太菜了,好多不会,随便记录几道题吧,像签到和问答的不太想做

实时排行榜

官方 write-up 已发布:https://github.com/ustclug/hackergame2018-writeups

比赛结束后可以在:https://hack2018.lug.ustc.edu.cn/ 继续查看题目和提交。

0x01 word文档  题目文件

下载下来,office打开不了,上010Editor

504B咳咳,压缩包来噶,改后缀

flag.txt躺在里面……flag{xlsx,pptx,docx_are_just_zip_files}

0x02 猫咪遥控器  题目文件

下载下来是txt文件,按照提示D:向下,U:向上,R:向右,L:向左


贴jio本

import turtle
f=open('seq.txt','r+').read()
turtle.pendown()
turtle.speed(10)
for i in f:
if i=='U':
turtle.seth(90)
turtle.fd(1)
if i=='D':
turtle.seth(270)
turtle.fd(1)
if i=='R':
turtle.seth(0)
turtle.fd(1)
if i=='L':
turtle.seth(180)
turtle.fd(1)
#while True:
#turtle.penup()

看了一下师傅writeup,不使用turtle库

seq=[]

r=open('seq.txt').read()

now=[130,1]
for i in r:
    if 'L'==i:
        seq.append(now)
        now=[now[0],now[1]-1]
    if 'R'==i:
        seq.append(now)
        now=[now[0],now[1]+1]
    if 'D'==i:
        seq.append(now)
        now=[now[0]-1,now[1]]
    if 'U'==i:
        seq.append(now)
        now=[now[0]+1,now[1]]

op=''
for y in range(550):
    for x in range(130):
        if [x,y] in seq:
            op+='A'
        else:
            op+=' '
    op+='\n'
print op

还有官方的writeup用的是JS Canvas

0x03 我是谁-can I help you?题目地址

赛后看writeup要用BREW请求url


请求时带上Content-Type: message/teapot
我想到的payload是:

curl -H “Content-Type: message/teapot” -X BREW http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea/ -I


爆出真实地址,再请求真实地址一次

curl -H “Content-Type: message/teapot” -X BREW http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea/black_tea

Here is your tea: flag{delivering_tea_to_DaLa0}

还有一种方法,用强大的firefox:

然后300,看响应头

Alternates:{“/the_super_great_hidden_url_for_brewing_tea/black_tea” {type message/teapot}}

url改成这个真实地址,再请求一次

看返回内容即得flag

太菜了,好多不懂嘤嘤嘤……

Categories: writeup

Leave a Reply

Your email address will not be published. Required fields are marked *