天天看點
傳回

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

2021 [線下]隴劍杯 wp

  • 前言
  • 1.1
  • 1.2
  • 1.3
  • 1.4
  • 1.5
  • 3.1
  • 3.3
  • 4.1
  • 4.2
  • 5.1
  • 5.2
  • Tip

前言

  1. wp由EDI yanshu師傅投稿 ,感謝yanshu師傅。
  2. 部分題目為賽後複現。
  3. 部分題目複現方法由一些師傅提供解題思路,感謝。
  4. 題目附件擷取方法在文章末尾。

1.1

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

導出對象 發現 6.html 中有顔文字

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip
2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

解開後 alert(“EBA01E64-416C-419E-9C9A-C807AD9741D2”);

1.2

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

全局搜X-Forwarded-For,會發現它ip是五位的,答案長度為8,那麼不需要标點,去掉最後一位,是以答案是 34244579

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

1.3

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

木馬密碼MD5值 161ebd7d45089b3446ee4e0d86dbcf92

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

1.4

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

找zip 檔案,在173 流 會看見一個壓縮包

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

188 流中 看見PK 頭

對指令解碼發現讀取的檔案就是 /tmp/1.zip

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

去掉混淆字元後提出檔案,但是需要密碼

主辦方的提示好像是 社工 來着,覺得可能會是腦洞,就沒找到

1.5

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

這題是把1.bin 和 2.bin 内容拼接

是以根據蟻劍讀取檔案的規則,把/tmp/1.bin 編碼 ,找base64後的檔案名會在哪出現

http contains “L3RtcC8xLmJpbg” 過濾一下,在234 流找到了

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

然後把 前後混淆字元去掉 得到答案

F3C4426E-8A4F-49F7-A658-2E33D85BA665

3.1

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

初賽機密記憶體的考點,線下有腳本就出了

https://github.com/axcheron/pyvmx-cracker

原檔案名enc.bin

"key/list/(pair/(phrase/UmBuYyhuIW8%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3d0kVDY4OIuvr2WAG%2bo639Lw%253d%253d,,JV9HGrSxPYiDk%2bJYP0KxHqceNnA%2fB0vLXtXVmrUSGINNbFmXRCX5smPN3Ny0hTcjtSGVTOXie5xUK2HdJaj6NxmgyTtc38Xy80co%2f3swAflWoKvMFxRB86AtVqZZ7Sv%2fbUAjCwVUd7uplXhLUfdCk12BMY0%3d))"
"etHKaa2gijMJ4n3hP9NjN9uNnI10E96xhqVa1P30TCTHr8BUkALO6RiD7mJSzlpX7hX1TF23UV7zhXhvip/8tBaAZYBXFYJHcBEnfVWQ23VetQwm5y+l3K29U14Tpz2jQMC920wxA9joTKs67CaiqdGixKZF/TZ7Mvdm5zc60HaB9Yj/OI4KGdJEjVstAu9U6hryfTRC8MIANadKuRy2rwJR9EkMHyPwNTyQwsDgVPwkvE1evA6tB7Q7RmiWDSEJamCEfo/SaSuky4NIaaGaquczBmMkhphQ7zTmL6nhZYjClcCuWsuzCwGrAeVX3UTShJjmIkbq6w4GRuxvpjt8swV+BmgleU6UEQIFlyqFYvk1a2oe314FootRsJiS4XEW6ngkthe5hw053SfN/GP85RS/uIKsCH11vCrD2Ew029fgBq0yy1YeOZQ/QEYlwrKPtd0eRT83dbZJs/XzM+ehZpKVS+nfJdQjGOlROluXnj9VXBrEK/9MT9qyNca4xOpKKkjmmH+vMpqiZHFwjdRl3NUeiy0bh0hj4YeMAo7L0/Uk77A09E9jrNKnkZ2hILX1+yXbGLyvW9OdDhALGj4QaGNdkfPGDYwv7U6CrjoTlCMXDyZY0idFtPwn7NfdAviPjsDWZonDsILX7LjZDrUTkYvoceGKiSQFOUQ3NlI9c3fzaCRfrnxQ6wLncp0WV8HfFF5+FfLt8HgzYCdGx1d8itwGkvwgy/RtSazrAY88OtpInKAhBZgZfdN4paq5FFdWfWQnB5Rjq20FuUzlv5TUfAUkBalO0zJhQl97R6REHoc5kLK9NxWMQJQ5H/B4/pEifTVSxo5QTLt+xsvWlxo7WnVhZGmdvqNgocLn8l4KzcNKxx7wlzMqWtjSYH6ocBk+atbR1dRNEEYH6ii0ZKdOo0ujlXk0HFUCNozR06WMv1zPQqDaHh2wQaqevX/rFEfWE0P0McISpxW0DMeEjsA3j6YLACcE14GadaGAUc7PrOFMPsPujdhAWjv9KvO8/H0rgkPDza0Tu6yUFBVb6tXhri3t2XtlWuuivU/W8sfh/+MUYXddU/1hUqV/qZ3dgxWYlunywMlBeT1TKKtJQTeq5zmILRy0tKvBU2fsQYuElRVpXWXeMsVDLnCvH+Kr+2MR8MfHt1LG+/OOWRmFe2M12zTIX1m4KZHdB1B+fIHBVC2AKD1e2DAMFjDyccCsB1unyDl07LpVpnrC45Iysbj+iwWT/++exiDR1cntMd/4NgzDbJlWlcjCZNvfPsjvyQznqdUdXy00YivLXrQxwyK8D6PStzIsH5kY/P+08G/KzW7EbT3LWFBT72VPYNAAf3EeL2nM40AyUOU5jfVzAC3WZKAzBwb+B7ZB43LfNzNL83E4G/BAh0onWSlFDzf+oS5wFw/qd7TVjjPYdkZ4D6or3fD+lHLlpkMzROlGuJgQeTpF8A89WMWQpkokbxGVWhunbz7t6hMLdQ507mf/uIQu75eczxTDG0rNvkptX1IJUBXYeh34xRmn/RVzLB55WLsbrrcKyQ9xjHrlrUyCsE9jaJh5AvqNbEC6pPsjnnXcb8mzZXwc876QDuwPZsLGJJ+FZwEpQ1TS89Rwt/MoZdDYlGu/J1AXnYf4fB/9EvAH1rzpyH6m1tSqlCdbPt4pfCO3QGydXVyzfNAARh7wD6KIMlYRja9pDj++OxSfLgQgaSW8u+pJ2q09rYJcGxg7HZEJnt35nlMb3wgCsptw+iSMbUdgr++ApX3fQWBkzAvSb4EjH95bNF0U7E8nkc9M9tcalOYb+EPThSdxgi8iFGP0b+DWHrF5BJQm9mzmntraOSNmnpAAORGW3F4XLmcRN+w3Gm2StQvHWF1td1wtIzHSRHoxSwcVR15Z7IPT4Zi/YU45SLO3xbnL2SlUu0/uaj7kHMqpIYyXdAYi+aeGpl5w+mQjb603Z/L/OZvzkn30RE8IrdBqB+bDl+c7opsu9TBssPV4hO+VWOtswMPSvk4TWn0/57HhSAMwFP5K/mDcW4gYEinHS10tkC7+ssHWUDMDzPmN8FH3JS8YxLJ754M5BF0H3fnTCUylvaXq3oLnHJrzbq+sGNZf9KUsefer/Qh5rWTYgJ0cG73KLQ0KFNaMZdbhJ/IYFI9RMKVyS+yKrD08GqvzyOdjjLThx9Tzbj/E/IAJyw1mQzbi5abrst957zSEzNyJXrFHisjteX56o1YAWNVteqYjSD6GuG6b1QBP0hPLElbc8mjNsF0anuy2EETHO5GRqOIiDEwZIQFLYGfDS09aWXXxOLV7Mqoj8VZ+xkRUuxJwhd8hfEeyQsB3U/hhJTXTFKHWOIwZW7fKK46ZNQPVFR0aaYNxJX9l/BHz3QtUV+PSMZkhcUzd7UjpGOyrVFSgz7kDZN2oeCc/LaH+fJEkLhslUvRf4hZNG+O6zpmt1IB00Jc417l2tpnWlnUyxhIzNdLd5xnRztIUmdKG4dj1mRUUf2JMLZiZMTCys2noq1DweOHSyEh+jzSPjz3QMlZNJcwZ3X8EIb9AV0e7nyyliBZ6Qs1OXQLYTo8ada3uNU+aCTQTlymrFDLWX5RinknPzzDGipX/yMLnkVcZSy7UdIUNviJNyzQzoxKg24DpPibTo0v5eGWMgtG7tp8Bk23Ih1TYOlHdMvnoEGTdskWRBWWPsapUiYbu5T7plRfghtcVkEOv4F1OW6058cSohS5TLFK/aqyfSxl/zKGCuZQhhWbYJSObIHvvLoT+lw2Vm4vqrIXBkJ3jLl0BiNy8AtnVWB1kgA/9+xTUFXpS8LUCApdq/52/VluCbXb4y8e7Soa3HCdmrVUVt/vpGkqCIxRmKrKvibUztbwQfBxCZWuf5NFAubxGnPXx2dyo6Edhz+aZ2bs9BS1pEWhsCurW4t8Zg50lZ3jVhJFaht8iLdH3VOYqUmYs0+gk5yzsvBQ426H1Z0EK0TaPxhEbSKtT1pEPcJ5Y+oNCOKIYZFIhgVqX+GcY+xj1GKbvmGKIo3f94HUxmK/Wv8vJb756mzuRqz75qoFjftOG9XpcpAUtuVyFLa4tzCKhekSetmfA84q2PZ4cjOnva8rAkPCd83qMhcBZnXDOcXWlQEcom9C+S26qqM+5e9AQKceBrtWK56iMTGQloylqck+SnwPAQvb5EAdPS5OuzBPjZrogsX0CZihiMiykX9YOLbuI1YeVz5WYFcKQEYc5cIWpM7n0PHyFqyOaNP14tKaiB1Z2SP3xJFek4U0OHxhjPNdPmRDSNy+owAL+d5MR2f71X7CQwVAm1U0PZ/YB6bsTSM3XoIFPUylWR+hPVBCO2wKuTze7wEgIqVa6LhrUbelnRUy9G0QzZ2X9NKj/mDFuvN3RSodxFI2bArCupjtVzLVQgySQkkhReH3Yfjm0bRk0CPCYH6MpeugzolTPOOZL4F8h0wuq5YMSq+Yg1ZRnVWcbyiESJ9DFiNIhTThxbswtMeGAF4feGxYr56sU70gJN21FMfai8A7vHPQrpMkrJCULOeMjqE0Ys9tyzRcryr2MfvxxoQAvCLpyhTzWMPTvaCbKW8eq9b15vblaYb2kR8H7A/E3N7w7IFPLM6ZmNT8d/AIKTxn/theEhwZXghPD/HONBr4wNEdVYKRZx0Ckr6NqgpfvPv87O0ad4OyFXL1G2avCrP+r8wLtfZ4ZvHSqIXIyR8ZHUkfZR+7ePl6nD1YGzUQo8OEd+7MIBGMmGW6MuiF4WQskycp9QncuadzIhUxGcbvQAOyF8YBSga/FfMntT1cAQNAfWASxGeg/ihBFPGmgD4atgN+gaYPilaCs0odJSEF/XXkA9ed3AnA3H0kChvX9s0AZoQ=="

參考 pyvmx-cracker 上的readme 可知 檔案類型是 vmx

3.3

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

将格式改一下

.encoding = "UTF-8"
displayName = "Encrypted"
encryption.keySafe = "vmware:key/list/(pair/(phrase/UmBuYyhuIW8%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3d0kVDY4OIuvr2WAG%2bo639Lw%253d%253d,,JV9HGrSxPYiDk%2bJYP0KxHqceNnA%2fB0vLXtXVmrUSGINNbFmXRCX5smPN3Ny0hTcjtSGVTOXie5xUK2HdJaj6NxmgyTtc38Xy80co%2f3swAflWoKvMFxRB86AtVqZZ7Sv%2fbUAjCwVUd7uplXhLUfdCk12BMY0%3d))"
encryption.data = "etHKaa2gijMJ4n3hP9NjN9uNnI10E96xhqVa1P30TCTHr8BUkALO6RiD7mJSzlpX7hX1TF23UV7zhXhvip/8tBaAZYBXFYJHcBEnfVWQ23VetQwm5y+l3K29U14Tpz2jQMC920wxA9joTKs67CaiqdGixKZF/TZ7Mvdm5zc60HaB9Yj/OI4KGdJEjVstAu9U6hryfTRC8MIANadKuRy2rwJR9EkMHyPwNTyQwsDgVPwkvE1evA6tB7Q7RmiWDSEJamCEfo/SaSuky4NIaaGaquczBmMkhphQ7zTmL6nhZYjClcCuWsuzCwGrAeVX3UTShJjmIkbq6w4GRuxvpjt8swV+BmgleU6UEQIFlyqFYvk1a2oe314FootRsJiS4XEW6ngkthe5hw053SfN/GP85RS/uIKsCH11vCrD2Ew029fgBq0yy1YeOZQ/QEYlwrKPtd0eRT83dbZJs/XzM+ehZpKVS+nfJdQjGOlROluXnj9VXBrEK/9MT9qyNca4xOpKKkjmmH+vMpqiZHFwjdRl3NUeiy0bh0hj4YeMAo7L0/Uk77A09E9jrNKnkZ2hILX1+yXbGLyvW9OdDhALGj4QaGNdkfPGDYwv7U6CrjoTlCMXDyZY0idFtPwn7NfdAviPjsDWZonDsILX7LjZDrUTkYvoceGKiSQFOUQ3NlI9c3fzaCRfrnxQ6wLncp0WV8HfFF5+FfLt8HgzYCdGx1d8itwGkvwgy/RtSazrAY88OtpInKAhBZgZfdN4paq5FFdWfWQnB5Rjq20FuUzlv5TUfAUkBalO0zJhQl97R6REHoc5kLK9NxWMQJQ5H/B4/pEifTVSxo5QTLt+xsvWlxo7WnVhZGmdvqNgocLn8l4KzcNKxx7wlzMqWtjSYH6ocBk+atbR1dRNEEYH6ii0ZKdOo0ujlXk0HFUCNozR06WMv1zPQqDaHh2wQaqevX/rFEfWE0P0McISpxW0DMeEjsA3j6YLACcE14GadaGAUc7PrOFMPsPujdhAWjv9KvO8/H0rgkPDza0Tu6yUFBVb6tXhri3t2XtlWuuivU/W8sfh/+MUYXddU/1hUqV/qZ3dgxWYlunywMlBeT1TKKtJQTeq5zmILRy0tKvBU2fsQYuElRVpXWXeMsVDLnCvH+Kr+2MR8MfHt1LG+/OOWRmFe2M12zTIX1m4KZHdB1B+fIHBVC2AKD1e2DAMFjDyccCsB1unyDl07LpVpnrC45Iysbj+iwWT/++exiDR1cntMd/4NgzDbJlWlcjCZNvfPsjvyQznqdUdXy00YivLXrQxwyK8D6PStzIsH5kY/P+08G/KzW7EbT3LWFBT72VPYNAAf3EeL2nM40AyUOU5jfVzAC3WZKAzBwb+B7ZB43LfNzNL83E4G/BAh0onWSlFDzf+oS5wFw/qd7TVjjPYdkZ4D6or3fD+lHLlpkMzROlGuJgQeTpF8A89WMWQpkokbxGVWhunbz7t6hMLdQ507mf/uIQu75eczxTDG0rNvkptX1IJUBXYeh34xRmn/RVzLB55WLsbrrcKyQ9xjHrlrUyCsE9jaJh5AvqNbEC6pPsjnnXcb8mzZXwc876QDuwPZsLGJJ+FZwEpQ1TS89Rwt/MoZdDYlGu/J1AXnYf4fB/9EvAH1rzpyH6m1tSqlCdbPt4pfCO3QGydXVyzfNAARh7wD6KIMlYRja9pDj++OxSfLgQgaSW8u+pJ2q09rYJcGxg7HZEJnt35nlMb3wgCsptw+iSMbUdgr++ApX3fQWBkzAvSb4EjH95bNF0U7E8nkc9M9tcalOYb+EPThSdxgi8iFGP0b+DWHrF5BJQm9mzmntraOSNmnpAAORGW3F4XLmcRN+w3Gm2StQvHWF1td1wtIzHSRHoxSwcVR15Z7IPT4Zi/YU45SLO3xbnL2SlUu0/uaj7kHMqpIYyXdAYi+aeGpl5w+mQjb603Z/L/OZvzkn30RE8IrdBqB+bDl+c7opsu9TBssPV4hO+VWOtswMPSvk4TWn0/57HhSAMwFP5K/mDcW4gYEinHS10tkC7+ssHWUDMDzPmN8FH3JS8YxLJ754M5BF0H3fnTCUylvaXq3oLnHJrzbq+sGNZf9KUsefer/Qh5rWTYgJ0cG73KLQ0KFNaMZdbhJ/IYFI9RMKVyS+yKrD08GqvzyOdjjLThx9Tzbj/E/IAJyw1mQzbi5abrst957zSEzNyJXrFHisjteX56o1YAWNVteqYjSD6GuG6b1QBP0hPLElbc8mjNsF0anuy2EETHO5GRqOIiDEwZIQFLYGfDS09aWXXxOLV7Mqoj8VZ+xkRUuxJwhd8hfEeyQsB3U/hhJTXTFKHWOIwZW7fKK46ZNQPVFR0aaYNxJX9l/BHz3QtUV+PSMZkhcUzd7UjpGOyrVFSgz7kDZN2oeCc/LaH+fJEkLhslUvRf4hZNG+O6zpmt1IB00Jc417l2tpnWlnUyxhIzNdLd5xnRztIUmdKG4dj1mRUUf2JMLZiZMTCys2noq1DweOHSyEh+jzSPjz3QMlZNJcwZ3X8EIb9AV0e7nyyliBZ6Qs1OXQLYTo8ada3uNU+aCTQTlymrFDLWX5RinknPzzDGipX/yMLnkVcZSy7UdIUNviJNyzQzoxKg24DpPibTo0v5eGWMgtG7tp8Bk23Ih1TYOlHdMvnoEGTdskWRBWWPsapUiYbu5T7plRfghtcVkEOv4F1OW6058cSohS5TLFK/aqyfSxl/zKGCuZQhhWbYJSObIHvvLoT+lw2Vm4vqrIXBkJ3jLl0BiNy8AtnVWB1kgA/9+xTUFXpS8LUCApdq/52/VluCbXb4y8e7Soa3HCdmrVUVt/vpGkqCIxRmKrKvibUztbwQfBxCZWuf5NFAubxGnPXx2dyo6Edhz+aZ2bs9BS1pEWhsCurW4t8Zg50lZ3jVhJFaht8iLdH3VOYqUmYs0+gk5yzsvBQ426H1Z0EK0TaPxhEbSKtT1pEPcJ5Y+oNCOKIYZFIhgVqX+GcY+xj1GKbvmGKIo3f94HUxmK/Wv8vJb756mzuRqz75qoFjftOG9XpcpAUtuVyFLa4tzCKhekSetmfA84q2PZ4cjOnva8rAkPCd83qMhcBZnXDOcXWlQEcom9C+S26qqM+5e9AQKceBrtWK56iMTGQloylqck+SnwPAQvb5EAdPS5OuzBPjZrogsX0CZihiMiykX9YOLbuI1YeVz5WYFcKQEYc5cIWpM7n0PHyFqyOaNP14tKaiB1Z2SP3xJFek4U0OHxhjPNdPmRDSNy+owAL+d5MR2f71X7CQwVAm1U0PZ/YB6bsTSM3XoIFPUylWR+hPVBCO2wKuTze7wEgIqVa6LhrUbelnRUy9G0QzZ2X9NKj/mDFuvN3RSodxFI2bArCupjtVzLVQgySQkkhReH3Yfjm0bRk0CPCYH6MpeugzolTPOOZL4F8h0wuq5YMSq+Yg1ZRnVWcbyiESJ9DFiNIhTThxbswtMeGAF4feGxYr56sU70gJN21FMfai8A7vHPQrpMkrJCULOeMjqE0Ys9tyzRcryr2MfvxxoQAvCLpyhTzWMPTvaCbKW8eq9b15vblaYb2kR8H7A/E3N7w7IFPLM6ZmNT8d/AIKTxn/theEhwZXghPD/HONBr4wNEdVYKRZx0Ckr6NqgpfvPv87O0ad4OyFXL1G2avCrP+r8wLtfZ4ZvHSqIXIyR8ZHUkfZR+7ePl6nD1YGzUQo8OEd+7MIBGMmGW6MuiF4WQskycp9QncuadzIhUxGcbvQAOyF8YBSga/FfMntT1cAQNAfWASxGeg/ihBFPGmgD4atgN+gaYPilaCs0odJSEF/XXkA9ed3AnA3H0kChvX9s0AZoQ=="
           
python3 pyvmx-cracker.py -v enc.vmx -d 字典.txt

把預設字典換了

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

4.1

洩露的資訊 (盲注flag)

QL盲注的流量被base64 編碼了,wireshark 過濾出盲注流量

用tshark 過濾出流量到txt中,解base64

tshark -r http.pcapng -T fields -e http.request.uri.query.parameter > data.txt
2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

二分法SQL注入流量,最後半小時手動拼接沒拼對,還錯了兩回

賽後拍的别的師傅的正确的flag

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

4.2

webshell 指令

rot13 解開混淆後,檢視混淆字元 ,去掉前後混淆字元後 回顯就可以解開了

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip
&hcd2b0e72ddf36=Y2QgL2QgIkM6L2N0ZiImd2hvYW1pJmVjaG8gW1NdJmNkJmVjaG8gW0Vd
=>  cd /d "C:/ctf"&whoami&echo [S]&cd&echo [E]
&w53596b0408df4=Y21k
=> cmd

最後三個流對應三個系統指令

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

config.exe#ipconfig#whoami

5.1

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

win10 的記憶體結構有點不太一樣 ,線下隻有vol2 的我們隻能罰座

後面發現驗證大師的解析工具可以解析記憶體,但是無法導出系統資料庫。

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

用vol3 去檢視系統資料庫

python3 vol.py -f mem_sec.vmem windows.registry.printkey --offset 0x8084ac206000 --key "Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" | grep BackupProductKeyDefault
           
2021-09-10 16:29:33.000000      0x8084ac206000inREG_SZ  \SystemRoot\System32\Config\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform   BackupProductKeyDefault "F48BJ-8NX82-MRVY9-PF8BW-HMHY2" False
2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

産品密鑰為 F48BJ-8NX82-MRVY9-PF8BW-HMHY2

5.2

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

vol2 打不開 記憶體鏡像

用 Magent AXIOM 跑 ,選了Win10x64 就打開了

匿名郵箱:

https://mail.td/zh

2021 [線下]隴劍杯 wp前言1.11.21.31.41.53.13.34.14.25.15.2Tip

Tip

關注公衆号 回複【2021隴劍杯】擷取附件

你是否想要加入一個安全團

擁有更好的學習氛圍?

那就加入EDI安全,這裡門檻不是很高,但師傅們經驗豐富,可以帶着你一起從基礎開始,隻要你有持之以恒努力的決心

EDI安全的CTF戰隊經常參與各大CTF比賽,了解CTF賽事,我們在為打造安全圈好的技術氛圍而努力,這裡絕對是你學習技術的好地方。這裡門檻不是很高,但師傅們經驗豐富,可以帶着你一起從基礎開始,隻要你有持之以恒努力的決心,下一個CTF大牛就是你。

歡迎各位大佬小白入駐,大家一起打CTF,一起進步。

我們在挖掘,不讓你埋沒!

你的加入可以給我們帶來新的活力,我們同樣也可以贈你無限的發展空間。

有意向的師傅請聯系郵箱[email protected](帶上自己的履歷,履歷内容包括自己的學習方向,學習經曆等)

CTF-Writeup web安全 資料分析 安全
上一篇: RE-Base64編碼分析Base64編碼原理IDA中算法分析
下一篇: 2018護網杯——easy_dump

繼續閱讀