半决赛

Misc

YWB_Misc_文件隐写01

Challenge

文件隐写

Solution

附件是加密压缩包，纯数字爆破得到解压密码882401

解压得到的Word文档把图片移开得到flag

text

1FLAG{12axzaq1sz}

YWB_Misc_键盘流量分析

Challenge

我们在监控网络时捕获到一组可疑的流量，现在需要你通过流量包来分析操作者是否传递了某些信息。注：提交格式为 flag{xxx}。

Solution

一把梭

text

1flag{inop97bc6g9}

Crypto

《图像谜途：解锁隐藏的真相》

Challenge

《图像谜途：解锁隐藏的真相》描述：在一个看似普通的图片中，暗藏着通往密码的秘密。找到正确的图片，成功解压后，揭开加密的flag，才能获得最终的胜利。

Solution

修复文件头得到解压密码ctf@welcome

解压得到的图片的exif信息中找到Y3RmX3lvdV9wYXNzZWQ=，base64解码得到flag:ctf_you_passed

text

1flag{ctf_you_passed}

crypto

Challenge

crypto

Solution

text

1flag{hnctfqwer34567}

YWB_Crypto_10

Challenge

在修复古代星象馆的穹顶壁画时，你们在黄道十二宫的镶嵌缝隙中发现一卷残缺的羊皮纸。泛黄的纸面上用褪色墨水写着：5uwSOphsp4poQVBJyTUQfsgxFELy 纸背隐约有抄写者潦草的注释： “此乃大图书馆禁室之钥，须以62星轨重排时序。当心，缺失的日月符号会吞噬自身，正如沙漏倒转时消逝的刻度…”

Solution

text

1flag{nisp_9i7u_0kj3e}

Reverse

re_python

Challenge

easy python

Solution

pyinstxtractor解包得到1.pyc，反编译得到以下代码

text

1# Source Generated with Decompyle++2# File: 1.pyc (Python 3.7)345def check():6    a = input('plz input your flag:')7    c = [8        144,9        163,10        158,11        177,12        121,13        39,14        58,15        58,16        91,17        111,18        25,19        158,20        72,21        53,22        152,23        78,24        171,25        12,26        53,27        105,28        45,29        12,30        12,31        53,32        12,33        171,34        111,35        91,36        53,37        152,38        105,39        45,40        152,41        144,42        39,43        171,44        45,45        91,46        78,47        45,48        158,49        8]50    if len(a) != 42:51        print('wrong length')52        return 053    b = None54    for i in range(len(a)):55        if ord(a[i]) * 33 % b != c[i]:56            print('wrong')57            return None58    59    print('win')6061check()

exp如下：

text

1a = ["f","l","a","g"]2c = [3    144,4    163,5    158,6    177,7    121,8    39,9    58,10    58,11    91,12    111,13    25,14    158,15    72,16    53,17    152,18    78,19    171,20    12,21    53,22    105,23    45,24    12,25    12,26    53,27    12,28    171,29    111,30    91,31    53,32    152,33    105,34    45,35    152,36    144,37    39,38    171,39    45,40    91,41    78,42    45,43    158,44    8]4546b = 047for k in range(4):48    for i in range(1,256):49        if ord(a[k]) * 33 % i == c[k]:50            b = i515253for s in c[4:]:54    for j in range(0,128):55        if j * 33 % b == s:56            a.append(chr(j))575859flag = "".join(a).replace("e","4")60print(flag)

RE_C

Challenge

代码分析

Solution

分析代码找到这个字符串102 108 97 103 123 72 78 67 84 70 109 110 103 49 50 51 52 53 125

10进制转字符得到flag

text

1flag{HNCTFmng12345}

Web

YWB_Web_SQL注入_boolblind

Challenge

获得数据库中flag值

Solution

sqlmap一把梭

text

1sqlmap -u "http://192.168.20.215:46592/?id=1" -D mylabs -T flagage --dump

text

1flag{jKmFcMh5qbzR}

决赛

渗透靶场二

完全仿真业务系统，企业场景包含不同类型虚拟机。在该综合场景下完全仿真相关的系统业务考察内容丰富；考察参赛队伍的信息收集、外网打点、经典漏洞、内网横向、内网信息收集、内网提权等。

1.通过目录扫描获取flag

text

1┌──(root㉿kali)-[~]2└─# dirsearch -u http://192.168.1.202 3/usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html4  from pkg_resources import DistributionNotFound, VersionConflict56  _|. _ _  _  _  _ _|_    v0.4.37 (_||| _) (/_(_|| (_| )89Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 25 | Wordlist size: 114601011Output File: /root/reports/http_192.168.1.202/_25-07-12_18-07-02.txt1213Target: http://192.168.1.202/1415[18:07:02] Starting: 16[18:07:03] 403 -    2KB - /.config.inc.php.swp                              17[18:07:03] 403 -    2KB - /.config.php.swp                                  18[18:07:03] 403 -    2KB - /.configuration.php.swp                           19[18:07:03] 403 -    2KB - /.idea/                                           20[18:07:03] 200 -  750B  - /.idea/compiler.xml21[18:07:03] 301 -  170B  - /.idea  ->  http://192.168.1.202/.idea/           22[18:07:03] 200 -  987B  - /.idea/encodings.xml                              23[18:07:03] 200 -  569B  - /.idea/misc.xml                                   24[18:07:03] 200 -  191B  - /.idea/vcs.xml                                    25[18:07:03] 200 -    6KB - /.idea/workspace.xml                              26[18:07:03] 403 -    2KB - /.index.php.swp                                   27[18:07:03] 403 -    2KB - /.localsettings.php.swp                           28[18:07:04] 403 -    2KB - /.php-version                                     29[18:07:04] 403 -    2KB - /.php3                                            30[18:07:04] 403 -    2KB - /.php-ini                                         31[18:07:04] 403 -    2KB - /.php_cs                                          32[18:07:04] 403 -    2KB - /.php_history33[18:07:04] 403 -    2KB - /.phpcs.xml34[18:07:04] 403 -    2KB - /.php_cs.dist35[18:07:04] 403 -    2KB - /.phpspec.yml36[18:07:04] 403 -    2KB - /.phpunit.result.cache                            37[18:07:04] 403 -    2KB - /.phpintel38[18:07:04] 403 -    2KB - /.php_cs.cache39[18:07:04] 403 -    2KB - /.phptidy-cache                                   40[18:07:04] 403 -    2KB - /.phpversion41[18:07:04] 403 -    2KB - /.settings.php.swp                                42[18:07:04] 403 -    2KB - /.settings/org.eclipse.php.core.prefs             43[18:07:04] 403 -    2KB - /.svn/text-base/index.php.svn-base                44[18:07:04] 403 -    2KB - /.wp-config.php.swp                               45[18:07:05] 400 -    2KB - /\..\..\..\..\..\..\..\..\..\etc\passwd           46[18:07:06] 403 -    2KB - /admin.php3                                       47[18:07:06] 403 -    2KB - /admin/includes/configure.php~                    48[18:07:08] 403 -    2KB - /app/bootstrap.php.cache                          49[18:07:08] 403 -    2KB - /app/etc/local.xml.phpunit                        50[18:07:09] 403 -    2KB - /bitrix/.settings.php.bak                         51[18:07:09] 403 -    2KB - /bitrix/php_interface/dbconn.php2                 52[18:07:09] 403 -    2KB - /bitrix/settings.php.bak                          53[18:07:10] 403 -    2KB - /conf.inc.php~                                    54[18:07:10] 403 -    2KB - /conf.php.swp55[18:07:10] 403 -    2KB - /conf.php.bak56[18:07:10] 403 -    2KB - /conf.php.old                                     57[18:07:10] 403 -    2KB - /config.inc.php.txt                               58[18:07:10] 403 -    2KB - /config.inc.php~                                  59[18:07:10] 403 -    2KB - /config.local.php_old                             60[18:07:10] 403 -    2KB - /config.local.php~                                61[18:07:10] 403 -    2KB - /config.php-eb                                    62[18:07:10] 403 -    2KB - /config.php.bak63[18:07:10] 403 -    2KB - /config.php.bkp64[18:07:10] 403 -    2KB - /config.php.inc65[18:07:10] 403 -    2KB - /config.php.dist66[18:07:10] 403 -    2KB - /config.php.inc~67[18:07:10] 403 -    2KB - /config.php.save68[18:07:10] 403 -    2KB - /config.php.old69[18:07:10] 403 -    2KB - /config.php.new70[18:07:10] 403 -    2KB - /config.php.swp71[18:07:10] 403 -    2KB - /config.php.txt72[18:07:10] 403 -    2KB - /config.php.zip73[18:07:10] 403 -    2KB - /config.php~                                      74[18:07:10] 403 -    2KB - /configuration.php.old                            75[18:07:10] 403 -    2KB - /configuration.inc.php~                           76[18:07:10] 403 -    2KB - /configuration.php.dist77[18:07:10] 403 -    2KB - /configuration.php.save78[18:07:10] 403 -    2KB - /configuration.php.bak                            79[18:07:10] 403 -    2KB - /configuration.php.swp80[18:07:10] 403 -    2KB - /configuration.php.txt81[18:07:10] 403 -    2KB - /configuration.php.zip82[18:07:10] 403 -    2KB - /configuration.php~                               83[18:07:11] 403 -    2KB - /configure.php.bak                                84[18:07:11] 301 -  170B  - /doc  ->  http://192.168.1.202/doc/               85[18:07:11] 403 -    2KB - /doc/                                             86[18:07:12] 301 -  170B  - /error  ->  http://192.168.1.202/error/           87[18:07:12] 403 -    2KB - /error/                                           88[18:07:12] 403 -    2KB - /file_upload.php3                                 89[18:07:12] 200 -   29B  - /flag.txt                                         90[18:07:14] 403 -    2KB - /includes/configure.php~                          91[18:07:14] 403 -    2KB - /index.pHp                                        92[18:07:14] 403 -    2KB - /index.php-bak                                    93[18:07:14] 403 -    2KB - /index.php.                                       94[18:07:14] 403 -    2KB - /index.php.bak95[18:07:14] 403 -    2KB - /index.php/login/96[18:07:14] 403 -    2KB - /index.php397[18:07:14] 403 -    2KB - /index.php498[18:07:14] 403 -    2KB - /index.php599[18:07:14] 400 -    2KB - /index.php::$DATA100[18:07:14] 403 -    2KB - /index.php~                                       101[18:07:14] 301 -  170B  - /index_files  ->  http://192.168.1.202/index_files/102[18:07:14] 200 -    1KB - /license                                          103[18:07:14] 200 -    1KB - /LICENSE                                          104[18:07:15] 403 -    2KB - /local_conf.php.bac                               105[18:07:15] 403 -    2KB - /local_conf.php.bak106[18:07:15] 403 -    2KB - /localsettings.php.dist                           107[18:07:15] 403 -    2KB - /localsettings.php.bak108[18:07:15] 403 -    2KB - /localsettings.php.old109[18:07:15] 403 -    2KB - /localsettings.php.save110[18:07:15] 403 -    2KB - /localsettings.php.swp111[18:07:15] 403 -    2KB - /localsettings.php.txt112[18:07:15] 403 -    2KB - /localsettings.php~113[18:07:17] 403 -    2KB - /painel/config/config.php.example                 114[18:07:17] 403 -    2KB - /phpinfo.php3                                     115[18:07:17] 403 -    2KB - /phpinfo.php4                                     116[18:07:17] 403 -    2KB - /phpinfo.php5                                     117[18:07:18] 403 -    2KB - /pi.php5                                          118[18:07:18] 200 -    3KB - /pom.xml                                          119[18:07:18] 200 -    4KB - /ReadMe.md                                        120[18:07:18] 200 -    4KB - /Readme.md121[18:07:18] 200 -    4KB - /README.MD122[18:07:18] 200 -    4KB - /README.md                                        123[18:07:18] 200 -    4KB - /readme.md124[18:07:19] 403 -    2KB - /settings.php.dist                                125[18:07:19] 403 -    2KB - /settings.php.save                                126[18:07:19] 403 -    2KB - /settings.php.old127[18:07:19] 403 -    2KB - /settings.php.bak128[18:07:19] 403 -    2KB - /settings.php.swp129[18:07:19] 403 -    2KB - /settings.php~130[18:07:19] 403 -    2KB - /settings.php.txt131[18:07:20] 301 -  170B  - /sql  ->  http://192.168.1.202/sql/               132[18:07:20] 403 -    2KB - /sql/                                             133[18:07:22] 400 -    2KB - /Trace.axd::$DATA                                 134[18:07:22] 403 -    2KB - /upload.php3                                      135[18:07:22] 403 -    2KB - /var/bootstrap.php.cache                          136[18:07:23] 400 -    2KB - /web.config::$DATA                                137[18:07:23] 403 -    2KB - /wp-config.php.0                                  138[18:07:23] 403 -    2KB - /wp-config.php.1139[18:07:23] 403 -    2KB - /wp-config.php.2140[18:07:24] 403 -    2KB - /wp-config.php-bak                                141[18:07:24] 403 -    2KB - /wp-config.php.3142[18:07:24] 403 -    2KB - /wp-config.php.4143[18:07:24] 403 -    2KB - /wp-config.php.5144[18:07:24] 403 -    2KB - /wp-config.php.bak145[18:07:24] 403 -    2KB - /wp-config.php.6146[18:07:24] 403 -    2KB - /wp-config.php.8147[18:07:24] 403 -    2KB - /wp-config.php.7148[18:07:24] 403 -    2KB - /wp-config.php.backup149[18:07:24] 403 -    2KB - /wp-config.php.cust150[18:07:24] 403 -    2KB - /wp-config.php.9151[18:07:24] 403 -    2KB - /wp-config.php.bak1152[18:07:24] 403 -    2KB - /wp-config.php.dist153[18:07:24] 403 -    2KB - /wp-config.php.disabled154[18:07:24] 403 -    2KB - /wp-config.php.new155[18:07:24] 403 -    2KB - /wp-config.php.bk156[18:07:24] 403 -    2KB - /wp-config.php.inc157[18:07:24] 403 -    2KB - /wp-config.php.old158[18:07:24] 403 -    2KB - /wp-config.php.orig159[18:07:24] 403 -    2KB - /wp-config.php.original160[18:07:24] 403 -    2KB - /wp-config.php.save161[18:07:24] 403 -    2KB - /wp-config.php.swn162[18:07:24] 403 -    2KB - /wp-config.php.swo163[18:07:24] 403 -    2KB - /wp-config.php.txt164[18:07:24] 403 -    2KB - /wp-config.php.swp165[18:07:24] 403 -    2KB - /wp-config.php.zip166[18:07:24] 403 -    2KB - /wp-config.php_167[18:07:24] 403 -    2KB - /wp-config.php~168[18:07:24] 403 -    2KB - /wp-config.php_bak169[18:07:24] 403 -    2KB - /wp-config.php_1170[18:07:24] 403 -    2KB - /wp-config.php_Old171[18:07:24] 403 -    2KB - /wp-config.php_new172                                                                             173Task Completed