文章分类 - 安全
网络安全
摘要:cs流量特征: 两张图片末尾存在分开的压缩包,合并发现cskey flag{31975589df49e6ce84853be7582549f4} flag{P@ssW0rd@123} flag{87a76255029843238bf87091dd5a6c88} PolarCTF@2025Spring
阅读全文
posted @ 2025-05-03 22:25
lethe311
摘要:修改png的高 binwalk分离 使用key解压缩docx 得到压缩包,需密码 key:shenglingshidai ida逆向发现key函数 #include <stdio.h> #include <string.h> int main() { int flag[50]; // [esp+10
阅读全文
posted @ 2025-05-03 20:31
lethe311
摘要:得到flag{c930a20729cd710c9ac2e1bcd36856e5} 得到flag{1b030dacb6e82a5cca0b1e6d2c8779fa} 最后cat /cf/conf/config.xml(pfsense普通用户的IPsec预共享密钥文件) 得到flag{bde4b5e2d
阅读全文
posted @ 2025-05-03 19:35
lethe311
摘要:发现有些单元格加粗了 替换全部加粗单元格的图案为黑色 设置行高100,列宽1 qrsearch:
阅读全文
posted @ 2025-05-03 18:52
lethe311
摘要:import hashlib letter = { "q": "a", "w": "b", "e": "c", "r": "d", "t": "e", "y": "f", "u": "g", "i": "h", "o": "i", &quo
阅读全文
posted @ 2025-05-03 16:53
lethe311
摘要:用potplayer打开属性找到内嵌的图片 16进制发现末尾存在flag等其他文件 使用binwalk -e 'Cover (front).png' --run-as=root分离
阅读全文
posted @ 2025-05-03 16:25
lethe311
摘要:题目: unsigned __int64 sub_D7F() { unsigned int v1; // [rsp+0h] [rbp-10h] BYREF _DWORD nbytes[3]; // [rsp+4h] [rbp-Ch] BYREF *(_QWORD *)&nbytes[1] = __r
阅读全文
posted @ 2025-05-03 15:15
lethe311
摘要:题目: int sub_F4B() { int v1; // [rsp+4h] [rbp-Ch] BYREF unsigned __int64 v2; // [rsp+8h] [rbp-8h] v2 = __readfsqword(0x28u); puts("Please Input index:"
阅读全文
posted @ 2025-05-03 14:35
lethe311
摘要:题目: 阴阳怪气: script: import string import hashlib # 云影 str = "88421048040142242012210140881088421010882010884208842101" str = str.split("0") print(str) c
阅读全文
posted @ 2025-05-03 11:00
lethe311
摘要:KOBE NUMBERONE,解压缩包得到936382_232162_3163_4381 ,根据提示为9键加密 解密: key_map = { "1": [",", "。", "?", "!"], "2": ["A", "B", "C"], "3": ["D", "E", "F"], "4": ["
阅读全文
posted @ 2025-05-03 00:13
lethe311
摘要:👊👢👧👉👎🐽👅👁👈🐧👉👆👈👣👟👐👊👱🐧🐰👇👈🐴🐴 base100: SkpRWFNJQ0ROQlhYSz09PQ== base64: JJQXSICDNBXXK base32: Jay Chou
阅读全文
posted @ 2025-05-02 23:04
lethe311
摘要:WYDZSNZWSB 发现这图片来自周杰伦的音乐专辑:11月的肖邦 结合WYDZSNZWSB和题目描述推测这应该是最后一句歌词的首字母缩写,最终在专辑中找到《枫》 我要的只是你在我身边
阅读全文
posted @ 2025-05-02 22:54
lethe311
摘要:小明的猫咪离家出走了,在离开前小猫留下一段话: ~呜喵呜呜~呜喵啊喵啊啊呜喵呜呜啊呜啊~呜呜~喵呜~~喵呜~啊呜啊呜喵呜呜喵~喵~~喵啊喵呜喵呜啊呜啊~呜啊~啊喵~~啊~~喵~啊啊~呜啊啊喵喵啊啊~啊啊啊~呜啊呜呜~呜啊啊~啊喵~呜喵~啊~喵啊呜呜喵~~喵啊~啊~呜~~喵~~~~呜~喵啊呜啊~~~~
阅读全文
posted @ 2025-05-02 22:15
lethe311
摘要:题目: 密文打开时乱码 私钥 from gmpy2 import * from sympy import factorint from Crypto.PublicKey import RSA from Crypto.Util.number import * f = open(r"C:\Temp\20
阅读全文
posted @ 2025-05-02 22:05
lethe311
摘要:TripleDES(BASE64(AES( flag{U2FsdGVkX1/pJiphUy6Qlf9WRoLg9kJPzHyBmk0SxAbWD7k/j97kG5kJTiahSaMK GqNmYa8C0uZ7R3T0ccWj2/+HDWwe/qmL08+hjDKJD+o=} ) ) ) XOR (
阅读全文
posted @ 2025-05-02 20:42
lethe311
摘要:题目: 呜嗷嗷嗷嗷呜啊嗷啊呜呜嗷呜呜呜啊呜啊嗷啊呜嗷嗷呜嗷呜呜嗷呜嗷嗷嗷嗷呜啊嗷啊嗷呜嗷呜呜嗷啊嗷啊嗷啊呜嗷嗷嗷嗷呜嗷嗷嗷嗷嗷嗷嗷呜啊嗷啊啊呜嗷呜呜啊呜啊啊嗷啊呜~~啊啊嗷呜呜呜嗷啊嗷嗷嗷呜啊嗷~嗷啊
阅读全文
posted @ 2025-05-02 20:07
lethe311
摘要:思路: 构造双重身份的chunk->放入unsorted bin中->泄露libc->添加2个chunk(0,1)->free(1)(在fastbin中)->编辑0修改1的fd指向malloc-0x23->把fackchunk申请回来,修改malloc值为onegadget->调用malloc即调用
阅读全文
posted @ 2025-05-02 19:41
lethe311
摘要:思路: 申请3个chunk(0,1,2)-> 释放1 ->编辑0修改1的fd为magic-0x23->把fackchunk申请回来,写入0xffffffffffffffff*0x23,覆盖到magic->shell from pwn import * from LibcSearcher import
阅读全文
posted @ 2025-05-02 18:30
lethe311
摘要:思路: 构造双重身份的chunk泄露libc->伪造malloc附近的trunk->编辑将onegadget的值给malloc->调用malloc即调用onegadget->shell from pwn import * from LibcSearcher import * def conn():
阅读全文
posted @ 2025-05-01 23:46
lethe311
摘要:from pwn import * from LibcSearcher import * def conn(): global r,Libc,elf #r = process("./bl") Libc = ELF("./libc.so.6") r = remote("1.95.36.136", 20
阅读全文
posted @ 2025-05-01 20:39
lethe311
浙公网安备 33010602011771号