Press "Enter" to skip to content

Category: IceCTF

[IceCTF]Exposed! – 60pt

Question: John is pretty happy with himself, he just made hisfirst website! He used all the hip and cool systems,like NginX, PHP and Git! Everyone is so happy for him, but can youget him to give you the flag? Solution: 這是唯一一條很簡單 , 卻令我想破頭的題目 , 只怪自己經驗不夠 進到網站後 , 是一版純html的頁面寫著Hello World! 完全沒有利用的位置麻 這個時候我再看了下題目 , 發現這是使用Ngnix建設的 , 所以應該會有robots.txt吧? 所以查看了下 , 真的有!!! 而且有個檔案叫flag.php! 不過進去之前發現並沒有什麼用 那我們只好從git的方向中進手了 , 細看之下才發現/.git還沒有設置好權限! 所以我立馬把這個repository都clone下來再說 先看看flag.php是什麼東西 原來這頁面的作用是取得其目錄下的flag.txt , 然後再印在頁面上 可是我剛剛clone下來的目錄並沒有flag.txt呀? 這時候有必要看一下LOG了 原來flag.txt沒有的原因是被remove了.. 我們要做的只剩下restore flag.txt了 當我滿心歡喜拿去交的時候 , 竟然錯了 細看之下才發現被作者鄙視了 , 沒辦法之下我只好逐個試了 又被鄙視了.. 最後試到第5個的時候 , 終於得到flag了.. IceCTF{secure_y0ur_g1t_repos_pe0ple}

Comments closed

[IceCTF]Blue Monday – 60pt

Question: Those who came before me lived through their vocationsFrom the past until completion, they’ll turn away no more And stillI find it so hard to say what I need to say But I’m quite surethat you’ll tell me just how I should feel today. blue_monday Solution: 題目給出一個midi的音樂檔案 , 聽了後發現這是雜亂無章的音調 故我直接將音樂扔上 http://midi.mathewvp.com/midiEditor.php 進行分析 , 得出以下結果 0 On ch=1 n=73 v=100 220 Off ch=1 n=73 v=0 220 On ch=1 n=99 v=100 440 Off ch=1 n=99 v=0 440 On ch=1 n=101 v=100 660 Off ch=1 n=101 v=0 660 On ch=1 n=67 v=100 880 Off ch=1 n=67 v=0 880 On ch=1 n=84 v=100 1100 Off ch=1 n=84 v=0 1100 On ch=1 n=70 v=100 1320 Off ch=1 n=70 v=0 1320 On ch=1 n=123 v=100 1540 Off ch=1 n=123 v=0 1540 On ch=1 n=72 v=100 1760 Off ch=1 n=72 v=0 1760 On ch=1 n=65 v=100 1980 Off ch=1 n=65 v=0 1980 On ch=1 n=99 v=100 2200 Off ch=1 n=99 v=0 2200 On ch=1 n=107 v=100 2420 Off ch=1 n=107 v=0 2420 On ch=1 n=49 v=100 2640 Off ch=1 n=49 v=0 2640 On ch=1 n=110 v=100 2860 Off ch=1 n=110 v=0 2860 On ch=1 n=57 v=100 3080 Off ch=1 n=57 v=0 3080 On ch=1 n=95 v=100 3300 Off ch=1 n=95 v=0 3300 On ch=1 n=109 v=100 3520 Off ch=1 n=109 v=0 3520 On ch=1 n=85 v=100 3740 Off ch=1 n=85 v=0 3740 On ch=1 n=53 v=100 3960 Off ch=1 n=53 v=0 3960 On ch=1 n=73 v=100 4180 Off ch=1 n=73 v=0 4180 On ch=1 n=99 v=100…

Comments closed

[IceCTF]Toke – 45pt

Question: I have a feeling they were pretty high when they madethis website… Solution: 進入到網頁後 , 在登入的位置沒有發現可以利用的東西 , 所以我就去註冊了一個帳號看看 在登入後則是如以下版面 在分析後發現網站設置了2個 cookies , 分別是 jwt_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJibGFja3RyIn0.iBGoz4McIobEU5y3NHJa5b6AJwsZrdoquA8XmsWnL74 session: eyJ1c2VyIjoxODgzfQ.CpMTpA.8LVkhNz-nWm8A1tZSXZkEYKL4l8 我先拿其value去 base64 decode試試看 session: {“user”:1883}.VHMu me%ِF /| jwt_token: {“alg”:”HS256″,”typ”:”JWT”}.{“flag”:”IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}”,”user”:”blacktr”}.σ”S4rZ往’*ŧ/ 結果答案就出來了 , 十分簡單

Comments closed

[IceCTF]Corrupt Transmission – 50pt

Question: We intercepted this image, but it must have gottencorrupted during the transmission. Can you try and fix it?corrupt.png Solution: 我發現這是一個破損的圖片檔案 , 嘿嘿 然而跟據wiki , png的magic number是 89 50 4e 47 0d 0a 1a 0a 所以修復之便能開啟了 IceCTF{t1s_but_4_5cr4tch}

Comments closed

[IceCTF]Audio Problems – 50pt

Question: We intercepted this audio signal, it sounds like therecould be something hidden in it. Can you take a look and see if youcan find anything? Solution: 我下載後發現是音樂檔案 , 聽下發現有點奇怪的聲音 , 然後順手扔到軟件分析聲譜圖 , 發現如下 IceCTF{y0u_b3t7Er_l15TeN_cL053lY}

Comments closed

[IceCTF]Flag Storage – 50pt

Question: What a cheat, I was promised a flag and I can’t even login. Can you get in for me? flagstorage.vuln.icec.tf. They seem tohash their passwords, but I think the problem is somehow relatedto this. Solution: 提示是sql injection , 直接嘗試 ‘or 1=1 — IceCTF{why_would_you_even_do_anything_client_side}

Comments closed

[IceCTF2016]Move Along – 30pt

Question: http://move-along.vuln.icec.tf/ Solution: 進去後看源始碼發現只有一個目錄 , 裝著一張圖片 那只好去目錄看看啦 , 發現還有一個目錄 發現一張圖片

Comments closed

[IceCTF2016]All your Base are belong to us -&nb

01001001 01100011 01100101 01000011 01010100 01000110 0111101101100001 01101100 00110001 01011111 01101101 01111001 01011111 01100010 01100001 01110011 0110010101110011 01011111 01100001 01110010 01100101 01011111 01111001 01101111 01110101 01110010 0111001101011111 01100001 01101110 01100100 01011111 01100001 01101100 01101100 01011111 01111001 0011000001110101 01110010 01011111 01100010 01100001 01110011 01100101 01110011 01011111 01100001 0111001001100101 01011111 01101101 01101001 01101110 01100101 01111101

Solution:

分析後發現只要將二進制轉為十進制 , 其數字便是ascii

所以直接得出算法

Comments closed

[IceCTF2016]Spotlight – 10pt

Question: http://spotlight.vuln.icec.tf/ Solution: 進去後發現光位會隨著mouse移動 , 所以直接view source , 發現有一js , 立即查看

Comments closed

[IceCTF2016]Complacent – 40pt

Question: These silly bankers have gotten pretty complacent withtheir self signed SSL certificate. I wonder if there’s anything inthere. complacent.vuln.icec.tf Solution: 題目說是ssl憑證問題 , 查看之下發現 隨便點一個按詳細資料發現 IceCTF{this_1nformation_wasnt_h1dd3n_at_a11}

Comments closed