├── canyouhackit ├── captcha │ ├── solution1 │ ├── solution2 │ └── solution3 ├── cryptography │ ├── 22_decode.py │ ├── crypt20.txt │ ├── solution1 │ ├── solution10 │ ├── solution11 │ ├── solution13 │ ├── solution14 │ ├── solution16 │ ├── solution17 │ ├── solution18 │ ├── solution19 │ ├── solution2 │ ├── solution22 │ ├── solution23 │ ├── solution24 │ ├── solution25 │ ├── solution26 │ ├── solution27 │ ├── solution3 │ ├── solution4 │ ├── solution5 │ ├── solution6 │ ├── solution7 │ ├── solution8 │ └── solution9 ├── logic │ ├── solution1 │ ├── solution2 │ ├── solution3 │ └── solution4 ├── microhard │ └── solution ├── mobile │ ├── solution1 │ └── solution2 ├── readme.md ├── realistic │ └── ptatix │ │ └── solution1 ├── reconnaissance │ ├── solution1 │ ├── solution2 │ └── solution3 ├── script │ ├── solution1 │ ├── solution2 │ ├── solution3 │ ├── solution4 │ └── solution5 ├── steganography │ ├── solution1 │ ├── solution13 │ └── solution2 └── web │ ├── solution1 │ ├── solution10 │ ├── solution2 │ ├── solution3 │ ├── solution4 │ ├── solution5 │ ├── solution6 │ ├── solution7 │ ├── solution8 │ └── solution9 └── readme.md /canyouhackit/captcha/solution1: -------------------------------------------------------------------------------- 1 | code=$(curl -s -b cookie.txt "http://canyouhack.it/Content/Challenges/Captcha/Captcha1.php" | tesseract - stdout | tr -d '\n'); curl -s -b cookie.txt "http://canyouhack.it/Content/Challenges/Captcha/Captcha1.php?text=$code" > pass.png 2 | -------------------------------------------------------------------------------- /canyouhackit/captcha/solution2: -------------------------------------------------------------------------------- 1 | code=$(curl -s -b cookies.txt http://canyouhack.it/Content/Challenges/Captcha/Captcha2.php | convert -rotate 90 - - | tesseract - stdout | tr -d "\n"); echo $code; curl -s -b cookies.txt http://canyouhack.it/Content/Challenges/Captcha/Captcha2.php?text=$code > pass.png 2 | -------------------------------------------------------------------------------- /canyouhackit/captcha/solution3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feix/ctf-writeup/b3085f16e2d0a4bf12457326a9f8f2fb360fd4a6/canyouhackit/captcha/solution3 -------------------------------------------------------------------------------- /canyouhackit/cryptography/22_decode.py: -------------------------------------------------------------------------------- 1 | strtxt="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,./<>?;':[]{}=\+|-_()!@#$%^&*\"" 2 | stren="3e00c63d5596547df69235eac5389eb6138b4e6729af586dcbd9210a4c04b03107cf8e45240b5ad8e7a490713649aae65b3aef64a0beeb09f28c57ec8f741f0151989172613f69fe4bfa85fd146873260faccca14ddbab43461108b7" 3 | strde="926d46434b1472851173433ed84b147285013efaa146434373fe68724685683ffafab714434daa" 4 | 5 | txt2en = {} 6 | for i in range(0, len(stren), 2): 7 | txt2en[stren[i:i+2]] = strtxt[len(strtxt)-1-i/2] 8 | 9 | result = "" 10 | for i in range(0, len(strde), 2): 11 | tmp = txt2en[strde[i:i+2]] 12 | result = tmp + result 13 | 14 | print(result) 15 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/crypt20.txt: -------------------------------------------------------------------------------- 1 | SDCCBUAQWVOZTN 2 | DAWUQSZONSMFVK 3 | SXTHEQWITPKAIF 4 | JDDPTLFAUWFTLT 5 | WELDIZQEEMZQUU 6 | IAQSFNRYIOZOBS 7 | DGWIQCUFLTNMAE 8 | QGYNMCGXPSAKQA 9 | CUMHKYUHMEDSNR 10 | SHRQQTMTYKMZOD 11 | LNLNDKOBDRANPR 12 | SOBCXNCTQRXBQC 13 | PSPERTVWPPMGKH 14 | WUHWWFQLSKCIWS 15 | XNTCEKMVOBOZQN 16 | ZHTMKTITOZWBVW 17 | YVMECZRSPNDBHX 18 | GNONSPYPPJHOPG 19 | XDKTVKMYIXOPEH 20 | SOXLAYDJIFFGRT 21 | WDSRJZRKHSKVTY 22 | VANUMVXCEJRPBS 23 | JGYIGXHPDGTIQY 24 | VLIWUKMOFUXUBX 25 | NEHHVQVEDQVNGC 26 | NCFPEHDAOGOHQB 27 | QWRBYCESSLMNJQ 28 | KOUPIAGFYUTJDJ 29 | QPVVJYXJFRCWPE 30 | ADKFXJIJUYLMXH 31 | NHROXQTKEDQDQE 32 | NMWBFHFLFUKAVP 33 | IDKBQHUSICYNAO 34 | HFHKHZOLCGDNRK 35 | YKNFDMGIQBSTNX 36 | PNFBELONENWIOY 37 | TFYYSLPRKPXJOA 38 | PQEQGWERFVXTQG 39 | IVJMLPASSWORDY 40 | LALMOUTWWRBVPM 41 | VFIRGSEEZCPIDL 42 | UIUZONTLNFMBWQ 43 | DPMPMIVPMIYXGP 44 | KXXWYLAAORCUNT 45 | QDCWLTKWGQPJSI 46 | BDFRQSHLAKNWID 47 | KERIJFITDRYWJQ 48 | OYOANSBPVDSKAG 49 | HQUEJHGAQTULMJ 50 | IICCEPVSLPNLNX 51 | HNMMOQEYEJXRSZ 52 | EUMWTHYLYLEHFI 53 | EIPWRKTVPZFBPP 54 | QUKVUOMOIPRZIY 55 | ZGVTNSKAEGCCHF 56 | RNXDNBOZTPAOVS 57 | DXPKYWPOWWFGYZ 58 | PCMULUPTWSPPQW 59 | BCSTVBUERKUXYB 60 | TMLFIUNYCNIDOD 61 | QFXAJEXCQQACOE 62 | PKJISSOOVOKAPF 63 | HZHHOCSPIISDJS 64 | YJIBZMRVYSYPOS 65 | WPRSARCAYVONHQ 66 | FJVMKPZRYKLXXQ 67 | OWNCEXFJDGVYDQ 68 | PVQQTDSRJKLXVR 69 | VAADQPEJEGJQOW 70 | XRXPPAVTMUHMJO 71 | BVBDIXLOFBMSLE 72 | QFIUXHINDIYESI 73 | RASPEOPFCAUNFE 74 | E!OSUGGESKLQST 75 | ACGRVISOSZBZFB 76 | IEULPHZCGQJWEN 77 | FOUJLZOPSUZMPX 78 | LHYZEXRIVRAVOR 79 | XCILDZARCUBHYT 80 | NFPOUHUQJNTYBG 81 | TPABJMMBGHOGCP 82 | EQVYSQFQHDZZQT 83 | SABKNOSBHZYFHO 84 | XYQYBXFWWGTHRE 85 | UKFTMERFPSRYYR 86 | RGWDBGDCMFAHOT 87 | OMOCOYUWPVUWNX 88 | YHVELAHTLPWFXQ 89 | HIJYNBSVIYPXFQ 90 | QOGVJASAHGOTMY 91 | SUHKTUVSNCEILT 92 | YOHYWGPXZOQZTU 93 | FYQECTDPCUYUBE 94 | ZTPRHWOBWLXMVE 95 | WXPZVTHTXHOOIM 96 | COHWDKFQBPMIIV 97 | FCKERLOTUVIJTD 98 | KTDCZQMCAOKMLD 99 | SJYNXNXIKZYFEM 100 | ADKHIASDYCSZIZ 101 | HLARPRIVNJSYIR 102 | TFAQFLHWPBDYQQ 103 | QITCFIARBKQEAI 104 | ZMTGUGYBOKMMAW 105 | YQPIASPAHLXOIK 106 | RLATBAJFTKSEFJ 107 | HQMRKNXDUAWJYK 108 | DEJSLREQAGWBYH 109 | CTZTGYAOOBTZUB 110 | FTVDOMYVXUYRXD 111 | RKYSTRATFORDAN 112 | WJAVPLMPVIHGXQ 113 | JJQCGCEMEYYQNW 114 | JKARTNRISTOFHC 115 | THQTQISMRPAOPV 116 | ETWVSGWRTRPPMO 117 | BQXUVUVKEZPNWW 118 | IUEWFHMIHKVKDS 119 | CASADHEKFGMUJE 120 | JZHSIVNFMXFKBM 121 | ZILSOIBIORJDQR 122 | UVZKXBZCTJQDVY 123 | HNORECCDLMVJVG 124 | EHBWRBEYRLIYRW 125 | TOOCEYNEPUOQRL 126 | EKEQAVJWJUKXDT 127 | HVJTVMJOSBUGAR 128 | ZRZGWKCYJQXZKE 129 | OEHTAMWYKJVKOW 130 | AFHGTARWCBTLFD 131 | ZVKOELUBHSPZSO 132 | WQHKQEFUXSNJKO 133 | TKHXZMQTSCEJVU 134 | QEEQKTUSJDGDSW 135 | WDARLKDVLCAWLL 136 | SBWGZEGUAOCYEE 137 | HQFKLUEXCNZIYG 138 | ETMJVXBZGDXFKV 139 | VGGYKVKKAUYZCM 140 | KJEDRSEMRPSHTH 141 | JNIMJKAUEYVWHY 142 | NQFEQUJRKOPZDZ 143 | GSEZHDQBMYZOQY 144 | TWZOQNFGIWUMUV 145 | WAGWJHBZCIDFLC 146 | AAVSYMIOENADGU 147 | XQJUSTKIDDINGJ 148 | XRDQEBWKHHTSHY 149 | JUAODTVWLYVNJN 150 | AROKMTFIITVWQN 151 | LVICRNJSZUHOSW 152 | NUZNMJQFRXCWDL 153 | OJIIAVZTTRNJUS 154 | GVKHIMQLAVIZMN -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution1: -------------------------------------------------------------------------------- 1 | hint: caesar salad 2 | 3 | pnrfne fnynq 4 | caesar salad 5 | 6 | 这题的偏移为 13 7 | 8 | caesar 及其变种: 9 | 10 | caesar 加密: 偏移为左移3 11 | Avocat 加密:偏移为 10 12 | ROT 加密:偏移为 13 13 | Cassette 加密:偏移为 -6 14 | Cassis :偏移为 -5 15 | 16 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution10: -------------------------------------------------------------------------------- 1 | 德国的一种钟,Meanwhile in Germany! 第一行每格5个小时,第二行每格一个小时,第三行每格5分钟,第四行没格一分钟 2 | 答案就是: 13:17 3 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution11: -------------------------------------------------------------------------------- 1 | 从0开始计数的字母表 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution13: -------------------------------------------------------------------------------- 1 | brainfuck program language 2 | 3 | [-]>[-]< 4 | >+++++++++++[<+++++++++++>-]<. 5 | >+++[<--->-]<-. 6 | >++[<++>-]<++. 7 | +. 8 | >++++[<---->-]<-. 9 | ---. 10 | +++. 11 | . 12 | >+++[<+++>-]<. 13 | >+++[<--->-]<+. 14 | >++++[<++++>-]<-. 15 | >++++[<---->-]<--. 16 | >+++[<+++>-]<-. 17 | >++[<-->-]<--. 18 | -. 19 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution14: -------------------------------------------------------------------------------- 1 | 可用已知明文攻击来破解 一定存在 pass 2 | https://en.wikipedia.org/wiki/Known-plaintext_attack 3 | 4 | anagram 5 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution16: -------------------------------------------------------------------------------- 1 | 按人的思维读出来 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution17: -------------------------------------------------------------------------------- 1 | md5 解密 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution18: -------------------------------------------------------------------------------- 1 | 键盘排列 HAX 2 | 这里有个坑 H 而不是 N 3 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution19: -------------------------------------------------------------------------------- 1 | 5 × 5 的轮子 2 | 3 | yellow 4 | 5 | a b c d e 6 | f g h i j 7 | k l m n o 8 | p q r s t 9 | u v w x y 10 | z 11 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution2: -------------------------------------------------------------------------------- 1 | K9 goolge 是美国电话系统里每位数字分别代表一些字母,电话号码的数字对应着有意义的字母。 2 | 3 | 1 4 | ’ 5 | 2 6 | ABC 7 | 8 | 3 9 | DEF 10 | 11 | 4 12 | GHI 13 | 14 | 5 15 | JKL 16 | 17 | 6 18 | MNO 19 | 20 | 7 21 | PQRS 22 | 23 | 8 24 | TUV 25 | 26 | 9 27 | WXYZ 28 | 29 | 8430727796730470662453 30 | the password is mobile 31 | 32 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution22: -------------------------------------------------------------------------------- 1 | e7 a4 90 71 36 49 aa e6 5b 3a ef 64 a0 be eb 09 f2 8c 57 ec 8f 74 1f 01 51 98 2 | Z Y X W V U T S R Q P O N M L K J I H G F E D C B A 3 | 4 | 91 72 61 3f 69 fe 4b fa 85 fd 14 68 73 26 0f ac cc a1 4d db ab 43 46 11 08 b7 5 | z y x w v u t s r q p o n m l k j i h g f e d c b a 6 | 7 | d8 b0 31 07 cf 8e 45 24 0b 5a 8 | 0 9 8 7 6 5 4 3 2 1 9 | 10 | 92 35 00 c6 3d 55 96 54 7d f6 e9 11 | ) ( * & ^ % $ # @ ! 12 | 13 | cb d9 21 3e af 38 8b 4e 9e ea 0a 4c 04 58 6d b6 67 29 13 c5 14 | ? > < " : | } { + _ / . , ' ; \ ] [ = - 15 | 16 | 链接里是一个加密映射 17 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution23: -------------------------------------------------------------------------------- 1 | Breaking Bad 绝命毒师 老白是一个化学老师 元素周期表,查询 2 | 3 | PASS : YOU : SEARCH : IS : REALISM 4 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution24: -------------------------------------------------------------------------------- 1 | 老式打孔的程序 https://zh.wikipedia.org/wiki/打孔卡 2 | 3 | OLD SCHOOL 4 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution25: -------------------------------------------------------------------------------- 1 | Braille Alphabet 盲文 https://zh.wikipedia.org/wiki/盲文 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution26: -------------------------------------------------------------------------------- 1 | https://zh.wikipedia.org/wiki/兒童黑話 2 | 3 | home alone 4 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution27: -------------------------------------------------------------------------------- 1 | 5维方格替换密码 2^5 = 32 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution3: -------------------------------------------------------------------------------- 1 | easy base64 解密 2 | echo -n "aGFja2l0cy5kZQ==" | base64 -d 3 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution4: -------------------------------------------------------------------------------- 1 | Caesar’s Square https://en.wikipedia.org/wiki/Polybius_square 2 | 3 | TSDLNIL 4 | HSYOGSR 5 | EWOOFRO 6 | POUKOAA 7 | ARRIRID 8 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution5: -------------------------------------------------------------------------------- 1 | https://zh.wikipedia.org/wiki/波雷費密碼 2 | 3 | KDETHEPASSWORDISACEOFSPADES . The answer is: ACEOFSPADES 4 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution6: -------------------------------------------------------------------------------- 1 | https://zh.wikipedia.org/zh/摩尔斯电码 2 | 3 | .- -. . .- ... -.-- --- -. . - .... . .--. .- ... ... .-- --- .-. -.. .. ... -.. --- - -.. .- ... .... -.. .- ... .... -.. --- - 4 | 5 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution7: -------------------------------------------------------------------------------- 1 | 十进制转换成字母即为密码 2 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution8: -------------------------------------------------------------------------------- 1 | Atbash (similar with the Salad Cipher) 2 | 3 | Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ 4 | Cipher: ZYXWVUTSRQPONMLKJIHGFEDCBA 5 | 6 | gsv kzhh blfi ollprmt uli rh zoxlslo 7 | -------------------------------------------------------------------------------- /canyouhackit/cryptography/solution9: -------------------------------------------------------------------------------- 1 | Polybius Square https://en.wikipedia.org/wiki/Polybius_square 2 | -------------------------------------------------------------------------------- /canyouhackit/logic/solution1: -------------------------------------------------------------------------------- 1 | password 就是密码 2 | -------------------------------------------------------------------------------- /canyouhackit/logic/solution2: -------------------------------------------------------------------------------- 1 | I turn chickens red 2 | and I will make you weep. 3 | I make guys have to freak 4 | and girls rub their cheeks. 5 | I make the rich look stupid 6 | and normal people look like they are rich. 7 | I turn cakes yummy 8 | and make your champagne run wild in your tummy. 9 | If you squeeze me, I'll get happy. 10 | If you look at me, you'll get sad. 11 | Can you guess the riddle? 12 | 13 | 猜不出谜语,答案就是 NO, 其实这个谜语的答案也是 NO(Nitric Oxide) 14 | -------------------------------------------------------------------------------- /canyouhackit/logic/solution3: -------------------------------------------------------------------------------- 1 | right here 提示密码在 html 源码里 2 | -------------------------------------------------------------------------------- /canyouhackit/logic/solution4: -------------------------------------------------------------------------------- 1 | 2 3 5 11 19 41 73 139 ??? 2 | Fibonacci Prime 3 | prime(fibonacci(i)), i = 1, 2, 3, 4, 5 ... 4 | -------------------------------------------------------------------------------- /canyouhackit/microhard/solution: -------------------------------------------------------------------------------- 1 | 内网渗透 2 | 3 | ifconfig 发现 IP,网段 4 | nmap 发现没有,试着安装 apt-get install nmap 5 | nmap 192.168.10.1-254 6 | 192.168.10.223 开着 8080 端口,浏览器登录,需要密码,现有信息就是他们的名字,试一下名字作为密码 7 | 8 | 9 | 后来发现 help 命令有提示 10 | -------------------------------------------------------------------------------- /canyouhackit/mobile/solution1: -------------------------------------------------------------------------------- 1 | dex2jar jd-gui 直接出来 password 2 | -------------------------------------------------------------------------------- /canyouhackit/mobile/solution2: -------------------------------------------------------------------------------- 1 | dex2jar jd-gui 2 | 首先访问: http://canyouhack.it/Content/Challenges/Mobile/2/index.php 3 | 返回 68a571bcf7bc9f76d43bf931f413ab2c 4 | 5 | curl "http://canyouhack.it/Content/Challenges/Mobile/2/submit.php?Token=68a571bcf7bc9f76d43bf931f413ab2c&Attempts=1" 6 | 7 | for i in {1..20}; do curl "http://canyouhack.it/Content/Challenges/Mobile/2/submit.php?Token=68a571bcf7bc9f76d43bf931f413ab2c&Attempts=$i"; done 8 | -------------------------------------------------------------------------------- /canyouhackit/readme.md: -------------------------------------------------------------------------------- 1 | * Logic 2 | - [x] 1. I thought this was meant to be challenging? 3 | - [x] 2. Riddle me this 4 | - [x] 3. The thing you thought was really cool back when you were still a noob 5 | - [x] 4. Follow the pattern 6 | * Script 7 | - [x] 1. An easy start 8 | - [x] 2. Another quick one. 9 | - [x] 3. Arrays! 10 | - [ ] 4. Did you fall for it too? 11 | - [ ] 5. Loop Dee Loop 12 | * Cryptography 13 | - [x] 1. He also makes a good salad 14 | - [x] 2. Not K9 But? 15 | - [x] 3. Bottom 16 | - [x] 4. The grass is always greener on the other side 17 | - [x] 5. At least he doesn't cheat 18 | - [x] 6. a lot harder than SMS 19 | - [x] 7. As key? 20 | - [x] 8. Prove you're drunk? 21 | - [x] 9. Polly the parrot loves to square dance? 22 | - [x] 10. Meanwhile in Germany 23 | - [x] 11. Easier than you might think 24 | - [ ] 12. Sling's Manifesto 25 | - [x] 13. WTF?!? 26 | - [x] 14. Give it to your kid. They like solving these 27 | - [x] 15. A different kind of board than you're used to. 28 | - [x] 16. Follow the clues 29 | - [x] 17. a-z*6 30 | - [x] 18. QWERTY 31 | - [x] 19. Better than a 4 wheel drive 32 | - [ ] 20. Shakespeare's sonnets 33 | - [ ] 21. Pie\>Salad 34 | - [x] 22. CryptoForm 35 | - [x] 23. Breaking Bad 36 | - [x] 24. A lot harder than typing 37 | - [x] 25. Now I see 38 | - [x] 26. You filthy animal! 39 | - [ ] 27. CaPsS 40 | - [ ] 28. I Get Dizzy After Sitting Too Long in the Jacuzzi 41 | * Steganography 42 | - [x] 1. How would you read an image? 43 | - [x] 2. Your GF's favourite wealthy entrepreneur 44 | - [ ] 3. You can also find this tattooed on Bender's ass. 45 | - [ ] 4. Secret text is Not To be Fucking Seen 46 | - [ ] 5. Scrambled Eggs 47 | - [ ] 6. Invasion on ? Street. 48 | - [ ] 7. Between me and you. 49 | - [ ] 8. Arbitrary Colors 50 | - [ ] 9. I used to be slim 51 | - [ ] 10. Notice anything different about my fangs? 52 | - [ ] 11. CanYouXor.It? 53 | - [ ] 12. GLaDOS would be proud! 54 | - [x] 13. Be Sure to Tweak Your Png 55 | - [ ] 14. Buttered Bread 56 | - [ ] 15. Criminal History 57 | - [ ] 16. Shock 58 | * Crack 59 | - [x] 1. I'm sure you've just lost the key 60 | - [ ] 2. Obfuscation is The Key 61 | - [ ] 3. 9 Cells, 1 Prison 62 | - [x] 4. Brain Fuck Me 63 | - [ ] 5. Encrypted 64 | - [ ] 6. Crack Me Christmas 65 | - [ ] 7. Brain Fuck Me Too 66 | - [ ] 8. B4DRC4 67 | * Programming 68 | - [ ] 1. Repeat After Me 69 | - [ ] 2. Sudoku! 70 | - [ ] 3. Lost! 71 | - [ ] 4. Almost as fun as a Jigsas! 72 | - [ ] 5. Quick Peak 73 | - [ ] 6. Coding Upside-Down in Reverse 74 | * Captcha 75 | - [x] 1. As easy as it gets 76 | - [x] 2. Tilt your head 77 | - [ ] 3. Shuffle 78 | * Web Based 79 | - [x] 1. Can you GET this one? 80 | - [x] 2. The way this challenge crumbles 81 | - [x] 3. Take us to your leader 82 | - [x] 4. Where did you come from :S 83 | - [x] 5. I hate it when the Dr has to do this me. 84 | - [x] 6. Are you listed? 85 | - [x] 7. It's not listed? 86 | - [x] 8. Are your on the right path? 87 | - [x] 9. Before sure to check for poison 88 | - [x] 10. You can't tell me where to go! 89 | * Realistic 90 | - [x] 1. Ptatix Shock 91 | - [ ] 2. Black Hat's Fate 92 | * Hidden 93 | - [ ] 1. Follow the music 94 | - [ ] 2. Treasure Trail 95 | - [ ] 3. CanYouFind.It 96 | - [ ] 4. At your service 97 | * Mobile 98 | - [x] 1. The Fonejacker 99 | - [x] 2. Came Over! 100 | * Reconnaissance 101 | - [x] 1. CYHIIP.Address 102 | - [x] 2. Where's Jonnycake? 103 | - [x] 3. Implants? 104 | * Microhard 105 | - [x] CCTV 106 | * Catharissa 107 | - [ ] The Beginning 108 | -------------------------------------------------------------------------------- /canyouhackit/realistic/ptatix/solution1: -------------------------------------------------------------------------------- 1 | 注意字的颜色 reps 2 | 得到一个终端 help 命令得到可以使用的命令 3 | 4 | ls -al /tmp 5 | 6 | -rwx------ ptatix ptatix 99 date sess_d913bf7597b57e8b49363932354adf53 7 | 8 | cat /tmp/sess_readme.txt 9 | 10 | # sessions are stored temporary in this folder. 11 | # each session will be valid for 1 hour except 12 | # if the user is still online. 13 | # 14 | # time is based on server time. 15 | # 16 | # you should manually remove invalid sessions 17 | # by using a cron job to keep this folder clean. 18 | # 19 | # you should use another folder to store these 20 | # for possible security issues. 21 | 22 | ls -al /var/log/httpd/ 23 | cat /var/log/httpd/access.log 24 | 25 | "GET / HTTP/1.1" 200 2393 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 26 | "GET /test HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 27 | "GET /admin HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 28 | "GET /acceess HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 29 | "GET /admin_panel HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 30 | "GET /includes HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 31 | "GET /tmp HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 32 | "GET /index.php?reps HTTP/1.1" 200 2582 "-" "pt4t1x" 33 | "GET /style.css HTTP/1.1" 304 - "http://test.com/index.php?reps" "pt4t1x" 34 | "GET /js/terminal.js HTTP/1.1" 200 2050 "http://test.com/index.php?reps" "pt4t1x" 35 | "GET /downloads HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 36 | "GET /secret HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 37 | "GET /?reps HTTP/1.1" 200 2582 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 38 | "GET /js/terminal.js HTTP/1.1" 304 - "/?reps" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11" 39 | "GET / HTTP/1.1" 200 2393 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 40 | "GET /style.css HTTP/1.1" 200 5033 "http://test.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 41 | "GET /js/jquery-1.8.3.min.js HTTP/1.1" 304 - "http://test.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 42 | "GET /test HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 43 | "GET /admin HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 44 | "GET /robots.txt HTTP/1.1" 200 101 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 45 | "GET /hidden HTTP/1.1" 404 1134 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 46 | 47 | 修改 48 | session=d913bf7597b57e8b49363932354adf53; __ctmz=ptatix%3B/home/ptatix 49 | User Agent: pt4t1x 50 | 51 | 同样方式请求 http://canyouhack.it/Content/Challenges/Realistic/1/files/keeppass.php 52 | 获得 keeppass.rar 53 | 54 | 利用 rarcrack 破解后得到密码 px,获得 passlist.txt 55 | 56 | ------------------------------------------------------------------------------------------------- 57 | site | user | pass 58 | ------------------------------------------------------------------------------------------------- 59 | email | ptatix@gmx.com : 1337_h4x0r! 60 | homepage | ptatix : CorrectHorseBatteryStrapple? 61 | ssh | ptatix : K-m0n_4cc3ss 62 | ------------------------------------------------------------------------------------------------- 63 | 64 | 修改 65 | session=d913bf7597b57e8b49363932354adf53; __ctmz=ptatix%3B/home/ptatix 66 | User Agent: pt4t1x 67 | 后利用 homepage 的用户名和密码提交 68 | 69 | P-t4t1x_1s_4_n00b 70 | -------------------------------------------------------------------------------- /canyouhackit/reconnaissance/solution1: -------------------------------------------------------------------------------- 1 | 简单,网站的 ip 地址 2 | -------------------------------------------------------------------------------- /canyouhackit/reconnaissance/solution2: -------------------------------------------------------------------------------- 1 | 社工题,找出出题人住址,进入出题者页面,找到blog地址,打开就可以发现 2 | -------------------------------------------------------------------------------- /canyouhackit/reconnaissance/solution3: -------------------------------------------------------------------------------- 1 | google 图片搜索, 在 wiki 里找到一张相似的,地址 硅谷 Silicon Valley (San Jose) 2 | -------------------------------------------------------------------------------- /canyouhackit/script/solution1: -------------------------------------------------------------------------------- 1 | easy javascript 2 | -------------------------------------------------------------------------------- /canyouhackit/script/solution2: -------------------------------------------------------------------------------- 1 | var a = "de9f8caa7ea6fe56830925a124d605d4"; 2 | 3 | var password = ""; 4 | for(var i = 0; i < 20; i++) 5 | password += a.substring((i%3),(i%5)+(i%3)); 6 | 7 | password 跑一遍就出来了 8 | -------------------------------------------------------------------------------- /canyouhackit/script/solution3: -------------------------------------------------------------------------------- 1 | 同样,简单编码一下就出来了 2 | -------------------------------------------------------------------------------- /canyouhackit/script/solution4: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /canyouhackit/script/solution5: -------------------------------------------------------------------------------- 1 |