[Day30]- 新手的CTF系列picoCTF 2019

12th鐵人賽

macaron

2020-10-15 22:53:24

6166 瀏覽

分享至

Day30- 新手的CTF系列picoCTF 2019

正文

終於！來到最後一篇了，好感動( ´▽｀)
這篇來打一下簡單的CTF吧
以下是寫picoCTF 2019 Web Exploitation 的題目

Insp3ct0r

Kishor Balan tipped us off that the following code may need inspection: https://2019shell1.picoctf.com/problem/11196/ (link) or http://2019shell1.picoctf.com:11196

解法：

先看看原始碼
可以看到下面註解
- 
再看看別的檔案有什麼東西
- mycss.css 檔
  - Here's part 2/3 of the flag: t3ct1ve_0r_ju5t
- myjs.js 檔
  - Anyways part 3/3 of the flag: _lucky?9df7e69a}
要注意這些是有順序的喔
picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?9df7e69a}

dont-use-client-side

Can you break into this super secure portal? https://2019shell1.picoctf.com/problem/32259/ (link) or http://2019shell1.picoctf.com:32259

解法：

先看看原始碼
你會發現

<script type="text/javascript">
  function verify() {
    checkpass = document.getElementById("pass").value;
    split = 4;
    if (checkpass.substring(0, split) == 'pico') {
      if (checkpass.substring(split*6, split*7) == 'b956') {
        if (checkpass.substring(split, split*2) == 'CTF{') {
         if (checkpass.substring(split*4, split*5) == 'ts_p') {
          if (checkpass.substring(split*3, split*4) == 'lien') {
            if (checkpass.substring(split*5, split*6) == 'lz_e') {
              if (checkpass.substring(split*2, split*3) == 'no_c') {
                if (checkpass.substring(split*7, split*8) == 'b}') {
                  alert("Password Verified")
                  }
                }
              }
      
            }
          }
        }
      }
    }
    else {
      alert("Incorrect password");
    }
    
  }
</script>

它有順序，按照順序拼
picoCTF{no_clients_plz_eb956b}

logon

The factory is hiding things from all of its users. Can you login as logon and find what they've been looking at? https://2019shell1.picoctf.com/problem/21895/ (link) or http://2019shell1.picoctf.com:21895