CTF比赛中常见的文件头
本文整理了CTF比赛中常见的文件头。
文件头文件尾总结
JPEG (jpg), 文件头:FFD8FF 文件尾:FF D9
PNG (png), 文件头:89504E47 文件尾:AE 42 60 82
GIF (gif), 文件头:47494638 文件尾:00 3B
ZIP Archive (zip), 文件头:504B0304 文件尾:50 4B
TIFF (tif), 文件头:49492A00
Windows Bitmap (bmp), 文件头:424D
CAD (dwg), 文件头:41433130
Adobe Photoshop (psd), 文件头:38425053
Rich Text Format (rtf), 文件头:7B5C727466
XML (xml), 文件头:3C3F786D6C
HTML (html), 文件头:68746D6C3E
Email [thorough only] (eml), 文件头:44656C69766572792D646174653A
Outlook Express (dbx), 文件头:CFAD12FEC5FD746F
Outlook (pst), 文件头:2142444E
MS Word/Excel (xls.or.doc), 文件头:D0CF11E0
MS Access (mdb), 文件头:5374616E64617264204A
WordPerfect (wpd), 文件头:FF575043
Adobe Acrobat (pdf), 文件头:255044462D312E
Quicken (qdf), 文件头:AC9EBD8F
Windows Password (pwl), 文件头:E3828596
RAR Archive (rar), 文件头:52617221
Wave (wav), 文件头:57415645
AVI (avi), 文件头:41564920
Real Audio (ram), 文件头:2E7261FD
Real Media (rm), 文件头:2E524D46
MPEG (mpg), 文件头:000001BA
MPEG (mpg), 文件头:000001B3
Quicktime (mov), 文件头:6D6F6F76
Windows Media (asf), 文件头:3026B2758E66CF11
MIDI (mid), 文件头:4D546864
1、从Ultra-edit-32中提取出来的
附件:文件格式分析器
JPEG (jpg),文件头:FFD8FF
PNG (png),文件头:89504E47
GIF (gif),文件头:47494638
TIFF (tif),文件头:49492A00
Windows Bitmap (bmp),文件头:424D
CAD (dwg),文件头:41433130
Adobe Photoshop (psd),文件头:38425053
Rich Text Format (rtf),文件头:7B5C727466
XML (xml),文件头:3C3F786D6C
HTML (html),文件头:68746D6C3E
Email [thorough only] (eml),文件头:44656C69766572792D646174653A
Outlook Express (dbx),文件头:CFAD12FEC5FD746F
Outlook (pst),文件头:2142444E
MS Word/Excel (xls.or.doc),文件头:D0CF11E0
MS Access (mdb),文件头:5374616E64617264204A
WordPerfect (wpd),文件头:FF575043
Postscript (eps.or.ps),文件头:252150532D41646F6265
Adobe Acrobat (pdf),文件头:255044462D312E
Quicken (qdf),文件头:AC9EBD8F
Windows Password (pwl),文件头:E3828596
ZIP Archive (zip),文件头:504B0304
RAR Archive (rar),文件头:52617221
Wave (wav),文件头:57415645
AVI (avi),文件头:41564920
Real Audio (ram),文件头:2E7261FD
Real Media (rm),文件头:2E524D46
MPEG (mpg),文件头:000001BA
MPEG (mpg),文件头:000001B3
Quicktime (mov),文件头:6D6F6F76
Windows Media (asf),文件头:3026B2758E66CF11
MIDI (mid),文件头:4D546864
2、从winhex中取出的文件头列表
File Type ExtensionsHeader
JPEG jpg;jpeg 0xFFD8FF
PNG png 0x89504E470D0A1A0A
GIF gif GIF8
TIFF tif;tiff 0x49492A00
TIFF tif;tiff 0x4D4D002A
Bit map bmp BM
AOL ART art 0x4A47040E000000
AOL ART art 0x4A47030E000000
PC Paintbrush pcx 0x0A050108
Graphics Metafile wmf 0xD7CDC69A
Graphics Metafile wmf 0x01000900
Graphics Metafile wmf 0x02000900
Enhanced Metafile emf 0x0100000058000000
Corel Draw cdr CDR
CAD dwg 0x41433130
Adobe Photoshop psd 8BPS
Rich Text Format rtf rtf
XML xml
HTML html;htm;PHP;php3;php4;phtml;shtml type
Email eml Delivery-date:
Outlook Express dbx 0xCFAD12FE
Outlookpst!BDN
MS Office/OLE2doc;xls;dot;ppt;xla;ppa;pps;pot;msi;sdw;db 0xD0CF11E0A1B11AE1
MS Access mdb;mda;mde;mdt Standard J
WordPerfect wpd 0xFF575043
OpenOffice Writer sxw writer
OpenOffice Calc sxc calc
OpenOffice Math sxm math
OpenOffice Impress sxi impress
OpenOffice Draw sxd draw
Adobe FrameMaker fm <MAKERFILE
PostScript eps.or.ps;ps;eps %!PS-Adobe
Adobe Acrobat pdf %PDF-1.
Quicken qdf 0xAC9EBD8F
QuickBooks Backup qbb 0x458600000600
Sage sly.or.srt.or.slt;sly;srt;slt0x53520100
Sage Backup 1 SAGEBACKUP
Lotus WordPro v9 lwp 0x576F726450726F
Lotus 123 v9 123 0x00001A00051004
Lotus 123 v5 wk4 0x00001A0002100400
Lotus 123 v3 wk3 0x00001A0000100400
Lotus 123 v1 wk1 0x2000604060
Windows Password pwl 0xE3828596
ZIP Archive zip;jar 0x504B0304
ZIP Archive (outdated) zip 0x504B3030
RAR Archive rar Rar!
GZ Archive gz;tgz 0x1F8B08
BZIP Archive bz2 BZh
ARJ Archive arj 0x60EA
7-ZIP Archive 7z 7z集’
Wave wav WAVE
AVI avi AVI
Real Audio ram;ra .ra?0
Real Media rm .RMF
MPEG mpg;mpeg 0x000001BA
MPEG mpg;mpeg 0x000001B3
Quicktime mov moov
Windows Media asf 0x3026B2758E66CF11
MIDI mid MThd
Win32 Executable exe;dll;drv;vxd;sys;ocx;vbxMZ
Win16 Executable exe;dll;drv;vxd;sys;ocx;vbxMZ
ELF Executable elf;; 0x7F454C4601010100
各种文件类型文件头标志位详细列表
FFD8FFFE00, .JPEG;.JPE;.JPG, “JPGGraphic File”
FFD8FFE000, .JPEG;.JPE;.JPG, “JPGGraphic File”
474946383961, .gif, “GIF 89A”
474946383761, .gif, “GIF 87A”
424D, .bmp, “Windows Bitmap”
4D5A,.exe;.com;.386;.ax;.acm;.sys;.dll;.drv;.flt;.fon;.ocx;.scr;.lrc;.vxd;
.cpl;.x32, “Executable File”
504B0304, .zip, “Zip Compressed”
3A42617365, .cnt, “”
D0CF11E0A1B11AE1,.doc;.xls;.xlt;.ppt;.apr, “MS Compound Document v1 or Lotus Approach APRfile”
0100000058000000, .emf, “”
03000000C466C456, .evt, “”
3F5F0300, .gid;.hlp;.lhp, “Windows HelpFile”
1F8B08, .gz, “GZ Compressed File”
28546869732066696C65, .hqx, “”
0000010000, .ico, “Icon File”
4C000000011402, .lnk, “Windows LinkFile”
25504446, .pdf, “Adobe PDF File”
5245474544495434, .reg, “”
7B5C727466,.rtf, “Rich Text Format File”
lh, .lzh, “Lz compression file”
MThd, .mid, “”
0A050108, .pcx, “”
25215053, .eps, “Adobe EPS File”
2112, .ain, “AIN Archive File”
1A02, .arc, “ARC/PKPAK Compressed 1”
1A03, .arc, “ARC/PKPAK Compressed 2”
1A04, .arc, “ARC/PKPAK Compressed 3”
1A08, .arc, “ARC/PKPAK Compressed 4”
1A09, .arc, “ARC/PKPAK Compressed 5”
60EA, .arj, “ARJ Compressed”
41564920, .avi, “Audio Video Interleave(AVI)”
425A68, .bz;.bz2, “Bzip Archive”
49536328, .cab, “Cabinet File”
4C01, .obj, “Compiled Object Module”
303730373037, .tar;.cpio, “CPIO ArchiveFile”
4352555348, .cru;.crush, “CRUSH ArchiveFile”
3ADE68B1, .dcx, “DCX Graphic File”
1F8B, .gz;.tar;.tgz, “Gzip ArchiveFile”
91334846, .hap, “HAP Archive File”
3C68746D6C3E,.htm;.html, “HyperText Markup Language 1”
3C48544D4C3E,.htm;.html, “HyperText Markup Language 2”
3C21444F4354, .htm;.html, “HyperText MarkupLanguage 3”
100, .ico, “ICON File”
5F27A889, .jar, “JAR Archive File”
2D6C68352D,.lha, “LHA Compressed”
20006040600, .wk1;.wks, “Lotus 123 v1 Worksheet”
00001A0007800100, .fm3, “Lotus 123 v3 FMTfile”
00001A0000100400, .wk3, “Lotus 123 v3Worksheet”
20006800200, .fmt, “Lotus 123 v4 FMTfile”
00001A0002100400, .wk4, “Lotus 123 v5”
5B7665725D, .ami, “Lotus Ami Pro”
300000041505052, .adx, “Lotus ApproachADX file”
1A0000030000, .nsf;.ntf, “Lotus NotesDatabase/Template”
4D47582069747064, .ds4, “MicrografixDesigner 4”
4D534346, .cab, “Microsoft CAB FileFormat”
4D546864, .mid, “Midi Audio File”
000001B3, .mpg;.mpeg, “MPEG Movie”
0902060000001000B9045C00, .xls, “MS Excel v2”
0904060000001000F6055C00, .xls, “MS Excel v4”
7FFE340A,.doc, “MS Word”
1234567890FF, .doc, “MS Word 6.0”
31BE000000AB0000, .doc, “MS Word forDOS 6.0”
1A00000300001100, .nsf, “NotesDatabase”
7E424B00, .psp, “PaintShop Pro Image File”
504B0304, .zip, “PKZIP Compressed”
89504E470D0A, .png, “PNG Image File”
6D646174, .mov, “QuickTime Movie”
6D646174, .qt, “Quicktime MovieFile”
52617221, .rar, “RAR Archive File”
2E7261FD, .ra;.ram, “Real AudioFile”
EDABEEDB, .rpm, “RPM Archive File”
2E736E64, .au, “SoundMachine AudioFile”
53495421, .sit, “Stuffit v1 ArchiveFile”
53747566664974, .sit, “Stuffit v5Archive File”
1F9D, .z, “TAR Compressed ArchiveFile”
49492A, .tif;.tiff, “TIFF (Intel)”
4D4D2A,.tif;.tiff, “TIFF (Motorola)”
554641, .ufa, “UFA Archive File”
57415645666D74, .wav, “Wave Files”
D7CDC69A,.wmf, “Windows Meta File”
4C000000, .lnk, “Windows Shortcut (LinkFile)”
504B3030504B0304, .zip, “WINZIPCompressed”
FF575047, .wpg, “WordPerfectGraphics”
FF575043, .wp, “WordPerfect v5 orv6”
3C3F786D6C,.xml, “XML Document”
FFFE3C0052004F004F0054005300540055004200, .xml, “XML Document(ROOTSTUB)”
3C21454E54495459, .dtd, “XML DTD”
5A4F4F20, .zoo, “ZOO Archive File”