当前位置:网站首页>Part of the second Shanxi Network Security Skills Competition (Enterprise Group) WP (III)
Part of the second Shanxi Network Security Skills Competition (Enterprise Group) WP (III)
2022-07-19 06:39:00 【Dish @ just one word】
Preface
I had the pleasure of attending 2022 The competition of the enterprise group of the second network security skills competition in Shanxi Province , This is the first time to participate ctf match , In order to accumulate practical experience , Even rank 14, It's a little unexpected .
Tips : The following is the main body of this article .
One 、 subject
subject :
Flow analysis questions , I didn't remember the specific title .
The attachment :
Plaintext-TS Attachments to .pcapng
Two 、 The problem solving steps
1. Their thinking
First, I have a general look ,FTP Most packets , see TCP flow , When viewing stream by stream , It is found that there are two successful login , Once for anonymous users , One time for root user , among root Users are constantly tested for passwords .
root After the user logs in , There is data transmission behavior , And that includes flag Content .
2. The problem solving process
Keep probing root User password :
220 (vsFTPd 2.3.4)
USER root
331 Please specify the password.
PASS 12345678
530 Login incorrect.
USER root
331 Please specify the password.
PASS hint:
530 Login incorrect.
USER root
331 Please specify the password.
PASS thomas
530 Login incorrect.
USER root
Login success information :
TCP 18 flow :
220 (vsFTPd 2.3.4)
USER anonymous
331 Please specify the password.
PASS [email protected]
230 Login successful.
PASV
227 Entering Passive Mode (192,168,80,145,241,8).
LIST
150 Here comes the directory listing.
226 Directory send OK.
QUIT
TCP 41 flow :
220 (vsFTPd 2.3.4)
OPTS UTF8 ON
200 Always in UTF8 mode.
USER root
331 Please specify the password.
PASS @_Fa1se
230 Login successful.
PORT 192,168,80,1,118,103
200 PORT command successful. Consider using PASV.
NLST
150 Here comes the directory listing.
226 Directory send OK.
PORT 192,168,80,1,118,104
200 PORT command successful. Consider using PASV.
RETR flag.zip
150 Opening BINARY mode data connection for flag.zip (192 bytes).
226 Transfer complete.
PORT 192,168,80,1,118,105
200 PORT command successful. Consider using PASV.
RETR pass.txt
150 Opening BINARY mode data connection for pass.txt (774 bytes).
226 Transfer complete.
QUIT
221 Goodbye.
You can see , Two files were transferred ,flag.zip and pass.txt.
TCP 43 Flow to flag.zip data , Save it locally as original data , Prompt for password when opening .
TCP 44 Flow to pass.txt Content , Is shown as :
446966666572656E74204D6F727365EFBC9A5C2D2E2E2E2D2E2E2D2D2D2D2E2E2E2D2D5C2E2D2E2D2E2E2D2D2D2E2E2E2D2E2D2D5C2E2D2E2D2D2E2D2D2D2D2E2E2E2D2D2E5C2E2D2D2D2D2E2E2E2E2E2E2E2E2E2E2D5C2E2D2E2D2D2D2D2E2E2D2D2D2E2D2D2E5C2E2D2E2E2D2D2D2E2E2E2E2E2D2D2E2D5C2E2D2E2D2E2D2D2D2E2E2D2E2D2E2E2E5C2D2E2E2E2D2D2D2D2D2D2E2D2D2E2E2D5C2D2E2E2D2E2E2E2D2D2D2E2E2D2D2E2E5C2D2D2D2D2D2D2D2D2E2E2E2E2D2D2E2E5C2E2D2E2E2D2D2D2E2E2E2E2E2D2D2E2D5C2E2D2E2D2D2E2E2D2D2E2E2E2E2E2D2E5C2D2E2E2E2D2E2D2D2D2D2E2D2E2D2E2D5C2D2E2E2E2D2E2D2D2D2D2E2D2E2D2E2D5C2E2E2D2E5C2D5C2E2D2D2E5C2E2D2D2E2E2D2D2D2E2E2E2E2D2D2E2D5C2E2D2E2D2E2E2D2E2D2E2D2E2E2E2E2D5C2E2D2E2D2E2D2D2E2E2D2D2E2D2E2E2E5C2E2D2D2D2E2D2D2E2D2E2E2E2E2D2E2E5C2E2D2E2D2D2E2D2D2D2D2E2E2E2D2D2E5C2E2D2D2D2D2E2E2E2E2E2E2E2E2E2E2D5C2D2D2D2D2D2D2D2D2E2E2E2D2D2D2D2D
Put it HEX Decode and get :
Different Morse:\-...-..----...--\.-.-..---...-.--\.-.--.----...--.\.----..........-\.-.----..---.--.\.-..---.....--.-\.-.-.---..-.-...\-...------.--..-\-..-...---..--..\--------....--..\.-..---.....--.-\.-.--..--.....-.\-...-.----.-.-.-\-...-.----.-.-.-\..-.\-\.--.\.--..---....--.-\.-.-..-.-.-....-\.-.-.--..--.-...\.---.--.-....-..\.-.--.----...--.\.----..........-\--------...-----
Morse decode :
The decompression password is not here , Why don't you try FTP The password of the server ?
According to the prompt , The password for [email protected] or @_Fa1se
After testing , The password for @_Fa1se.
Unpack and get flag
flag{5658b3cc5f625339f207b7547ba5e6c3}3、 ... and 、 summary
The game has been solved , But some links were skipped , Password is required in the compressed package , First of all, I thought of the first two FTP password , Use it directly @_Fa1se Unpack and get flag.
Writing WP when , Seriously pass.txt Content , Only then did I know that there was HEX and Morse Decoding steps .
边栏推荐
猜你喜欢
吴恩达机器学习第1-2章
![[force buckle] bracket matching](/img/0d/8290cee0601c106e0ebbffb77d83ab.png)
[force buckle] bracket matching
Restapi implements aggregation (dark horse tutorial)
通過VOR深度估計解决三維注視交互中的目標模糊問題
SalGaze:使用视觉显著性的个性化注视估计
《PyTorch深度学习实践》-B站 刘二大人-day3
基于运动和视觉突出性的自我视频中的注意预测
EOG-based eye movement detection and gaze estimation for an asynchronous virtual keyboard基于EOG的异步虚
通过VOR深度估计解决三维注视交互中的目标模糊问题
Cygwin cooperates with listary to switch the current directory and quickly open it
随机推荐
Positional Change of the Eyeball During Eye Movements: Evidence of Translatory Movement眼球运动过程中眼球的位
Markdown syntax and common shortcuts
斑点检测 记录
ACWing每日一题.3511
Leetcode string
C language calls the file browser to realize the effect of selecting files
DSL implements metrics aggregation
Operation of documents in index library
Experiment 5: Gui
Eye tracking in virtual reality
Solution: unable to load file c:\program files\ Because running scripts is forbidden on this system
颜色直方图 灰度图&彩色图
Internship written examination answers
吴恩达机器学习第3-4章
实验二 类与对象定义初始化
Attention prediction in self video based on motion and visual prominence
Volatile function of embedded C language
你见过的最差的程序员是怎样的?
Using VOR depth estimation to solve the problem of target ambiguity in three-dimensional gaze interaction
Color histogram grayscale image & color image