Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

picoCTF 2021 writeup – 01

解一下picoCTF 2021的題目write-up,順便挖掘有沒有好用的資安開源工具可以分享~。

搜尋題目可以用Ctfl+F,來找比較快。


基礎全部技能 – General Skills

Obedient Cat | 5 points

作者:SYREAL
描述:文件中有一個標誌。
檔案下載:Download flag

提示

  1. 關於在命運提示字元輸入命令的任何提示(例如下一個),都將以’$’開頭…美元符號之後的所有內容都將被輸入(或複製貼上)到您的終端(terminal)中。
  2. 要使該文件可在您的Shell中訪問,請在終端提示下輸入以下內容:$ wget https://mercury.picoctf.net/static/217686fc11d733b80be62dcfcfca6c75/flag
  3. $ man cat

解法

直接用 cat flag 即可。


Magikarp Ground Mission | 30 points


解法

點擊Launch Instance,就會顯示ssh連線位置,根據提示利用ls(查詢)、cd(切換目錄),拼湊flag。


Tab, Tab, Attack | 20 points

解法

下載檔案後,用unzip解壓縮,然後瘋狂tab就是了,最後是一個執行檔。

chmod +x fang-of-haynekhtnamet



Static ain’t always noise | 20 points

解法

總之先把兩個檔案下載下來。
先用cat看一下ltdis.sh,是用它執行static,然後產生 statuc.ltdis.x86_64.txt

執行後產生兩個檔案,都用cat查看看。


Wave a flag | 10 points

解法

先給 x (可執行)的權限,跑跑看。

chmod +x warm

提示我用 -h 方法來看看有什麼方法(function)可以使用,結果flag就出來了。


Python Wrangling | 10 points

Tags: Category: General Skills

AUTHOR: SYREAL

Description

Python scripts are invoked kind of like programs in the Terminal… Can you run this Python script using this password to get the flag?

Hints

  1. Get the Python script accessible in your shell by entering the following command in the Terminal prompt: $ wget https://mercury.picoctf.net/static/8e33ede04d02f3765b8c6a6e24d72733/ende.py
  2. $ man python

解法

這題麻煩的不是題目,而是直接使用python去call ende.py 會報 No module named cryptography.fernet 的錯誤。

只要把python改成python3即可。

按照要求輸入

python3 ende.py -d flag.txt.en

再把pw.txt內的值貼過去,flag就出來了。


Matryoshka doll | 30 points

不斷的unzip圖片就可以看到flag了。


crackme-py | 30 points

Reverse Engineering

看code發現有個被加密的疑似flag字串,有兩個function,一個沒有被呼叫。

在底下加上

decode_secret(bezos_cc_secret)

執行看看。

Back To Top
error: 內容被保護 !!
Buy Me A Coffee
歡迎贊助 sectools.tw 讓這個網站更好~!