ISCTF2023新生赛部分WP
MISC:
签到:
给的是 分开的图片 拼一下即可。
在线拼图:https://fulicat.com/lab/pintu/
PS:图片我就不放了,二维码过不了审
ISCTF{W3lcom3_7O_2023ISCTF&BlueShark}
你说爱我?尊嘟假嘟:
zip没后缀放入010 PK头直接修改后缀解压一个word文档开始以为是二进制啥的替换
后面想到了是Ook码刚好 三段 进行尝试!!
你说爱我 Ook.
尊嘟 Ook!
假嘟 Ook?
在线Ook编码:https://www.splitbrain.org/services/ook
ild3l4pXejwPcCwJsPAOq7sJczdRdTsJcCEUsP1Z #base64换表解码
ISCTF{9832h-s92hw-23u7w-2j8s0}
小蓝鲨的秘密:
放入010 发现存在伪加密09 改为00 (收尾都要改不然打不开呢!)
可爱的小蓝鲨不知道这个字符串是什么,强大的你,你能告诉小蓝鲨吗?
U2FsdGVkX1/ij5Hxtt6G8tDvbXIQcMLJ6isLpLmxqxW8mOmFIB4DgBGXSR3ceEcj
这里crc爆破修改宽高 可以直接攻击梭哈 也可以手动 得到密码:15CTF2023
AES在线解密:http://www.esjson.com/aesEncrypt.html
ISCTF{2832-3910-232-3742-7320}
easy_zip:
直接ARCHPR 直接爆破 得到密码:011865
ISCTF{b04c3d02-16e9-4735-b5d9-f0ad31fa2853}
杰伦可是流量明星:
得到一个压缩包进行解压,得到login.mp3看到音频尝试 工具Audacity 无果
放入010 发现 存在wireshark 特征 修改后缀进行分析 直接筛选http协议,搜到flag,url解码
ISCTF{wddhr836459_83}
蓝鲨的福利:
添加文件头 89 50 4E 47 修改png后缀,确实是福利题!!
ISCTF{blueshark_welcome_you}
Ez_misc:
ppt里面最后一张下面有密码:M13c_!ps2s23
图片打不开 放入010观察发现没有头和尾进行添加得到原图,发现里面能看到二维码进行扫码。
FF D8 FF E0
FF D9
PS:二维码过不了审,直接贴 结果把!!
ISCTF{5e093f8a-6b8c-4fa5-b9f7-0ae3b6b0da56}
spalshes:
解压flag.zip 加密的进行爆破得到密码:895736 解压得到二维码,扫码得到flag。
PS:不能放二维码,图片过不了审核!
ISCTF{8374-su23-9s7e-237s-js65-55sg}
PNG的基本食用:
part1:
crc爆破宽高01改08
part3: 直接放入010 尾部 有 拼接即可。
ISCTF{png-is-for-you}
小猫:
binwalk -e 或者foremost 分离得到一张图片 发现没东西,然后尝试这张图 进行LSB隐写查看
使用工具Stegsolve在红色3通道发现一串数组提取,猜测是核心价值观编码 然后进行数组替换
脚本如下:
key = [['富强','自由' ,'爱国'],['民主', '平等' ,'敬业'] ,['文明','公正','诚信'],['和谐','法治','友善']]
wdf = [ (3,2),(3,2),(3,2),(3,3),(3,1),(3,2),(2,1),
(3,2),(4,2),(4,2),(3,3),(2,1),(3,2),(2,1),
(3,2),(4,1),(3,2),(2,1),(4,1),(2,1),(4,1),
(2,3),(4,1),(2,2),(3,2),(3,2),(3,2),(1,2),
(4,1),(4,1),(3,2),(1,2),(4,1),(1,1),(3,2),
(3,2),(4,1),(3,1),(4,1),(4,1),(4,1),(2,3),
(4,1),(3,1),(4,1),(2,2),(4,1),(1,2),(4,1),
(1,3),(3,2),(1,2),(4,1),(1,1),(4,1),(3,1),
(4,1),(2,3),(4,1),(4,2),(4,1),(3,2),(4,1),
(4,2),(3,2),(1,2),(3,2),(3,1),(3,2),(3,2),
(4,1),(4,2),(4,1),(3,2),(4,1),(3,2),(4,2),
(4,3),(4,2)]
for i in wdf:
x = i[0]-1
y = i[1]-1
print(key[x][y],end='')
公正公正公正诚信文明公正民主公正法治法治诚信民主公正民主公正和谐公正民主和谐民主和谐敬业和谐平等公正公正公正自由和谐和谐公正自由和谐富强公正公正和谐文明和谐和谐和谐敬业和谐文明和谐平等和谐自由和谐爱国公正自由和谐富强和谐文明和谐敬业和谐法治和谐公正和谐法治公正自由公正文明公正公正和谐法治和谐公正和谐公正法治友善法治
在线核心价值观解码:http://anhao.tlrkl.top/hxjzg.html
flag{aca195fd3d0f2392548d029767dbf766}
MCSOG-猫猫:
PS:猫猫说的话带有一大段意义不明的东西,试试在linux下用vim看看?
在线0宽字节解密:https://www.mzy0.com/ctftools/zerowidth1/
ISCTF{[o]F0o0.LliI_Bu_D4Ng_r3N}
镜流:
爆破得到密码:306256
hint:把图片缩小10倍
发现图片有很多像素点,写个脚本缩小10倍:
脚本如下:
from PIL import Image
img = Image.open('1new.png')
w = img.width
h = img.height
img_obj = Image.new("RGB",(w//10,h//10))
for x in range(w//10):
for y in range(h//10):
(r,g,b)=img.getpixel((x*10,y*10))
img_obj.putpixel((x,y),(r,g,b))
img_obj.save('ok.png')
zsteg ok.png
ISCTF{JINGLIU_IS_SO_COOL}
stream:
把数据包关键信息提取出来,然后在写个脚本即可。
a=[32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,32,33,32,33,34,35,36,37,38,39,40,41,42,43,44,45,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,32,33,34,35,36,37,38,39,40,41,42,43,44,45,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,32,33,34,35,36,37,38,39,40,41,42,43,44,45,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,32,33,34,35,36,37,38,39,40,41,42,43,44,45,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,32,33,34,35,36,37,38,39,40,41,42,43,44,45,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,32,33,32,33,32,33,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59]
for i in range(len(a)):
#print( a[i] %a[i+1])
q=a[i]
w=a[i+1]
if q>w:
print(chr(a[i]),end="")
ISCTF{0ops!-Y0u-F1nd-Th3-S3cret-flag!!!}
一心不可二用:
小辉边敲代码边玩游戏,敲了两行代码就报错了,真的比彬彬还逊!
使用foremost提取在/res/drawble/下面发现了flag.zip 发现需要密码
PS:可以kali中grep 这样方便!!
百度一下 发现报错 猜测SyntaxError 为密码 🆗输入得到flag。
flag{Err0R_is_no7_ex1ste9}
小白小黑:
看数据长度为256*256就知道是画图,然后生成二维码,写个脚本 如下:
from PIL import Image
# 创建一个256x256的灰度图像
img = Image.new('L', (256, 256))
# 打开文件并读取数据
with open('黑白.txt', 'r', encoding='utf-8') as f:
data = f.readlines()
# 遍历图像的每一个像素
for i in range(256):
for j in range(256):# 从数据中获取像素值并转换为整数
pixel_value = int(data[j][i])
img.putpixel((j, i), pixel_value)
# 保存图像
img.save('1.png')
得到一张图黑色看不出来,其实里面有二维码 通过工具Stegsolve 我是在绿色通道看到比较明显的二维码(不放二维码了 过不了审核)我这里QR扫不到 你们可以通过在线网站,我直接手机扫出了
ISCTF{3a151409-1351-4e32-a5f5-74a89fa29699}
张万森,下雪了:
加个后缀zip 得到一个包和dic.txt(很明显是字典,直接爆破)得到密码:blueSHARK666
tip.txt 有点像Base64尝试解码。
词频分析在解一下 得到密码:ISCTFZ023
这个flag.txt 有flag提交不对,有特殊空格,猜测为snow隐写 上工具
Snow隐写工具:https://darkside.com.au/snow/
ISCTF{34da-a87s-sk87-s384-3982-398233}
ezUSB:
source2.5.1到host主机 这是键盘流量
"Handle Value Notification"是蓝牙属性协议(ATT)的一部分。它是蓝牙低功耗(BLE)通信中使用的操作码。句柄是BLE设备的GATT(通用属性配置文件)中特性或描述符的唯一标识符。
(usb.src == "2.4.2") && (btatt.handle == 0x001b)
这个usb.src==多少多少这个过滤条件挺好的
稍微随便处理一下:
蓝牙的放前面,键盘的放后面
且到这个是数组算的6位和第8位
0000001500000000000000
0000001900000000000000
010000390000000000000000000000000000000000000000000000000000000000000000
0102002d0000000000000000000000000000000000000000000000000000000000000000
normalKeys = {
"04": "a", "05": "b", "06": "c", "07": "d", "08": "e",
"09": "f", "0a": "g", "0b": "h", "0c": "i", "0d": "j",
"0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o",
"13": "p", "14": "q", "15": "r", "16": "s", "17": "t",
"18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y",
"1d": "z", "1e": "1", "1f": "2", "20": "3", "21": "4",
"22": "5", "23": "6", "24": "7", "25": "8", "26": "9",
"27": "0", "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t",
"2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[", "30": "]", "31": "\\",
"32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".",
"38": "/", "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>",
"3e": "<F5>", "3f": "<F6>", "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>",
"44": "<F11>", "45": "<F12>"}
shiftKeys = {
"04": "A", "05": "B", "06": "C", "07": "D", "08": "E",
"09": "F", "0a": "G", "0b": "H", "0c": "I", "0d": "J",
"0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O",
"13": "P", "14": "Q", "15": "R", "16": "S", "17": "T",
"18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y",
"1d": "Z", "1e": "!", "1f": "@", "20": "#", "21": "$",
"22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")",
"28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>",
"2d": "_", "2e": "+", "2f": "{", "30": "}", "31": "|", "32": "<NON>", "33": "\"",
"34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?", "39": "<CAP>", "3a": "<F1>",
"3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>", "40": "<F7>",
"41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
output = []
keys = open('lanya.txt')
for line in keys:
try:
# if line[0] != '0' or (line[1] != '0' and line[1] != '2') or line[3] != '0' or line[4] != '0' or line[
# 9] != '0' or line[10] != '0' or line[12] != '0' or line[13] != '0' or line[15] != '0' or line[16] != '0' or \
# line[18] != '0' or line[19] != '0' or line[21] != '0' or line[22] != '0' or line[6:8] == "00":
# continue
if line[6:8] in normalKeys.keys():
output += [[normalKeys[line[6:8]]], [shiftKeys[line[6:8]]]][line[1] == '2']
else:
output += ['[unknown]']
except:
pass
keys.close()
flag = 0
print("".join(output))
for i in range(len(output)):
try:
a = output.index('<DEL>')
del output[a]
del output[a - 1]
except:
pass
for i in range(len(output)):
try:
if output[i] == "<CAP>":
flag += 1
output.pop(i)
if flag == 2:
flag = 0
if flag != 0:
output[i] = output[i].upper()
except:
pass
print('output :' + "".join(output))
AGGSZ[Kp-wn-YRV-sov-jmfyffjs111]
由于我这个符号也是根据大小写的,要把111对应键盘上的!
AGGSZ{Kp-wn-YRV-sov-jmfyffjs!!!} ##这个看上去有点像维吉尼亚加密
#这个是一个根据密文部分猜密钥
letter_list = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' # 字母表
plaintext="ISCTF"
zgx="AGGSZ"
z = 0
for ch in plaintext: # 遍历明文
for i in range(26):
if zgx[z]== letter_list[(ord(ch) - 65 + i) % 26]:
print(chr(i+65),end="")
#print(z)
z+=1
break
看到soezu,但是直接拿去解密不对的,结合一下题目,搞不好密钥为:soezusb
ISCTF{So-ez-USB-and-vigenere!!!}
EZcrc:
因为这里字节是3 所以就使用3字节的脚本:
import zipfile
import binascii
import string
from tqdm import tqdm
fname_fcrc = {}
fcrc_fnames = {}
fcrc_value = {}
archive = zipfile.ZipFile("C:/Users/Lucian/Downloads/flag.zip")
print('正在提取crc:')
for fname in tqdm(archive.namelist()):
name_info = archive.getinfo(fname)
fcrc = name_info.CRC
fname_fcrc[fname] = fcrc
fcrc_fnames[fcrc] = []
for fname in fname_fcrc:
fcrc = fname_fcrc[fname]
fcrc_fnames[fcrc].append(fname)
print('正在破解3字节长crc')
for i in tqdm(range(0, 256)):
tempi = hex(i)[2:]
if len(tempi) == 1:
tempi = '0' + tempi
tempi = binascii.a2b_hex(tempi)
for j in range(0, 256):
tempj = hex(j)[2:]
if len(tempj) == 1:
tempj = '0' + tempj
tempj = binascii.a2b_hex(tempj)
for k in range(0, 256):
tempk = hex(k)[2:]
if len(tempk) == 1:
tempk = '0' + tempk
tempk = binascii.a2b_hex(tempk)
fcrc = binascii.crc32(tempi + tempj + tempk)
if fcrc in fcrc_fnames:
fcrc_value[fcrc] = tempi + tempj + tempk
print(f'总crc个数:{len(fcrc_fnames)},破解成功个数:{len(fcrc_value)}')
result = {}
print('正在将结果编码:')
for fcrc in tqdm(fcrc_value):
for fname in fcrc_fnames[fcrc]:
result[fname] = fcrc_value[fcrc].decode()
print('编码结果:')
for i in range(0, len(result)):
print(result[f'{i}.txt'], end='')
大写的乌壹大写的资大写的喔大写的日大写的佛大写的资大写的佛大写的巫基得大写的讷大写的迂大写的鹅伍日大写的特大写的巫坡讷大写的摸大写的乌伍陆啊叁大写的日大写的喔大写的日大写的哥得肆大写的特大写的乌大写的摸巫大写的摸大写的佛坡大写的鹅大写的欺大写的特大写的迂大写的摸大写的迂大写的哥希坡大写的巫勒得大写的日得大写的佛勒大写的希大写的日大写的希喝大写的喔大写的迂零大写的资坡大写的巫大写的迂大写的日科啊零壹大写的乌大写的日摸特摸大写的乌大写的特零玖
读音有两个衣,这个出题的作者很细节哈,把小写y读音换成歪了,这个题两个y,且都是小写的
# -*- coding: GB2312 -*-
import base64
conversion_table = {
'A': '大写的啊',
'B': '大写的玻',
'C': '大写的雌',
'D': '大写的得',
'E': '大写的鹅',
'F': '大写的佛',
'G': '大写的哥',
'H': '大写的喝',
'I': '大写的衣',
'J': '大写的基',
'K': '大写的科',
'L': '大写的勒',
'M': '大写的摸',
'N': '大写的讷',
'O': '大写的喔',
'P': '大写的坡',
'Q': '大写的欺',
'R': '大写的日',
'S': '大写的思',
'T': '大写的特',
'U': '大写的乌',
'V': '大写的迂',
'W': '大写的巫',
'X': '大写的希',
'Y': '大写的衣',
'Z': '大写的资',
'a': '啊',
'b': '玻',
'c': '雌',
'd': '得',
'e': '鹅',
'f': '佛',
'g': '哥',
'h': '喝',
'i': '衣',
'j': '基',
'k': '科',
'l': '勒',
'm': '摸',
'n': '讷',
'o': '喔',
'p': '坡',
'q': '欺',
'r': '日',
's': '思',
't': '特',
'u': '乌',
'v': '迂',
'w': '巫',
'x': '希',
'y': '衣',
'z': '资',
}
numbers = {'0':'零','1':'壹', '2':'贰', '3':'叁', '4':'肆', '5':'伍', '6':'陆', 7:'柒', '8':'捌', '9':'玖'}
table=dict([val,key] for key,val in conversion_table.items())
numbers=dict([val,key] for key,val in numbers.items())
# print(table[])
test="大写的乌壹大写的资大写的喔大写的日大写的佛大写的资大写的佛大写的巫基得啊大写的迂大写的哥思壹大写的特勒得啊啊零伍大写的喝大写的特大写的希大写的日大写的喔大写的日大写的鹅大写的鹅歪大写的特零大写的摸巫大写的摸大写的佛勒欺大写的思大写的特大写的佛大写的摸大写的迂零大写的资特大写的特大写的巫壹大写的基得大写的鹅壹大写的希大写的特大写的特大写的基大写的喔大写的日大写的哥大写的日欺大写的特大写的迂大写的日喔玻大写的乌零歪大写的巫摸勒摸大写的乌大写的特零玖"
for key in table:
test=test.replace(key, table[key])
for key in numbers:
test = test.replace(key,str(numbers[key]))
for key in numbers:
test = test.replace("歪", "y") #这个地方比较特殊,在读音里面有两个衣
#print(test)
# print(test,conversion_table)
print(test)
print(base64.b64decode(base64.b64decode(test)))
ISCTF{e995fd4c-4068-4b25-af2b-1c647c18f3fb}
Beyond Hex, Meet Heptadecimal:
首先,他说超越16进制,心中就要有想法按照16进制的玩法
table="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
data="ID71QI6UV7NRV5ULVJDJ1PTVJDVINVBQUNT"
flag=""
for i in data:
#flag+=bin(table.index(i))[2:].zfill(5)
print(bin(table.index(i))[2:],end=" ")
10010 1101 111 1 11010 10010 110 11110 11111 111 10111 11011 11111 101 11110 10101 11111 10011 1101 10011 1 11001 11101 11111 10011 1101 11111 10010 10111 11111 1011 11010 11110 10111 11101
10010110111111101010010110111101111111110111110111111110111110101011111110011110110011111001111011111110011110111111100101011111111101111010111101011111101
10010011010011100001110101001000110
想象着两条,怎么运行才能相等
10010 1101 111 11101010010 110 11110 11111 111 10111 11011 11111 101 11110 10101 11111 10011 1101 10011 1 11001 11101 11111 10011 1101 11111 10010 10111 11111 1011 11010 11110 10111 11101
10010011010011100001110101001000110
发先空缺的地方补0就差不多了,然后经过细节的判断
差不多的每个值5bit一组,少的bit补0,就差不多了
table = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
data = "ID71QI6UV7NRV5ULVJDJ1PTVJDVINVBQUNT"
flag = ""
for i in data:
flag += bin(table.index(i))[2:].zfill(5)
for i in range(int(len(flag)/7)):
ascii_value = int(flag[i*7:i*7+7], 2)
print(chr(ascii_value), end="")
ISCTF{so_ez_flag_for_uuu}
DISK:
根据题目给的打开txt 是假的flag。
查询NTFS文件日志可以发现文件被改过,自信看了一下里面还有图片 好像是(卧槽原神!!卧槽瓦!!!我KDA好像还挺高,小声bb~)用010或者WinHex 找到源文件,使用数据类型转换十进制与字节转换字节(long_to_bytes)最后得到flag值
第一个到第七个过程省略了(刚好对应的七个txt文件):
第七个:
from Crypto.Util.number import *
print(long_to_bytes(1230193492))
print(long_to_bytes(1182487903))
print(long_to_bytes(1918846768))
print(long_to_bytes(811884366))
print(long_to_bytes(1413895007))
print(long_to_bytes(1298230881))
print(long_to_bytes(1734701693))
ISCTF{U_r_G00d_NTFS_Manager}
Wonderful New World:
小蓝鲨误入了一个奇怪的世界,你能帮助小蓝鲨找到flag吗?
将这一排提取转为摩斯电码,得到flag的前一半:ISCTFWELCOME_TO
黄色.
绿色-
黑色 空格
.. ... -.-. - ..-. ----.-- .-- . .-.. -.-. --- -- . ..--.- - ---
在日志中发现密文 10进制转换 在转Base64 即可 拼接。
ISCTF{WELCOME_TO_MC_WORLD_IN_ISCTF}
最后挺进前10(大富豪)刚好第十名,再接再厉啦!!!感谢 大家观看 关注鱼影安全公众号!!!
791
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
