[ctf show] [MISC] MISC entry misc11 and misc12

Enterprise 2023-07-12 14:36:41 views: null

1. Problem solving environment

windows7

2. Test point: the use of TweakPNG

You can read the article I wrote before for the MISC general problem-solving steps of PNG

Three, misc11 problem-solving steps

insert image description here
1. Unzip the zip file, open misc11.png with winhex
2. Determine whether the file format has been tampered with, check the header and tail of the png file, the file format is normal
    PNG file header (hex): 89 50 4e 47 0d 0a 1a 0a
    PNG file tail (hex): 00 00 00 00 49 45 4E 44 AE 42 60 82
3. Determine whether there is a file binary merge, search the png file header 8950, and find that there is only one, and the binary merge file is not used
4. Determine whether to modify the width and height of the png image, Open it with TweakPNG and find that the width and height of the picture are normal, but the length of the first IDAT is smaller than the length of the second IDAT, that is to say, the first data block is not fully covered and the second data block is started, and the traces of artificial modification are obvious 5
insert image description here
. Select the first IDAT, press the [delete] key, and then press the [F7] key to preview the picture to get the flag
insert image description here
6. Use qq screenshots to extract text content, see previous articles for specific operations

Four, misc12 problem-solving steps

insert image description here

1. Unzip the zip file, open misc11.png with winhex
2. Determine whether the file format has been tampered with, check the header and tail of the png file, the file format is normal
    PNG file header (hex): 89 50 4e 47 0d 0a 1a 0a
    PNG file tail (hex): 00 00 00 00 49 45 4E 44 AE 42 60 82
3. Determine whether there is a file binary merge, search the png file header 8950, and find that there is only one, and the binary merge file is not used
4. Determine whether to modify the width and height of the png image, Use TweakPNG to open it, and find that the width and height of the picture are normal, but the size of the IDAT is not covered block by block, and the traces of artificial modification are large
insert image description here
. , you can see the flag
insert image description here6. Use the qq screenshot to extract the text content, the specific operation can be found in previous articles

Guess you like

Origin blog.csdn.net/guggle15/article/details/123837789
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com