国外的CTF比赛,前面很简单,感觉很适合入门,地址:https://2018game.picoctf.com/

Forensics Warmup 1

压缩包解开就有

Forensics Warmup 2

反正我能直接打开emmm

General Warmup 1

进制转换,略…

General Warmup 2

进制转换,略…

General Warmup 3

进制转换,略…

Resources

视频下面有flag

Reversing Warmup 1

编辑器打开查找flag

Reversing Warmup 2

base64

Crypto Warmup 1

维吉尼亚密码

Crypto Warmup 2

rot13密码

grep 1

一样用编辑器打开找flag

net cat

nc一下喽

HEEEEEEERE’S Johnny!

通过passwd和shadow爆破密码,使用kali破解

1
2
3
root@kali:~/Desktop# unshadow passwd shadow > flag_passwd
root@kali:~/Desktop# john --wordlist=/usr/share/john/password.lst flag_passwd
root@kali:~/Desktop# john --show flag_passwd

参考:Kali Linux:使用John the Ripper破解密码

strings

strings一下,编辑器打开也找得到

pipe

payload
1
nc 2018shell2.picoctf.com 44310 >>1.txt

使用telnet也行,如果使用ssh会得到一个错误答案2333。

Inspect Me

留意页面提示,flag分别在index、js和css里

grep 2

payload
1
find /problems/grep-2_4_06c2058761f24267033e7ca6ff9d9144/files/.|xargs grep "picoCTF"

Aca-Shell-A

失败了n次,总算过了。。。

Payload
1
2
3
4
5
6
7
8
9
10
11
12
13
cd secret
ls
rm intel*
echo 'Drop it in!'
cd
cd executables
ls
./dontLookHere
whoami
cd
cp /tmp/TopSecret passwords
cd passwords
cat TopSecret

Client Side is Still Bad

源码js部分
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
function verify() {
checkpass = document.getElementById("pass").value;
split = 4;
if (checkpass.substring(split*7, split*8) == '}') {
if (checkpass.substring(split*6, split*7) == '17e9') {
if (checkpass.substring(split*5, split*6) == 'd_91') {
if (checkpass.substring(split*4, split*5) == 's_ba') {
if (checkpass.substring(split*3, split*4) == 'nt_i') {
if (checkpass.substring(split*2, split*3) == 'clie') {
if (checkpass.substring(split, split*2) == 'CTF{') {
if (checkpass.substring(0,split) == 'pico') {
alert("You got the flag!")
}
}
}

}
}
}
}
}
else {
alert("Incorrect password");
}
}

Desrouleaux

最后一个问题没看懂,参考:https://medium.com/@anglee19/forensics-question-desrouleaux-solved-2a8b692d2425

Logon

打开代理,将admin=False改成admin=True

Reading Between the Eyes

Recovering From the Snap

用WinHex打开,可以看到在00009A00处有jpg的文件头,将前面的数据删除。


用bingwalk扫描发现多张图片,用foremost分离出来,flag在最后一张图里。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
root@kali:~/Desktop# binwalk animals.dd 

DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
30 0x1E TIFF image data, big-endian, offset of first image directory: 8
632832 0x9A800 JPEG image data, JFIF standard 1.01
1126400 0x113000 JPEG image data, JFIF standard 1.01
1517568 0x172800 JPEG image data, JFIF standard 1.01
1773568 0x1B1000 JPEG image data, JFIF standard 1.01
1773598 0x1B101E TIFF image data, big-endian, offset of first image directory: 8
2097152 0x200000 JPEG image data, JFIF standard 1.01
2097182 0x20001E TIFF image data, big-endian, offset of first image directory: 8
2568192 0x273000 JPEG image data, JFIF standard 1.01
2568222 0x27301E TIFF image data, big-endian, offset of first image directory: 8
2961408 0x2D3000 JPEG image data, JFIF standard 1.01
2961438 0x2D301E TIFF image data, big-endian, offset of first image directory: 8

root@kali:~/Desktop# foremost animals.dd
Processing: animals.dd
|*|
root@kali:~/Desktop#

admin panel

查找分组字节流

查找分组字节流

Mr. Robots

访问robots.txt文件