BUUCTF-Misc(121-130)
sstv参考:
[UTCTF2020]QSSTV - cuihua- - 博客园 (cnblogs.com)
qsstv解密一下
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180421545-1960524320.png
flag{6bdfeac1e2baa12d6ac5384cdfd166b0}voip
参考:
buuctf VoIP-CSDN博客
voip就是语音通话技能
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180420897-669173865.png
然后wireshark可以直接播放这个语音
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180420178-284807889.png
然后播放一下
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180419635-1404112079.png
flag就是考听力的,加油吧,我太垃圾,听不出
flag{9001IVR}电单车
参考:
[SCTF2019]电单车-CSDN博客
audacity打开感觉有猫腻
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180419163-1131069900.png
我们把细的换成0,粗的换成1
00111010010101010011000100PT2242信号:前面4bit表示同步码,中间的20bit表示地点码,后面的4bit表示功能码,末了一位是停止码
0 01110100101010100110 00100所以我们只用取中间的地点码
flag{01110100101010100110}soul sipse
拿到音频,去kali无暗码steghide分离出来一个txt
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180418753-136451976.png
得到一个毗连https://share.weiyun.com/5wVTIN3
下载下来是一个图片,但是没有显示,010打开,发现文件头打错了
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180417952-1359496102.png
我们更改一下89 50 4E 47,就可以正常打开
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180417472-2127537937.png
\u0034\u0030\u0037\u0030\u000d\u000a\u0031\u0032\u0033\u0034\u000d\u000a然后unicode转字符串
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180417111-235141808.png
给他俩加起来就行
flag{5304}spectogram
标题就是频谱图的意思,我们直接看频谱图,在这里选择
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180416627-859067276.png
然后就看到flag了
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180416009-706622762.png
flag{sp3tr0gr4m0ph0n3}[安洵杯 2019]easy misc
参考:安洵杯 2019]easy misc-CSDN博客
使用foremost提取出来两张图片
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180415516-801984595.png
大概是盲水印,使用PuzzleSolver盲水印(记得用python2版本)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180415100-1706478540.png
提取出来一个
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180414634-472854604.png
得到消息in 11.txt
接下来我们看看read文件夹有什么,我们如今11.txt看了一下没发现什,然后看到了下面有个hint,hint:取前16个字符
然后我们对11.txt词频分析(只有15个字母,因为第一个是空格)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180414108-766754024.png
etaonrhisdluygw 然后看看那个压缩包怎么回事,压缩包解释找到
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180413652-1131661546.png
算出来前面等于7,所以就是7个数字加NNULLULL,,掩码爆破(注意这个逗号哦)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180413236-433317603.png
里面得到
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180412743-274297629.png
然后用脚本更改一下这些
code_str = 'etaonrhisdluygw'
code_dict = {'a':'dIW','b':'sSD','c':'adE ','d':'jVf','e':'QW8','f':'SA=','g':'jBt','h':'5RE','i':'tRQ','j':'SPA','k':'8DS','l':'XiE','m':'S8S','n':'MkF','o':'T9p','p':'PS5','q':'E/S','r':'-sd','s':'SQW','t':'obW','u':'/WS','v':'SD9','w':'cw=','x':'ASD','y':'FTa','z':'AE7'}
base_str=''
for i in code_str:
i = code_dict
base_str += i
print(base_str)得到
QW8obWdIWT9pMkF-sd5REtRQSQWjVfXiE/WSFTajBtcw=然后就是这边有问题了,解出来应该是如许(官方说法)
QW8obWdIWT9pMkFSQWtRQjVfXiE/WSFTajBtcw==然后就是base64解密再base65解密
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180412365-1585105296.png
得到flag
flag{have_a_good_day1}Business Planning Group
010editor打开图片看一眼,发现图片尾好像有数据,bpg格式
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180411901-284848007.png
然后给这些数据弄出来,搞一个bgp后缀的文件
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180411411-1465942110.png
然后我下了一个Honeyview查看
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180410873-1753345635.png
YnNpZGVzX2RlbGhpe0JQR19pNV9iM3R0M3JfN2g0bl9KUEd9Cg==然后base64解码
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180410235-643937648.png
flag{BPG_i5_b3tt3r_7h4n_JPG}你知道apng吗
这里真没想到上一关下的工具honeyview用上了,逐帧分析
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180409798-824775091.png
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180409297-1116790056.png
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180408877-1870084261.png
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180408455-1602051507.png
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180407913-744876935.png
flag{a3c7e4e5-9b9d-ad20-0327-288a235370ea}greatescape
是一个流量包,然后我们追踪tcp流,在流19发现rsa私钥,我们保存下来,然后导入
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180407455-873719721.png
然后发现多了TLS流,我们追踪一下,在流80找到了flag
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180407012-496306296.png
flag{OkThatWasWay2Easy}[湖南省赛2019]Findme
参考:
湖南省赛2019]Findme_find me ctf-CSDN博客
湖南省赛2019]Findme-CSDN博客
第一张图片小的离谱,怀疑改宽高了,然后直接丢入风二西的png宽高一把梭,得到一张破损图
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180406546-427505138.png
010editor打开,运行PNG模板,发现缺失IDAT
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180406044-1115902482.png
那我们先看一下正常的IDAT对应的16进制是49 44 41 54
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180405517-457885567.png
然后给chunk、chunk这里对应union CTYPE type的16进制换成49 44 41 54,然后保存
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180404979-829738700.png
然后stegsolve打开图片,在blue2通道发现二维码
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180404441-882546607.png
然后扫描一下
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180403940-725949042.png
ZmxhZ3s0X3然后看第二张图片,010editor打开图片,在第二张图片尾部发现7z这个格式,我们提取出来
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180403439-1934193514.png
后面又发现不是7z,细致能看出他很像zip格式50 4b 03 04,所以我们把7z对应的16进制换成50 4b
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180402853-1509565062.png
替换完之后,我们binwalk提取一下,是一堆txt文本,我们按从大到小排序,发现618.txt最大,打开一看,有所发现
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180402421-1984908172.png
1RVcmVfc010打开第三张图片,然后发现chunk-chunk的这个值都可以被打印出来
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180401892-89101269.png
末了16进制转成ascii
3RlZ30=然后第四张图片看一下exif信息EXIF信息查看器 (tuchong.com)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180401096-28765303.png
cExlX1BsY末了一张图片010editor翻到末了,直接拿到了
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180400613-2043616659.png
Yzcllfc0lN末了拼接一下
ZmxhZ3s0X3Yzcllfc0lNcExlX1BsY1RVcmVfc3RlZ30=https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240608180400136-674134936.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]