XYCTF2025 Writeup – G3rling's Blog

XGCTF

在ctfshow上进行搜索，找到题目名称

easy_polluted

下载附件后搜索其中较有特征的代码

return "NO POLLUTED!!!YOU NEED TO GO HOME TO SLEEP~"

顺带找到 dragonkeep师傅的文章，在元素中进行搜索

ZmxhZ3sxdF9JM190M0Vfc0BNZV9DaEFsMWVOZ2VfYVRfYTFMX1AxZUBzZV9mT3JnMXZlX01lfQ==

解码后得到Flag

flag{1t_I3_t3E_s@Me_ChAl1eNge_aT_a1L_P1e@se_fOrg1ve_Me}

签个到吧

这一题比较有意思，brainfuck的原理题，以前的都是一把梭，但是这一题把brainfuck中代表输出的.给删除了，我们在每一次内存清零 [-] 前加上输出 . 即可，这里注意要使用 < > 对指针进行调整，非常好的一道题目

flag{W3lC0me_t0_XYCTF_2025_Enj07_1t!}

MADer也要当CTFer

先strings附件中的mkv文件，可以得到一些数据

,0,Default,,0,0,0,,5249465800029f6c4567672173766170000000040f
1,0,Default,,0,0,0,,0286346865616400000014005f00050f0286348000
2,0,Default,,0,0,0,,00000000001b00000cdc6e68656400000020000000
3,0,Default,,0,0,0,,0000000005000101001e100200000003a8b53fcc01
4,0,Default,,0,0,0,,00000004b53fcc006e6e6864000000280000000000
5,0,Default,,0,0,0,,000005000101000000001e00000010020000000000
6,0,Default,,0,0,0,,03a8b53fcc0100000004b53fcc0061646672000000
7,0,Default,,0,0,0,,0840e77000000000004c495354000000125065666c
8,0,Default,,0,0,0,,706a6566000000055045544432004c495354000041
9,0,Default,,0,0,0,,ee456664474566444300000004010000004c495354
10,0,Default,,0,0,0,,000041d64566446674646d6e000000285045544432
……
8402,0,Default,,0,0,0,,202020202020202020202020202020202020202020
8403,0,Default,,0,0,0,,202020202020202020202020202020202020202020
8404,0,Default,,0,0,0,,202020202020202020202020202020202020202020
8405,0,Default,,0,0,0,,202020202020202020202020200a20202020202020
8406,0,Default,,0,0,0,,20202020202020202020202020202020202020200a
8407,0,Default,,0,0,0,,3c3f787061636b657420656e643d2277223f3e

提取后面的十六进制后转成文件，发现里面有AE工程文件的特征，使用AE打开（这里没有开版本兼容，所以只能用2024，我的一血！！！）。打开后发现没有图层，其实是隐藏了，打开隐藏的图层

可以不用调整参数，直接选中复制到记事本中查看，得到Flag（公告里不是说的统一Flag头为XYCTF吗???我的二血！！！）

flag{l_re@IIy_w@nn@_2_Ie@rn_AE}

天不时地不利人不和，遗憾拿下三血

会飞的雷克萨斯

锁定店铺名称

flag{四川省内江市资中县春岚北路中铁城市中心内}

曼波曼波曼波

txt内的数据reverse后进行base64可以得到一张jpg图片

分离后得到一个压缩包，里面的txt说明了密码内容

密码是什么来着，有点记不清了，呜呜呜呜
好像是什么比赛名字加年份

掩码爆破，得到压缩包密码

XYCTF2025

解压后发现和一开始得到的图片一样，但是大小有区别，双图盲水印得到Flag

XYCTF{easy_yin_xie_dfbfuj877}

Greedymen

根据题目进行编程

import math
from pwn import*

def get_proper_divisors(n):
    if n == 1:
        return []
    divisors = {1}
    for i in range(2, int(math.sqrt(n)) + 1):
        if n % i == 0:
            divisors.add(i)
            other = n // i
            if other != i:
                divisors.add(other)
    return sorted(divisors)

io = remote('47.93.96.189',32843)
io.sendline(b'1')

for i in range(3):
    io.recvuntil(b'Unassigned Numbers: ')
    unassigned_numbers = io.recvline().strip().decode()
    unassigned_numbers = unassigned_numbers.strip('[]').split(',')
    unassigned_numbers = [int(num.strip()) for num in unassigned_numbers]
    print(f'Unassigned Numbers: {unassigned_numbers}')

    io.recvuntil(b'Counter: ')
    counter = io.recvline().strip().decode()
    counter = int(counter)
    print(f'Counter: {counter}')

    player_score = 0
    opponent_score = 0

    while counter > 0 and unassigned_numbers:
        # Find all valid choices
        valid_choices = []
        for num in unassigned_numbers:
            divisors = get_proper_divisors(num)
            if not divisors or any(d in unassigned_numbers for d in divisors):
                valid_choices.append(num)

        if not valid_choices:
            break

        # Calculate optimal choice (number with highest net gain)
        best_num = None
        best_net = -float('inf')
        for num in valid_choices:
            divisors = get_proper_divisors(num)
            opponent_gain = sum(d for d in divisors if d in unassigned_numbers)
            net_gain = num - opponent_gain
            if net_gain > best_net or (net_gain == best_net and num > best_num):
                best_num = num
                best_net = net_gain

        # Player selects the number
        player_score += best_num
        unassigned_numbers.remove(best_num)

        # Opponent selects all proper divisors
        divisors = get_proper_divisors(best_num)
        opponent_points = 0
        for d in divisors:
            if d in unassigned_numbers:
                opponent_points += d
                opponent_score += d
                unassigned_numbers.remove(d)

        counter -= 1

        # Print turn summary
        print(f"Player chooses: {best_num}")
        io.sendlineafter(b'Choose a Number:',str(best_num))
        print(f"Player score: {player_score} | Opponent score: {opponent_score}")
        print(f"Unassigned Numbers: {sorted(unassigned_numbers)}")
        print(f"Counter remaining: {counter}")
        print("-"*60)

    # Game over, remaining numbers go to opponent
    remaining_sum = sum(unassigned_numbers)
    opponent_score += remaining_sum

    print("Game Over!")
    print("="*60)
    print(f"Final Player score: {player_score}")
    print(f"Final Opponent score: {opponent_score}")
    if player_score > opponent_score:
        print("Player wins!")
    elif player_score < opponent_score:
        print("Opponent wins!")
    else:
        print("It's a tie!")

io.interactive()

XGCTF

在ctfshow上进行搜索，找到题目名称

easy_polluted

下载附件后搜索其中较有特征的代码

return "NO POLLUTED!!!YOU NEED TO GO HOME TO SLEEP~"

顺带找到 dragonkeep师傅的文章，在元素中进行搜索

ZmxhZ3sxdF9JM190M0Vfc0BNZV9DaEFsMWVOZ2VfYVRfYTFMX1AxZUBzZV9mT3JnMXZlX01lfQ==

解码后得到Flag

flag{1t_I3_t3E_s@Me_ChAl1eNge_aT_a1L_P1e@se_fOrg1ve_Me}

2025 年 4 月
一	二	三	四	五	六	日
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

XGCTF

签个到吧

MADer也要当CTFer

会飞的雷克萨斯

曼波曼波曼波

Greedymen

XGCTF

发送评论 编辑评论

推荐文章

发送评论编辑评论