first commit

Author: le31ei

.DS_Store

@@ -0,0 +1,67 @@
+# CTF培训题目集合
+
+**这些题目均是在前安服工作时候积累的培训题目，做成了docker环境，可以直接使用`docker-compose up -d`启动题目，部分题目可能未完善，存在bug。目前的工作不再做一线安服了，就把题目开源，给还战斗在一线的安服兄弟们一个参考。如果有侵权，联系我删除。**
+
+
+
+题目名称| 分类 | 难度 | 维护人
+-|-|-|-|
+[签到题](misc/MISC0/)| 杂项| 🌟 | le31ei
+[头等舱](web/toudengcang)| web | 🌟 |le31ei
+[代码审计](web/codeaudit1) | web | 🌟 |le31ei
+[胖虎](web/panghu) | web | 🌟🌟🌟🌟🌟 | le31ei
+[这是什么](crypto/zheshishenme)| 加密解密 | 🌟 | le31ei
+[php反序列化-1](web/unserialize-1)| web| 🌟🌟| le31ei
+[php反序列化-2](web/unserialize-2)| web| 🌟🌟| le31ei
+[文件包含-1](web/safe_include)| web| 🌟🌟|le31ei
+[找到证据](misc/findpass)| misc | 🌟 | le31ei
+[解压缩](misc/depress)| misc| 🌟 | le31ei
+[恢复文件](misc/backfile) | misc | 🌟 | le31ei
+[找到证据2](misc/findpass2) | misc | 🌟🌟 | le31ei
+[简单js](web/js_hell_1)| web | 🌟 | le31ei
+[简单js-2](web/js_hell_2) | web | 🌟 | le31ei
+[CISCN 2019 华东北 Web2](web/CISCN_2019_northeastern_China_web2) | web | 🌟🌟🌟🌟🌟| le31ei
+[CISCN2019 华东南赛区 Web11](web/CISCN_2019_southwestern_China_web11) | web | 🌟🌟🌟🌟🌟| le31ei
+[CISCN 2019 华东南  Double Secret](web/CISCN_2019_southeastern_China_double_secret) | web | 🌟🌟🌟🌟🌟| le31ei
+[CISCN2019 华东南赛区 Web4](web/CISCN_2019_southeastern_China_web4) | web | 🌟🌟🌟🌟| le31ei
+[文件包含](web/upload_include) | web | 🌟🌟🌟🌟 | le31ei
+[变量覆盖](web/phpBestLanguage) | web | 🌟 | SiJiDo
+[url绕过](web/curl) | web | 🌟 | SiJiDo
+[xff伪造](web/xff) | web | 🌟 | SiJiDo
+[url编码双写](web/urlencode) | web | 🌟 | SiJiDo
+[文件包含与文件上传结合](web/upload_include2) | web | 🌟🌟 | SiJiDo
+[sql盲注](web/sqliBlind) | web | 🌟🌟 | SiJiDo
+[多次解码](Crypto/Crypto1) | Crypto | 🌟 | SiJiDo
+[凯撒密码](Crypto/Crypto2) | Crypto | 🌟 | SiJiDo
+[栅栏密码](Crypto/Crypto3) | Crypto | 🌟 | SiJiDo
+[RSA基础](Crypto/Crypto4) | Crypto | 🌟🌟 | SiJiDo
+[剧情大反转](misc/MISC1) | misc | 🌟🌟 | SiJiDo
+[流量分析](misc/MISC2) | misc | 🌟 | SiJiDo
+[五彩斑斓的青春](misc/MISC3) | misc | 🌟 | SiJiDo
+[FindMe](misc/MISC4) | misc | 🌟🌟🌟🌟 | SiJiDo
+[Reverse1](reverse/reverse1) | reverse | 🌟🌟 | SiJiDo
+[Crackme-ok](reverse/reverse2) | reverse | 🌟🌟🌟 | SiJiDo
+[Reverse](reverse/reverse3) | reverse | 🌟🌟 | SiJiDo
+[难](reverse/reverse4) | reverse | 🌟🌟🌟🌟 | SiJiDo
+[百度搜索](web/web_ssrf) | web | 🌟 | SiJiDo
+[php特性](web/web_php) | web | 🌟 | SiJiDo
+[php反序列化基础](web/web_ser1) | web | 🌟 | SiJiDo
+[php反序列化2](web/web_ser2) | web | 🌟🌟 | SiJiDo
+[php反序列化3](web/web_ser3) | web | 🌟🌟🌟 | SiJiDo
+[最最最简单的sql注入](web/web_sql1) | web | 🌟 | SiJiDo
+[文件上传](web/web_upload1) | web | 🌟 | SiJiDo
+[php文件上传与包含再利用](web/web_upload1) | web | 🌟🌟🌟 | SiJiDo
+[XSS基础](web/web_xss) | web | 🌟 | SiJiDo
+[chall](mobile/mobile1) | mobile | 🌟🌟🌟 | SiJiDo
+[地狱](mobile/mobile2) | mobile | 🌟🌟🌟🌟🌟 | SiJiDo
+[php弱类型1](web/phpwake) | web | 🌟 | le31ei
+[php弱类型2](web/phpwake2) | web | 🌟🌟 | le31ei
+[php反序列化-3](web/unserialize-3)| web| 🌟🌟| le31ei
+[php反序列化-4](web/unserialize-4)| web| 🌟| le31ei
+[条件竞争](practice/race)| practice | 无 | le31ei
+[条件竞争2](web/upload)| web | 🌟 | le31ei
+[网络管理系统](web/sqlin1)| web | 🌟🌟🌟🌟 | le31ei
+[网鼎杯2018comment](web/wdb_2018_comment)| web | 🌟🌟🌟🌟 | le31ei
+[网鼎杯2018fakebook](web/wdb_2018_fakebook)| web | 🌟🌟🌟🌟 | le31ei
+[网鼎杯2018unfinish](web/wdb_2018_unfinish)| web | 🌟🌟🌟🌟 | le31ei
+[超级ping工具](web/weakradom)| web | 🌟🌟🌟🌟 | le31ei

README.md

@@ -0,0 +1,20 @@
+# 题目：Crypto1
+
+### 题目描述：多次解码
+
+### 题目难度： 🌟
+
+### 维护：SiJiDo
+
+### KEY: `flag{8ea44e39c914c5ddfbb9808c10033421}`
+
+### 配置信息： 
+
+​	1.开放端口： `8080`
+
+### 解题过程：
+
+1.将所给字符串进行16进制解码
+2.将1中解码结果进行unicode解码
+3.将2中解码结果进行base64解码
+4.将3中解码结果转换为ascii字符即可获取flag

crypto/Crypto1/Readme.md

@@ -0,0 +1,6 @@
+name: Crypto1
+category: crypto
+description: 多次解码
+hardlevel: 1
+flag: flag{8ea44e39c914c5ddfbb9808c10033421}
+is_docker: true

crypto/Crypto1/desc.yaml

@@ -0,0 +1,9 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/
+

crypto/Crypto1/docker-compose.yml

@@ -0,0 +1 @@
+0x262337373B262338343B262336353B26233132313B262336373B26233130363B262336393B26233131393B262337393B262336353B26233131313B262335333B262337383B26233131393B26233131313B26233132303B262337373B262336383B262337373B262337353B262337373B262338343B262337333B26233132323B262336373B26233130363B262338353B262335303B262336373B26233130363B262336393B26233131393B262337373B262338313B26233131313B262335333B262337383B26233131393B26233131313B262334393B262337373B26233130333B26233131313B262334393B262337373B26233130333B26233131313B26233132303B262337373B262336383B262336393B262337353B262337383B262338343B262336393B262337353B262337383B262338343B262339393B262337353B262337393B262338343B26233130373B262337353B262337383B262338343B262339393B262337353B262337383B262336383B26233130373B262337353B262337383B262338343B262337333B262337353B262337393B262338343B26233130373B262337353B262337383B262338343B262337373B262337353B262337373B262338343B262336353B26233131393B262336373B26233130363B262336393B26233131393B262337373B262336353B26233131313B26233132303B262337373B262336383B262337333B262337353B262337393B262338343B26233130333B262337353B262337393B262338343B26233130333B262337353B262337383B262338343B262339393B262337353B262337383B262338343B262338393B262337353B262337383B262336383B26233130333B262337353B262337383B262338343B262338393B262337353B262337393B262338343B26233130373B262337353B262337383B262336383B26233130373B262337353B262337383B262336383B26233130333B262337353B262337383B262336383B26233130333B262337353B262337383B262338343B262336393B262337353B262337383B262338343B262336393B262337353B262337383B262338343B262337333B262337353B262337383B262338343B262336353B262337353B262337383B262336383B26233130373B262337353B262337373B262338343B262337333B262334393B

crypto/Crypto1/www/decode.txt

@@ -0,0 +1,3 @@
+<?php
+header("Location: decode.txt");
+?>

crypto/Crypto1/www/index.php

@@ -0,0 +1,23 @@
+# 题目：Crypto2
+
+### 题目描述：凯撒加密
+
+### 题目难度： 🌟
+
+### 维护：SiJiDo
+
+### KEY: `flag{e57b9e18b08bff0d05a3c59900b109a4}`
+
+### 配置信息： 
+
+​	1.开放端口： `8080`
+
+### 解题过程：
+
+将给出数字转换为ascii字符后得到：
+mshn{l57i9l18i08imm0k05h3j59900i10???}tk5:742lh8152mm11i1m6m9314j3j4lmm93l
+再通过凯撒密码进行解密，当偏移量为7时，得到：
+flag{e57b9e18b08bff0d05a3c59900b10???}
+MD5:742ea8152ff11b1f6f9314c3c4eff93e
+在根据MD5值爆破出flag值为：
+flag{e57b9e18b08bff0d05a3c59900b109a4}

crypto/Crypto2/Readme.md

@@ -0,0 +1,6 @@
+name: Crypto2
+category: crypto
+description: 凯撒加密
+hardlevel: 1
+flag: flag{e57b9e18b08bff0d05a3c59900b109a4}
+is_docker: true

crypto/Crypto2/desc.yaml

@@ -0,0 +1,8 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/

crypto/Crypto2/docker-compose.yml

@@ -0,0 +1,3 @@
+<?php
+header("Location: 题目.txt");
+?>

crypto/Crypto2/www/index.php

@@ -0,0 +1 @@
+109 115 104 110 123 108 53 55 105 57 108 49 56 105 48 56 105 109 109 48 107 48 53 104 51 106 53 57 57 48 48 105 49 48 63 63 63 125 116 107 53 58 55 52 50 108 104 56 49 53 50 109 109 49 49 105 49 109 54 109 57 51 49 52 106 51 106 52 108 109 109 57 51 108

crypto/Crypto2/www/题目.txt

@@ -0,0 +1,20 @@
+# 题目：Crypto3
+
+### 题目描述：栅栏密码
+
+### 题目难度： 🌟
+
+### 维护：SiJiDo
+
+### KEY: `flag{3644257ea4673a9e093663207f24008f}`
+
+### 配置信息： 
+
+​	1.开放端口： `8080`
+
+### 解题过程：
+
+1、将图片中包含的txt文件分离
+2、暴力破解栅栏密码，并进行base64解码
+3、当栏数为7时，获得flag：
+flag{3644257ea4673a9e093663207f24008f}

crypto/Crypto3/Readme.md

@@ -0,0 +1,6 @@
+name: Crypto3
+category: crypto
+description: 栅栏密码
+hardlevel: 1
+flag: flag{3644257ea4673a9e093663207f24008f}
+is_docker: true

crypto/Crypto3/desc.yaml

@@ -0,0 +1,9 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/
+

crypto/Crypto3/docker-compose.yml

@@ -0,0 +1,3 @@
+<?php
+header("Location: test.rar");
+?>

crypto/Crypto3/www/index.php

@@ -0,0 +1,32 @@
+# 题目：Crypto4
+
+### 题目描述：rsa基础
+
+### 题目难度： 🌟🌟
+
+### 维护：SiJiDo
+
+### KEY: `flag{1e257b39a25c6a7c4d66e197}`
+
+### 配置信息： 
+
+​	1.开放端口： `8080`
+
+### 解题过程：
+
+1.使用factordb分解n，得到3个数，运用相关数学推导，编写exp，运行即可得到flag。
+
+```
+import libnum
+import gmpy2
+q=782758164865345954251810941
+p=810971978554706690040814093
+r=1108609086364627583447802163
+e= 59159
+c= 449590107303744450592771521828486744432324538211104865947743276969382998354463377
+n= 703739435902178622788120837062252491867056043804038443493374414926110815100242619
+phi_n = (p-1)*(q-1)*(r-1)
+d = gmpy2.invert(e,phi_n)
+print libnum.n2s(pow(c,d,n))
+```
+

crypto/Crypto3/www/test.rar

@@ -0,0 +1,6 @@
+name: Crypto4
+category: crypto
+description: rsa基础
+hardlevel: 2
+flag: flag{1e257b39a25c6a7c4d66e197}
+is_docker: true

crypto/Crypto4/Readme.md

@@ -0,0 +1,9 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/
+

crypto/Crypto4/desc.yaml

@@ -0,0 +1,3 @@
+<?php
+header("Location: rsa.zip");
+?>

crypto/Crypto4/docker-compose.yml

@@ -0,0 +1,6 @@
+name: Crypto5
+category: crypto
+description: hafuhafu
+hardlevel: 1
+flag: flag{D0nT_uS3_Th3_kN0w_n}
+is_docker: true

crypto/Crypto4/www/index.php

@@ -0,0 +1,8 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/

crypto/Crypto4/www/rsa.zip

@@ -0,0 +1,7 @@
+pk = (25572000680139535995611501720832880791477922165939342981900803052781801299380515116746468338767634903543966903733806796606602206278399959935132433794098659859300196212479681357625729637405673432324426686371817007872620401911782200407165085213561959188129407530503934445657941975876616947807157374921539755157591354073652053446791467492853468641331291383821277151309959102082454909164831353055082841581194955483740168677333571647148118920605752176786316535817860771644086331929655259439187676703604894258185651165017526744816185992824404330229600417035596255176459265305168198215607187593109533971751842888237880624087,65537)
+------ enc -------
+DTlEiAKLE24m19es4TBWl4Uo2MvmQMEYqWBCFggWJlJSjCwl3fT9322ytgudiQW2raDh53e6t2ed
+ygpFOP+MsAPXlU469rlmVng5JyDl0CF0ypevnaM5i+CvNT2mBoDadIYnPBVGMtj9HVVPDpMIgv5b
+F9N5ddQS7JB21oDdQBdDLTkKvcSqegtjNFv04R8+yrqOMZYpzdCRRw0j/MMt2JefC6z36mjrTL85
+A9EKlwKg5ydW7qELycfjBvzB/cwJ7mJ2I0xVPToa3sSLNDyddFttATwU6wmCa4XaWpTwVR/PfET2
+FRj0p+8UwYSDdlLLh6gRUVURpT+2jc9zx/rhOw==

crypto/Crypto5/Readme.md

@@ -0,0 +1,3 @@
+<?php
+header("Location: enc");
+?>

crypto/Crypto5/desc.yaml

@@ -0,0 +1,6 @@
+name: Crypto6
+category: crypto
+description: Not only base??
+hardlevel: 1
+flag: flag{N0t_0NLy_b4sE32}
+is_docker: true

crypto/Crypto5/docker-compose.yml

@@ -0,0 +1,8 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/

crypto/Crypto5/www/enc

@@ -0,0 +1 @@
+MCJIJSGKP=ZZYXZXRMU=W3YZG3ZZ==G3HQHCUS==

crypto/Crypto5/www/index.php

@@ -0,0 +1,3 @@
+<?php
+header("Location: code");
+?>

crypto/Crypto6/Readme.md

@@ -0,0 +1,6 @@
+name: Crypto7
+category: crypto
+description: Trace the hacker!!!!
+hardlevel: 2
+flag: flag{U_f1nd_Me!}
+is_docker: true

crypto/Crypto6/desc.yaml

@@ -0,0 +1,8 @@
+version: "2"
+services:
+  web:
+    image: php:5.4-apache
+    ports:
+      - 80
+    volumes:
+      - ./www/:/var/www/html/

crypto/Crypto6/docker-compose.yml

@@ -0,0 +1,3 @@
+<?php
+header("Location: shell.pcap");
+?>

crypto/Crypto6/www/code

@@ -0,0 +1,33 @@
+# 题目：这是什么
+
+### 题目描述：
+某银行管理员，发现公司电脑中存在一串未知数据，你能解开数据的内容么
+```
+=E4=B8=89=E5=B8=9D=E4=BA=94=E5=B8=81=E4=B8=83=E6=98=93=E6=81=A9=E5=85=AD
+=E5=93=A6=E8=BE=9F=E6=9B=BF=E4=BC=98=E5=85=AB=E5=BE=AE=E5=A4=96=E4=B9=9D
+```
+
+### 知识点：Quoted-Printable编码
+
+### 题目难度： 🌟
+
+### 维护：le31ei
+
+### KEY: `flag{3D5B7EA6OPTU8VY9}`
+
+### 配置信息： 
+无
+
+### 解题过程：
+
+1. 打开文件，观察文件是一串字符
+=E4=B8=89=E5=B8=9D=E4=BA=94=E5=B8=81=E4=B8=83=E6=98=93=E6=81=A9=E5=85=AD
+=E5=93=A6=E8=BE=9F=E6=9B=BF=E4=BC=98=E5=85=AB=E5=BE=AE=E5=A4=96=E4=B9=9D
+2、Quoted-Printable编码寻找蛛丝马迹
+网上搜到是Quoted-Printable编码
+[http://www.mxcz.net/tools/quotedprintable.aspx](http://www.mxcz.net/tools/quotedprintable.aspx) 在线解码
+三帝五币七易恩六
+哦辟替优八微外九
+把数字和英文发音首字母组合下得到因此答案为：3D5B7EA6OPTU8VY9
+
+

crypto/Crypto6/www/index.php

@@ -0,0 +1,11 @@
+name: zheshishenme
+category: crypto
+description: >
+  某银行管理员，发现公司电脑中存在一串未知数据，你能解开数据的内容么
+  ```
+  =E4=B8=89=E5=B8=9D=E4=BA=94=E5=B8=81=E4=B8=83=E6=98=93=E6=81=A9=E5=85=AD
+  =E5=93=A6=E8=BE=9F=E6=9B=BF=E4=BC=98=E5=85=AB=E5=BE=AE=E5=A4=96=E4=B9=9D
+  ```
+hardlevel: 2
+flag: flag{1e257b39a25c6a7c4d66e197}
+is_docker: false