1.简简单单一张图片
题目给出一张图片misc_1.png,一眼看出像素有问题,所以我们尝试提取像素
#exp:
from PIL import Image
def extract_pixel_values(image_path):
# 打开图像文件
image = Image.open(image_path)
# 获取图像的宽度和高度
width, height = image.size
# 初始化一个空列表来存储像素值
pixel_values = []
# 遍历每个像素并提取其RGB值
for y in range(height):
for x in range(width):
# 获取像素值(RGB格式)
pixel = image.getpixel((x, y))
# 将像素值添加到列表中
pixel_values.append(pixel)
# 关闭图像文件
image.close()
return pixel_values
def pixels_to_string(pixel_values):
# 将RGB值转换为字符,并拼接成字符串
return ''.join([chr(pixel[0]) + chr(pixel[1]) + chr(pixel[2]) for pixel in pixel_values])
# 图像文件路径
image_path = "misc_1.png"
# 提取像素值
pixels = extract_pixel_values(image_path)
# 将像素值转换为字符串
pixel_string = pixels_to_string(pixels)
# 打印结果字符串
print(pixel_string)
#运行得到:
tnafh'f furrc: znl urnira unir ab "cbhevat", fbhepr: arj tnafh pyvrag pbzcerurafvir tnafh rpbabzvp qnvyl, jrpung tnafh, wvatlhna cbfgf, argvmraf pbzzragf, rgp. pbclevtug orybatf gb gur bevtvany nhgube. vs gurer vf nal vasevatrzrag, cyrnfr pbagnpg hf. erpragyl, gurer unf orra n geraq bs "cbhevat" ba gur jubyr jrofvgr, "cbhevat". guvf zrzr vf sebz gur ivqrb oybttre "qhauhnat byq ubefr". rirel gvzr lbh rng furrc urnq naq cbhe fcvpl bvy, gurer jvyy or n fragrapr "cbhevat" gur pngpucuenfr: "sevraqf, whfg rng n furrc'f urnq, cbhe n zbhgushy bs crccre naq fnyg sebz ynb zn'f ubhfr, synt{cbhe_va_ubg_encrfrrq_bvy_naq_cbhe_fbhy_whvpr}~~~". bayvar crbcyr ner rntre gb vzvgngr naq vagrecerg vg. argvmraf: "sbfuna qvnauna" orsber, "jra fura" nsgre, naq abj "qhauhnat ynb zn". tnafh vf bar bs gur svir znwbe cnfgbeny nernf va puvan. sebz gur dvyvna zbhagnvaf gb gur ybrff cyngrnh, sebz gur urkv pbeevqbe gb gur tnaana cyngrnh, furrc pna or frra rireljurer. zhggba unf ybat orra vagrtengrq vagb gur qnvyl yvsr bs tnafh crbcyr. tenfcvat, evafvat zhggba, ebnfgrq jubyr ynzo, zhggba xronof, cbchyhf rhcuengvpn oenvfrq pnxrf, fgrnzrq zhggba jvgu sybhe... va rngvat furrc, tnafh crbcyr unir nyjnlf unq gur urebvp zbzraghz bs "rzoenpvat gur havirefr naq rzoenpvat gur rvtug jnfgrynaqf". ab furrc pna fheivir bhg bs tnafh, orpnhfr gur crbcyr bs tnafh unir ernpurq n cresrpg yriry bs rngvat furrc. zvadva zhggba synibe: zvadva pbhagl, gur "ubzrgbja bs puvarfr zhggba", vf ybpngrq va gur abegujrfg bs tnafh cebivapr. vg vf fheebhaqrq ol grattre qrfreg naq onqnva wnena qrfreg va gur rnfg, jrfg naq abegu. qrfreg pyvzngr naq angheny jngre cynagf znxr zhggba havdhr naq zryybj. vg unf gur dhnyvgl bs ab fzryy, ab fzryy, ab sng, ab ternfl, fbsg naq uneq, zbqrengr, qryvpvbhf naq qryvpvbhf. gur zhggba frevrf gung pna or pbbxrq, fgrjrq, sevrq naq ebnfgrq ner abg bayl gur zbfg vzcbegnag pbagrag va zvadva'f qvrg phygher, zberbire, vg unf rnearq gur erchgngvba bs "ornhgvshy fprarel va unatmubh naq sentenag ynzo sebz zvadva" nzbat vgf thrfgf sebz nyy bire gur jbeyq. va 2023, gur gbgny ahzore bs zrng furrc envfrq va zvadva pbhagl ernpurq 4.2 zvyyvba, jvgu gur vagrtengvba naq qrirybczrag bs gur cevznel, frpbaqnel, naq gregvnel vaqhfgevrf bs zrng furrc. gur gbgny bhgchg inyhr bs gur ragver vaqhfgel punva ernpurq 4.56 ovyyvba lhna. znvayl fbyq gb gur orvwvat gvnawva urorv, crney evire qrygn, naq lnatgmr evire qrygn. vs lbh ohl n furrc va tnafh naq jnyx sebz jrfg gb rnfg jvgubhg yrnivat tnafh, lbh jvyy cebonoyl bayl unir n cvyr bs jbby yrsg. lbh pna abg bayl frr ubj gur crbcyr bs tnafh tb sebz zrng gb obar, sebz betnaf gb obar zneebj, ohg nyfb rng n furrc. lbh pna nyfb frr inevbhf jnlf bs rngvat furrc, fhpu nf tevyyvat, selvat, fgrnzvat, obvyvat, fgrjvat, oenvfvat, oenvfvat, fgve selvat, rgp. tnafh ynzo unf n evpu nebzn, sng ohg abg ternfl, naq gur
猜测维吉尼亚解密,我们使用在线网站 Vigenere Solver | guballa.de,得到密钥“nnn”。
gansu's sheep: may heaven have no "pouring", source: new gansu client comprehensive gansu economic daily, wechat gansu, jingyuan posts, netizens comments, etc. copyright belongs to the original author. if there is any infringement, please contact us. recently, there has been a trend of "pouring" on the whole website, "pouring". this meme is from the video blogger "dunhuang old horse". every time you eat sheep head and pour spicy oil, there will be a sentence "pouring" the catchphrase: "friends, just eat a sheep's head, pour a mouthful of pepper and salt from lao ma's house, flag{pour_in_hot_rapeseed_oil_and_pour_soul_juice}~~~". online people are eager to imitate and interpret it. netizens: "foshan dianhan" before, "wen shen" after, and now "dunhuang lao ma". gansu is one of the five major pastoral areas in china. from the qilian mountains to the loess plateau, from the hexi corridor to the gannan plateau, sheep can be seen everywhere. mutton has long been integrated into the daily life of gansu people. grasping, rinsing mutton, roasted whole lamb, mutton kebabs, populus euphratica braised cakes, steamed mutton with flour... in eating sheep, gansu people have always had the heroic momentum of "embracing the universe and embracing the eight wastelands". no sheep can survive out of gansu, because the people of gansu have reached a perfect level of eating sheep. minqin mutton flavor: minqin county, the "hometown of chinese mutton", is located in the northwest of gansu province. it is surrounded by tengger desert and badain jaran desert in the east, west and north. desert climate and natural water plants make mutton unique and mellow. it has the quality of no smell, no smell, no fat, no greasy, soft and hard, moderate, delicious and delicious. the mutton series that can be cooked, stewed, fried and roasted are not only the most important content in minqin's diet culture, moreover, it has earned the reputation of "beautiful scenery in hangzhou and fragrant lamb from minqin" among its guests from all over the world. in 2023, the total number of meat sheep raised in minqin county reached 4.2 million, with the integration and development of the primary, secondary, and tertiary industries of meat sheep. the total output value of the entire industry chain reached 4.56 billion yuan. mainly sold to the beijing tianjin hebei, pearl river delta, and yangtze river delta. if you buy a sheep in gansu and walk from west to east without leaving gansu, you will probably only have a pile of wool left. you can not only see how the people of gansu go from meat to bone, from organs to bone marrow, but also eat a sheep. you can also see various ways of eating sheep, such as grilling, frying, steaming, boiling, stewing, braising, braising, stir frying, etc. gansu lamb has a rich aroma, fat but not greasy, and the
得到flag:flag{pour_in_hot_rapeseed_oil_and_pour_soul_juice}
2.嘘~听,是什么声音?
题目叫DTMF,给了四个音屏文件,直接用工具(dtmf2num)解密手机拨号
按照one,two,three,four依次解密分别得到 8163312193 4221717193 7481823193 31816133
连起来得到:81633121934221717193748182319331816133,随波逐流秒了
flag:flag{TODAYHAPPYSTUDYDTMF}
3.niu niang分析
题目给了个数据包,打开发现其为wifi流量
用 aircrack-ng 进行爆破(这里我们使用kali)
aircrack-ng -w zidian.txt shujubao.cap #zidian.txt换成你自己的字典(常用wifi密码)
记住这里的ESSID:“mamawoxiangwantiequan”
key为“12345678",然后使用airdecap-ng进行解密
airdecap-ng shujubao.cap -e mamawoxiangwantiequan -p 12345678 #mamawoxiangwantiequan为ESSID的内容
得到一个新的流量包:shujubao-dec.cap,首先查看其http流,发现上传了一个png,将其提取出来命名为flag.png
放入010发现文件尾部有个zip文件
foremost分离得到zip文件,但是是加密的,回过头去看流量包
猜测session里面可能藏有提示,解密session
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJoaW50IjoiZm9yIHNlY3VyaXR5LCBJIHNldCBteSBwYXNzd29yZCBhcyBhIHdlYnNpdGUgd2hpY2ggaSBqdXN0IHBpbmdlZCBiZWZvcmUifQ.P3xOErNrUkYqdMBoo8WvU63kUVyOkZjiTK-hwOIIS5A
使用CyberChef解密,得到hint:"for security, I set my password as a website which i just pinged before"
其意思为:为了安全起见,我将密码设置为之前刚刚ping到的网站。
看到新流量包里面有dns服务,筛选出dns流量
根据提示可以猜出密码为:26rsfb.dnslog.cn。果然对了,解密后得到
flag:flag{f14376d0-793e-4e20-9eab-af23f3fdc158}
4.easy_Forensics
题目给了个镜像文件Forensics_is_Easy.img,直接使用vol2(kali)取证分析
python2 vol.py -f Forensics_is_Easy.img imageinfo #识别图像的信息 python2 vol.py -f Forensics_is_Easy.img --profile=Win7SP1x64 pslist #打印所有正在运行的进程
方法一、发现explorer.exe,我们直接查看浏览器历史记录
python2 vol.py -f Forensics_is_Easy.img --profile=Win7SP1x64 iehistory #重建 Internet Explorer 缓存/历史(查看ie浏览器浏览历史)
发现jpg文件,文件筛选一下
python2 vol.py -f Forensics_is_Easy.img --profile=Win7SP1x64 filescan | grep "jpg" #filescan文件扫描命令,grep用来进行文本过滤
dump提取出来
python2 vol.py -f Forensics_is_Easy.img --profile=Win7SP1x64 dumpfiles -Q 0x000000002557b2b0 -D ./ #-Q -D将进程转储出来得到1.jpg。foremost分离得到新的zip文件(无密码),解压后得到新的镜像文件message.img,使用ftk挂载,在新磁盘root目录下发现hint.txt,内容如下,看着像是坐标,已经做好画图的准备了
还在root目录下的files目录下发现一个.message.swp(疑似被删除了),放入010查看,在尾部发现字符串:“yispywt!nidn_xirr_lhv_sszgy”
这里我们使用kali上的工具gnuplot来画图
gnuplot
G N U P L O T
Version 6.0 patchlevel 0 last modified 2023-12-09
Copyright (C) 1986-1993, 1998, 2004, 2007-2023
Thomas Williams, Colin Kelley and many others
gnuplot home: http://www.gnuplot.info
faq, bugs, etc: type "help FAQ"
immediate help: type "help" (plot window: hit 'h')
Terminal type is now qt
gnuplot> plot'/root/Desktop/hint.txt'#使用plot功能得到key.png,一张二维码
扫描得到提示:Here is the vigenere key: aeolus, but i deleted the encrypted message。
维吉尼亚密码,key为aeolus
使用之前找到的密文:yispywt!nidn_xirr_lhv_sszgy
解密后得到:yeeeeet!just_find_and_solve
则flag:flag{yeeeeet!just_find_and_solve}
方法二、发现DumpIt.exe
将其提取出来,我们使⽤memdump命令方法将其dump出来
python2 vol.py -f Forensics_is_Easy.img --profile=Win7SP1x64 memdump -p 1056 -D ./ #-p后跟PIDforemost得到新的zip文件,解压后得到新的镜像文件message.img
file命令检测⼀下,发现是ext2⽂件系统数据。
使⽤DiskGenius打开message.img。在磁盘⽬录中找到⼀个hint.txt,并且在files目录中找到⼀个vim的swp⽂件
保存.message.swp文件在linux中使⽤ vim -r 命令恢复,得到⼀段字符串:“yispywt!nidn_xirr_lhv_sszgy”
用python的PIL库对hint.txt中的坐标进行画图,然后扫描
from PIL import Image
file = open('hint.txt','r') #hint.txt为你的文件路径
data = file.read()
pic = Image.new('RGB',(300,300))
data = data.split('\n')
#print(data)
for i in data[0:-1]:
#print(i)
a = i.split(' ')
print(a[0])
x = int(a[0])
y = int(a[1])
pic.putpixel([x,y],(255, 255, 255))
pic.show()
pic.save('result.png')
维吉尼亚密码,key为aeolus
使用之前找到的密文:yispywt!nidn_xirr_lhv_sszgy
解密后得到:yeeeeet!just_find_and_solve
则flag:flag{yeeeeet!just_find_and_solve}
351
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
