰ID锛 25
棰樼洰鎻忚堪锛 SENURntUSElTSVNCQVNFNjRFTkNPREV9
Hint: base绯诲垪缂栫爜

棰樼洰涓昏鏄澶у鐔熸倝base64缂栫爜锛岀湅鍒板叏澶у啓鏈互涓烘槸base32锛岀粨鏋滆繕鏄畝鍗曠殑base64缂栫爜锛岃В鐮佹柟寮忓緢澶氱锛岀珯闀垮伐鍏凤紝鎴栬呮墜澶寸殑宸ュ叿搴旇閮藉緢闅忔剰鈥

MISC浠0寮濮嬩箣Steganography0 POINT: 10 DONE

棰樼洰ID锛 32
棰樼洰鎻忚堪锛 AK鑿婅嫞鐨勫皬濮愬浠箣0锝
http://ctf.lazysheep.cc:8080/steg0.html

鏈鏈鍩虹鐨勫浘鐗囬鐩紝杩欓噷寮曞嚭涓涓瘮杈冮噸瑕佺殑鍥剧墖澶勭悊宸ュ叿锛屽彨鍋歴tegslove锛屽姛鑳介潪甯稿己澶э紝鐩存帴浣跨敤鏌ョ湅鍥剧墖淇℃伅鍗冲彲銆

MISC浠0寮濮嬩箣娴侀噺鍒嗘瀽0 POINT: 10 DONE

棰樼洰ID锛 33
棰樼洰鎻忚堪锛 http://ctf.lazysheep.cc:8080/net0.pcap
Hint: PS: FLAG鎵撻敊浜嗐傘傛牸寮忓彉鎴恌lag{}..鎳掑緱鏀逛簡

鏈鏈鍩虹鐨勬祦閲忓垎鏋愰锛屽熀鏈笂鏉ヨ锛屽垎鏋愭祦閲忎娇鐢ㄧ殑閮芥槸wireshark杩欎釜锛屽湪瀵规敞鍐岄〉闈㈢殑涓涓猦ttp璇锋眰澶勶紝鍙互鐪嬪埌涓涓槑鏂囩殑flag璇锋眰锛実et锛

CTF coding step0 POINT: 50 DONE

棰樼洰ID锛 30
棰樼洰鎻忚堪锛 鎵揅TF灏辨槸鎷垮伐鍏凤紵 涓嶄笉涓嶏紝涔熻鍐欏緢澶氫唬鐮佺殑銆傝繖涓郴鍒楀氨鏄浣犵啛鎮塁TF椋庢牸鐨勭紪绋嬮鐩紝鍏蜂綋鐨勮姹傝棰樼洰鍚с伄銇 灏辨槸璁╀綘浠鐪嬬偣鑻辨枃锛
nc 115.29.77.78 9999
Hint: 鐢╰elnet鎴栬卬c杩炴帴濡備笂鍦板潃鍜岀鍙o紝windows涓嬫病鏈夌殑璇疯嚜琛屽鎵緎sh/telnet宸ュ叿

棰樼洰姣旇緝绠鍗曪紝鍗充究鏄墜杈撳緢澶氶亶A閮芥槸鍙互鐨勶紝涓昏鏄啛鎮塶c锛屾湁鍏磋叮鍙互鍘绘煡鏌ャ

crypto

瀵嗙爜瀛︿粠0寮濮嬩箣0 POINT: 10 DONE

棰樼洰ID锛 23
棰樼洰鎻忚堪锛 ojam{AopzpzJhlzhyWhzzdvyk}
Hint: Caesar鈥檚 code

鍑拻瀵嗙爜锛屾瘮杈冪畝鍗曪紝澶ф鍐欎釜鑴氭湰灏卞ソ浜嗭紝c涔熷悓鏍峰彲浠ュ疄鐜般

pen test

lightless鐨勬笚閫忔暀瀹-1 POINT: 50 DONE

棰樼洰ID锛 28
棰樼洰鎻忚堪锛 http://120.27.53.238/pentest/01/http-method.php
鎻愪氦flag鏃讹紝璇疯繛鍚宧ctf{}鑺辨嫭鍙蜂竴璧锋彁浜ゃ
Hint: 鏆傛棤HINT

璁ょ湡鐪嬫枃妗e摕锛侊紒

CATALOG
  1. 1. WEB
    1. 1.1. WEB浠0寮濮嬩箣0 POINT: 10 DONE
    2. 1.2. WEB浠0寮濮嬩箣0.1 POINT: 20 DONE
    3. 1.3. WEB浠0寮濮嬩箣0.2 POINT: 20 DONE
  2. 2. MISC
    1. 2.1. MISC浠0寮濮嬩箣缂栫爜0 POINT: 10 DONE
    2. 2.2. MISC浠0寮濮嬩箣Steganography0 POINT: 10 DONE
    3. 2.3. MISC浠0寮濮嬩箣娴侀噺鍒嗘瀽0 POINT: 10 DONE
    4. 2.4. CTF coding step0 POINT: 50 DONE
  3. 3. crypto
    1. 3.1. 瀵嗙爜瀛︿粠0寮濮嬩箣0 POINT: 10 DONE
  4. 4. pen test
    1. 4.1. lightless鐨勬笚閫忔暀瀹-1 POINT: 50 DONE