Some personal summary of ctf steganography

Others 2020-09-21 15:52:49 views: null

1. File separation

1.binwalk
binwalk -e sim.jpg
separate file

2.foremost
foremost file name -o output directory name

3.dd
dd if=source file of=target file name bs=1 count=number of skip=number of bytes to start separating
Parameter description:
if=file output file name
of=file output file name
bs=bytes set read and write at the same time The block size is bytes, which can replace ibs and obs.
Skip-blocks Start copying after skipping blocks from the beginning of the input file

4. File merge:
cat gif01 gif02 gif03> 1.gif
md5sum 1.gif View the MD5 checksum of 1.gif

2. Picture steganography

1.zsteg xxx.png detects lsb steganography

2.wbstego encryption and decryption bmp

3. TwwakPNG detects crc check value

4. bftools decrypts
the encrypted picture file under cmd of Windows

格式:
bftools.exe  decode  braincopter  要解密的图片名称 -output 输出文件名

5. The stegdetect tool detects encryption methods,
mainly used to analyze peg files

stegdetect  xxx.jpg

stegdetect -s sensitivity xxx.jpgex

6.Insert picture description here
7.Insert picture description here

3. Pseudo encryption of compressed files

I won’t talk about the principle, just use the simplest method
to directly crack the pseudo-encryption using ZipCenOp.jar

1. java -jar ZipCenOp.jar e xxx.zip 加密
2. java -jar ZipCenOp.jar r xxx.zip 解密
3. java -jar ZipCenOp.jar r LOL.zip

rar file pseudo encryption:
the 24th hexadecimal number mantissa is changed to 0

Fourth, traffic forensics

The wireshark filter command:

1.过滤IP,如源IP或者目标x.x.x.x
ip.src  eq  x.x.x.x  or  ip.dst eq x.x.x.x

2.过滤端口
tcp.port eq 80 or udp.port eq 80
tcp.dstport ==80  只显示tcp协议的目标端口为80‘
tcp.srcport ==80 只显示tcp协议的源端口为80
tcp.port  >=1  and  tvp.port <=80


3.http模式过滤

Insert picture description here
Trace flow

Common key content of HTTP stream:
1. HTML contains important information directly
2. Upload or download file content, usually including file name, hash value and other key information, commonly used POST request upload
3. One sentence Trojan horse, POST request, the content includes eval , The content is encrypted with base64

wireshark data extraction
file-export object

Wireless traffic package:

1.aircrack-ng检查cap包:
aircrack-ng  xxx.cap

2.用aircrack-ng跑字典进行握手包破解
aircrack-ng  xxx.cap  -w  pass.txt

Guess you like

Origin blog.csdn.net/tansty_zh/article/details/108288322
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com