hgame2018 Week1 WriteUp(部分)

发表于

水平有限,只做出了一部分QAQ

WEB

Are you from Europe?

1
2
function getCard(num) {
            var SSR = 0.0000001;

第二行,改成var SSR = 1,然后全部复制,控制台回车。

special number

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
include_once("flag.php");
if(isset($_GET['key'])){
    $pattern = '/^(?=.*[0-9].*)(?=.*[a-zA-Z].*).{7,}$/ ';
    $key = $_GET['key'];
    if(preg_match($pattern,$key)===0){
        echo "格式错误";
    }else{
        $lock="******************";
        $b = json_decode($key);
        if($b==$lock)
            echo $flag;
        else
            echo "this is no special number";
    }
}

http://www.freebuf.com/articles/web/129607.html

http://118.25.18.223:10001/?key=0e000000000000000000

hgame{pHp_w34k_typing_s000_e4sy}

Can u find me?

访问http://118.25.18.223:10003/robots.txt

1
2
User-agent: *
Disallow: /f1aaaaaaaag.php

访问http://118.25.18.223:10003/f1aaaaaaaag.php:

1
you are not admin

改cookie:cookie: user=admin

hgame{78e01ee77a39ef4e}

tell me what you want

跟着题目提示一步步来就好,最终报文:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
POST /index.php?want=flag HTTP/1.1
Host: 123.206.203.108:10001
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Icefox/57.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
content-type: application/x-www-form-urlencoded
cache: no-cache
origin: moz-extension://22088402-d2bd-934f-9f04-0cc90af79d47
Content-Length: 9
Cookie: isadmin=1
Connection: close
X-Forwarded-For: 127.0.0.1
referer: www.google.com
want=flag

flag:hgame{For9e_hTTp_iS_N0T_HArd}

我们不一样

payload:str1=123&str2[]=

flag:hgame{g3t_f14g_is_so0000_ez}

http://www.freebuf.com/articles/web/129607.html

Crypto

easy Caesar

密文凯撒解密后:

1
hgame{The_qu8ck_br7wn_1x_jUmps_ovEr_a_La9y_dOg}

flag:

1
hgame{The_qu1ck_br0wn_4x_jUmps_ovEr_a_La2y_dOg}

密码学中一句非常有名的例子:

1
The quick brown fox jumps over the lazy dog

两点原因:

  • 数字也是凯撒,位移为3
  • 1和I,0和o,fox four x,2和z

Polybius

1
hgame{FDXDGDADDG_FXXFAAXFAG_GDFXFFXFFXADXFDA_GDAD}

http://blog.csdn.net/suwu150/article/details/51360186

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import sys
dic_char = {'AA': 'b', 'DA': 'd', 'FA': 'q', 'GA': 'g', 'XA': 'm', 'AD': 't', 'DD': 'h', 'FD': 'f', 'GD': 'j',
            'XD': 'r', 'AF': 'a', 'DF': 'o', 'FF': 'v', 'GF': 'c', 'XF': 'e', 'AG': 'l', 'DG': 'z', 'FG': 's',
            'GG': 'u', 'XG': 'w', 'AX': 'p', 'DX': 'k', 'FX': 'n', 'GX': 'x', 'XX': 'y'}
dic_digit = {'11': 'A', '12': 'B', '13': 'C', '14': 'D', '15': 'E', '21': 'F', '22': 'G', '23': 'H', '24': 'I',
             '25': 'K', '31': 'L', '32': 'M', '33': 'N', '34': 'O', '35': 'P', '41': 'Q', '42': 'R', '43': 'S',
             '44': 'T', '45': 'U', '51': 'V', '52': 'W', '53': 'X', '54': 'Y', '55': 'Z'}
def Polybius(dic, cipher, sp = '_'):
    result = ''
    l = cipher.split(sp)
    for a in l:
        for i in range(0, len(a), 2):
            key = a[i:i+2]
            if key in dic:
                result += dic[key]
            else:
                result += key
        result += sp
    result = result[:len(result)-1]
    print(result)
    if 'j' in result:
        print(result.replace('j', 'i'))
    elif 'I' in result:
        print(result.replace('I', 'J'))
    return
if __name__ == '__main__':
    cipher = sys.argv[1]
    if ('1' in cipher) or ('2' in cipher) or ('3' in cipher) or ('4' in cipher) or ('5' in cipher):
        Polybius(dic_digit, cipher)
    else:
        Polybius(dic_char, cipher)
1
2
frjtz_nebel_jnvented_jt
fritz_nebel_invented_it

感谢@pcat师傅窝代码写的有问题,fritz_nebel_jnvented_jt这类情况没考虑QAQ

flag:hgame{fritz_nebel_invented_it}

confusion

摩斯解密 MRLTK6KXNVZXQWBSNA2FSU2GGBSW45BSLAZFU6SVJBNDAZSRHU6Q====

Base32 dW5yWmsxX2h4YSF0ent2X2ZzUHZ0fQ==
Base64 unrZk1_hxa!tz{v_fsPvt}
栅栏n=2 unrZk1_hxa!tz{v_fsPvt}
凯撒rot13 hgame{Mix_1s_fuCking!}

窝很可爱,请给窝钱