畸形的爱 解压密码 1Parloo&zgsfsys&onefox&solar**juyt 主机名 操作系统登录 服务登录 WebServer root/root https://192.168.20.102:9443/admin/VF6NXMs7 SQL 服务器 sql/sql Windows7 PC 1 administrator/wmx666 Windows10 PC2 administrator/zjl@123 1. 提交攻击者使用的攻击 ip 地址 1 在 webserver 查看 nginx 日志 1cat /var/log/nginx/access.log.1 | grep 'GET' 1palu{192.168.31.240} 2. 提交攻击者使用的攻击 ip 地址 2 在 PC2 的回收站发现简历.zip,压缩包里面有一个简历.exe 放到安恒云沙箱检测 1palu{192.168.31.11} 3. 提交攻击者暴力破解开始时间 查看 docker 启动的服务 12345root@ubuntu:/h ...
Misc Cropping Challenge 无 Solution 伪加密修复后解压两次得到图片碎片,用脚本拼起来得到二维码,扫描即可得到 flag 12345678910111213141516171819202122232425262728293031323334353637383940from PIL import Imageimport os# 设置路径folder = 'tiles'# 获取所有 tile_x_y.png 文件tiles = [f for f in os.listdir(folder) if f.startswith("tile_") and f.endswith(".png")]# 排序确保正确顺序:tile_row_col.png# 我们可以根据文件名中的 row 和 col 数字排序def tile_key(fname): parts = fname.replace("tile_", "").replace(".png", "").split("_") return int(parts[0]), int(parts[1])tiles.s ...
Warmups Naham-Commencement 2025 Challenge Author: @HuskyHacks Welcome, Naham-Hacker Class of 2025! This challenge is your official CTF opening ceremony. Enjoy the CTF, play fair, play smart, and get those flags! BEGIN! 📯 (True story: NahamSec originally contracted me to built the actual NahamCon site. I showed this to him as a prototype and he said “you know, let’s actually move you to the CTF dev team…”) NOTE, we have noticed an odd gimmick with this challenge – if you seem to repeatedly see ...
Misc 数学天才 Challenge 森莫?要爆零了!那来签个到吧。 hint: 试炼一和试练二两个一起看解压葵花宝典 Solution 数学天才.txt 给出的提示如下: 小伙子,我看你骨骼清奇,必是旷世奇才,那就考验一下你的悟性吧!试炼一:斜下对角线的数字,是打开葵花宝典的密钥。试炼二:为师不想要死,为师喜欢 $。试炼三:你是第 60 位前来考核的人员,想想该怎么读懂葵花宝典呢? 题目给的图片是一个杀手数独(Killer Sudoku),要求实现: 标准数独的规则(行、列和 3×3 方块不能重复) Killer Sudoku 特有的笼子 (cage) 约束 使用回溯算法寻找解决方案 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010 ...
赛后复现的题目标题前用🔁标注。感谢群内大佬的解惑。 Misc 音频的秘密 Chllenge 音频也会有秘密吗? Solution 一开始还以为是摩斯电码,在这里耗了很长时间(好气) 用 SilentEye 提取隐写文件,sound quality 选 low 拿到加密压缩包 爆破得到密码 1234 LSB 隐写拿到 qzvk{Ym_LOVE_MZMP_30vs6@_nanmtc_q0i_J01_1} 结合这个不难猜到是维吉尼亚加密,密码就是 lovely 1flag{No_AAAA_BBBB_30ao6@_cccyyy_f0k_Y01_1} Terminal Hacker Challenge 黑客的世界,从敲下第一个命令开始…… 进入你的终端,尝试找出那串藏在系统深处的字符串。 附件: hacker.exe 找到隐藏的 flag。 flag 格式: flag Solution 先用 pyinstxtractor 解包,然后用 pycdc 反编译 1flag{Cysay_terminal_game_hacked_successfully} 数据识别与审计 Cha ...
Misc 量子迷宫 Challenge 未来量子实验室的 AI 将机密数据加密成了量子迷宫,每一行代表一个量子比特操作。只有通过逆向坍缩观测,才能还原出被量子噪声掩盖的密钥。实验室遗留的日志文件似乎隐藏着关键线索(flag 格式:palu {32 位 md5}) Solution 提取出 QUBIT | 后面的字符(索引为 6)并连接 -> 二进制转字符(字节长度为 8) 123456789101112data = """QUBIT|0⟩ → X GateQUBIT|1⟩ → Y Gate PHOTON: 2492°QUBIT|1⟩ → X Gate..."""bits = ''.join([line[6] for line in data.splitlines() if len(line) > 6])for i in range(0, len(bits), 8): chunk = bits[i:i+8] char = chr(int(chunk, 2)) print(char,end="") 1palu{aea437c12b149750383fe5 ...
Misc ez_xor 写一个 Python 脚本爆破 XOR 加密的谜题 ,找出以 flag{ 开头的明文内容 123456789101112131415161718192021222324252627def xor_decrypt(ciphertext_bytes, key): return bytes(b ^ key for b in ciphertext_bytes)def is_printable_ascii(data): try: decoded = data.decode('ascii') return all(32 <= c <= 126 for c in data) except Exception: return Falsedef find_flag(ciphertext_hex): ciphertext_bytes = bytes.fromhex(ciphertext_hex.replace('-', '')) for key in range(256): d ...
比赛地址:Incognito CTF 6.0 比赛时间:2025-04-28 08:00 - 2025-04-29 08:00 复现的题目用🔁标注 Digital Forensics The Fragmented Truth Challenge The Fragmented Truth In this sea of chaos, can you uncover the signal, where ictf holds the key to rising above the noise in the transmission? Solution 搜索 ictf 后找到第 22 条流量 发现这是一张 .png 图片,保存下来 1ictf{1n_7h3_s1l3nc3_0f_fr4gm3n75_w3_r3v34l} The Spectral Image b6414 Challenge The Spectral Image b6414 Remember, sometimes the key to unlocking an image isn’t through typical ...
比赛地址:UniVsThreats CTF 2025 比赛时间:2025-05-03 18:00 - 2025-05-04 18:00 Forensics Dark Web Stories Challenge You were running a Tor exit node on dark web to intercept some traffic from different .onion websites. It was pretty boring, until, at some point, you got something interesting. It seems that somebody was trying to penetrate an illegal website in order to find something about an underground organization. You saved the dump of the traffic and now it’s time to analyze it more in depth. Find ...
比赛地址:CTF@CIT 2025 比赛时间:26 Apr 2025 05:00 CST - 28 Apr 2025 03:00 CST Misc Blank Image Challenge I was gonna make a really cool challenge but then I literally forgot about it so all I have is this blank image. Good luck! Solution LSB 隐写 1CIT{n1F0Rsm0Er40} I AM Steve Challenge You were supposed to be a hero, Brian! SHA256: 01b3dbe5d8801adf27a9bb779d85ef4c8881905544642fbdbdd41e54e4d0ae5e Solution 其实还是 LSB 隐写 1VEhJU19pc19hX2NyYWZ0aW5nX3RhYmxl 多了一步 base64 解码罢了 1CIT{THIS_is_a_crafting_table} ...