Nctf Writeups
NCTF
2022 competition
guide
binwalk
GitHub repositories
SQL injection
challenges
Join the NCTF 2022 competition and get ready to put your skills to the test! The summary outlines essential resources such as binwalk, GitHub repositories, and SQL injection techniques to help you conquer the challenges. Get started today and showcase your talents on the global stage!
challenges
buuctf online judge
hints and tools
binwalk
ayacms rce in nctf 2022? how to identify the cms? and how the fuck did those guys identify the shit from that damn website (bing-upms)?
answer: they are both busting common web directories. can be induced by common repo structures.
baby-aes for crypto signin?
zsteg for solving that png problem?
normal sql injection, not for denodb
huli: interesting blog where denodb 0day came from
some z3 code, which does not but angr solved the problem
from z3 import *
data1=0x162AEB99F80DD8EF8C82AFADBA2E087A
data2=0x47C9F2ACA92F6476BE7F0A6DC89F4305
data3=0x33B57575
answer=[]
flag1=[]
key=[0x7e,0x1f,0x19,0x75]
solver=Solver()
flag=[Int('flag%d'%i) for i in range(36)]
for i in range(16):
answer.append((data1>>8*i)&0xff)
for i in range(16):
answer.append((data2>>8*i)&0xff)
for i in range(4):
answer.append((data3>>8*i)&0xff)
print(answer)
for i in range(0,9):
v3=key[3]
v4=flag[4*i+3]
v5=key[0]
v6=flag[4*i]
v7=flag[4*i+1]
v8=key[1]
v9=flag[4*i+2]
v10=(v6 + v4) * (key[0] + v3)
v11=key[2]
v12 = v3 * (v6 + v7)
v13 = (v3 + v11) * (v7 - v4)
v14 = v4 * (v11 - v5)
v15 = v5 * (v9 + v4)
solver.add(v14+v10+v13-v12==answer[4*i])
solver.add(v6 * (v8 - v3) + v12==answer[4*i+1])
solver.add(v15 + v14==answer[4*i+2])
solver.add(v6 * (v8 - v3) + (v8 + v5) * (v9 - v6) + v10 - v15==answer[4*i+3])
if solver.check()==sat:
m=solver.model()
rex = []
for i in range(34):
rex.append(m[flag[i]].as_long())
print(rex)
else:
print("n0")writeups
saying this is complete for 2022 nctf?
don’t know when it is, but i remember i have seen this shit: katastros’s nctf writeup