比赛地址:TAMUctf 比赛时间:29 Mar 2025 06:00 CST - 31 Mar 2025 06:00 CST Start here! Howdy World Challenge Howdy World Welcome to TAMUctf 2025! Please enter the flag from tamuctf.com to prove that you are a real person 😃 The flag format is gigem{.*} unless otherwise specified Solution 签到题 1gigem{welcome!} Forensics Deflated Challenge Deflated Author: flocto I heard ZipCrypto Store has a vulnerability, so I’ve used ZipCrypto Deflate instead. Can you still get the flag? Notes Flag matches regex gig ...
比赛地址:CodeVinciCTF 比赛时间:29 Mar 2025 21:00 CST - 30 Mar 2025 21:00 CST 复现的题目用🔁标注 Intro Sanity Check Challenge Sanity Check misc I’m in a hurry, I’ll leave you the message in the attachments… 1Welcome to CodeVinci Beginner CTF 2025. The ...
比赛地址:SillyCTF 比赛时间:29 Mar 2025 20:00 CST - 30 Mar 2025 08:00 CST 复现的题目用🔁标注 Ice Spice Munch Music Challenge Munch Music Misc Easy Ice Spices new single got edited! Cleotrapa (Her opp) probably did it. Find the flag in the music. Solution 1sillyCTF{I-L0Ve-iC3-Spic3} You Thought I Was Feeling U? Challenge You Thought I Was Feeling U? Crypto Easy Ice Spice encoded her diary using her own langauge called Icespician. Crack the code to find out her secret. https://shorturl.at/0fHhZ Unlock Hint f ...
比赛地址:WolvCTF 2025 比赛时间:22 Mar 2025 07:00 CST - 24 Mar 2025 07:00 CST 复现的题目用🔁标注 Beginner PicturePerfect - Forensics Challenge PicturePerfect - Forensics Author: carmengh Wow what a respectful, happy looking lad! Hmmmmmmm, all I see is a snowman… maybe some details from the image file itself will lead us to the flag. Unlock Hint for 0 pointsImages have interesting information in their metadata! Solution 直接看元信息即可 123456789101112131415161718192021222324252627282930exiftool-13.25_64>exiftool ...
比赛地址:Cyber Apocalypse CTF 2025: Tales from Eldoria 比赛时间:21 Mar 2025 21:00 CST - 26 Mar 2025 20:59 CST 复现的题目用🔁标注 OSINT The Ancient Citadel Challenge The Ancient Citadel Deep in her sanctum beneath Eldoria’s streets, Nyla arranges seven crystalline orbs in a perfect circle. Each contains a different vision of stone battlements and weathered walls—possible matches for the mysterious fortress the Queen seeks in the southern kingdoms of Chile. The image in her central crystal pulses with ancient ...
比赛地址:2025 数字中国创新大赛数字安全赛道时空数据安全赛题暨三明市第五届 “红明谷” 杯大赛初赛 比赛时间:22 Mar 2025 10:00 CST - 22 Mar 2025 15:00 CST 复现的题目用🔁标注 Misc 异常行为溯源 Challenge 异常行为溯源 题目内容: 某企业网络安全部门人员正在对企业网络资产受到的攻击行为进行溯源分析,该工作人员发现攻击者删除了一段时间内的访问日志数据,但是攻击者曾传输过已被删除的访问日志数据并且被流量监控设备捕获,工作人员对流量数据进行了初步过滤并提取出了相应数据包。已知该攻击者在开始时曾尝试低密度的攻击,发现未被相关安全人员及时发现后进行了连续多日的攻击,请协助企业排查并定位攻击者 IP,flag 格式为:flag 附件下载 提取码(GAME)备用下载 Solution 附件是一个流量包 network_traffic.pcap,先用 wireshark 打开分析一下 发现所有流量包的 Data 都有这样的 Base64 数据 进一步分析发现这里面有一段 Json 数据,并且还包含了一段 Base64 数据, ...
比赛地址:PascalCTF 比赛时间:19 Mar 2025 23:00 CST - 20 Mar 2025 04:00 CST 复现的题目用🔁标注 Misc Base N’ Hex Challenge Base N’ Hex AlBovo I encrypted the flag but I don’t remember in what order. Can you help me? 12345678910111213141516171819# basenhex.pyfrom base64 import b64encodeimport random, osFLAG = os.getenv("FLAG").encode()assert FLAG.startswith(b"pascalCTF{")assert FLAG.endswith(b"}")def encode(input_string): if random.randint(0, 1) == 0: return b64encode(input_string) else: re ...
比赛地点:UTCTF 2025 比赛时间:15 Mar 2025 07:00 CST - 17 Mar 2025 07:00 CST 复现的题目用🔁标注 Misc Trapped in Plain Sight 1 可以看到 flag.txt 的文件权限为 -r-x------ 先运行 find / -perm -4000 -type f 2>/dev/null 查找具有 SUID 权限的文件 在这里找到了 xxd xxd 主要用于将文件内容以十六进制和 ASCII 的形式显示出来。它通常用于调试、分析二进制文件或查看文件的原始数据。 因此这里直接使用 xxd flag.txt 就可以查看这个文档里的内容了 🔁 Trapped in Plain Sight 2 ls -lah 发现文件的权限是 ----r-----+ 这里的 + 表示该文件或目录启用了访问控制列表(ACL, Access Control List) 。这意味着除了标准的文件权限外,还有一些额外的权限设置。 getfacl flag.txt 查看文件的 ACL 配置,发现用户 secretuser ...
比赛地址:FMCTF - Nowruz 1404 比赛时间:15 Mar 2025 21:30 CST - 16 Mar 2025 21:30 CST 复现的题目用🔁标注 OSINT A Revengefu Accident Challenge OSINT/A Revengefu Accident Inalov We’re searching for a fatal aviation accident that occurred before 1990. According to the accident report, a passenger carrying a S&W 29 revolver caused the disaster by shooting at the cabin crew. We need the Accident Number to revisit and revise the investigation. The aircraft involved in the accident is notable for its unique desi ...
CTF_notes
未读伪加密修复 工具 010 Editor 修复步骤 把 50 4B 03 04 14 00 和 50 4B 01 02 1F 00 后面的这两个字节改为 00 00 修复前: 修复后: CRC32 碰撞 工具 theonlypwner/crc32 攻击条件 被加密的文本文档很小(通常 4kb) 爆破多个压缩包中的 4 字节文件 攻击步骤 这里调用了 theonlypwner/crc32,要把下面的脚本放到同一个目录中 12345678910111213141516171819202122232425262728293031323334import zipfileimport stringfrom crc32 import CRC32Reversedef crack_zip(file_path, file_name, charset): charset_bytes = set(charset.encode('latin-1')) with zipfile.ZipFile(file_path, 'r') as zip_file: info = ...
