GKCTF 2021 on 知识带给我们自由 https://yuexuan521.github.io/zh/tags/gkctf-2021/ Recent content in GKCTF 2021 on 知识带给我们自由 知识带给我们自由 https://yuexuan521.github.io/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://yuexuan521.github.io/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- 0.160.1 en-us See this site&rsquo;s source code here, licensed under GPLv3 · Mon, 18 Aug 2025 08:00:00 +0000 BUUCTF [GKCTF 2021]签到 1 https://yuexuan521.github.io/zh/posts/buuctf-gkctf-2021%E7%AD%BE%E5%88%B0-1/ Mon, 18 Aug 2025 08:00:00 +0000 https://yuexuan521.github.io/zh/posts/buuctf-gkctf-2021%E7%AD%BE%E5%88%B0-1/ <p> <div class="post-img-view"> <a data-fancybox="gallery" href="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228191023595.png"> <img src="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228191023595.png" alt="" loading="lazy" /> </a> </div></p> <p><strong>BUUCTF: <a href="https://buuoj.cn/challenges"target="_blank" rel="noopener noreferrer">https://buuoj.cn/challenges</a></strong></p> <hr> <p>相关阅读 <a href="https://ctf-wiki.org/"target="_blank" rel="noopener noreferrer">CTF Wiki</a> <a href="https://www.freebuf.com/articles/web/278710.html"target="_blank" rel="noopener noreferrer">GKCTF X DASCTF应急挑战杯 签到题WP</a> <a href="https://www.cnblogs.com/fishjumpriver/p/18015798"target="_blank" rel="noopener noreferrer">[GKCTF 2021]签到</a></p> <p> <div class="post-img-view"> <a data-fancybox="gallery" href="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228191025508.png"> <img src="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228191025508.png" alt="在这里插入图片描述" loading="lazy" /> </a> </div></p> <h3 id="题目描述">题目描述:</h3> <p>师傅们玩的开心~(flag由flag头包裹</p> <h3 id="密文">密文:</h3> <p>下载附件,得到tmpshell.pcapng文件</p>

BUUCTF: https://buuoj.cn/challenges

相关阅读 CTF Wiki GKCTF X DASCTF应急挑战杯 签到题WP [GKCTF 2021]签到

在这里插入图片描述

题目描述:

师傅们玩的开心~(flag由flag头包裹

密文:

下载附件,得到tmpshell.pcapng文件

在这里插入图片描述

解题思路:

1、打开流量文件,照常追踪TCP数据流,到第五个流中发现flag相关信息。

1

tcp.stream eq 5

在这里插入图片描述

将传输的数据复制下来,进行解密。

1

64306c455357644251306c6e51554e4a5a3046355355737764306c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154576c44546d39525241707154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7162314645616b46445357644251306c6e51554e4a5a32644554545a46524530325157704e5a3046365458524e524531305257704e436e5177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d644442705130354e65556c7154586c4a616b31355357704e65556b4b4e6b467154576442656b31305455524e644556715458644a616b38775a566f324d6d56774e557377643074795556645a64315a485a48593152556c3051576c4e4d5546355a4777316255733254545a7162475a7763573579555552304d464e4d64444254544170304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d537a42425357526159585a764e7a567462485a735130354e564530325255524e436e6f77655531334d464e4e6555467154545a524e327877596a647362584a5252484a7a5131706f516c68614d446c745647637751306c355655524a4d315a74596e4676656d3951567974736357563151303477553078304d464e4d64444254544851775530774b63336858576d786b4d5659354d544e6c4e325179576d684752324a7a576d31615a7a427363446c7064573569567974585a7a427363446c7064573569567974585a7a427363446c706457356956797458537a423354586876564531336230524e6555464454517045546a4252524534775555527356324636546c684e65444258596d593562464a48556b524f5245347759584a6b4d464a6d4f565a6162444658596e644252456c6b556d46746345524c61577832526b6c6b556d46746345524c61577832566b747754544a5a436a303955556c6f545442525245347755516f3d

首先,由十六进制数据转为字符串。(字符串以“ = ”结尾,结合提示“ cat+%2Ff14g%7Cbase64 ”,推测要使用Base64解码)

1

d0lESWdBQ0lnQUNJZ0F5SUswd0lqTXlJak15SWpNeUlqTXlJak15SWpNeUlqTXlJak15SWpNeUlqTXlJak15SWpNeUlqTWlDTm9RRApqTXlJak15SWpNeUlqTXlJak15SWpNeUlqTXlJak15SWpNeUlqb1FEakFDSWdBQ0lnQUNJZ2dETTZFRE02QWpNZ0F6TXRNRE10RWpNCnQwU0x0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMdDBpQ05NeUlqTXlJak15SWpNeUkKNkFqTWdBek10TURNdEVqTXdJak8wZVo2MmVwNUswd0tyUVdZd1ZHZHY1RUl0QWlNMUF5ZGw1bUs2TTZqbGZwcW5yUUR0MFNMdDBTTAp0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMdDBTTHQwU0x0MFNMSzBBSWRaYXZvNzVtbHZsQ05NVE02RURNCnoweU13MFNNeUFqTTZRN2xwYjdsbXJRRHJzQ1poQlhaMDltVGcwQ0l5VURJM1ZtYnFvem9QVytscWV1Q04wU0x0MFNMdDBTTHQwU0wKc3hXWmxkMVY5MTNlN2QyWmhGR2JzWm1aZzBscDlpdW5iVytXZzBscDlpdW5iVytXZzBscDlpdW5iVytXSzB3TXhvVE13b0RNeUFDTQpETjBRRE4wUURsV2F6TlhNeDBXYmY5bFJHUkRORE4wYXJkMFJmOVZabDFXYndBRElkUmFtcERLaWx2RklkUmFtcERLaWx2VktwTTJZCj09UUloTTBRRE4wUQo=

脚本如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

# @Author:YueXuan
# @Date  :2024/10/8 22:00

def split_into_hex_pairs(s):
    """将输入字符串切片成每两个字符一组的列表"""
    return [s[i:i+2] for i in range(0, len(s), 2)]

def convert_hex_to_int(hex_pairs):
    """将十六进制列表转换为十进制整数列表"""
    return [int(pair, 16) for pair in hex_pairs]

def adjust_for_ascii(int_values):
    """将整数列表中的值减去128以获取ASCII值"""
    return [value - 128 for value in int_values]

def convert_int_to_str(int_values):
    """将整数列表转换为字符串"""
    return ''.join(chr(value) for value in int_values)

def main(hex_string):
    """主函数,调用上述函数并打印结果"""
    print("字符串长度:%s" % len(hex_string))

    hex_pairs = split_into_hex_pairs(hex_string)
    print("hex列表:%s" % hex_pairs)

    int_values = convert_hex_to_int(hex_pairs)
    print("转化为十进制int列表:%s" % int_values)

    result_str = convert_int_to_str(int_values) # ascii_values
    print('最终答案:%s' % result_str)

if __name__ == '__main__':
    hex_str = '64306c455357644251306c6e51554e4a5a3046355355737764306c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154576c44546d39525241707154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7154586c4a616b31355357704e65556c7162314645616b46445357644251306c6e51554e4a5a32644554545a46524530325157704e5a3046365458524e524531305257704e436e5177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d644442705130354e65556c7154586c4a616b31355357704e65556b4b4e6b467154576442656b31305455524e644556715458644a616b38775a566f324d6d56774e557377643074795556645a64315a485a48593152556c3051576c4e4d5546355a4777316255733254545a7162475a7763573579555552304d464e4d64444254544170304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d6444425454485177553078304d464e4d537a42425357526159585a764e7a567462485a735130354e564530325255524e436e6f77655531334d464e4e6555467154545a524e327877596a647362584a5252484a7a5131706f516c68614d446c745647637751306c355655524a4d315a74596e4676656d3951567974736357563151303477553078304d464e4d64444254544851775530774b63336858576d786b4d5659354d544e6c4e325179576d684752324a7a576d31615a7a427363446c7064573569567974585a7a427363446c7064573569567974585a7a427363446c706457356956797458537a423354586876564531336230524e6555464454517045546a4252524534775555527356324636546c684e65444258596d593562464a48556b524f5245347759584a6b4d464a6d4f565a6162444658596e644252456c6b556d46746345524c61577832526b6c6b556d46746345524c61577832566b747754544a5a436a303955556c6f545442525245347755516f3d'
    main(hex_str)

然后,进行Base64解码,得到逆序的数据。 Base64 在线解码、编码

1
2
3
4
5
6
7
8
9

wIDIgACIgACIgAyIK0wIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMiCNoQD
jMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjoQDjACIgACIgACIggDM6EDM6AjMgAzMtMDMtEjM
t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0iCNMyIjMyIjMyIjMyI
6AjMgAzMtMDMtEjMwIjO0eZ62ep5K0wKrQWYwVGdv5EItAiM1Aydl5mK6M6jlfpqnrQDt0SLt0SL
t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLK0AIdZavo75mlvlCNMTM6EDM
z0yMw0SMyAjM6Q7lpb7lmrQDrsCZhBXZ09mTg0CIyUDI3VmbqozoPW+lqeuCN0SLt0SLt0SLt0SL
sxWZld1V913e7d2ZhFGbsZmZg0lp9iunbW+Wg0lp9iunbW+Wg0lp9iunbW+WK0wMxoTMwoDMyACM
DN0QDN0QDlWazNXMx0Wbf9lRGRDNDN0ard0Rf9VZl1WbwADIdRampDKilvFIdRampDKilvVKpM2Y
==QIhM0QDN0Q

在这里插入图片描述

2、在tmpshell.pcapng文件的其他流量上,也存在逆序的数据。 例如:命令whoami,得到数据 595852685a4331336433634b 。 经过解密,得到 atad-www ,逆序应为 www-data

在这里插入图片描述

所以,将上面的数据进行按行逆序输出。 文字倒序排列

1

cat flag | rev

在这里插入图片描述 

1
2
3
4
5
6
7
8
9

DQoNCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyAgICAgICAgIDIw
MjEtMDMtMzAgMjA6MDE6MDggICAgICAgICAjDQojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tDQrnqpflj6M6Km5ldyA1MiAtIE5vdGVwYWQrKw0K5pe26Ze0OjIwMjEtMDMtMzAgMjA6
MDE6MTMNClvlm57ovaZdIA0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCueql+WPozoqbmV3IDUyIC0gTm90ZXBhZCsrDQrml7bpl7Q6MjAyMS0wMy0z
MCAyMDowMToxMw0KW+Wbnui9pl0gW+Wbnui9pl0gW+Wbnui9pl0gZmZsbGFhZ2d7e319V1dlZWxs
Y2MpKVvliKDpmaRdIFvliKDpmaRdIDAwbW1lZV9fR0dra0NDNDRGRl9fbW0xMXNzaWlDQ0NDQ0ND
Q0NDQ0MhIQ==

再进行Base64解密得到如下数据:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

#######################################
#         2021-03-30 20:01:08         #
#######################################
--------------------------------------------------
窗口:*new 52 - Notepad++
时间:2021-03-30 20:01:13
[回车] 
--------------------------------------------------
窗口:*new 52 - Notepad++
时间:2021-03-30 20:01:13
[回车] [回车] [回车] ffllaagg{{}}WWeellcc))[删除] [删除] 00mmee__GGkkCC44FF__mm11ssiiCCCCCCCCCCCC!!

将flag的重复数据去除一半,得到flag。

1

flag{}Welc0me_GkC4F_m1siCCCCCC!

flag:

1

flag{Welc0me_GkC4F_m1siCCCCCC!}
]]> BUUCTF [GKCTF 2021]excel 骚操作 1 https://yuexuan521.github.io/zh/posts/buuctf-gkctf-2021excel-%E9%AA%9A%E6%93%8D%E4%BD%9C-1/ Mon, 23 Jun 2025 08:30:00 +0000 https://yuexuan521.github.io/zh/posts/buuctf-gkctf-2021excel-%E9%AA%9A%E6%93%8D%E4%BD%9C-1/ <p> <div class="post-img-view"> <a data-fancybox="gallery" href="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228190938943.png"> <img src="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228190938943.png" alt="" loading="lazy" /> </a> </div></p> <p><strong>BUUCTF: <a href="https://buuoj.cn/challenges"target="_blank" rel="noopener noreferrer">https://buuoj.cn/challenges</a></strong></p> <hr> <p>相关阅读 <a href="https://ctf-wiki.org/"target="_blank" rel="noopener noreferrer">CTF Wiki</a> <a href="https://blog.csdn.net/qq_43871179/article/details/118310357"target="_blank" rel="noopener noreferrer">2021GKCTF Misc excel骚操作–详解</a> <a href="http://appserver.gs1cn.org/ancc2020h/"target="_blank" rel="noopener noreferrer">中国编码APP下载</a></p> <p> <div class="post-img-view"> <a data-fancybox="gallery" href="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228190940931.png"> <img src="https://cdn.jsdelivr.net/gh/yuexuan521/image/20251228190940931.png" alt="在这里插入图片描述" loading="lazy" /> </a> </div></p> <h3 id="题目描述">题目描述:</h3> <p>你真的了解excel吗(flag由flag头包裹</p>

BUUCTF: https://buuoj.cn/challenges

相关阅读 CTF Wiki 2021GKCTF Misc excel骚操作–详解 中国编码APP下载

在这里插入图片描述

题目描述:

你真的了解excel吗(flag由flag头包裹

密文:

下载附件,得到flag.xlsx文件

在这里插入图片描述

解题思路:

1、打开文件,hint: 我看见flag了,你呢?

在这里插入图片描述

随便点击几个地方,发现有的单元格有数字 1 ,而且不是均匀分布的。

在这里插入图片描述

在这里,可以全选单元格,设置单元格格式中的数字类型为 G/通用格式 ,就可以直观看到所有含数字 1 的单元格。

在这里插入图片描述

在这里插入图片描述

再通过单元格 条件格式 ,将单元格中所有数字等于 1 的单元格标黑,看它的图案。

在这里插入图片描述

在这里插入图片描述

最后调整单元格行高为27,可以发现这是个“码”。

在这里插入图片描述

2、这其实是一个叫 汉信码 的二维码,需要使用中国编码网的中国编码APP,扫码得到flag。

下载地址: http://appserver.gs1cn.org/ancc2020h/

在这里插入图片描述

要想实现文中的隐藏效果,可以采取以下步骤: 1、单元格输入数字 2、单元格格式,数字选择自定义 3、类型中输入;;;

flag:

1

flag{9ee0cb62-f443-4a72-e9a3-43c0b910757e}
]]>