2021 CybricsCTF

MssnHarvey

发布于 2022-08-10 19:28:38

24700

代码可运行

文章被收录于专栏：HarveyHarvey

运行总次数：0

代码可运行

Mic Check

Author: Vlad Roskov (@mrvos) Those organizers are changing game rules all the time! There’s a flag there, and it’s not that easy to capture. Also be sure to join @cybrics Telegram chat for challenge-related announcements and contacting orgs in case all goes wrong Added at 10:10 — looks like the little mic check trolling caused massive pain, I’ve untrolled the rules page :-) You can now copy-paste freely

规则中藏有flag：cybrics{Th1S_i5_T3h_R34l_m1C_ch3CK_f1A6}

Scanner

Author: Mikhail Driagunov (@aethereternity) Check out this cool new game! I heard they serve flags at level 5.

拼图题，分别将每关的gif下载下来分解并进行简单的拼图得到如下（PS：第一关为选择题且是固定的，直接一个个试过去得知为house）

最后CQR扫码得到flag：cybrics{N0w_Y0u_4r3_4_c4sh13r_LOL} 附上脚本：

import os
from PIL import Image, ImageSequence
import matplotlib.pyplot as plt

def parseGIF(gifname):
    # 将gif解析为图片
    # 读取GIF
    im = Image.open(gifname)
    # GIF图片流的迭代器
    iter = ImageSequence.Iterator(im)
    # 获取文件名
    file_name = gifname.split(".")[0]
    index = 1
    # 判断目录是否存在
    pic_dirct = "imgs/{0}".format(file_name)
    mkdirlambda = lambda x: os.makedirs(
        x) if not os.path.exists(x) else True  # 目录是否存在,不存在则创建
    mkdirlambda(pic_dirct)
    # 遍历图片流的每一帧
    for frame in iter:
        print("image %d: mode %s, size %s" % (index, frame.mode, frame.size))
        frame.save("imgs/%s/frame%d.png" % (file_name, index))
        index += 1

    # frame0 = frames[0]
    # frame0.show()

    # # 把GIF拆分为图片流
    # imgs = [frame.copy() for frame in ImageSequence.Iterator(im)]
    # # 把图片流重新成成GIF动图
    # imgs[0].save('out.gif', save_all=True, append_images=imgs[1:])
    #
    # # 图片流反序
    # imgs.reverse()
    # # 将反序后的所有帧图像保存下来
    # imgs[0].save('./reverse_out.gif', save_all=True, append_images=imgs[1:])

name = 'vid.gif'
parseGIF(name)


#上面分解完后看下第几帧到第几帧有图案再启用下面代码
start = 1 #分解出来第几帧有图案
stop = 100+1 #到第几帧结束
f_img = Image.new('P',(1080,22*(stop-start)),255)

for a in range(start,stop):
    img = Image.open('./imgs/{}/frame{}.png'.format(name.split('.')[0],str(a))) #装有图片的文件夹，自己改下
    x,y = img.size
    tmpimg = Image.new('P',(1080,22),255)
    for i in range(496,518):
        for j in range(x):
            p = img.getpixel((j,i))
            # if p!=255:
                # print(j,i)
            tmpimg.putpixel((j,i-496),p)
    f_img.paste(tmpimg,(0,(a-start)*22))
    plt.imshow(f_img)
    plt.show()

CAPTCHA The Flag

Author: Vlad Roskov (@mrvos) Guessing challenges? On my CyBRICS? It’s more likely than you think. Prove you’re a true CTFer! captf-cybrics2021.ctf.su/

将看不清的验证码图片下载下来然后丢steg划一下就能看清，最后输完25次验证码即可得到flag：cybrics{a_k33n_Ey3_wi11_sp0T_r1GhT_aw4Y}

Recording

Author: Mikhail Driagunov (@aethereternity) I’ve found a strange recording. What does it hide?

通过工具 Macro recorder 打开鼠标宏查看可以发现他访问了网站（pastebin.com）然后输入了密码，并且使用的是Osk虚拟键盘

把那段关键流程内容截取下来，放Osk复现一遍，一个个对应起来就是uzqCjFUa 9yDz5iZprd（前半部分是pastebin.com访问的目录，后半部分是访问密码）最后通过 http://www.pastebin.com/uzqCjFUa 输入密码解码得到flag：cybrics{m4cr0_rulz_w000t}

ASCII Terminal

Author: Artur Khanov (@awengar) At 138.68.83.253:3333 you have an ASCII terminal. It really works, check with the id command

根据题目所给的nc以及id command，我们发现它可以跑指令

于是我们直接利用命令 cat f* 得到flag：cybrics{T3553R4C7_15_G00D}

.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
....................................................$@$...................@@@@.....@@....................................................
....................................................$@$...................@@@@.....@@....................................................
..........................@@@@@$........@%@%@.....@@@@@@@................@@......@@@@@@@.................................................
........................@@@...........@@,....@@.....@@@................@@@@@@@....@@@@...................................................
.......................@@.....................@,....@@@.................,@@......@,..,@@.................................................
.......................@@..............@@@@@@@@,....@@@.................,@@..............................................................
.......................@@@............@@.....@@,....@@@.................,@@..............................................................
.........................@@@@@@$.......@@@@@@.@@.....@@@@...............,@@..............................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.........................................................................................................................................
.

Ad Network

Author: Alexander Menshchikov (@n0str) We are so tired of advertising on the internet. It feels like it breaks the internet. Try to follow the ad, try to follow its rules. Adnetwork website There is a flag 1337 redirects deep into the network…http://announcement-cybrics2021.ctf.su)

根据题目信息，我们只需重定向1337次即可（而火狐浏览器默认是20次就停止了）于是乎，我们去 about:config 中搜索下 redirect 进行修改

最后跑完得到flag：cybrics{f0lL0w_RUl3Z_F0ll0W_r3d1r3C7z} 上述方法个人觉得有点bug（可能是我电脑的问题），还是直接跑脚本靠谱些附上脚本

import requests
import re

url = 'http://adnetwork-cybrics2021.ctf.su/adnetwork'
for i in range(1500):
    try:
        r = requests.get(url,allow_redirects=False)
        # print(r.text)
        url = re.findall('<a href="(.*?)"',r.text)[0]
        print(url)
        #if '{' in r.text:
            #print(r.text)
            #break
    except:
        print(url)
        print(r.text)

rm -rf’er

Author: Vlad Roskov (@mrvos) Alarm! We accidentally did rm -rf /* on a very important server. Now all that’s left is one shell session. ssh rmrfer@178.154.210.26 Password: sa7Neiyi Rescue the flag.txt file from one of the directories by only using your shell Added at 13:45 — frequent question: yes, if you found flag.txt, the flag is right there, in the open, as plain text. Just read it. If you’re not seeing the flag, try to find another method that will not hide info from you

非预期：把握好时机，在它 rm 之前 ctrl c 就不会给删了，然后就直接cat得到flag：cybrics{TCSHizzl3_Ma_N1zzl3}

预期解：根据tcsh的各种builtin command去读（ ( echo $< ) < /etc/ctf/flag.txt ）

Namecheck

Author: Alexander Menshchikov (@n0str) We have got the home folder from a criminal’s computer. Try to find his/her real name. eyebulling.tar.gz Flag format in uppercase: LASTNAME FIRSTNAME (ex: IVANOV IVAN)

社工题！！！在.bash_history中可知应该与git有关，并且可能与instagram有关

git commit -m "instagram filter"

于是直接用sshkey连接GitHub，得到GitHub用户名poggersdog12

$ ssh -i .ssh/key git@github.com
PTY allocation request failed on channel 0
Hi poggersdog12! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

在GitHub中查找一波，最终通过api查到有用信息邮箱：vividcoala@localhost.com 采集完信息，接着就是在instagram中找到 vividcoala 的主页，我们可以看到一张没打码的飞机票照片

通过在线网站扫描得到如下信息，即得到flag：DIVOV NIKOLAI

M1DIVOV/NIKOLAI MR EQCMYKK SVOLEDSU 0024 197Y020D0053 162<532
1MR1197BSU                                        2A555604939055
9 1                          N

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2021-07-26，如有侵权请联系 cloudcommunity@tencent.com 删除

github