投稿赚金币

GlacierCTF 2022-CryptoShop

WhyWhyWhy 2025-12-26 19:36:22 28 0 返回题目详情

1.分析代码可知:

            1)初始有5块钱(balance),flag价值1000元;

            2)在退款方法中(refund_item)根据退款码(refund_code)来退款,当我们输错退款码时会输出正确的退款码;

            3)退款成功会增加相应货物的金额给balance;

2.思路:

            1)尝试退款,获取flag的退款码;

            2)根据获取到的正确的flag退款码再次退款,退款成功,balance的值变为1005;

            3)购买flag



3.具体过程

┌──(kali㉿kali)-[~]
└─$ nc 49.232.142.230 16617
Welcome to the PWN-Store. Please authenticate:
Your Name: 4
Welcome back 4!
Customernumber: 113216114010588843220228529530323724331930708788262607701550014503645452414040154854687522045495120455946163412341321564734302218007935019720105240006314225570334861840119910690686781028246458569143572931611492365304880468535674019886104483845843975587828278605957152395155735183984533850303085047239683619331

#第一次尝试退款
Accountname: 4 (Balance: 5€)
1. List Items
2. Buy Item
3. Refund Item
4. Exit

> 3
What do you want to refund?
Please provide the refundcode
> 2			#随便输入一个数字
Please provide the price
> 1000		#flag的价格
Refund-Code		#获取到正确的退款码
 82237362974270548865233080367584407297328406716818105783320905621367368646593369553412119162031247232168880077684696608820400031309470210539418737294686454711558111209746818521175336117089109683126002581325070946173887730913446312570826372513646605820919664627213487606964475522015935082949894547764560182555
Calculated-Code
 2
Error, this refund code does not match the price!  #这次退款失败

#第二次尝试退款
Accountname: 4 (Balance: 5€)
1. List Items
2. Buy Item
3. Refund Item
4. Exit

> 3
What do you want to refund?
Please provide the refundcode    #输入上面获取到的正确的退款码
> 82237362974270548865233080367584407297328406716818105783320905621367368646593369553412119162031247232168880077684696608820400031309470210539418737294686454711558111209746818521175336117089109683126002581325070946173887730913446312570826372513646605820919664627213487606964475522015935082949894547764560182555
Please provide the price	#flag的价格
> 1000
Successfully refunded		#成功退款

Accountname: 4 (Balance: 1005€)  #balance变为1005,可以购买flag了
1. List Items
2. Buy Item
3. Refund Item
4. Exit

> 2
What item do you want to bye?
0. USB Rubber Ducky
1. Malduino
2. WIFI Deauther
3. Bluetooth Jammer
4. GSM Jammer
5. Bad USB
6. CTF-Flag

> CTF-Flag
Take this: glacierctf{RsA_S1gnAtuRe_1ssu3}   #得到flag

Bought CTF-Flag for 1000
Refund-Code:
82237362974270548865233080367584407297328406716818105783320905621367368646593369553412119162031247232168880077684696608820400031309470210539418737294686454711558111209746818521175336117089109683126002581325070946173887730913446312570826372513646605820919664627213487606964475522015935082949894547764560182555

Accountname: 4 (Balance: 5€)
1. List Items
2. Buy Item
3. Refund Item
4. Exit
分类:Crypto
...
登录回复
image
作者:WhyWhyWhy

1

提交

0

收入

相关WriteUP

问题反馈