binwalk
Analyze the picture and find that there is a RAR
compressed package,-e直接分离
Get 4 compressed packages, three can be decompressed, only the 18494.rar
password is required
716A
Decompression of the compressed package in the folder also requires a password
First lookencode.txt
PS C:\Users\Administrator> php -r "var_dump(base64_decode('YXNkZmdoamtsMTIzNDU2Nzg5MA=='));"
string(19) "asdfghjkl1234567890"
Look atflag.doc
It's another bunch of base64, I tested it a bit, it should have been coded many times, just write the script and run
import base64
def decode(f):
n = 0;
while True:
try:
f = base64.b64decode(f)
n += 1
except:
print('[+]Base64共decode了{0}次,最终解码结果如下:'.format(n))
print(str(f,'utf-8'))
break
if __name__ == '__main__':
f = open('./base64.txt','r').read()
decode(f)
PS C:\Users\Administrator\Desktop> python .\test.py
[+]Base64共decode了20次,最终解码结果如下:
comEON_YOuAreSOSoS0great
asdfghjkl1234567890
Yes 看看flag在不在里面^_^.rar
, the password
is actually nothing in it, it's just a simple picture, nothing steganographic...wasting my time...
comEON_YOuAreSOSoS0great
Yes 18394.rar
, the password is
decompressed good.mp3
, it is obviously Morse code
Use Audacity
open
Thick lines are -
thin lines.
-- --- .-. ... . .. ... ...- . .-. -.-- ...- . .-. -.-- . .- ... -.--
Morse code online conversion: http://www.zhongguosou.com/zonghe/moersicodeconverter.aspx
PS: There is a pit here. It is not the first time I encountered it. I don’t understand why the last character of Morse code must 转小写
be submitted correctly.
PS C:\Users\Administrator\Desktop> php -r "echo strtolower('MORSEISVERYVERYEASY');"
morseisveryveryeasy
flag{
morseisveryveryeasy}