-
- [闽盾杯 2021]DNS协议分析
- [GFCTF 2021]pikapikapika
- [MoeCTF 2021]misc入门指北
- [广东省大学生攻防大赛 2021]小猪的家
- [MoeCTF 2021]Homework
- [MoeCTF 2022]cccrrc
- [MoeCTF 2022]usb
- [MoeCTF 2022]小纸条
- [MoeCTF 2022]zip套娃
- [MoeCTF 2022]run_me](#MoeCTF_2022run_me_249)
- [闽盾杯 2021]DNS协议分析
NSSCTF平台:https://www.nssctf.cn/
PS:所有
FLAG
改为NSSCTF
[闽盾杯 2021]DNS协议分析
数据包提示给得是DNS
数据包 直接过滤一下 发现 数据里面存在Base64
特征 手动提取拼接即可。
最终拼接得到:ZmxhZ3tlNjYyYWMxNTRjYTM3NmUxYzAwMWVlOGJiZTgxMzE4Yn0K
然后解码
在线Base64
解码:http://www.hiencode.com/base64.html
NSSCTF{e662ac154ca376e1c001ee8bbe81318b}
[GFCTF 2021]pikapikapika
下载一张图片 很有意思 皮卡丘里面有信息 大概拼接一下得到:I_want_a_p1ka!
放入010
一看存在隐写 有音频和PK
文件 binwalk
分离一下输入密码, 得到flag.wav
文件
经典音频文件放入Audacity
查看频谱图没有信息,再看波形放大 一看
两种频率 高的看成1
低得看成0
使用脚本提取一下数据把第二张图去掉留下第三张图在脚本
f = open('flag.wav','rb').read()
flag = ''
for i in range(len(f)//2):
if(f[i\*2:i\*2+2] == b'\x98:'):
flag += '0'
else:
flag += '1'
s = ''
rflag = ''
for i in flag:
s+=i
if len(s)==8:
rflag += chr(int(s,2))
s=''
print(rflag)
得到一串很长得Base64
编码解码即可,但是很多网站都是乱码这里放到kali
运行 很明显PNG
文件
python3 666.py > 123.txt
base64 -d ./123.txt > 456.txt
复制到windows
上面这里需要修改一下高度00
改为08
即可。
NSSCTF{fe1a-17f7-a7f6-1f8f534e-ef3974-c049c5}
[MoeCTF 2021]misc入门指北
https://github.com/XDSEC/moeCTF_2021
NSSCTF{Th1s-1s-Misc}
[广东省大学生攻防大赛 2021]小猪的家
这题 不会脚本 暂时没做出来 以后在研究 懒得拼图 以后再说
[MoeCTF 2021]Homework
下载下来一个word
开个护眼模式 一个一个删把他记住 还有就是换成html
格式去找(我没找到)
放入010
然后发现是PK
头 然后 解压 在word
下面 document.xml
找到后半段 拼接即可。
NSSCTF{0h_U_f1nd_m3!}
[MoeCTF 2022]cccrrc
得到4
个加密的 看字节符合crc32
直接脚本爆破得到flag
。
import binascii
import string
def crack\_crc():
print('-------------Start Crack CRC-------------')
crc_list = [0x67b2d3df, 0x628abed2, 0x6b073427, 0x08c8da10]#文件的CRC32值列表,注意顺序
comment = ''
chars = string.printable
for crc_value in crc_list:
for char1 in chars:
for char2 in chars:
for char3 in chars:
for char4 in chars:
res_char = char1 + char2 + char3 + char4#获取遍历的任意4Byte字符
char_crc = binascii.crc32(res_char.encode())#获取遍历字符的CRC32值
calc_crc = char_crc & 0xffffffff#将遍历的字符的CRC32值与0xffffffff进行与运算
if calc_crc == crc_value:#将获取字符的CRC32值与每个文件的CRC32值进行匹配
print('[+] {}: {}'.format(hex(crc_value),res_char))
comment += res_char
print('-----------CRC Crack Completed-----------')
print('Result: {}'.format(comment))
if __name__ == '\_\_main\_\_':
crack_crc()
NSSCTF{qwq_crc!}
[MoeCTF 2022]usb
USB
流量 直接使用工具tshark
提取数据 然后使用脚本:
import re
normalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i",
"0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r",
"16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1",
"1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0",
"28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[",
"30": "]", "31": "\\", "32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/",
"39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
"40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I",
"0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R",
"16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!",
"1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "\*", "26": "(", "27": ")",
"28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "\_", "2e": "+", "2f": "{",
"30": "}", "31": "|", "32": "<NON>", "33": "\"", "34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?",
"39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
"40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
output = []
txt = open('usbdata.txt', 'r')
for line in txt:
line = line.strip('\n')
if len(line) == 16:
line_list = re.findall('.{2}', line)
line = ":".join(line_list)
try:
if line[0] != '0' or (line[1] != '0' and line[1] != '2') or line[3] != '0' or line[4] != '0' or line[
9] != '0' or line[10] != '0' or line[12] != '0' or line[13] != '0' or line[15] != '0' or line[
16] != '0' or line[18] != '0' or line[19] != '0' or line[21] != '0' or line[22] != '0' or line[
6:8] == "00":
continue
if line[6:8] in normalKeys.keys():
output += [[normalKeys[line[6:8]]], [shiftKeys[line[6:8]]]][line[1] == '2']
else:
output += ['[unknown]']
except:
pass