0x00
声明:为了方便查找题目类型和基本做题思路,所以本人作文章为笔记,必然有不足之处,请大家指正。比赛题的质量都很好,但本人目前所学不多,能力有限,所以又把基础题wp写了一遍。
0x01
简单算术
题目:ys~xdg/m@]mjkz@vl@z~lf>b
提示了是异或,所以直接上CyberChef
see_anything
题目链接: https://pan.baidu.com/s/1WWoCF5-9l6OHHPybpouhQA 提取码: 5csw
拿到题目,发现一个码,但是当时不知道咋解,于是选择了直接用archpr爆破压缩包,没想到直接就每两分钟爆破出来了
解压出来一张图片,属性一查看
发现太大了不对劲,里边八成有东西,于是丢到kali里边foremost提取了一下
得到了一张黑图片,拿到随波逐流分析一波,自动爆破了宽高
简单镜像提取
题目链接: https://pan.baidu.com/s/1rx2rrfqEvcWNe5gp3RxNDA 提取码: 365c
拿到一个流量包,文件-->导出对象-->HTTP
定位到这个包之后,右键-->追踪流-->HTTP,提示了恢复zip,于是保存下来
注意需要改为原始数据保存下来1.zip
解压出来是一个损坏了的img文件,题目提示了要用R-Studio,用这个工具即可恢复数据(此工具下载:R-STUDIO 数据恢复软件)
右键即可扫描,发现.xls
恢复出来即可
压力大,写个脚本吧
题目链接: https://pan.baidu.com/s/14qpPRVbnMgFDSl2a861JWA 提取码: nmy7
给了一个zip和password.txt,txt内容转base64就可以就解出期内的文件,真有意思,持续下去发现他是套娃,于是用脚本全部解出来
import zipfile
import base64
import os
def extract_zip_with_password(zip_filename, password):
try:
with zipfile.ZipFile(zip_filename, 'r') as zf:
zf.extractall(pwd=password.encode())
print(f"解压成功: {zip_filename}")
return True
except RuntimeError as e:
print(f"解压失败: {zip_filename} - {e}")
except zipfile.BadZipFile:
print(f"无效的 ZIP 文件: {zip_filename}")
return False
def main(start_number=99):
current_number = start_number
while True:
zip_filename = f"zip_{current_number}.zip"
password_filename = f"password_{current_number}.txt"
if not (os.path.exists(zip_filename) and os.path.exists(password_filename)):
print(f"文件不存在,停止处理: {zip_filename} 或 {password_filename}")
break
print(f"处理文件: {zip_filename} - {password_filename}")
try:
with open(password_filename, 'r') as pf:
encoded_password = pf.read().strip()
password = base64.b64decode(encoded_password).decode('utf-8')
except Exception as e:
print(f"读取或解码密码失败: {password_filename} - {e}")
break
if extract_zip_with_password(zip_filename, password):
current_number -= 1
else:
print(f"解压失败,停止处理: {zip_filename}")
break
if __name__ == "__main__":
main(99) # 明确指定从99开始直到解出最后一个txt,根据它的意思应该是将所有的txt文件中合并到一起base64解密出来是一张png,而png的头为89504E470D0A1A0A,所以可知是从password_0开始的,直到password_95(因为95-99内容是一样的)
import os
import base64
from PIL import Image
from io import BytesIO
# 写到文件
def hex_string_to_file(hex_string, output_file):
try:
hex_string = hex_string.strip()
if len(hex_string) % 2!= 0:
raise ValueError("无法解析")
binary_data = bytes.fromhex(hex_string)
with open(output_file, "wb") as file:
file.write(binary_data)
print(f"成功写入:{output_file}")
except Exception as e:
print(f"错误:{e}")
def main():
concatenated_content = b""
for i in range(96):
filename = f"password_{i}.txt"
if os.path.exists(filename):
with open(filename, "r", encoding="utf-8") as file:
encoded_content = file.read().strip()
try:
# 解码密码
decoded_content = base64.b64decode(encoded_content)
concatenated_content += decoded_content
except Exception as e:
print(f"解码失败:{e}")
print(concatenated_content)
hex_string_to_file(concatenated_content.hex(), "Output.png")
if __name__ == "__main__":
main()
运行结果:
89504E470D0A1A0A0000000D49484452000001900000019008020000000FDDA19B000000097048597300000EC400000EC401952B0E1B000008B949444154789CEDDD4B6EE3581000416BD0F7BF72CFB277A281F2FBA41CB1B7445252820B96EBF5F7EFDF2F8082FF4E1F00C07709169021584086600119820564081690215840866001198205640816902158408660011982056408169021584086600119820564081690215840866001197F867FFF7ABD7EE4386EF6B8A7E3FD45B861CDC7EA8F697E8EC3233C7E008F86DFA2CF30FF98DC61011982056408169021584086600119820564081690215840866001198205644C47731EDD3098F2DE7C24E2FD393EBEFE7C686378916FF88C8E4FAE1C3F8047377C4CEF6DB844EEB0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232968FE63C3A3E72B1DAFC008E4F8DAC9E5EFACE5B0CE79F1E6DF89856FBF89FD2973B2C2044B0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0808CF3A3391FE0FD48C486A538C3B7D8B0D7E7D1F02D6E38423670870564081690215840866001198205640816902158408660011982056478D2FD070CF7231C7F847AC363E2AB2FC2EAFD0B5CC21D16902158408660011982056408169021584086600119820564081690215840C6F9D19CE38329F7B340E1CBECCE377CC0A7FCC81D16902158408660011982056408169021584086600119820564081690215840C6F2D19CDF3012F1FE1CE73B69566FB5D97000AB5FE1F8013CBEC27C6EE637FC941EB9C30232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC878FD864D1B67CD673E561FC3F103985B3DBD347F0B3FB41FE10E0BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C20E3FC68CEEA752973C76732568F95FC86752CC767777EC384D68673748705640816902158408660011982056408169021584086600119820564FC19FEFD86FFED7FF9EBCFDDBF1FE1FEA7B4E77F7EFC7B72FC0813030FEEB0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232A64B2836CC130C27068ECF9DCC5F7FC32BAC76FC537874FF01AC767C38E93BDC61011982056408169021584086600119820564081690215840866001198205644CB7E6CCAD9EBCD9F00AAB77D2CC1D1F2B593D5D74C3453E7E00C38B70C30CD923775840866001198205640816902158408660011982056408169021584086600119D3AD39CF6F309E4858BDB466F5017C801B76231DFFA2DE3FFD73DC865F8A3B2C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0808CE9D69CE3431B376CCD79EFF8259ABFC58675291FBF356783E317C1D61C807F040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232A64FBA3F3ABE03E2F8E3BF8F365CA2D58F891FDFD371FF0A890D0730BC08C77F08DFE10E0BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C20633A9AB361AAE3F8CCC4718F5760F54CC6FD97E886EFE1F1AB747C426B03775840866001198205640816902158408660011982056408169021584086600119AFE13CC186A7F5574F3C1C1F1EDA3012717C6AE4FEB996D5EEFFA5DC7F845FEEB08010C10232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232A65B731E1D1FB9B87F5DCA86C99BE1BA94FB6D18FDB96167CC52B6E600FC24C10232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232A6A3391B261E866F911838786FF529DCB02E65F5311CDF3C747C39D3061B66BCDC6101198205640816902158408660011982056408169021584086600119820564BC8E6F4C190E1C1C3FFEAF0B66268E4F8DF0E8F897E46BFDE7B8E18BE40E0BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8982EA1D8E0FDD3B11FF0BFFD373C47FEFE1C376C12596DFE296F7885A57F7E034B2800FE112C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C2023309A331CFB383E93311F5B393EF8B261B9C0EA73BC7F426B6EF53E971B9695B8C30232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8780D9FA63FBEB466C350C8C74F75DC3058B3FA7B3877FC086FF89886E6A7E00E0BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C2063BA35E7FE4D1BC70FE0D1F10378747CA4E3F118365CC3E117E9FE01AFC4E88F3B2C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0808CF35B73868E0F347C3D9DE3864B747CF3D07176D26C70C3F7C41D16902158408660011982056408169021584086600119820564081690317DD29DAFF50F9A1F7F84FAFE237C74FC146E589371DCFC22B8C30232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8F833FCFBFBA701E61EE709864B288E3B3EB6F21DC38B7CFF2A900D47B87AE3CC06EEB0800CC10232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232A6A3398FEEDFCA331F3878FF0A1F7005EE3F850FD84973FC22CF4F70C329B8C30232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8583E9AF3C8C4C3DCEA73BC7FE5CC864F79B85BE8869533C319B21B5613B9C30232040BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8383F9AF301EE9FFE797F8489AD39C363989FE3F1E1A1D55B6D6CCD01F84982056408169021584086600119820564081690215840866001199E74FF01C79F811E3EA53D7FC87BC329BC377F4A7BF5A3F0F78F136C7816DF120AE017112C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C20E3FC68CEF18984B9D5FFDBFF7EC7F7176C182B393E80B5FA2D8E7F88DFE10E0BC8102C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C2063F968CE6F184C79EF866524AB8787E67B771EAD9E8CD9F0317D3C5B7300FE112C2043B0800CC10232040BC8102C2043B0800CC10232040BC8102C20E3F5014B6B805FC21D16902158408660011982056408169021584086600119820564081690215840866001198205640816902158408660011982056408169021584086600119820564081690F13F281EF137ECEB4C700000000049在丢到010中转化为png保存下来(此处粘贴需要注意 编辑-->粘贴自-->十六进制文本),得到一个二维码,QR扫一下
音频的秘密
题目链接: https://pan.baidu.com/s/1EjC8n6tBYQoUias8BKBp9w 提取码: 4yyt
题目提示用deepsound加密,密码为弱口令。。这个密码是真够弱的123
可是这个zip又加密,没爆破出来,用bkcrack看了一下(../bkcrack -L secrets.zip),良心的是使用了ZipCrypto Store 加密
使用明文攻击,但是发现并没有什么明文,所以这里就需要自己构造一个明文,用png文件的头(89504E470D0A1A0A00000089504E470D0A1A0A0000000D49484452)就可以用010构造一张1.png的图片,再攻击
./bkcrack -C /root/Desktop/flag.zip -c flag.png -p /root/Desktop/1.png 得到key代入
./bkcrack -C /root/Desktop/flag.zip -c flag.png -k 29d29517 0fa535a9 abc67696 -d /root/Desktop/1.png得到图片,直接随波逐流再梭一把
或者zsteg或者stegsolve等工具都可以直接出
0x03
以上均为misc方向的几道基础题,若有工具需要,可留言,过程写得very详细了。与君共勉。
标签:比赛,zip,春秋,filename,2024,file,print,password,png From: https://blog.csdn.net/xcellencw/article/details/145289670