

threst's Blog

tjctf2018wp

threst's Blog

tjctf2018wp

ctf

 2018/10/04   Share

• 
• 
• 
• 
• 

Trippy

strings be37fef78cfd6c7deda71154f567e6d0cfefbda1f80698c064bab469d3a54c58_trippy.gif | grep tjctf

Interference

1.将v1和v2用stegsolveadd下，保存图片，在改变图片的偏移量，找到黑白的二维码，用windows反色，扫描出flag
2.compare v1.png v2.png output.png再把output.png用stegsolve调至黑白，windows反色.

Grid Parser

1. 解压文件，发现有个password.png，用binwalk提取出zip，使用fcrackzip --brute-force --charset a1 --length 1-3 --use-unzip xxxx.zip，爆破出密码为px

Weird Logo

直接stegsolve

Lexington State Bank

安装zsteg
gem install zsteg
直接命令zsteg lsb.png

Huuuuuge

nmap扫描
结果如下

Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-19 21:41 CST
Nmap scan report for 226.187.154.104.bc.googleusercontent.com (104.154.187.226)
Host is up (0.22s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
5901/tcp closed vnc-1
9418/tcp open   git

Nmap done: 1 IP address (1 host up) scanned in 17.20 seconds

开放ssh和git，直接git clone git://104.154.187.226/huuuuuge失败，参考这个链接
用以下命令，正好题目说不要思考太深.
git clone --depth 1 git://104.154.187.226/huuuuuge

RC4 took an L

https://github.com/dstein64/LC4/blob/master/documentation.md

In [1]: import lc4

In [2]: key  = "pq_xc589r3nb#mgjtkh7w2dlfvy4eaoi6uzs"

In [3]: encrypted = "wpwt#5ng4_qbitp#8mq59r_g866c4t59c6vy6tisj4af6bprfnbd_wrq2wjmr4ld_s26a7i#biiyqjolq8lus_wfus
   ...: fkj8xv2qrrv3etab_marovc#uuoueyl"

In [4]: decrypted = lc4.decrypt(key,encrypted)

In [5]: print(decrypted)
i_hope_that_by_making_this_long_you_will_assume_substitution_cipher_and_go_to_quip_qiup_the_flag_is#elsie_four_is_not_rc4

原文作者: threst

原文链接: https://threst.github.io/2018/10/04/tjctf2018misc/

发表日期: October 4th 2018, 1:34:10

版权声明: 本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

• Next Post
  phpgd绕过
• Previous Post
  网鼎杯wp

Powered by Hexotheme Archer

PV:

CATALOG

1. 1. Trippy
2. 2. Interference
3. 3. Grid Parser
4. 4. Weird Logo
5. 5. Lexington State Bank
6. 6. Huuuuuge
7. 7. RC4 took an L



• Archive
• Tag
• Cate

Total : 42

2019

• 01/23ES文件浏览器漏洞复现
• 01/23pwnable_bof
• 01/22pwnable_fd
• 01/22RLO文件名欺骗

2018

• 12/312018流水账
• 12/23readfile-0day复现
• 12/202018鹏城杯Myblog思考
• 12/18pwnable_collision
• 12/18pwnable_fd
• 11/22hackagame2018
• 11/14pwn之路_repeater(山东省赛)
• 11/11无处安放的wp(不定期更)
• 11/11pwn之路_ret2text
• 11/08hackover18
• 11/02BadUSB初探
• 11/02D-CTFQuals2018
• 10/16parrot安装
• 10/14极客大挑战wp
• 10/04phpgd绕过
• 10/04netcat食用指南
• 10/04csaw 2018 wp
• 10/04php安全
• 10/04网鼎杯wp
• 10/04tjctf2018wp
• 09/18CVE-2017-11882复现
• 09/15noxctf2018wp
• 09/11CVE-2017-8464漏洞复现
• 09/09双杀0day漏洞(CVE-2018-8174)复现
• 08/28ctf之隱寫術
• 06/15艰难的kali破解xp开机密码之路
• 06/06利用 PATH 环境变量进行 Linux 提权
• 06/0161随想
• 06/01常见文件格式分析
• 06/01如何在MIMIKATZ添加模块
• 05/30实验吧wp(持续更新)
• 05/29kali下安装docker
• 05/22你肯定不知道的GraphQL安全概述和测试技巧
• 05/17git一条龙(一看就会的那种)
• 05/12逆向入门--linux64
• 05/12逆向入门--ARM64的linux
• 05/12艰难的hexo上线
• 05/12isccwp

瞎记罢写 ctf CVE-2017-8464 apt BadUSB netcat CVE-2017-11882 git 系统 writeup kali docker php pwn 0day 安全客弃婴 CVE-2018-8174 writeup ctf



缺失模块。
1、请确保node版本大于6.2
2、在博客根目录（注意不是archer根目录）执行以下命令：
npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置：

jsonContent:
  meta: false
  pages: false
  posts:
    title: true
    date: true
    path: true
    text: false
    raw: false
    content: false
    slug: false
    updated: false
    comments: false
    link: false
    permalink: false
    excerpt: false
    categories: true
    tags: true

