Attendance
Loading OD View string
up down left right
This question is a little out of time really thinking at all, always thought it was what encoding was it, read the bigwigs of the original drawing wp
Take Gangster script:
from PIL import Image IM = Image.new ( ' the RGB ' , (1000,1000), ' Black ' ) # the flag read out letters File Open = ( ' flag.txt ' ) line = file.readline() A = [300,300] # starting position # the flag [0] as the move around the flag [1] as the vertical movement for I in Line: IF I == ' D ' : a[1] = a[1]+1 if i == 'U': a[1] = a[1]-1 if i == 'R': a[0] = a[0]+1 if i == 'L': A [0] = A [0] -1 im.putpixel (A, ( 255,255,255)) # # putpixel drawing is performed by a coordinate point # # beginning is customary to let i == 'u' +1 is drawn inverted graphics can only make 'D' + 1 im.show () From here: https://blog.csdn.net/qq_43559371/article/details/102907525
Saying so abstract, then I guess even if I have to write a test many times
Secret compressed package
Get a compressed package, but not open, looked at the document with winhex head backwards, then change the file header, tried again still open.
We found some things, such as: flag.txt is out of order, but also put them in turn, the result tried or not, suddenly thought, would not turn it all! ? Because not write a script to manually change a little bit over, tried to open the
While the rear end is inverted BASE64: there-is-half-pwd-shensi
Select archive comment, looked like Morse code
On the sublime inside (behind should add that a space)
Turn about: THERE-IS-HALF-PWD-SDNISC
When the two parts are how to spell password prompt for password error, try various spellings will not work. Yesterday we saw the results I interchanging when there is a place to write backwards, but you can normally open archive password authentication fails
When looking for wp also found that a compressed package password cracking way: Mask attack, so knowing when you can reduce the workload part
https://blog.csdn.net/weixin_43211186/article/details/102943733
. Ps time reproducible also found a more efficient method of inversion:
Particularly convenient (chicken dish can not only write the script this way 
)
Chirp microphone
With Stegsolve analysis, found that when the flag is set in this chart below (see the passage of time before the top of some things, like Morse code, but did not go to trial, do not know can not do it)
Base64 decoded flag
Me and my country
Audacity with open, after the end of an enlarged section of this is seen
1 as the above point, the following points as 0, and save it as follows:
0110011001101100011000010110011101111011011001100110010100111000011001100110010000110100001101100011100000110010001100000011010100110001001100110110001000110101001101000110001101100100011001000011010100111001011000100011000000110100001110000011010100110111001100010011100101100110001110010011010001111101
ps. 看山科大师傅们解法是:
winhex 最下面的数据如下,比赛的时候看到过,但是没有想过去替换成 0 1 的形式
你真的很不错
当时这个解压出来是个视频,我还以为又要用 pr 一帧一帧的看,然而太长了,看了一分多钟放弃了,事实证明也确实不是
特别服气自己,当时好像都放出提示用 winrar 解压了,竟然没有想到 ntfs 数据流隐写,看到 wp 那一刻,我都自闭了!!
用 winrar 解压给的压缩包,然后直接扫描所在的文件夹
就可以看到 flag.png 了,然后直接导出查看就可以
简单密码学
当时看到以后想到是培根密码,但是把小写换成 A,大写换成 B 以后,用了两个工具解出来的都不是,后来比赛结束跟队友交流发现米斯特的工具可以正常解出来
被加密的消息
本来如果是普通的 AES 加密还能用收藏的脚本解出来,但是有个 dp?没见过啊!!
然而,看了师傅们的 wp 好像是个很常规的题目,啊!?无所谓了,密码学的题本就没接触过几道
web 铜牌:简单的 web
查看源代码(好像是来)发现提示:另一种方式(没有截图)
使用 Post 传参 id=1得到弹窗提示 351358435354354.php,访问 351358435354354.php 提示:请使用唯一指定浏览器(sdnisc)
改请求头
访问得到源代码:
<?php include('flag.php');//key & flag if (strstr($_SERVER["HTTP_USER_AGENT"],'sdnisc')){ if (isset($_POST['message'])) { $message = json_decode($_POST['message']); if ($message->key == $key && md5($message->md5) == $message->key) { echo $flag; } else{ echo "~~~~"; } } highlight_file(__FILE__); } else{ echo "请使用唯一指定浏览器(sdnisc)"; } ?>
首先是 json_decode() ,所以要发 encode 的,看到 == ,尝试了一下弱类型传参 message={"key":0,"md5":0}
附见过的几篇 wp:
https://mp.weixin.qq.com/s/c30nvWLOkO9vioCcp5vagg https://mp.weixin.qq.com/s/CvBu9_jQIrTHdUF7me3YGg https://blog.csdn.net/qq_43559371/article/details/102907525 https://blog.csdn.net/weixin_43211186/article/details/102943733 https://blog.csdn.net/missmengjin/article/details/102876933