CTF@CIT 2025

比赛地址:CTF@CIT 2025

比赛时间:26 Apr 2025 05:00 CST - 28 Apr 2025 03:00 CST

Misc

Blank Image

Challenge

I was gonna make a really cool challenge but then I literally forgot about it so all I have is this blank image. Good luck!

Solution

LSB 隐写

CITCTF2025-1

1
CIT{n1F0Rsm0Er40}

I AM Steve

Challenge

You were supposed to be a hero, Brian!

SHA256: 01b3dbe5d8801adf27a9bb779d85ef4c8881905544642fbdbdd41e54e4d0ae5e

Solution

CITCTF2025-2

其实还是 LSB 隐写

1
VEhJU19pc19hX2NyYWZ0aW5nX3RhYmxl

CITCTF2025-3

多了一步 base64 解码罢了

1
CIT{THIS_is_a_crafting_table}

sw0906

Challenge

Deceive you, the bytes do. Look deeper, you must.

SHA256: b3ca30e35e55e20406c278eb5accdb78ef028b001837f2bfaadda5760943f7f3

Solution

CITCTF2025-4

不知道是什么二进制文件,用 010 打开

文件头估计是被改过看不出来,但是文件尾是熟悉的 FF D9 ,推测这是一张 .jpg 文件

CITCTF2025-5

从这里可以很轻易地看出来每四个字节经过了一次反转,写一个脚本把它们还原

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
def reverse_every_4_bytes(input_file, output_file):
    with open(input_file, 'rb') as f:
        data = f.read()

    # 将数据转换为字节数组以便修改
    byte_array = bytearray(data)

    # 每4个字节进行反转
    for i in range(0, len(byte_array), 4):
        chunk = byte_array[i:i+4]
        # 反转当前4字节的块
        reversed_chunk = chunk[::-1]
        # 将反转后的块放回原位置
        byte_array[i:i+4] = reversed_chunk

    with open(output_file, 'wb') as f:
        f.write(byte_array)

input_filename = "yoda"
output_filename = "yoda.jpg"
reverse_every_4_bytes(input_filename, output_filename)

CITCTF2025-6

1
CIT{h1dd3n_n0_m0r3_1t_i5}

Forensics

Brainrot Quiz!

Challenge

Bombardiro Crocodillo or…? You find out…

SHA256: e5f5d4e97506233266904e460fdfea4fc3ce2bf1542dc122283835c545fb8516

Solution

打开题目给的流量包,发现里面很多大小写字母和数字混杂的内容,看着像 base64 编码,先试试看搜索 ==

CITCTF2025-7

只有第 11 行符合条件,内容是

1
Q0lUe3RyNGw0bDNyMF90cjRsNGw0fQ==

复制下来解码

CITCTF2025-8

1
CIT{tr4l4l3r0_tr4l4l4}

True CTF Love

Challenge

I got this strange email from another CTF participant not too long ago. I am just not sure what they mean by this…

Do you love CTFs as much as they do?

SHA256: 07cb654ce87444f158a52228848eb4eb501738913dfca44a2f227fb73ee9ed4b

Solution

CITCTF2025-9

在这封电子邮件的 DKIM(DomainKeys Identified Mail)签名部分发现了端倪

1
2
3
4
5
6
7
8
9
10
11
12
13
14
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=waifu.club; s=mail;
	t=1745339340; bh=HSq3Fk4UngoT3615kRTwX9TQfq9o0GNk3L5esFLg2e4=;
	h=Date:From:To:Subject:From;
	b=e65uxTcZ2s8RKde5x7GoMWDhM27qMUa2vpmCC6uPR/kCsC5Tl1lgVNCik9TBiIn7x
	 ThMSG0m17ElJR+eQ3IFACqhDjoJkCdLo+iYAwvx4Go1OOYUYRx7dn7tUisIKy2p7Ns
	 DjJMauF8H1fwIpO6kFZKUPiPescPp6mBJIWBOARUNxRSSReBJv+B8GibZJbN4c64c0
	 wOVpmrc1P3sGs/K1i8sjzcHVJyNdBBV2e71n5gJFfbo5EkM/HSmba8Vvfdg2BGkVaY
	 OriRs9vs5+XwV8v9stPhL48avJipOSz1ykfbXW3//QZYpAOGyQz8lhE2cek5YLJulB
	 yO/Pz8vtbkwjA==
	b=V293LCB3aGF0IGEgYmVhdXRpZnVsIGxpdHRsZSBwb2VtLiBJIGFsbW9zdCBzaGVkI
	 GEgdGVhciByZWFkaW5nIHRoYXQuIEhvcGVmdWxseSB5b3UgbGVhcm5lZCBtb3JlIGFi
	 b3V0IGVtYWlsIGhlYWRlcnMuIEJ1dCBzZXJpb3VzbHksIGl0IGdldHMgbWUgd29uZGV
	 yaW5nLi4uIGRvIHlvdSBsb3ZlIENURnMgYXMgbXVjaCBhcyB0aGV5IGRvPwoKQ0lUe2
	 lfbDB2M19jdGYkX3QwMH0=

b=... 是由私钥加密生成的实际的签名值,但第 2 个 b 可不是,这是藏有 flag 的一段文本经过 base64 编码后的字符串

CITCTF2025-10

1
CIT{i_l0v3_ctf$_t00}

We lost the flag

Challenge

Sorry everyone, we unfortunately lost the flag for this challenge.

SHA256: d1058ed414e6e45f4d2c7cc41baf73b3778a80be18cdf2d6470348c72ab01dfd

Solution

直接打开发现文件受损了,于是用 010 打开看看是怎么回事

CITCTF2025-11

看到 JFIF 说明这本该是 .jpg 文件,所以第一步先把后缀改一下

此时文件还是损坏的,因为文件头还是不对,要把文件头改成 jpg 的 FF D8 DD E0

CITCTF2025-12

然后就可以打开了

CITCTF2025-13

1
CIT{us1ng_m4g1c_1t_s33m5}

Bits 'n Pieces

Challenge

Somewhere in these digital fragments lies what you’ve been searching for your entire lifetime, or really just this weekend 😉

SHA256: 4b52731748484ecaa9ba3a5c8ec455675c78d0e3f8ac349a2a54e5e1f0cbb2a1

Solution

先用 010 打开查看这个二进制文件是什么

CITCTF2025-14

发现这是 RDP(远程桌面协议)位图缓存,搜索找到了两个工具 ANSSI-FR/bmc-toolsBSI-Bund/RdpCacheStitcher

现在当前目录下新建一个文件夹,将其命名为 Cache ,然后运行以下命令来使用 bmc-tools 复原图片

1
python bmc-tools.py -s "Cache0000.bin" -d .\Cache

运行后会得到 2992 个图片碎块,接下来使用 RdpCacheStitcher 把它们拼接起来

CITCTF2025-15

1
CIT{c4ch3_m3_if_y0u_c4n}

OSINT

No Country for Old Keys

Challenge

What is Anthony McConnolly’s API key?

Solution

CITCTF2025-16

经过搜索 Anthony McConnolly 可以找到这个仓库 antmcconn/ai-web-browser

在这条 commit 记录 Comparing 3e4b4a03e2ff193706b66afe09fcf827b63727f1…806376a8850cc1edfc0d7d94a4f8ff6272483f0d · antmcconn/ai-web-browser 找到 api

CITCTF2025-17

1
CIT{ap9gt04qtxcqfin9}

The Domain Always Resolves Twice

Challenge

What is Anthony McConnolly’s favorite domain registrar?

Solution

经过搜索 Anthony McConnolly 可以找到这个帖子#pentesting #cybersecurity #learning #infosec #ethicalhacking | Anthony McConnolly

CITCTF2025-18

whois 查询这个域名 Whois ippsec.rocks

CITCTF2025-19

1
CIT{GoDaddy.com, LLC}