2022安全比赛个人赛解题思路

heade3

Burpsuite拦截 访问 发现了flag字段

HTTP/1.1 200 OK
Date: Thu, 27 Jul 2023 06:03:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 3042
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/8.0.15
Flag: flag{9964ea2e-b321-4629-a613-780ff5441ee0}
Vary: Accept-Encoding

Polybius

将题目中的压缩包解压后，看到提示如下：

棋盘:[['U', 'W', 'T', 'X', 'M'], ['A', 'S', 'Y', 'E', 'D'], ['O', 'R', 'F', 'N', 'L'], ['V', 'I', 'H', 'Z', 'Q'], ['P', 'B', 'K', 'G', 'C']]
密文:13,43,42,22,33,35,21,54,21,21,21,21,21,21

根据该格式，使用python脚本来获取输出为：明文： THISFLAGAAAAAA，使用flag包裹，即为flag{THISFLAGAAAAAA}

def create_polybius_square(board):
    # 创建Polybius棋盘，使用给定的2元数组表示
    polybius_square = {}
    for i in range(len(board)):
        for j in range(len(board[i])):
            polybius_square[board[i][j]] = (i + 1, j + 1)
    return polybius_square

def decrypt_polybius(polybius_square, ciphertext):
    # 解密Polybius密文
    plaintext = ""
    ciphertext = ciphertext.replace(",", "")  # 去除逗号分隔
    for i in range(0, len(ciphertext), 2):
        row = int(ciphertext[i])
        col = int(ciphertext[i + 1])
        for letter, position in polybius_square.items():
            if position == (row, col):
                plaintext += letter
                break
    return plaintext

if __name__ == "__main__":
    # 给出Polybius棋盘，以2元数组表示
    chessboard = [['U', 'W', 'T', 'X', 'M'], ['A', 'S', 'Y', 'E', 'D'], ['O', 'R', 'F', 'N', 'L'], ['V', 'I', 'H', 'Z', 'Q'], ['P', 'B', 'K', 'G', 'C']]
    
    # 给出密文，每两个字符用逗号分隔
    ciphertext = "13,43,42,22,33,35,21,54,21,21,21,21,21,21"

    # 创建Polybius棋盘
    polybius_square = create_polybius_square(chessboard)

    # 解密并打印明文
    plaintext = decrypt_polybius(polybius_square, ciphertext)
    print("明文：", plaintext)

base32

将题目中的内容进行base32解码，即可获得flag