【小白教程】CTF从入门到入门-06
2023-6-14 00:4:13 Author: 利刃信安攻防实验室(查看原文) 阅读量:6 收藏

26.alert

https://ctf.bugku.com/challenges/detail/id/73.html

查看源码:

view-source:http://114.67.175.224:11099/

flag{5b3f279d810f132eab718bba5eb20fb3}

27.你必须让他停下

https://ctf.bugku.com/challenges/detail/id/74.html

查看源码,刷新

view-source:http://114.67.175.224:18536/

28.入门逆向

https://ctf.bugku.com/challenges/detail/id/99.html

用IDA打开文件即可看到

29.signin

https://ctf.bugku.com/challenges/detail/id/136.html

使用jeb打开文件

.method private getFlag()String          .registers 300000000  invoke-virtual      MainActivity->getBaseContext()Context, p000000006  move-result-object  v000000008  const               v1, 0x7F0B0020        # string:toString "991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ"0000000E  invoke-virtual      Context->getString(I)String, v0, v100000014  move-result-object  v000000016  return-object       v0.end method
.method private showMsgToast(String)V .registers 300000000 const/4 v0, 100000002 invoke-static Toast->makeText(Context, CharSequence, I)Toast, p0, p1, v000000008 move-result-object p10000000A invoke-virtual Toast->show()V, p100000010 return-void.end method
.method public checkPassword(String)V .registers 500000000 invoke-direct MainActivity->getFlag()String, p000000006 move-result-object v000000008 new-instance v1, StringBuffer0000000C invoke-direct StringBuffer-><init>(String)V, v1, v000000012 invoke-virtual StringBuffer->reverse()StringBuffer, v100000018 move-result-object v00000001A new-instance v1, String0000001E invoke-virtual StringBuffer->toString()String, v000000024 move-result-object v000000026 const/4 v2, 000000028 invoke-static Base64->decode(String, I)[B, v0, v20000002E move-result-object v000000030 invoke-direct String-><init>([B)V, v1, v000000036 invoke-virtual String->equals(Object)Z, p1, v10000003C move-result p10000003E if-eqz p1, :4E:4200000042 const-string p1, "Congratulations !"00000046 invoke-direct MainActivity->showMsgToast(String)V, p0, p10000004C goto :58:4E0000004E const-string p1, "Try again."00000052 invoke-direct MainActivity->showMsgToast(String)V, p0, p1:5800000058 return-void.end method

根据上面代码,把字符串991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ先反置后base64解码

res, err := codec.DecodeBase64("991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ".Reverse())die(err)println("解码后为: ")dump([]byte(res))

flag{Her3_i5_y0ur_f1ag_39fbc_}

30.ping

https://ctf.bugku.com/challenges/detail/id/164.html

每一条数据中的data字段前两个字节为一个十六进制,把前面两个十六进制转换为10进制,然后对照acsii码表的值. 拿到flag。

tshark -r ping.pcap -T fields -e data.data | cut -c -2 | awk '{printf($1)}'

┌──(kali㉿kali)-[~/桌面]└─$ tshark -r ping.pcap -T fields -e data.data | cut -c -2 | awk '{printf($1)}'666c61677b64633736613165656536653338323238373765643632376530613034616234617d


文章来源: http://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247504633&idx=2&sn=2349bb01fb69525b626d58ac1ee38864&chksm=fbfb6234cc8ceb225e0967fab57a196b6841af85c63d978213b9311e94ce3489bd97e798e99c#rd
如有侵权请联系:admin#unsafe.sh