ctfshow菜狗杯misc题目(上)

misc签到

直接strings

flag为

ctfshow{a62b0b55682d81f7f652b26147c49040}、

损坏的压缩包

file一下发现并不是损坏的压缩包

于是修改文件后缀名为.png

谜之栅栏

10比较文件找到

cfhwfaab2cb4af5a5820}

tso{06071f997b5bdd1a

你会数数吗

strings出来发现是一堆字符串，根据提示发现是频率统计

# -*- coding:utf-8 -*-
import re
from collections import Counter
#定义一个函数，用于统计字母的个数
def analyze_letter_count(text):
     # 从文本中提取出所有字母
    letters = re.findall(r'\S', text)
     # 统计所有字母的个数
    counter = Counter(letters)
    return counter
 # 将文本存入变量
 # 调用函数分析字母个数
def re_letter(s):
     regex = r'\'(.*?)\''
     new_string = re.findall(regex,s)
     return new_string
text=input("输入文本:")
letter_count = analyze_letter_count(text)
strings=str(letter_count)
#print(letter_count)
print(''.join(re_letter(strings)))

ctfshow{a1b2d3e4g56i7j8k9l0}

你会异或吗

读取文件16进制并且异或0x50

path = 'misc5.png'
# 新文件路径
new_path = 'new.png'
# 异或运算
def xor(file_path):
    # 以二进制读取图片
    with open(file_path, 'rb') as f:
        data = f.read()
    # 十六进制异或
    data = bytes([c ^ 0x50 for c in data])
    # 写入新的图片
    with open(new_path, 'wb') as f:
        f.write(data)
# 调用
xor(path)

生成图片为

flag一分为二

waterMark盲水印工具提取

ctfshow{FirstP@RT

修改图片长宽高

左边表示宽，右边表示高

修改高度

SecondP@rTMikumiku~}

合起来

ctfshow{FirstP@RTSecondP@rTMikumiku~}

我是谁？

这里直接附上官方WP脚本

import requests
from lxml import html
import cv2
import numpy as np
import json
url="http://xxxxxxxxxxxxxxxxxxxx.challenge.ctf.show"
sess=requests.session()
all_girl=sess.get(url+'/static/all_girl.png').content
with open('all_girl.png','wb')as f:
        f.write(all_girl)
big_pic=cv2.imdecode(np.fromfile('all_girl.png', dtype=np.uint8), cv2.IMREAD_UNCHANGED)
big_pic=big_pic[50:,50:,:]
image_alpha = big_pic[:, :, 3]
mask_img=np.zeros((big_pic.shape[0],big_pic.shape[1]), np.uint8)
mask_img[np.where(image_alpha == 0)] = 255
cv2.imwrite('big.png',mask_img)
def answer_one(sess):
        #获取视频文件
        response=sess.get(url+'/check')
        if 'ctfshow{' in response.text:
                print(response.text)
                exit(0)
        tree=html.fromstring(response.text)
        element=tree.xpath('//source[@id="vsource"]')
        video_path=element[0].get('src')
        video_bin=sess.get(url+video_path).content
        with open('Question.mp4','wb')as f:
                f.write(video_bin)
        #获取有效帧
        video = cv2.VideoCapture('Question.mp4')
        frame=0
        while frame<=55:
                res, image = video.read()
                frame+=1
        #cv2.imwrite('temp.png',image)
        video.release()
        #获取剪影
        image=image[100:400,250:500]
        gray_image=cv2.cvtColor(image,cv2.COLOR_BGR2GRAY)
        #cv2.imwrite('gray_image.png',gray_image)
        temp = np.zeros((300, 250), np.uint8)
        temp[np.where(gray_image>=128)]=255
        #去白边
        temp = temp[[not np.all(temp[i] == 255) for i in range(temp.shape[0])], :]
        temp = temp[:, [not np.all(temp[:, i] == 255) for i in range(temp.shape[1])]]
        #缩放至合适大小，肉眼大致判断是1.2倍，不一定准
        temp = cv2.resize(temp,None,fx=1.2,fy=1.2)
        #查找位置
        res =cv2.matchTemplate( mask_img,temp,cv2.TM_CCOEFF_NORMED)
        min_val, max_val, min_loc, max_loc = cv2.minMaxLoc(res)
        x,y=int(max_loc[0]/192),int(max_loc[1]/288)#为什么是192和288，因为大图去掉标题栏就是1920*2880
        guess='ABCDEFGHIJ'[y]+'0123456789'[x]
        print(f'guess:{guess}')
        #传答案
        response=sess.get(url+'/submit?guess='+guess)
        r=json.loads(response.text)
        if r['result']:
                print('guess right!')
                return True
        else:
                print('guess wrong!')
                return False
i=1
while i<=31:
        print(f'Round:{i}')
        if answer_one(sess):
                i+=1
        else:
                i=1

You and me

两个图片一样猜测盲水印

用python2的没显出来了，用python3

ctfshow{CDEASEFFR8846}