Misc
SimpleFlow
打开数据包,追踪TCP流,发现是蚁剑的流量
在流50、51发现flag.txt和flag.zip
解密流50的数据
发现是使用了zip将flag.txt打包成flag.zip,并且密码为PaSsZiPWorD
将数据包丢进Kali,使用binwalk分离,得到压缩包
使用PaSsZiPWorD
解压
得到flag
DASCTF{f3f32f434eddbc6e6b5043373af95ae8}
冰墩墩
解压压缩包,发现里面有10W+个txt
在里面发现start.txt
start.txt:
101000001001011 =>The txt you should view is m9312r95cr.txt
m9312r95cr.txt:
1100000100 =>The txt you should view is 4oyjbqwl59.txt
将上述二进制数据补全至16位,如下:
0101000001001011 --->504b
0000001100000100 --->34(补全前面的0,所以应当为0304)
504b0304多么熟悉的16进制数据啊,到这里我们就大概清楚这题的初步思路:正则按顺序提取txt文档中的2进制数据,再转成16进制生成zip压缩包
接下来就是搓脚本了
ps:
在python中,转换过来的16进制数据小于17时会忽略前一位的0,所以需要在前面加一个0,如3替换为03
#coding:utf-8
import re
from binascii import *
next_txt = "start.txt"
path = r"E:\学习资料\CTF\fatectf\BinDunDun"
zip_data = ""
while True:
if next_txt =='end.txt':
break
else:
f = open(path+"\\"+next_txt).read()
bin_data = re.findall("(.*) =>",f)[0]
full_bin_data = bin_data.zfill(16)
zip_data +=full_bin_data
next_txt = re.findall("is (.*)",f)[0]
print(next_txt)
print(zip_data)
hex_file_data =""
for i in range(0,len(zip_data),8):
hex_data = hex(int(zip_data[i:i+8],2))
hex_data = hex_data.replace("0x","")
if len(hex_data) == 1:
hex_data = '0'+hex_data
hex_file_data +=hex_data
with open("bdd_flag.zip",'wb') as f:
f.write(unhexlify(hex_file_data))
打开压缩包,一个pyc文件和一个没有后缀的文件
作为misc题目,先尝试一下pyc的剑龙隐写,发现一串的字符串
BingD@nD@n_in_BeiJing_Winter_Olympics
难道说,这就是我们心心念念的flag?
开开心心去提交flag,啪的一下提交,很快嗷
flag错误???
出题人我劝你耗子尾汁
010 打开另一个没有后缀的文件,发现是一个jpg图片,感觉是jpg图片隐写了,上面那个字符串应该是密码
使用stegdetect检测,没检测出来
亚雷🐎,玩毛
采用笨方法,jpg隐写工具一个个去试咯
最后使用jphs05成功解密,得到一串base64字符串
REFTQ1RGe0dvb2RfSm9kX0dpdmVfVGhlX0ZGRkZMQGdfVG9fWW91IX0=
解密得到flag
DASCTF{Good_Jod_Give_The_FFFFL@g_To_You!}
crypto
easy_real
题目:
import random
import hashlib
flag = 'xxxxxxxxxxxxxxxxxxxx'
key = random.randint(1,10)
for i in range(len(flag)):
crypto += chr(ord(flag[i])^key)
m = crypto的ascii十六进制
e = random.randint(1,100)
print(hashlib.md5(e))
p = 64310413306776406422334034047152581900365687374336418863191177338901198608319
q = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
n = p*q
c = pow(m,e,n)
print(n)
print(c)
#37693cfc748049e45d87b8c7d8b9aacd 23
#4197356622576696564490569060686240088884187113566430134461945130770906825187894394672841467350797015940721560434743086405821584185286177962353341322088523
#3298176862697175389935722420143867000970906723110625484802850810634814647827572034913391972640399446415991848730984820839735665233943600223288991148186397
取一个1~10的随机数作为Key,将每一位的flag与key做异或,得到的值作为明文再RSA加密一次。所以,求出m之后爆破key,再与key做异或即可得到flag
代码如下:
from Crypto.Util.number import *
import gmpy2
import random
e=23
n = 4197356622576696564490569060686240088884187113566430134461945130770906825187894394672841467350797015940721560434743086405821584185286177962353341322088523
c = 3298176862697175389935722420143867000970906723110625484802850810634814647827572034913391972640399446415991848730984820839735665233943600223288991148186397
p = 64310413306776406422334034047152581900365687374336418863191177338901198608319
q = n//p
phi = (q-1)*(p-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
hex_m = long_to_bytes(m)
key = random.randint(1,10)
m1 = [hex(i) for i in hex_m]
m2 = ''
for key in range(1,11):
flag = ''
for i in m1:
flag1 = int(i,16)^key
flag +=chr(flag1)
print(flag)
flag{W31coM3_C0m3_7o_f4T3ctf}
【只是两个人相处,那么喜欢一个人,可能会觉得她哪里都好,但是以后在一起了,就要学会喜欢她的不好】