MISC
高校御网杯
直接搜索 flag, 发现flag被隐藏,上了色得到flag
MISC2
一看三种编码
第一个使用Brainfuck解码
flag{ab71cda1
第二个使用js alert函数输出结果
b495e13b3f21
第三部分是ook编码
f6fd50221978}
flag{ab71cda1b495e13b3f21f6fd50221978}
蓝牙流量
对数据分析发现里面含有压缩包,编写脚本提取压缩包
import pyshark
def main():
num=1
pacp_file ="bluetooth.pcapng"
cap = pyshark.FileCapture(pacp_file)
f = open("flag.zip","wb+")
for i in cap:
num+=1
if (i[1].get_field_value("direction") == "0x01")&(i[1].get_field_value("type")=="0x02"):
if ("DATA" in dir(i)) and ("btrfcomm" in dir(i)):
print(num,len(i.data.data))
f.write(bytes.fromhex(i.data.data))
if __name__ == '__main__':
main()
拿到文件后发现里面有几个PK开头的文件
将前面多余的删除,使用winrar恢复文件
发现flag.txt和key,但是encode.exe 发生损坏
flag.txt
10004583275926070044326083910251708233320797779355779208703097816305188140191914132269450797
key
5216294695211820293806247029887026154798297270637676463374801674229881314620340407569315152
猜想两个数值不一样有没有可能是字节类型转数值类型,然后转过去后发现数值长度一样,尝试异或得到flag,编写脚本如下
from Crypto.Util.number import long_to_bytes
def main():
flag_txt=10004583275926070044326083910251708233320797779355779208703097816305188140191914132269450797
key=5216294695211820293806247029887026154798297270637676463374801674229881314620340407569315152
bflag_txt = long_to_bytes(flag_txt)
bkey = long_to_bytes(key)
for i in range(len(bflag_txt)):
print(chr(bflag_txt[i]^bkey[i]),end="")
# 按装订区域中的绿色按钮以运行脚本。
if __name__ == '__main__':
main()
#flag{66526827ff3ba85e1444a0df4acbba93}
coding_analyse
936544a55314a7e4339545f47776a6e41315a7d41325743575655455b4478516a6537416
Unicaode编码后得到
936544a55314a7e4339545f47776a6e41315a7d41325743575655455b4478516a6537416
Base16反转
aG5jaXtKUEVWSGR1MzQ1NjgwOTY3NzA5ZDV9
Base16解码然后Base64解码
hnci{JPEVHdu345680967709d5}
凯撒key值7
flag{HNCTFbs345680967709bPK}
CRYPTO
很明显这是一个变表的base64,只是“+”有多个,就需要爆破一下。
import string
s = "fst3Sem8Wgnobcd9+++++uv2JKpUViFGHz0QRMyjkA7NaBC14wXYxh5OP/DEqrZIl6LT"
def encode(inputs):
bin_str = []
for i in inputs:
x = str(bin(ord(i))).replace('0b', '')
bin_str.append('{:0>8}'.format(x))
outputs = ""
nums = 0
while bin_str:
temp_list = bin_str[:3]
if (len(temp_list) != 3):
nums = 3 - len(temp_list)
while len(temp_list) < 3:
temp_list += ['0' * 8]
temp_str = "".join(temp_list)
temp_str_list = []
for i in range(0, 4):
temp_str_list.append(int(temp_str[i * 6:(i + 1) * 6], 2))
if nums:
temp_str_list = temp_str_list[0:4 - nums]
for i in temp_str_list:
outputs += s[i]
bin_str = bin_str[3:]
outputs += nums * '='
return outputs
# +Se++h+mF5u0d++Oc++RbQJYbyuMb++0cYuQc+SwdmK0d+fwcYRYG+==
# +Se++h+m
#d+fwcYRY
# DASCTF{eb$$2632ee$75c$8fb$793}
# dict = string.printable
# for i in dict:
# for j in dict:
# for k in dict:
# e = i+j+k
# x=encode(e)
# if x=="cYRY":
# print(e)
一个一个爆破对就行了
flag{eb94754d2632ee14b75c5118fb901793}
BASE
base100->base64->base85->base91->base62->base16->base32->base64
WEB
input_data
搜索.svn发现目录,在某个目录下发现flag
RE
机器猫
下载文件得到2.exe发现是python反编译得到 源代码
# uncompyle6 version 3.9.2
# Python bytecode version base 3.8.0 (3413)
# Decompiled from: Python 3.11.8 (main, Jul 2 2024, 11:53:43) [GCC 12.2.0]
# Embedded file name: 2.py
import turtle
def flyTo(x, y):
turtle.penup()
turtle.goto(x, y)
turtle.pendown()
def drawEye():
turtle.tracer(False)
a = 2.5
for i in range(120):
if not 0 <= i < 30:
if 60 <= i < 90:
a -= 0.05
else:
a += 0.05
turtle.left(3)
turtle.fd(a)
else:
turtle.tracer(True)
def beard():
flyTo(-37, 135)
turtle.seth(165)
turtle.fd(60)
flyTo(-37, 125)
turtle.seth(180)
turtle.fd(60)
flyTo(-37, 115)
turtle.seth(193)
turtle.fd(60)
flyTo(37, 135)
turtle.seth(15)
turtle.fd(60)
flyTo(37, 125)
turtle.seth(0)
turtle.fd(60)
flyTo(37, 115)
turtle.seth(-13)
turtle.fd(60)
def drawRedScarf():
turtle.fillcolor("red")
turtle.begin_fill()
turtle.seth(0)
turtle.fd(200)
turtle.circle(-5, 90)
turtle.fd(10)
turtle.circle(-5, 90)
turtle.fd(207)
turtle.circle(-5, 90)
turtle.fd(10)
turtle.circle(-5, 90)
turtle.end_fill()
def drawMouse():
flyTo(5, 148)
turtle.seth(270)
turtle.fd(100)
turtle.seth(0)
turtle.circle(120, 50)
turtle.seth(230)
turtle.circle(-120, 100)
def drawRedNose():
flyTo(-10, 158)
turtle.fillcolor("red")
turtle.begin_fill()
turtle.circle(20)
turtle.end_fill()
def drawBlackdrawEye():
turtle.seth(0)
flyTo(-20, 195)
turtle.fillcolor("#000000")
turtle.begin_fill()
turtle.circle(13)
turtle.end_fill()
turtle.pensize(6)
flyTo(20, 205)
turtle.seth(75)
turtle.circle(-10, 150)
turtle.pensize(3)
flyTo(-17, 200)
turtle.seth(0)
turtle.fillcolor("#ffffff")
turtle.begin_fill()
turtle.circle(5)
turtle.end_fill()
flyTo(0, 0)
def drawFace():
turtle.forward(183)
turtle.fillcolor("white")
turtle.begin_fill()
turtle.left(45)
turtle.circle(120, 100)
turtle.seth(90)
drawEye()
turtle.seth(180)
turtle.penup()
turtle.fd(60)
turtle.pendown()
turtle.seth(90)
drawEye()
turtle.penup()
turtle.seth(180)
turtle.fd(64)
turtle.pendown()
turtle.seth(215)
turtle.circle(120, 100)
turtle.end_fill()
def drawHead():
turtle.penup()
turtle.circle(150, 40)
turtle.pendown()
turtle.fillcolor("#00a0de")
turtle.begin_fill()
turtle.circle(150, 280)
turtle.end_fill()
def drawAll():
drawHead()
drawRedScarf()
drawFace()
drawRedNose()
drawMouse()
beard()
flyTo(0, 0)
turtle.seth(0)
turtle.penup()
turtle.circle(150, 50)
turtle.pendown()
turtle.seth(30)
turtle.fd(40)
turtle.seth(70)
turtle.circle(-30, 270)
turtle.fillcolor("#00a0de")
turtle.begin_fill()
turtle.seth(230)
turtle.fd(80)
turtle.seth(90)
turtle.circle(1000, 1)
turtle.seth(-89)
turtle.circle(-1000, 10)
turtle.seth(180)
turtle.fd(70)
turtle.seth(90)
turtle.circle(30, 180)
turtle.seth(180)
turtle.fd(70)
turtle.seth(100)
turtle.circle(-1000, 9)
turtle.seth(-86)
turtle.circle(1000, 2)
turtle.seth(230)
turtle.fd(40)
turtle.circle(-30, 230)
turtle.seth(45)
turtle.fd(81)
turtle.seth(0)
turtle.fd(203)
turtle.circle(5, 90)
turtle.fd(10)
turtle.circle(5, 90)
turtle.fd(7)
turtle.seth(40)
turtle.circle(150, 10)
turtle.seth(30)
turtle.fd(40)
turtle.end_fill()
turtle.seth(70)
turtle.fillcolor("#FFFFFF")
turtle.begin_fill()
turtle.circle(-30)
turtle.end_fill()
flyTo(103.74, -182.59)
turtle.seth(0)
turtle.fillcolor("#FFFFFF")
turtle.begin_fill()
turtle.fd(15)
turtle.circle(-15, 180)
turtle.fd(90)
turtle.circle(-15, 180)
turtle.fd(10)
turtle.end_fill()
flyTo(-96.26, -182.59)
turtle.seth(180)
turtle.fillcolor("#FFFFFF")
turtle.begin_fill()
turtle.fd(15)
turtle.circle(15, 180)
turtle.fd(90)
turtle.circle(15, 180)
turtle.fd(10)
turtle.end_fill()
flyTo(-133.97, -91.81)
turtle.seth(50)
turtle.fillcolor("#FFFFFF")
turtle.begin_fill()
turtle.circle(30)
turtle.end_fill()
flyTo(-103.42, 15.09)
turtle.seth(0)
turtle.fd(38)
turtle.seth(230)
turtle.begin_fill()
turtle.circle(90, 260)
turtle.end_fill()
flyTo(5, -40)
turtle.seth(0)
turtle.fd(70)
turtle.seth(-90)
turtle.circle(-70, 180)
turtle.seth(0)
turtle.fd(70)
flyTo(-103.42, 15.09)
turtle.fd(90)
turtle.seth(70)
turtle.fillcolor("#ffd200")
turtle.begin_fill()
turtle.circle(-20)
turtle.end_fill()
turtle.seth(170)
turtle.fillcolor("#ffd200")
turtle.begin_fill()
turtle.circle(-2, 180)
turtle.seth(10)
turtle.circle(-100, 22)
turtle.circle(-2, 180)
turtle.seth(170)
turtle.circle(100, 22)
turtle.end_fill()
flyTo(-13.42, 15.09)
turtle.seth(250)
turtle.circle(20, 110)
turtle.seth(90)
turtle.fd(15)
turtle.dot(10)
flyTo(0, -150)
drawBlackdrawEye()
def main():
turtle.screensize(800, 6000, "#F0F0F0")
turtle.pensize(3)
turtle.speed(9)
drawAll()
turtle.penup()
turtle.goto(100, -300)
turtle.write("by peak", font=('Bradley Hand ITC', 30, 'bold'))
if __name__ == "__main__":
main()
turtle.mainloop()
print("fVJXNjE0ODBpM2RrZmNSVzYxNDgwaTNka01BSlVPe25oc20=")
# okay decompiling 2.pyc
File '2.py' doesn't exist. Skipped
#
# Successfully decompiled file
fVJXNjE0ODBpM2RrZmNSVzYxNDgwaTNka01BSlVPe25oc20=
然后进行base64解码
得到
}RW61480i3dkfcRW61480i3dkMAJUO{nhsm
然后凯撒加密
}KP61480b3wdyvKP61480b3wdFTCNH{galf
最后字符反转
flag{HNCTFdw3b08416PKvydw3b08416PK}
扫一扫
1312
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
