2021 Great Wall Cup _MISC_ "Are you flag cooked"_Reproduction

Direct decompression of "flag.rar" found that there was a password, and the 4-6-bit password exploded unsuccessfully, indicating that the password was obtained from two other PNG pictures. Directly take all pictures out of binwalk and break them down (binwalk-e 1.png), (binwalk-e 2.png) Get a "password.xls" file and a &q ...

Posted by zechdc on Tue, 21 Sep 2021 18:34:07 +0200

ctfshow deserialization

web254 if($user->login($username,$password)){ if($user->checkVip()){ $user->vipOneKeyGetFlag(); } Judge whether the entered username and password are equal to the xxxxxx given by the title. If the verification is successful, it will be given to the flag, so get the parameters directly ?username=xxxxxx&am ...

Posted by backyard on Tue, 14 Sep 2021 21:39:52 +0200