bmz刷题目记录
bmz刷题目记录
Crypto
4进制
有附件,附件内容
1 | 1212 1230 1201 1213 1323 1012 1233 1311 1302 1202 1201 1303 1211 301 302 303 1331 |
可以根据题目名称可以知道需要用四进制转换成十进制,然后十进制转换成字符得到flag,exp如下:
1 | a='1212 1230 1201 1213 1323 1012 1233 1311 1302 1202 1201 1303 1211 301 302 303 1331' |
2018 AFCTF Morse
有附件,附件内容
1 | -..../.----/-..../-..../-..../...--/--.../....-/-..../-..../--.../-.../...--/.----/--.../...--/..---/--.../--.../....-/...../..-./--.../...--/...--/-----/...../..-./...--/...--/...--/....-/...--/...../--.../----./--.../-.. |
首先将莫斯解码得到
1 | 61666374667B317327745F73305F333435797D |
然后将上面的16进制转码得到flag
1 | afctf{1s't_s0_345y} |
2018 HEBTUCTF 社会主义接班人
有附件,附件内容
1 | 身为社会主义接班人的你,核心价值观你会背吗? |
社会主义核心价值观解密得到flag
1 | HEBTUCTF{ejvovdasfjfvmrfmsdemxj} |
Ook
有附件,附件内容
1 | Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. |
ook解码得到flag
1 | flag{1c470f09af4c86b7} |
栅栏密码
得到信息
1 | fa{660cb679d7866ffalg7d27e041cfbd18ed} |
栅栏为2
1 | flag{76d6207ceb064719cdf7b8d6168fefda} |
easy_base
描述信息和附件内容:影分身之术*40
1 | 太多了 |
根据题目可以知道大概是base64加密了40次,于是写出exp
1 | import base64 |
得到flag
1 | flag{S0_many_Bas3} |
栅栏中的base
得到附件内容
1 | 4C4A5645455232524B3533544B544C4C4A5A5545324D434749564E48553344474A564548495A53524E595944323D3D3D |
首先将内容转成base16解码得到
1 | LJVEER2RK53TKTLLJZUE2MCGIVNHU3DGJVEHIZSRNYYD2=== |
然后base32解码得到
1 | ZjBGQWw5MkNhM0FEZzlfMHtfQn0= |
然后base64解码得到
1 | f0FAl92Ca3ADg9_0{_B} |
然后栅栏字数是5
1 | flag{0939_F2A_BACD0} |
2018 HEBTUCTF Sudoku&Viginere
得到附件内容
完成拼图得到
然后根据提示
1 | After solving Sudoku, you will find Viginere's secret:45 34 57 74 15 35 26 86 47 39 |
有点像坐标一样的找到对应的值但是考虑到先行后列或者先列后行,所以有两种可能的结果
结果一:rry55t1r13
结果二:15_1t_3a5y
尝试提交之后是
1 | HEBTUCTF{15_1t_3a5y} |
CRC32 BOOM!
得到zip附件,被加密,有两个txt和一个jpg,根据题目可以知道大概是需要对CRC进行爆破,观察文件大小后,主要对txt的CRC进行爆破
8e234ae0爆破结果
1 | 4 bytes: {0x76, 0xa2, 0x0b, 0xe1} |
8115a277爆破结果
1 | 4 bytes: {0x0e, 0xf5, 0x08, 0x69} |
观察两个结果,在第一个结果里面有newctf,第二个结果里面有bugku_,所以猜测密码为bugku_newctf猜中了,要是没猜中可以试试把两个结果拼起来组成一个字典去跑
用压缩密码解压得到jpg图片,不能直接打开,用010查看得到flag
1 | flag{Crcrcrcrc_32_BOOM} |
【2021医疗行业CTF】base编码
得到内容
R1kzRE1RWldHRTNET04yQ0dZWkRNTUpYR00zREtNWldHTTJES1JSVEdNWlRFTktHR01ZVEdOUlZJWTNES05SUkc0WlRPT0pWSVkzREVOUlJHNFpUTU5KWElRPT09PT09
1 | base64得到> |
2018 AFCTF Vigenère
得到
1 | Yzyj ia zqm Cbatky kf uavin rbgfno ig hnkozku fyyefyjzy sut gha pruyte gu famooybn bhr vqdcpipgu jaaju obecu njde pupfyytrj cpez cklb wnbzqmr ntf li wsfavm azupy nde cufmrf uh lba enxcp, tuk uwjwrnzn inq ksmuh sggcqoa zq obecu zqm Lncu gz Jagaam aaj qx Hwthxn'a Gbj gfnetyk cpez, g fwwang xnapriv li phr uyqnvupk ib mnttqnq xgioerry cpag zjws ohbaul drinsla tuk liufku obecu ovxey zjwg po gnn aecgtsneoa. |
直接维吉尼亚密码在线破解
key:csuwangjiang
1 | afctf{Whooooooo_U_Gotcha!} |
MISC
真正的CTFer
直接丢010里面编辑,看到CRC被修改
解不开的秘密
zip里面有个file和一个doc,打开doc要密码,打开file,是字符16进制,得到
1 | V2luZG93cyBSZWdpc3RyeSBFZGl0b3IgVmVyc2lvbiA1LjAwCgpbSEtFWV9DVVJSRU5UX1VTRVJcU29mdHdhcmVcUmVhbFZOQ10KCltIS0VZX0NVUlJFTlRfVVNFUlxTb2Z0d2FyZVxSZWFsVk5DXHZuY2xpY2Vuc2V3aXpdCiJfQW5sQ2xpZW50SWQiPSI4ZjVjYzM3OC0yZTFkLTQ2NzAtODBlMC1kMmQ4MWQ4ODI1NjEiCiJfQW5sU2VsZWN0ZWQiPSIwIgoiX0FubEluY2xSYXRlIj0iMC4wMDI1IgoKW0hLRVlfQ1VSUkVOVF9VU0VSXFNvZnR3YXJlXFJlYWxWTkNcdm5jc2VydmVyXQoKW0hLRVlfQ1VSUkVOVF9VU0VSXFNvZnR3YXJlXFJlYWxWTkNcVk5DVmlld2VyNF0KImR1bW15Ij0iIgoKW0hLRVlfQ1VSUkVOVF9VU0VSXFNvZnR3YXJlXFJlYWxWTkNcVk5DVmlld2VyNFxNUlVdCiIwMCI9IjEyNy4wLjAuMSIKIk9yZGVyIj1oZXg6MDAsMDEKIjAxIj0iMTI3LjAuMC4xOjU5MDAiCgpbSEtFWV9DVVJSRU5UX1VTRVJcU29mdHdhcmVcUmVhbFZOQ1xXaW5WTkM0XQoiUGFzc3dvcmQiPWhleDozNyw1ZSxiZSw4Niw3MCxiMyxjNixmMwoiU2VjdXJpdHlUeXBlcyI9IlZuY0F1dGgiCiJSZXZlcnNlU2VjdXJpdHlUeXBlcyI9Ik5vbmUiCiJRdWVyeUNvbm5lY3QiPWR3b3JkOjAwMDAwMDAwCiJQb3J0TnVtYmVyIj1kd29yZDowMDAwMTcwYwoiTG9jYWxIb3N0Ij1kd29yZDowMDAwMDAwMAoiSWRsZVRpbWVvdXQiPWR3b3JkOjAwMDAwZTEwCiJIVFRQUG9ydE51bWJlciI9ZHdvcmQ6MDAwMDE2YTgKIkhvc3RzIj0iKywiCiJBY2NlcHRLZXlFdmVudHMiPWR3b3JkOjAwMDAwMDAxCiJBY2NlcHRQb2ludGVyRXZlbnRzIj1kd29yZDowMDAwMDAwMQoiQWNjZXB0Q3V0VGV4dCI9ZHdvcmQ6MDAwMDAwMDEKIlNlbmRDdXRUZXh0Ij1kd29yZDowMDAwMDAwMQoiRGlzYWJsZUxvY2FsSW5wdXRzIj1kd29yZDowMDAwMDAwMAoiRGlzY29ubmVjdENsaWVudHMiPWR3b3JkOjAwMDAwMDAxCiJBbHdheXNTaGFyZWQiPWR3b3JkOjAwMDAwMDAwCiJOZXZlclNoYXJlZCI9ZHdvcmQ6MDAwMDAwMDAKIkRpc2Nvbm5lY3RBY3Rpb24iPSJOb25lIgoiUmVtb3ZlV2FsbHBhcGVyIj1kd29yZDowMDAwMDAwMAoiUmVtb3ZlUGF0dGVybiI9ZHdvcmQ6MDAwMDAwMDAKIkRpc2FibGVFZmZlY3RzIj1kd29yZDowMDAwMDAwMAoiVXNlSG9va3MiPWR3b3JkOjAwMDAwMDAxCiJQb2xsQ29uc29sZVdpbmRvd3MiPWR3b3JkOjAwMDAwMDAxCiJDb21wYXJlRkIiPWR3b3JkOjAwMDAwMDAxCiJQcm90b2NvbDMuMyI9ZHdvcmQ6MDAwMDAwMDAKImR1bW15Ij0iIgo |
然后base64解密
1 | Windows Registry Editor Version 5.00 |
看到:”Password”=hex:37,5e,be,86,70,b3,c6,f3和HKEY_CURRENT_USER\Software\RealVNC
用VNC解密得到doc密码:!QAZ2wsx
移开图片,加上颜色
1 | flag{aec1294a146b8ece1e3a295e557e198c} |
赢战2019
题目描述
2019年的第一场月赛,zhu定了是一场zhu福满天飞的比赛~答案提交flag{}括号内的值。
得到一个图片
binwalk+foremost隐写得到下面二维码
直接识别没有flag,于是用隐写神器stegsolve
1 | flag{You_ARE_SOsmart} |
技协杯-签到
得到没有后缀名的附件,用010editor打开看到文件头是504B0304
判断是个zip文件,修改后缀名后用bandzip打开,然后在word/media找打藏flag的图片
1 | flag{873f6218-dc48-11ea-a3b9-dca90498a2db} |
SDNISC2020_简单数据包
得到一个pacp文件,但是没法用wireshark直接打开,然后直接用binwalk+foremost分离出来一个zip
里面有个key.txt,txt内容是ZmxhZ3tzZG5pc2NfbmV0X3NRMlgzUTl4fQ==,直接base64解码
1 | flag{sdnisc_net_sQ2X3Q9x} |
2018 HEBTUCTF 签到题
zip解压后得到type,直接记事本打开得到EBTUCTF{lkfdlfnqwnoidasfmaklmf},根据题目名称得到完成flag
1 | HEBTUCTF{lkfdlfnqwnoidasfmaklmf} |
2018 HEBTUCTF 你可能需要一个wireshark
用wireshark打开直接搜索flag,定位到tcp.stream eq 17,追踪一下发现是用dvwa上传了一个flag.txt并且被base64加密了内容
SEVCVFVDVEYlN0JmMWFnXzFzX3czbl9kNG8lN0Q=
解密后得到HEBTUCTF%7Bf1ag_1s_w3n_d4o%7D
1 | HEBTUCTF{f1ag_1s_w3n_d4o} |
MISC_你猜猜flag
得到一个exe附件,直接运行直接输入4,得到下面提示Z1P P3ssw0rd 1s:ZmxhZ+WlveWDj+WPr+S7peeMnOWHuuadpQ==
binwalk+foremost分离出的zip的密码是这个,解压后得到Misc So easy.mdb,直接搜flag定位到
1 | flag{D1d y0u 8u3ss?} |
2018 护网杯 迟来的签到题
题目描述xor,于是先把附件内容base64解密,然后挨个进行异或
1 | from base64 import * |
运行得到
1 | flag{5DDB63E62F1DA3C6C777E790F8D41D63} |
签到题
关注公众号:白帽子社区,回复关键字:BMZCTF 获取flag
1 | BMZCTF{W3lc0me_t0_BMZCTF!} |
2018 hackergame Word 文档
用bandzip打开得到flag.txt
1 | flag{xlsx,pptx,docx_are_just_zip_files} |
神秘压缩包
给到一个txt和一个加密的压缩包,可以看到txt里面的内容是
1 | data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAArIAAACtCAIAAADDBAuwAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAZ/SURBVHhe7d1NcuJIFIXRXhcLYj2sxpvxYqqlzCvpKQWUO3ogwOdMrJ9UQo3eV9gR/PMHAKCRBQBAyAIAIGQBABCyAAAIWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAEAELIAAAhZAACELAAAQhYAACELAICQBQBAyAIAIGQBABCyAAAIWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAEAELIAAAhZAACELAAAQhYAACELAICQBQBAyAIAIGQBABCyAAAIWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAEAELIAAAhZAACELAAAQhYAACELAICQBQBAyAIAIGQBABCyAAAIWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsgN/s6/rP7PqVc+CXkwVwpozlJzKx28Jten/fLtP55fad81W/8fM539/AcaPss7je9ueT9SWe/hsEB7wXWQBnaiP1znQfDVWwjO3D0M2Ifrbj0yneZdv2Go/SY7v+4N/w4B0CL00WwJnGkXp/xG4T9tFM7488n/jZti1apvVhdpe7++lfzoY3+fRVZQG8F1kAZxom7OG8KRczgnfDdr4238298elZ3Xbdoh30H9N+5Ue2L4fLWXkT21sodyqfFsA7kgVwpnGk3hmxfbxO1+Z7169+epApf9Q2222bHa7X+eI8tpctL5dbGeJ1v7x6H/JteXmPD164u5sF6z8p58DLkAVwpszr26PJOo/ONQTmk20694d347lP+vVSNp/OtqO+W9ugXVz0m2Vdvzsdzwf5Mbg78n9CFsDLkgVwpjKHm/F8MV0vo/z40UAJhe3x7Wx/fQuNpj+bXBheYHpmPhrfUVs8Xdxv9Mj4NPC6ZAGcqU3f8r/udX5PB9s0Xabv5dJ/Zmrv5nlb2C7vtV3K8vUVxjqYlPmde9OV+YFyo2l314vlHexvAG9HFsCJDlM0Q/urD+U6yefj79stfxDQL21qFhz2a8rVdjFP9PG/3DzcmW7M1/a/5sj7Wx6qW8gCeHOyAM5zHKJlrk83+98Aft+uSyesHxOU+d02eZQFxbyu3yoP96fXRw53phvztXHL+jrteDY/17erxkdn+xcFXogsgNMsgzenszpvF3VWLyfrLI67Q36n32rrxocHu726ccftLfW9xk8T/jLvZQG8LFkAp5mn4zRb6/w9ypBe1Czot9rj66qnmw17HZVt+07T6J6vLRO8R0DTL01vZPsjiHJ3568vC7wMWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAG8oXx98vaNxev3KT/9EuP2zcfL1yAX/RuR81XJ7fi4TV0DfCxZAG9oyII+shtZAPwfsgDe0D4L+tkPJvajLKhkAfxqsgDO1IftogzjcmO5ul663L62LNjvUP/H30/7cd+jHa/XtiHfz+uzZX3O6hrgY8kCONH6JwGLPnb3l9uIXib0zt0sOOw5q1lwKffr+B+zIDv3Jbs1wMeSBfAitnlcD2M/oofT3S8Rnq3sJ3X8Pzq+ftVrs/Ec+EiyAM7Uh21R53fTBnE+AVhm/XBes2BcuY759XiZ7OWkr6nHsW2zWwN8LFkA5zmO6eMgnqx/S7DvgOE0++SpZZ/d6fH1agrU4+tXXmNZvVsDfCxZAKdZpnvV5ncfwatpFt9bej8LhofzlwT/PQvWt5f1dQ3wsWQBnGib9pfbbZ3HGcGR2V/Wrv+Vv5sFT1aWEtid1JHfj/v6ZaP5Tl0DfCxZAB+szvUnjHwgZAF8mO2zgtXygcMDu08UgF9NFsCHGbLg+bAvi1UBIAvgd/vhbxmA30IWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAEAELIAAAhZAACELAAAQhYAACELAICQBQBAyAIAIGQBABCyAAAIWQAAhCwAAEIWAAAhCwCAkAUAQMgCACBkAQAQsgAACFkAAIQsAABCFgAAIQsAgJAFAEDIAgAgZAEAELIAAAhZAACELAAAQhYAACELAICQBQBAyAIAIGQBABCyAABo/vz5F0zy112cRmQgAAAAAElFTkSuQmCC |
用base64解密并保存为一个png图片可以看到内容
得到压缩包密码asdfghjkl,并且压缩包里面都是二维码,一个二维码对应一个字符批量识别得到
1 | 0110011010101001011100111011001010111001100111001010110110000111110101101000101100101101111011001010001011010010011010011011011011011001000011001010011100010111 |
然后用八位一起二进制得到
1 | flag{QRcode1sUseful} |
日志审计
可以看到存在大量日志信息,并且直接搜flag,看到sqlmap能够对flag.php进行扫描,取出来这部分日志信息,然后用脚本提取一下
1 | flag{mayiyahei1965ae7569} |
海量的txt文件
得到大量的txt文件,放进kali
执行命令grep -rn key ./flag
得到flag
1 | key{fe9ff627da72364a} |
哆啦A梦
hint:图片少了点什么
binwalk+foremost得到部分二维码,然后多半猜测是CRC,改成300*300得到完整二维码
识别得到ZmxhZ3tDdGZfMjAxOF92ZXJ5X2dvb2R9经过base64解密后得到
1 | flag{Ctf_2018_very_good} |
flag就在这
得到一个破损的zip,可以看到文件头破损,zip文件头50 4B 03 04
修复之后提示需要密码,但是没有任何提示,猜测是弱密码,爆破得到密码155466得到flag
1 | flag{3a845dd9-4e8a-5b6b-38c7-a78d66e8a055} |
Fix it
修复这个看似陌生的老熟人吧。修复一下,识别
1 | flag{easyQRcode} |
flag
得到png图片但是内容是文本
1 | iVBORw0KGgoAAAANSUhEUgAAAN4AAABICAYAAACZWEvpAAAd0klEQVR4nO2debRdRZ3vP1W1h3PuuUMGMigJMyqvhaAijfJEg/EJCGK3grjUxuk9QRQRDSA+DaDtADwVbG0nWp88cWEYnq2oLT4aEAUajdoaZBAIEBJIcpObO5xz9lD1e39U7XNzL9jq0uVJ0vvLOivsc2rXrl1Vv7F+v99VIiLUqFHjLwrd7wHUqPGfETXh1ajRB9SEV6NGH1ATXo0afUBNeDVq9AE14dWo0QfUhFejRh9QE16NGn1ATXg1avQBNeHVqNEH1IRXo0YfUBNejRp9QE14NWr0ATXh1ajRB9SEV6NGHxD1ewB/KqaTCTMAVJn6qwjAkYoD58AlAEzFYxgMDTfkb9MdANxkgm4YiDpYWyKmhSAoHAZQZezbR2MA5MzpPb8kp2UVAKUxgMZaR2o0uC4oxZTy42p122AM7ThFAw0pfb82CuP275Ha8B5mKly3fDPj2xsHSIT4x6L0eJiHJmCwOCACG742Jca/gB+0+Pe2ujndH1BqF1ppcIDy1+H1ML3+Zq6Dfx6Y8B42dGikuj8Kt036G2RwZr/h+SgQBQXj4f5hTAHgQCkmYr/iQ7kFY+gajQBNRgFwdhCtUxAQB2rWOFEzn4+iL9j9JV5ZglJ+ghVEFa9x002sLT3RWd/eGL9a6g9YFYtM97lDTnFkwtQqBUUxfYPWUJbU2cd/GMoSv0u1BqXIyREEzEyKcrYAsWhjAmMBtRPv7l1e4lWkIRUPCV9EQQJiFOCllc1BRW0MGitDGKCwMZFpeuKIDagWOE0pfq114Pi9Bzkv6arHJQgGC6oLzgJNrESk1kAJTqdonaK748RxDLGGyDDQe4EgQoyXRAnpjOcl1YOCpJveS1GvmSgo8RzcoFECRrVDu8GZExY2ZRkkXRQ4QBY6Tm2QUEbPYMum9Bd52DFJkGSI/95ohwUyU/UTfg7XlUTLtQr3++uexAuCv+sVE2KG/T2qC8aQ5TFJAvOwgMXZBCUxosBo0GYQJxaN7s2diOd7M9EnETcLOzFP+DNBB5XJgknAYFCo3oJU0q2spJK1vdv0H7NGSvmbgLIMu8j0uqPZaBKZiGxq6ql2Q43fhbA+YWopg2quowgVeaIrSijKHL2DXunczq1TqN2n5oonHBukW8VBiTKcs2gNIoLLW5gIclNSUhLRoMxgIK0IL/YSIfKmodbeNlICyLTNZGP/AAmSJ8qAwmIH/eIbxsGWZGYeAKnzNhVl0/efeKJMggSpTKfI+XFk2r9Hav1zShOeEzZeqarrSiI7BLA9SVh4M8wG21QHDYAUq6afF1fvFmwfcV5CKu1tS8Tblj1bMujolYaherZheD+aGAGlwrX1ktX2jDjtx/Wk96AHUZXFDo0MsG3aAzkAyZQlasxFtCbvQpp6yVbZvjaHSGlMXPU2W7aEcbnmU//8F8LuL/EArTWgUEpjIq8RSrDN8sIvXt7p4IrCayJ/xKyIBDsEvKqK1+ZsnoExuPAfRRF0H99UKYh2eUX/L4QwUQ5HNOCVdGtdj+h2RBxHmCioxVnGzordQOK5Gf9mgeOnznPs0qVEUQR5joigUr8oE8R4/yNYZ2mpYJSrDEToFA2SJFwDhhic7j1OIk9tCo0rFdoonBU6bopG0kCKaAZhWRUkZK6IYoNzBUopch3Gix+v0Ar9dsL7NMP7+HFYnYZ2HpF13k7UeWjfmjE7aUmQdkHC6NaMWTPBa4vz31TjSZhpw+WVzRm+tj3mFLyX1aVokGnbDTUVJNzMcU2bWn5cmYR5ED8PWRhnKmPeSyLDuAwk9TyskYxS5l0iuydEMBX7kQwCWFDiGZ+oSgOoJLWX9arSBGZ7Pf9C2O0lXhRF5HkOUYSKYz7/2c9iooQjjljORFv4whVf4pRTTgHAFWE7K9WzKX4vRNBGhduUJzqE88//AEnS4tJLL6Ms4b0r38vqa1cTRQZnxXvfavx+KO21B0DHwQcWAwgrV65kztAcvv5PX0fhaUiCN1NEesxkZ8SuT3iie1zWi4HCf8qW/wAmmQK9Dux9fOLim/jhTVu5645/pTXQxTS6tN0oIqC1AsZAjRN77ZRCXLBnwjOiAidtL+mIsMrQFphS0DFgOj9D/Xo133rQcmd7ijesfDc2hrnZQ8zL14HKkEgxVpZkOkKomG4LVwiKUZRsIadJV5okgMkAUihTjCswrqArhefdWgMxo7QYp0XCJGm5nTSfJM0nQZVe/OiCH930Pfaca2goxdLnvZ7v/nQSLVNAh65E5CoiYSOmXMeeS57L16/6IVZlWJWROEfivPcz02DEf3I0GRpsAXnXn1tKSdf6x2Yor4Xk1htumV+ejIIOGeIikAijHFpZ0CliDal1pJkjZxibLIDS36gTR8d1yWWET336/3Dfz+/kEx86jw3jlg7TklZFClyBI8hkcSAOh8LtBJ7NXZ/w/gCYsLW3bNzIXnvtxSGHzMXh0GiiKMIFzigFnl2WBVp750ekItpZ2zPPsF46jnv35EVJpMEJ2CAwN2/eTBRFDAf1p5NBs9mkCJ7T0pY0oqTn4BABay06jj2XDl7PyqsaxcE7aoDcq5QmePD8vd5JUgKFK6ZdgJWntiy545ZbWLlyJT/84Q8ppcsll1zCqlWryLIMkB1sJctFF13EhsceJUmS3zu3mh20NWN6Y48jsA7v3ofgJg43lNW9GqUgyxxZkaFQFGWBiiIkyyDSOAI/rRYESEyCUQYpSxbuvTdDQ0OU4WxUhUmRotipjehdn/BUCZRB6kUoYhQxJB1IOtgsBxmGjmbbQ5tZZx+iPQyq1BhSprrbGBxJ/H73xg5EBpQjNlAQ0UhHEF1SuA7dThckJsv8pnZxRAEMAUMFYOaRmXkUepwMmEPGYJqxXuYxZp4G3W2kxSjjQA4oSmwxhdECpYZuC9pDPU49aUtEFxgzAW4cEkAyjGjK3O9zE00ynD/GvGw9sW4woYfYmAyyuTWXri2QZoNvfvdWznz/xRz4vOV0Sfm7I+bzy2s/jjCMMIiJ2hiV8dv7hQ0bBnj32a9lqnMfmhRN6hmS8rZfgps+Z3T+IybFGQudx6DcwCiwXUPDdknLNhNG0U4AH/hDhylKcighjTRxbCmZJNYWikmyAUdhhEYG6RRsMzHbkwZJ/jCJbGDSaabiBIoxEjdBhiEnEKlSqMAALNMeXKgUo/4T5K5PeL8HJnDtT5x3Hke+5LU8smYNew08jY997LMUFhqNBu122wsJDZvWP8rLXnwUWhm0MhxyyCGMjm0DvL3YaDY595xzmDt3LpGOOfg5R/DN627gRS9aAVkGzlGWJc1ms7e8U9kUSimSJOGy889nz+ZiFqVDvOl/vJPtU9v9wboIG9at48QTTmDuyAhNtZBDD30Zk5OT3iuqNdevXs2ikRGa0RCpXsjll39t+kWLgk9deCHaDDCcDHD44Sdx930ZaZLS7rT53ve+x1FHHUUnr7wjFpyj0UjodnMMhsIVXHDBBVx44YUkSUKrNcsh8hQ466xzWL36W4h4TzHAC/fdlzt/cb9v4Bxb1q3j2GNfz/ZxYAC+9dWrWfi0hQw2B4mSEd7+trPplB00mg+8973832uuISLCiYNuznOecSi//PdNXmWMY8YefZRjjjmR0gJRRBzHGGOI8Pwg63Z3amkHuwXh6WBNexvMUGAosDSxwSNIPsq5F5/Dr275HK1DX8VdYxu58INn0DQFSIK42M9E4bj8ki/x9jedhZM2Il2OednJnPbfz6FgKzDBu07/CPffu40ntkyQuVHuWX0BH3/98fxSLWLNQAraYYsOI+MJww4GspQRM495seOmf7meZMXrWSOCdO7grwfu582v+ySlTaBzP9/8zEpefvobeKDYihQ/4I0rDC9725U8RIr9xYN8/G1ncePtG9leCI9vvInbbvoHrrzmy4zJAGdf+n0eTZ9Hd3QT0l7P9f/zeM44osG6zWtZv2Ujeyw4iC//07UctvcS5ijFwctfyc8e3ExXQDcSDNv5+lcuY9F+z2fOnvOx5Ta6nU0o58/qcuU/yhUoV3jJoeAtJ63gwV/eTFt5j+ojv7qThUvm8d1rfhVU0EfpbPoZz3rh4Zhh+OqXv8TFn/1f/PzHD7B9XCjl++yx55285m8/SW4H+btXnM49P36UDim5Mvx27RdZuvRuvvzNq+kCdNs8+tv7+OsXvNavmRuDfAs2UhR4LTZtBhXZWmajZ/OFEMJ+YTcgvP8YZeUGc448z4miiGbD/1bYgjzPaTQa3sZJNB/55Cd5zcknA5DlGWeccQZjY2PkZc5EZ4JbbrmFK674EkkSYzAke+/Npz/9vml7yFpuuOEGli1bRhQcNABTU1MsWbKEV7/ipb2xnf+JT3DfffexYQMgwlmXXMIbXvMGbxdFEaeffjpTU1NsC3G9hxxyCPvttwBrYdHip3PNNdfwupNeR1EUrF69mtNOO410eBiKgsOOOYY3vvGN3HrrrWitWbNmDXfddRdr166lW1re8Y538LrXvY7t273K3OlMceONN3LuuacBEMexP4b5PViyZAm333473UxwwNVXX8273vUufv7zn7NtDFCKK6+8khNPPBGASy+9lCuuuIL99ltKGgMUrFq1invvvZc77hhjyZIl/PSnP2X7hO//uuuu46yzzmLNmjV0xfd34403cvzxx3tzUimOO+44brzxpp6NJ855otuJPce7AeEFHha8mgaDxlS+TUxifACgi2CqYFxPkAO2DQ09gGYQrZo4GQO7jdEHx3njye8gVgM0B4c4aP9DGNtaUKpxHh99kKctfC5YiBMQCnADHH70K9lX5Szuwptf8xY2jsNFH3wNCT5CBWNJdMqB+z6DOcBcAJtCHrHsr4Z54rHfQGOE8XUbOeWYt7DA7I2KDmbBQa+i2Pob5idgDm6x/5FPY6/hBXzgzHP59uqf0kz3omSKybF74NEHOGzxXBpmhIHBfVGNp3PeP17Jr397L1OyhcbwAXzqs19BzZkLojn9bw/ihGcbHnrwRyjg/Ret5oz3XcHCwa1I91G62T5YdyClzhCdkUjpbTmdIjr1vkFbMH9RwsL5mkfv+QG2u52fbNiXZ778QzxXT2B/tg7aS7nu39Zy+F9tZNPmG2g843DmLjuYZgfSNmCfT2JexH4HDvDQI7fTetbjtJbez+Z7ryZpb+PH97yAQ5ZfzEENxeN3/pQ8WsLnr7+dZx6YeImawlkXfYB//OKXWHXxF+hkDqUicAqcmnZ272TYDQjvP4Z1gfO12wwNDdFsNtleQhJikaMoot1uE+kIjOHII4/ksMMOo9PZTJ6Pce8DDzE0NISIEMcxk5OTDIa4Y4eDKKKKQdAavnL99YyMjHDRRf8wYxxKqV5caM9LFzoSEchzli9fzvLly3n88ceRcpR77rmDefPmeeektZx38cVs3baZk046iVtvvZXFi/ZjzS/W0Ol0OPTQQxndMkq33aWdt8mtpZPnfOjcD7HPkn0YGBiYNnscMDDA2NgYSiluuuVmtm3bxmGH7Y/F0mqEFKSnUNWehEaDo48+mrvvvpu1a9cSRRELFsCKFSt44IEHWLNmDUuXLmU4HsZaSxRF0xkHlUDqdonj2Nu6Zc6xxx7L+vXrueuuuxgeHmbuXHj5y1/OI488wm233cbBBx/MvDkNv3mLgss/+EFOP/10Vp3zdpqpxpalt/F24pjY3YDwPE8rIx9fSe5QuSOlJKLE6ZhOHMP8QTZFlmhsnAUKyEtwMJApBvMEyLl9zY8YWPxMTjtnJaZhMXTZ/OgTtLdOEtlBnr7oQJ7Y/gu2tssQCWEgK7j95lt5qJOySQNuM6e+4gj+Ze0WNhE0TdehpOSBhx+gqM50RaDd5ke/UQzv91+47/aHWTz/YN502qsZWQBMrmfk7jv5bXs74y0okn0pzd48MQT7rziMSy49lq///Uv552//kiVLj+A3Wx5mU7EdGoD22QANiRlkDwaKPTj82TFb1/+MVOETG/IFZOl+2K7hX7//Hb72xY/TihSRXoiO5nP5Zat406kncOQLXszY9g6ioiqIxac3ikZMDHoxy19xKrd/51YevvMnvPTklzCl4KiXL+H//eRLXHPf47zkzZfQzPdlWeOFbNm4lnt//YsQmtcF8zjd9HF+8e9PsHTvwyEaZvmKV/LP3/sZv7z/cQ4//kjGEzjlxfux5ttf44cPbOCoU09D5QUDOZA9ixuufZiXvuyQ3mbWToEzkEs4tXO9815H5G286mijT9gNCO/3o2LcIsLQ0BCJAeII28koioJGwxt9ixcvZnR0lLVrH8NieWTjI5x//vlorRERNJrjjjuOM888kyc2P4HB8Js77uC2225j3rx5PQbrnKPVak2n/BmDUooPf/hTfOc73wvGvWLVypXsv//+LFoE8+fPZ/369WzevNnfc//9XHzxxX78Dn7wgx9w4qtOpIP1AcRac+2112KtxRg44YQTOP7445mc9FEe69dv4MQTX83o6Dbi2HDmmWfy1re+lbvXrgXgqquuYv369SxbtoyPfvSjOGexpcU5S57nvPOd7+Sqq67ixz/+MXNG5vSCQPK8rFLjsNafSe6xxx5s2rSJb3zjGyxfvhyARXvtxdjYGNdddx0rVqzwjVst3v3ud/Oe97yHh39zf299Vq1axfOf/3ye85xhQDN37lweeughrr76ak444b9iBYaXLGHr1q2sXr2ao48+miQJIV+59M5iK5VSxcYH0O7Ens3dhvB6TiqtQWsUEQqvBjZioGhQyiATm9dViQyYgZgoKmk2Fe2JQfZd8jwu+uipHPfKZ5KqZ/PqY87j3A+8kuF5j5HafYjdAj592fsYmTPBPnvuTayH+dwVX+eMs8+n4TKfY6eGcM0FuPEtNCCkqGvWPbSBL3z+M3z2M5+n1ZzPcLQ/XdfghtXvpCkZ85/9TN7/8Q9z1POPY8As5uBT38uRZ3+UZ0RPsK/AK/7bERx6wEIOUEPso5o0WkeTL3k1H155Di0HH7noAo4+dgVD84dQScyxJ/8NZ5+7knkjc1Ady4tfcBQXvvc8jj7yRURG8f07f8S1N32fwYEWRmkUPqhYnCPShmbaoMwLdEgHNhps6UiTCGcFV/rNE5mEaKDFs5YtY2iPPVgwNOA3VRxzzPHHs3T+Aha1CGkYjre/7fWc+c4zOOyFz6GRNEnVMnR+MF/96vk0Igcyn2T4AJYd9DKGW3OZOzRGokahEfHKk/6GRc0D2HMgwZCBtH2SvRGM1jMdleKe0mvZa9Nn4283CJKenQ4UWHOksewQTFw+AEqx0eyHBZZYwOZY44OVNQN+rSIfpDu5rcXgEBC1cc6hZNAnk8s4sYmhOqoot7Lm5pt51arrueWWK9nXPci9N9/MqV95kGu/8RHmZdCMCx+o7By5HqYooaWfABFysxCApD0FSQIqpduFRsu7MreHRNYRu9nbqm6eTyuyFmMM4kAbf/ZeMiOxnhQf1oXFR7wkCRQ5NBKscr60hSsx2oeLi0jv4DnPy56nttvt9rQCHynjehn2Tko0Foo2xDET2o93yE5BWbIpHSEG5toOWEueDGIdNHdMpFXQNuAoGaQNInSnRogGocM4UDLU7oAxbE0XI8A8Mh87MZ7yogMP4nOP/xtz4iEWAA2HJ7w8Jw9HC1VwdxaietKeePxD99mfFzuvLP4DUc2fJuSVVSUXxNvupRRoLaAXQFHQMlV0AxAnGKUoi8Lfr/ER70nq/R4WiLxq5To+suXvP3IBrVaLlSsvwpUloxu384a3ncUHP3Yl8xSg5rDwwMNg6824cWgMgbgY5Uof5esgjUDKQZS2JPmo35ADI0BM7iBuwURFcGXh1bR0DlKWXp114GLjicyAWIcWTUNBUVjPSLRGa8ht4R1DAzEg6CgBgWKyQ6PVAq1wzoWILNs7QkiShE6nw4YNG7j88sspCttzRDnnUEpxwAEHcPbZZ5GmhsIJsTZEocQNtoQkYWTHxTKGMvNpWOAQ5xASyhJiM4FCIeUwSqCR4kN7YuNfMhkGIhKqTTsOxjH2cIdMW4rJKdK5Q9MqnBVIGugZrGjHLIrwb7/8L7KLw0kePiLinvzJy0yc5CKdzSLlmGwXke0iYrvOt5Hcf0oRKURExkVkQlw7/CTbpcg2iev43yfHN8gpJx8njSiW1EQyZJRc/ZUrZFJEJkVEym0i2RY54/zLhNZ+8rGPfSY8pysiXSlEpFOEa7tdpBwVyTZJJm3pShlaiWwVkTERkckJkSKM0WV+nJnIeEckcyId8V91SyvW7jAvTqQo7Izp8FciZTcTcSIuL0TESqczJSJW8rwr3W5bRHboSERs6LjTyXrfdbu576usJq4tIm3JRKRtRcS1RYoJmShExnMRcV0R15UyjHdqcszf50RsKZLLuBQyId2p0neXixRTIl3JpSu5SJ6LFP59p0Qkk8fkfWeeIksZkv99wWXyhIg8JiJtcVK0w3pmpRRipRArYv2nqJbZPuk1/6LY5VVNG1RNI17V7GVK96phZbTbUww0fSZ4u5wijVNcoYgiQ1kWaK0xxpBlPsSqgjhfxiFOdlAMbBFUvpIiz4mbA+D0tAOHDlEc42zkayz18tJKsjwjikMYlvLJt83Iq6ydosAMxJT40KmGS3v3+VyXmEJAaR9hHIVlmxJHrGMihDLLSaJQPybxEi7X3ilUEOqRWEtqommdVHvJo4IK1vt/0ZSFV8NNFHk1PIiTPCtI0un5duIzC6xYIvEqqXUdTBSB8+1K6RCZCFvGGAMS8hOtjTAayjz4QkLQgbhxtDbkeYoxBhMmspNvoNkYwBVzfJhfCUx02LqHn8dhfDa7y3J0kmB1Ve1Mz9wf0wnxfcFu41z5XRBxDAy0cFYQB2mcIghxbHDOn80553DOkaZpz+i2pUNpponO2uloCF8TgjjYPeB9OsZAFMcUed7z/FVszYkjTVLvCQzR+c1mE3LfIA0bWaOxVVjvDkcP4ZEAZGXWG1OsYywWhSJJ0+mENWt9XiGavMx7tWYis0NFNJEdCE1w1qK0PwcT54jiGBNF2LJEaXAh/aIiut67K40Vi1GGPPMMy1QexVBmLzIR1nkPbPX+gmBCXZo49vNVeU+1Nog4kiTydmeYx2ZjgLzI0Ibp6OehJrLDpTjQSfKUIWM7C3Z5iSdB4qmexPMrp1zInzMhc1u8BDFVbZFgQz2Z8c38RlU5LCFDGlWV6lPMqGsZmpWhWWQr12kYV+hHhX6quifV5FclX3oDCe63CQVQMiRhE82uWWerMl6+rx0KCWIInH7HFQ51K/PqubMyzf9YVO/vqkx0V6UBzZyQ6Yz98P7VvKIxVQ1PQKr7kHAGGuYvSC6vyUxXEqvebaqqbsaT67dAsP/9AGbcV9fVrFHjPxF2ea9mVXS2VxOEHSSDgsqPNbtisZvFcn6Xyj+7Xue0X0zP5JZB0rpe4mfVgT9P6lURC1EUoqqoqdJ3Eyok05PcXnYNEgPRtNHakwDhsWbaazddQXSHAcyKwu8drzxVuz8B+kn9zJqHWTOrexqFrxgtek649iO0+GpvVeVqG/TsnjQzlWwP1diqr2eNSz3pf3YO1BKvRo0+YJeXeJWoCoWOSUIdSl/B2PRsql5xWplVpaun6wcOGiROVV2sav/k32eNI9heJtguVsXT9SMFnJp2Nvh24bZy5t9MQPk6nlH1YsEYKytva6h3osIBdB6em4S+e97c4B2cbUua6vNn8uqpWR6Cno0dOp7tVeyVN6yuZU5o5y8jV1VDy0GBMSFQodIZjJeEEtbBVeUxZnsqZq1Pv4/tZqOWeDVq9AG7ncSrOKOv5G/QVWjXDpUkZ/CbKnTpSSxytrUw6/p3+IJN+CEPI6n+9kGveVVBMGRtZmEF0nJaonn4H7qJlwCNnsSwM+zNZAfJZdW087Uasfdszhq6mp6vPzVVVKkqF9J3WASJl4TrsrKtKxN2tpex+hsKoXZ0VPr1kqrOkqq8oeHvXwSbVYe6ozZYd9MS/KllyY6rHzrsK2qJV6NGH7DLn+PVqLEropZ4NWr0ATXh1ajRB9SEV6NGH1ATXo0afUBNeDVq9AE14dWo0QfUhFejRh9QE16NGn1ATXg1avQBNeHVqNEH1IRXo0YfUBNejRp9QE14NWr0ATXh1ajRB9SEV6NGH1ATXo0afUBNeDVq9AE14dWo0QfUhFejRh9QE16NGn1ATXg1avQBNeHVqNEH1IRXo0Yf8P8BfRdL4ItfUgIAAAAASUVORK5CYII= |
用脚本转成png
得到flag
1 | flag{base64_wow} |
宝宝
得到一个二维码,但是识别内容是:一个宝宝是解不开这个东西的!
binwalk+foremost得到一个加密的zip,爆破无果,用题目名称试试:babybaby
得到一个readme.txt和一个flag
txt里面的东西被64解密之后得到:离成功只差一步了….
flag没有后缀名,补一个png,得到二维码,识别得到:
1 | flag{ThIs_Is_QR_Code} |
小明的演讲
得到一个pptx,用zip形式打开,在ppt/media/路径下面有个xiaoming.zip包
里面有一个zip和两个txt
密码第一部分:2053250813784316:用在线工具https://www.qqxiuzi.cn/bianma/dianbao.php解出得到:我是密码
密码第二部分:ᅢ彎⽦왛Ÿ:修改txt文件头为FE FF得到:我也是密码
1 | FE FF是一种BOM文件头,BOM是用来判断文本文件是哪一种Unicode编码的标记,其本身是一个Unicode字符("\uFEFF"),位于文本文件头部 |
所以整个zip密码就是:我是密码我也是密码
打开得到c3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3NzZmxhZ3twcHR4cG93ZXJwb2ludH0=
base64解密之后得到sssssssssssssssssssssssssssflag{pptxpowerpoint}
1 | flag{pptxpowerpoint} |
SDNISC2020_过去和现在
得到一个图片,用binwalk -e分离处理四个文件有一个falg
1 | flag{fc25cbb7b85959fe03738241a96bf23d} |
[长安杯]binary
无后缀名文件。查看文件头可以猜测是个jar文件,逆向得到代码片段
1 | // |
把数组里的值转成字符,然后base64解密得到
1 | 0000000101110000000011111101110000000 |
是个猜测为37X37二维码,可能是二维码
识别二维码得到
1 | flag{932b2c0070e4897ea7df0190dbf36ece} |
[长安杯]八卦迷宫
得到附件,走迷宫
1 | cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang} |
[长安杯]Ez_Steg
给了一个zip打开有提示:Password is six number爆破得到密码220101
得到表情txt:
🙃💵🌿🎤🚪🌏🐎🥋🚫😆😍🌿🍴✉🍴🙃🌊🕹🖐🐍😁💵🕹🍵🏹💵😇🐎🕹✅🌊🥋👁✅✅🕹🌿😍😆🕹👁😂❓🔪🔬🔬🥋🚪☃🏹🚫🍍✉✅🤣🍌☂🛩ℹℹ☂🍎👉🚫🏹☂👌✉💵❓🕹✅👑🏹☀😡🤣✖🍌🐎😁😊😆🎤👌⌨🗒🗒
得到一个pyc:反编译,python版本3.6得到key:St3glsV3ryFuNny
所以是emoji-aes:然后解密https://aghorler.github.io/emoji-aes/得到flag
1 | cazy{Em0j1s_AES_4nd_PyC_St3g_D0_yoU_l1ke} |
[长安杯]西安加油
打开流量包得到,导出http文件,得到一个secret文件,然后base64解密得到一个zip里面全是图片,要拼图
montage *png -tile 12x4 -geometry 100x100+0+0 out2.png
python3 gaps –image=out2.png –generations=10 –population=48 –size=100 –save
可以调整拼图也可以直接用拼图,按照图片名称
得到flag
1 | cazy{make_XiAN_great_Again} |
[长安杯]ez_Encrypt
从流量包里面得到一个web123,base64解密得到一个zip,里面是TP源码,然后用解出混淆工具
解密一下app\controller\index.php得到https://www.zhaoyuanma.com/phpjm.html
1 | cazy{PHP_ji4m1_1s_s00000_3aSyyyyyyyyyyy} |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 Valen的博客!
微信- 支付宝
