2022安全比赛个人赛解题思路

heade3

Burpsuite拦截 访问 发现了flag字段

1
2
3
4
5
6
7
8
9
HTTP/1.1 200 OK
Date: Thu, 27 Jul 2023 06:03:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 3042
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/8.0.15
Flag: flag{9964ea2e-b321-4629-a613-780ff5441ee0}
Vary: Accept-Encoding

Polybius

将题目中的压缩包解压后,看到提示如下:

1
2
棋盘:[['U', 'W', 'T', 'X', 'M'], ['A', 'S', 'Y', 'E', 'D'], ['O', 'R', 'F', 'N', 'L'], ['V', 'I', 'H', 'Z', 'Q'], ['P', 'B', 'K', 'G', 'C']]
密文:13,43,42,22,33,35,21,54,21,21,21,21,21,21

根据该格式,使用python脚本来获取输出为:明文: THISFLAGAAAAAA,使用flag包裹,即为flag{THISFLAGAAAAAA}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
def create_polybius_square(board):
# 创建Polybius棋盘,使用给定的2元数组表示
polybius_square = {}
for i in range(len(board)):
for j in range(len(board[i])):
polybius_square[board[i][j]] = (i + 1, j + 1)
return polybius_square

def decrypt_polybius(polybius_square, ciphertext):
# 解密Polybius密文
plaintext = ""
ciphertext = ciphertext.replace(",", "") # 去除逗号分隔
for i in range(0, len(ciphertext), 2):
row = int(ciphertext[i])
col = int(ciphertext[i + 1])
for letter, position in polybius_square.items():
if position == (row, col):
plaintext += letter
break
return plaintext

if __name__ == "__main__":
# 给出Polybius棋盘,以2元数组表示
chessboard = [['U', 'W', 'T', 'X', 'M'], ['A', 'S', 'Y', 'E', 'D'], ['O', 'R', 'F', 'N', 'L'], ['V', 'I', 'H', 'Z', 'Q'], ['P', 'B', 'K', 'G', 'C']]

# 给出密文,每两个字符用逗号分隔
ciphertext = "13,43,42,22,33,35,21,54,21,21,21,21,21,21"

# 创建Polybius棋盘
polybius_square = create_polybius_square(chessboard)

# 解密并打印明文
plaintext = decrypt_polybius(polybius_square, ciphertext)
print("明文:", plaintext)

base32

将题目中的内容进行base32解码,即可获得flag


2022安全比赛个人赛解题思路
http://example.com/2023/07/27/ctf/2022安全比赛个人赛解题思路/
作者
ningan123
发布于
2023年7月27日
许可协议