Stroke experience--the first Henan University information Security and offensive contest

DAY-1

Come up actually has the choice question, each 100 choice question, has the multi-choice, also has the typo, the real pit. At the beginning of the game someone in the selection question bank, and the organizer did a py deal, how they anticipate ... (The team that finally has the question bank is actually higher than 100 points)

Problem solving + infiltration of public host mode, I am responsible for solving problems, the other two people infiltration of the host. Finally took a total of two public host, learn the brother one to take, one is upload loophole, another is the successful use of cve-2014-6271.

First question

gave the string \u606d\u559c\u60a8\uff01\u006b\u0065\u0079\u007b\u0074\u0068\u0065\u0020\u0066\u0069\u0072\u0073\u0074\ u0020\u006b\u0065\u0079\u007d

Don't think,Unicode encoding

Key{the First Key}

Second question

Hint Masonic, pigsty code.

Corresponding decryption

Key{this is ISCC}

Third question

XOR or encryption

00000100001000001101000001100001010

Then the key large, converted into a 7-bit ascii:11011001100001111001011001111100101

XOR or operation

0110111001101001011010000110000101101111

ASCII conversion to character: Nihao

Key{nihao}

Question Fourth

Caesar Password

E6z9i~]8r~u~qhe{rny{qxg~qnq{^xvlrxlp^xi5q6q6sky8juaa

Are all strings that can be displayed, it should be Caesar.

A Caesar script that was written 127 times ago, dropped into python and burst into a base64 (should have been moved 2 times)

a2v5ezy4nzqzmdawnjuwmtczmjmwztrhnthlzte1m2m2ogu4fq==

Decrypt
Key{68743000650173230e4a58ee153c68e8}

Question Fifth

Xiao Ming invaded the site after the administrator's ciphertext, because too happy hand a shake to delete a part of the redaction, only the former ten d9ddd1800f, Xiao Ming according to social workers know the password habits of the administrator is 4 digit number plus the letter, can you help Xiao Ming recover the hash value of the password? Answer submission format:key{xxxxxx}--- score

(did not make out) train of thought some, constructs a 4-digit letter + number dictionary, the batch MD5 encrypts, the collision first 10 bit whether matches. At that time the internet is too slag python download hashlib, stranded.

Question Sixth

The topic says to be cracked a file, attachment opens after is an APK structure. Try to revert to apk, not installed (later found the emulator is broken).

Mainly looked at the layout of the directory, found that Help.xml modified time than the other one year later, Notepad opened to find the flag

KEY{2016_KEY_HELP}

Question Seventh

"I drew a picture of it, who knows what it is?" ”

Binary Viewer open Look, the front is very regular, there is no hidden features. Drag to the bottom to see a string of characters:& #107;& #101;& #121;& #123;& #121;& #111;& #117;& #32;& #97;& #114; & #101;& #32;& #114;& #105;& #103;& #104;& #116;& #125;

At first, the submission format is key{},k and the E-letter ordinal difference is 6,e and y is 20, all correspond to, and then first write the letter range. Other non-letter based on location plus spaces and {}, form the submission format.

When I look at it, I think of it. 107 is actually the number of the 10 binary representation of K,%d becomes the%c output.

Key{you_are_right}

Question Tenth

An APK reverse. Restore a bit, then the simulator is broken, can not be used. Throw it in the GDA and look inside. Just saw mainactivity, found the key.

Feelings of the person or the first write the password into the program, and then make a comparison, in the investigation I will not use tools ...

Question 19th

http://172.16.2.253:8005/safrrgtwsgvwweb05/hello.php

This is the Web check-in question, click into the URL inside the two ll will change, change or will jump back. Open the Burp, and then change, found that the location of the record site more than a hello.php, the response packet header has key.

DAY-2

A total of 12 rounds, was beaten one day, bad luck, was the first to delete the site, the longest time to downtime. Finally recovered, the teammates over-reinforced. has been counted down, buckle to the bottom of the first. After dinner the reinforcement rules were almost modified, but the defense did not clean the back door. The 10th round found the WEB4 host on the STRUTS2 vulnerability, successful use, began harvesting, 56 teams can reap more than 40 teams. A flag of 5 points, Harvest 2 rounds, recover more than 500 points, the end of milk a wave, not the countdown is good.

Lack of experience, unaware that there will be a manual black-out station to make an outage. Manual too slow, no preparation script, suffer.

As a hobby for a year, the first time to fight and defend, heavy participation.

Stroke experience--the first Henan University information Security and offensive contest