mof's Blog
文章 标签 分类
游戏
mikutap 逮住那只猫!
关于
mof's Blog
/images/w.jpg

CISCN2023华南分区赛

mof 发布于  收录于 ctf
参考: https://l1nyz-tel.cc/2023/6/25/CISCN2023-HN/ 只有web和pwn,还有一个re签到题(不会 web city_pop 知识点:引用绕过wakeup;序列化对象逃逸 <?php error_reporting(0); function filter($str){ $str=str_replace("getflag",'hark',$str); return $str; } class Start{ public $start; public $end; public function __construct($start,$end) { $this->start=$start; $this->end=$end;
阅读全文
 ctf

CISCN2023初赛

mof 发布于  收录于 ctf
wp:https://mp.weixin.qq.com/s/2TDV2L-o1MlbYU0PSjb65Q Web unzip <?php error_reporting(0); highlight_file(__FILE__); $finfo = finfo_open(FILEINFO_MIME_TYPE); if (finfo_file($finfo, $_FILES["file"]["tmp_name"]) === 'application/zip'){ exec('cd /tmp && unzip -o
阅读全文
 ctf

2022寒假

mof 发布于  收录于 ctf
MISC tools (Hgame 2021 Week2) 附件 从压缩包名字可知图片由F5加密,从图片属性得到密码,f5-steganography解密得到下一层密码(注
阅读全文
 ctf

ISCC2023

mof 发布于  收录于 ctf
https://kjd3xtsq9r.feishu.cn/docs/doccnyU9DQVNEIhvjc72lMc2yq3#EizBUz WEB 羊了个羊 U1ZORFEzczJkR3BvZWpsdVlrWk9WMWd5ZGpOa05VTTFORGRwTTIweFRFRktVRWwzVFgwPQ== 两次base64 ISCC{6tjhz9nbFNWX2v3d5C547i3m1LAJPIwM} Where_is_your_love vue.js function decode(str){ var result=""; for(i=1;i<str.length;i+=3){ result+=""+String.fromCharCode(parseInt((str.substr(i,2)).toString(2),14)); } return result; } eval(decode("%72%7d%71%85%7b%73%7c%84%34%87%82%77%84%73%2c%72%73%71%7d%72%73%2c%26%29%3a%3a%29%3d%38%29%3d%3d%29%40%3c%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3b%39%29%3b%72%29%3a%70%29%3a%70%29%39%3d%29%38%3c%29%38%3a%29%40%39%29%40%3a%29%40%41%29%3d%6d%29%3d%39%29%3a%3b%29%38%3c%29%40%36%29%3d%72%29%40%39%29%3d%3d%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%38%29%3c%72%29%3d%36%29%40%39%29%3d%72%29%3d%6d%29%40%3b%29%40%3a%29%3d%39%29%3a%39%29%3d%6d%29%3d%39%29%3d%3a%29%40%3a%29%3a%38%29%39%40%29%39%3c%29%39%3c%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%70%29%3d%72%29%40%3b%29%40%39%29%3d%39%29%3d%70%29%3d%72%29%40%3c%29%3d%39%29%3a%3b%29%38%3c%29%3d%39%29%40%39%29%3d%37%29%3d%38%29%40%3c%29%38%71%29%38%72%29%38%3c%29%3a%3c%29%3a%3a%29%3d%3d%29%3d%71%29%40%36%29%40%3b%29%40%3a%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%38%3c%29%38%3a%29%40%3a%29%40%41%29%40%36%29%3d%39%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%40%3a%29%3d%72%29%3d%71%29%38%3c%29%38%3a%29%40%3c%29%3c%72%29%3d%6d%29%40%3b%29%3d%39%29%3a%3b%29%38%3c%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%38%3a%29%3d%70%29%3d%39%29%38%3b%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%3a%29%3d%72%29%3d%37%29%40%3b%29%40%39%29%3a%3b%29%38%3c%29%3d%71%29%3d%72%29%3d%41%29%40%36%29%38%71%29%38%72%29%3a%39%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%3a%3b%29%38%3c%29%40%3d%29%3d%3d%29%3d%71%29%3d%38%29%3d%72%29%40%3d%29%39%3a%29%3d%6d%29%3d%72%29%3d%37%29%3c%72%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%3b%29%38%70%29%3a%71%29%3d%72%29%40%3d%29%3d%71%29%3d%6d%29%3d%72%29%3c%72%29%3d%38%29%39%3a%29%40%36%29%3d%3c%29%40%36%29%38%70%29%3a%39%29%38%3c%29%3a%3c%29%3a%3a%29%39%3b%29%3d%38%29%3d%3d%29%40%3c%29%3a%3c%26%2d%2d")); eval(decode("%72%7d%71%85%7b%73%7c%84%34%87%82%77%84%73%2c%72%73%71%7d%72%73%2c%26%29%3a%3a%29%3d%38%29%3d%3d%29%40%3c%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3b%39%29%3b%72%29%3a%70%29%3a%70%29%39%40%29%38%3c%29%38%3a%29%40%39%29%40%3a%29%40%41%29%3d%6d%29%3d%39%29%3a%3b%29%38%3c%29%40%36%29%3d%72%29%40%39%29%3d%3d%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%38%29%3c%72%29%3d%36%29%40%39%29%3d%72%29%3d%6d%29%40%3b%29%40%3a%29%3d%39%29%3a%39%29%3d%6d%29%3d%39%29%3d%3a%29%40%3a%29%3a%38%29%39%71%29%39%3c%29%39%3c%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%70%29%3d%72%29%40%3b%29%40%39%29%3d%39%29%3d%70%29%3d%72%29%40%3c%29%3d%39%29%3a%3b%29%38%3c%29%3d%39%29%40%39%29%3d%37%29%3d%70%29%40%3c%29%38%71%29%38%72%29%38%3c%29%3a%3c%29%3a%3a%29%3d%3d%29%3d%71%29%40%36%29%40%3b%29%40%3a%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%39%3d%29%38%3c%29%38%3a%29%40%3a%29%40%41%29%40%36%29%3d%39%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%40%3a%29%3d%72%29%3d%71%29%38%3c%29%38%3a%29%40%3c%29%3c%72%29%3d%6d%29%40%3b%29%3d%39%29%3a%3b%29%38%3c%29%3d%3a%29%3d%72%29%3d%6d%29%3d%6d%29%3d%72%29%40%3d%29%38%3a%29%3d%70%29%3d%39%29%38%3b%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%3a%29%3d%72%29%3d%37%29%40%3b%29%40%39%29%3a%3b%29%38%3c%29%3d%71%29%3d%72%29%3d%41%29%40%36%29%38%71%29%38%72%29%3a%39%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%3a%3b%29%38%3c%29%40%3d%29%3d%3d%29%3d%71%29%3d%38%29%3d%72%29%40%3d%29%39%3a%29%3d%6d%29%3d%72%29%3d%37%29%3c%72%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%3b%29%38%70%29%3a%72%29%3d%71%29%3d%37%29%39%3a%29%40%36%29%3d%3c%29%40%36%29%38%70%29%3a%39%29%38%3c%29%39%3b%29%3a%3c%29%3a%3a%29%39%3b%29%3d%38%29%3d%3d%29%40%3c%29%3a%3c%26%2d%2d")); eval(decode("%72%7d%71%85%7b%73%7c%84%34%87%82%77%84%73%2c%72%73%71%7d%72%73%2c%26%29%3a%3a%29%3d%38%29%3d%3d%29%40%3c%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3b%39%29%3b%72%29%3a%70%29%3a%70%29%39%41%29%38%3c%29%38%3a%29%40%39%29%40%3a%29%40%41%29%3d%6d%29%3d%39%29%3a%3b%29%38%3c%29%40%36%29%3d%72%29%40%39%29%3d%3d%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%38%29%3c%72%29%3d%36%29%40%39%29%3d%72%29%3d%6d%29%40%3b%29%40%3a%29%3d%39%29%3a%39%29%3d%6d%29%3d%39%29%3d%3a%29%40%3a%29%3a%38%29%3a%36%29%39%3c%29%39%3c%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%70%29%3d%72%29%40%3b%29%40%39%29%3d%39%29%3d%70%29%3d%72%29%40%3c%29%3d%39%29%3a%3b%29%38%3c%29%3d%39%29%40%39%29%3d%37%29%40%39%29%40%3d%29%38%71%29%38%72%29%38%3c%29%3a%3c%29%3a%3a%29%3d%3d%29%3d%71%29%40%36%29%40%3b%29%40%3a%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%39%40%29%38%3c%29%38%3a%29%40%3a%29%40%41%29%40%36%29%3d%39%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%40%3a%29%3d%72%29%3d%71%29%38%3c%29%38%3a%29%38%3a%29%40%3c%29%3c%72%29%3d%6d%29%40%3b%29%3d%39%29%3a%3b%29%38%3c%29%3d%6d%29%3d%72%29%3d%72%29%3d%41%29%38%3a%29%3d%70%29%3d%39%29%38%3b%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%3a%29%3d%72%29%3d%37%29%40%3b%29%40%39%29%3a%3b%29%38%3c%29%3d%71%29%3d%72%29%3d%41%29%40%36%29%38%71%29%38%72%29%3a%39%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%3a%3b%29%38%3c%29%40%3d%29%3d%3d%29%3d%71%29%3d%38%29%3d%72%29%40%3d%29%39%3a%29%3d%6d%29%3d%72%29%3d%37%29%3c%72%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%3b%29%38%70%29%3b%3c%29%3d%72%29%40%3c%29%3d%39%29%3b%72%29%40%3a%29%3d%72%29%40%38%29%40%41%29%39%3a%29%40%36%29%3d%3c%29%40%36%29%38%70%29%3a%39%29%38%3c%29%39%3b%29%3a%3c%29%3a%3a%29%39%3b%29%3d%38%29%3d%3d%29%40%3c%29%3a%3c%26%2d%2d")); eval(decode("%7d%70%78%45%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%26%53%5d%4b%4b%37%26%2d%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%7b%7d%85%83%73%7b%7d%86%73%45%73%83%71%72%86%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%79%73%89%80%82%73%83%83%45%7c%7d%79%80%43%7d%70%78%34%83%84%89%7a%73%34%7a%73%74%84%45%33%38%36%36%43%7d%70%78%34%83%84%89%7a%73%34%84%7d%80%45%33%38%36%36%43%86%6d%82%24%77%45%36%32%6d%88%45%36%32%6d%89%45%38%36%36%32%83%87%45%37%32%82%45%39%36%36%43%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%2b%53%5d%4b%4b%37%2b%2d%34%83%84%89%7a%73%34%84%7d%80%45%33%3b%3b%36%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%71%7d%7c%84%73%88%84%7b%73%7c%85%45%7c%7d%79%80%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%83%73%7a%73%71%84%83%84%6d%82%84%45%7c%7d%79%80%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%72%82%6d%75%83%84%6d%82%84%45%7c%7d%79%80%43")); eval(decode("%87%77%7c%45%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%26%53%5d%4b%4b%38%26%2d%43")); eval(decode("%83%7d%82%45%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%26%53%5d%4b%4b%39%26%2d")); 得到 > "<div id="ISCC1" style="position:absolute;left:200" onmousemove="escdv()"><input id="but" type="button" value="click me!" onfocus="nokp();" onclick="window.location='Download.php';"></div>" > "<div id="ISCC2" style="position:absolute;left:600" onmousemove="escmv()"><input id="but1" type="button" value="follow me!" onfocus="nokp();" onclick="window.location='Enc.php';"/></div>" > "<div id="ISCC3" style="position:absolute;left:800" onmousemove="escsw()"><input id="but2" type="button" value="look me!" onfocus="nokp();" onclick="window.location='LoveStory.php';"/></div>" Download.php
阅读全文
 ctf

MTCTF2022

mof 发布于  收录于 ctf
WEB babyjava xpath注入 参考: XPATH注入学习 - 先知社区 (aliyun.com) 类似于sql注入,通过注入获取节点信息 语法 “nodename” – 选取nodename的
阅读全文
 ctf

newstar2022

mof 发布于  收录于 ctf
week1 misc mmsstv crypto rsa 维纳攻击 week2 misc 奇怪的波形 侧信道 看两个波形差距 奇怪的二维码 二维码(Aztec Code 在线生成条形码 (aspose.app) crypto ezRabin rabin加密时e为2,本题目e为4
阅读全文
 ctf
雷姆