UNCTF2021 partial writeup

Misc Simple log audit Before updating the attachment, the flag was in the description. The update was put in the attachment at 18:00 p.m. on November 29 In short, there are three base64 strings in total. You can see the flag after decryption. Do you want to / forget the flag UNCTF{CTF?YouShouJiuXing} telecommunication fraud Variant Caesa ...

Posted on Mon, 06 Dec 2021 22:59:08 -0500 by danago

[pwn] 2021 geek challenge (part)

[pwn] 2021 geek challenge (part) 1,pwn777 0x1 How to say, this problem is to write rop chain with fmt. But it's also the first time to see this kind of fmt, which can be regarded as a new question type. 0x2 We open IDA for reverse analysis Just the two main functions, let me be the first level and the second level First enter the ga ...

Posted on Mon, 29 Nov 2021 01:09:07 -0500 by jasonhardwick

PHP deserialization

0x00 Preface I recently reviewed what I learned before. I feel that I have a deeper understanding of PHP deserialization, so I summarize here 0x01 serialize() function "All values in php can be represented by a string containing a byte stream using the function serialize(). Serializing an object will save all variables of the object, bu ...

Posted on Sat, 20 Nov 2021 17:01:23 -0500 by BrianM

2021 geek challenge WP collection

WP comes from the network security community of Qilu Normal University Pay attention to the official account to receive more latest safety messages. WEB Dark When you look at the url, the standard dark net domain name at the end of the onion Use the onion browser to access and view the html code Welcome2021 Prompt at the beginning ...

Posted on Sat, 20 Nov 2021 05:37:23 -0500 by nrg_alpha

2021 Yangcheng cup CTF wp

1. Sign in The point of comparison is that "let's see * * *" is 17. It took a long time to guess 28-08-30-07-04-20-02-17-23-01-12-19 Get flag SangFor{d93b7da38d89c19f481e710ef1b3558b} 2.BabyRop I haven't done pwn it for ten thousand years. I took a look in order to cheat some points. Stack overflow in fgetsNo cannery protectionThe ...

Posted on Fri, 19 Nov 2021 23:36:54 -0500 by imnu

2021 Longyuan anti epidemic WriteUp

I hope the epidemic will end soon Note: the * is played after the game Always wp wait for the legend of Nanshen to post the team wp link Misc soEasyCheckin base32, but there is a problem. The countdown appears 0 $, 0 – > O, $- > s, and a string of hex is obtained. As a result, there was another problem with hex, specifically ...

Posted on Mon, 08 Nov 2021 03:14:49 -0500 by rawb

2021 National College Students' network security Invitational Competition and the 7th "Donghua Cup" Shanghai college students' network security competition Writeup

2021 national college student network security Invitational Competition and the 7th "Donghua Cup" Shanghai University grid competition Writeup Misc checkin The title gives + agyababhagcaewbkagagaygbfadcadaboah0 - UTF-7 encoding and decoding to get the flag flag is: flag{dhb_7th} project Download the attachment. After decompr ...

Posted on Sun, 31 Oct 2021 19:52:34 -0400 by Akira

write up -- Buu magicheap

brief introduction buu on the problem, focus on the practice of heap problem-solving ideas. The attachment is a 64 bit small end executable program Let's take a direct ida analysis This is the specific logic of the main function. It is a very obvious menu topic. Generally, first look at the option of applying for heap blocks, and then look a ...

Posted on Sat, 30 Oct 2021 11:03:18 -0400 by next

[RoarCTF 2019]Online Proxy - secondary injection, you again?

preface It's really a time of trouble recently. For the first time, classes that usually don't leave homework have left homework recently. Recently, the rhythm of doing questions has been disrupted. Alas, I'm speechless. Later, I want to write an article about flash. I don't know when I will have a chance. Now I'd better focus on sql injection ...

Posted on Sat, 30 Oct 2021 09:40:54 -0400 by johng

bilibili 2021 1024 programmer's day security attack and defense challenge

Title address: https://www.bilibili.com/blackboard/20211024.html Topic 1 AES decryption, password: happy_1024_2233. The ciphertext is the bottom two lines of characters, which need to be spelled into one line (I really didn't expect this at first!) Online decryption website: http://tool.chacuo.net/cryptaes Topic 2 F12, find the hid ...

Posted on Mon, 25 Oct 2021 10:57:29 -0400 by mark123