首页 > 其他分享 >羊城杯决赛Misc

羊城杯决赛Misc

时间:2023-09-26 21:33:40浏览次数:34  
标签:决赛 flagg 25 Misc flag jpg 羊城 file path

羊城杯决赛Misc

easy00aes比赛时没离线0宽环境摆了

LmqHmAsk没思路,赛后看着群里各位师傅讨论才明白预期解,wp里直接放toto师傅的脚本了

这里放个toto师傅博客: https://blog.csdn.net/jyttttttt?type=blog

easy00aes

比赛时没环境,回来狠狠复现

图片分离得到压缩包

图片名YXNkZHNh是base64,解码得压缩包密码asddsa

得到key.txt与flag.jpg(其实是png)

image-20230911184801390

又是熟悉的0宽,但这线下离线赛出这种题是否太...

flag110

结合题目,AES解密

image-20230911185421916

hacker

哥斯拉流量,找到密文跟key解就行

import gzip
import base64

def encode(D, K):
	D = list(D)
	for i in range(len(D)):
		c = K[i + 1 & 15]
		D[i] = D[i] ^ c
	return bytes(D)

key = b"3c6e0b8a9c15224a"
cipher_text = "fL1tMGI4YTljMkiqW080ZnGz2stJciAN+e/swbLmTDlqJNVxQhhviSQqOD0AAcHRDEGwKRBXmdmG0CWg7kEL5JPgX2eowRSn/4WwlqOi9abxUod7ph3k5UoX0nsV3eldf7yo2wp/3Q5IGV0WES/kEm7HEvhLoYeWRRBgQ8PqNpGa+1In80ndUQtZTdcx3X8f5r7uQ6wWoKG9+SJR+m9ovp+FHcGY/fziz8GeW1ko5wa5wj7xI3t3NyKggQ/DzUXMtGQquPAm+s+RxONDJDlqvkpYWETA2vObwUKU01eQ8GpLoCQJQ11Z8r3/o/bTloCT8l0oJCGy5RZ5xKsv0MTojzAmt5EyJ7uWmvHeYyXWbkIN55XgiqRRUNYVlpiR7nFEzJhGknIQOTfTljG/UXXrBh0kym6OpP0cEy1vR5gNKymtdE0rLREadF42eH/HdO+M+dWd0t4vJAVw08uBdxcj8FVrrKrAEZjXq0BtjJp+uFco8Ol8vw0oTR7GHly+1z5CVq35FlyzlS8E9qh0Ob0NHuaC1ql4lik8txUnsApuHhW9anYvPC3WjomjlGN1cEblfX9y1TNdrKtboVp695zLYhYedv7QE18sjl3CvUWCVTlXdKixEMzJUewwVOdydxjbZeXNaV8YuOl8TpeH1CKc2+HujpskvefLUqM5GlShxOIr40b/y6gU0RnmBxC4DHTUl+c57KnaJsjc6r500Y4REgGg3e0KrTN6FUK/sW4e/GGJLufkUAzdKSwXuN3Cw6wpJLEj5FQop5JANZZ6N+NJxuUicq5cVVVQaHgnNUqfIzuf5AJn7zls2vPiKUARH/ISiOcGkcGUAhGnt4yWBDgb7hJN7U2TL59EK9OGxaTlhkpqdeQlvndAUhFyXrgPUUuFJnxTClAmRdgfkYIsTgSG90xHTdZlHjeYLLIUJeNZsAbkxyR57tXrdaONcbn25qB+ksq7HrxGoLOT9m9p98ipYmR83ydochsTYnJmZnGzOhZKuQ+YRr+7s+y1TQj3BNTrznPmybMLp4rXNyM84vw7tOl8AJmmusOCcuGzW6/v/hweQYYkXSyS+uAsIRHsXT0pi8Pt5mo5QVPrGWAC+lSdu2m8j/RXSVE8kN5gscsFQ73+KzXTG3grNqOaZPoW5wp7p+f8WDEkhI8bymmW3wz5LLVUz1JJPlGK6Sor//gI0ZVCrunes3JWmyhJ6ux3SlbVlNaYT08irTYD7KVbajUgkdX2DtABHG+yeDboESGrJLlocdq5pTmwJQ709M7aHoJFSpbcFY0q4sYlMrWosJXoOs6XgWh6TILRb3nP68Rt+SwdjiniAfY6OwxtXy/ztM1mgaYQsAHpw0iL+EiD8YeTS039i5KjxGmLdkPgdzANEdDhr9aC4nn3SIEjJe/jHZWom9e7p+XkjnuXfCn+PXCtfy22Lcd7yKLZOiqk0DgueDpZnbPjsCfeIRZ42aynC/xbUwn/9x4ZQw2qGauBOYya++BR1B+wsHVF9dpbikJz6YzNPpTPN7uYmC8sLQXdZDejthzB9ywBrBHtKG2yi5WUWll03kidk6LKgQ4afdCsmSLzcgKx0qQYedcGaaW0J3kvbmJl56H80FAtm40c/Kuebt9uUah9geK8e2g8gLCTEFMC9GA0kDhjR3Mc4OCUh71QxTx0Lt+CFqswDMy9kAWXMr4/6yvSCAJRo0VbUh5Wdsoftl5NHd6PrfJMRHtOHE+defrqLEh2obJdmuHzKeAXS7ftfqytEz8sUfUAlUwOLw2YxpCSo8SJLN6vRA0YEjXfWmI89/iRZ/TlcUR80fiUSIH5RsHTKNWOWjrGkVjUuVGg1Gd8GlZYBGOsGT9dPQR7Aiw80wnEGBGVX3jzni6tvAU9hbf8nTV5sq+Ok7TZaWACVsiypzIWwfa8QiJw6rwMsq6d8bIxC7lUNzkYv8N9nHjTRxp2OUPsmGWilVDP1FtTCT9Skeywbaq9f/fxAqF6A1kwXMRUYUUM3elR3jiqF5Oaexx49G6VFHw00bgp5PZ+Ovk4dJwDFuNfXq/pMXYhvJRc9REZE0bdJPLWDQgrKzH0XyvB+XZz264fAT+/VBp4Sqh4SgiMWlzfvAlQ3tIcp+8gs5vpGeUxKulrWjd8LsCCVZdzabSo/nlqiozLm9BY3xEORMfw6e1E0bosN1GBILziMRbYahLJNws07983bhWR4Zx49G6cNpMB6v0eWWaL9u/5roYWC7+8KLxnhycFKHig3qd9AtskgYWFKxx8nYGoiXQGbGFKoZP3dhgsWvgEj5kLOsQLyENTSuNSSjnfBZownHNnesNgn6PlP0CwHMsB8w9svTxAGwz1bMDfLOmpcfpGobjCNZMabY6SMk6ZiwajqBrUScn7CmXDXPQ7S1h1IUybTLRZHQk4uNAlImF61uJb3gh8U2ZeXZp0qETpZagby+n4y8Ryf9/EZGmt11wSGZQ3kAzNbfz/hHpj+cXFMeUoU4+7fgXDYB6L26Qy9BPvQ8k+khpXuhE8VlltazC23BHFNSnTiyWo4kUdA2az7cqx/cEUXgQiMsHxsaXdpNVJKi7WdBmpJzCEPjQyIKwIGT2/LW4n6fcmwe1v/lxX+lmH3pHQL1P3bTk4d8dZJgYoEzMFFY3orCw2NIb+Ifz28W04DI1NdQ2+m7YKVKFUZWX3eM98UTeAx6OrZtl8vARd6G65ItYM01VMkqt5CcXE5OByMvavAhS/s8mDb7gpMwCWWgYeyQvDjPWlm/1bUwkRtsXLjRHW9rQILCjxM2uv4ebNIXsPoL/lFQUzyxLlTvG82koU7ANPHbf08BhT2GZ26EqM9j/9AIdaDG9aBB9v+m8CTF58yGzurrfNMDV99Tf6OuR9RX6BV4fLtaiyMzpVafGD+gztMPEVnfY3vFIJd+4ilQBIKG4W2r6mpWfa+zRfj7m2v0ShZn5MTA+Qoso1LUcxb9e7WVkOXltsBh3Ao4ahi/QVkGIfBmxKwfwDwGpXeYsJrepwjXtFnTOE+6T7gPxqo7nHvazZOxf5YfKRh6i0z8P4n7EwcNg+SRlAOvBECnQFQc/+/Xz/u7zHYAmVny2AVnZX6wFBgTIfpn4T4zj7qZJ6XE2Hrj7mVUDECFEIs1gfAZx+Qm22VKbaCx3jHe+JX5LMJoBM9xwxqHxOmn5c6AqK5VRLyvjPadulBVBGYdDrvj+63NGpZA5LOwJjMy//jkWTgV1+zrQeEl9Xh0YIxe1Y3crjtT18eK6Z5mRGFemxKvDIq8zvN5D2lcMeQIyM9OgMB8yC/ruUUG2ItQ/f3iXHbvJSNQkxczNj"

out = encode(base64.b64decode(cipher_text), key)
print(gzip.decompress(out))

运行完看到是个zip,稍微处理下数据提出来就好

with open('1.txt') as f:
    data = f.read()[2:-2].strip().split('\\n');

zip = ''
for i in data:
    zip += ''.join(i.split(' ')[1:-2])

with open('1.zip','wb') as f:
    f.write(bytes.fromhex(zip))

密码

image-20230920153249113

image-20230920153141859

解压后的是一个维吉尼亚密码

image-20230920153323310

DASCTF{VIGENERE_IS_VERY_FUN}

黑客的秘密

flag.txt不是文本文件,这个文件大小一眼ceracrypt挂载(用passware也能检测出来)

key.jpg是密钥文件,挂载得到流量包

直接strings找flag:

image-20230911190227031

base64解码

image-20230911190242152

LmqHmAsk

类似nctf2022 qrssssss这题
https://www.cnblogs.com/zysgmzb/p/16945880.html

通过二维码data-masking的顺序来排flag里字符顺序的,大致是:L0~7 M0~7 Q0~7 H0~7

以下应该是非预期做法(toto师傅的脚本)

import os
from datetime import datetime
import qrcode
from PIL import Image
from pyzbar.pyzbar import decode

# 定义一个函数来递归遍历文件夹并扫描二维码
flag = ''
current_directory = os.getcwd()
for root, _, files in os.walk(current_directory):
    # 遍历文件夹内的jpg文件
    jpg_files = [file for file in files if file.lower().endswith(".jpg")]
    
    if jpg_files:
        # 获取每个jpg文件的创建时间并存储在字典中
        file_creation_times = {}
        for jpg_file in jpg_files:
            file_path = os.path.join(root, jpg_file)
            creation_time = datetime.fromtimestamp(os.path.getctime(file_path))
            file_creation_times[jpg_file] = creation_time
        
        # 根据创建时间对文件进行排序
        sorted_files = sorted(file_creation_times.items(), key=lambda x: x[1])
        
        # 扫描每张图片中的二维码并打印结果
        for file, _ in sorted_files:
            file_path = os.path.join(root, file)
            
            # 打开图片并解码其中的二维码
            image = Image.open(file_path)
            decoded_objects = decode(image)
            for obj in decoded_objects:
                flag+=obj.data.decode('utf-8')

flagg=''
for i in range(0,100,25):
    flagg+=flag[i:i+25]
    flagg+=flag[i+100:i+100+25]
    flagg+=flag[i+200:i+200+25]
    flagg+=flag[i+300:i+300+25]
    flagg+=flag[i+400:i+400+25]
    flagg+=flag[i+500:i+500+25]
flagg+=flag[600:625]
print(flagg)
1111111000011011001111111100000100001100110100000110111010101000010010111011011101000010001101011101101110100001000110101110110000010000110011010000011111111010101010101111111000000001111010100000000011101111111101001110001001111010000100100101100001010111110010110011101000111000100010001010101110100101011010101100011101011001111010100110001110000110110111011000001011110010100010101111101100101010101111110110010011111100000000000100001011000100011111111010100001101011101100000101011011010001101010111010101001101111110011011101000100110000011111101110101000100110001010110000010100101111001110101111111011110111111011011

https://bahamas10.github.io/binary-to-qrcode/

image-20230920160004124

扫码得flag

标签:决赛,flagg,25,Misc,flag,jpg,羊城,file,path
From: https://www.cnblogs.com/Mar10/p/17731241.html

相关文章

  • Mac故障排查系列:redis删除key报错MISCONF Redis is configured to save RDB snapshots
    背景:Mac下使用AnotherRedisDesktopManager客户端,删除key,遇到报错:MISCONFRedisisconfiguredtosaveRDBsnapshots,butit'scurrentlyunabletopersisttodisk.Commandsthatmaymodifythedatasetaredisabled,becausethisinstanceisconfiguredtoreporte......
  • 攻防世界MISC练习题[中等] QR1
    下载附件得到一张空白的图片直接打开放大后发现有很多黑点,观察其的分布位置看起来像是二维码因为全是小黑点的分布也不能直接扫描出来,拿去KALI看一下。虚拟鸡启动!binwalk没内容zstegnothing。现在想起来题目是QR,在想会不会是和二维码有关,决定再去看看图片。放大图片后......
  • 晋级揭晓!华秋第九届中国硬件创新创客大赛-华东分赛区决赛成功举办!
    9月16日,在深圳市福田区科技创新局指导下,华秋第九届硬件创新创客大赛-华东分赛区决赛路演活动成功线上举办。本次大赛由深圳华秋电子有限公司(以下简称华秋)、深圳市福田区新一代信息技术产业链党委、深圳新一代产业园、微纳研究院联合主办,8支优秀硬件项目参与此次路演,3支项目晋级大......
  • P6464 [传智杯 #2 决赛] 传送门
    link首先我们要明白,floyed的本质上是一个dp,那么显然我们要先跑一边floyed,然后进行更新当我们更新的两个点之间的距离的时候,显然我们改变的是和它们有关的距离,所以只要更新这两个边就可以了.#include<cstdio>#include<iostream>#include<cstring>#include<algorithm>#includ......
  • MISC
    一、图片隐写知识点png文件头八个字节89504e470d0a1a0aIDCH和IHDR0000000d代表IDCH头块长为1349484452IHDR标识(ascii码为IHDR)宽高00000018图像的宽,24像素00000018图像的高,24像素5个字节,分别表示图像深度,颜色类型,压缩方法,滤波器方法,隔行扫描方法08表示色深,......
  • SICTF-2023 #Round2-WP-Crypto | Misc
    ......
  • [羊城杯2023RE]WP
    目录ReverseCSGOvm_woEz加密器BlastReverseCSGOGo逆向静态不好看,考虑动调在main_init有IsDebuggerPresent反调试,nop掉看一眼findcrypt插件,识别到base64看看main_mainmain__Cfunc_enc_abi0是加密runtime_memequal是最后的check,base64完是60位说明flag为44位在81行下......
  • SY2023CTF--“安洵杯”全国精英赛MISC--烦人的压缩包
    前言:由于最近要比第二届技能大赛CTF就玩的少(我很菜,求大佬带)随便看看做了一题那个数独也简单不敢兴趣就run了烦人的压缩包:首先下载下来一个压缩包需要密码直接爆破一下使用工具:Ziperello得到密码:645321解压打开得到两个文件hint.txt和love.jpg放入010Editor发现是有......
  • CTF BugKu平台—Misc:多种方法解决
    题目链接:https://ctf.bugku.com/challenges/detail/id/12.html下载下来是个exe运行然后不行放入winhex中发现了base64还有jpg会不会是base转图片还真是把后缀改为txt全部复制放入网站还原base64图片转换:http://tool.chinaz.com/tools/imgtobase/把图片下载下来使......
  • 2023 羊城杯 vm_wo
    2023羊城杯vm_wo详解 这是一道Vm的题,第一次做这种题总结下,VM框架大概就是VM框架中会模拟正常的CPU去读指令然后执行指令。然后会有1个全局变量然后会有一个dispatcher的程序模拟CPU读取指令,然后去执行函数,就可以做到和真实的程序一样 writeUP这道题的整体逻辑还......