BCACTF | 风尘孤狼

风尘孤狼

知识型学习记录

0%

BCACTF

发表于 更新于 分类于 阅读次数: Valine:
本文字数: 2.5k 阅读时长 ≈ 2 分钟

国外的比赛,参加一些,多见见题型,大部分都是web,其他的也涉及了一点,就会这些。。。我还是fw,心态炸了。

Web

real deal html

I have just made the most ultimate html site. This site, this html. This is the real deal

看源代码得到flag

bcactf{tH4TZ_D4_R34l_D3Al_cb8949}

Agent Rocket

I need to launch the BCA CTF ROCKET to the moon! Unfortunately I lost my launch code (flag). You can find the launch code in the control panel.

image8fdfe5d87124a95e.png

看源码得到提示,你说不是就不是了?我偏要试试

image992e576d4752966a.png

成功登陆进去imaged0577bc4699c96a1.png

没啥利用点,继续看源码,得到提示image09b1e8eda8dc3982.png

一开始我在想控制面板的地址是啥,一直不知道,看到题目提示说在这个页面是进不去控制面板的,很不解,问了一下学长,需要修改UA头,得到flag

image32c6aa7d5dd39981.png

bcactf{u53r_4g3Nt5_5rE_c0OL_1023}

Three Step Trivia

Us at BCACTF love staircases so much that we decided to make a trivia quiz about them! Are you a staircase expert? Can you solve all three steps?

hint: The internet is a helpful resource

没啥巧,都是在网上直接搜

imaged2569720154aa63f.png

第一个答案是7.75英尺image547dbad65283e0dc.png

image625256e12b5f5c04.png

但是只输入7却显示image5cf92ff82129a400.png

猜想是前端校验,f12改一下image42087ad431c746f8.png

发送之后又得到个get请求,传7_75image005343135968cad2.png

第二题

imagea6c4e0c536c00460.png

image4c131c41f4c3992d.png

直接get传11674,第三题image5f43d1c18818c2f9.png

依然搜素,The 16th Avenue Tiled Steps project has been a neighborhood collaboration to create a sea to stars themed mosaic flowing up a 163 step stairway located in San Francisco’s Golden Gate Heights Neighborhood.

没有提交按钮,f12看一下

<button type="submit" class="btn" style="visibility: hidden;">Submit</button>  // hidden-->visitibly

imageb809ff1013ba70c1.png

bcactf{sT41r_c4A3_m45T3R_5jfUn9Z}

Cookies

Look, I made a website to teach you how to make cookies. There’s some other recipes there too, and I made a super secure portal to add more.

主界面长这个样子

image4a72e30b6e073f8f.png

目录里面有个admin,点进去发现是登陆后台的界面

imaged3f96bb0d8591577.png

image847c2cf74db009c4.png

看源代码,查看adminLog.js文件发现这段代码

function handleInput() {
    let uname=unameElem.value;
    if (uname != "admin") {
        alert("You're not admin");
        return;
    }

    let pwd = pwdElem.value;
    let encodedPwd = fancyEncode(pwd);

    setCookie("pwd", encodedPwd, 365);

    window.location.replace("adminEditor.html");

}

//dont worry about the intricacies of the setCookie and getCookie functions
//just understand what they do and how to use them

说明用户名需要修改成admin,密码的话貌似随便就行,然后就可正常登陆进去。

但是这个用户名初始是Guest,不能直接改,用f12改一下就可以。

登陆进去之后是空白页面,应该就是cookie问题吧,继续查看源代码,发现两个js文件,看一下editor.js文件,发现下面这段代码

if (getCookie("pwd") == "98e99e97e99e116e102e123e117e36e101e114e115e95e115e51e51e95e99e48e48e107e33e101e115e95e55e111e111e95e56e54e51e111e52e116e53e125e") {
    window.location.replace("flag.html");
}

意思就是把pwd这个cookie的值改成这些就会出来flag.html的页面内容,修改刷新得到flag。

image1ddf63b9d8870070.png

bcactf{u$ers_s33_c00k!es_7oo_863o4t5}

Misc

Broken Image

My friend said that he made a really cool drawing in MS Paint but I can’t open it! Maybe my computer is broken? Or the image? I really don’t know. Could you try opening it for me and telling me what it is?

下载个chall.svg,010查看是png格式,改后缀得到flag

image3a21f45ebb84c46e.png

bcactf{br0k3n_1m4g3_4nd_1m4g3_4nd_1m4g3}

My New Friend

附件一个图片,lsb得到flag

imagedca1db2c6fa8636e.png

bcactf{h15_n4m3_15_g3rb3rt_4798jU}

pwn

Intro 2 Pwn

So… you want to learn how to pwn?

就是玩玩wpn,我不会,这个就是送分的,nc之后是这样imagebee2cf1d4f79d3dd.png

bcactf{theysay_aflagisworth100hamsters_8e7389bc}
制作不易,如若感觉写的不错,欢迎打赏