DeadSecCTF2024
最近活动:(续费同价)
2024-7-28
Misc
Welcome
进discord群签到即可
Mic check
就是他说什么就重复什么即可
from pwn import *
context.log_level="debug"
p = remote('34.121.62.108',31646)
for i in range(1, 101):
response = p.recvuntil(b'submit test words > ').decode()
word = response.split('>')[1].split('[')[0].strip()
p.sendline(word.encode())
p.recv()
p.recv()
flag_injection
题目是这样的
from string import ascii_lowercase
from time import sleep
from os import getenv
ALPHABET = set(ascii_lowercase + "_")
SECRET_FLAG = getenv("FLAG", "DEAD{test_flag_which_is_exactly_this_long}")
SECRET_FLAG = SECRET_FLAG.replace("{", "_").replace("}", "_").replace("DEAD","dead")
assert len(SECRET_FLAG) == 42, "Bad flag length"
assert set(SECRET_FLAG).issubset(ALPHABET), "Bad flag chars"
def get_flag():
print(SECRET_FLAG)
def split_flag():
start_offset = int(input("Start of flag substring: "))
end_offset = int(input("End of flag substring: "))
new_flag = SECRET_FLAG[start_offset:end_offset]
assert len(new_flag) >= 13, "Can't have such a small piece"
anything = input("Anything to add? Tell me: ").strip()[:20]
assert set(anything).issubset(ALPHABET), "That's a crazy thing to add!"
new_flag += anything
globals()[new_flag] = ":)"
if __name__ == "__main__":
split_flag()
what_to_do = input("What should I do now? Tell: ")
if not set(what_to_do).issubset(ALPHABET):
print("Plz no hack :(")
else:
# No brute force for you. Test locally instead!
sleep(10)
print(eval(what_to_do))
弄了好一会,在本地都不知道怎么弄,毕竟只能用小写和下划线,没得括号可以用
突然发现会这样,上午在本地测的时候也遇到了,但是没想到