pages/2019/12/16/ctf.html

<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <meta name="viewport" content="width=device-width, initial-scale=1" />

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<title>CTF初体验 | Mayx的博客</title>
<meta name="generator" content="Jekyll v3.9.5" />
<meta property="og:title" content="CTF初体验" />
<meta name="author" content="mayx" />
<meta property="og:locale" content="zh_CN" />
<meta name="description" content="我好菜啊" />
<meta property="og:description" content="我好菜啊" />
<meta property="og:site_name" content="Mayx的博客" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2019-12-16T00:00:00+08:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="CTF初体验" />
<meta name="google-site-verification" content="huTYdEesm8NaFymixMNqflyCp6Jfvd615j5Wq1i2PHc" />
<meta name="msvalidate.01" content="0ADFCE64B3557DC4DC5F2DC224C5FDDD" />
<meta name="yandex-verification" content="fc0e535abed800be" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","author":{"@type":"Person","name":"mayx"},"dateModified":"2019-12-16T00:00:00+08:00","datePublished":"2019-12-16T00:00:00+08:00","description":"我好菜啊","headline":"CTF初体验","mainEntityOfPage":{"@type":"WebPage","@id":"/2019/12/16/ctf.html"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://avatars0.githubusercontent.com/u/17966333"},"name":"mayx"},"url":"/2019/12/16/ctf.html"}</script>
<!-- End Jekyll SEO tag -->

  <link rel="canonical" href="https://mabbs.github.io/2019/12/16/ctf.html" />
  <link type="application/atom+xml" rel="alternate" href="/atom.xml" title="Mayx的博客" />
  <link rel="alternate" type="application/rss+xml" title="Mayx的博客(RSS)" href="/rss.xml" />
  <link rel="alternate" type="application/json" title="Mayx的博客(JSON Feed)" href="/feed.json" />
  <link rel="stylesheet" href="/assets/css/style.css?v=1770803700" />
  <!--[if !IE]> -->
  <link rel="stylesheet" href="/Live2dHistoire/live2d/css/live2d.css" />
  <!-- <![endif]-->
  <link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="Mayx的博客" />
  <link rel="webmention" href="https://webmention.io/mabbs.github.io/webmention" />
  <link rel="pingback" href="https://webmention.io/mabbs.github.io/xmlrpc" />
  <link rel="preconnect" href="https://summary.mayx.eu.org" crossorigin="anonymous" />
  <link rel="prefetch" href="https://www.blogsclub.org/badge/mabbs.github.io" as="image" />
  <link rel="blogroll" type="text/xml" href="/blogroll.opml" />
  <link rel="me" href="https://github.com/Mabbs" />
  <script src="/assets/js/jquery.min.js"></script>
  <!--[if lt IE 9]>
    <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
    <script src="//cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/1.0.3/jquery.xdomainrequest.min.js"></script>
    <script src="//cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
  <![endif]-->
  <script>
    var lastUpdated = new Date("Wed, 11 Feb 2026 17:55:00 +0800");
    var BlogAPI = "https://summary.mayx.eu.org";
  </script>
  <script src="/assets/js/main.js"></script>
  <!--[if !IE]> -->
  
  <!-- Global site tag (gtag.js) - Google Analytics -->
  <script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-137710294-1"></script>
  <script>
    window.dataLayer = window.dataLayer || [];
    function gtag(){dataLayer.push(arguments);}
    gtag('js', new Date());
    gtag('config', 'UA-137710294-1');
  </script>
  
  <script src="/assets/js/instant.page.js" type="module"></script>
  <!-- <![endif]-->
</head>

<body>
  <!--[if !IE]> --><noscript><marquee style="top: -15px; position: relative;"><small>发现当前浏览器没有启用JavaScript，这不影响你的浏览，但可能会有一些功能无法使用……</small></marquee></noscript><!-- <![endif]-->
  <!--[if IE]><marquee style="top: -15px; position: relative;"><small>发现当前浏览器为Internet Explorer，这不影响你的浏览，但可能会有一些功能无法使用……</small></marquee><![endif]-->
  <div class="wrapper">
    <header class="h-card">
      <h1><a class="u-url u-uid p-name" rel="me" href="/">Mayx的博客</a></h1>

      
      <img src="https://avatars0.githubusercontent.com/u/17966333" fetchpriority="high" class="u-photo" alt="Logo" style="width: 90%; max-width: 300px; max-height: 300px;" />
      

      <p class="p-note">Mayx's Home Page</p>

      <form action="/search.html">
        <input type="text" name="keyword" id="search-input-all" placeholder="Search blog posts.." />&#160;<input type="submit" value="搜索" />
      </form>
      <br />

      

      

      <p class="view"><a class="u-url" href="/Mabbs/">About me</a></p>

      <ul class="downloads">
        
        <li style="width: 270px; border-right: none;"><a href="/MayxBlog.tgz">Download <strong>TGZ File</strong></a></li>
        
      </ul>
    </header>
    <section class="h-entry">

      <small><time class="date dt-published" datetime="2019-12-16T00:00:00+08:00">16 December 2019</time> - 字数统计：1673 - 阅读大约需要6分钟 - Hits: <span id="/2019/12/16/ctf.html" class="visitors">Loading...</span></small>
<h1 class="p-name">CTF初体验</h1>

<p class="view">by <a class="p-author h-card" href="//github.com/Mabbs">mayx</a></p>
<div id="outdate" style="display:none;">
  <hr /><p>
  这是一篇创建于 <span id="outime"></span> 天前的文章，其中的信息可能已经有所发展或是发生改变。
  </p>
</div>
<script>
  daysold = Math.floor((new Date().getTime() - new Date("Mon, 16 Dec 2019 00:00:00 +0800").getTime()) / (24 * 60 * 60 * 1000));
  if (daysold > 90) {
    document.getElementById("outdate").style.display = "block";
    document.getElementById("outime").innerHTML = daysold;
  }
</script>

<hr />

<b>AI摘要</b>
<p id="ai-output">这篇文章是关于作者初次体验CTF挑战的经历。他被同学邀请参加线上CTF比赛，虽然对CTF有所了解但从未真正参与过。文章描述了作者的参赛过程，他尝试了Cookie相关的题目，但因为对题目的理解错误和操作不当而未能解出。接着，他解决了涉及git的Swedish State Archive问题，通过Git Extract工具找到了Flag。尽管最终因水平不足未能完成所有题目，作者仍对CTF比赛表示出兴趣，并计划今后深入学习。他还设想将网站迷宫类型的解谜元素融入到前端编程中，类似于CTF挑战。</p>

<hr />



<ul><li><a href="#开端">开端</a></li><li><a href="#答题">答题</a></li><li><a href="#结语">结语</a></li></ul>
<hr />


 <main class="post-content e-content" role="main"><p>我好菜啊<!--more--></p>
<h1 id="开端">
  
  
    <a href="#开端"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 开端
  
  
</h1>
    
<p>前几天，有一个同学邀请我去打个线上CTF，我大概看了下时间，是在周末，于是我就答应了。 </p><p>
  以前我倒是对CTF也有些了解，曾经也试着在网上找到一些题，不过那些题的评论区总是有一堆人透答案，体验极差，所以其实我也没真正做过CTF的题。 </p><p>
  不过我曾经也攻击过一些网站，也算有点经验吧，所以觉得问题应该不大。</p>
<h1 id="答题">
  
  
    <a href="#答题"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 答题
  
  
</h1>
    
<p>到了周末，我还是像往常一样睡到中午，不过没关系，这个比赛持续2天，所以无所谓。 </p><p>
  等到我想答题的时候题目也基本上全部都出来了，我打开网站一看，题的类型挺多的，有涉及密码学、二进制、文件组成、溢出之类乱七八糟的东西。当然我全都不会 <del>（于是就凉了）</del>。 </p><p>
  虽然大多数都不会，不过至少我还是学过一些HTTP协议之类的东西，所以觉得我至少要解出一道Web题吧。 </p><p>
  首先吸引我的是一个叫做Cookie的题，我想既然它叫Cookie，那么大概就是改改cookie就能解出来吧。题目大概是我有$50，有三种饼干，Flag饼干最贵，要$100，因为买不起，所以得不到Flag。那么解法应该就是想办法改我有的钱的，然后再去买Flag饼干就OK了吧。以这个思路，我看了下cookie，那是一个被base64编码后的json，解码后发现，里面有一个叫做money的key，这下我想那不就解出来了嘛，我修改了money的value，编码后提交，钱的数量不出意料的变了，然后我就去买Flag饼干，但是不知道为什么，改完以后所有饼干都买不了了……所以这道题最后没有解出来…… <del>（太菜了）</del> </p><p>
  之后我换了一道题，那道题叫做Swedish State Archive，打开后发现是一个正在维护的网站，查看源代码后发现了服务器的源码：</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">from</span> <span class="nn">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">escape</span>
<span class="kn">import</span> <span class="nn">os</span>

<span class="n">app</span> <span class="o">=</span> <span class="n">Flask</span><span class="p">(</span><span class="s">""</span><span class="p">)</span>

<span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">"/"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">index</span><span class="p">():</span>
    <span class="k">return</span> <span class="n">get</span><span class="p">(</span><span class="s">"index.html"</span><span class="p">)</span>

<span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">"/&lt;path:path&gt;"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">get</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
    <span class="k">print</span><span class="p">(</span><span class="s">"Getting"</span><span class="p">,</span> <span class="n">path</span><span class="p">)</span>
    <span class="k">if</span> <span class="s">".."</span> <span class="ow">in</span> <span class="n">path</span><span class="p">:</span>
        <span class="k">return</span> <span class="s">""</span>

    <span class="k">if</span> <span class="s">"logs"</span> <span class="ow">in</span> <span class="n">path</span> <span class="ow">or</span> <span class="s">".gti"</span> <span class="ow">in</span> <span class="n">path</span><span class="p">:</span>
        <span class="k">return</span> <span class="s">"Please do not access the .git-folder"</span>

    <span class="k">if</span> <span class="s">"index"</span> <span class="ow">in</span> <span class="n">path</span><span class="p">:</span>
        <span class="n">path</span> <span class="o">=</span> <span class="s">"index.html"</span>

    <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="n">isfile</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
        <span class="k">return</span> <span class="nb">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s">"rb"</span><span class="p">).</span><span class="n">read</span><span class="p">()</span>

    <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="n">isdir</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
        <span class="k">return</span> <span class="n">get</span><span class="p">(</span><span class="s">"folder.html"</span><span class="p">)</span>

    <span class="k">return</span> <span class="s">"404 not found"</span>


<span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">"__main__"</span><span class="p">:</span>
    <span class="n">app</span><span class="p">.</span><span class="n">run</span><span class="p">(</span><span class="s">"0.0.0.0"</span><span class="p">,</span> <span class="s">"8000"</span><span class="p">)</span>
</code></pre></div></div>
<p>虽然我Python学的不多，但是至少我看到了<code class="language-plaintext highlighter-rouge">.gti</code>，看来是通过git获得Flag的题，但是它屏蔽了文件夹和index和logs两个路径的关键词……这该怎么做……后来我去网上搜了下解git类型的ctf的题，大多数人都用了一个叫做Githack的工具，我大概看了一下，这是个Python的脚本，但是它依赖于index文件，所以不能用。正当我要放弃之时，我发现了一个叫做<a href="https://github.com/gakki429/Git_Extract">Git Extract</a>的工具，我试了一下，直接Flag就出来了😂，我当场就赏它了一个star……看来还是工具好用…… </p><p>
  其他的题受限于水平原因，实在是做不出来……于是本次的CTF就这么结束了……</p>
<h1 id="结语">
  
  
    <a href="#结语"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 结语
  
  
</h1>
    
<p>CTF还是挺有意思的，看着我也想举办一个。不过除了CTF外还有另外一个更加大众化的东西，叫做网站迷宫，大概就是通过找线索，然后一层一层的往深处走的游戏，有点像解谜爬塔的游戏。 </p><p>
  我想了想，这种游戏也可以做一个纯前端版，每个下一题都被AES加密，所以只有上一题解出来得到密码才能得到下一题，这听起来有点像CTF呀，不过本来好多CTF的题也是一个文件，Web的题不算多。 </p><p>
  不过我自己连题都做不出来，还想什么出题😂……还是多研究研究吧。 </p><p>
  另外如果我以后想去试试挑战CTF的话，就可以去<a href="https://ctftime.org/">CTFtime</a>上看看了。</p></main> 


<small style="display: block">tags: <a rel="category tag" class="p-category" href="/search.html?keyword=CTF"><em>CTF</em></a> - <a rel="category tag" class="p-category" href="/search.html?keyword=Python"><em>Python</em></a> <span style="float: right;"><a href="https://gitlab.com/mayx/mayx.gitlab.io/tree/master/_posts/2019-12-16-ctf.md">查看原始文件</a></span></small>


<h4 style="border-bottom: 1px solid #e5e5e5;margin: 2em 0 5px;">推荐文章</h4>
<p id="suggest-container">Loading...</p>
<script>
var suggest = $("#suggest-container");
$.get(BlogAPI + "/suggest?id=/2019/12/16/ctf.html&update=" + lastUpdated.valueOf(), function (data) {
  if (data.length) {
    getSearchJSON(function (search) {
      suggest.empty();
      var searchMap = {};
      for (var i = 0; i < search.length; i++) {
        searchMap[search[i].url] = search[i];
      }
      
      var tooltip = $('<div class="content-tooltip"></div>').appendTo('body').hide();
      for (var j = 0; j < data.length; j++) {
        var item = searchMap[data[j].id];
        if (item) {
          var link = $('<a href="' + item.url + '">' + item.title + '</a>');
          var contentPreview = item.content.substring(0, 100);
          if (item.content.length > 100) {
                contentPreview += "……";
          }
          link.hover(
            function(e) {
              tooltip.text($(this).data('content'))
                .css({
                  top: e.pageY + 10,
                  left: e.pageX + 10
                })
                .show();
            },
            function() {
              tooltip.hide();
            }
          ).mousemove(function(e) {
            tooltip.css({
              top: e.pageY + 10,
              left: e.pageX + 10
            });
          }).data('content', contentPreview); 
          
          suggest.append(link);
          suggest.append(' - ' + item.date + '<br />');
        }
      }
    });
  } else {
    suggest.html("暂无推荐文章……");
  }
});
</script>

<br />
<div class="pagination">
  
  <span class="prev">
    <a href="/2019/12/04/abuse.html">
      上一篇：废人的研究
    </a>
  </span>
  
  <br />
  
  <span class="next">
    <a href="/2019/12/17/game.html">
      下一篇：New Game!
    </a>
  </span>
  
</div>

<!--[if !IE]> -->
<link rel="stylesheet" href="/assets/css/gitalk.css">
<script src="/assets/js/gitalk.min.js"></script>

<div id="gitalk-container"></div>

<script>
  var gitalk = new Gitalk({
    clientID: '36557aec4c3cb04f7ac6',
    clientSecret: 'ac32993299751cb5a9ba81cf2b171cca65879cdb',
    repo: 'mabbs.github.io',
    owner: 'Mabbs',
    admin: ['Mabbs'],
    id: '/2019/12/16/ctf',      // Ensure uniqueness and length less than 50
    distractionFreeMode: false,  // Facebook-like distraction free mode
    proxy: "https://cors-anywhere.mayx.eu.org/?https://github.com/login/oauth/access_token"
  })
  gitalk.render('gitalk-container')
</script>
<!-- <![endif]-->

    </section>
    <!--[if !IE]> -->
<div id="landlord" style="left:5px;bottom:0px;">
  <div class="message" style="opacity:0"></div>
  <canvas id="live2d" width="500" height="560" class="live2d"></canvas>
  <div class="live_talk_input_body">
    <form id="live_talk_input_form">
      <div class="live_talk_input_name_body" >
        <input type="checkbox" id="load_this" />
        <input type="hidden" id="post_id" value="/2019/12/16/ctf.html" />
        <label for="load_this">
          <span style="font-size: 11px; color: #fff;">&#160;想问这篇文章</span>
        </label>
      </div>
      <div class="live_talk_input_text_body">
        <input name="talk" type="text" class="live_talk_talk white_input" id="AIuserText" autocomplete="off" placeholder="要和我聊什么呀？" />
        <button type="submit" class="live_talk_send_btn" id="talk_send">发送</button>
      </div>
    </form>
  </div>
  <input name="live_talk" id="live_talk" value="1" type="hidden" />
  <div class="live_ico_box" style="display:none;">
    <div class="live_ico_item type_info" id="showInfoBtn"></div>
    <div class="live_ico_item type_talk" id="showTalkBtn"></div>
    <div class="live_ico_item type_music" id="musicButton"></div>
    <div class="live_ico_item type_youdu" id="youduButton"></div>
    <div class="live_ico_item type_quit" id="hideButton"></div>
    <input name="live_statu_val" id="live_statu_val" value="0" type="hidden" />
    <audio src="" style="display:none;" id="live2d_bgm" data-bgm="0" preload="none"></audio>
    <input id="duType" value="douqilai" type="hidden" />
  </div>
</div>
<div id="open_live2d">召唤伊斯特瓦尔</div>
<!-- <![endif]-->
    <footer>
      <p>
        <small>Made with ❤ by Mayx<br />Last updated at 2026-02-11 17:55:00<br /> 总字数：617672 - 文章数：179 - <a href="/atom.xml" >Atom</a> - <a href="/README.html" >About</a></small>
      </p>
    </footer>
  </div>
  <script src="/assets/js/scale.fix.js"></script>
  <!--[if !IE]> -->
  <script src="/assets/js/main_new.js"></script>
  <script src="/Live2dHistoire/live2d/js/live2d.js"></script>
  <script src="/Live2dHistoire/live2d/js/message.js"></script>
  <!-- <![endif]-->
</body>
</html>