Tanuki Udon

challenge description

标准的前端题，给一个 note 网站，flag 在某个 note 里，目标是拿到 flag 的 note id。

创建的 note 内容会被当作 markdown 处理，特殊字符会被转义：

Product

cmseasy v7.7.7.7 20230520

Official Site

https://www.cmseasy.cn/

Exploit

In lib/admin/language_admin.php, the method add_action:

to be continued…

Old Pal

Just an appetizer.

Input a password to make the expression eval to true and pass filters.

Challenge description

https://board.asm32.info/asmbb-v2-9-has-been-released.328/

From the post:

• “AsmBB is very secure web application, because of the internal design and the reduced dependencies. But it also supports encrypted databases, for even higher security.”
• “Download, install and hack”

Yes

---

Goal is to get the admin to visit a page on the forum, HACK-HACK-HACK, /readflag will print out the flag.

---

Please don’t submit too many requests or try to abuse anything with the setup.

References

https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files

[Unit] Section

Description=

• just description

Documentation=

• ususlly a link to the official website

Requires=

• lists any units upon which this unit essentially depends
• the current unit starts when the required units are actived successfully
• required units are started in parallel by default

Wants=

• similar to Requires=, but less strict
• The systemd will attempt to start any units listed by Wants= when the current unit is actived. If wanted units are not found or failed to start, the current unit will continue to function.
• Wanted units are started in parallel unless modified by other directives.

BindsTo=

secure paste

题面是一个端到端加密的 pastebin，key 在前端生成不走后端，访问的时候放在 hash 里，flag 的 url 是可以直接拿到的，但是没有key。

在访问提供的 url 之前，bot 会先把 flag 的 url 带上 key 访问一遍，然后直接page.goto，所以 key 应该是要用 history.back 拿到。

首先是一个显而易见的注入，在 paste.ejs 里

写在前面

未完待续…

piyosay

主要逻辑为把message参数和emoji参数处理之后放到一个p标签里：

How to build socket server and socket client by python?

The first think to decide is which protocol to use, TCP or UDP?

The main difference is that TCP is connection-oriented while UDP is connectionless.

In detail, the server or the client must maintain a connection if they use TCP.

How is this reflected in socket programming?

For UDP

For example, if we want to send a message using UDP

First, two packages:

pip3 install virtualenv
pip3 install virtualenvwrapper

virtualenv makes one can create new virtual environment conveniently, like:

RSA procedure

1. choose two primes, $p$ and $q$
2. calculate $N=p\times q$
3. calculate $r=\phi (N)=\phi (p\times q)=(p-1)(q-1)$
   • $\phi$ is the Eular function, $\phi (n)$ represents the number of integers prime with $n$
   • if $n$ is a prime, then obviously $\phi (n)=n-1$
   • $\phi (mn)=\phi (m)\phi (n)$
4. choose $e$ no more than $N$ and prime with $r$
5. calculate $d$ such that $ed\equiv 1\mathrm{mod}r$
6. then $(e,N)$ is public key and $(d,N)$ is private key
7. don’t forget to destroy $p$ and $q$

Now Alice wants to send some message to Bob.