签到
base64转图片拿到一个二维码,关注Syclover 的微信公众号然后 `cat /flag`
头号玩家
打飞机
看到左上角有个分数就想改,上CE修改器,可以查到分数的内存然后修改,但是没什么卵用
随便玩玩发现飞机可以跑到地图外面,一直往前冲就出flag了
Maaaaaaze
xkxnb
xkx:白给题,查看html源代码发现每个点位的方块有’top’, ‘bottom’, ‘left’, ‘right’,表示该点上下左右不能走。直接使用正则表达式提取每个点的坐标及其对应的状态,用1+2+4+8存储,然后以图上每一个点作为初始点深度优先搜索即可,每次更新最大值maxn
import re
import sys
import hashlib
sys.setrecursionlimit(100000)
wyx = [[0 for i in range(100)] for i in range(100)]
vis = [[0 for i in range(100)] for i in range(100)]
str1 = ''
str2 = re.findall(r"<td (.+?);\"> </td>", str1)
for i in str2:
a = re.findall(r"id=\"(.+?)-", i)
b = re.findall(r"-(.+?)\"", i)
if 'top' in i:
wyx[int(a[0])][int(b[0])] += 1
if 'bottom' in i:
wyx[int(a[0])][int(b[0])] += 2
if 'left' in i:
wyx[int(a[0])][int(b[0])] += 4
if 'right' in i:
wyx[int(a[0])][int(b[0])] += 8
maxn = 0
def judge(x, y):
if x < 0 or x > 99:
return False
if y < 0 or y > 99:
return False
if vis[x][y] == 1:
return False
return True
def dfs(x, y, step):
global maxn
maxn = max(maxn, step)
v = wyx[x][y]
vis[x][y] = 1
if v >= 8:
v -= 8
else:
if judge(x, y + 1):
dfs(x, y + 1, step + 1)
if v >= 4:
v -= 4
else:
if judge(x, y - 1):
dfs(x, y - 1, step + 1)
if v >= 2:
v -= 2
else:
if judge(x + 1, y):
dfs(x + 1, y, step + 1)
if v >= 1:
v -= 1
else:
if judge(x - 1, y):
dfs(x - 1, y, step + 1)
vis[x][y] = 0
for i in range(100):
for j in range(100):
dfs(i, j, 0)
print maxn+1
**warmup **
#!/usr/bin/python
# -*- coding: utf-8 -*-
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor
from Crypto.Random import get_random_bytes
from FLAG import flag
class MAC:
def __init__(self):
self.key = get_random_bytes(16)
self.iv = get_random_bytes(16)
def pad(self, msg):
pad_length = 16 - len(msg) 16
return msg + chr(pad_length) * pad_length
def unpad(self, msg):
return msg[:-ord(msg[-1])]
def code(self, msg):
res = chr(0)*16
for i in range(len(msg)/16):
res = strxor(msg[i*16:(i+1)*16], res)
aes = AES.new(self.key, AES.MODE_CBC, self.iv)
return aes.encrypt(res).encode('hex')
def identity(self, msg, code):
if self.code(msg) == code:
msg = self.unpad(msg)
if msg == 'please send me your flag':
print 'remote: ok, here is your flag:s' flag
else:
print 'remote: I got it'
else:
print 'remote: hacker!'
if __name__ == '__main__':
mac = MAC()
message = 'see you at three o\'clock tomorrow'
print 'you seem to have intercepted something:{s:s}' (mac.pad(message).encode('hex'), mac.code(mac.pad(message)))
print 'so send your message:'
msg = raw_input()
print 'and your code:'
code = raw_input()
mac.identity(msg.decode('hex'), code)
exit()
输入msg和对应的code,构造’please send me your flag’获取flag
identity中,先调用code对msg加密,密文和输入的code比较,然后用upad后的msg和’please send me your flag’比较
pad填充字符串使长度为16的倍数,并且在字符串的最后一个字节记录填充字符个数
upad根据最后一个字节截取字符串
在code函数中,AES加密前,字符串每16个字符一组进行异或
已知’see you at three o'clock tomorrow’的密文,也可以得到这句话在AES加密前异或处理的结果为24054d4c1a0f19444e0f4016080f1805,可以在’please send me your flag’后填充字符,使异或后为24054d4c1a0f19444e0f4016080f1805,然后输入’see you at three o'clock tomorrow’的密文完成验证
'''
'please send me your flagaaaaaaaaaaaaaaaaaaaaaaa\x18'
'please send me y'
'our flagaaaaaaaa'
'aaaaaaaaaaaaaaa\x18'
'''
a = '24054d4c1a0f19444e0f4016080f1805'.decode('hex')
b = 'please send me y'
print(strxor(a,b).encode('hex'))
#5469282d696a39372b612436656a387c
a='our flag'
j = '5469282d696a39372b612436656a387c'.decode('hex')
print(j)
for i in range(len(a)):
print(hex(ord(a[i])^ord(j[i])))
'''
706c656173652073656e64206d652079
6f757220666c61672b612436656a3864
3b1c5a0d0f0658500000000000000018
'''
'706c656173652073656e64206d6520796f757220666c61672b612436656a38643b1c5a0d0f0658500000000000000018'
本作品采用知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议(CC BY-NC-ND 4.0)进行许可。
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0).