2023-01-14
正方教务系统Sql注入

通过url遍历得到asmx结尾的url进行注入 如果你要进行报复学校这个看起来很不错

Read More

2022-12-05
Nctf Writeups

challenges

the platform

official released source code

buuctf online judge

you may find many writeups in blog and github for buuctf.

hints and tools

binwalk

arr3esty0u github info

shg-sec

hack.lu 2022

ayacms rce in nctf 2022? how to identify the cms? and how the fuck did those guys identify the shit from that damn website (bing-upms)?

answer: they are both busting common web directories. can be induced by common repo structures.

baby-aes for crypto signin?

zsteg for solving that png problem?

normal sql injection, not for denodb

huli: interesting blog where denodb 0day came from

some z3 code, which does not but angr solved the problem

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from z3 import *
data1=0x162AEB99F80DD8EF8C82AFADBA2E087A
data2=0x47C9F2ACA92F6476BE7F0A6DC89F4305
data3=0x33B57575
answer=[]
flag1=[]
key=[0x7e,0x1f,0x19,0x75]
solver=Solver()
flag=[Int('flag%d'%i) for i in range(36)]
for i in range(16):
answer.append((data1>>8*i)&0xff)
for i in range(16):
answer.append((data2>>8*i)&0xff)
for i in range(4):
answer.append((data3>>8*i)&0xff)
print(answer)
for i in range(0,9):
v3=key[3]
v4=flag[4*i+3]
v5=key[0]
v6=flag[4*i]
v7=flag[4*i+1]
v8=key[1]
v9=flag[4*i+2]
v10=(v6 + v4) * (key[0] + v3)
v11=key[2]
v12 = v3 * (v6 + v7)
v13 = (v3 + v11) * (v7 - v4)
v14 = v4 * (v11 - v5)
v15 = v5 * (v9 + v4)
solver.add(v14+v10+v13-v12==answer[4*i])
solver.add(v6 * (v8 - v3) + v12==answer[4*i+1])
solver.add(v15 + v14==answer[4*i+2])
solver.add(v6 * (v8 - v3) + (v8 + v5) * (v9 - v6) + v10 - v15==answer[4*i+3])
if solver.check()==sat:
m=solver.model()
rex = []
for i in range(34):
rex.append(m[flag[i]].as_long())
print(rex)
else:
print("n0")

writeups

saying this is complete for 2022 nctf?

arr3ty0u nctf 2022 writeup

nctf 2019 writeup

don’t know when it is, but i remember i have seen this shit: katastros’s nctf writeup

ctfiot chamd5 nctf 2022 writeup

nctf 2022 official crypto writeup

Read More