首页 > 其他分享 >HDCTF2023-Misc-wp

HDCTF2023-Misc-wp

时间:2023-04-24 13:59:48浏览次数:51  
标签:10000 zip wp Misc flag str 00011 path HDCTF2023

感谢Byxs20师傅的博客指导:https://byxs20.github.io/posts/21790.html

[HDCTF2023]ExtremeMisc

放进010editor里,发现有zip压缩包,foremost提取出来

image-20230422200701322

打开压缩包里面的文件需要密码

image-20230422200734186

直接爆破出来密码是haida

image-20230422200853698

得到一个Reserve.piz,放进010editor中,发现是个zip文件,但是每两位的hex值逆置了

image-20230422201201852

用脚本逆转过来,保存为zip文件

input_str = input()

output_str = ""
for i in range(0, len(input_str), 2):
    if i + 1 < len(input_str):
        output_str += input_str[i+1]
        output_str += input_str[i]
    else:
        output_str += input_str[i]
        
print(output_str)

打开压缩包,Plain.zip里的文件可以直接解压出来,secret.zip解压需要密码

image-20230422201314944

比较Plain.zip里的secret.txt,和secret中的secret.txt是一样的

image-20230422201527979

将secret.txt解压出来,用同种的压缩方式Store压缩

image-20230422201635133

然后明文攻击

image-20230423163004274

得到压缩包的密码,打开secret.zip,得到flag

NSSCTF{u_a_a_master_@_c0mpRe553d_PaCKe1s}

[HDCTF2023]MasterMisc

得到七个文件,放进010editor中发现是将一个zip分解成了7份,合并成一个zip,导出

image-20230422202043816

打开需要密码

image-20230422202151289

直接爆破出来密码是5483

image-20230422224240777

解压出来,放进010里

在这张png后面又有一张新png,导出来另存为flag.png

image-20230422202407086

image-20230422202505089

图片很小,可能是改变了宽高,用脚本爆破出图片的宽高

# -*- coding:utf-8 -*-

import struct
import zlib

def hexStr2bytes(s):
    b = b""
    for i in range(0,len(s),2):
        temp = s[i:i+2]
        b +=struct.pack("B",int(temp,16))
    return b

str1="49484452"  # 数据表示快,第一行的最后四位

str2="0802000000"   # CRC前五位

bytes1=hexStr2bytes(str1)
bytes2=hexStr2bytes(str2)
wid,hei = 350,43     #0x0141,0x014C

crc32 = "0x41DFCF32"

for w in range(wid,wid+2000):
    for h in range(hei,hei+2000):
        width = hex(w)[2:].rjust(8,'0')
        height = hex(h)[2:].rjust(8,'0')
        bytes_temp=hexStr2bytes(width+height)
        if eval(hex(zlib.crc32(bytes1+bytes_temp+bytes2))) == eval(crc32):
            print(hex(w),hex(h))

运行结果:0x15e 0x64

修改图片的宽高后得到了一段密文

image-20230422202735024

-7536-4433-bff

在010editor中的最后部分,也有一段密文

image-20230422224518417

f-96759901c405}

最后这段hex导出来,发现文件头是wav文件

image-20230422224732288

放进audacity,分析频谱图,得到第一部分的flag

image-20230422224806179

[HDCTF2023]SuperMisc

得到一张图片和一个.git文件

放进010里面,发现有很多的01,按照00和11导出来这些数据

写成一个二维码

扫描可以得到

11000#11111#10000#01111#11000#00011#11000#00011#00011#100#00011#01111#10000#00011#00011#00001#10000#00111#00011#00001#10000#00001#00011#11111#00011#11111#00111#100#00011#11000#00011#00001#10000#00001#10000#10000#00111#100#00011#00001#00011#00001#00011#11110#00011#00111#00111#100#10000#00111#00011#11111#00011#00001#00011#11110#00111#100#00011#00000#00011#11100#00011#00111#10000#00000#10000#00000#00011#11100#00011#00011#00011#11111#00011#11110#10000#00000#00011#10000#00011#00000

由0,1,#三个字符组成的有序字符串,morse密码

把01#分别替换为. - /

解码可以得到

image-20230424110114567

706173733D31633462346430302D373464662D343439322D623034392D353832656538333039653635

form hex 可以得到

image-20230424110148022

pass=1c4b4d00-74df-4492-b049-582ee8309e65

将得到的.git文件放进kali中

image-20230424133008004

分别用命令

git log
git reset --hard e9286.....

Snipaste_2023-04-23_23-38-34

得到一个zip包,打开需要密码

image-20230424110553433

密码就是刚刚得到的

查看文件发现是VMDK文件

image-20230424110805551

image-20230424111234247

发现了加密后的flag

看文件提示应该是维吉尼亚密码,明文是HDCTF

image-20230424112032506

得到密钥,在线解密

image-20230424112254056

[HDCTF2023]BabyMisc

打开得到一个文件和一个包

image-20230424113034690

包里放着很多文件,一直嵌套,到很久才能得到一个txt文件

image-20230424113423179

脚本提取出来

import os

def get_files(folder_path):
    files = []
    for filename in os.listdir(folder_path):
        full_path = os.path.join(folder_path, filename)
        if os.path.isdir(full_path):
            # 如果是文件夹,则递归获取其中的文件
            files.extend(get_files(full_path))
        else:
            # 如果是文件,则添加到文件列表中
            files.append(full_path)
    return files

folder_path = 'E:\Desktop\Script' # 替换为实际的文件夹路径

files = get_files(folder_path)

text = list(1000 * " ")
for file_path in files:
    count = int(file_path.split("\\")[-1][1:])
    with open(file_path, 'r') as f:
        text[count-1] = chr(int(f.read(), 16))
print(''.join(filter(lambda x: x != " ", text)))

得到

#!/bin/sh
inf1=$1;inf2=$2;ouf=$3;flag=$(wc-c${inf1}|cut-d''-f1);if[$(wc-c${inf2}|cut-d''-f1)-ge$flag];thenflag=$(wc-c${inf2}|cut-d''-f1);fi;sum_flag=0;flag1_flag=0;flag2_flag=0;FLAG=0;foriin$(seq0$(($flag+$flag)));doif[$FLAG-eq0];thenFLAG=1;ddif=$inf1of=$oufbs=1count=1seek=$sum_flagskip=$flag1_flagstatus=none;sum_flag=$(($sum_flag+1));flag1_flag=$(($flag1_flag+1));elseFLAG=0;ddif=$inf2of=$oufbs=1count=1seek=$sum_flagskip=$flag2_flagstatus=none;sum_flag=$(($sum_flag+1));flag2_flag=$(($flag2_flag+1));fidone

问ChatGPT说这是一个依次交换的脚本

image-20230424113834124

用脚本提取

with open("Encrypted.file", "rb") as f:
	data = f.read()

with open("1.7z", "wb") as f:
	f.write(data[1::2])

with open("base.txt", "wb") as f:
	f.write(data[::2])

得到一个7z和一个base

image-20230424114230501

将base32解码和rot47解码

image-20230424114338378

ca5l3B9zcaQ6gOHou1EJR460hNZ6HW0YSCxFziho9N1CvAeiSUulbva9GrgPohUq%AhUhSfeKUsNzp7GQhY4qa19oDnhS3F#LtDkTcHKfa#Fi1D70U8ezyOfZm0LJBYYu%6zrXs5WKTEGUzG#NU6NCG34hvrmsH3qEsiuDlhng37Y0KbWmrhnajaoM7gLrQfdt%2vdH#8#nGM2Xu8ujtFgiF3lPk5LJlDM9d7QzKLGZ2C4ekwOhIZiBNluF4FlQAXQ5%C29yTHn2WAIuxqAb4yKd6rkIh8ZBhdalazmABUhRRGZLTT5jb6f6kI4xub8o5lwY%1TtwUBbAcSS9LBowu5UcHgrab91TOufdMtzcf1UA9s3tSDnasI3##v7RpOuaTUj4%NNrDSkMEqiS5DPXqv9JeREZeAl2LuAq5nktmHfKQvBuUralaursnhP9MUJJL9NqW%Y9nYLrW61RF5xJMljRLGpHVJS5KNWSDkuebp77bxM4FN87ItNeU6OGimT8O4nds3%0YUF0OwgEk3aLshyLGOhU3NouMERMa9#IVXm3ecW#JZiT#isU3tRuEbNuiNJrT3j%TbPugYdArqOfzbbPyj#qlixvDSszS95uIpyidauRFYQYYboYSCf4xmgfRF379rVJ%haTDj40uWaUPUyVVrc8Ud5jP0XWzpI65H5N22aWwPPTz1JpA1AZ#FY7o5edOR8#v%bSnc4l4yL9sikSGTnYesAmuAJDT8WwAfbny0RwuUjWohxMX0Ljdu55UgX176fvRg%NI92ySegnpP5MgzaWf0QZGLe3kXnkZ2JzvxiS6YDKMHNM5FHDBY3S3vRSVnggvDq%5YlE5Lyi#1yX9LAEhozeOLFfbiShTFRGOxLXsfLJt5f6zizdJe2rYvoOBuSh4E6w%00wSe8bu7HcUY158KtL#T7dIwhrGEQzNatfo19mgxNr0sMnyjufkxbY5xCICV9Oc%Vbl6f11oRZvXQGqCzyJXzHwZkJhYJo6DEfD63JzTERDKb0iidCrA6y1z0kcWDeeW%jgbqnuqx2XRM1BjrzDJh#h0Qm4qtMlNIZhXcOUSMQgFwz5m09JT4O5FkRdhHETie%zUVofza5SkFDpHEgeAxrMuCgfJikN7utaTf9PeaFvbwcwkhYKy#iMvjFIl0m4ji2%twx06dkrjFxMgC9waB9h799w0GpJfZ194ZjST5t0cvWzsDX83pyQyeAUniKb7rqx%FckV2aAJtes4UvUDEhiwTIMQjToxlj0STZvu4TxZpA5yEVaHQ41M#2eWv5eCYs2X%gqSKTp3iaIDXmb0KsLQR2d0cntRkNEG0bwwfqGRRa5JxoJLXCwRchSjD2MFfgsNe%2zt7HGspfGLve9tVS5Y8AopZ6FPpmDPAT5IBsBOhE7zJeoRF2QHwDkr#Gsp5OaTW%UqH0Hhko4qSbDv37hH590VQcHVq#Q4JaMKGNm7gGiSsY44lSO2WNYYcZ7pU0kWGG%jlqE#2ztTvOmk8aRsx2A900mIpMuAA5HiaUv1uYITqNmOlDOjATchbQzmL1CuQG2%uaLxC1iROJAv5yJNmO#e9gk5osRdhdNCx4isrzoTD991zrryibCzv8vK5J#ADRj8%VzwpeYhJU1MLD2lpsIE6Bd61nGEofHH#HXQ4MKTphF0sTNdoIafVbXrQOxbqpNbo%x5iIUteK9QsHHW5SVJisISE2ACWBZqaWkrncHIhIBQweuGB2FdGbvACdS5Qp3n1i%dY4dG52Unxo1eGio9PyXv6870I6O#LMKsh4uP5daqCAIt1V6ybqxHD#cttcGcHo0%8D02C81NpdXMDguAtnO7oiVTNZp9NsNJaSz3oVzLHdO0a1#lsnaEugeGPc5r8rI3%mDci3#Q6nFytKkUmrZdbJ#KHzHHA6uHfnlJNQI234QSbavnn#angJ4WagQf#VKAg%z3j#nl9BMDyTWv6T2DB5kRDpapeqENLsM7HhJOsyE0CNEpYaiMiODhMtxmdIaGKA%#Qxccm3clROkSyipv5A0CGScfO5hQgRXQJdUBakg5LWNoDUqppii5doib7snq6l0%MugRo04B35Y8z#750Vazz44EXGS4NcuXBX0wX9tqhDlu0#J5xLe0zLzu33LZ3L52%69m7kpPIY0zPIAIrzVu7ocgGKAVGiDO8YR36864YAThsOLxXZj805u7r56ZKwiWo%uSf8dLb9o53GH32XA1urNw7Sa6vEhfTEXvqW1Idd8p4wgToLLS2K5T1MPw6r7Vbz%HGwoI3#l9kzdiy1TOtgOENitqhlqhHT5FUzLVuZ2KNPIZKLlZn6rl5yHSZbiGxxp%yE24h#XZA4mShxLLhTGmoxqfKBGCxLY5t4zyHk3R2ifd5e64YjBiXNIiMKG79qaD%kPAnGJl7SCPNPW3Rz5HLmiMgLi7DGNTCkLrWWt7stMKD52To0cDgKpOsm6Rv43Gs%2UA5o3LqznHgyH5kWHwHrkMwfnIJ55X5ThrHX1GaddrgqVaXFZYHOyLtDn4m5835%3wGAXVZh0aAb0dbMgsONEVGxeUZUAuH6Qt1SWxei16q3ChF2dhPE8U#068m3u8oX%75Q0y4HpiFYyWgHeaQsc4SJ#HvpAW7iAVcfwwRwbEGNmIkRdIHTo5zEsdnkxAR7X%T4vST5GBUp#7Bpi3BcRqDJPgn4mNmAqOWvqqdOjpbD9PhEaJ7xkgLxqMIwNT9F59%ajH8CLE7vI2EeNA1BHTJWVPYl8k8uvl3ls7ckAhIe8Ot009D5JtZaAArGk4E4EaK%7BXVeUerVPmKSPmXfAryX6ojhgIu2sdANzY5Hr5GDD7LSbGDbOS1ElNjKef7kJHy%3PoWruqOKoysQ3JYEEsDVYXP5a#Ut6mSeBQgR8kU#A7pUZZWKrmUQp1gLTxlH9QJ%smhiMUGdoeQCnoBYqXxYV5u5Uqfg8zYugjy9pD36LVx1Tv1jOc5nuk3XpX5xKd3l%ImS0gXyS4XUKoHIVrdWGi5RfD6jfBSCxgdsQDKM8bNY8MqLLCqOe8OQ1Wx6Pqee4%a55t6VxMHU#xpKCJcYflCVmKB6aziEW#5G0DDuXnwSRVhR33u4sRWkf9u5e2bfja%z5F6URgrYakMJBs5#lE5lZCcwZskS49RT2Xi1ofyoFjKPGjuEYf5Fr2Pvc#LCpOd%tYoS9MtW#HwKNnKgxbOhd6kDWUoJ4vOsfi2OmOxGHdzFqocYv5O#9B9gEr8k2hOA%tjYDs1bs#NS#jjQ7Xbnj7RvUzLg1csAnvVsZj2uXwhYTKZdGiBiisku55eKWeVPg%yVVcNVBMqIO7a5bCBtktHvVx3GrOnV1e5iVSYvC8#i#WlRBuvVln0wi9mY3MIv8R%xMGcEvfSt7LFLtCuLH7jjHR5Ot41Kcguyur6KP7NltZFsLXwLxBagf3R1vXnEeze%yMnFrX2aWETgPCz4Wmh5Fsegfbts2L0409YngviFOqpF7N2vG#AWfy7a4Vmi4GpU%oFNDRmid5EyXsAdr3jEkaUfclxkGmQyENQhVHhsjiKaWqdCcu29K25eaCHieylfI%bRW15bkBeaucQXOT5CpRWVaSTV2Rr1M2FnsfdhhuOm6kozAUU0V7HydbIIxYoLVd%DrmasK#rW4OC85gCoJEU2J1Iz83dhi7nHPQiIMSpE8hrXbhwFjhykRAne5zdVW7R%38lc##ol1NoYJ5GRp4FMC70PpQCj56#MIHbcPWclLBhwg58D4rZ6N4gNLsWHXTJH%ShnxfDxvU1rUaV0RxFxQFFxfLuIPXCRFR5IDbH87jYH26BEiTkW72MHKnRrWZp5B%dyZynn4XE51nhUbtvyGj05RUnJKrb#aayhqL8JzlxfZsh49MMhFTj5zlG3Lqp514%p7ZbFZVRFWu0ntZmsB76HQdU54TRmJ20ICgzBr4pk#ISRlCITH35ufxStztq3iyY%6Q8BQrgK6VoYpIpt9muRE3goUrqSd3nckBB5e9pPwnUnR#BP6Nbz4jRAiCUUR0aM%LvKx3A92GZpIKeYiGpBC1jsUUSrWLnghUTK9ubCfjEd2C1eKZvdyf88W#LD#O3Xg%7IZH5GbaNE#asoyptlZrQU3iWEJvZs8f4m9AuHgmlRf1JNhvWccIoi2eEJLYIAOk%o21bMHrLKsiQ3CjyuDOSYnuVCIV57yRe04gJPx19RzGcD2xsiDooBjzaGLy5qlWu%xSI1RiNaEOJtJbrbux##Tq5ZggAgzzOscg76pWrlxVmHZ61u51aJrXwfgev5#vPn%VpqqKDA4HqW52IAwBPPDZ0EoeTGjS0vaCLMqDR7qobhzNm2asU8q457oC2iBs85Z%mMSMiHuP1lNDe07E9Djrgl172JdV1AarwX9p7uqAGc##WETUSn5C9ZQuRGrOyiNu%EqT2biHsN1psZKfirTXFeWRg53RLz0gG5dR6LmXHJyg56iRVGMqbveE4IPrkCRU0%AWbbQQ35KDjh115UV3UGtf8iahMn4DugpTayhT6#1ZcM1yBPIDW2u0JevVPVyC8f%hdy9OyFgcaLEhfCXVSa6klvm1txe85ck8Czx3HLLqyTyZzHjt1fPXNNgEZazG5Fh%jhTEBxSrQiFFyDnHIjSYDKNqD2nzrlR79vNJQj03mCj9GN9pACGhcffLkDQOT3KN%qPIrs#TfCu8GCqYCmAXNnyGsYAVFoNefylJbKEAj4vH4onx0GkckoU#nyXXt3yFS%C5uijU4ohMpqUJvMAbkuXNyTPpWrk2dzmLJ#wjuByXDLTdIofxQuzoQ7oba19TaM%1b0gZALzV#fUPP7Qfmhn57V600gW0pOfujiJntHYQTJapo7qmN4L2YVgtSWrrfxz%RoARfzspS#EVLEQqYuwUckAvArLLgCuSypMXqPyCUWOP7Gbb3Xou00WyLKjcXLOh%jiq5c5m0Y2yytyb9Bi3OOLfSZ8l5LsH8tCBAbEZZdVZCZeaNMCCCnwQsdcwfnuw1%rpZdth4kPAjpYvo7ynkGNMP2aByvVHNIUFbFFbxHiqeK8nNNNG1U5esrOeJUar5s%D931GvUULYlsfTAuci00LeZzXy0wVs1lFE683TAnyxN5tHOTIIrxJDwpjH#RSQ2S%vUh0TU45e4QhE2Zq6cs9Yt5QST2nodEmJI4kxNcBv6757vsv6qGfP516CPtH250f%DeM3dSpfS51e09nWbrfO6DKlil0dy9aSOARMOZOZ1E1tnMyAswMekqDFp8KNi3QQ%oZyChf4UKfQAp701fkPj7Ps66xzrwIRMNKzTNeLAG5Qjupef2X2HCcHviQDQsdOk%Dx00RcyLVhQCMyrx1wcuqs#25sy7LxT2LAUNOaQ1JM1HFg7M9sp1aTVXtv1YfLnO%KFeCHt6cHZxtDqXWAJnf7tVnyJJJrXzE#PepXAQNOdu2vIYKr29SBUo3WV2aXyFB%W88BZxagH8klUR9O4fs6gHawEn0SNKsV1hNXoH2AZXxLTvUlFPmXYYZHM3lAJrnw%QGIqn9gn6XlLwipDacJEWCMjy8Q0Xl45vFin2jU5iv2gEFmL7MB#ApjqO5faAoVU%DQVAMPFcBi0bOfQh38AWBw2k1ANovnHLiiukjbHjd8xhOHl2ezijCqnyErK2xSy9%bxRIKlj8i4sFdqARGSYWkKwfdlK9x4HTeAjMeszDT6CEnx9auVQOFPsg2Pa6jAJ2%Ym0iR7WKnIx9oye8o057coGxqp6pFQs3UhoItucBbzig9BmauwQ8#FqeEo78ko9y%aJ1Ss0SOBg5rR5VNc4s9ZTH6mW0FnmlqRn07Y6ABAZHRkPWMdoYSSi6O3Rq#aasd%DesuotzsbmmWr5mnDrTpD334WlxH8IpGIR1Xe3#5rIYLtEuzvnt4SdnH2rhC9gys%Y2p85w2GhJFTURMi5yvu1O5ArtbDDS8ZHKMPY53deSDKM3Rm0siGwNzxZJnkHe33%gMWz2EymZloETqCEAtTUjPKy7qZSWaNK1HMWz8bLY6c4PfEavkIx96#4RW8KTlAp%N5yAt1ZMFXp9agj#3h3gLWNu9oeb7HfsfKQKn5mL5q07JkYJ4mJd42a7z5hBpnEu%MYCq2HegilbE5dRqgPfE#KdwgWvW9JgNjAgLqGvN5T5CtGYTlX#A6yxfc5C#DmRR%ZisuIlC855Xw9BWom5qoAQ6MoT#0aMxU5B86jiBFCV4Vq5tYIFshecfeYdlPAqy6%0VlphxulMc#MIcsCTWPfDF1QLpnEVl32HH3L5GQ5doGIoxkDovyD9XPVZ8u22MHv%#mYirPRBESVTTxKwlc1PEAP7ZXCla12nzbm10DbtY#kcElDHwrYyrBUyI7L1q5v3%rxUHtfWHPyyDWVC7tDJGSUUUGvXvN488WFtXLgnVi60nd02inQ2mVZYSCGDd3nAK%3mmlJ0QlSd643m0wJvNmm04mGf8CuBdDe2HuAN9EJPqD5V1kE5HV6MMm5T2s4M2U%UC0##8qk7Udku8wNPJM7VbI#vfNAtDVlMwRX7a7iKRFbxnWcmIC5#8UJQs8y4NPv%wPxSdqlTLrEIlIYpJb6A578phJ0R2JQcmL0GKgaOvd#l2UKkxqjFJT#KmNIaUkEe%uSqR80I7uqMSCPXwSCgroogtt2DYTDxYEGnLgXf2R5MdXTG##BZZvPrJMGzqStlS%TPT5zAl0OcWA2nv56Pq95dlhI15alwWbKzrhOMWoo5mEJyt5TREBaT9O39pet1w6%1f3spcWZztFgP587z1m9oirjwjoaRHGRX#j9HqELnylW3B5fwAwTWSgfyawivK45%dNspaDn4z1LhU7MYwqmZXMraNfdPM0h0M85Iwj856ivmqZeQtocYmuT7cZor225K%Ze04KfOHOM3LERAtjCw5QADP5H57E7tEIKRBmqKSxFAUdBMhtuikhzCNqpbljWxh%LaLI1nI8q32hRn0ZdwzLJ5kV9zQZ0Cu8aBaS#MK19kM3iVMYV0YrfBrtLvKEd7il%kmUQegpRZYZpjxxpeFa54EfzDp9IxPTwvhGT6RFMzzRifY0DSsQS2VL#3zbCrLmU%aJewvZQsnPnuukP5GqfenowRr6cYKxoXzr6bMeR5zj3Fn5r9mVnzvloGwWiPQGPd%URQG7PACwdf#y50frgLOY9n4bug9M8FzgkTiO84qCzQGErWgt99J5EQc9MirtJkb%mheRAFFKNkTDWz5RFdbCMip5KByX8zdisMskBFMREqx856Z0#K#DtSYPuaRVomga%OjuYL4mRBmmi5Esf3t6IIH7tCyDiFeXs7OrVduze13KfoDy4SVQgNay5ZkvlfHHb%V6nGabo3dbCRt5DwRRChugkLaRmS5qWLzD5h3fNA9xPFW70Tr6ayjTAqRv06IG0k%DnNf0RrGpMkgB1uluhifhwSvLpIyj9HC5UEXM#C1wG3CoVaayRL1L5sdWAkFx6HA%IAfDd1D9lB155DllM2PKmusv2nZvOrn2sx5gcWHQFYklP9UDcR5#b5B5ft7tEeZT%WpUdHktGcby4NesACI9aWhEKtnnrVaaKK4jGVtbPimnIBjPwm1dEVZnCRG0v74O3%QJ2frLFUz2Ii6pkDJFGm2n0EIylNLcjiY#NGH2PF1p5GFoGpXj2tjuUz8wjA9tpx%BEla8NHGg2GcU0Nsart7f6bQx1#QzA#ln9JXLlEIBsUAb5hzxUFLOzeFqjTD55I#%kr1D9#S#x5X6N3qTXrUzA05Bb4Dib8I7xJ5vI3qjWD5vZhNIshitQtL3zsVpZs2Q%MbMu0OIPZ5#DJsrJzw5oM2325RPsl6vneEVdP##macF2vh6ROdLE4j7jd189d159%lvh6cOKuTpslIwx5wL0A4XntzC492DQeCwAtv2pG1FeygWghovJQJv0XGz0Dlkma%BDwzRZmMv99Jt8IqC5#V1jR9QayCdshJccP4pK4Bctb53sqfHqtZ47xX5SideoHE%d2I7Aqr0oF5c#Zf5ou8d6OU8slxCfFIA7Pf8R8EwoJjaLVWohQ6fjXZt0BdAoYRi%YHcpdXLCIZ9yjuqvdtKZhYltcbq9SHJybxkdirOZG#QNpnOzMcPyWKoQDpLTVkkr%m3jWQP#j59vbk3qO5O5r2UIATzukIZDGST3L2vLejq6FBEBLNvEqn04qIVsEXmJg%YlIjDZDPr9375eTji5U3SVp2XpyVkOQK36EYsuNhuamwUrKZcuOatMLydrfMP0jh%a57Xa5IrxwdFJNQ9sNkjd2mv2yGeeBUf6Fqm5fqTjI5iQ3t5LefVKB3gDtwHX1y#%uUyNn5cRNF7Z5EcPtgUcrIqzWD0xHaI4onRJRt75Y2nvZO7SoQycjlveBpXZQDSU%n2mlENJhBN4WC5xPuYs6AR1IqjL5l6aIhQDQodgk2uCYTPuRjiPttc0mr4xH3tVs%QXhk3rV2oQ0B5ImSyYsjji1NZNuSArvp551xLev5590Sy5fEtuy82jXholZpL1iP%jwmdGd91bGdeW3vb6DmN7r3SbC0eL7eN5AYsqg1NbyGogpbrtKR7Uu5r4eNthFQo%8a0J65OAynDyOw0uJnWTYlB9NXdYyRKBTNlqZLT6fyYZ3ULD54r8CRbk4VFNrMK3%67UDTm6dLM0z1bAbOdJ242YE1RfvH0V6y3X8#ITXt5HRvKJ9sskmOsLOerCE6CZM%7Fj7K0UiAdT5qy7ebe8XAINgAySY9TVQWDaZvHSb0ZQVQcsR157LzDNV#tK0tT5v%8b1pOdGmGDDKqJhdsjDwH2HbUQAkGgEEmQnh##GlNCXMveNp0W6qB3990ZrnOeuK%CPswYU5cdNSXsPfS07k6t25GfXTnUW78zygMxCxZi4MzwNdrrRLxEso87wO3C5l5%0zWGCRwseHaiYTjOfH3m5AsH1sWXy#KfLAJpfdyrBoIkwsRXtgWwd#MMpfu51984%QxdEPLRZtvn4RM5TMHqvL9fTmFeycugkuz9MufX37iJ8S8xvL3#5YhEL#p4WqqNv%P8xS#QYNvEzT3Avq3PFi4p5YCG1ux635uP9bLXQDCaJyNFaWan3vr8WuWHI3kmqO%I3TEDZIZO6AkAVfZrS5o#BIdR8RrmB1xAmUsAw5OGZZFRUJFkMdRyb0#VXHXlwnG%5HIKqkoTwqnwWvbvz6yz0Mk5EUIKbNQQqhIvzyfwy#uRfQf5fqlJs5lgoLmyiY1Y%Mm6RDRURgH7O#5m2jTDLrqcz7#iFcR4k5SMyFaJilcJ9nlUjGZrAt23RNHyG76rk%XgqruNK5EiPjcE6tzuC3#UI75SgXY7mOZgR7D4uV4sTI7CqG0USRDyO9j28VFuB9%l8yYCSboLpD8AqtW5fpCzPoHVmu4jaX5XiLMPPB4m7H4wNbsQZaoKq9#9LFWxA55%ZdMLLBqCjiQDA8hqjL1P8QzMDqQfjGLzcC#KsFBMGhssh6lgHiNwI5x3udyDp6fe%Pr41N5YLIPPXQKxGHTD2yQAKju4E9fUTJ#eC62ABH8YZnelvjZ1gk9hkCY3BsFqR%KRqqgCrk4MJxcapkS6C8lfp0scp3w8JM1PguwOb4zPK1u2IitI6KStLneTOvpj3c%TDZD2UbrgXdZz5rWqXDgzADalALMO56V5agoMyHlLZ3Yh0unhOrI7MMo20#L8iwn%HGvVifk1mcC9Qi5EVU#2b5r26SHSulfSHkNjq#dyE97ttagpCEDsQLG2K9FEQyO4%5n05z7ivuoDCLBeQQ54g7SMPWAxjJzPTQnZ43U3bBKCRIDnYQXMox1Lm20uqBBHd%EpOcWH21ue5lyU#xcm5sXvSKwF25soep0OMwFDyIzMFkyQnI#EoOVdzamOCyzRgC%UAq5vAYICpRl3tztcBp5MXTtswUbkMwI84BBO2eN5Om7m7Sb1ABIIr2EVKpE#6sk%Z2brhVLAgocw5RxNXMqcUSDjDUNlI5kcs1A7k9WsN9gYP5#tWz3vu#Dgp#hDyUMu%RNG7onzs0XJwg2vZpnVm0rJljeYpQzJkgGC5Fp2HzUKr0kl67tMN#fPos5IvPDjH%B5vLy4WZXKIqIH7QU8YfLDLzew8G1DSt36Nvr2Kc#TqJVd29m60yMNTOJm0lH5jI%icrWQ4Yydn8gwb5J4UlNxL1Kp5C6inm2N1TYYTBEnQkwjHZd527rzuyYqXZgH#8v%OTht50v42r3WWHNd2dDxW9Mova4FYc9Ogix9emkShvHoCsWTPx9hTpXgltzsXeMe%tcehgu9iixLePsHgg#UorxGN7zYkSvYrg1or5dO3xEQzoLzFAsSKNN2Yfl5xsjtE%Dui7oUz#x5ik4Q2P1jc5Xm6f7x2pW9l7##qxKU#83#To4ibapnz6g6ILqBNGVlKa%2G6nlzqAbuF7y9ije5e56VaLUOZeLo1KjmpXfDrKeG9iv5BC5HygfaI2qc7G9dtj%RveWLKhVQyIJ35ifUwGD#JEm5W#WGgpn85xB6Wir13Kyte#Th9RHbH#G2XwbB1mC%7tswHpya3M8535KhRjzLNPpcaUMB6SaZSl8UoinCpJvriiukUCAlHtc5nlupa67b%Z#AnjAo1CHuNaVz3J#lWxBV3L462CDic39T8u500IALwSa9rJE5CvY8eQhYpqsCX%vbOz7#ebB0R1KajkEqPwWaBpkyZ78fo8m0n#HejcWUGOHVQ5#mrZ2HsjkOVu8pUJ%VCuOhJZtTyWIumzji#IbCeJJtL2rxW0K6h5FEtlqqI6jhB2VkAJu##5VbFQtShR2%fUVBeQSsO9vDb4nuVs#Oahdp6GYS5d4Iu98sIBB1uEE

解压得到了一个pmf的命名的文件,这个pmf文件是 DiskGenius 备份后的一种文件格式,改一下名字为 1.pmf,拖到 DG 里面就好了

image-20230424114918093

image-20230424115059700

得到三个zip和一个图片,看名字也是lsb

image-20230424123329066

将得到的txt中多余的部分删除

但是这里保存的txt是unix,要在window下重新保存

image-20230424125917921

名字为key.txt

image-20230424125953259

打开第三个压缩包,一看就是明文攻击

而且这里必须用7z压缩

不多说,明文攻击,根据新教程,也可以判断这个是7z压缩的,链接:https://byxs20.github.io/posts/30731.html

image-20230424125502052

标签:10000,zip,wp,Misc,flag,str,00011,path,HDCTF2023
From: https://www.cnblogs.com/zbclove/p/17349188.html

相关文章

  • BabyMisc
    BabyMisc...脑洞坑题(如果7z密码不是那一串超长字符串真不至于0解)先打开Script.zip,随便打开一个文件夹,得到的是pxx的文件,内容为16进制字节。猜测pxx为对应字节的位置先提取importreimportospath=r'Desktop\HDCTF\BabyMisc\Script'#定义函数defprint_files(path):......
  • 【WPF学习】04 数据模板
    相对于上一节控件模板ControlTemplate定义的是控件的外观及行为,数据模板DataTemplate定义的是数据的可视化结构DataTemplate允许我们实现通过数据绑定来达到数据驱动UI显示的效果在下面的实例中,我们首先声明一个包含颜色代码Code和颜色名称Name两个字段的一个构造Color类,再建立......
  • 【WPF学习】03 控件模板
    查看控件样式具体属性在VirtualStudio中,我们可以通过文档大纲找到具体元素控件,右键选择“编辑模板--编辑副本”可以查看该控件当前的样式具体属性设置,再未对控件自定义样式的时候通过这种方法查看到的即为系统为该控件预设的样式属性由此再注释几个属性:ContentPresenter定......
  • 【WPF学习】02
    基于Window.Resource下的Style标签进行通用样式设置下面是一个WPF窗口中一段表示三个完全相同的Button控件元素的代码实例:<Grid><StackPanel><ButtonContent="Button1"FontSize="18"Foreground="Black"Background="Aqua"/>......
  • WPF 给类库设置设计时使用的资源字典
    在开发多语言版本时,我将界面显示的文本保存在语言资源zh.xaml和en.xaml中,但程序启动,加载语言资源时是外部的配置文件决定的,因此语言资源我无法添加在App.xaml文件中,而开发单个XAML界面时,设计器将会因为找不到资源文件的存在,而拿不到资源,每次遇到语言相关的资源键值,都需要手动去......
  • 【WPF学习】01
    布局基础.1根据格网划分行列--Grid,Grid.RowDefinition,Grid.ColumnDefinition格网<Grid></Grid>多行<Grid.RowDefinitions><RowDefinition/><RowDefinition/></Grid.RowDefinition>多列<Grid.ColumnDefinitions><ColumnDefini......
  • WPF中弹出界面在不影响状态栏的情况下占满界面
    举例子:比如在MainView.xaml.cs可以写在Window_Loaded事件中privatevoidWindow_Loaded(objectsender,RoutedEventArgse){this.Left=0.0;this.Top=0.0;this.Height=SystemParameters.WorkArea.Height;this.Width=SystemParameters.Work......
  • ViewPager2+Fragment+FragmentStateAdapter遇到系统主题更换时Fragment数据丢失
    1.问题描述:在ViewPager设置壁纸,导致Activity获取Fragment数据丢失2.解决方案:设置 vp.isSaveEnabled=false  ,设置不保存,在适配器中销毁item 引发问题:vp重建之后,会丢失之前所在的位置解决方案:Activity onSaveInstanceState中保存数据,在 o......
  • 1.WPF UI - 现代化设计的开源 WPF 框架
    1.WPFUI-现代化设计的开源WPF框架WPFUI是一个基于C#开发的,拥有4kstar的开源UI框架。WPFUI在WPF的基础上,提供了更多的现代化,流利的,直观的设计和组件。重要的是,WPFUI完全免费!如果你对WPF比较熟悉,那么可以很快的上手这个UI框架,并集成中项目中去。WPFUI......
  • vulnhub_Earth_WP
    前言靶机地址->>>vulnhub_Earth攻击机ip:192.168.20.121靶机ip:192.168.20.122参考文章https://www.cnblogs.com/Jing-X/archive/2022/04/03/16097695.htmlhttps://www.cnblogs.com/wthuskyblog/p/16032277.htmlhttps://www.cnblogs.com/CHOSEN1-Z13/p/15915195.html探测靶......