MISC
程序员文章站
2022-06-04 08:45:42
...
MISC
simple
1
**picture.txt **
0000000030EC0000006500100010000000006050B405106D167926B15E9A106D167938CDF6D9106D1679E6E55E6D0081001000000000000200A0F636F636000000000000000200000000000000420040000060EA000030CA7F522423058F684400800000004100F32010B40530AF3A3A0BFF8E65E3A762B05D40E12034B1C715252AC4E5BC8DA9A766B02C8D6ADD4FE51C79D31716569FB75AA7B060A00ABB1D8552034CA43CF7602EAFC7E05EA08E26F20DD21CB35086F75382FD7BDE8903D2794D4D82C248C3080EEF9CB63A34EE0FC1352C45EF0D7507A79B47D2E0F10289DA8958BB3C792EFDB60BB324F808170BC0B1EEB27AF29D831E146306C3E83DC330DAB90C1403F01F0445E6648EA39D1E864D9F293485506D523FA96586C3AE28ABAD0BDD9CA6B88350E980E89CA……B4B5651D6DDEE5874514449476920000468AF67C103CE000003CE0000037958407900000005016CFB0F81B000014D41476400000009EC1ECEA0024742537100000003B341C2C00000020808E3000008E30000025448494D0000000A0A1A0D074E40598
观察可得常见的文件格式(其实一眼看到的是504B),如8950等,写倒置脚本
txt=''
txt_=''
for i in txt:
txt_=i + txt_
print txt_
将结果导入010editor,得一张png文件。
分离出一个加密压缩包,伪加密解密后得
flM{Sg_i_igl1S_ll__SfM_FF_1ilfM{Sa11gagc1lSSMgfnafg_fMa1n5iaF_c1lSFiSaf_1f{S_l_FalS5_faSl_fgl5M1_{ll!{i5c}if1__fg5{__M{ngU{1l1gff1f1iS__Mf5iFMlciSgaU{glgUF5M_1aa_f_i5{nflllla1S1FS!cSg{fUfFcS1{{ag1lU51acfUSffMcMSgfSfalFg_g_gfgfiSfla1i{{{n{_lg_}{ggi{gglg{{flnliF{M5faF1ig_agal{_{{aMMilfUSa{a5ggiiigfSSg{M_Mng{a}fcMf1_Fl{cM{1fiflMSSM{_l!Scf5FFcn{g{SFnMlf{l__aScMl{{c_lS1Sic1!l5ga1_gfggllcllccaagMU1iala55FSfia5lScMMFiMaFff{{g{fcicM!l_{iffcg{UlcMa{{5f5Mc{McfagcM_Ma1Slcf{cSg_SflM5U11_5i_fcc{FagglaMUfS1g_{lSc5f_lag5Sg_ccclca___ala1g1aSMfa_fcaFnSSi{a1a{gUif_FgaS{lacSgfga{F1fgScf1_M__{1ag_5MMSiga11g_aMl5fM15a_gla5f1_UllgcSc{Sagac{accS_i{Mf{Sgccg_ici{fgcl_gaMlffS{{i{nnfaM}aallSSg1ilUif{Mi1SMiMl1aaMUl{alaglM!1lgngScMac1fa1acafS1fgfM__S11_SM{f}la_cM_g{fniifgc1M{_lM!M5}g5_l1USg{cgl{SaccigSU1fMgl5lcaiggMFfcaca1l{Ugf_lalg1_g!{iaala_M5l1Mc11afcgfgl5f1g_c{llaUMf1lM1aF{af1Sl5lf5l1l5a_cc_c_1ff}f_ff}MlU{afM_1fcla{{gM{_Sl_M_{gM_{g5gaMaFU{{!S1ala1lfl1lifl_Mlf5F{l_g{li__aM_gfSU{lM_agM{giff{ii_{ff_naaaif1gf_ag__lnFacgiSlSac_Ma5M{fg{{fac{gllfaa{Mi5MnMff{{gc!fn_iU{ll5i_Saa5M{Mi}{g{Ffl{Ffac!a{afffgl!_gMalF_c{lac_MFMg5acMFcla5cMlU5aSff{l_UFf_Ug1!g1F_c{{aMMg{SlgUa1ca1ff5_c1g5{fligg11_lla_fcf1{Mla1MnglM{5lSl1g__Sll_cUc5MSa{_fiMiiS1c{M1g_SSUifi1!Saa{_glS1aaal{llF1cFgig_Sf{acf{Uf1c1fa!gfFM_aS51lgaMa1aa_gfif_ia{M_a_M1fMSaSSfMSl{1gFcl151l_lFfMilffgf1gSSgcaf_SfMgaf{}ilaUMM_MU5ff551i5SnFgc15nSMa1M{{_fSlMg{{5fcS1g5fSgMMUi{_ig5falf1nfgFaUMlff!g__la_F_c1{i1!{lc{i{1iglM_fUgl___a5fnMaFf{_lfll_igf1lcalniMag_5nFS1MMaiM1ll5SlMiaf_5l{af__MMgac_Mf__fUa1fc{1{_55SF!llfgU1l1U_Mal_l{alglSglcnlfSfaacgSSgSc_Maa{ffg51MaSfca1U_{gfS1ff5l{{f1Ml_gSgc_n5iS1Sg_l__1nnM1lM15MillfaMff1!nl1fFSM5Fflf{acagl{Sf{ggfSi1f!FSagf{{lFf5la5{ff__lM{M_fUlSgi
词频分析脚本
from collections import Counter
f = open("file.txt")
txt = f.read()
c = Counter()
for i in txt:
c[i] = c[i]+1
print(c)
得到flag
Counter({'f': 180, 'l': 170, 'a': 160, 'g': 150, '_': 150, '{': 140, 'M': 130, '1': 120, 'S': 110, 'c': 100, 'i': 80, '5': 70, 'F': 50, 'U': 40, 'n': 30, '!': 20, '}': 10})
flag_{M1Sc5FUn!}
2
xxx
一个没有后缀名的文件,常规操作查看十六进制。
看到压缩包的文件头,手动分离后,得一个加密压缩包,里面有一个doc文件“你找flag吗”,下一步就是找压缩包的密码了!
对第一部分数据做处理,尝试base64解密,得
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\RealVNC]
[HKEY_CURRENT_USER\Software\RealVNC\vnclicensewiz]
"_AnlClientId"="8f5cc378-2e1d-4670-80e0-d2d81d882561"
"_AnlSelected"="0"
"_AnlInclRate"="0.0025"
[HKEY_CURRENT_USER\Software\RealVNC\vncserver]
[HKEY_CURRENT_USER\Software\RealVNC\VNCViewer4]
"dummy"=""
[HKEY_CURRENT_USER\Software\RealVNC\VNCViewer4\MRU]
"00"="127.0.0.1"
"Order"=hex:00,01
"01"="127.0.0.1:5900"
[HKEY_CURRENT_USER\Software\RealVNC\WinVNC4]
"Password"=hex:37,5e,be,86,70,b3,c6,f3
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"PortNumber"=dword:0000170c
"LocalHost"=dword:00000000
"IdleTimeout"=dword:00000e10
"HTTPPortNumber"=dword:000016a8
"Hosts"="+,"
"AcceptKeyEvents"=dword:00000001
"AcceptPointerEvents"=dword:00000001
"AcceptCutText"=dword:00000001
"SendCutText"=dword:00000001
"DisableLocalInputs"=dword:00000000
"DisconnectClients"=dword:00000001
"AlwaysShared"=dword:00000000
"NeverShared"=dword:00000000
"DisconnectAction"="None"
"RemoveWallpaper"=dword:00000000
"RemovePattern"=dword:00000000
"DisableEffects"=dword:00000000
"UseHooks"=dword:00000001
"PollConsoleWindows"=dword:00000001
"CompareFB"=dword:00000001
"Protocol3.3"=dword:00000000
"dummy"=""
头一次解除这样的文件,后来才知道这是注册表的内容,搜索了一把,发现与安恒月赛的部分相似
下一步应对
“Password”=hex:37,5e,be,86,70,b3,c6,f3
进行VNC解密,密码为!QAZ2wsx
压缩包解密后得一个很多换行符的word,又卡住了
经提醒,与某一场比赛类似,doc改成zip,可得很多xml文件。word/document.xml打开,又愣了好久,
在后半部分发现
<w:t>MZWGCZ33GY4TQZBVGFQTCOLEHBQTCMRRMNSTKOBRGQ4TSZBXMI3TAMJWGY4H2===</w:t>
试试一把梭
base32:
b’flag{698d51a19d8a121ce581499d7b701668}’
3
src:迷惑行为大赏(之)无中生you
给了一个表情包和一个加密压缩包。
555,又一筹莫展了。CTFshow问了好几个师傅,提示更改高度,得到了"密码:没技术,是菜鸡",emmm
txt里是这样的
得到一串字符串
U2FsdGVkX19VMkZzZEdWa1gxK3A4VGlVNGRKZng1ZUlkTi9XY2lDR3VCaDBXOStLVDVPT3hxT082NUo4RUsxMUFKNWptWGE5R1pwY2RVazhKNzNTSmJaREdyVVlVZHp0R2d0WWpQalN5dUJNYVkzeXowS1NxYkh5SE12VEhEYXcvVEhvMkJFN3hmcEJmVDBlY0syK3FJYzl5ZEdlV2w1VjhZcFAxSzA1a3FmRUhHUjQ0bmxNTEEyZDZhM1ZPbVVaNkg4V0xVU1lhL3NqdDV6TFV0bTM5UUloajdkbTluZlk5cEF6MHJVc3VscDdIcmlwUlNJOWJURGx1cXMvUnVWcnlGZHpLWS9kU0w2U2pUTmtyUzVpb3FqQjQ1L0lPNXM2U2lBWEwvQkpJVWczZ2t0MDNhMmRnMEJZSGJPSkFhdDlVQ2VEZ3BOeUFLZ1RWbS8xNXN3WUpWdWhTU1lNU3ppRzVWTTR6RmVGaDhpWDBkK200TitodDNneWhVcDhaSGdaK1hxMmRoajFkc1ZQMVZaU2ZoUkE3TzRRdm5LdGJIeDE5REdRT09vNndlZ1pxOXZuRDZjaVlDcFltWUpYcmMvaFpSUVA4WHdYRTNhZnhtdWpQSE8wOEpJZmhaMkNCeXZycjQ2a1BPR2s=
base一把梭
base64:
b'Salted__U2FsdGVkX1+p8TiU4dJfx5eIdN/WciCGuBh0W9+KT5OOxqOO65J8EK11AJ5jmXa9GZpcdUk8J73SJbZDGrUYUdztGgtYjPjSyuBMaY3yz0KSqbHyHMvTHDaw/THo2BE7xfpBfT0ecK2+qIc9ydGeWl5V8YpP1K05kqfEHGR44nlMLA2d6a3VOmUZ6H8WLUSYa/sjt5zLUtm39QIhj7dm9nfY9pAz0rUsulp7HripRSI9bTDluqs/RuVryFdzKY/dSL6SjTNkrS5ioqjB45/IO5s6SiAXL/BJIUg3gkt03a2dg0BYHbOJAat9UCeDgpNyAKgTVm/15swYJVuhSSYMSziG5VM4zFeFh8iX0d+m4N+ht3gyhUp8ZHgZ+Xq2dhj1dsVP1VZSfhRA7O4QvnKtbHx19DGQOOo6wegZq9vnD6ciYCpYmYJXrc/hZRQP8XwXE3afxmujPHO08JIfhZ2CByvrr46kPOGk'
其中’Salted__'是网站自带的,去掉。
Triple DES解密后
SNOW.EXE -C -p “没技术,是菜鸡” 文件
得flag{l0ts_0f_???}
3
challenge.wav: 记得给我打电话
电话音参考网站DTMF Tone,
45774391614390919680552035340229102217126562041792203410479326635706552497458
>>> print(hex(num))
0x6533633533636265633936656138626465306332393465353230623337613532
十六进制转字符串
e3c53cbec96ea8bde0c294e520b37a52
flag包裹即可
4
2020太湖杯:misc
分离出压缩包后得:
U2FsdGVkX194m4B5HqBSGYPLTS4bywdKDJh13lrSj/OcwgSAoHBw9X/p2IdEtGx7
EdJFR6rcjyPA+M+aKLZvqE7h7EBFA5LyHYk/5Cns4LV02vM7Dk+T70FlWOlJ3XeA
9pJwFdAWzeN/0A74u+hLG/oLF1g3djo77yVTCBCs0r7khTOWahv0SYR33tHSq3Yz
JGTBS1Zsj2i/sGC8tTnNfsLl0SQ2JeTJhP/aNU2LmPVTyc3y4kTx+ysw8vasHwen
WoBXFtOe2WkorJOCrqdQ8Qqd78TzZ0jRMv6MJO2ytUy/3mebHU9LAlWKFluNEh5t
/cUVvtigLS6PquYRX5ziEx52HDkW+WgfRnum/AregLJ4c4f6AvG2gBjHVKO6sGEi
uh59jcyN1SvsQEvXd7cOD/KWZjE5gqVGUJqXyhauqWPVYUlcuHH6abtQwNuDb+jZ
xMg5QaDzwPhpGRly7NhKU5OgCdhdK17TX7z2/RuNYj6pyfRYNZmQdOFl9B28+law
KO8l5b18WF5JV6chou7riwwDLqQrKMDjUUKZUtdMn0ReDQbR8reeqw/u+Lkyhl6w
+222QWgQ2yRd2dhHb1kqNncUInAEqTPNKRBnia8F/+FycBv+KAwCFPwx9oNTFBYN
4EJL/RjiXEkkSCnyH48VynuuOeX2uNlAti214mCbWWH+pxLn4PHIWf3JK819kiDc
jqyQ5y3v+EUEr9Sb1WVwiITDW5XtzVP+Yr/IJ0ikl41zMu9BAQPermoa8hZJdE8m
b3oSet+pAM7PtnyI7FGJ5Ynkpq05AiJMrN+UgV0E/ELc0UhWw3O0c4u+eYtQkzu/
9+UCRy1Fi+QWFlO3cuWBA4GMGTE1FHWnqnZ683FwrM5bcb6TTu3/Q5sppFmqNrOX
+ctx5b5xiYeSZ8XFI2ks6L7aFrQYu833GiERnIiZEX8vFqjdnD+tcuQ6Zg9Z7oxh
ATDP9H5d1e9IaxwOA/fDP0qvdKJ+OS5OPljnboywCPp7QqFHZfyC7d2GIraadSOL
+eIwfavCqgfGwpWMW5H359IKZASi/HexzEcYrA7OZ8GzSxO9Lmk/ea4BD4JD2law
EIiDE7yhJApimzJ4IG8EMXFn/rOM3O2PkuSTKFsXu7/XZ3ozAJsPun5RJcMuUFXQ
X++DqXqe6Kbo/hEKwHETq0VbL6qEKkQKf5ce3i6tuZG8OqqPsye0Ku5D2LREqqGG
ysshULZWmvlx4u2FUtj4Xg==
waoootu.epj.nv o
www.verymuch.netWish everybody have fun!!!!!!
希尔密码:
密文:
waoootu.epj.nv o
**:
www.verymuch.net
明文:
love and peaceee
rabbit解密:
密文:
上述类base64
**:
love and peaceee
明文:
LR2TMNLCGBOHKNDGGVRFY5JWGZTDAXDVMZTDCYK4OU4GCZRYLR2TSNTCHBOHKNJUMM4VY5JVGBSTOXDVHE3DIZC4OU2TIM3ELR2TQYLGHBOHKOJWGQYFY5JWGQ3DSXDVHE3GEOC4OU2TAZJXLR2TOZRTMROHKOBVME4VY5JVGRQTIXDVHAYDEOC4OU4GCZRYLR2TSNTCHBOHKNRRGY3VY5JVHA2WKXDVHAZDOMS4OU2WGMDBLR2TKNDDHFOHKODGMU3FY5JYMFSTMXDVG5QTOYK4OU3DENBQLR2TSNRUMROHKNRSGEYVY5JVMZTDKXDVHE3GEOC4OU3TSNJXLR2TQYLFGZOHKNLGMY2VY5JVGRRTSXDVHE3DIMC4OU2TMYRULR2TKNDDHFOHKNJWMM4VY5JUMZSWKXDVGU4TGN24OU4TMM3GLR2TMY3FGJOHKOBSG4ZFY5JYGM4GCXDVGVRGGMS4OU4GCZJWLR2TKOBVMVOHKNJUHEZFY5JYGM4GCXDVG43TGZK4OU3DEMJRLR2TKNDDHFOHKNRSGQYFY5JUMYYGMXDVHAYDKZK4OU4DKYJZLR2TSNTCHBOHKNRRGBSFY5JZGVRWIXDVGU2DGNS4OU3DENBQLR2TIZTFMVOHKNRWGJTFY5JYGI3TEXDVGY2DMOK4OU4GCMZWLR2TKNTCGROHKNJUMM4VY5JZHA2TQXDVGYYTAZC4OU2TIYZZLR2TKMZXGNOHKNDGMVSVY5JVGRRTSXDVG5QTOYK4OU4DOMLDLR2TSNRUGBOHKNJWMM4VY5JUMYYGMXDVGVTGMNK4OU2TIYZZLR2TMNBWHFOHKNJUMM4VY5JUMVQTMXDVHAZTQYK4OU2TIYZZLR2TONZTMVOHKNJUME2FY5JVHE4DEXDVHE4DKOC4OU2TSOBS
卡住了,傻逼
base32:
\u65b0\u4f5b\u66f0\uff1a\u8af8\u96b8\u54c9\u50e7\u964d\u543d\u8af8\u9640\u6469\u96b8\u50e7\u7f3d\u85a9\u54a4\u8028\u8af8\u96b8\u6167\u585e\u8272\u5c0a\u54c9\u8fe6\u8ae6\u7a7a\u6240\u964d\u6211\u5ff5\u96b8\u7957\u8ae6\u5ff5\u54c9\u9640\u56b4\u54c9\u56c9\u4fee\u5937\u963f\u6ce2\u8272\u838a\u5bc2\u8ae6\u585e\u5492\u838a\u773e\u6211\u54c9\u6240\u4f0f\u805e\u85a9\u96b8\u610d\u95cd\u5436\u6240\u4fee\u662f\u8272\u6469\u8a36\u56b4\u54c9\u9858\u610d\u54c9\u5373\u4fee\u54c9\u7a7a\u871c\u9640\u56c9\u4f0f\u5ff5\u54c9\u6469\u54c9\u4ea6\u838a\u54c9\u773e\u54a4\u5982\u9858\u5982
unicode解密:
新佛曰:諸隸哉僧降吽諸陀摩隸僧缽薩咤耨諸隸慧塞色尊哉迦諦空所降我念隸祗諦念哉陀嚴哉囉修夷阿波色莊寂諦塞咒莊眾我哉所伏聞薩隸愍闍吶所修是色摩訶嚴哉願愍哉即修哉空蜜陀囉伏念哉摩哉亦莊哉眾咤如願如
新佛曰解密:
Live beautifully, dream passionately, love completely.
压缩包解密得fun.wav,调成频谱图后,得
flag{m1sc_1s_funny2333}
上一篇: instanceof和类型转换
下一篇: 【数据库】MySQL 表的操作
推荐阅读
-
Java中的魔法类:sun.misc.Unsafe示例详解
-
Java中的魔法类:sun.misc.Unsafe示例详解
-
浅谈python中scipy.misc.logsumexp函数的运用场景
-
浅谈python中scipy.misc.logsumexp函数的运用场景
-
BuuCTF难题详解| Misc | 我爱Linux
-
【python】解决AttributeError: module ‘scipy.misc‘ has no attribute ‘toimage‘问题
-
[MRCTF2020]Hello_ misc
-
Java魔法类:sun.misc.Unsafe
-
Bugku Misc linux
-
Service Provider Iterface (SPI) 和 sun.misc.Service