【小白教程】CTF从入门到入门-06
2023-6-14 00:4:13 Author: 利刃信安攻防实验室(查看原文) 阅读量:6 收藏

26.alert

https://ctf.bugku.com/challenges/detail/id/73.html

查看源码:

view-source:http://114.67.175.224:11099/

flag{5b3f279d810f132eab718bba5eb20fb3}

27.你必须让他停下

https://ctf.bugku.com/challenges/detail/id/74.html

查看源码,刷新

view-source:http://114.67.175.224:18536/

28.入门逆向

https://ctf.bugku.com/challenges/detail/id/99.html

用IDA打开文件即可看到

29.signin

https://ctf.bugku.com/challenges/detail/id/136.html

使用jeb打开文件

.method private getFlag()String          .registers 300000000  invoke-virtual      MainActivity->getBaseContext()Context, p000000006  move-result-object  v000000008  const               v1, 0x7F0B0020        # string:toString "991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ"0000000E  invoke-virtual      Context->getString(I)String, v0, v100000014  move-result-object  v000000016  return-object       v0.end method
.method private showMsgToast(String)V          .registers 300000000  const/4             v0, 100000002  invoke-static       Toast->makeText(Context, CharSequence, I)Toast, p0, p1, v000000008  move-result-object  p10000000A  invoke-virtual      Toast->show()V, p100000010  return-void.end method
.method public checkPassword(String)V          .registers 500000000  invoke-direct       MainActivity->getFlag()String, p000000006  move-result-object  v000000008  new-instance        v1, StringBuffer0000000C  invoke-direct       StringBuffer-><init>(String)V, v1, v000000012  invoke-virtual      StringBuffer->reverse()StringBuffer, v100000018  move-result-object  v00000001A  new-instance        v1, String0000001E  invoke-virtual      StringBuffer->toString()String, v000000024  move-result-object  v000000026  const/4             v2, 000000028  invoke-static       Base64->decode(String, I)[B, v0, v20000002E  move-result-object  v000000030  invoke-direct       String-><init>([B)V, v1, v000000036  invoke-virtual      String->equals(Object)Z, p1, v10000003C  move-result         p10000003E  if-eqz              p1, :4E:4200000042  const-string        p1, "Congratulations !"00000046  invoke-direct       MainActivity->showMsgToast(String)V, p0, p10000004C  goto                :58:4E0000004E  const-string        p1, "Try again."00000052  invoke-direct       MainActivity->showMsgToast(String)V, p0, p1:5800000058  return-void.end method

根据上面代码,把字符串991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ先反置后base64解码

res, err := codec.DecodeBase64("991YiZWOz81ZhFjZfJXdwk3X1k2XzIXZIt3ZhxmZ".Reverse())die(err)println("解码后为: ")dump([]byte(res))

flag{Her3_i5_y0ur_f1ag_39fbc_}

30.ping

https://ctf.bugku.com/challenges/detail/id/164.html

每一条数据中的data字段前两个字节为一个十六进制,把前面两个十六进制转换为10进制,然后对照acsii码表的值. 拿到flag。

tshark -r ping.pcap -T fields -e data.data | cut -c -2 | awk '{printf($1)}'

┌──(kali㉿kali)-[~/桌面]└─$ tshark -r ping.pcap -T fields -e data.data | cut -c -2 | awk '{printf($1)}'666c61677b64633736613165656536653338323238373765643632376530613034616234617d


文章来源: http://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247504633&idx=2&sn=2349bb01fb69525b626d58ac1ee38864&chksm=fbfb6234cc8ceb225e0967fab57a196b6841af85c63d978213b9311e94ce3489bd97e798e99c#rd
如有侵权请联系:admin#unsafe.sh