BUUCTF-MISC-[GXYCTF2019]SXMgdGhpcyBiYXNlPw==~zip

文章目录

1.[GXYCTF2019]SXMgdGhpcyBiYXNlPw==
2.[RoarCTF2019]黄金6年
3.[ACTF新生赛2020]swp
4.间谍启示录
5.zip

1.[GXYCTF2019]SXMgdGhpcyBiYXNlPw==

题目描述：得到的 flag 请包上 flag{} 提交。
解题步骤：发现题目为base64编码，解密得到Is this base?

打开flag.txt,发现base64隐写

Q2V0dGUgbnVpdCwK
SW50ZW5hYmxlIGluc29tbmllLAp=
TGEgZm9saWUgbWUgZ3VldHRlLAo=
SmUgc3VpcyBjZSBxdWUgamUgZnVpcwp=
SmUgc3ViaXMsCt==
Q2V0dGUgY2Fjb3Bob25pZSwK
UXVpIG1lIHNjaWUgbGEgdOmUmnRlLAp=
QXNzb21tYW50ZSBoYXJtb25pZSwK
RWxsZSBtZSBkaXQsCo==
VHUgcGFpZXJhcyB0ZXMgZGVsaXRzLAp=
UXVvaSBxdSdpbCBhZHZpZW5uZSwK
T24gdHJh5Y2vbmUgc2VzIGNoYeWNr25lcywK
U2VzIHBlaW5lcywK
SmUgdm91ZSBtZXMgbnVpdHMsCm==
QSBsJ2Fzc2FzeW1waG9uaWUsCl==
QXV4IHJlcXVpZW1zLAr=
VHVhbnQgcGFyIGRlcGl0LAq=
Q2UgcXVlIGplIHNlbWUsCt==
SmUgdm91ZSBtZXMgbnVpdHMsCp==
QSBsJ2Fzc2FzeW1waG9uaWUsCp==
RXQgYXV4IGJsYXNwaGVtZXMsCo==
Sidhdm91ZSBqZSBtYXVkaXMsCl==
VG91cyBjZXV4IHF1aSBzJ2FpbWVudCwK
TCdlbm5lbWksCu==
VGFwaSBkYW5zIG1vbiBlc3ByaXQsCp==
RumUmnRlIG1lcyBkZWZhaXRlcywK
U2FucyByZXBpdCBtZSBkZWZpZSwK
SmUgcmVuaWUsCq==
TGEgZmF0YWxlIGhlcmVzaWUsCh==
UXVpIHJvbmdlIG1vbiDplJp0cmUsCo==
SmUgdmV1eCByZW5h5Y2vdHJlLAp=
UmVuYeWNr3RyZSwK
SmUgdm91ZSBtZXMgbnVpdHMsCn==
QSBsJ2Fzc2FzeW1waG9uaWUsCq==
QXV4IHJlcXVpZW1zLAp=
VHVhbnQgcGFyIGRlcGl0LAq=
Q2UgcXVlIGplIHNlbWUsCo==
SmUgdm91ZSBtZXMgbnVpdHMsCm==
QSBsJ2Fzc2FzeW1waG9uaWUsCl==
RXQgYXV4IGJsYXNwaGVtZXMsCm==
Sidhdm91ZSBqZSBtYXVkaXMsCu==
VG91cyBjZXV4IHF1aSBzJ2FpbWVudCwK
UGxldXJlbnQgbGVzIHZpb2xvbnMgZGUgbWEgdmllLAp=
TGEgdmlvbGVuY2UgZGUgbWVzIGVudmllcywK
U2lwaG9ubmVlIHN5bXBob25pZSwK
RGVjb25jZXJ0YW50IGNvbmNlcnRvLAq=
SmUgam91ZSBzYW5zIHRvdWNoZXIgbGUgRG8sCo==
TW9uIHRhbGVudCBzb25uZSBmYXV4LAp=
SmUgbm9pZSBtb24gZW5udWksCo==
RGFucyBsYSBtZWxvbWFuaWUsCl==
SmUgdHVlIG1lcyBwaG9iaWVzLAq=
RGFucyBsYSBkZXNoYXJtb25pZSwK
SmUgdm91ZSBtZXMgbnVpdHMsCv==
QSBsJ2Fzc2FzeW1waG9uaWUsCn==
QXV4IHJlcXVpZW1zLAp=
VHVhbnQgcGFyIGRlcGl0LAo=
Q2UgcXVlIGplIHNlbWUsCm==
SmUgdm91ZSBtZXMgbnVpdHMsCp==
QSBsJ2Fzc2FzeW1waG9uaWUsCm==
RXQgYXV4IGJsYXNwaGVtZXMsCu==
Sidhdm91ZSBqZSBtYXVkaXMsCm==
VG91cyBjZXV4IHF1aSBzJ2FpbWVudCwK
SmUgdm91ZSBtZXMgbnVpdHMsCn==
QSBsJ2Fzc2FzeW1waG9uaWUgKGwnYXNzYXN5bXBob25pZSksCn==
Sidhdm91ZSBqZSBtYXVkaXMsCt==
VG91cyBjZXV4IHF1aSBzJ2FpbWVudA==

base64隐写脚本

from urllib3.connectionpool import xrangedef get_base64_diff_value(s1, s2):base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'res = 0for i in xrange(len(s2)):if s1[i] != s2[i]:return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))return resdef solve_stego():with open('flag.txt', 'rb') as f:file_lines = f.readlines()bin_str = ''for line in file_lines:steg_line = line.replace('\n', '')norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')diff = get_base64_diff_value(steg_line, norm_line)print diffpads_num = steg_line.count('=')if diff:bin_str += bin(diff)[2:].zfill(pads_num * 2)else:bin_str += '0' * pads_num * 2print goflag(bin_str)def goflag(bin_str):res_str = ''for i in xrange(0, len(bin_str), 8):res_str += chr(int(bin_str[i:i + 8], 2))return res_strif __name__ == '__main__':solve_stego()

运行得到结果GXY{fazhazhenhaoting}

flag{fazhazhenhaoting}

2.[RoarCTF2019]黄金6年

题目描述：得到的 flag 请包上 flag{} 提交。
解题步骤：Kinovea打开附件，在2.46s时发现一个二维码

QR打开发现：key1:i

继续观察视频，分别在4.90s，8.16s

QR打开分别发现：key2:want，key3:play

连接为iwantplay,感觉不像一句话，应该差了一个二维码，眼看瞎了也没找到，看别人wp才知道，还有一个，QR扫码为：key4:ctf

连接起来为：iwantplayctf，试了下不是flag，010打开.mp4文件，在末尾发现了一段base64编码：

UmFyIRoHAQAzkrXlCgEFBgAFAQGAgADh7ek5VQIDPLAABKEAIEvsUpGAAwAIZmxhZy50eHQwAQAD
Dx43HyOdLMGWfCE9WEsBZprAJQoBSVlWkJNS9TP5du2kyJ275JzsNo29BnSZCgMC3h+UFV9p1QEf
JkBPPR6MrYwXmsMCMz67DN/k5u1NYw9ga53a83/B/t2G9FkG/IITuR+9gIvr/LEdd1ZRAwUEAA==

解码发现为rar文件，里面包含flag.txt

python代码转换为rar文件

import base64
code="UmFyIRoHAQAzkrXlCgEFBgAFAQGAgADh7ek5VQIDPLAABKEAIEvsUpGAAwAIZmxhZy50eHQwAQADDx43HyOdLMGWfCE9WEsBZprAJQoBSVlWkJNS9TP5du2kyJ275JzsNo29BnSZCgMC3h+UFV9p1QEfJkBPPR6MrYwXmsMCMz67DN/k5u1NYw9ga53a83/B/t2G9FkG/IITuR+9gIvr/LEdd1ZRAwUEAA=="
r=base64.b64decode(code)
test_file=open("flag.rar","wb")
test_file.write(r)
test_file.close()

运行得到压缩包，用iwantplayctf为密码进行解压，发现flag.txt，打开发现flag：roarctf{CTF-from-RuMen-to-RuYuan}

flag{CTF-from-RuMen-to-RuYuan}

3.[ACTF新生赛2020]swp

题目描述：得到的 flag 请包上 flag{} 提交。
解题步骤：打开wget.pcapng

发现应该是http，导出http

发现secret.zip，解压得到.flag.swp和flag文件，看见.swp文件，隐藏文件，flag应该在里面，打开发现flag：actf{c5558bcf-26da-4f8b-b181-b61f3850b9e5}

flag{c5558bcf-26da-4f8b-b181-b61f3850b9e5}

4.间谍启示录

题目描述：在城际公路的小道上，罪犯G正在被警方追赶。警官X眼看他正要逃脱，于是不得已开枪击中了罪犯G。罪犯G情急之下将一个物体抛到了前方湍急的河流中，便头一歪突然倒地。警官X接近一看，目标服毒身亡。数分钟后，警方找到了罪犯遗失物体，是一个U盘，可惜警方只来得及复制镜像，U盘便报废了。警方现在拜托你在这个镜像中找到罪犯似乎想隐藏的秘密。注意：得到的 flag 请包上 flag{} 提交
解题步骤：发现是.iso文件，foremost文件分离下发现四个文件夹

在rar文件夹中发现压缩包，解压后发信flag.exe，勾选隐藏项目的复选框，运行flag.exe，出现机密文件.txt，打开文件，发现flag：Flag{379:7b758:g7dfe7f19:9464f:4g9231}

flag{379:7b758:g7dfe7f19:9464f:4g9231}

5.zip

题目描述：拼在一起解下base64就有flag 注意：得到的 flag 请包上 flag{} 提交
解题步骤：打开附件发现68个压缩包，但是每个压缩包里只有4bytes大小，于是可以想到是crc爆破，代码

import zipfile
import string
import binasciidef CrackCrc(crc):for i in dic: for j in dic:for k in dic:for h in dic:s = i + j + k + hif crc == (binascii.crc32(s.encode())):f.write(s)returndef CrackZip():for i in range(0,68):file = 'out'+str(i)+'.zip'crc = zipfile.ZipFile(file,'r').getinfo('data.txt').CRCCrackCrc(crc)dic = string.ascii_letters + string.digits + '+/='f = open('out.txt','w')
CrackZip()
print("CRC32碰撞完成")
f.close

解出base64编码：

`z5BzAAANAAAAAAAAAKo+egCAIwBJAAAAVAAAAAKGNKv+a2MdSR0zAwABAAAAQ01UCRUUy91BT5UkSNPoj5hFEVFBRvefHSBCfG0ruGnKnygsMyj8SBaZHxsYHY84LEZ24cXtZ01y3k1K1YJ0vpK9HwqUzb6u9z8igEr3dCCQLQAdAAAAHQAAAAJi0efVT2MdSR0wCAAgAAAAZmxhZy50eHQAsDRpZmZpeCB0aGUgZmlsZSBhbmQgZ2V0IHRoZSBmbGFnxD17AEAHAA==

解码为十六进制：

cf907300000d00000000000000efbfbd3e7a00efbfbd2300490000005400000002efbfbd34efbfbdefbfbd6b631d491d33030001000000434d54091514efbfbdefbfbd414fefbfbd2448efbfbde88f984511514146efbfbdefbfbd1d20427c6d2befbfbd69ca9f282c3328efbfbd4816efbfbd1f1b181defbfbd382c4676efbfbdefbfbdefbfbd674d72efbfbd4d4ad58274efbfbdefbfbdefbfbd1f0aefbfbdcdbeefbfbdefbfbd3f22efbfbd4aefbfbd7420efbfbd2d001d0000001d0000000262efbfbdefbfbdefbfbd4f631d491d30080020000000666c61672e74787400efbfbd346966666978207468652066696c6520616e64206765742074686520666c6167efbfbd3d7b00400700

放入winhex中，看到CF 90 73我们知道这是一个残缺的rar，补上52 61 72 21 1A 07 00 保存后解压

保存，修改后缀为rar，在压缩文件注释中看到了flag：flag{nev3r_enc0de_t00_sm4ll_fil3_w1th_zip}