BUUCTF-Misc(81-90)
从娃娃抓起https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202751588-1748221689.png
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202751187-1979874974.png
第一句话是中文电码中文电码查询 - 中文电码转换 - 中文电码对照表 (bmcx.com)
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202750767-1127161331.png
第二句话是五笔编码汉字五笔编码批量查询:86版五笔编码、98版五笔编码、18030版五笔编码;五笔编码反查汉字 - 千千秀字 (qqxiuzi.cn)
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202750316-44619082.png
人工智能也要从娃娃抓起https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202749776-618215727.png
flag{3b4b5dccd2c008fe7e2664bd1bc19292}zip
解压后很多压缩包,但是内里压缩包加密的data.txt都比较小,都为4字节,所以我们尝试
crc32爆破
采用师傅的脚本
import zipfile
import string
import binascii
import os
filepath=r'D:/EdgeDownload/b2ca8799-13d7-45df-a707-94373bf2800c'
os.chdir(filepath)
def CrackCrc(crc):
for i in dic:
for j in dic:
for k in dic:
for h in dic:
s = i + j + k + h
if crc == (binascii.crc32(s.encode())):
f.write(s)
return
def CrackZip():
for i in range(0,68):
file = 'out'+str(i)+'.zip'
crc = zipfile.ZipFile(file,'r').getinfo('data.txt').CRC
CrackCrc(crc)
print('\r'+"loading:{:%}".format(float((i+1)/68)),end='')
dic = string.ascii_letters + string.digits + '+/='
f = open('out.txt','w')
print("\nCRC32begin")
CrackZip()
print("CRC32finished")
f.close()得到
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202749135-1510912990.png
base64解密
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202748421-1495034851.png
发现是rar文件格式
RAR文件格式学习(了解)_rar文件头-CSDN博客
我们在前面补上文件头,规复之后在注释找到flag
52 61 72 21 1A 07 00https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202747181-2122030031.png
zips
没有啥线索,爆破一下
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202746559-242689148.png
然后又是一个加密压缩包,是伪加密
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202746030-3431573.png
这里可以看到密码是时间戳
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202745396-1449138652.png
然后掩码攻击
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202744957-834600964.png
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202744490-522504191.png
得到flag
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202743987-1623121322.png
UTCTF2020]file header
这道题提示了文件头,加上就行
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202743613-1018952333.png
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202742349-491638312.png
flag{3lit3_h4ck3r}通行证
base64解密,直接提交不对
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202739330-182479900.png
然后内里有{},有可能是栅栏,然后key=5有点像但不是,背面搜了说是加密key=7
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202738834-394974578.png
然后就是凯撒密码,key=13
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202738337-1924040184.png
flag{oyay_now_you_get_it}girlfriend
有个音频文件,就是莫斯密码
--- . ... . .. . . . ... . .. . . . .-- . - . ... . ... . ..- . ... . ... . ... . .. . .. . . . ....解密出来
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202737891-202992169.png
然后发现猜错了
不是莫斯,是拨号声音,按键,这次也是学到了
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202737390-270811166.png
999*666*88*2*777*33*6*999*4*4444*777*555*333*777*444*33*66*3*7777然后手机调成拼音9键,去打
flag{youaremygirlfriends}(╯°□°)╯︵ ┻━┻
参考:
(╯°□°)╯︵ ┻━┻_ddctf2018╯︵ ┻━┻-CSDN博客](https://blog.csdn.net/mochu7777777/article/details/105324802)
看了题解,就是字符串截取两位16进制->转10进制->都减去128为ASCII码->转字符
太菜了,我真看不出来,看一下大佬的题解脚本吧
# -*- coding:utf-8 -*-
# author: mochu7
def hex_str(str):#对字符串进行切片操作,每两位截取
hex_str_list=[]
for i in range(0,len(str)-1,2):
hex_str=str
hex_str_list.append(hex_str)
print("hex列表:%s\n"%hex_str_list)
hex_to_str(hex_str_list)
def hex_to_str(hex_str_list):
int_list=[]
dec_list=[]
flag=''
for i in range(0,len(hex_str_list)):#把16进制转化为10进制
int_str=int('0x%s'%hex_str_list,16)
int_list.append(int_str)
dec_list.append(int_str-128)#-128得到正确的ascii码
for i in range(0,len(dec_list)):#ascii码转化为字符串
flag += chr(dec_list)
print("转化为十进制int列表:%s\n"%int_list)
print("-128得到ASCII十进制dec列表:%s\n"%dec_list)
print('最终答案:%s'%flag)
if __name__=='__main__':
str='d4e8e1f4a0f7e1f3a0e6e1f3f4a1a0d4e8e5a0e6ece1e7a0e9f3baa0c4c4c3d4c6fbb9b2b2e1e2b9b9b7b4e1b4b7e3e4b3b2b2e3e6b4b3e2b5b0b6b1b0e6e1e5e1b5fd'
print("字符串长度:%s"%len(str))
hex_str(str)https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202736668-837979253.png
千层套路
参考:
MRCTF2020]千层套路-CSDN博客
第一个加密压缩包,暴力破解
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202736172-1074817701.png
这边解了好多,发现都是和文件名一样,开始脚本
import os
import zipfile
filepath=r'D:/EdgeDownload/ff'
os.chdir(filepath)
name = '0573'
while True:
fz = zipfile.ZipFile(name + '.zip', 'r')
fz.extractall(pwd=bytes(name, 'utf-8'))
name = fz.filelist.filename
fz.close()得到一个qr.txt
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202735689-1992655451.png
这个是rgb,我们开始脚本绘图
from PIL import Image
import os
filepath=r'D:/EdgeDownload/ff/qr'
os.chdir(filepath)
x = y = 200
img = Image.new('RGB',(x,y))
file = open('qr.txt','r')
for width in range(0,x):
for height in range(0,y):
line=file.readline()
line=line.strip()
line=line.replace('(','')
line=line.replace(')','')
rgb = line.split(',')
img.putpixel((width,height),(int(rgb),int(rgb),int(rgb)))
print('绘制完毕')
file.close()
img.save('flag.jpg')得到一个二维码,扫一下
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202735188-1946225276.png
得到flag
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202734719-648119287.png
百里挑一
因为是一个流量包,我们需要给图弄出来,所以导出http格式,好多图
然后exiftool分析一下,得到一半flag
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202734131-240295088.png
剩下一半,在tcp流114中
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202733482-511414300.png
最后拼一下
flag{ae58d0408e26e8f26a3c0589d23edeec}followme
我直接全部导出了http的对象
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202733005-1912014072.png
然后搜索字符串,找到flag
https://img2023.cnblogs.com/blog/3439569/202405/3439569-20240531202732253-1881641456.png
flag{password_is_not_weak}
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]