Google Drive
Gist
Clipboard
usw tool!
port:5000
使用dirsearch,取得
[19:50:02] Starting:
[19:50:09] 200 - 1KB - /admin
[19:50:25] 200 - 1KB - /login
[19:50:31] 200 - 933B - /secret
[19:50:35] 200 - 257B - /uploads
Task Completed
看到http://192.168.6.170:5000/uploads 出現flag
Flag:MACDX{superezweb}
100
Chipi chipi chapa chapa
Dubi dubi daba daba
Mágico mi dubi dubi
Boom boom boom boom boom!
Meow.zip
meow.zip有許多層資料夾
binwalk查看
unzip解壓縮
先把照片拿出來cp meow!/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/Folder/meoww.jpg meoww.jpg
用exiftool、binwalk查看都沒東西
strings查看,最後出現疑似flag
hQEtCU
*}Ed\C.
QHLJ(
U.,-
QEs2
QS#H
LQE0
lR~jBx
===>a1L0V3CAT<==
把它丟進flag中
Flag:MACDX{a1L0V3CAT}
100
Two hackers schemed anonymously in the depths of the internet for a ransom plot. When a massive cyber upheaval occurred, they seized the opportunity to clandestinely transmit the key they needed.
Complete.pacpng
查看TCP封包
發現有個Key的網頁請求
查看Follow
GET /Key HTTP/1.1
Host: 192.168.86.133:8000
User-Agent: curl/8.5.0
Accept: */*
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.11.8
Date: Tue, 16 Apr 2024 07:41:17 GMT
Content-type: application/octet-stream
Content-Length: 40
Last-Modified: Tue, 16 Apr 2024 07:41:03 GMT
TUFDRFh7c2hvdyBtZSB5b3VyIGhhbmRzaGFrZX0
base64 decode
Flag:MACDX{show me your handshake}
200
A hacker has developed a new encryption algorithm to secure his computer, using physical measures to make it difficult to breach. However, a whistleblower revealed that the hacker is lazy and uses a note to remind himself of the password. Try to uncover his encryption algorithm and retrieve the password!
note1.txt note2.png
binwalk
3868715 0x3B082B MySQL ISAM compressed data file Version 11
22497772 0x15749EC MySQL MISAM index file Version 10
26409441 0x192F9E1 MySQL ISAM index file Version 4
29607296 0x1C3C580 MySQL ISAM compressed data file Version 4
600
Listen with your heart, enjoy the fun :D
Special_sound.zip
先使用audacity來檢查,沒有發現
使用file、binwalk都沒有隱藏檔案
使用deepsound開啟,需要密碼
有工具deepsound2john,可以使用john-the-ripper來取得密碼
python deepsound2john.py Misc.wav > flag.txt
john flag.txt
原本使用John the Ripper password cracker, version 1.8.0都會爆出No password hashes loaded (see FAQ),以為沒希望,結果是版本問題
使用snap install john-the-ripper就可以安裝John the Ripper 1.9.0-jumbo-1+bleeding-f9fedd238b版本
Enabling duplicate candidate password suppressor
330651 (Misc.wav)
或是使用audacity查看頻譜
輸入後取得MAXDX.txt
https://docs.google.com/spreadsheets/d/1DATrytPt267Vd3KJULeE2m2Ytphd0pAjdEhSU7EW_CI/edit#gid=140448974
number of coordinates :10
google表單可以強制看到seed=1112
輸入1112,10可以得到
Coordinates 1 ~ 10: [('E', 0), ('G', 8), ('E', 10), ('T', 4), ('H', 9), ('B', 8), ('H', 19), ('V', 16), ('J', 2), ('A', 4)]
可能是flag,沒線索了
800
You should use the correct method to solve this question, right?
Wrong_direction.png
exiftool
Warning : [minor] Trailer data after PNG IEND chunk
pngcheck -cvt
File: Wrong_direction.png (102250 bytes)
chunk IHDR at offset 0x0000c, length 13
989 x 663 image, 32-bit RGB+alpha, non-interlaced
chunk sRGB at offset 0x00025, length 1
rendering intent = perceptual
chunk gAMA at offset 0x00032, length 4: 0.45455
chunk pHYs at offset 0x00042, length 9: 4724x4724 pixels/meter (120 dpi)
chunk IDAT at offset 0x00057, length 17423
zlib: deflated, 32K window, fast compression
chunk IEND at offset 0x04472, length 0
additional data after IEND chunk
ERRORS DETECTED in Wrong_direction.png
strings
可以發現許多TUgnp.A/yaw_thgir這類格式的字串,疑似flag
反過來是right_way/A.pngUT,可以猜測是要把後面的chunk反過來
直接把整個檔案反向
with open('Wrong_direction.png','rb') as f:
data=f.read()
with open('out.png','wb') as f:
f.write(data[::-1])
binwalk -Me png
得到
'*.png' '=.png' C.png G.png K.png O.png S.png W.png _.png
+.png '>.png' D.png H.png L.png P.png T.png X.png {.png
-.png A.png E.png I.png M.png Q.png U.png Y.png }.png
'<.png' B.png F.png J.png N.png R.png V.png Z.png 除.png
使用ll查看大小、exiftool等查看是否有特別的圖片
發現有些圖片特別大
查看flag的格式MACDX
exiftool M.png發現
Software : Shutter
Source : [1]
執行script來看順序
for i in $(ls); do echo $i;exiftool $i| grep Source; done
結果
*.png
Source : [29,30]
./+.png
./-.png
Source : [8,27]
./<.png
Source : [7]
./=.png
./>.png
Source : [28]
./A.png
Source : [2,10,13,21]
./B.png
./C.png
Source : [3]
./D.png
Source : [4]
./E.png
./F.png
./G.png
./H.png
Source : [14,25]
./I.png
Source : [24]
./J.png
./K.png
./L.png
./M.png
Source : [1]
./N.png
./O.png
Source : [18]
./P.png
./Q.png
./R.png
Source : [17]
./S.png
Source : [23]
./T.png
Source : [12,15,26]
./U.png
./V.png
./W.png
Source : [11,22]
./X.png
./Y.png
Source : [9,20]
./Z.png
./_.png
Source : [16,19]
./{.png
Source : [6]
./}.png
Source : [31]
./除.png
Flag:MACDX{<-YAWTAHT_RO_YAWSIHT->**}
100
Amid a series of network intrusions, you, as a cybersecurity analyst, are asked to investigate a suspicious image. It is believed that the attacker may have hidden instructions or key information for further attacks in this image. Your task is to analyze this image, find and submit the flag hidden in it.
download.rar
把圖片丟進aperisolve
在zsteg中找到flag
Flag:MACDX{WELCOMETOMILITARY}
200
You got a string of ciphertext:QDe_s}OW{pskt_nhFpyuz
This string of ciphertext will have four decryption steps.Decrypt it!
hint.txt
Hint中的cihpertext丟到 https://www.dcode.fr/xor-cipher
Bqy|0Vu~su0Sy`xubQvvy~u0Sy`xubFywu~ubuSqucqb0Cxyvd0Sy`xub
10
Rail Fence Cipher
Affine Cipher
Vigenere
Caesar Shift Cipher
QDe_s}OW{pskt_nhFpyuz
3↕ ↘↗ QOFWD{ppesyk_tu_snzh}
200
We have intercepted some encrypted data and highly suspect that it was generated using the RSA encryption algorithm. Can you help us decode it?
parameter.txt
message.txt
400
There is a way to find treasure by seeking a specific number.
We know the rules of the encryption algorithm, but no one has cracked it yet.
We got a Python program that describes how to perform encryption, along with a text file that reveals some related information.
In the program, a appears to be 9 and b appears to be 66, but these values do not correspond with the text file.
You have to figure out what is the treasure number.
MACDX{xxxxxxxxxxxxx} x is the treasure number
encrypted.txt
random.py
500
There seems to be a correlation between these two documents try to find out and crack
first_parameter.txt
first_message.txt
second_parameter.txt
second_message.txt
500
We also have two documents, the ciphertext and related parameters, please decipher them.
parameter_2.txt
message_2.txt
800
The Dondon lost his license password,help him to find out.
License.zip
400
On a bustling street in Germany, an overseas student unexpectedly met an adventurous traveling girl. Their initial eye contact was brimming with curiosity and surprise. As they walked hand in hand exploring the ancient streets, the laughter in the late night and stories under the warm yellow street lights brought their hearts closer together.
The boy, too shy to express his feelings openly, chose to hide his deep affection for the girl in an image. These hidden emotions, like a silent whisper encoded in the colors, await discovery.
final_1.png
將圖片丟到 https://www.aperisolve.com/58d742b201a2eaef8426069573dda7a1
400
Attention everyone, an apparition has appeared!!! If we don't act quickly, the world will be destroyed. You need to use some magic to let everything return normal. Importantly,in the process,you need to catch some secret file to revael the picture.The flag is hided in the place where marked by black brush.
Apparition.zip
打開zip可以看到裡面有一張圖片,但解壓縮會出現錯誤
file Apparition.zip
Apparition.zip: data
binwalk Apparition.zip
57830 0xE1E6 End of Zip archive, footer length: 22
可以猜測是magic number消失之類的,使用hex editor開啟發現magic number是PNG
最後有password=Oppenheimer
unzip -l Apparition.zip可以看到
Archive: Apparition.zip
Length Date Time Name
62945 2023-09-05 13:12 Apparition.PNG
62945 1 file
可以確認是magic number被改成png所以讓系統無法辨識檔案類型
把前四個byte改成\x50\x4b\x03\x04,儲存後開啟需要密碼
被塗黑,看起來是用IPhone的,所以把曝光調高
God does not play dice
600
Peter used to enjoy drawing on his computer. However, his computer was accidentally formatted. Fortunately, he still have a memory dump file kept. Can you help him recover the data?
P.S The file for this challenge is identical to "It doesn't make Sans, It's Papyrus Ver.2"
win10_zip
1000
Tommy accidently open a malicious file, can u hlep him figure out what's going on with his PC?
PS. The file for this challenge is identical to "So Ez?"
1000
Our factories are responsible for producing components, and a factory consists of several workstations. One day, during the operation, there are some problems occured. We don't have installed the surveillance system, fortunately, we have recorded the packet at that time from the SCADA, please try to know where are the broken parts in the accident. Here are a picture of simple instruction about the workstation in every factories and a schedule about all of them.
Flag Format: MACDX{ProblemFactoryID_BrokenWorkStationID_BrokenPartID} (if all parts of the workstation have problems, the BrokenPartID will be "all") (the order of IDnumber is 0123456…, and alphabet is ABCDE…)
Ex:MACDX{F1_W3_CA;F2_W4_all;F4_W0_MC;F5_CC} (This means that the conveyorA of workstation3 in factory1, all of workstation4 in factory2, machining center of workstation0 in factory4, and center conveyorC in factory5 have been discovered broken.)
file.rar
import pickle
import numpy as np
with open('model_data.pkl','rb') as f:
print(pickle.load(f))
[' Jim Abrahams' 'h!h$?Rq h"K?4??' 'negative' 'positive']
Flag:MACDX{h!h$?Rq h"K?4??}
600
There's something in the cage, would you find out what it is?
cage
600
I have got something interesting in the treasure hunting game…
gots_files.rar
300
Welcome to 2024 MACDX, please sign up here.
registry
1000
The program got some problem, get into in.
xxyolo
libc.so.6
1200
Iterasyai! Here's free beer for you!
Ubuntu 20.04
Author: Hakkanist
minami_files.rar
100
Another simple encoder. This problem might be too easy for you… Here is the flag: MACDX{fcerteenyn_cp}
question2.zip
100
Do you know what Gcode is?
gcode.txt
G代碼,是最為廣泛使用的數控程式語言,有多個版本,主要在計算機輔助製造中用於控制自動工具機。G代碼有時候也稱為G程式語言。 G代碼有命令數控機械執行動作的能力,例如執行床台移動或鑽孔… 等功能。 G代碼是由首字「G」再加上2位數字組成的。
找Gcode Viewer直接把檔案丟進去
Flag:MACDX{XXAUTH}
200
JUST A ENCODER
01011001_encrypt.py
message.png
enc_msg.txt
200
I believe you can solve this problem, what do you think?
Here is the flag: AOETM{AaВbe_UoTOВ_iL_PIt_O_dOВ}
bb.exe
300
Can you find the flag? Here is the message: MACDX{fudchpqb}
question1.zip
400
Give a word, return another word…
random.exe
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe