Web
Classic Childhood Game
观察到event.js中这个a变量
拿去输出
Base64解码两次
Become a member
Guess who am I
可以手动档 十几分钟也挺快的(是挺快的吧…)
自动挡如下,la佬的脚本
import requests
import json
data = [
{
"id": "ba1van4",
"intro": "21级 / 不会Re / 不会美工 / 活在梦里 / 喜欢做不会的事情 / ◼◻粉",
"avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=kSt5er0OQMXROy28nzTia0A&s=640",
"url": "https://ba1van4.icu"
},
......
]
dic = {}
for k in data:
dic[k["intro"]] = k["id"]
s = requests.Session()
url = 'http://week-1.hgame.lwsec.cn:xxxxx'
for i in range(100):
r = s.get(url+'/api/getQuestion')
intro = json.loads(r.text)["message"]
#print(intro)
r = s.post(url+'/api/verifyAnswer', data={'id':dic[intro]})
r = s.get(url+'/api/getScore')
print(r.text)
Show Me Your Beauty
文件上传,大小写绕过
PWN
Test_nc
nc连上命令执行
RE
Test_your_ida
搜索关键字hgame
Crypto
rsa
factor网站查到p,q
Misc
Sign in
base64解码得到
hgame{Welcome_To_HGAME2023!}
e99p1ant_wan
crc宽高爆破
hgame{e99p1ant_want_a_girlfriend_qq_524306184}
神秘的海报
StegSolve
得到前半段
hgame{U_Kn0w_LSB&W
然后去下载音频
steghide
此处密码是123456,也可以用字典跑
拼接得到
hgame{U_Kn0w_LSB&Wav^Mp3_Stego}