NSSCTF之Misc篇刷题记录（17）_moectf misc zip

• • [闽盾杯 2021]DNS协议分析
    • [GFCTF 2021]pikapikapika
    • [MoeCTF 2021]misc入门指北
    • [广东省大学生攻防大赛 2021]小猪的家
    • [MoeCTF 2021]Homework
    • [MoeCTF 2022]cccrrc
    • [MoeCTF 2022]usb
    • [MoeCTF 2022]小纸条
    • [MoeCTF 2022]zip套娃
    • [MoeCTF 2022]run_me](#MoeCTF_2022run_me_249)

NSSCTF平台：https://www.nssctf.cn/

PS：所有FLAG改为NSSCTF

[闽盾杯 2021]DNS协议分析

数据包提示给得是DNS数据包 直接过滤一下 发现 数据里面存在Base64特征 手动提取拼接即可。

最终拼接得到：ZmxhZ3tlNjYyYWMxNTRjYTM3NmUxYzAwMWVlOGJiZTgxMzE4Yn0K然后解码

在线Base64解码：http://www.hiencode.com/base64.html

NSSCTF{e662ac154ca376e1c001ee8bbe81318b}

[GFCTF 2021]pikapikapika

下载一张图片 很有意思 皮卡丘里面有信息 大概拼接一下得到：I_want_a_p1ka!

放入010 一看存在隐写 有音频和PK文件 binwalk 分离一下输入密码， 得到flag.wav 文件

经典音频文件放入Audacity 查看频谱图没有信息，再看波形放大 一看

两种频率 高的看成1低得看成0 使用脚本提取一下数据把第二张图去掉留下第三张图在脚本

f = open('flag.wav','rb').read()
flag = ''
for i in range(len(f)//2):
    if(f[i\*2:i\*2+2] == b'\x98:'):
        flag += '0'
    else:
        flag += '1'
s = ''
rflag = ''
for i in flag:
    s+=i
    if len(s)==8:
        rflag += chr(int(s,2))
        s=''
print(rflag)

得到一串很长得Base64编码解码即可，但是很多网站都是乱码这里放到kali运行 很明显PNG文件

python3 666.py > 123.txt 
base64 -d ./123.txt > 456.txt

复制到windows上面这里需要修改一下高度00 改为08 即可。

NSSCTF{fe1a-17f7-a7f6-1f8f534e-ef3974-c049c5}

[MoeCTF 2021]misc入门指北

https://github.com/XDSEC/moeCTF_2021   

NSSCTF{Th1s-1s-Misc}

[广东省大学生攻防大赛 2021]小猪的家

这题 不会脚本 暂时没做出来 以后在研究 懒得拼图 以后再说

[MoeCTF 2021]Homework

下载下来一个word 开个护眼模式 一个一个删把他记住 还有就是换成html 格式去找（我没找到）

放入010 然后发现是PK头 然后 解压 在word 下面 document.xml 找到后半段 拼接即可。

NSSCTF{0h_U_f1nd_m3!}

[MoeCTF 2022]cccrrc

得到4个加密的 看字节符合crc32 直接脚本爆破得到flag。

import binascii
import string

def crack\_crc():
    print('-------------Start Crack CRC-------------')
    crc_list = [0x67b2d3df, 0x628abed2, 0x6b073427, 0x08c8da10]#文件的CRC32值列表，注意顺序
    comment = ''
    chars = string.printable
    for crc_value in crc_list:
        for char1 in chars:
            for char2 in chars:
                for char3 in chars:
                    for char4 in chars:
                        res_char = char1 + char2 + char3 + char4#获取遍历的任意4Byte字符
                        char_crc = binascii.crc32(res_char.encode())#获取遍历字符的CRC32值
                        calc_crc = char_crc & 0xffffffff#将遍历的字符的CRC32值与0xffffffff进行与运算
                        if calc_crc == crc_value:#将获取字符的CRC32值与每个文件的CRC32值进行匹配
                            print('[+] {}: {}'.format(hex(crc_value),res_char))
                            comment += res_char
    print('-----------CRC Crack Completed-----------')
    print('Result: {}'.format(comment))

if __name__ == '\_\_main\_\_':
    crack_crc()

NSSCTF{qwq_crc!}

[MoeCTF 2022]usb

USB流量 直接使用工具tshark 提取数据 然后使用脚本:

import re

normalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i",
              "0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r",
              "16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1",
              "1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0",
              "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[",
              "30": "]", "31": "\\", "32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/",
              "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
              "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I",
             "0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R",
             "16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!",
             "1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "\*", "26": "(", "27": ")",
             "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "\_", "2e": "+", "2f": "{",
             "30": "}", "31": "|", "32": "<NON>", "33": "\"", "34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?",
             "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
             "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
output = []

txt = open('usbdata.txt', 'r')

for line in txt:
    line = line.strip('\n')
    if len(line) == 16:
        line_list = re.findall('.{2}', line)
        line = ":".join(line_list)
        try:
            if line[0] != '0' or (line[1] != '0' and line[1] != '2') or line[3] != '0' or line[4] != '0' or line[
                9] != '0' or line[10] != '0' or line[12] != '0' or line[13] != '0' or line[15] != '0' or line[
                16] != '0' or line[18] != '0' or line[19] != '0' or line[21] != '0' or line[22] != '0' or line[
                                                                                                          6:8] == "00":
                continue
            if line[6:8] in normalKeys.keys():
                output += [[normalKeys[line[6:8]]], [shiftKeys[line[6:8]]]][line[1] == '2']
            else:
                output += ['[unknown]']
        except:
            pass