网鼎杯CTF——青龙组 (week 3)

网鼎杯

bang

拿到题是个加壳的，直接用通用脱壳机一梭子，就ok了，直接有答案

signal

虚拟机的题

0A 00 00 00 04 00 00 00 10 00 00 00 08 00 00 00 03 00 00 00 05 00 00 00 01 00 00 00 04 00 00 00
20 00 00 00 08 00 00 00 05 00 00 00 03 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 08 00 00 00
0B 00 00 00 01 00 00 00 0C 00 00 00 08 00 00 00 04 00 00 00 04 00 00 00 01 00 00 00 05 00 00 00
03 00 00 00 08 00 00 00 03 00 00 00 21 00 00 00 01 00 00 00 0B 00 00 00 08 00 00 00 0B 00 00 00
01 00 00 00 04 00 00 00 09 00 00 00 08 00 00 00 03 00 00 00 20 00 00 00 01 00 00 00 02 00 00 00
51 00 00 00 08 00 00 00 04 00 00 00 24 00 00 00 01 00 00 00 0C 00 00 00 08 00 00 00 0B 00 00 00
01 00 00 00 05 00 00 00 02 00 00 00 08 00 00 00 02 00 00 00 25 00 00 00 01 00 00 00 02 00 00 00
36 00 00 00 08 00 00 00 04 00 00 00 41 00 00 00 01 00 00 00 02 00 00 00 20 00 00 00 08 00 00 00
05 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 03 00 00 00 08 00 00 00 02 00 00 00 25 00 00 00
01 00 00 00 04 00 00 00 09 00 00 00 08 00 00 00 03 00 00 00 20 00 00 00 01 00 00 00 02 00 00 00
41 00 00 00 08 00 00 00 0C 00 00 00 01 00 00 00 07 00 00 00 22 00 00 00 07 00 00 00 3F 00 00 00
07 00 00 00 34 00 00 00 07 00 00 00 32 00 00 00 07 00 00 00 72 00 00 00 07 00 00 00 33 00 00 00
07 00 00 00 18 00 00 00 07 00 00 00 A7 FF FF FF

github上的angr_ctf套题提供的标准模板，直接拿来用了改一下

import angr
import sys
def main(argv):
    bin_path = argv[1]
    p = angr.Project(bin_path)
    init_state = p.factory.entry_state()
    sim = p.factory.simulation_manager(init_state)
    def is_good(state):
        return b'good,The answer format is:flag {}' in state.posix.dumps(1)
    def is_bad(state):
        return b'what a shame...' in state.posix.dumps(1) or b'WRONG!\n' in state.posix.dumps(1)
    sim.explore(find = is_good ,avoid = is_bad)
    if sim.found:
        found_state = sim.found[0]
        print("Flag: {}".format(found_state.posix.dumps(0)))
    else :
        print("cannot found a solution")
if __name__ == "__main__":
    main(sys.argv)