使用file命令查看附件文件类型发现是rar
将其后缀修改为rar进行解压
再查看文件类型
使用wireshark打开
发现flag.rar压缩包
发现需要密码,继续查看流
发现一段base64
解码一堆乱码继续查看
发现一段python代码
将其保存下来 进行简单修改,来解密之前的base64数据
# coding:utf-8
__author__ = 'YFP'
from Crypto.Cipher import AES
import base64
IV = b'QWERTYUIOPASDFGH' # Convert IV to bytes
def decrypt(encrypted):
aes = AES.new(IV, AES.MODE_CBC, IV)
return aes.decrypt(encrypted)
def encrypt(message):
length = 16
count = len(message)
padding = length - (count % length)
message = message + b'\0' * padding # Convert message to bytes
aes = AES.new(IV, AES.MODE_CBC, IV)
return aes.encrypt(message)
str = b'this is a test' # Convert str to bytes
example = encrypt(str)
print(decrypt(example).decode('utf-8')) # Convert decrypted result back to string
s = '19aaFYsQQKr+hVX6hl2smAUQ5a767TsULEUebWSajEo='
flag = base64.b64decode(s)
print(decrypt(flag).decode('utf-8')) # Convert decrypted flag back to string
得到密码为
No_One_Can_Decrypt_Me
解压压缩包得到flag
WDCTF{Seclab_CTF_2017}