update

README.md

@@ -1,2 +1,65 @@
-# 2024-wdb-Semis-CTF
-第四届 网鼎杯 半决赛 专项技术挑战赛
+# 第四届 网鼎杯 半决赛 专项技术挑战赛
+
+## 二进制安全 - BinarySecurity
+
+### 二进制漏洞挖掘 - cardmaster
+
+> 请卡牌大师们找出这台切牌机中的漏洞并获取 flag
+
+### 系统内核漏洞挖掘 - Generic_kernel_shellcode
+
+> Write a generic linux kernel shellcode?
+
+### 新编译技术漏洞 - jitlover
+
+> 这是一台不完全的 JIT 虚拟机，请找到其中的漏洞以获取 flag
+
+## 密码学 - Cryptography
+
+### RSA 加密分析 - equations
+
+> rsa 真的安全吗
+
+### 序列密码加密分析 - noise
+
+> Let me tell you a story about noisy-nfsr.
+
+## 数据安全 - DataSecurity
+
+### 邮件数据分析 - Easy_Data
+
+> 公司的 DLP 软件报警了，并上传了一段流量。你能帮 bob 分析下为什么会产生报警么？
+
+### 数据安全协议分析 - Never Finish
+
+> 自定义 TLS 协议可能会存在安全问题，本题实现 TLS 的 Hello 部分，再利用 AES CFB 模式的性质伪造签名后的消息。
+>
+> 端口为 23333，nc 正常无法连接上，需要根据 server 实现客户端链接。
+
+## 新技术应用 - AdvanceTechnology
+
+### 车联网日志分析 - V2XLogAnalysis
+
+> 车内日志的秘密，日志也能注入？
+
+### IOT 应用容器漏洞 - signin
+
+> 难道这是真正的登陆入口吗？
+
+### IOT 网络协议分析 - babyRTP
+
+> 这是一个双端都会推流的服务
+
+### 5G 网络隐私保护 - Get_supi
+
+> 在某些场景下，LTE 网络中用户的 IMSI 会在空口暴露，5G 网络是如何进行隐私保护的？网络侧如何得到用户的 SUPI？（提交请加上 flag{}）
+
+## 逆向安全 - ReverseSecurity
+
+### python逆向分析 - compress
+
+> 一个幽灵，一个EOL的幽灵在代码审计中游荡。
+
+### 网络通信流量分析 - socket
+
+> 小鼎同学在日常运维排查中发现了异常通信流量，通过初步定位分析，他获得了客户端、服务端程序以及相关流量，请帮他找出其中异常敏感数据！

raw-api-data/27c2d11c2a1b96281f802af67a1f4d12.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311831.181361,
+    "data": {
+        "resource_id": "27c2d11c2a1b96281f802af67a1f4d12",
+        "name": "新编译技术漏洞",
+        "desc": "jitlover\n这是一台不完全的JIT虚拟机，请找到其中的漏洞以获取flag",
+        "attachment": {
+            "name": "ce834e1434804f22bb7c6deb9c01b6ab.zip",
+            "url": "/cpms/oj/practice_attachment/482e8e5a7f814e00831c5f2e02709f97.zip",
+            "md5": "6abe8cf7f935a85654620fb55c955b86"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 1,
+        "scene_config": {
+            "id": "23b1115c238943059d3e4af70fd00e38",
+            "cscene": null,
+            "name": "新编译技术漏洞",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "5ac798cc8b54456395e38d4492d37c66",
+                        "name": "新编译技术漏洞",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}

raw-api-data/2fd2c782365c5f35e325a6a7413b71fb.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311851.012546,
+    "data": {
+        "resource_id": "2fd2c782365c5f35e325a6a7413b71fb",
+        "name": "IOT网络协议分析",
+        "desc": "babyRTP\n这是一个双端都会推流的服务",
+        "attachment": {
+            "name": "e7f4bbee4896463283241de2a792dc38.zip",
+            "url": "/cpms/oj/practice_attachment/a250dee185504fb5b59078f0641b2604.zip",
+            "md5": "1086395b7500e7b04fe649b22b24fca1"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 0,
+        "scene_config": {
+            "id": "1f8787a254084ca3bc6c3da3beeed2ab",
+            "cscene": null,
+            "name": "IOT网络协议分析",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "f1f04363feb04d258fb24b6f96d66702",
+                        "name": "IOT网络协议分析",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}

raw-api-data/3dee8e1fefacfc19257c13abf9daa5f3.json

@@ -0,0 +1,24 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311869.295138,
+    "data": {
+        "resource_id": "3dee8e1fefacfc19257c13abf9daa5f3",
+        "name": "网络通信流量分析",
+        "desc": "socket\n小鼎同学在日常运维排查中发现了异常通信流量，通过初步定位分析，他获得了客户端、服务端程序以及相关流量，请帮他找出其中异常敏感数据！",
+        "attachment": {
+            "name": "0705a3b79ea5468ab52dce250a9452a6.zip",
+            "url": "/cpms/oj/practice_attachment/a5f23b234e5d474fb1c834138e3a57f9.zip",
+            "md5": "12807b1f2b06766acc1be553b8b78e78"
+        },
+        "with_scene": false,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": true,
+        "solved_score": 89.58,
+        "solved_rank": 52,
+        "recycle": null,
+        "flag_type": 0
+    }
+}

raw-api-data/4068341c35fb0ece0fe3950e588c1435.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311736.880331,
+    "data": {
+        "resource_id": "4068341c35fb0ece0fe3950e588c1435",
+        "name": "IOT应用容器漏洞",
+        "desc": "signin\n难道这是真正的登陆入口吗？",
+        "attachment": {
+            "name": "88d1e1e8ba6c40ba8250b1c8cba39f2f.zip",
+            "url": "/cpms/oj/practice_attachment/4079206a075a4f1c8d4f7b48e9825284.zip",
+            "md5": "252aa502fe1e4ecd74b94c46e1a31d23"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 1,
+        "scene_config": {
+            "id": "87959f32433b410595ebf74ab2b0b02d",
+            "cscene": null,
+            "name": "IOT应用容器漏洞",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "e7a199d177314eb386af689f4803a55d",
+                        "name": "IOT应用容器漏洞",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}

raw-api-data/4925dc76e06f5a37608a45c43a85f6ce.json

@@ -0,0 +1,24 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311617.031705,
+    "data": {
+        "resource_id": "4925dc76e06f5a37608a45c43a85f6ce",
+        "name": "邮件数据分析",
+        "desc": "Easy_Data\n公司的DLP软件报警了，并上传了一段流量。你能帮bob分析下为什么会产生报警么？",
+        "attachment": {
+            "name": "misc_easy_data.zip",
+            "url": "/ct/upload/other/57edf1fbb5056961a908b8aeff0ac1e9.zip",
+            "md5": "b882e83622d005e337cec1fe59af6a8f"
+        },
+        "with_scene": false,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": true,
+        "solved_score": 118.06,
+        "solved_rank": 11,
+        "recycle": null,
+        "flag_type": 0
+    }
+}

raw-api-data/5552c5250d3d1fb5f2c83ea138f359ae.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311669.601985,
+    "data": {
+        "resource_id": "5552c5250d3d1fb5f2c83ea138f359ae",
+        "name": "二进制漏洞挖掘",
+        "desc": "cardmaster\n请卡牌大师们找出这台切牌机中的漏洞并获取flag",
+        "attachment": {
+            "name": "6a4ca062e7aa489eba566b0839de1213.zip",
+            "url": "/cpms/oj/practice_attachment/f76b323090644b81a0c76b0cfd1a5c70.zip",
+            "md5": "001a97c9bee1f4cc5bc7f650b3def601"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 1,
+        "scene_config": {
+            "id": "e3142fef464244638e583af173cbf6e6",
+            "cscene": null,
+            "name": "二进制漏洞挖掘",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "a8caac97b0ff4901ae6b15a925b71a10",
+                        "name": "二进制漏洞挖掘",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}

raw-api-data/6f48f0ac82b486fc034eed607ee01d01.json

@@ -0,0 +1,24 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311509.434277,
+    "data": {
+        "resource_id": "6f48f0ac82b486fc034eed607ee01d01",
+        "name": "RSA加密分析",
+        "desc": "equations\nrsa真的安全吗",
+        "attachment": {
+            "name": "b9f78ade9b8948fb8dab35c1db0f9299.zip",
+            "url": "/cpms/oj/practice_attachment/99a0e368ef5d43d3b19f7a6f581a0c3d.zip",
+            "md5": "675abffc4a38c1c843ed63297103c103"
+        },
+        "with_scene": false,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 0
+    }
+}

raw-api-data/98c9838c62d6397a13008f5c3ba5eaa1.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311757.425765,
+    "data": {
+        "resource_id": "98c9838c62d6397a13008f5c3ba5eaa1",
+        "name": "序列密码加密分析",
+        "desc": "noise\nLet me tell you a story about noisy-nfsr.",
+        "attachment": {
+            "name": "attachments.zip",
+            "url": "/ct/upload/other/d17b9250825ee0c02cfd59fefce537d2.zip",
+            "md5": "9ee07e809fd25e7c498789c6429110cf"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 1,
+        "scene_config": {
+            "id": "af6e385f077f4ecbbb99a2e5b9c36d0a",
+            "cscene": null,
+            "name": "序列密码加密分析",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "4d3273f1ba3d4a08a85cf722791563bb",
+                        "name": "序列密码加密分析",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}

raw-api-data/a4df1ae3b58ca3ddcc09095c1b8a49fe.json

@@ -0,0 +1,39 @@
+{
+    "code": "AD-000000",
+    "message": "",
+    "detail": "",
+    "timestamp": 1732311699.098224,
+    "data": {
+        "resource_id": "a4df1ae3b58ca3ddcc09095c1b8a49fe",
+        "name": "数据安全协议分析",
+        "desc": "Never Finish\n自定义TLS协议可能会存在安全问题，本题实现 TLS 的 Hello 部分，再利用 AES CFB 模式的性质伪造签名后的消息。\n\n端口为23333，nc正常无法连接上，需要根据server实现客户端链接。",
+        "attachment": {
+            "name": "ba3489b311cc44d1a57cd4eee1b16787.zip",
+            "url": "/cpms/oj/practice_attachment/6cd59289661d42ca92b31363615f1704.zip",
+            "md5": "32fded862198987b2b0a544a9f15f6a5"
+        },
+        "with_scene": true,
+        "with_scene_inst": false,
+        "enroll_id": "f7241ef83f79af0d91944fcff3a4262d",
+        "is_solved": false,
+        "solved_score": 0,
+        "solved_rank": 0,
+        "recycle": null,
+        "flag_type": 1,
+        "scene_config": {
+            "id": "5fd0e80bff464ad1b339a95f3484ac3c",
+            "cscene": null,
+            "name": "数据安全协议分析",
+            "reference_type": 302,
+            "scene_config": {
+                "topology": {
+                    "scene": {
+                        "eid": "0bfc664c66994e7cadeb558e1a0af4dc",
+                        "name": "数据安全协议分析",
+                        "description": ""
+                    }
+                }
+            }
+        }
+    }
+}