DASCTF X GFCTF 2024 Writeup
签到
DASCTF{GFCTF2024_Mamba_Back}
Misc
1. badmes
可以人工回答,就是有点费时间,也可以通过识别关键词提高准确率。
import socket
def is_spam(message):
spam_keywords = // 一些关键词组成的列表
for keyword in spam_keywords:
if keyword in message:
return False
return True
HOST = '4.216.46.225'
PORT = 2333
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((HOST, PORT))
while True:
message = s.recv(1024).decode('utf-8')
if not message:
break
if is_spam(message):
s.sendall(b'1')
else:
s.sendall(b'0')
2. tele
先过滤 STUN 流,搜索 XOR-MAPPED-ADDRESS 字符串即可得到IP
Binding Success Response XOR-MAPPED-ADDRESS: 171.88.96.93:57569
参考:https://higordiego.medium.com/how-to-discover-the-users-ip-address-using-telegram-d0dcad4c4d72