2024广东大学生攻防大赛WP
Misc猜一猜
题目描述:
你们想要的flag就在压缩包里面。
压缩包文件名 解密
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757194-595871663.png
解压密码为a1478520
然后修改flag.png文件头
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757174-1069740183.png
得到
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757186-1417692923.png
扫描二维码之后
❀❁❀❇❀✼❀❂✿❆✿✽❁❀✿✾❂❅✿❄❂❉❀✿❂❆❀❃❀✿❂❆✿❀❁✾✻✿❁❁❀❁❂❊✻❂✿❈=花朵解密
https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=huaduo
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757255-1710119491.png
得到flag
flag{rUsJyNdKhdKuS4VfO7}要的就在这
题目描述:
你要的在这里
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757703-1769217746.png
用010editor打开
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757219-1153819077.png
上面那个是定积分,解出来是π
然后6是什么呢,推测是3.1415
然后用stegpy解密
>python steg.py misc.png -p
Enter password (will not be echoed):
3557736c7371495153424738633644326d352f4b5277672b36676a6d3174723144513855794a556d495a733dk:luckyone3557736c7371495153424738633644326d352f4b5277672b36676a6d3174723144513855794a556d495a733d
这一串十六进制转字符
5WslsqIQSBG8c6D2m5/KRwg+6gjm1tr1DQ8UyJUmIZs=
k:luckyonehttps://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757698-1590576580.png
flag{believe_you_are_lucky}
Web
消失的flag
题目描述:
flag就隐藏再某个文件里面,看看能不能包含出来 。
访问
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757611-1614894664.png
推测是XFF,添加:x-forwarded-for:127.0.0.1
https://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757692-1577479149.png
File is NUll
文件包含弊端
?file=/flaghttps://img2024.cnblogs.com/blog/2998113/202405/2998113-20240513104757215-76890967.png
用另一种方法
?file=php://filter/read=convert.base64-encode/resource=/flag也不可
最后试出
?file=php://filter/convert.iconv.utf-8.utf-7/resource=/flagdf4083ae2869462cad0d002533f6cbf7
unserialize_web
同事给我了一个反序列话的源码,在线求助 !
看这篇文章有了灵感
https://blog.csdn.net/qq_53460654/article/details/121889104
https://pankas.top/2022/08/04/php(phar)反序列化弊端及各种绕过姿势/#phar反序列化
首先扫一下目录发现/www.tar.gz
生成.phar
页:
[1]