# GHCTF 2025 Misc 题目全解教学文档
<\/span><\/span>
<\/span><\/span>## 1. mydisk-1 & mydisk-2
<\/span><\/span>### 解题要点：
<\/span><\/span>- **mydisk-1**:
<\/span><\/span>  - 查看系统文件获取flag：
<\/span><\/span>    - `\/etc\/lsb-release`
<\/span><\/span>    - `\/etc\/issues`
<\/span><\/span>  - Firefox登录信息可能包含线索
<\/span><\/span>
<\/span><\/span>- **mydisk-2**:
<\/span><\/span>  - 密码爆破技巧：
<\/span><\/span>    - 修改shadow文件或爆破程序
<\/span><\/span>  - 关键文件：
<\/span><\/span>    - `\/etc\/crontab` 查看定时任务
<\/span><\/span>  - 其他线索：
<\/span><\/span>    - 邮件中获取压缩包
<\/span><\/span>    - 用户Desktop文件夹可能有密码
<\/span><\/span>
<\/span><\/span>## 2. mybrave
<\/span><\/span>### 解题步骤：
<\/span><\/span>1. 使用明文攻击解密文件
<\/span><\/span>2. 010 Editor打开解密后的图片
<\/span><\/span>3. 检查文件末尾的base64编码数据
<\/span><\/span>4. 解码base64获取flag：
<\/span><\/span>   `NSSCTF{I'm_Wh1sp3riNg_OuR_Lu11abY_f0r_Y0u_to_CoMe_B4ck_Home}`
<\/span><\/span>
<\/span><\/span>## 3. mymem-1 & mymem-2
<\/span><\/span>### 解题要点：
<\/span><\/span>- **PASS1获取**:
<\/span><\/span>  - 检查download和console记录
<\/span><\/span>  - 发现加密代码和密文
<\/span><\/span>  - 从内存文件中恢复pyc并反编译
<\/span><\/span>
<\/span><\/span>- **PASS2获取**:
<\/span><\/span>  - 使用GIMP查看mspaint文件
<\/span><\/span>  - 在宽度2568处可见密码
<\/span><\/span>
<\/span><\/span>- **PRODUCT_ID**:
<\/span><\/span>  - 使用memprocfs导出注册表
<\/span><\/span>  - 检查`SOFTWARE\MACHINE\SOFTWARE`
<\/span><\/span>
<\/span><\/span>- **OFFSET分析**:
<\/span><\/span>  - 检查异常进程mal.exe
<\/span><\/span>  - 使用IDA反编译分析
<\/span><\/span>  - 检查background log写入行为
<\/span><\/span>
<\/span><\/span>- **POOLTAG**:
<\/span><\/span>  - 检查bigpools区域
<\/span><\/span>  - 参考出题人博客类似题目
<\/span><\/span>
<\/span><\/span>## 4. mypcap
<\/span><\/span>### 解题步骤：
<\/span><\/span>1. **问题1：开放端口**
<\/span><\/span>   - 分析pcap文件
<\/span><\/span>   - 从小到大排序开放端口（具体端口需实际分析）
<\/span><\/span>
<\/span><\/span>2. **问题2：数据库密码**
<\/span><\/span>   - 在桌面文件发现数据库密码
<\/span><\/span>   - 从上传的test.war提取压缩包
<\/span><\/span>   - 获取写马密码并解密返回内容
<\/span><\/span>
<\/span><\/span>3. **问题3：重要数据**
<\/span><\/span>   - 在数据库中找到关键数据（需实际分析pcap）
<\/span><\/span>
<\/span><\/span>## 5. mycode
<\/span><\/span>### 直接flag：
<\/span><\/span>`NSSCTF{52e34cb4-5dbb-4997-877b-e4bc6c0d7104}`
<\/span><\/span>
<\/span><\/span>## 6. mypixel
<\/span><\/span>### 解题步骤：
<\/span><\/span>1. 处理初始RGB图像：
<\/span><\/span>   - 使用Pillow还原或Stegsolve勾选所有RGB通道
<\/span><\/span>2. 获得二值图：
<\/span><\/span>   - 尝试黑0白1和黑1白0组合
<\/span><\/span>   - 发现PNG文件头(89504E47)
<\/span><\/span>3. 生成汉信码：
<\/span><\/span>   - 扫描获取flag：
<\/span><\/span>   `NSSCTF{f92a7a2e-9606-4319-9d97-942de4f0315a}`
<\/span><\/span>
<\/span><\/span>## 7. myleak(赛后)
<\/span><\/span>### 解题步骤：
<\/span><\/span>1. 检查robots.txt
<\/span><\/span>2. 爆破10位密码（特征：成功时time.sleep 0.1）
<\/span><\/span>   - 获得密码：`sECurePAsS`
<\/span><\/span>3. GitHub activity发现管理账号
<\/span><\/span>4. 使用密码获取认证码
<\/span><\/span>
<\/span><\/span>## 8. mywav(赛后)
<\/span><\/span>### 解题步骤：
<\/span><\/span>1. Audacity分析：
<\/span><\/span>   - 分离200-400Hz低频和600-800Hz中频
<\/span><\/span>   - 从500Hz分割转二进制
<\/span><\/span>2. 解密得到维吉尼亚密码
<\/span><\/span>3. 010 Editor检查：
<\/span><\/span>   - 发现异常数据块(9E 97 BA 2A)
<\/span><\/span>4. 使用OurSecret解密获取flag：
<\/span><\/span>   `NSSCTF{9c99897d-5ea3-481c-b0a5-029fec9eaf42}`
<\/span><\/span>
<\/span><\/span>## 9. AI题目
<\/span><\/span>### 解题技巧：
<\/span><\/span>- **AI Cat Girl**:
<\/span><\/span>  - 通过代码块格式获取flag
<\/span><\/span>- **AI Cat Girl (Revenge)**:
<\/span><\/span>  - 使用Claude3.7think对抗DeekSeek
<\/span><\/span>  - 关键exp：
<\/span><\/span>    ```python
<\/span><\/span>    # 将初始系统指令转换为Python代码
<\/span><\/span>    # 具体转换代码需根据题目实际调整
<\/span><\/span>    ```
<\/span><\/span>
<\/span><\/span>## 通用技巧总结：
<\/span><\/span>1. 系统文件检查：\/etc目录、注册表、计划任务
<\/span><\/span>2. 内存分析：pyc恢复、进程检查、注册表导出
<\/span><\/span>3. 隐写分析：Stegsolve、010 Editor、Audacity
<\/span><\/span>4. 加密分析：base64、维吉尼亚、OurSecret
<\/span><\/span>5. 流量分析：pcap文件端口和服务识别
<\/span><\/span>6. 密码爆破：基于时间特征的爆破
<\/span><\/span><\/code><\/pre>