在表哥的推荐下接触了PicoCTF,记录一下自己的解题思路
Tutorial
Tutorial 1
给了一个list,找出Robin Morris
的中间名,直接搜索,找到Robin Almay Morris
Tutorial 2
打开链接
1 | Hey, checkout this super secret message I made, using this cool ROT13 |
直接给出了rot13的提示,解密
1 | Yo, so have you been playing that new Mesopets game? Those new Megalonychidae and Bradypodidae they added are pretty cool. Actually, I would go as far as saying that it is now my life's dearest ambition to obtain a "Inflatable Sloth Monster"! |
flag就是Inflatable Sloth Monster
Tutorial 3
1 | These are a few of my favorite things! |
找出红色的值即可,工具:http://www.atool.org/colorpicker.php
flag:C70002
Level1
Web
What Is Web
类似于入门的查看源代码的题目,flag分为3部分。
1 | html中:<!-- The first part of the flag (there are 3 parts) is fab79c49d9e --> |
拼起来就是flag:fab79c49d9e5ba511a0f2436308e33e85
Reverse
Hex2Raw
在旁边的CLI窗口中cd对应的文件夹,ls,发现了hex2raw。
1 | $ ./hex2raw |
题目叫hex to raw,那么传递的字符串应该是hex解码的,运动python的decode()函数。
1 | $ python - |
flag:1d2411efe307f5ac07bd28bbabb5769e
Raw2Hex
一开始跟上一题相同,但是出现的是一堆乱码,题目是raw to hex,运用linux自带的xxd命令就可以输出hex编码后的字符串。
1 | $ ./raw2hex | xxd-p |
flag:54686520666c61672069733aff9a4fdb6995b557590a742b0e685bd3
xxd命令:http://www.360doc.com/content/12/1228/14/3038654_256776082.shtml
Forensics
###Digital Camouflage
题目给了一个pcap文件,直接用wireshark打开,提取所有的html文件
找到了main.htmluserid=spiveyp&pswrd=S04xWjZQWFZ5OQ%3D%3D
对pswrd urldecode 得到S04xWjZQWFZ5OQ==
双等号,大小写,base64解密,得到flag。
flag:KN1Z6PXVy9
Special Agent User
同上题一样给了一个pcap文件,这题提示找http头的User-agent中的浏览器名字和版本,直接筛选http协议部分查看,得到flag。
flag:Special Agent User
Cryptography
Substitute
1 | A wizard (he seemed kinda odd...) handed me this. Can you figure out what it says? |
1 | MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, "CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB'KT LODHSB RKACOFU OF UOXTL GF" HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML "LSODB, "ZWM OM'L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD'L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM'L YAMITKT'L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL "A SOMMST MG MGSTKAMT EASXOF'L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF'L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!" AFR LHKOFML GY EIOSRKTF'L RAR'L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT'L FGM DWEI AL "'94 DGRTKFOLD" CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL "IGF" AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK'L "NAH" LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM'L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT "EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF "USWTR" MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF "AKMOLM'L LMAMWL AL "A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG |
substitution意思是代换,替代,猜测是简单的替代密码,可以直接用工具破解。
在线工具:http://quipqiup.com/
flag:IFONLYMODERNCRYPTOWASLIKETHIS
Hash101
题目:
1 | Prove your knowledge of hashes and claim a flag as your prize! Connect to the service at shell2017.picoctf.com:9661 |
直接nc提供的地址和端口。
1 | windylh@shell-web:~$ nc shell2017.picoctf.com 9661 |
level1就是简单的二进制转ascii码。
1 | ------ LEVEL 2: Numbers can be base ANYTHING ----- |
level2就是将lovely的转成16进制和10进制,分别输入。
1 | ----------- LEVEL 3: Hashing Function ------------ |
将输入的字符串的ascii码加和,和16取模,等于对应的数字即可。
1 | Correct! Completed level 3 |
给出一个md5,直接解出来就行。
flag:c3ee093f26ba147ccc451fd13c91ffce
computeAES
1 | Encrypted with AES in ECB mode. All values base64 encoded |
题目说加密用了AES的ECB模式,并且用了base64编码。
直接用python脚本解码。
1 | import base64 |
MASTER CHALLENGE
Lazy Dev
题目提示,输入password,先随便输入,返回Nah, that's not it
,查看源代码,发现了一个js脚本。
1 | //Validate the password. TBD! |
我们输入的password放在validate()函数中验证正确与否,但是validate函数只返回false,chrome的控制台可以调用js中的函数,我们直接赋值,让res=true,来绕过validate函数。
flag:client_side_is_the_dark_side0c97381c155aae62b9ce3c59845d6941