MISC-1
提示:if you want to find the flag, this hint may be useful: the text files within each zip consist of only "printable" ASCII characters
给了53个加密压缩包,每个包分别含有一个txt文件,首先想到暴力破解压缩包,试过各种破解工具后发现并不能用,于是想到使用脚本。以下是py脚本:
1 #coding:utf-8 2 import zipfile 3 import string 4 import binascii 5 6 def CrackCrc(crc): 7 for i in dic: 8 for j in dic: 9 for p in dic: 10 for q in dic: 11 s = i + j + p + q 12 if crc == (binascii.crc32(s) & 0xffffffff): 13 print s 14 f.write(s) 15 return 16 17 def CrackZip(): 18 for I in range(53): 19 file = 'chunk' + str(I) + '.zip' 20 f = zipfile.ZipFile(file, 'r') 21 GetCrc = f.getinfo('data.txt') 22 crc = GetCrc.CRC 23 #以上3行为获取压缩包CRC32值的步骤 24 #print hex(crc) 25 CrackCrc(crc) 26 27 dic = string.ascii_letters + string.digits + '+/=' 28 29 f = open('out.txt', 'w') 30 CrackZip() 31 f.close()
运行出来后得到一串疑似base64的东西:
UEsDBBQDAQAAAJFy1kgWujyNLwAAACMAAAAIAAAAZmxhZy50eHT/xhoeSnjMRLuArw2FXUAIWn8UQblChs4AF1dA nT4nB5hs2SkR4fTfZZRB56Bp/FBLAQI/AxQDAQAAAJFy1kgWujyNLwAAACMAAAAIAAAAAAAAAAAAIIC0gQAAAABmbGFnLnR4 dFBLBQYAAAAAAQABADYAAABVAAAAAAA=
base64在线解密后得到:
PKrֈ</#flag.txtƚJx̄ ]@ZABW@>' l٩ᴟeA砩PK?rֈ</# flag.txtPK6U
怀疑是一个加密的压缩包。将原来得到的一串使用notepad++打开,使用插件base64decode保存为zip
在Linux下用fcrackzip爆破,得到密码:
解密后得到flag:flag{i_z1pp3d_a_zip_w1th_sum_zips}
MISC-2
没有提示,给了一个powpow.mp4文件。根据经验应该是要从视频中分离出图片,再从图片下手得到flag
在Linux下使用foremost进行分离:
foremost powpow.mp4
得到一张奥利奥的png文件:
将png文件转为jpg后再进行操作:
stepic -d -i image.png > image.jpg
steghide extract -sf image.jpg -p password wrote extracted data to "base64.txt"
得到base64的文件,在Linux下可直接使用python进行解密:
python3 >>> f = open("base64.txt", "r") >>> data = f.read().rstrip() >>> f.close() >>> from base64 import b85decode >>> b85decode(data) b'flag{We are fsociety, we are finally free, we are finally awake!}'
即得到flag
misc-3
没有提示,给了一张图片:
用Stegsolve打开后得到二维码:
使用光影魔术手的“自动白平衡”将黑白对调,得到真正二维码:
扫出来得到一串十六进制的数:
03F30D0AB6266A576300000000000000000100000040000000730D0000006400008400005A00006401005328020000006300000000030000000800000043000000734E0000006401006402006403006404006405006406006405006407006708007D00006408007D0100781E007C0000445D16007D02007C01007400007C0200830100377D0100712B00577C010047486400005328090000004E6941000000696C000000697000000069680000006961000000694C0000006962000000740000000028010000007403000000636872280300000074030000007374727404000000666C6167740100000069280000000028000000007307000000746573742E7079520300000001000000730A00000000011E0106010D0114014E280100000052030000002800000000280000000028000000007307000000746573742E707974080000003C6D6F64756C653E010000007300000000
看到开头是03F30D0A可以联想到pyc文件。将其放在txt文件中后使用010editor中的import hex方法打开,然后保存,更改后缀名为pyc后使用在线pyc反编译工具得到py源码:
#!/usr/bin/env python # visit http://tool.lu/pyc/ for more information def flag(): str = [ 65, 108, 112, 104, 97, 76, 97, 98] flag = '' for i in str: flag += chr(i) print flag
运行后得到flag:AlphaLab