SillyCTF 2025

比赛地址:SillyCTF

比赛时间:29 Mar 2025 20:00 CST - 30 Mar 2025 08:00 CST

复现的题目用🔁标注

Ice Spice

Munch Music

Challenge

Munch Music

Misc Easy

Ice Spices new single got edited! Cleotrapa (Her opp) probably did it. Find the flag in the music.

Solution

SillyCTF2025-1

1
sillyCTF{I-L0Ve-iC3-Spic3}

You Thought I Was Feeling U?

Challenge

You Thought I Was Feeling U?

Crypto Easy

Ice Spice encoded her diary using her own langauge called Icespician. Crack the code to find out her secret.

https://shorturl.at/0fHhZ

Unlock Hint for 0 points

Munch munch munch graaahhhh

Solution

对着密码表转换一下就出来了

1
sillyCTF{YOUARETHEMUNCH}

Costco

Frying Chicken?

Challenge

Frying Chicken?

Forensics Easy

I love going to Costco but I hate the toxic LEDs. They’re mutating my 5$ rotisserie chickens and making me ingest red particles. Not a fan. 5 big dooms.

https://shorturl.at/6plIo

leds-are-frying-my-chickens

Solution

这明显是 PDF417 条码,用在线阅读 PDF417 条码打开

SillyCTF2025-2

扫描得到

1
anpjY3BUS1d7R2N2anZfdWZla196aWlydXpya3ZfZHBfdHl6dGJ2ZWp9

SillyCTF2025-3

Base64 解码得到

1
jzccpTKW{Gcvjv_ufek_ziiruzrkv_dp_tyztbvej}

明显是凯撒密码,当位移位数为 17 时得到 flag

1
sillyCTF{Plese_dont_irradiate_my_chickens}

Minions

It Hertz when IP

Challenge

It Hertz when IP

Forensics Easy

Which IP addresses attempted to login to the victim machine? List the addresses numerically, least to greatest, comma-separated. Wrap the addresses in sillyCTF{}. For example, if the addresses 1.2.3.4 and 1.2.3.5 attempted to log in, your flag would be sillyCTF

https://shorturl.at/8PCKf

附件部分内容如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
eb 20 20:33:15 ubuntu-virtual-machine sudo:     root : TTY=pts/1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/echo 
Feb 20 20:33:15 ubuntu-virtual-machine sudo: pam_unix(sudo:session): session opened for user root(uid=0) by ubuntu(uid=0)
Feb 20 20:33:15 ubuntu-virtual-machine sudo: pam_unix(sudo:session): session closed for user root
Feb 20 20:33:34 ubuntu-virtual-machine su: (to ubuntu) root on pts/1
Feb 20 20:33:34 ubuntu-virtual-machine su: pam_unix(su:session): session opened for user ubuntu(uid=1000) by ubuntu(uid=0)
Feb 20 20:35:01 ubuntu-virtual-machine CRON[2484]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)
Feb 20 20:35:01 ubuntu-virtual-machine CRON[2485]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)
Feb 20 20:35:03 ubuntu-virtual-machine CRON[2485]: pam_unix(cron:session): session closed for user observium
Feb 20 20:35:07 ubuntu-virtual-machine CRON[2484]: pam_unix(cron:session): session closed for user observium
Feb 20 20:36:06 ubuntu-virtual-machine sshd[2723]: Connection closed by 192.168.64.131 port 37496 [preauth]
Feb 20 20:36:25 ubuntu-virtual-machine sshd[2763]: Connection closed by 192.168.64.131 port 60714 [preauth]
Feb 20 20:36:57 ubuntu-virtual-machine sshd[2767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu
Feb 20 20:36:59 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh2
Feb 20 20:37:05 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh2
Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: Failed password for ubuntu from 192.168.64.131 port 48446 ssh2
Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: Connection closed by authenticating user ubuntu 192.168.64.131 port 48446 [preauth]
Feb 20 20:37:09 ubuntu-virtual-machine sshd[2767]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu
Feb 20 20:39:01 ubuntu-virtual-machine CRON[2772]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Feb 20 20:39:01 ubuntu-virtual-machine CRON[2772]: pam_unix(cron:session): session closed for user root
Feb 20 20:40:01 ubuntu-virtual-machine CRON[2823]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)
Feb 20 20:40:01 ubuntu-virtual-machine CRON[2824]: pam_unix(cron:session): session opened for user observium(uid=1005) by (uid=0)
Feb 20 20:40:02 ubuntu-virtual-machine CRON[2824]: pam_unix(cron:session): session closed for user observium
Feb 20 20:40:06 ubuntu-virtual-machine CRON[2823]: pam_unix(cron:session): session closed for user observium
Feb 20 20:41:34 ubuntu-virtual-machine sshd[3114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.64.131  user=ubuntu

Solution

写个脚本提取所有出现过的 IP 地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import re
from collections import Counter

log_file_path = "auth.log"

# 匹配 IPv4 地址
ip_pattern = re.compile(r'\b(?:\d{1,3}\.){3}\d{1,3}\b')

# 读取日志文件并提取所有 IP 地址
def extract_all_ips_from_log(log_file):
    ip_list = []
    with open(log_file, 'r') as file:
        for line in file:
            matches = ip_pattern.findall(line)
            if matches:
                ip_list.extend(matches)
    return ip_list

# 统计 IP 地址出现次数
def count_ip_occurrences(ip_list):
    ip_counter = Counter(ip_list)
    return ip_counter

def main():
    ip_list = extract_all_ips_from_log(log_file_path)
    ip_counts = count_ip_occurrences(ip_list)

    for ip, count in ip_counts.items():
        print(f"{ip} - {count}")

if __name__ == "__main__":
    main()

得到如下输出

1
2
3
192.168.64.131 - 170
192.168.64.138 - 120
192.168.64.147 - 24

因此 flag 是

1
sillyCTF{192.168.64.131,192.168.64.138,192.168.64.147}