foreword
First of all, thanks to the ctf show platform for providing the topic
Secondly, thank you readers for your support ( •̀ ω •́ )y, if you have any questions or suggestions, you can chat with me privately
Let’s start your CTF journey without too much nonsense
I hope you have fun and learn during the trip✌( •̀ ω •́ )y
Table of contents
10. The first round of red envelope questions
19. The fifth round of red envelope questions
Come on everyone ( •̀ ω •́ )y look forward to seeing you again
1. Miscellaneous check-in
Let this check-in question start our CTF misc journey
The download attachment is found to be a compressed package, but a password is required for decompression
but didn't find any hint
So there is reason to suspect that it is a fake password
Drag it to 010 and find that it is indeed a fake password
modified
Unzip to get the flag
flag{79ddfa61bda03defa7bfd8d702a656e4} ( •̀ ω •́ )y
2.misc2
Download the attachment to get a file file that should have no suffix
According to the prompt
I know it's a floppy disk
So directly create a new virtual machine and load the floppy disk image
Run to get the flag directly
flag{ctfshow} ( •̀ ω •́ )y
3.Miscx
Download the unencrypted misc1.zip encrypted flag.txt encrypted hint.txt in the attachment
besides
Additional text:
Happy 2020!
rat? or?
Both of the latter require a password, so study misc1.zip first
View the encrypted music.doc file and a picture with a png suffix in the misc1 compressed package
Drag the picture into 010 to find
judged as misleading information
Combined with the previous tips, guess the password to decompress the doc file is 2020
Unzip music.doc and come out with note code
Provide online website https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue
Blindly guess Base64 and continue to transcode, the result is not
Think of the previous additional text prompt guess is rabbit encryption
Key is 2020
get welcome_to_payhelp
Think of two encrypted txt files
Using this as the password, only the hint.txt is decompressed
See this kind of code first base64 and find it effective, and finally get base64 transcoding multiple times
This looks like url encoding
password successfully obtained
hello 2020!
Unzip flag.txt to get flag
flag{g00d_f0r_y0u} ( •̀ ω •́ )y
4.misc50
There is only one picture in the download attachment
Not much nonsense, 010 dragged a wave and found a string of codes in the middle
Sk5DVlM2Mk1NRjVIU1gyTk1GWEgyQ1E9Cg==
Another wave of Base64
JNCVS62MMF5HSX2NMFXH2CQ=
then base32
get
KEY{Lazy_Man}
Obviously, it must be the decompression password of the compressed package or that kind of steganographic key
So look at the picture foremost and get a compressed package to prove the guess before
Open the compressed package and find a prompt
GEZDGNBVGYFA====
Base32 to get 123456
is the password of the compressed package
Unzip to get thienc.txt which contains a lot of numbers
Carefully observe this bunch of numbers and find that 3078 appears repeatedly followed by two hexadecimal characters
If you search carefully, you will find that 3078 is 0x
So the idea came to delete 0x and convert it into compressed package format
Scripts must be used here (friends who are not good at python should study hard)
import re
def read_file(filepath):
with open(filepath) as fp:
content=fp.read();
return content
number = read_file('1.txt')
result = []
result.append(re.findall(r'.{2}', number))
result = result[0]
strings =''
for i in result:
y = bytearray.fromhex(i)
z = str(y)
z= re.findall("b'(.*?)'",z)[0]
strings += z
b= strings.split('0x')
strings=''
for i in b:
if len(i) ==1:
i= '0' + i
strings +=i
with open('test.txt', 'w') as f:
f.write(strings)
get a tarball
But I need a password, so I think of the KEY{Lazy_Man} that I solved before
The decompression is a txt text
Found == at end of text
Don't talk nonsense and go directly to base64
Can only use script because the text is too long
Base64 script
import base64
import re
def read_file(filepath):
with open(filepath) as fp:
content=fp.read();
return content
url = read_file('1.txt')
url = re.findall("b'(.*?)'",url)[0]
url = base64.b64decode(url)
with open('2.txt', 'w') as f:
f.write(str(url))
Base32 script
import base64
import re
def read_file(filepath):
with open(filepath) as fp:
content=fp.read();
return content
url = read_file('2.txt')
url = re.findall("b'(.*?)'",url)[0]
url = base64.b32decode(url)
with open('3.txt', 'w') as f:
f.write(str(url))
After multiple conversions, this string of characters has undergone a total of 16 base64 and base32 mixed encryption
get this encoding
But it is not very standardized because of \n
find a script online
def read_file(filepath):
with open(filepath) as fp:
content=fp.read();
return content
result = read_file('test15.txt')
result = result.replace(r'\n',' ')
with open('test16.txt', 'w') as f:
f.write(result)
Provide an online website
Brainfuck/Ook! Obfuscation/Encoding [splitbrain.org] https://www.splitbrain.org/services/ook
continue
get the flag
flag{Welc0me_tO_cTf_3how!} ( •̀ ω •́ )y
5.misc30
The download attachment is a rar file without suffix
According to the prompt, it is natural to add the suffix of rar
After decompression, there is a starry sky without encryption.jpg Encrypted flag.png Encrypted seeing is not believing.doc
So start with the starry sky.jpg
Without further ado, 010, let's go
little stars Blind guess is the decompression password
Seeing is not believing.doc
you'll find there's something underneath
So first try to change the color successfully
Hello friend! It is suspected to be another decompression password
Successfully decompressed a QR code
Scan code to get flag
flag{welcome_to_ctfshow} ( •̀ ω •́ )y
6.stega1
Download the attachment and decompress it to get a jpg picture
When trying multiple steganographic separations to no avail
Think of jphs steganography
Tool download https://download.csdn.net/download/m0_68012373/85682293
open in software
Click OK if there is no key
directly get the text containing the flag
flag{3c87fb959e5910b40a04e0491bf230fb} ( •̀ ω •́ )y
7. misc3
Ciphertext: zse4rfvsdf 6yjmko0
At the beginning, I didn't read the prompts and tried various decryptions for a long time.
Look at the prompt, I thought it might be the keyboard layout
Then get the flag according to the prompt
flag{of} ( •̀ ω •́ )y
8. misc40
Download the attachment and decompress it to get a txt file, an mp3 file, a png QR code and an encrypted wav file
open txt
Blind guessing base conversion
Provide online website https://www.osgeo.cn/app/s1653
binary to quaternary to octal to decimal
110001010100011101 to 301110131
to 612435 to 202013
202013 Blind guess is password or key
Don't worry, take a look first
Scan the QR code to get the flag is not here
Maybe it's not that simple, so 010 dragged on
Sure enough, a string of codes was found at the end
Online website https://www.splitbrain.org/services/ook%C2%A0
Harmony, democracy, harmony, civilization, harmony, freedom, harmony, equality, harmony, justice
Coding of Socialist Core Values http://xn--http-uea//www.hiencode.com/cvencode.html
get 123456
There is another audio after trying MP3Stego steganographic secret is just 123456
Tool download address
get a text
The prompt says that the password is abc123, unzip it first
There is also a hint that the hint is the silent eye. I don’t know what it is. Later, Baidu found out that it is the silent eye.
Tool download https://download.csdn.net/download/m0_68012373/85681939
silent eye
Key is 202013 which was solved before
flag{C0ngr4tul4ti0n!} ( •̀ ω •́ )y
9.misc30
A password is required to download the attachment and find the compressed package
Because there is no prompt, the first thought is pseudo-encryption
Fix it with win first
Successfully got the audio inside
It’s all kinds of steganography and found it useless, so I thought it might be hiding something, so Kali foremost
sort out a picture
When you see the picture, try to change the height by normal operation
get
This is a typical pigsty password
This is the comparison table
finally got
flag{well done} ( •̀ ω •́ )y
10. The first round of red envelope questions
Download the attachment and decompress it to get 86 compressed packages, each with pictures
this is not to panic
Let's first open a picture and put it in 010 for analysis
Take a look, this may be a GIF file divided into pieces
look at the end
Obvious base64 code
Go and see other pictures are the same as this one except the code is different
So the idea came to integrate all the codes together and then decipher
Of course you must use the script
import zipfile
for i in range(1, 87):
# 读取压缩包
z = zipfile.ZipFile('D:\py\flag.zip/' + str(i) + '.zip', 'r')
# 读取压缩包内的图片内容
filename = z.namelist()[0]
content = str(z.read(filename))
# 把base64编码部分打印出来
len1 = len(content)
content1 = content[len1 - 101:len1 - 1]
print(content1)
get base64 code
Directly use base64 to transfer pictures
Online website https://tool.jisuapi.com/base642pic.html
get QR code
Scan code to get flag
flag{gif_is_so_easy} ( •̀ ω •́ )y
11.stega10
Download the attachment and unzip it to get a picture
Walk in the old rules 010
A string of codes was found
Blind guess base64
Get one https://www.lanzous.com/i9b0ksd
Change s to i according to experience
get download page
Both require a password, so you can only start with the text
So I found it online on the script
import zipfile
import string
import binascii
crc = []
zip = zipfile.ZipFile('C:/ctfshow/misc/flag.zip', 'r')
for i in zip.namelist():
crc += [zip.getinfo(i).CRC]
crc = crc[1:10]
for i in range(9):
for j in string.printable:
c = binascii.crc32(j.encode('utf-8'))
if c == crc[i]:
print(j, end='')
run to get
447^*5#)7 suspected to be the compressed package password
Unzip the compressed package of n.zip
but got a picture you can't open
Then 010 go
Carefully observe the head and tail and find that the code is reversed
so find the script
f = open('C:/Users/lujin/Desktop/n.png', 'rb').read()
res = open('C:/Users/lujin/Desktop/1n.png', 'wb')
res.write(f[::-1])
Run to get a QR code
Scan code to get flag
flag{I'm so hard} ( •̀ ω •́ )y
12.stega11
Download the attachment to get the picture
Old rules 010 go
found a string of codes
direct base32
Unexpectedly, it came out directly
flag{6f1797d4080b29b64da5897780463e30} ( •̀ ω •́ )y
13.misc4
The download attachment is a rar file without suffix
Don't want to add the suffix rar
Unzip to get a document
Although it is garbled, I found that PK starts with a compressed package in zip format. After modifying the suffix, decompress it to get a push.
I can only search for you one by one.
Finally, get the clue in Office Documents\Documents\1\Pages\1.txt
Finally get flag{xps?Oh,Go0d!} ( •̀ ω •́ )y
14. misc31
Download the attachment to get
file , hint.txt , listening to songs and recognizing songs is not encrypted , and the rest needs to be encrypted, so start with these few
decrypt file
Drag 010
Look tail like base64
Because there are too many texts, I think of base64 to convert pictures
Online website https://tool.jisuapi.com/base642pic.html
get dlddddhm
decrypt pdf
get florets
Flower symbol decryption
get qwertyuiop
found no use
So it's definitely not that simple
Guess the pdf may have steganography
after many attempts
Tool download https://download.csdn.net/download/m0_68012373/85681966
wbStego4.3open for pdf decryption without key
get
Only xiaomototuo.wav left
These two information prompts are keywords
So I thought of the keyword password
Online website http://www.hiencode.com/keyword.html
Get CVEFVWETBVDVESFB13287484
is the password of xiaomoto.wav
All kinds of audio steganography are useless
Come on a wave of steghide separation
get the flag
flag{du_du_du_du} ( •̀ ω •́ )y
15. misc49
After downloading the attachment, I found that there is only one txt text in it to open
Open and find that the header of the file is PK, try to change the suffix zip and decompress
Found that only hint.txt can be decompressed 1.png 2.png requires a password
Open hint.txt
There are capital letters and = signs, trying base32 64 is useless
So try to encrypt the text as letters
Provide an online website https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=zimu
The discovery is
the online website https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue
Encrypt text into music notation
Discovery is a suit
Flower coding online website https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=huaduo
Find the compressed package password key{welcome_to_ctf}
Unzip two pictures
I thought there was a hint before
So try blind watermarking using blind watermarking tools or scripts
Get flag flag{y0u_are_we1l} ( •̀ ω •́ )y
16.misc6
Download attachment to get text
found = letter so first tried base32 64 but found to no avail
Don't panic when you touch the code
Finally get flag flag{ctfshow_nice!} ( •̀ ω •́ )y
17. misc7
Download the attachment to get a file without suffix
Check the properties but drag it into 010 to check the format and find that the file header is D0 CF 11 E0 A1 B1 1A E1
Checked the file format of the old version of offic
So try to add a suffix and find that pdf can be opened
But the document is encrypted, so try to use Advanced Office Password Recovery to blast
After using the password to open, search for the characters directly to get the flag
change font color
Get Flag{okYOUWIN} ( •̀ ω •́ )y
18.misc8
Download the attachment to get flagnothere.jpg and org.zip and the compressed package is encrypted. The compressed package also contains flagnothere.jpg
Blindly guess plaintext cracking based on previous experience
Tool download https://download.csdn.net/download/m0_68012373/85681995
succeeded
get QR code
Scan code to get flag
flag{ctf_show_ok} ( •̀ ω •́ )y
19. The fifth round of red envelope questions
Download the attachment and find that there is an audio
Use various audio tools to crack according to the prompts, only to find that you have been cheated
So don't talk nonsense and analyze the compressed package directly
After searching, I found that there may be pictures in the compressed package, so I directly separated kali
Don't try anything else first, and find that it is useless to perform a foremost separation
So change to a separation method steghide
Separate a txt text
There are uppercase and lowercase = first come a wave of base64
Found URL but can't open it
According to experience, change s to i
https://www.lanzoui.com/i9dpjxe
Download the attachment and find that it is a hexadecimal text
The first thing that comes to mind is to directly convert to binary system or convert to text, but they all end in failure.
Then carefully observe that the letters inside are not larger than f. According to the normal thinking, every two characters, turn the text
After many attempts of hex conversion to get the coordinates
Looking at this structure, we should be able to determine that it is the coordinates and color values,
It is found that (255, 255, 255) and (0, 0, 0), this is not RGB, (255, 255, 255) represents white, (0, 0, 0) represents black
So you have to draw this text with a script
Use script formatting, organize into coordinates, and standardize the text
import re
# 正则规则 [1-9][0-9]{1,2}匹配三位数和两位数 \s匹配空格
f1 = open('2.txt', 'w+')
reg = re.compile(r'[0-9]*,\s[0-9]*,\s[0-9]*')
with open('1.txt') as f:
data = f.read()
f.close()
result = reg.findall(data)
for i in result:
print(i)
f1.write(i + '\n')
Then use the gbk script to solve it and use the script to draw the text
rom PIL import Image
x = 72 # x坐标 通过对txt里的行数进行整数分解
y = 74 # y坐标 x * y = 行数
im = Image.new("RGB", (x, y)) # 创建图片
file = open('2.txt') # 打开rbg值的文件
# 通过每个rgb点生成图片
for i in range(0, x):
for j in range(0, y):
line = file.readline() # 获取一行的rgb值
rgb = line.split(", ") # 分离rgb,文本中逗号后面有空格
if (rgb[0]):
im.putpixel((i, j), (int(rgb[0]), int(rgb[1]), int(rgb[2]))) # 将rgb转化为像素
im.save('flag.jpg') # 也可用im.save('flag.jpg')保存下来
get jpg picture
You can tell at a glance that you need to re-stitch the pictures
At this time, you need to use PS
Get the complete QR code by cutting
Finally, scan the code to get the flag
flag{ctf_show_fight} ( •̀ ω •́ )y
20. stega2
Download the attachment to get a picture in png format
At first, I thought it was complicated and used separation
Later, I found out that it is enough to change the height directly.
Finally get the flag flag{na yi nian wo ye bian cheng le guang} ( •̀ ω •́ )y
21. stega3
After downloading the attachment and decompressing it, I found that there is only one picture in it
So I tried various steganographic results and ended in failure.
So I thought of NTFS data stream steganography
Convenient use of Ntfs Streams Editor2 tool
Tool download https://download.csdn.net/download/m0_68012373/85682238
Found the txt file and got the flag
flag{ntfs_is_so_cool} ( •̀ ω •́ )y