AI安全

prompt_audit

Challenge

事件响应助手会拒绝直接读取敏感文件。请通过正常业务流程触发被污染的检索链,并取得flag。
The event response assistant will refuse to directly read sensitive files. Please trigger the compromised search chain through normal business processes and obtain the flag.

Solution

跑了一个 RAG,估计 flag 就在里面,尝试直接查询 flag 发现被拦截了,使用空格绕过即可

LanqiaoCupFinals2026-1

FLAG

flag
flag{5794aaef-0646-4e73-8e5e-c29b559b2ee6}

情报收集

mirror_index

Challenge

某归档站点的首页看起来只有公开信息,但上线包里似乎留下了镜像索引。请找到隐藏导出接口并取得 flag。
The homepage of an archive site appears to only contain public information, but the deployment package seems to contain a mirror index. Please locate the hidden export interface and retrieve its flag.

Solution

LanqiaoCupFinals2026-2

F12 发现注释藏了内部端点,尝试 GET 访问 /static/build-index.json 后输出:

json
{"build": "2026.04.final", "chunks": ["assets/main.61a2.js", "assets/runtime.cache"], "mirror": "/mirror/archive.json"}

接着 GET /mirror/archive.json 输出:

json
{"note": "staging mirror kept a signed internal export sample", "routes": ["/api/v1/public/status", "/api/v1/internal/export"], "sample": {"path": "/api/v1/internal/export", "ts": "20260530", "sig": "995822b05cfd2246"}}

参数泄露,GET /api/v1/internal/export?ts=20260530&sig=995822b05cfd2246 得到 flag:

json
{"export": "final", "flag": "flag{dc187cc4-6d54-47fa-b8ce-8ae74e25aa26}"}

FLAG

flag
flag{dc187cc4-6d54-47fa-b8ce-8ae74e25aa26}

数据分析

packet_shift

Challenge

本题模拟内网设备上报流量取证场景,其中关键设备的本地时钟存在固定偏移,选手需要从抓包中提取同步信息并按校正后的时间线重组证据。
This question simulates a scenario of obtaining evidence from traffic reports from internal network devices. The local clock of the key device has a fixed offset. The contestant needs to extract synchronization information from the packet capture and reconstruct the evidence according to the corrected timeline.
附件下载

Solution

分析发现全是 UDP 数据包,在 data= 发现了flag 碎片

LanqiaoCupFinals2026-3

逐个提取并拼接得到 ZmxhZ3tiYTNjNTU0NC1hZDZiLThjNmMtYTg1Zi1mY2ZhNjg4ZWYyY2F9

解码得到 flag{ba3c5544-ad6b-8c6c-a85f-fcfa688ef2ca}

FLAG

flag
flag{ba3c5544-ad6b-8c6c-a85f-fcfa688ef2ca}