CSAW'18 CTF writeup
web题目好难啊,太菜了,真的是太菜了
Ldab
瞎测了一下发现不是sql注入,百度查了一下Ldab得到一个Ldap注入,Ldap是轻量级目录访问协议,是一种在线目录访问协议。LDAP主要用于目录中资源的搜索和查询,是X.500的一种简便的实现。简单来说就是类似数据库的一个东东。详细介绍点这里–>传送门
第一次接触找不到注入姿势,下面给出大佬的payload
*)(uid=*))(|(uid=*
Algebra
数学计算,下面放出大佬的payload
# -*- coding:utf-8 -*-
import socket
sc = socket.socket() # 创建 socket 对象
host = "misc.chal.csaw.io" # 获取本地主机名
port = 9002 # 设置端口
addr = (host, port)
sc.connect(addr) # 绑定端口号
print sc.recv(1024)
def solve1(eq,var='X'):
eq1 = eq.replace("=","-(") + ")"
c = eval(eq1,{var:1j})
if (-c.real == 0):
return 0
else:
return -c.real/c.imag
def find():
data = sc.recv(1024)
print data
equation = data.split('\n')[0]
result = str(solve1(equation))
print '正在求解:' + equation + ', result = ' + result
sc.send(result + '\n')
print '==========================='
find()
i = 1
while True:
print '============ 第 ' + str(i + 1) + ' 轮 ==============='
data = sc.recv(2048)
print data
equation = data.split('\n')[1]
result = str(solve1(equation))
print '正在求解:' + equation + ', result = ' + result
sc.send(result + '\n')
i += 1Take an L
题目意思是,给你一个64x64的棋盘,随机给一个特殊格子,像下面
然后用四种L型的瓷砖覆盖
然后把每个L型瓷砖的坐标发过去
百度上找到的一个分治策略的做法–>传送门
# coding:utf-8
from pwn import *
import re
#context.log_level ="debug"
nc = remote("misc.chal.csaw.io",9000)
nc.recvlines(4)
dimension = nc.recvline()
print dimension
txt = nc.recvline()
print txt
localtion2 = re.search(':',txt).span()
block = txt[localtion2[1]+1:-1]
li = re.findall(r'\d+',block)
xxxx = int(li[0])
yyyy = int(li[1])
# 定义数组宽度为2的几次方
k = 6
# 棋盘宽度
size1 = pow(2, k)
# L形块的初始值
mark = 0
# table初始化
table = [[-1 for x in range(size1)] for y in range(size1)]
flag = ""
def chess(tr, tc, pr, pc, size):
global mark
global table
if size == 1:
return
mark += 1
count = mark
half = size // 2
if pr < tr + half and pc < tc + half:
chess(tr, tc, pr, pc, half)
else:
table[tr + half - 1][tc + half - 1] = count
chess(tr, tc, tr + half - 1, tc + half - 1, half)
if pr < tr + half and pc >= tc + half:
chess(tr, tc + half, pr, pc, half)
else:
table[tr + half - 1][tc + half] = count
chess(tr, tc + half, tr + half - 1, tc + half, half)
if pr >= tr + half and pc < tc + half:
chess(tr + half, tc, pr, pc, half)
else:
table[tr + half][tc + half - 1] = count
chess(tr + half, tc, tr + half, tc + half - 1, half)
if pr >= tr + half and pc >= tc + half:
chess(tr + half, tc + half, pr, pc, half)
else:
table[tr + half][tc + half] = count
chess(tr + half, tc + half, tr + half, tc + half, half)
# 棋盘展示
def show(t):
n = len(t)
for i in range(n):
for j in range(n):
print "%4d" % t[i][j],
print
def showpoint(t):
global flag
n = len(t)
for k in range(1366):
#5个L
for i in range(n):
for j in range(n):
if (t[i][j] == k):
x = "(%d,%d)" % (i,j)
flag += x
#print "%3s" % x,
flag = re.sub('\\)\\(','),(',flag)
if (flag != ''):
nc.sendline(flag)
print "%s --- ok" % flag
flag = ''
chess(0, 0, xxxx, yyyy, size1)
#show(table)
showpoint(table)
print "-----------------------ok-------------------------"
txt = nc.recvline()
print txt
nc.interactive()####战队其他大佬的write
CSAW 2018 pwn wp
CSAW 2018 writeup
CSAW 2018 复现writeup
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!