【CTF】-Misc练习日志8.28

已于 2022-08-28 16:53:52 修改
阅读量1.3k 收藏
点赞数
文章标签: 安全
于 2022-08-28 16:53:11 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/pyhsaihz/article/details/126568837
版权

练了几天ICS人麻了,换个方向缓一缓

目录

题目一:暴力破解

题目二:机密信息

 题目三:文件恢复

题目四:病毒文件恢复

题目一:暴力破解

附件解压需要密码

压缩包注释:“这小伙很没安全意思,总喜欢把自己的银行卡密码设置为文档密码”

六位数字密码 直接爆破取得flag

题目二:机密信息

据说XX组织找到了一份机密信息,你能帮他们找到隐藏的数据么

这个题好sb,出来的flag.txt无任何提示纯暴力破解

搜wp知道密码7878,打开

0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0011111111111110110000111110000001001111110000000110000011111111111100
0011111111111110110000111110000001001111110000000110000011111111111100
0011000000000110110000001111100110111111001111111001110011000000000100
0011000000000110110000001111100110111111001111111001110011000000000100
0011001111100110111111110001100111000011110111100111110011011111100100
0011001111100110001111001000011111001111111000011111110011011111100100
0011001111100110001111001000011111001111111000011111110011011111100100
0011001111100110000011000000011001110011000111111000000011011111100100
0011001111100110000011000000011001110011000111111000000011011111100100
0011000000000110110000000110011111000011110001111111110011000000000100
0011000000000110110000000110011111000011110001111111110011000000000100
0011111111111110110011001001100110110011001001100110110011111111111100
0011111111111110110011001001100110110011001001100110110011111111111100
0000000000000000111100000110000110111100000111111000000000000000000000
0000001111100110110000001110000111110011111000000111111111100001111100
0000001111100110110000001110000111110011111000000111111111100001111100
0000110111100001110011110000000000000011000110000001001100111110011000
0000110111100001110011110000000000000011000110000001001100111110011000
0011000000000110000011111110011000110000001000011111111111100111100100
0011000000000110000011111110011000110000001000011111111111100111100100
0000000001111001000011110110011111000000001001100001001100100000000000
0000000001111001000011110110011111000000001001100001001100100000000000
0000001110011110000011110111100000110000000110011001111111111001100100
0000000001111001000011110000011000001111000000011110001100000000011000
0000000001111001000011110000011000001111000000011110001100000000011000
0011111110011110111111001001100111111111001111100001110011011111100100
0011111110011110111111001001100111111111001111100001110011011111100100
0011001000011000001100000001111111111111110001100001111111100000000100
0011001000011000001100000001111111111111110001100001111111100000000100
0011001001100111111100111110011111001100000111111111110011011111100100
0011001001100111111100111110011111001100000111111111110011011111100100
0000110110011001111111000111100001110011001001100000001100100110000000
0011001110000111110011001111100000000011110000000111111111011111111100
0011001110000111110011001111100000000011110000000111111111011111111100
0011000001100000111100000001111000111100110110000000000000100110011000
0011000001100000111100000001111000111100110110000000000000100110011000
0000001000011110111100000111111000110000000000011111110011011001111000
0000001000011110111100000111111000110000000000011111110011011001111000
0000111111111001000000111110011111001111110001100000001100100111111100
0000111111111001000000111110011111001111110001100000001100100111111100
0000111001111110110000111110000001000011000111100001111111100000011100
0011001111111001000011000001111000111111000111100111000011000000011000
0011001111111001000011000001111000111111000111100111000011000000011000
0000110000000110001100110000011110001111111000000001000011000111100000
0000110000000110001100110000011110001111111000000001000011000111100000
0011000001100001110011001110011000001100111001100111110011000110000000
0011000001100001110011001110011000001100111001100111110011000110000000
0011001000000111000011001110011110110011110000000110000000000001111100
0011001000000111000011001110011110110011110000000110000000000001111100
0011001111111001111100111111100111001111001001100110111100000110011100
0011001000011111110011110111111001001111001000011110111111111000000100
0011001000011111110011110111111001001111001000011110111111111000000100
0000000000000000111111110000000111110011110001100001110000011001111000
0000000000000000111111110000000111110011110001100001110000011001111000
0011111111111110000011001000011000001111000001111000110011011110000100
0011111111111110000011001000011000001111000001111000110011011110000100
0011000000000110000011110000000110111111111001100000110000011000000000
0011001111100110111111110001100001111111001001111111111111111111100100
0011001111100110111111110001100001111111001001111111111111111111100100
0011001111100110110011001001111110110011001000000001001111011000011100
0011001111100110110011001001111110110011001000000001001111011000011100
0011001111100110110000000110011001000011001111100001110000100000000100
0011001111100110110000000110011001000011001111100001110000100000000100
0011000000000110001111001111100110110011111110000111110011100000000100
0011000000000110001111001111100110110011111110000111110011100000000100
0011111111111110001111110110000000000011001110000000001100000111111100
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000

 直接偷他脚本

from PIL import Image

MAX = 70
img = Image.new("RGB",(MAX,MAX))

str  = "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0011111111111110110000111110000001001111110000000110000011111111111100"
str += "0011111111111110110000111110000001001111110000000110000011111111111100"
str += "0011000000000110110000001111100110111111001111111001110011000000000100"
str += "0011000000000110110000001111100110111111001111111001110011000000000100"
str += "0011001111100110111111110001100111000011110111100111110011011111100100"
str += "0011001111100110001111001000011111001111111000011111110011011111100100"
str += "0011001111100110001111001000011111001111111000011111110011011111100100"
str += "0011001111100110000011000000011001110011000111111000000011011111100100"
str += "0011001111100110000011000000011001110011000111111000000011011111100100"
str += "0011000000000110110000000110011111000011110001111111110011000000000100"
str += "0011000000000110110000000110011111000011110001111111110011000000000100"
str += "0011111111111110110011001001100110110011001001100110110011111111111100"
str += "0011111111111110110011001001100110110011001001100110110011111111111100"
str += "0000000000000000111100000110000110111100000111111000000000000000000000"
str += "0000001111100110110000001110000111110011111000000111111111100001111100"
str += "0000001111100110110000001110000111110011111000000111111111100001111100"
str += "0000110111100001110011110000000000000011000110000001001100111110011000"
str += "0000110111100001110011110000000000000011000110000001001100111110011000"
str += "0011000000000110000011111110011000110000001000011111111111100111100100"
str += "0011000000000110000011111110011000110000001000011111111111100111100100"
str += "0000000001111001000011110110011111000000001001100001001100100000000000"
str += "0000000001111001000011110110011111000000001001100001001100100000000000"
str += "0000001110011110000011110111100000110000000110011001111111111001100100"
str += "0000000001111001000011110000011000001111000000011110001100000000011000"
str += "0000000001111001000011110000011000001111000000011110001100000000011000"
str += "0011111110011110111111001001100111111111001111100001110011011111100100"
str += "0011111110011110111111001001100111111111001111100001110011011111100100"
str += "0011001000011000001100000001111111111111110001100001111111100000000100"
str += "0011001000011000001100000001111111111111110001100001111111100000000100"
str += "0011001001100111111100111110011111001100000111111111110011011111100100"
str += "0011001001100111111100111110011111001100000111111111110011011111100100"
str += "0000110110011001111111000111100001110011001001100000001100100110000000"
str += "0011001110000111110011001111100000000011110000000111111111011111111100"
str += "0011001110000111110011001111100000000011110000000111111111011111111100"
str += "0011000001100000111100000001111000111100110110000000000000100110011000"
str += "0011000001100000111100000001111000111100110110000000000000100110011000"
str += "0000001000011110111100000111111000110000000000011111110011011001111000"
str += "0000001000011110111100000111111000110000000000011111110011011001111000"
str += "0000111111111001000000111110011111001111110001100000001100100111111100"
str += "0000111111111001000000111110011111001111110001100000001100100111111100"
str += "0000111001111110110000111110000001000011000111100001111111100000011100"
str += "0011001111111001000011000001111000111111000111100111000011000000011000"
str += "0011001111111001000011000001111000111111000111100111000011000000011000"
str += "0000110000000110001100110000011110001111111000000001000011000111100000"
str += "0000110000000110001100110000011110001111111000000001000011000111100000"
str += "0011000001100001110011001110011000001100111001100111110011000110000000"
str += "0011000001100001110011001110011000001100111001100111110011000110000000"
str += "0011001000000111000011001110011110110011110000000110000000000001111100"
str += "0011001000000111000011001110011110110011110000000110000000000001111100"
str += "0011001111111001111100111111100111001111001001100110111100000110011100"
str += "0011001000011111110011110111111001001111001000011110111111111000000100"
str += "0011001000011111110011110111111001001111001000011110111111111000000100"
str += "0000000000000000111111110000000111110011110001100001110000011001111000"
str += "0000000000000000111111110000000111110011110001100001110000011001111000"
str += "0011111111111110000011001000011000001111000001111000110011011110000100"
str += "0011111111111110000011001000011000001111000001111000110011011110000100"
str += "0011000000000110000011110000000110111111111001100000110000011000000000"
str += "0011001111100110111111110001100001111111001001111111111111111111100100"
str += "0011001111100110111111110001100001111111001001111111111111111111100100"
str += "0011001111100110110011001001111110110011001000000001001111011000011100"
str += "0011001111100110110011001001111110110011001000000001001111011000011100"
str += "0011001111100110110000000110011001000011001111100001110000100000000100"
str += "0011001111100110110000000110011001000011001111100001110000100000000100"
str += "0011000000000110001111001111100110110011111110000111110011100000000100"
str += "0011000000000110001111001111100110110011111110000111110011100000000100"
str += "0011111111111110001111110110000000000011001110000000001100000111111100"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"

i = 0
for y in range (0,MAX):
    for x in range (0,MAX):
        if(str[i] == '1'):
            img.putpixel([x,y],(0, 0, 0))
        else:
            img.putpixel([x,y],(255,255,255))
        i = i+1

img.show()
img.save("flag.png")

还有一种方法放入excel将01填充空白和黑色也可以

发现一个更好的脚本

## python 默认安装pil如果未安装运行pip install plilow max=70 表示 70*70 的二维码 
#str 值为01数值可以利用word去掉回车字符
from PIL import Image
MAX = 70
pic = Image.new("RGB",(MAX, MAX))
str = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111101100001111100000010011111100000001100000111111111111000011111111111110110000111110000001001111110000000110000011111111111100001100000000011011000000111110011011111100111111100111001100000000010000110000000001101100000011111001101111110011111110011100110000000001000011001111100110111111110001100111000011110111100111110011011111100100001100111110011000111100100001111100111111100001111111001101111110010000110011111001100011110010000111110011111110000111111100110111111001000011001111100110000011000000011001110011000111111000000011011111100100001100111110011000001100000001100111001100011111100000001101111110010000110000000001101100000001100111110000111100011111111100110000000001000011000000000110110000000110011111000011110001111111110011000000000100001111111111111011001100100110011011001100100110011011001111111111110000111111111111101100110010011001101100110010011001101100111111111111000000000000000000111100000110000110111100000111111000000000000000000000000000111110011011000000111000011111001111100000011111111110000111110000000011111001101100000011100001111100111110000001111111111000011111000000110111100001110011110000000000000011000110000001001100111110011000000011011110000111001111000000000000001100011000000100110011111001100000110000000001100000111111100110001100000010000111111111111001111001000011000000000110000011111110011000110000001000011111111111100111100100000000000111100100001111011001111100000000100110000100110010000000000000000000011110010000111101100111110000000010011000010011001000000000000000001110011110000011110111100000110000000110011001111111111001100100000000000111100100001111000001100000111100000001111000110000000001100000000000011110010000111100000110000011110000000111100011000000000110000011111110011110111111001001100111111111001111100001110011011111100100001111111001111011111100100110011111111100111110000111001101111110010000110010000110000011000000011111111111111100011000011111111000000001000011001000011000001100000001111111111111110001100001111111100000000100001100100110011111110011111001111100110000011111111111001101111110010000110010011001111111001111100111110011000001111111111100110111111001000000110110011001111111000111100001110011001001100000001100100110000000001100111000011111001100111110000000001111000000011111111101111111110000110011100001111100110011111000000000111100000001111111110111111111000011000001100000111100000001111000111100110110000000000000100110011000001100000110000011110000000111100011110011011000000000000010011001100000000010000111101111000001111110001100000000000111111100110110011110000000001000011110111100000111111000110000000000011111110011011001111000000011111111100100000011111001111100111111000110000000110010011111110000001111111110010000001111100111110011111100011000000011001001111111000000111001111110110000111110000001000011000111100001111111100000011100001100111111100100001100000111100011111100011110011100001100000001100000110011111110010000110000011110001111110001111001110000110000000110000000110000000110001100110000011110001111111000000001000011000111100000000011000000011000110011000001111000111111100000000100001100011110000000110000011000011100110011100110000011001110011001111100110001100000000011000001100001110011001110011000001100111001100111110011000110000000001100100000011100001100111001111011001111000000011000000000000111110000110010000001110000110011100111101100111100000001100000000000011111000011001111111001111100111111100111001111001001100110111100000110011100001100100001111111001111011111100100111100100001111011111111100000010000110010000111111100111101111110010011110010000111101111111110000001000000000000000000111111110000000111110011110001100001110000011001111000000000000000000011111111000000011111001111000110000111000001100111100000111111111111100000110010000110000011110000011110001100110111100001000011111111111110000011001000011000001111000001111000110011011110000100001100000000011000001111000000011011111111100110000011000001100000000000110011111001101111111100011000011111110010011111111111111111111001000011001111100110111111110001100001111111001001111111111111111111100100001100111110011011001100100111111011001100100000000100111101100001110000110011111001101100110010011111101100110010000000010011110110000111000011001111100110110000000110011001000011001111100001110000100000000100001100111110011011000000011001100100001100111110000111000010000000010000110000000001100011110011111001101100111111100001111100111000000001000011000000000110001111001111100110110011111110000111110011100000000100001111111111111000111111011000000000001100111000000000110000011111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
i=0
for y in range (0,MAX):
    for x in range (0,MAX):
        if(str[i] == '1'):
            pic.putpixel([x,y],(0, 0, 0))
        else:
            pic.putpixel([x,y],(255,255,255))
        i = i+1
pic.show()
pic.save("flag.png")

 题目三:文件恢复

小明以为文件删除了别人就看不到了。too young too simple呀

下载的文件file一下 Linux rev 1.0 ext3 filesystem data,

百度知道是ext3文件的恢复,我也不懂

关于一道ext3文件处理的misc题_浮岚丶暖阳的博客-CSDN博客

有个类似的这个题比上面博客的简单会用 extundelete就行

恢复出一个flag.txt 

题目四:病毒文件恢复

 附件有一个txt还有一个乱七八糟的后缀

查看说明英文翻译就是想要查看内容需要支付抽紧

利用360可以在线解密安全卫士勒索病毒专题:文件恢复_安全卫士离线救灾版_文档卫士

 得到flag

题目五:血小板天下第一可爱

解题思路 ps二维码得到一串密文像base64尝试解密

题目提示lsb可知是lsb解密

下载lsb.py

真正的问题在安装依赖上按照 

运行python2 脚本时遇到的报错_烦躁的程序员的博客-CSDN博客_lsb.py

 我按照他的第四步无法按照

No module named "Crypto" - kennyhip - 博客园

pip uninstall crypto pycryptodome

pip install pycryptodome

这样就可以正常运行解决 

python lsb.py extract 1.png flag.txt Lsb_1s_gr3at 

最后会在原地生成一个flagtxt得到密文 

pyhsaihz
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
ctf MISC 学习总结
qq3285862072的博客
11-12 1147
ext3 linux挂载光盘,可用7zip解压或者notepad搜flag,base64解码 放到kali 挂载到/mnt/目录 mount 630a886233764ec2a63f305f318c8baa /mnt/ cd /mnt/ ls 寻找 find | grep ‘flag’ 或 find -name 'flag’* 查看 cat ./O7avZhikgKgbF/flag.txt 查找...
CTF-misc工具2-CTF-Tools-masterV1.3.7
08-17
CTF-Tools-master是一个专注于密码编码识别与解码的工具,能自动推断密码的编码类型,并进行解码。 适用人群: 该工具主要适用于参加CTF竞赛的选手,以及对密码编码算法感兴趣的信息安全从业人员。 使用场景: 在CTF竞赛...
CTF-Misc练习日志8.9
pyhsaihz的博客
08-10 638
ctf练习
图片取证(DB磁盘恢复)
最新发布
m0_63554401的博客
05-22 424
小明以为文件被删除后别人就看不到了tooyoungtoosimple呀,flag形式为flag{}猜测flag为flag{FLAG-menummenum}或者flag{menummenum}经过尝试,确认为前者:flag{FLAG-menummenum}尝试打开两个odg文件(使用openoffice)所以最后只有一个提示,easy?得到FLAG-menummenum。下载解压后为一个没有后缀名的文件。还真爆破到了,12345为密码。
CTF之misc-日志分析
热门推荐
Battery的博客
05-04 10万+
1、注入审计 出题人通常会使用sqlmap去跑一个注入点,跑出数据后将日志留存,让参 赛者判断sqlmap注出了什么数据,此数据通常就为flag。 2、命令执行审计 出题人通常会利用一句话木马,进行一系列敏感操作,或者假装一开始不知 道一句话木马的密码,从而进行一系列的爆破行为,让参赛者判断一句话木 马的密码。 ......
CTF实战训练日志——2021-6-27(七)
stybill的博客
06-27 4万+
题目: OK 解题: 使用Ook解码
CTF实战训练日志——2021-10-14(七)
stybill的博客
10-14 5万+
题目:利用Burp进行密码绕过 在Username中,无法输入内容,Password可以输入。 解题思路 利用Burp抓包,然后修改响应包的内容 Action -> Do intercept -> Response to this request -> Forward 分析响应包,我们会发现中的【R0pDVEY=】,这个值很明显是经过base64加密过的,解密之后,发现结果为GJCTF,这个值和Username中的一样,说明Username需要经过base64加密变成校.
CTF-MISC-日志分析.pdf
02-11
CTF-MISC-日志分析
CTF-MISC关于各类编码习题(湖工商扛把子)
03-17
在“CTF-MISC关于各类编码习题(湖工商扛把子)”这个主题中,你可以通过实践和解决1-1等文件中的题目,进一步提升自己在编码解码方面的技能。了解和熟练掌握这些编码方式对于CTF比赛中的Misc任务至关重要,能够帮助...
CTF-100题.-天天练习-学习
11-01
CTF-100题.-----------------天天练习------------------学习 100小题,试例练习
ctf-misc-登机牌.zip
06-01
在这个特定的案例中,我们面对的是一个名为"ctf-misc-登机牌.zip"的压缩包,它包含了与登机牌相关的谜题。这个挑战的核心在于通过分析PNG图片和解读PDF417二维条形码来解锁隐藏的RAR文件。 首先,让我们详细了解...
bugku ctf 字符?正则?
qq_42777804的博客
08-01 1426
打开网站 是一段php代码 <?php highlight_file('2.php'); $key='KEY{********************************}'; $IM= preg_match("/key.*key.{4,7}key:\/.\/(.*key)[a-z][[:punct:]]/i", trim($_GET["id"]), $match); ...
misc记录
Daniel的博客
07-15 597
0x01: 题目下载下来解压就是这张图片 这是一种比较少见的隐写,可以用这个工具来完成 打开软件, 选择extract 选择下载的egg.jpg,然后会生成一个txt文件,flag就在文件里 0x02: 下载文件用winrar解压出一张图片,由文件名的大写字母联想NTFS文件流,选择lads进行查看 看到文件后有NTFS文件流,然后 就能看到flag
CTF-Misc练习日志8.23
pyhsaihz的博客
08-24 129
ctf
[Misc]2015 RCTF 日志记录
weixin_30830327的博客
03-16 222
先占 下载下来log_log winhex看一下,是个rar文件 然后改后缀名 这里面是真的Log 打开过滤一下 misc.flag 然后保存为log2 使用unescape解密 ############ 这里分析为什么是unescape解密? ############ 然后就是分析了 查找!=,然后写了个脚本。。。 ######## sqlmap pa...
CTF学习日记(2)
NUC_zlt的博客
11-01 1231
CTF学习日记第二次总结
misc汇总
weixin_30337157的博客
02-01 135
http://so.csdn.net/so/search/s.do?ref=toolbar&q=shichaog&ref=toolbar&q=shichaog 转载于:https://www.cnblogs.com/sstudy-linux/p/5174428.html
CTF之Misc
weixin_45130489的博客
11-15 1133
取证技术 Misc题目类型:流量包、日志文件、磁盘内存镜像 用到的工具:Wireshark和Tshark 一般是PCAP格式的流量文件 流量分析常见操作 Wireshark的“统计”菜单可以查看流量包的大致情况,如包含哪些协议,哪些IP地址参与了会话等。 协议分级统计和会话统计帮助快速定位到需要分析的点。 TCP流功能,选中某条数据包,右键单机追踪TCP流,即可获取该TCP会话中双方传输的所有数据。 导出对象功能(“文件”菜单中,可以方便的提取传输过程发送的文件等信息) 内存镜像取证 题目的形式:提供一个完
[CTF] 2018-百越杯-Misc-血小板天下第一可爱
ZXW_NUDT的博客
08-15 1584
[CTF] 2018-百越杯-Misc-血小板天下第一可爱
ctf-qsnctf此地无银三百
02-20
ctf-qsnctf是一个CTF(Capture The Flag)比赛平台,它提供了一系列的网络安全挑战,旨在帮助参与者提升网络安全技能和解决问题的能力。在ctf-qsnctf平台上,参与者可以通过解决各种类型的题目来获取旗帜(flag),...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值