0x01 this_is_flag
Correct! ! ! This is the flag
0x02 ext3
Task presenting a Linux CD, download attachments
Mount in linux
Looking at Flag trings linux | grep flag
, found in this path~root/Desktop/file/O7avZhikgKgbF/flag.txt
ZmxhZ3tzYWpiY2lienNrampjbmJoc2J2Y2pianN6Y3N6Ymt6an0=
Base64 Decode flag{sajbcibzskjjcnbhsbvcjbjszcszbkzj}
0x03 give_you_flag
Download attachments is a gif, Stegsolve open, Frame Browser use Analyse in one by one to see, to 50 there will be a crippled two-dimensional code
Two-dimensional code is missing part of its three anchor points, try to completion, scannedflag{e7d478cf6b915f50ab1277f78502a2c5}
0x04 pdf
Attached is a pdf, pdf text settings become transparent copied directly out like
flag{security_through_obscurity}
0x05 adhere 60s
A Java game, directly extract, using java decompiler decompile, in the file can be found PlaneGameFrame.class found flag, then braces base64 decoded on the line.
0x06 Tathagata thirteen palm
When downloaded a bunch of great characters Buddha, he looked guess on Buddhism and Zen
Get a bunch ofMzkuM3gvMUAwnzuvn3cgozMlMTuvqzAenJchMUAeqzWenzEmLJW9
Direct Base64 Decode No, look at the subject thirteen palm,
ROT13 decryptedZmxhZ3tiZHNjamhia3ptbmZyZGhidmNraWpuZHNrdmJramRzYWJ9
Then Base64 Decode tooflag{bdscjhbkzmnfrdhbvckijndskvbkjdsab}
0x07 gif
Accessories After decompression, find a bunch of black and white photographs, a total of 104
0 is white, 1 black is obtained
01100110011011000110000101100111011110110100011001110101010011100101111101100111011010010100011001111101
Binary string obtained fflag{FuN_giF}
0x08 SimpleRAR
Rar downloaded is a compressed package, directly extract only a flag.txt file, but open only prompt flag is not here
binwalk analysis did not find that the use of winhex open and found another secret.png, but the hex file header problem, change the 7A 74
Re-extract was getting a blank png files binwalk analysis is a gif, modify the suffix
With Stegsolve open, Frame Browser Analyse used in two separate ways png image to save, and then open Stegsolve respectively, can be obtained by adjusting the channel image
The two pictures stitched together, and complement the anchor point, the scannedflag{yanji4n_bu_we1shi}
0x09 stegano
Attached is a pdf, not open to see what, binwalk winhex and did not find anything, use firefox developer tools pdf.js, console input: document.documentElement.textContent
A converted into the B - to give Morse code
-.-. --- -. --. .-. .- - ..- .-.. .- - .. --- -. ... --..-- ..-. .-.. .- --. ---... .---- -. ...- .---- ..... .---- -... .-.. ...-- -- ...-- ..... ..... ....- --. ...--
After translationCONGRATULATIONS.FLAG:JNV151BL3M3554G3
Finally, the answer isFLAG{JNV151BL3M3554G3}
0x10 lift the table
Subject to a string of string
c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2
Two 1-bit hexadecimal decimal turn, then subtract 128 then into character, paste the code decryption
string = "c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2"
flag = ''
for i in range(0,len(string), 2):
s = "0x" + string[i] + string[i+1]
flag += chr(int(s, 16) - 128)
0x11 effort no matter how high are also afraid of knives
Attachment is a file wireshark too, can be isolated using a foremost compressed package password
Use wireshark Open, Search flag byte stream packet
TCP stream re-tracking, tracing to di7 months, he found a 666.jpg,
There also happens to be in front at the beginning of a long list of FFD8FF hex, it can be seen to jpg
Write (copy) some C # code converted to jpg
public static void hexToJPG()
{
FileStream fs = new FileStream("E:\\study\\CTF\\test.jpg", FileMode.Create, FileAccess.Write);
BinaryWriter bw = new BinaryWriter(fs);
StreamReader sr = new StreamReader("E:\\study\\CTF\\test.txt");
while (sr.Peek()!=-1)
{
string tempStr = sr.ReadToEnd();
int tlenth = tempStr.Length / 2;
int pos = 0;
string[] str = new string[tlenth];
for (int i = 0; i < tlenth; i++)
{
str[i] = tempStr.Substring(pos, 2);
pos = pos + 2;
string cc = str[i];
byte tempByte = Convert.ToByte(str[i], 16);
bw.Write(tempByte);
}
}
fs.Close();
bw.Close();
sr.Close();
}
After obtaining the password, decompressing the compressed packet obtained flag.txt, openflag{3OpWdJ-JP6FzK-koCMAK-VkfWBq-75Un2z}
0x12 base64stego
Accessory archive decompression password in the win, in linux, directbinwalk -e flag.zip
Can be obtained directly stego.txt a file, the original non-compressed packet is encrypted dummy =, txt file is a bunch of string
Base64 is determined using steganography, py decrypted code affixed directly to give flagflag{Base_sixty_four_point_five}
def get_base64_diff_value(s1, s2):
base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
res = 0
for i in xrange(len(s1)):
if s1[i] != s2[i]:
return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
return res
def solve_stego():
with open('stego.txt', 'rb') as f:
file_lines = f.readlines()
bin_str = ''
for line in file_lines:
steg_line = line.replace('\n', '')
norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')
diff = get_base64_diff_value(steg_line, norm_line)
pads_num = steg_line.count('=')
if diff:
bin_str += bin(diff)[2:].zfill(pads_num * 2)
else:
bin_str += '0' * pads_num * 2
res_str = ''
for i in xrange(0, len(bin_str), 8):
res_str += chr(int(bin_str[i:i+8], 2))
print res_str
solve_stego()
0x13 is really too dishes, today I am also a humble brother too!