比赛地址：SillyCTF

比赛时间：29 Mar 2025 20:00 CST - 30 Mar 2025 08:00 CST

复现的题目用🔁标注

Ice Spice

Munch Music

Challenge

Munch Music

Misc Easy

Ice Spices new single got edited! Cleotrapa (Her opp) probably did it. Find the flag in the music.

Solution

flag

🚩sillyCTF{I-L0Ve-iC3-Spic3}

You Thought I Was Feeling U?

Challenge

You Thought I Was Feeling U?

Crypto Easy

Ice Spice encoded her diary using her own langauge called Icespician. Crack the code to find out her secret.

https://shorturl.at/0fHhZ

Unlock Hint for 0 points
Munch munch munch graaahhhh

Solution

对着密码表转换一下就出来了

flag

🚩sillyCTF{YOUARETHEMUNCH}

Costco

Frying Chicken?

Challenge

Frying Chicken?

Forensics Easy

I love going to Costco but I hate the toxic LEDs. They’re mutating my 5$ rotisserie chickens and making me ingest red particles. Not a fan. 5 big dooms.

https://shorturl.at/6plIo

Solution

这明显是 PDF417 条码，用在线阅读PDF417条码打开

扫描得到

text

1anpjY3BUS1d7R2N2anZfdWZla196aWlydXpya3ZfZHBfdHl6dGJ2ZWp9

Base64 解码得到

text

1jzccpTKW{Gcvjv_ufek_ziiruzrkv_dp_tyztbvej}

明显是凯撒密码，当位移位数为17时得到flag

flag

🚩sillyCTF{Plese_dont_irradiate_my_chickens}

Minions

It Hertz when IP

Challenge

It Hertz when IP

Forensics Easy

Which IP addresses attempted to login to the victim machine? List the addresses numerically, least to greatest, comma-separated. Wrap the addresses in sillyCTF{}. For example, if the addresses 1.2.3.4 and 1.2.3.5 attempted to log in, your flag would be sillyCTF{1.2.3.4,1.2.3.5}

https://shorturl.at/8PCKf

附件部分内容如下

log

1eb 20 20:33:15 ubuntu-virtual-machine sudo:     root : TTY=pts/1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/echo 2Feb 20 20:33:15 ubuntu-virtual-machine sudo: pam_unix(sudo:session): session opened for user root(uid=0) by ubuntu(uid=0)3Feb 20 20:33:15 ubuntu-virtual-machine sudo: pam_unix(sudo:session): session closed for user root4Feb 20 20:33:34 ubuntu-virtual-machine su: (to ubuntu) root on pts/15Feb 20 20:33:34 ubuntu-virtual-machine su: pam_unix(su:session): session opened for user ubuntu(uid=1000) by ubuntu(uid=0)6Feb 20 20:35:01 ubuntu-virtual-machine CRON[2484]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)7Feb 20 20:35:01 ubuntu-virtual-machine CRON[2485]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)8Feb 20 20:35:03 ubuntu-virtual-machine CRON[2485]: pam_unix(cron:session): session closed for user observium9Feb 20 20:35:07 ubuntu-virtual-machine CRON[2484]: pam_unix(cron:session): session closed for user observium10Feb 20 20:36:06 ubuntu-virtual-machine sshd[2723]: Connection closed by 192.168.64.131 port 37496 [preauth]11Feb 20 20:36:25 ubuntu-virtual-machine sshd[2763]: Connection closed by 192.168.64.131 port 60714 [preauth]12Feb 20 20:36:57 ubuntu-virtual-machine sshd[2767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu13Feb 20 20:36:59 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh214Feb 20 20:37:05 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh215Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh216Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: Connection closed by authenticating user ubuntu 192.168.64.131 port 48446 [preauth]17Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu18Feb 20 20:39:01 ubuntu-virtual-machine CRON[2772]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)19Feb 20 20:39:01 ubuntu-virtual-machine CRON[2772]: pam_unix(cron:session): session closed for user root20Feb 20 20:40:01 ubuntu-virtual-machine CRON[2823]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)21Feb 20 20:40:01 ubuntu-virtual-machine CRON[2824]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)22Feb 20 20:40:02 ubuntu-virtual-machine CRON[2824]: pam_unix(cron:session): session closed for user observium23Feb 20 20:40:06 ubuntu-virtual-machine CRON[2823]: pam_unix(cron:session): session closed for user observium24Feb 20 20:41:34 ubuntu-virtual-machine sshd[3114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu

Solution

写个脚本提取所有出现过的 IP 地址

python

1import re2from collections import Counter3 4log_file_path = "auth.log"5 6# 匹配 IPv4 地址7ip_pattern = re.compile(r'\b(?:\d{1,3}\.){3}\d{1,3}\b')8 9# 读取日志文件并提取所有 IP 地址10def extract_all_ips_from_log(log_file):11    ip_list = []12    with open(log_file, 'r') as file:13        for line in file:14            matches = ip_pattern.findall(line)15            if matches:16                ip_list.extend(matches)17    return ip_list18 19# 统计 IP 地址出现次数20def count_ip_occurrences(ip_list):21    ip_counter = Counter(ip_list)22    return ip_counter23 24def main():25    ip_list = extract_all_ips_from_log(log_file_path)26    ip_counts = count_ip_occurrences(ip_list)27 28    for ip, count in ip_counts.items():29        print(f"{ip} - {count}")30 31if __name__ == "__main__":32    main()

得到如下输出

text

1192.168.64.131 - 1702192.168.64.138 - 1203192.168.64.147 - 24

因此flag是

flag

🚩sillyCTF{192.168.64.131,192.168.64.138,192.168.64.147}