简单签到,关注:”杭师大网安“谢谢喵🐱
关注公众号,发送信息得到Flag
TGCTF{Efforts_to_create_the_strength, attitude_determines_altitude.}next is the end
用 ls 命令的 -R 递归参数进
ls -R得到路径后cat flag.txt文件
cat ./next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/next_or_end/you_get_it/flag.txt得到Flag
flag{so_great!}where it is(osint)
将图片进行识图,得到学校名称
内湖高级工业职业学校百度地图搜索得到轨道名称,得到Flag
TGCTF{港墘站}你的运气是好是坏?
根据直觉,直接猜(好时代、来临力!)
TGCTF{114514}这是啥o_o
根据16进制可以知道是gif,更改后缀。拆分Gif图片
在最后九张发现左上角有汉信码,切分组合
得到了这句话
time is your fortune ,efficiency is your life翻译一下(他奶奶滴)
时间是你的财富,效率是你的生命提取帧间隔
['840', '710', '670', '840', '700', '1230', '890', '1110', '1170', '950', '990', '970', '1170', '1030', '1040', '1160', '950', '1170', '1120', '950', '1190', '1050', '1160', '1040', '950', '1160', '1050', '1090', '1010', '330', '1250']整理一下格式,发现按TGCTF头刚好对应84 71 67……删除多余的0
84 71 67 84 70 123 89 111 117 95 99 97 117 103 104 116 95 117 112 95 119 105 116 104 95 116 105 109 101 33 1250十进制转字符得到Flag
TGCTF{You_caught_up_with_time!}TeamGipsy&ctfer
查看访问记录。发现txt
查看txt内容
1 passwd hznuctfer
2 reboot
3 pass
4 passwd hznuctfer
5 reboot
6 sudo apt update
7 sudo apt install docker.io
8 clear
9 docker -v
10 docker run -d --name TeamGipsyctf1 -e MYSQL_ROOT_PASSWORD=password_is_me mysql
11 docker exec -it TeamGipsy1 bash
12 docker exec -it TeamGipsyctf1 bash
13 docker run -d --name TeamGipsyctf2 -e MYSQL_ROOT_PASSWORD=password_is_me mysql
14 docker exec -it TeamGipsy2 bash
15 docker exec -it TeamGipsyctf2 bash
16 docker -l
17 docker ps
18 docker stop TeamGipsyctf1
19 docker stop TeamGipsyctf2
20 docker ps
21 exit
22 history
23 history > mimi.txt发现是对sql容器进行操作,查看容器
得到Flag
HZNUCTF{0H!_YOu_are_really_the_TeamGipsy_ctfer}ez_zip
第一层无提示,进行爆破
得到压缩包密码
20250412得到sh.txt内容
Awesome,you_are_so_goodsha512进行加密
0894fb7edcf85585e8749faeac3c7adf4247ae49b50cc55c4dd5eead0a9be60b7d848baece2ee65273d110317be4fe709c4b2bdeab48a212ca741e989df39963比对发现CRC相同,进行明文攻击
得到最后一层压缩包,需要修复,将一个正常压缩包进行比对修复
先看文件源数据区
需要修复的地方如下:
文件名长度有问题,改成8
接着查看文件目录区
需要根据文件源数据区填充数据,红框内的都是缺失的,可以直接复制文件源数据区进行修改
还有一个需要注意的是,需要把压缩方式改为8
修复成功后解压得到Flag
TGCTF{Warrior_You_have_defeated_the_giant_dragon!}你能发现图中的秘密吗?
通道中发现压缩包密码
i_1ove_y0u解压后对 final_challenge2.png 进行binwalk发现有zlib,加上头尾,对宽高进行爆破,得到一张新图片
得到第一段Flag
flag{you_are_so打开PS,查看pdf,发现有两个图层
得到第二段Flag
_attentive_and_conscientious}得到完整Flag
flag{you_are_so_attentive_and_conscientious}