Cookie Monster
Do prepare to see cookies lurking everywhere. http://159.89.166.12:13500/
打开网址查看cookie,果然有flag
md5发现flag一个是pc 一个是tf正符合我们的flag格式。打开Preserve log,不断刷新页面收包,将所有cookies中的flag收集md5之后连接起来就是完整的flag
Game of Faces
The Game of Faces, welcomes you. In this era, where AIs generate a lot of faces, we would like you to contribute to the same by uploading your image. Thank you for contributing, to continue.
http://159.89.166.12:15000/
划重点:upload your image
打开网址检查发现图片中隐藏着一个表单,type = “file”,name = “profile_pic”, method = "GET"
尝试上传 http://159.89.166.12:15000/?profile_pic 拿到了一串看起来像base64过的东西VGhlX3Njcm9sbF9zYXlzPXRoZV9uaWdodF9raW5nVlN2YWx5cmlhbi50eHQ==
在线base64解密 拿到 The_scroll_says=the_night_kingVSvalyrian.txt
Welcome
Do you think this is a normal image? No! Dig deeper to find out more.....
划重点:big deeper
下载拿到一张welcome的图片 尝试binwalk一下图片
提取出来可以看到里面一个2968.zip和一个d.zip,打开
a.zip打开里面是一个a.png 需要密码打开 猜测在secret.bmp拿到密码打开a.png拿flag
secret.bmp打不开,用string看一下
最后的b=xxxxxx==看起来像base64 复制下来在线解密一下
果然拿到密码,打开a.png
猜测图片里面隐写了flag 用stegsolver打开 在其中红通道隐写了flag
Spoiler
Bran Stark, wants to convey an important information to the Sansa back at winterfell. He sends her a message. The message however, is encrypted though.
Can you find out what Bran is trying to convey??
打开key.pdf
strings看一下文件
在最后出现了像十六进制的东西 copy出来删掉所有0
6a6f6e736e6f776973647261676f6e62796269727468
这个十六进制跟pdf中的等长,尝试异或
504354467b4a4f4e5f49535f54415247415259454e7d
十六进制转ASCII 拿到flag
更多WRITEUP:https://blog.52szu.tech/ctf_writeup/pctf2019/welcome/
网友评论