BUUCTF-Misc(131-140)
剑龙打开pwd.txt发现是颜笔墨
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204952390-563103467.png
然后打开随波逐流,AAencode颜笔墨解密
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204951782-19401890.png
得到welcom3!
看一下这个图片的详细信息,发现
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204951322-2144258771.png
然后用颜笔墨结出来的那个密码,去steghide解密
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204950877-2097349740.png
U2FsdGVkX1/7KeHVl5984OsGUVSanPfPednHpK9lKvp0kdrxO4Tj/Q==又是U2f然后这次我还以为是AES加密,但是是DES,挺搞的,我也不太懂,拿去DES加密在线DES加密 | DES解密- 在线工具 (sojson.com)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204950352-1536438454.png
然后github去搜stegosaurus,然后发现是一个隐写,我们先把这个O.O这个文件加上文件后缀pyc,然后提取
python stegosaurus.py -x O_O.pyc然后我这边运行失败了,最后flag是
flag{3teg0Sauru3_!1}INSAnity
签到
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204949916-879086776.png
你能发现什么蛛丝马迹吗
参考:
HDCTF2019]你能发现什么蛛丝马迹吗-CSDN博客
下载下来是一个镜像,应该是内存取证
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204949529-1331961938.png
然后拖入kali,使用Volatility,找到版本
vol.py -f memory.img imageinfohttps://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204949133-1685050970.png
然后看看有什么进程运行,然后这里我发现不对,版本应该是Win2003SP1x86
vol.py -f memory.img --profile=Win2003SP1x86 pslisthttps://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204948510-693905919.png
再看看执行过的命令,检察命令行操纵,显示cmd历史命令
vol.py -f memory.img --profile=Win2003SP1x86 cmdscanhttps://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204947375-1017767328.png
发现DumpIt.exe这个进程很可疑,我们导出来
vol.py -f memory.img --profile=Win2003SP1x86 memdump -p 1992 -D ./https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204946777-2006929238.png
然后formost提取出来
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204946301-128021921.png
找到了key,iv,可以想到是AES加密
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204944944-1038814910.png
key:Th1s_1s_K3y00000
iv:1234567890123456二维码扫描出来
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204944461-2037150349.png
jfXvUoypb8p3zvmPks8kJ5Kt0vmEw0xUZyRGOicraY4=然后找个AES解密的网站,记得勾选我选的这些东西在线AES加密解密 - 拉米工具 (lmeee.com)
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204943943-1137527833.png
flag{F0uNd_s0m3th1ng_1n_M3mory}Sanity
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204943558-12579774.png
很好的色彩呃?
参考:BUUCTF:很好的色彩呃?_buuctf 很好的色彩呃?-CSDN博客
根据题目所说,应该是和颜色有关,打开ps,取这些颜色的后两位
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204943153-1418542989.png
6161706a6573然后随波逐流16进制转ASCII
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204942706-1941886827.png
flag{aapjes}frequency
打开题目,属性里的详细信息发现
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204942042-513658766.png
0ZWZtemNxaWRvZmd0ZnFnYmFkaWNubWhvdGlvbm9iZnlubGdvenRkYXZ2aW14b2JvdGlra2Z4d2lyb3JwZmNjdXpob3BoZmRjaWVrY2p5b21lamtjZ2Zmam51bmhvcGFkdGZndG1sdA==打开word发现一堆字符,但是只显示几个字
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204941446-1811909208.png
然后word打开这个选项
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204940952-746074267.png
然后又得到一大段base64笔墨
a2draGxmY290bnRpdWZwZ2hodGN3dWprY2ttb3ducGNrbXdseWd0bHBtZmtneWFhaWh1Y2RsYXRveXVjb2lnZ3JwbGt2a2Ftcmt0cXp4ZW1taXdrbGh1YWVrY2VvbHBvY2ZtdGFobWdmbWF2YWpuYmNwbWx0anRwdWZqY2FwY3RvanBqYmZmYmpid2h1YWxnZ3lqbmFtY2JmeWFjamJheGtpeGxtbXFpa3NtcHRxeW9qZXJ0ZmVrdGR4ZHh4YnRyeGNhbmd5bXNpbWh2dXdrdGV4c2dscnRwZ2FrdGJtZnVjZ3ZubXRqdWZvZWt5bXRsaW14ZGlqanB4eWl0YWJwbWt1Y2NubGtwb2V0Z2NkY3Bvc2tpenZ5eHJ0enhyYXh0bm9paHFjeGZvYWFhbHBhanlja2VrYnljZnZqb21sbGthamd5bWdmZGNycGVxa2xmc2NtZWppY3BqaWtjcHBhY3h5ZXZma3ljcHBia2R6Y2ZsbGlrcW5pdGNrYmhqb3JuZGhzb21mdHlwYWhwcW94cnlpbWhmbGNoY21rb3JldG1yb3RrYXJjanRobWZ0aWxpam55a3V0aWhienR0dW1zbmdmdGxtcmJmZmx0ZndjbmptZmF0bGZiemxva3RscHBsbWZpY29rcHBucGFjbWZ1Z21wdW5kdnRvbXdldmNqc2dhamdmZXF1dXBhaWV0eW5mamJicGpzbHZ5bmFmdG1scHBka3R0b2Z1emppanhpdGJmaXJtb3ZwemVraXJic2Zqc2d6bHVrb2x5dm9obXZnY3BrdGhzeGZ6bW1ibm1sZHp5dWljZHZrbXpiYXlidG9yY2ZvdHRkYW1jY25iYXBucmd4bGN5cGh5Zm5jZXhidmRubG9rZ295aWxwcmxvbnNodGNranR4bmFiamhsbWJwZGNtaGtqbmxnbXRnam5qYWtyaXpsbHBtbWFscHhhbXVuaW51cGtwZGlhcHNzbXZrZGp2Z2l5b2R1bXBuYXBsamtqYmNmaHRoc2tpb2twZ3R0eWhubmRzeGtxanp2dmRvc2VwcG9pZ3l0bW5uYXZjdG9wZHlpeHZiZG9zb2JtY3ViaXVhanhoeWZrdnJremdjdXlpbHB2YXdheW5xYWFwbGJrd2lpeHJjdGN0bGt4ZmpscGVhbW1qbmF1amNvdWlmbXZpa2ZpbXJvYXF0Y3RjZm1hdWJnYWdva2FyZnFmaGVtb3NydHlmb3B1a3VkY2FhaW1oZGZvZ25oa3JjZWxwY2F0Y3RweWpsYXZva2xnY2xhdGx0bXR6eWdwZWhma3poY3R6bmdtb2ZjaXpsdm54dG5sdWFqbHRvdmNqYWp1YnphdHBlaGhma25uZ2dwbHlsaXZmZWFpZHJteWp0YWNhbXhjbmtmeXN0d2ZuZmx5bmJta2NrYXJ4YWlzcGpsa3ZjdHZrbHh1bmNmcGJ4dmlyaXFleXBtdXZ1bHZsamNrY3lwcHRwdmV0b3hobWlwYmlsbmplb3drd3VjdG9rbmFmcHdvYXBmdGNsemhwaHhjY2F0dGh1bXZ3aHpvbWFmd3Fxbmxzb3lhYnV0bHpwaWF0Zm1tYWprcmR2bGN6d2pwc3Nwb2FiaWZpcGhrb2NocHRrYXRrYWZlb255YmZpdmVjbGR6b2ZhdGV0Z2FsaGFmYW1vYXlvc291bm5hZmlhdGNqdGl3b29sYWNya2N1YWRwdXRreWxweXBiZ2ZlcHdwc25jd2tjd2xsYXJ5anNjYW5id3BkcHpicHR1dG5sbm9wd3BpdGJsb3RsbHppZmtsYWF1cmpwaWFqZnB0a2ZteHBic3VjdmpzZ21jYWxhbnRyc2NrYmt1eWZnYWFrZmFjbmxkdXZxZXR5amdqbW5hZWFjbmdheGNuYW1qbWlna2tpdW1sbmR3Y2ttdWFuYW52cnJiZnp4enl1dWVob25lbWxjanp1dm9hanVmZGdqampjZ21ucHRmdXVjdWJjdGpoYW1sb2xmaG9pZnZia2themNwb3pjeXVjYnJnb2picG5haGNneXV0dGR2bXR0dndqbWhic2ptYmJhdmNkbHlob3Fqb21wY3B2aHRrb2FpcnZ0bWtmZnlhdGttcHR1dW9vb2xncG5udWVsaGZodnZpc3Vrd3lubWlhY25sbHVtaHRqZWt1YXV1cGxyeGtpZXB1anhsaWNma2NiY2htbmdsZ3BsaWhteWNybnNvbWF3dWZ1b29tdXVuaGRvb2FydWRhbW9hbW9ocW9vY2Z1cGp1aWFieHh1dnl2bm9zb3Vvb3Zha2xjZmt0eXJmYWdmYXl2cHVmdnBiZ3RhZmVraXBpY292dGZ0bnV4c2phdmpkcWt2ZnVpa2x0bWRrYmJua3BhZnhycXBmZ2N0dmFzY3VqamN1Y2h1YXpjaXVtdHRkbmF3aWhtbW9qZmJoeHZvbXRmcGJmaHR2aXdsYXVlb2dwcG1qc3BjYWxmaGNhcmtsYmlzcGh0anBhbmhsaXNwbnRza2tjbGpnZ2tjenRmaG5lY25wdGlmZnRyZG10amZla2ZpdGthc2RnbmVscHVoYmZpbXB1Y2JrcGtjbXhsZmtwaWlqdmh0amtzeWx6cm9vZmFjeGNscGpuaGJpcmN5ZGp0Y2xqZG9ibHlyeW1hdGdoaWZvam1qanNla29vbW9mY2FjdGF2ZmN5Zm11Znhoc3Rqd3VwYmpreW9nbnlyeXBseXBxbGF5eW1veHRhbnFkcHVyYnd6cGxsb2traGhtYW5kam5hdGNibGtjb3Rna2x1dHR3YmRhdHFybWF6cHJ2YXd6anhlZmhqdGRraWt1cmxsY2xjam9naG1sd3RhbWRkY2NucXVyb3Jha2N5b2JsYXJ6YWNtbnFjbWV0dHVheWF1eWl2c21ma25uYW5sdGNtaWdmcmdhYmlwdG50aG1tdXRwaWJ5bHJhdGhqY2doY2ZtbG92cGNudHFwZW96bG90ZGtlaW9jZmtjaXZ1eWx6Ympvb3hjc2FjbmdkdXZ4dG50aGphZXBhdX1rbGFocGNtdnppY2twYWFwaG9jZ2lvZ2p0dnB0Z2poZG9udW5scGFvbG5kcWJxZmRtYnBqam94Ym9tbGlreXVpcG54cXh6Y2lmb3JhaGhldXl5dHpoanV0Z2Z3dHVscmpjZnhvaWFneWpmYnBqaWFrZ3l0eGJmbnBsZnBxd3RkaXFuaXR2dmF1amRqbGlmamlvcnltdmZ4bXhnb3JpY3ljZGZob2ZiYnlnZmxhdGlyamRpZGFkcXZpa2pvY2l5ZmR6aHJvZ255eWlia2dubnZobWpsb2xhdndmaWpjZ2dma3B0a3BnY3FmYWZheXNpdHltYWN2a3FweWxoaGJ1Ymh4c2x1emN5dmxvcmlwdGxwZmxjdWljcG5mc2hpeXh2a2tiY2p5dWtvdGFsZmNpcGhjZGd4aWZ0a2xkZ29wanNtdXJ0eWp5cGhia2JmbmJ3YnNvZmlheHRsdWhwbXJmZGFrdWx1cGVhcHZyeXhtYWVwaGF5bmV4emZsbmV2am1pYndvcml0aGh4YmJ5cG1tYWJvYmZuZmNvanR0Y3Jram1naXJ2bWlzdW5mbHVodGVudHJodGVvamtjaGtwZnBhZXNnd2dscWRrdnZudWx1bnF7bG1sdGFscGhvdWZqcGlhbGNmbGZ5ZHZmd3lkb2ZraGFpeWF3bGx3Y2pvYXJxdnpqbGZmZ2xjdGNsYmxwa2JzZmxocnRqZGFvd3ByZGJjdWJmbHlveWJodmh3ZndvZWl0Z254YnpuaWZwbGx4bXN0a251aWhvYmZlZWZra2FreW5uYWNra2NkdWFtZ3N2bnBoY3RmZ3NybnJvZWh2ZW5kYmZpb21xZm14Ym1paWl1bGF2b2dma2dhY2lrYWFtcHBybGpmbXBqY3VhYXNja2l1cWlmY2liamx1dGNtcGF0b2pyanZmeGdsenBvcGpkZ2NoanVqbGtuZnd0cG5qZnBhY3JrcHRmaGNzamdyaXBjcmZjZGFsem5ob25mZGNvaG9zZmhvaGVha250aXRtamZsbmJvcGNsY3hjdWlnb3hja3JiYWxyYWVidGFhcml然后和第一段组合,bas64解密,第一段在后面,由于第一段有等号
解密出来是个这
kgkhlfcotntiufpghhtcwujkckmownpckmwlygtlpmfkgyaaihucdlatoyucoiggrplkvkamrktqzxemmiwklhuaekceolpocfmtahmgfmavajnbcpmltjtpufjcapctojpjbffbjbwhualggyjnamcbfyacjbaxkixlmmqiksmptqyojertfektdxdxxbtrxcangymsimhvuwktexsglrtpgaktbmfucgvnmtjufoekymtlimxdijjpxyitabpmkuccnlkpoetgcdcposkizvyxrtzxraxtnoihqcxfoaaalpajyckekbycfvjomllkajgymgfdcrpeqklfscmejicpjikcppacxyevfkycppbkdzcfllikqnitckbhjorndhsomftypahpqoxryimhflchcmkoretmrotkarcjthmftilijnykutihbzttumsngftlmrbffltfwcnjmfatlfbzloktlpplmficokppnpacmfugmpundvtomwevcjsgajgfequupaietynfjbbpjslvynaftmlppdkttofuzjijxitbfirmovpzekirbsfjsgzlukolyvohmvgcpkthsxfzmmbnmldzyuicdvkmzbaybtorcfottdamccnbapnrgxlcyphyfncexbvdnlokgoyilprlonshtckjtxnabjhlmbpdcmhkjnlgmtgjnjakrizllpmmalpxamuninupkpdiapssmvkdjvgiyodumpnapljkjbcfhthskiokpgttyhnndsxkqjzvvdoseppoigytmnnavctopdyixvbdosobmcubiuajxhyfkvrkzgcuyilpvawaynqaaplbkwiixrctctlkxfjlpeammjnaujcouifmvikfimroaqtctcfmaubgagokarfqfhemosrtyfopukudcaaimhdfognhkrcelpcatctpyjlavoklgclatltmtzygpehfkzhctzngmofcizlvnxtnluajltovcjajubzatpehhfknnggplylivfeaidrmyjtacamxcnkfystwfnflynbmkckarxaispjlkvctvklxuncfpbxviriqeypmuvulvljckcypptpvetoxhmipbilnjeowkwuctoknafpwoapftclzhphxccatthumvwhzomafwqqnlsoyabutlzpiatfmmajkrdvlczwjpsspoabifiphkochptkatkafeonybfivecldzofatetgalhafamoayosounnafiatcjtiwoolacrkcuadputkylpypbgfepwpsncwkcwllaryjscanbwpdpzbptutnlnopwpitblotllzifklaaurjpiajfptkfmxpbsucvjsgmcalantrsckbkuyfgaakfacnlduvqetyjgjmnaeacngaxcnamjmigkkiumlndwckmuananvrrbfzxzyuuehonemlcjzuvoajufdgjjjcgmnptfuucubctjhamlolfhoifvbkkazcpozcyucbrgojbpnahcgyuttdvmttvwjmhbsjmbbavcdlyhoqjompcpvhtkoairvtmkffyatkmptuuooolgpnnuelhfhvvisukwynmiacnllumhtjekuauuplrxkiepujxlicfkcbchmnglgplihmycrnsomawufuoomuunhdooarudamoamohqoocfupjuiabxxuvyvnosouoovaklcfktyrfagfayvpufvpbgtafekipicovtftnuxsjavjdqkvfuikltmdkbbnkpafxrqpfgctvascujjcuchuazciumttdnawihmmojfbhxvomtfpbfhtviwlaueogppmjspcalfhcarklbisphtjpanhlispntskkcljggkcztfhnecnptifftrdmtjfekfitkasdgnelpuhbfimpucbkpkcmxlfkpiijvhtjksylzroofacxclpjnhbircydjtcljdoblyrymatghifojmjjsekoomofcactavfcyfmufxhstjwupbjkyognyryplypqlayymoxtanqdpurbwzpllokkhhmandjnatcblkcotgkluttwbdatqrmazprvawzjxefhjtdkikurllclcjoghmlwtamddccnqurorakcyoblarzacmnqcmettuayauyivsmfknnanltcmigfrgabiptnthmmutpibylrathjcghcfmlovpcntqpeozlotdkeiocfkcivuylzbjooxcsacngduvxtnthjaepau}klahpcmvzickpaaphocgiogjtvptgjhdonunlpaolndqbqfdmbpjjoxbomlikyuipnxqxzciforahheuyytzhjutgfwtulrjcfxoiagyjfbpjiakgytxbfnplfpqwtdiqnitvvaujdjlifjiorymvfxmxgoricycdfhofbbygflatirjdidadqvikjociyfdzhrognyyibkgnnvhmjlolavwfijcggfkptkpgcqfafaysitymacvkqpylhhbubhxsluzcyvloriptlpflcuicpnfshiyxvkkbcjyukotalfciphcdgxiftkldgopjsmurtyjyphbkbfnbwbsofiaxtluhpmrfdakulupeapvryxmaephaynexzflnevjmibworithhxbbypmmabobfnfcojttcrkjmgirvmisunfluhtentrhteojkchkpfpaesgwglqdkvvnulunq{lmltalphoufjpialcflfydvfwydofkhaiyawllwcjoarqvzjlffglctclblpkbsflhrtjdaowprdbcubflyoybhvhwfwoeitgnxbznifpllxmstknuihobfeefkkakynnackkcduamgsvnphctfgsrnroehvendbfiomqfmxbmiiiulavogfkgacikaampprljfmpjcuaasckiuqifcibjlutcmpatojrjvfxglzpopjdgchjujlknfwtpnjfpacrkptfhcsjgripcrfcdalznhonfdcohosfhoheakntitmjflnbopclcxcuigoxckrbalraebtaaritefmzcqidofgtfqgbadicnmhotionobfynlgoztdavvimxobotikkfxwirorpfccuzhophfdciekcjyomejkcgffjnunhopadtfgtmlt根据题目,就是字频统计,b神的PuzzleSolver
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204940335-1780444932.png
flag{plokmijnuhbygvrdxeszwq}Self Congratulation
参考:
INSHack2018]Self Congratulation-CSDN博客
这里在图片发现了一张类似二维码的图
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204939506-392533056.png
我们把白色当成0,黑色为1
00110001001
10010001100
11001101000
01101010011
01100011011
10011100000https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204939090-2130960965.png
flag{12345678}[*CTF2019]otaku
参考:(´∇`) 欢迎回来! (cnblogs.com)
伪加密
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204933876-1475683828.png
然后打开doc文件,找到隐藏的笔墨,然后我们复制下来,给他转gbk,由于原题有这个提示
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204932328-602864858.png
# -*- coding:GBK -*-
f = open('data.txt','w')
s = "Hello everyone, I am Gilbert. Everyone thought that I was killed, but actually I survived. Now that I have no cash with me and I’m trapped in another country. I can't contact Violet now. She must be desperate to see me and I don't want her to cry for me. I need to pay 300 for the train, and 88 for the meal. Cash or battlenet point are both accepted. I don't play the Hearthstone, and I don't even know what is Rastakhan's Rumble."
f.write(s)
f.close()然后给这个新生成的文件压缩进去,看一下CRC,发现和加密的压缩包的CRC一样,我们可以明文爆破
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204931510-454280210.png
然后开始明文爆破,我这运行不起来,贴一个佬的图
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204930808-1028609695.png
然后有一个图,随波逐流秒了
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204930130-664377682.png
flag{vI0l3t_Ev3rg@RdeN}table-tennis
icmp报文携带base64的数据
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204929542-1062866568.png
全部找到拼接起来
Q1RGe0p1c3RBUzBuZ0FiMHV0UDFuZ1Awbmd9base64解码
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204928994-1588445907.png
gflag
参考:[INSHack2019]gflag-CSDN博客
打开文件,发现一串看不懂的代码
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204928501-1125349246.png
然后说是3d打印gcode,我们个给文件加上 gcode后缀gcode viewer - online gcode viewer and analyzer in your browser!
https://img2023.cnblogs.com/blog/3439569/202406/3439569-20240609204927497-1548132936.png
flag{3d_pr1nt3d_fl49}
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]