hgame2022-week1

目录

web

Classic Childhood Game

Become A Member

Show Me Your Beauty

Guess Who I Am

crypto

RSA

神秘的电话

misc

e99p1ant_want_girlfriend

Sign In

神秘的海报

Where am I

Reverse

test your IDA

easyasm

Pwn

test_nc

web

Classic Childhood Game

游戏题,一般都是跟js文件有关

ctrl + u

一个个看js文件,发现这个文件里面就是游戏一关关的剧情

打开js跳到最后,看到一串字符,有关就是通关之后出flag的字符了

Become A Member

http的知识

改UA头为Cute_Bunny

cookie:code=Vidar

Referer:

 josn格式post

hgame{H0w_ArE_Y0u_T0day?}

Show Me Your Beauty

一开始尝试pht文件可以上传成功,但是连antsward返回数据为空

大小写绕过

连antsward

虚拟终端catflag

hgame{Unsave_F1L5_SYS7em_UPL0ad!}

Guess Who I Am

总结:

题目不难,锻炼了一波写python脚本

看源码得到hint

得到杭电的战队信息

手打了几下

应该要答对一定次数才能get flag

bp抓包看看

发现存在3个请求

  • api/getScore
  • api/getQuestion
  • api/verifyAnswer
  • 分别用来获取分数、获取intro信息、提交答案,三次请求作为一次完整的过程,且session相同
  • python测试一下看看返回的具体信息

返回json格式数据

下面就是写一个脚本

思路:将github上面的信息存入一个列表,发送请求(api/getQuestion)先获取题目,在表中检索题目,然后将id发到 api/verifyAnswer 验证,最后api/getScore接收分数和flag

 exp:

import requests
#战队信息字典
answer =  [{"id": "ba1van4","intro": "21级 / 不会Re / 不会美工 / 活在梦里 / 喜欢做不会的事情 / ◼◻粉","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=kSt5er0OQMXROy28nzTia0A&s=640","url": "https://ba1van4.icu"},{"id": "yolande","intro": "21级 / 非常菜的密码手 / 很懒的摸鱼爱好者,有点呆,想学点别的但是一直开摆","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=rY328VIqDc7lNtujYic8JxA&s=640","url": "https://y01and3.github.io/"},{"id": "t0hka","intro": "21级 / 日常自闭的Re手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=EYNwm1PQe8o5OcghFb4zfw&s=640","url": "https://blog.t0hka.top/"},{"id": "h4kuy4","intro": "21级 / 菜鸡pwn手 / 又菜又爱摆","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=BmACniaibVb6IL6LiaYF4Uvlw&s=640","url": "https://hakuya.work"},{"id": "kabuto","intro": "21级web / cat../../../../f*","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=oPn2ez6Nq12GqPZG6cV7nw&s=640","url": "https://www.bilibili.com/video/BV1GJ411x7h7/"},{"id": "R1esbyfe","intro": "21级 / 爱好歪脖 / 究极咸鱼一条 / 热爱幻想 / 喜欢窥屏水群","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=FLyUHP6nYov19gA0ia83u8Q&s=640","url": "https://r1esbyfe.top/"},{"id": "tr0uble","intro": "21级 / 喜欢肝原神的密码手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=bgcib3gBjJGdKEf7BZ512Uw&s=640","url": "https://clingm.top"},{"id": "Roam","intro": "21级 / 入门级crypto","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=5wzr9TVyw2nxOz5Jb7ceaQ&s=640","url": "#"},{"id": "Potat0","intro": "20级 / 摆烂网管 / DN42爱好者","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=NicTy1CDqeHsgzbZEIUU2wg&s=640","url": "https://potat0.cc/"},{"id": "Summer","intro": "20级 / 歪脖手 / 想学运维 / 发呆业务爱好者","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=4y6zxTBSB3cbseeyPvQWng&s=640","url": "https://blog.m1dsummer.top"},{"id": "chuj","intro": "20级 / 已退休不再参与大多数赛事 / 不好好学习,生活中就会多出许多魔法和奇迹","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=aM4tJSQSxB5gcauIMDEtUg&s=640","url": "https://cjovi.icu"},{"id": "4nsw3r","intro": "20级会长 / re / 不会pwn","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=j3LOiav9IluKSYg1VEibblZw&s=640","url": "https://4nsw3r.top/"},{"id": "4ctue","intro": "20级 / 可能是IOT的MISC手 / 可能是美工 / 废物晚期","avatar":  ("../../images/avatar/4ctue.jpg"),"url": "#"},{"id": "0wl","intro": "20级 / Re手 / 菜","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=06FRYslcuprt59OxibicdhqQ&s=640","url": "https://0wl-alt.github.io"},{"id": "At0m","intro": "20级 / web / 想学iot","avatar":  ("../../images/avatar/at0m.png"),"url": "https://homeboyc.cn/"},{"id": "ChenMoFeiJin","intro": "20级 / Crypto / 摸鱼学代师","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=5xyCaLib3lovjrUzf5pWxDQ&s=640","url": "https://chenmofeijin.top"},{"id": "Klrin","intro": "20级 / WEB / 菜的抠脚 / 想学GO","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=nnzEWNwxMS88jKYre5fOjg&s=640","url": "https://blog.mjclouds.com/"},{"id": "ek1ng","intro": "20级 / Web / 还在努力","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=pJFuHEqNaFk1If1STvRibWw&s=640","url": "https://ek1ng.com"},{"id": "latt1ce","intro": "20级 / Crypto&BlockChain / Plz V me 50 eth","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=EmPiaz7Msgg7iaia9tibibjdUyw&s=640","url": "https://lee-tc.github.io/"},{"id": "Ac4ae0","intro": "*级 / 被拐卖来接盘的格子 / 不可以乱涂乱画哦","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=EI7A02PYs5WUVFP2bciad8w&s=640","url": "https://twitter.com/LAttic1ng"},{"id": "Akira","intro": "19级 / 不会web / 半吊子运维 / 今天您漏油了吗","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=ku1vqyI1hLJr61PGIlic7Ow&s=640","url": "https://4kr.top"},{"id": "qz","intro": "19级 / 摸鱼美工 / 学习图形学、渲染ing","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=q5qVDcvyzxee4qiays52mibA&s=640","url": "https://fl0.top/"},{"id": "Liki4","intro": "19级 / 脖子笔直歪脖手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=E3j3BJrsAfyl1arfnFKufQ&s=640","url": "https://github.com/Liki4"},{"id": "0x4qE","intro": "19级 / &lt;/p&gt;&lt;p&gt;Web","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=K7icYial1VVzlNl7hrD9MlNw&s=640","url": "https://github.com/0x4qE"},{"id": "xi4oyu","intro": "19级 / 骨瘦如柴的胖手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=JfeMY6Lz5ZU4GmtTV85otQ&s=640","url": "https://www.xi4oyu.top/"},{"id": "R3n0","intro": "19级 / bin底层选手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=icY08gnMlXtoYIJ9ib3eJQ2g&s=640","url": "https://r3n0.top"},{"id": "m140","intro": "19级 / 不会re / dl萌新 / 太弱小了,没有力量 / 想学游戏","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=zt0iccbnGuV8dOpXIYrJgvg&s=640","url": "#"},{"id": "Mezone","intro": "19级 / 普通的binary爱好者。","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=rDD29iahzzg8AvQX7fdbFPg&s=640","url": "#"},{"id": "d1gg12","intro": "19级 / 游戏开发 / 🐟粉","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=icawQKtjLcRiaj7scTRBZ9Qw&s=640","url": "https://d1g.club"},{"id": "Trotsky","intro": "19级 / 半个全栈 / 安卓摸🐟 / P 社玩家 / 🍆粉","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=LiasEshjTXTrNzJjPHVY3Vw&s=640","url": "https://altonhe.github.io/"},{"id": "Gamison","intro": "19级 / 挖坑不填的web选手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=0VaAu2go9mvrMXu1ibmKy1g&s=640","url": "http://aw.gamison.top"},{"id": "Tinmix","intro": "19级会长 / DL爱好者 / web苦手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=L2EclrAltb7lk3LBPY6oWA&s=640","url": "http://poi.ac"},{"id": "RT","intro": "19级 / Re手,我手呢?","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=p1TD1qwKfEK8NZExRDqic1A&s=640","url": "https://wr-web.github.io"},{"id": "wenzhuan","intro": "18 级 / 完全不会安全 / 一个做设计的鸽子美工 / 天天画表情包","avatar":  ("../../images/avatar/wenzhuan.jpg"),"url": "https://wzyxv1n.top/"},{"id": "Cosmos","intro": "18级 / 莫得灵魂的开发 / 茄粉 / 作豚 /  米厨","avatar":  ("../../images/avatar/cosmos.jpg"),"url": "https://cosmos.red"},{"id": "Y","intro": "18 级 / Bin / Win / 电竞缺乏视力 / 开发太菜 / 只会 C / CSGO 白给选手","avatar":  ("../../images/avatar/Y.jpg"),"url": "https://blog.xyzz.ml:444/"},{"id": "Annevi","intro": "18级 / 会点开发的退休web手 / 想学挖洞 / 混吃等死","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=WN9x96MpjSJ3Gc7a3SHtDw&s=640","url": "https://annevi.cn"},{"id": "logong","intro": "18 级 / 求大佬带我IoT入门 / web太难了只能做做misc维持生计 / 摸🐟","avatar":  ("../../images/avatar/logong.jpg"),"url": "http://logong.vip"},{"id": "Kevin","intro": "18 级 / Web / 车万","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=jaXAqywDMbia39e4OfGXicPQ&s=640","url": "https://harmless.blue/"},{"id": "LurkNoi","intro": "18级 / 会一丢丢crypto / 摸鱼","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=CLTlN5QPS3aI60icIoxGmdQ&s=640","url": "#"},{"id": "幼稚园","intro": "18级会长 / 二进制安全 /  干拉","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=G2o7mX9RCTkiaCHeEiaJLBwA&s=640","url": "https://danisjiang.com"},{"id": "lostflower","intro": "18级 / 游戏引擎开发 / 尚有梦想的game maker","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=eQHtN69C2tgM8Ul8PmtTKw&s=640","url": "https://r000setta.github.io"},{"id": "Roc826","intro": "18 级 / Web 底层选手","avatar":  ("../../images/avatar/Roc826.jpg"),"url": "http://www.roc826.cn/"},{"id": "Seadom","intro": "18 级 / Web / 真·菜到超乎想象 / 拼死学(mo)习(yu)中","avatar":  ("../../images/avatar/seadom.png"),"url": "#"},{"id": "ObjectNotFound","intro": "18级 / 懂点Web & Misc / 懂点运维 / 正在懂游戏引擎 / 我们联合!","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=yQnkF86Uy6UkZrZmFYLL4g&s=640","url": "https://www.zhouweitong.site"},{"id": "Moesang","intro": "18 级 / 不擅长 Web / 擅长摸鱼 / 摸鱼!","avatar":  ("../../images/avatar/Moesang.png"),"url": "https://blog.wz22.cc"},{"id": "E99p1ant","intro": "18级 / 囊地鼠饲养员 / 写了一个叫 Cardinal 的平台","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=AJQ9RJRCavhSibMZtRq2JOQ&s=640","url": "https://github.red/"},{"id": "Michael","intro": "18 级 / Java / 会除我佬","avatar":  ("../../images/avatar/Michael.jpg"),"url": "http://michaelsblog.top/"},{"id": "matrixtang","intro": "18级 / 编译器工程师( 伪 / 半吊子PL- 静态分析方向","avatar":  ("../../images/avatar/MATRIX.jpg"),"url": "#"},{"id": "r4u","intro": "18级 / 不可以摸🐠哦","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=rJCqQv1EzicpDW77nMa5bYw&s=640","url": "http://r4u.top/"},{"id": "357","intro": "18级 / 并不会web / 端茶送水选手","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=POaV9Y85NiaUcibaETEKTpfw&s=640","url": "#"},{"id": "Li4n0","intro": "17 级 / Web 安全爱好者 / 半个程序员 / 没有女朋友","avatar":  ("../../images/avatar/li4no.jpg"),"url": "https://blog.0e1.top"},{"id": "迟原静","intro": "17级 / Focus on Java Security","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=xyVPFvQ2dWReoBiahd7naSw&s=640","url": "#"},{"id": "Ch1p","intro": "17 级 / 自称 Bin 手实际啥都不会 / 二次元安全","avatar":  ("../../images/avatar/Chip.jpg"),"url": "http://ch1p.top"},{"id": "f1rry","intro": "17 级 / Web","avatar":  ("../../images/avatar/f1rry.png"),"url": "#"},{"id": "mian","intro": "17 级 / 业余开发 / 专业摸鱼","avatar":  ("../../images/avatar/mian.jpg"),"url": "https://www.intmian.com"},{"id": "ACce1er4t0r","intro": "17级 / 摸鱼ctfer / 依旧在尝试入门bin / 菜鸡研究生+1","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=gRBlwiawx1lF4UkPKh4Liczg&s=640","url": "#"},{"id": "MiGo","intro": "17级 / 二战人 / 老二次元 / 兴趣驱动生活","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=XzZggL7hDeicLXb2FSic6sfg&s=640","url": "https://migoooo.github.io/"},{"id": "BrownFly","intro": "17级 / RedTeamer / 字节跳动安全工程师","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=EnNslsFelj9HibuKoNHwmyg&s=640","url": "https://brownfly.github.io"},{"id": "Aris","intro": "17级/ Key厨 / 腾讯玄武倒水的","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=anjeaJmx1X79Yp1DNxWrRA&s=640","url": "https://blog.ar1s.top"},{"id": "hsiaoxychen","intro": "17级 / 游戏厂打工仔 / 来深圳找我快活","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=YGiaicyZ3NkWfOoGOlLPWvAw&s=640","url": "https://chenxy.me"},{"id": "Lou00","intro": "17级 / web / 东南读研","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=fdAMuUicvOObMv3eZC8y0Ew&s=640","url": "https://blog.lou00.top"},{"id": "Junier","intro": "16 级 / 立志学术的统计er / R / 为楼上的脱单事业做出了贡献","avatar":  ("../../images/avatar/Junier.jpg"),"url": "#"},{"id": "bigmud","intro": "16 级会长 / Web 后端 / 会一点点 Web 安全 / 会一丢丢二进制","avatar":  ("../../images/avatar/bigmud.jpg"),"url": "#"},{"id": "NeverMoes","intro": "16 级 / Java 福娃 / 上班 996 / 下班 669","avatar":  ("../../images/avatar/nervermoes.jpg"),"url": "#"},{"id": "Sora","intro": "16 级 / Web Developer","avatar":  ("../../images/avatar/Sora.jpg"),"url": "https://github.com/Last-Order"},{"id": "fantasyqt","intro": "16 级 / 可能会运维 / 摸鱼选手","avatar":  ("../../images/avatar/fantasyqt.jpg"),"url": "http://0x2f.xyz"},{"id": "vvv_347","intro": "16 级 / Rev / Windows / Freelancer","avatar":  ("../../images/avatar/vvv_347.png"),"url": "https://vvv-347.space"},{"id": "veritas501","intro": "16 级 / Bin / 被迫研狗","avatar":  ("../../images/avatar/veritas501.jpeg"),"url": "https://veritas501.space"},{"id": "LuckyCat","intro": "16 级 / Web 🐱 / 现于长亭科技实习","avatar":  ("../../images/avatar/princessprincepal.jpg"),"url": "https://jianshu.com/u/ad5c1e097b84"},{"id": "Ash","intro": "16 级 / Java 开发攻城狮 / 996 选手 / 濒临猝死","avatar":  ("../../images/avatar/ash.jpg"),"url": "#"},{"id": "Cyris","intro": "16 级 / Web 前端 / 美工 / 阿里云搬砖","avatar": "https://cdn.jsdelivr.net/npm/cyris/images/avatar.png","url": "https://cyris.moe/"},{"id": "Acaleph","intro": "16 级 / Web 前端 / 水母一小只 / 程序员鼓励师 / Cy 来组饥荒!","avatar":  ("../../images/avatar/Acaleph.jpg"),"url": "#"},{"id": "b0lv42","intro": "16级 / 大果子 / 毕业1年仍在寻找vidar娘接盘侠","avatar":  ("../../images/avatar/b0lv42.jpg"),"url": "https://b0lv42.github.io/"},{"id": "ngc7293","intro": "16 级 / 蟒蛇饲养员 / 高数小王子","avatar":  ("../../images/avatar/ngc7293.jpg"),"url": "https://ngc7292.github.io/"},{"id": "ckj123","intro": "16 级 / Web / 菜鸡第一人","avatar":  ("../../images/avatar/ckj123.jpg"),"url": "https://www.ckj123.com"},{"id": "cru5h","intro": "16级 / 前web手、现pwn手 / 菜鸡研究生 / scu","avatar": "https://thirdqq.qlogo.cn/g?b=sdk&k=5kpiaPnLZ1cWrp0G8O4qHDg&s=640","url": "#"},{"id": "xiaoyao52110","intro": "16 级 / Bin 打杂 / 他们说菜都是假的,我是真的","avatar":  ("../../images/avatar/xiaoyao52110.jpg"),"url": "#"},{"id": "Undefinedv","intro": "15 级网安协会会长 / Web 安全","avatar":  ("../../images/avatar/undefinedv.jpg"),"url": "#"},{"id": "Spine","intro": "逆向 / 二进制安全","avatar":  ("../../images/avatar/spine.jpg"),"url": "#"},{"id": "Tata","intro": "二进制 CGC 入门水准 / 半吊子爬虫与反爬虫","avatar":  ("../../images/avatar/tata.jpg"),"url": "#"},{"id": "Airbasic","intro": "Web 安全 / 长亭科技安服部门 / TSRC 2015 年年度英雄榜第八、2016 年年度英雄榜第十三","avatar":  ("../../images/avatar/airbasic.jpg"),"url": "#"},{"id": "jibo","intro": "15 级 / 什么都不会的开发 / 打什么都菜","avatar":  ("../../images/avatar/jibo.jpg"),"url": "#"},{"id": "Processor","intro": "15 级 Vidar 会长 / 送分型逆向选手 / 13 段剑纯 / 差点没毕业 / 阿斯巴甜有点甜","avatar":  ("../../images/avatar/Processor.jpeg"),"url": "https://processor.pub/"},{"id": "HeartSky","intro": "15 级 / 挖不到洞 / 打不动 CTF / 内网渗透不了 / 工具写不出","avatar":  ("../../images/avatar/heartsky.jpg"),"url": "http://heartsky.info"},{"id": "Minygd","intro": "15 级 / 删库跑路熟练工 / 没事儿拍个照 / 企鹅","avatar":  ("../../images/avatar/mingy.jpg"),"url": "#"},{"id": "Yotubird","intro": "15 级 / 已入 Python 神教","avatar":  ("../../images/avatar/Yotubird.png"),"url": "#"},{"id": "c014","intro": "15 级 / Web 🐶 / 汪汪汪","avatar":  ("../../images/avatar/c014.png"),"url": "#"},{"id": "Explorer","intro": "14 级 HDUISA 会长 / 二进制安全 / 曾被 NULL、TD、蓝莲花等拉去凑人数 / 差点没毕业 / 长亭安研","avatar":  ("../../images/avatar/Explorer.jpg"),"url": "#"},{"id": "Aklis","intro": "14 级 HDUISA 副会长 / 二次元 / 拼多多安全工程师","avatar":  ("../../images/avatar/aklis.jpg"),"url": "#"},{"id": "Sysorem","intro": "14 级网安协会会长 / HDUISA 成员 / Web 安全 / Freebuf 安全社区特约作者 / FSI2015Freebuf 特邀嘉宾","avatar":  ("../../images/avatar/sysorem.jpg"),"url": "#"},{"id": "Hcamael","intro": "13 级 / 知道创宇 404 安全研究员 / 现在 Nu1L 划划水 / IoT、Web、二进制漏洞,密码学,区块链都看得懂一点,但啥也不会","avatar":  ("../../images/avatar/hcamael.jpg"),"url": "#"},{"id": "LoRexxar","intro": "14 级 / Web 🐶 / 杭电江流儿 / 自走棋主教守门员","avatar":  ("../../images/avatar/lorexxar.jpg"),"url": "https://lorexxar.cn/"},{"id": "A1ex","intro": "14 级网安协会副会长 / Web 安全","avatar":  ("../../images/avatar/alex.jpg"),"url": "#"},{"id": "Ahlaman","intro": "14 级网安协会副会长 / 无线安全","avatar":  ("../../images/avatar/ahlaman.jpg"),"url": "#"},{"id": "lightless","intro": "Web 安全 / 安全工程师 / 半吊子开发 / 半吊子安全研究","avatar":  ("../../images/avatar/lightless.jpg"),"url": "https://lightless.me/"},{"id": "Edward_L","intro": "13 级 HDUISA 会长 / Web 安全 / 华为安全部门 / 二进制安全,fuzz,符号执行方向研究","avatar":  ("../../images/avatar/edward_L.jpg"),"url": "#"},{"id": "逆风","intro": "13 级菜鸡 / 大数据打杂","avatar":  ("../../images/avatar/deadwind4.jpeg"),"url": "https://github.com/deadwind4"},{"id": "陈斩仙","intro": "什么都不会 / 咸鱼研究生 / <del>安恒</del>、<del>长亭</del> / SJTU","avatar":  ("../../images/avatar/chenzhanxian.jpg"),"url": "https://mxgcccc4.github.io/"},{"id": "Eric","intro": "渗透 / 人工智能 / 北师大博士在读","avatar":  ("../../images/avatar/eric.jpg"),"url": "https://3riccc.github.io"}
]
se = requests.session() #存储session
for i in range(100):  #循环score = "http://week-1.hgame.lwsec.cn:31903/api/getScore"question = 'http://week-1.hgame.lwsec.cn:31903/api/getQuestion'verifyanswer = "http://week-1.hgame.lwsec.cn:31903/api/verifyAnswer"r1 = se.get(score) 
#获取分数及判断返回flag时中断循环if "hgame{" in r1.text:print(r1.json()["message"])breakelse:
#循环遍历信息表并且发送id验证r2 = se.get(question)#获取题目data1 = r2.json() #返回json格式find=data1["message"] #获取题目
#遍历字典for j in answer:if find in j.values(): #找到字典中的元素id = j["id"] #获取对应的idbreak
#发包data = {"id":id} #idr3 = se.post(verifyanswer,data=data)if "Correct answer!" in r3.text: #回答正确时会返回Correct answer!字样print(f"第{i+1}次回答正确")

hgame{Guess_who_i_am^Happy_Crawler} 

crypto

RSA

直接丢factordb分解就行了

from Crypto.Util.number import *
import gmpy2
e = 65537
c=110674792674017748243232351185896019660434718342001686906527789876264976328686134101972125493938434992787002915562500475480693297360867681000092725583284616353543422388489208114545007138606543678040798651836027433383282177081034151589935024292017207209056829250152219183518400364871109559825679273502274955582
n=135127138348299757374196447062640858416920350098320099993115949719051354213545596643216739555453946196078110834726375475981791223069451364024181952818056802089567064926510294124594174478123216516600368334763849206942942824711531334239106807454086389211139153023662266125937481669520771879355089997671125020789
p=11239134987804993586763559028187245057652550219515201768644770733869088185320740938450178816138394844329723311433549899499795775655921261664087997097294813
q=12022912661420941592569751731802639375088427463430162252113082619617837010913002515450223656942836378041122163833359097910935638423464006252814266959128953phi=(q-1)*(p-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
#b'hgame{factordb.com_is_strong!}'

神秘的电话

txt解base64得到信息

另外一个文件是莫斯的音频

音频morse:

1.手敲

----- ..--- ..--- ...-- . ..--.- .--. .-. .. .. -... .-.. -.-- ..--.- ..--.- .... --- -. .-- .- ..--.- .--- -- --. .... ..--.- ..-. --. -.- -.-. --.- .- --- --.- - -- ..-. .-.

只有倒着翻过十八层的篱笆才能抵达北欧神话的终点

猜测要逆序输出然后栅栏,西欧神话的终点是Vidar,杭电校队,解维吉尼亚

写个python转小写

a="WELCOME_TO_HGAME2023_AND_ENJOY_HACKING"
l=a.lower()
print("hgame{"+l+"}")
#hgame{welcome_to_hgame2023_and_enjoy_hacking}

2.工具解morse:

kali:apt install morse2ascii      安装

使用:morse2ascii xxx.wav

misc

e99p1ant_want_girlfriend

png长宽高一把嗦

Sign In

神秘的海报

lsb:

导出数据:

Sure enough, you still remember what we talked about at that time! This is part of the secret: `hgame{U_ Kn0w_LSB&W`.

I put the rest of the content here, https://drive.google.com/file/d/13kBos3Ixlfwkf3e0z0kJTEqBxm7RUk-G/view?usp=sharing,

if you directly access the google drive cloud disk download in China, it will be very slow, you can try to use Scientific Internet access solves the problem of slow or inaccessible access to external network resources.

This is my favorite music, there is another part of the secret in the music, I use Steghide to encrypt, the password is also the 6-digit password we agreed at the time, even if someone else finds out here, it should not be so easy to crack ( ( hope so

谷歌网盘下载一个音频,是一个音乐

Steghide 隐写,密钥为6位,试了一波弱密码 123456

爆破密码:Steghide使用教程及其密码爆破_Blood_Seeker的博客-CSDN博客_steghide

steghide extract -sf 6.wav -p 123456     //这里我把文件重命名了

hgame{U_Kn0w_LSB&Wav^Mp3_Stego}

Where am I

兔兔回家之前去了一个神秘的地方,并拍了张照上传到网盘,你知道他去了哪里吗? flag格式为: hgame{经度时_经度分_经度秒_东经(E)/西经(W)_纬度时_纬度分_纬度秒_南纬(S)/北纬(N)},秒精确到小数点后两位 例如: 11°22'33.99''E, 44°55'11.00''S 表示为 hgame{11_22_3399_E_44_55_1100_S}

看到题目上传网盘,流量包直接找http流

果不其然有upload

导出流量包http流

直接foremost分离出来一个rar

里面有一张图片。rar伪加密,010改第24个字节为00

解压出来一个图片,黑呼呼的

直接看exif信息

交了半天flag不对0.0.0..................................居然要4舍5入.....666666.....真不错

hgame{116_24_1488_E_39_54_5418_N}

Reverse

test your IDA

IDA打开就有flag

easyasm

chatgpt一步到位(ai直接给我解密脚本跑出来就是flag)

def dec(s):result = ""for c in s:result += chr(ord(c) ^ 0x33)return result# 将字符串中的十六进制数字转化为 ASCII 码
encrypted_str = "0x5b,0x54,0x52,0x5e,0x56,0x48,0x44,0x56,0x5f,0x50,0x3,0x5e,0x56,0x6c,0x47,0x3,0x6c,0x41,0x56,0x6c,0x44,0x5c,0x41,0x2,0x57,0x12,0x4e"
encrypted_str = "".join([chr(int(x, 16)) for x in encrypted_str.split(",")])print(dec(encrypted_str))
#hgame{welc0me_t0_re_wor1d!}

Pwn

test_nc

每日emo:

似花还似非花,也无人惜从教坠。—— 苏轼《水龙吟次韵章质夫杨花词》。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/16446.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

嘉宾阵容公布,开源社邀请您参加 Impact Tech, She Can 2023

嘉宾阵容公布,开源社邀请您参加 Impact Tech, She Can 2023

2023 年&#xff0c;在三八妇女节来临之际&#xff0c;Jina AI 联合将门创投、OpenMMLab、亚马逊云科技、稀土掘金、开源中国、CSDN等 14 家科技行业伙伴&#xff0c;发起了第二届「Impact Tech, She Can」线上对话。 、 活动信息 通过 2 场圆桌对话、1 场技术分享&#xff0c;…
阅读更多...
在线环境 - 免费的文生图接口部署(实现文本到图像生成)

在线环境 - 免费的文生图接口部署(实现文本到图像生成)

地址Text-to-Image Synthesishttps://project-iprj64b657264549ab788a4e41d1-8000.preview.node01.inscode.run/声明 正在尝试更换其他模型&#xff0c;基于达摩院通义文生图大模型ai_artist目前在效果上有待优化&#xff0c;先下线&#xff0c;后面升级再上。 前言 "文生…
阅读更多...
VALSE 2023 无锡线下参会个人总结 6月11日-2

VALSE 2023 无锡线下参会个人总结 6月11日-2

VALSE 2023 无锡线下参会个人总结 6月11日-2 6月11日会议日程安排Workshop&#xff1a;目标检测与分割程明明&#xff1a;粒度自适应的图像感知技术张兆翔&#xff1a;基于多传感器融合的视觉物体检测与分割 Workshop&#xff1a;ChatGPT与计算机视觉白翔&#xff1a;再谈ChatG…
阅读更多...
人脸属性分析--性别、年龄和表情识别

人脸属性分析--性别、年龄和表情识别

人脸属性指的是根据给定的人脸判断其性别、年龄和表情等&#xff0c;当前在github上开源了一些相关的工作&#xff0c;大部分都是基于tensorflow的&#xff0c;还有一部分是keras&#xff0c;CVPR2015曾有一篇是用caffe做的. CSDN 从0到1实现基于Tornado和Tensorflow的人脸、…
阅读更多...
诸葛智能CTO文革:以自助式数据分析,帮助企业释放业务价值丨数据猿专访

诸葛智能CTO文革:以自助式数据分析,帮助企业释放业务价值丨数据猿专访

‍数据智能产业创新服务媒体 ——聚焦数智 改变商业 进入数字经济时代&#xff0c;无论是数字产业化还是产业数字化的推进&#xff0c;数据分析都是整个链条的关键环节。尤其是在各个行业的数字化转型升级过程中&#xff0c;以数据分析释放业务价值&#xff0c;扮演至关重要的…
阅读更多...
python详解(5)——类,类,还是类

python详解(5)——类,类,还是类

目录 &#x1f3c6;一、前言 &#x1f3c6;二、类 &#x1f6a9;1、面向对象到底是什么 &#x1f6a9;2、数据成员and访问&#xff0c;汉堡店大升级&#xff08;超难&#xff09; &#x1f44d;①、类变量&#xff08;超难&#xff09; &#x1f44d;②、实例变量 &#x1f6a9…
阅读更多...
数字孪生“独木难支”产业元宇宙

数字孪生“独木难支”产业元宇宙

ChatGPT的耀眼光环下&#xff0c;还有多少人记得大明湖畔的“元宇宙”呢&#xff1f;科技圈凉薄如斯啊&#xff01; 元宇宙概念大火之后&#xff0c;很快出现了各种“XX元宇宙”的产业级解决方案。 工业元宇宙&#xff0c;构建智能数字孪生体&#xff0c;实现生产运行可视化、数…
阅读更多...
【探索 Kubernetes|作业管理篇 系列 7】探究 Pod 有什么用,为什么需要它

【探索 Kubernetes|作业管理篇 系列 7】探究 Pod 有什么用,为什么需要它

前言 大家好&#xff0c;我是秋意零。 前一篇&#xff0c;我们介绍了如何从 0 到 1 搭建 Kubernetes 集群。现在我们可以正式了解&#xff0c;Kubernetes 核心特征了。 今天我们来探究 Pod&#xff0c;为什么需要 Pod&#xff1f; &#x1f47f; 简介 &#x1f3e0; 个人主页…
阅读更多...
从零开始的steam独立游戏独自一人的开发生活

从零开始的steam独立游戏独自一人的开发生活

从零开始的steam游戏开发日志&#xff08;鼓励自己不停更&#xff09; 自己一个人做游戏自己做策划、美术、程序&#xff0c;会把一些涉及到的关键技术发到CSDN作为自己的博客记录&#xff0c;也算是一些积累&#xff0c;鼓励自己不停更。PS&#xff1a;自己一个人搞开发真的很…
阅读更多...
语音合成概述

语音合成概述

一、语音合成概述 语音合成&#xff0c;又称文语转换(Text To Speech, TTS)&#xff0c;是一种可以将任意输入文本转换成相应语音的技术。 传统的语音合成系统通常包括前端和后端两个模块。前端模块主要是对输入文本进行分析&#xff0c;提取后端模块所需要的语言学信息&…
阅读更多...
TTS | 语音合成常见数据集及数据格式详情

TTS | 语音合成常见数据集及数据格式详情

link 本文主要是介绍了语音合成中最常见的数据集&#xff08;包含各个语种&#xff09;&#xff0c;及其格式等 外语数据集 1.LJSpeech 网址 &#xff1a; The LJ Speech Dataset (keithito.com) 数据集描述&#xff1a; 数据集大小&#xff1a;2.6GB 这是一个公共领域的语音数…
阅读更多...
语音合成技术入门之Tacotron

语音合成技术入门之Tacotron

语音合成TTS 学习李宏毅课程。 输入文字&#xff0c;输出语音。 端到端之前TTS 18世纪就有&#xff0c;能找到demo的是1939年VODER。 就像电子琴一样&#xff0c;用手控制发出不同声音。 到1960年&#xff0c;IBM计算机能合成出歌唱声。 波形拼接 过去最常用的商用语音合…
阅读更多...
语音合成技术

语音合成技术

关注52AI&#xff0c;做AI的行业领先者。QQ人工智能行业交流群&#xff1a;626784247. 01 本期分享的主题是语音合成技术&#xff0c;以下是本次分享的主要内容&#xff1a; 1.语音合成技术简介 1.1 什么是语音合成&#xff1f; 语音合成技术是将任意文本转换成语音的技术。是人…
阅读更多...
语音合成技术简介

语音合成技术简介

文章目录 前言一、传统语音合成系统1. 总体框架2. 基于统计参数的语音合成2.1 系统流程图2.2 模型算法 二、端到端的合成语音系统1. 总体框架2. 基于深度学习的语音合成2.1 系统流程图2.2 特征网络模型算法1. Tacotron2. DeepVoice3. DeepVoice24. DeepVoice3 & Tacotron25…
阅读更多...
语音合成 - TTS gTTS

语音合成 - TTS gTTS

目录 1. 简单介绍 2. 代码示例 1. 简单介绍 https://gtts.readthedocs.io/en/latest/https://gtts.readthedocs.io/en/latest/ gTTS 是基于 Python 的文本转语音库&#xff0c;用于语音合成。 2. 代码示例 安装&#xff1a; pip install gTTS Python: from gtts import…
阅读更多...
在线语音合成工具代码

在线语音合成工具代码

语音合成软件语音合成助手免费版下载语音合成助手语音合成技术语音合成器语音合成工具下载语音合成软件哪个好用语音合成软件免费版语音合成网易有道智云语音合成网站 <div class"container mx-auto" id"app"><div class"card lg:card-side …
阅读更多...
VITS 语音合成完全端到端TTS的里程碑

VITS 语音合成完全端到端TTS的里程碑

Conditional Variational Autoencoder with Adversarial Learning for End-to-End Text-to-Speech&#xff08;ICML 2021&#xff09; KAKAO公司与KAIST韩国科学院&#xff0c;近年在TTS领域佳作频出&#xff0c;目前最主流的HiFiGAN声码器也是其成果。 目录 概览&#xff1…
阅读更多...
MS-TTS:免费微软TTS语音合成工具(一键合成导出MP3音频)

MS-TTS:免费微软TTS语音合成工具(一键合成导出MP3音频)

声明 本工具是个免费工具&#xff0c;遇到问题&#xff0c;还请自行解决&#xff0c;下面有文字教程&#xff0c;B站有视频教程&#xff08;链接在文章末尾&#xff09;&#xff1b; 其次&#xff0c;微软接口卡顿&#xff0c;连接超时等问题下方有详细说明&#xff0c;请仔细…
阅读更多...
某团mtgsig逆向学习

某团mtgsig逆向学习

声明&#xff1a;本文仅限学习交流使用&#xff0c;禁止用于非法用途、商业活动等。否则后果自负。如有侵权&#xff0c;请告知删除&#xff0c;谢谢&#xff01;本教程也没有专门针对某个网站而编写&#xff0c;单纯的技术研究 目录 案例分析参数分析效果展示 案例分析 目标案…
阅读更多...
高通量代谢组学四路筛选法,揭秘“神药”二甲双胍延长寿命的机制

高通量代谢组学四路筛选法,揭秘“神药”二甲双胍延长寿命的机制

百趣代谢组学分享—研究背景 目前据统计中国糖尿病患者人数达9700万以上&#xff0c;数量达到世界第一。这其中2型糖尿病占到了90%以上。二甲双胍是目前治疗2型糖尿病的一线“明星”药物&#xff0c;因其较少出现低血糖和体重增加副作用而受到广大患者和医生的青睐。代谢组学文…
阅读更多...
最新文章
推荐文章

Copyright @ 2022~2023