文章目录
MISC
checkin
题目:
+AGYAbABhAGcAewBkAGgAYgBfADcAdABoAH0-Magic一把梭,UTF-7编码
flag{dhb_7th}project
(脑洞题披上工控题的外衣)
附件解压打开,发现可疑压缩包
解压之后拿到疑似流量数据,共三段。
前两段:
Date: Sun, 19 Sep 2021 21:28:55 +0800
From: "mklkxxx@yeah.net" <mklkxxx@yeah.net>
To: mklkxxx <mklkxxx@yeah.net>
Subject: =?UTF-8?B?5L2g5p2l5LqGfg==?=
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.20.273[cn]
Mime-Version: 1.0
Message-ID: <202109192128112273138@yeah.net>
Content-Type: multipart/related;
boundary="----=_001_NextPart057850482324_=----"
This is a multi-part message in MIME format.
------=_001_NextPart057850482324_=----
Content-Type: multipart/alternative;
boundary="----=_002_NextPart832058858335_=----"
------=_002_NextPart832058858335_=----
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: base64
6KGo5oOF5YyF5paH5YyW77yM5piv6ZqP552A572R57uc56S+5Lqk5rKf6YCa55qE5aKe5aSa5Ye6
546w55qE5LiA56eN5Li75rWB5paH5YyW44CC5LiA5Liq5Lq655qE6KGo5oOF5YyF5piv5YW26ZqQ
6JeP6LW35p2l55qE55yf5oiR77yM5LiA5Liq5Zu95a6255qE6KGo5oOF5YyF6YeM6IO955yL5Yiw
6L+Z5Liq5Zu95a6255qE6KGo5oOF44CC4oCM4oCM4oCM4oCM4oCN4oCs4oCs4oCM5pyJ5pe25YCZ
77yM6KGo5oOF5YyF6KGo6L6+55qE5piv5LiN6IO96YGT56C055qE55yf5a6e5oOz5rOV5ZKM5oSf
5Y+X77yM6K+t6KiA5ZKM5paH5a2X55qE5bC95aS077yM5bCx5piv6KGo5oOF5YyF5pa95bGV55qE
56m66Ze044CCDQrooajmg4XljIXmmK/nvZHnu5zor63oqIDnmoTkuIDnp43ov5vljJbvvIzlroPn
moTkuqfnlJ/lkozmtYHooYzkuI7lhbbnibnlrprnmoTigJzigIzigIzigIzigIzigI3vu7/igI3i
gI3nlJ/lrZjnjq/looPigJ3mnInlhbPjgILlhbbov73msYLphpLnm67jgIHmlrDlpYfjgIHosJDo
sJHnrYnmlYjmnpznmoTnibnngrnvvIzigIzigIzigIzigIzigI3vu7/igIzigKzkuI7lubTovbvk
urrlvKDmiazkuKrmgKflkozmkJ7mgKrnmoTlv4PnkIbnm7jnrKbigIzigIzigIzigIzigI3vu7/i
gIzigKzjgIINCuihqOaDheWMheS5i+aJgOS7peiDveWkn+Wkp+iMg+WbtOWcsOS8oOaSre+8jOKA
jOKAjOKAjOKAjOKAje+7v+KArOKAjeaYr+WboOS4uuWFtuW8peihpeS6huaWh+Wtl+S6pOa1geea
hOaer+eHpeWSjOaAgeW6puihqOi+vuS4jeWHhuehrueahOW8seeCue+8jOacieaViOWcsOaPkOmr
mOS6huayn+mAmuaViOeOh+OAgumDqOWIhuihqOaDheWMheWFt+acieabv+S7o+aWh+Wtl+eahOWK
n+iDve+8jOKAjOKAjOKAjOKAjOKAje+7v+KAjeKAjei/mOWPr+S7peiKguecgeaJk+Wtl+aXtumX
tOKAjOKAjOKAjOKAjOKAje+7v+KAjOKAjOOAgumaj+edgOaZuuiDveaJi+acuueahOWFqOmdouaZ
ruWPiuWSjOekvuS6pOW6lOeUqOi9r+S7tueahOWkp+mHj+S9v+eUqO+8jOihqOaDheWMheW3sue7
j+mrmOmikeeOh+WcsOWHuueOsOWcqOS6uuS7rOeahOe9kee7nOiBiuWkqeWvueivneW9k+S4reOA
gg0K
------=_002_NextPart832058858335_=----
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charse=
t=3DUTF-8"><style>body { line-height: 1.5; }body { font-size: 14px; font-f=
amily: "Microsoft YaHei UI"; color: rgb(0, 0, 0); line-height: 1.5; }body =
{ font-size: 14px; font-family: "Microsoft YaHei UI"; color: rgb(0, 0, 0);=
line-height: 1.5; }</style></head><body>=0A<div><div>=E8=A1=A8=E6=83=85=
=E5=8C=85=E6=96=87=E5=8C=96=EF=BC=8C=E6=98=AF=E9=9A=8F=E7=9D=80=E7=BD=91=
=E7=BB=9C=E7=A4=BE=E4=BA=A4=E6=B2=9F=E9=80=9A=E7=9A=84=E5=A2=9E=E5=A4=9A=
=E5=87=BA=E7=8E=B0=E7=9A=84=E4=B8=80=E7=A7=8D=E4=B8=BB=E6=B5=81=E6=96=87=
=E5=8C=96=E3=80=82=E4=B8=80=E4=B8=AA=E4=BA=BA=E7=9A=84=E8=A1=A8=E6=83=85=
=E5=8C=85=E6=98=AF=E5=85=B6=E9=9A=90=E8=97=8F=E8=B5=B7=E6=9D=A5=E7=9A=84=
=E7=9C=9F=E6=88=91=EF=BC=8C=E4=B8=80=E4=B8=AA=E5=9B=BD=E5=AE=B6=E7=9A=84=
=E8=A1=A8=E6=83=85=E5=8C=85=E9=87=8C=E8=83=BD=E7=9C=8B=E5=88=B0=E8=BF=99=
=E4=B8=AA=E5=9B=BD=E5=AE=B6=E7=9A=84=E8=A1=A8=E6=83=85=E3=80=82=E2=80=8C=
=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=E2=80=AC=E2=80=AC=E2=80=8C=E6=9C=89=
=E6=97=B6=E5=80=99=EF=BC=8C=E8=A1=A8=E6=83=85=E5=8C=85=E8=A1=A8=E8=BE=BE=
=E7=9A=84=E6=98=AF=E4=B8=8D=E8=83=BD=E9=81=93=E7=A0=B4=E7=9A=84=E7=9C=9F=
=E5=AE=9E=E6=83=B3=E6=B3=95=E5=92=8C=E6=84=9F=E5=8F=97=EF=BC=8C=E8=AF=AD=
=E8=A8=80=E5=92=8C=E6=96=87=E5=AD=97=E7=9A=84=E5=B0=BD=E5=A4=B4=EF=BC=8C=
=E5=B0=B1=E6=98=AF=E8=A1=A8=E6=83=85=E5=8C=85=E6=96=BD=E5=B1=95=E7=9A=84=
=E7=A9=BA=E9=97=B4=E3=80=82</div><div>=E8=A1=A8=E6=83=85=E5=8C=85=E6=98=AF=
=E7=BD=91=E7=BB=9C=E8=AF=AD=E8=A8=80=E7=9A=84=E4=B8=80=E7=A7=8D=E8=BF=9B=
=E5=8C=96=EF=BC=8C=E5=AE=83=E7=9A=84=E4=BA=A7=E7=94=9F=E5=92=8C=E6=B5=81=
=E8=A1=8C=E4=B8=8E=E5=85=B6=E7=89=B9=E5=AE=9A=E7=9A=84=E2=80=9C=E2=80=8C=
=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=E2=80=8D=E2=80=8D=E7=94=9F=
=E5=AD=98=E7=8E=AF=E5=A2=83=E2=80=9D=E6=9C=89=E5=85=B3=E3=80=82=E5=85=B6=
=E8=BF=BD=E6=B1=82=E9=86=92=E7=9B=AE=E3=80=81=E6=96=B0=E5=A5=87=E3=80=81=
=E8=B0=90=E8=B0=91=E7=AD=89=E6=95=88=E6=9E=9C=E7=9A=84=E7=89=B9=E7=82=B9=
=EF=BC=8C=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=E2=80=8C=
=E2=80=AC=E4=B8=8E=E5=B9=B4=E8=BD=BB=E4=BA=BA=E5=BC=A0=E6=89=AC=E4=B8=AA=
=E6=80=A7=E5=92=8C=E6=90=9E=E6=80=AA=E7=9A=84=E5=BF=83=E7=90=86=E7=9B=B8=
=E7=AC=A6=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=E2=80=8C=
=E2=80=AC=E3=80=82</div><div>=E8=A1=A8=E6=83=85=E5=8C=85=E4=B9=8B=E6=89=80=
=E4=BB=A5=E8=83=BD=E5=A4=9F=E5=A4=A7=E8=8C=83=E5=9B=B4=E5=9C=B0=E4=BC=A0=
=E6=92=AD=EF=BC=8C=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=
=E2=80=AC=E2=80=8D=E6=98=AF=E5=9B=A0=E4=B8=BA=E5=85=B6=E5=BC=A5=E8=A1=A5=
=E4=BA=86=E6=96=87=E5=AD=97=E4=BA=A4=E6=B5=81=E7=9A=84=E6=9E=AF=E7=87=A5=
=E5=92=8C=E6=80=81=E5=BA=A6=E8=A1=A8=E8=BE=BE=E4=B8=8D=E5=87=86=E7=A1=AE=
=E7=9A=84=E5=BC=B1=E7=82=B9=EF=BC=8C=E6=9C=89=E6=95=88=E5=9C=B0=E6=8F=90=
=E9=AB=98=E4=BA=86=E6=B2=9F=E9=80=9A=E6=95=88=E7=8E=87=E3=80=82=E9=83=A8=
=E5=88=86=E8=A1=A8=E6=83=85=E5=8C=85=E5=85=B7=E6=9C=89=E6=9B=BF=E4=BB=A3=
=E6=96=87=E5=AD=97=E7=9A=84=E5=8A=9F=E8=83=BD=EF=BC=8C=E2=80=8C=E2=80=8C=
=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=E2=80=8D=E2=80=8D=E8=BF=98=E5=8F=AF=
=E4=BB=A5=E8=8A=82=E7=9C=81=E6=89=93=E5=AD=97=E6=97=B6=E9=97=B4=E2=80=8C=
=E2=80=8C=E2=80=8C=E2=80=8C=E2=80=8D=EF=BB=BF=E2=80=8C=E2=80=8C=E3=80=82=
=E9=9A=8F=E7=9D=80=E6=99=BA=E8=83=BD=E6=89=8B=E6=9C=BA=E7=9A=84=E5=85=A8=
=E9=9D=A2=E6=99=AE=E5=8F=8A=E5=92=8C=E7=A4=BE=E4=BA=A4=E5=BA=94=E7=94=A8=
=E8=BD=AF=E4=BB=B6=E7=9A=84=E5=A4=A7=E9=87=8F=E4=BD=BF=E7=94=A8=EF=BC=8C=
=E8=A1=A8=E6=83=85=E5=8C=85=E5=B7=B2=E7=BB=8F=E9=AB=98=E9=A2=91=E7=8E=87=
=E5=9C=B0=E5=87=BA=E7=8E=B0=E5=9C=A8=E4=BA=BA=E4=BB=AC=E7=9A=84=E7=BD=91=
=E7=BB=9C=E8=81=8A=E5=A4=A9=E5=AF=B9=E8=AF=9D=E5=BD=93=E4=B8=AD=E3=80=82</=
div></div><img src=3D"cid:_Foxmail.1@e1a633df-2fe4-f85c-7270-ca78308ac1c5"=
border=3D"0"></body></html>
------=_002_NextPart832058858335_=------提取第一串base64解码,解密得到一段话,
表情包文化,是随着网络社交沟通的增多出现的一种主流文化。一个人的表情包是其隐藏起来的真我,一个国家的表情包里能看到这个国家的表情。有时候,表情包表达的是不能道破的真实想法和感受,语言和文字的尽头,就是表情包施展的空间。
表情包是网络语言的一种进化,它的产生和流行与其特定的“生存环境”有关。其追求醒目、新奇、谐谑等效果的特点,与年轻人张扬个性和搞怪的心理相符。
表情包之所以能够大范围地传播,是因为其弥补了文字交流的枯燥和态度表达不准确的弱点,有效地提高了沟通效率。部分表情包具有替代文字的功能,还可以节省打字时间。随着智能手机的全面普及和社交应用软件的大量使用,表情包已经高频率地出现在人们的网络聊天对话当中。 
其中包含不可见字符,猜测零宽字符解密Unicode Steganography with Zero-Width Characters
直接默认配置,解密得到密文
hurryup之后解码第二段密文,为quoted-printable,解密后与第一段完全相同。
解码第三段密文,为jpg图片的base64编码。
010Editor解码后,拿到一张图片,Miss Spider's(怪吓人的)
一段密文,一张图片,fuzz一下发现是OurSecret
拿到flag
flag{f3a5dc36-ad43-d4fa-e75f-ef79e2e28ef3}JumpJumpTiger
ida打开,发现hint
int main(int argc, const char **argv, const char **envp)
{
int v4[100]; // [rsp+20h] [rbp-60h]
int v5[101]; // [rsp+1B0h] [rbp+130h]
int v6; // [rsp+344h] [rbp+2C4h]
int v7; // [rsp+348h] [rbp+2C8h]
int i; // [rsp+34Ch] [rbp+2CCh]
printf("This is your hint!!!");
v7 = 0;
v6 = 0;
for (i = 0; i <= 99; ++i)
{
if (i & 1)
v4[v6++] = i;
else
v5[v7++] = i;
}
return 0;
}大致意思是奇数位置和偶数位置分离。
010Editor打开查看到jump.exe里面含有大量疑似base64编码,并且在编码中可以搜索到两个=号,结合hint联想为两端编码奇偶交叉,提取出来进行分离。
file = open("in.txt")
file2 = open("out.txt","r+")
for line in file:
tmp = line
print(tmp)
s = ''
for i in range(len(tmp)):
if i & 2 == 1:
#if i % 2 == 1:
s += tmp[i]
file2.write(s)
print(len(s))去除第一串末尾大量0,刚好拿到两串base64编码均以=号结尾。base64解码后拿到一张jpg图片一张png图片,两张图片几乎完全相同。
直接尝试盲水印,以png作为加密图,jpg作为原图。
python3 b.py decode 1.jpg 2.png out.png拿到盲水印图,flag直接就写在上面。
flag{72f73bbe-9193-e59a-c593-1b1cb8f76714}where_can_find_code
给了一个附件,名字叫code.asc,内容如下。
<main>Where can find code?</main>
<style>
@font-face {
src: url("https://www.axis-praxis.org/fonts/webfonts/MetaVariableDemo-Set.woff2")
format("woff2");
font-family: "Meta";
font-style: normal;
font-weight: normal;
}
body {
box-sizing: border-box;
margin: 0;
padding: 0;
display: flex;
justify-content: space-evenly;
align-items: center;
background-color: #8357eb;
width: 100vw;
height: 100vh;
}
main {
transition: all 0.5s;
-webkit-text-stroke: 4px #d6f4f4;
font-variation-settings: "wght" 900, "ital" 1;
font-size: 15rem;
text-align: center;
color: transparent;
font-family: "Meta", sans-serif;
text-shadow: 10px 10px 0px #07bccc,
15px 15px 0px #e601c0,
20px 20px 0px #e9019a,
25px 25px 0px #f40468,
45px 45px 10px #482896;
cursor: pointer;
}
main:hover {
font-variation-settings: "wght" 100, "ital" 0;
text-shadow: none;
}
</style>
<font>
format("Translate the letter J into I");
dpeb{e58ca5e2-2c51-4eef-5f5e-33539364deoa}
</font>fuzz一下发现是wb隐写,提取出一段数字。
20810842042108421只由01248组成,云隐密码,上网搜脚本。
def de_code(c):
dic = [chr(i) for i in range(ord("A"), ord("Z") + 1)]
flag = []
c2 = [i for i in c.split("0")]
for i in c2:
c3 = 0
for j in i:
c3 += int(j)
flag.append(dic[c3 - 1])
return flag
def encode(plaintext):
dic = [chr(i) for i in range(ord("A"), ord("Z") + 1)]
m = [i for i in plaintext]
tmp = [];
flag = []
for i in range(len(m)):
for j in range(len(dic)):
if m[i] == dic[j]:
tmp.append(j + 1)
for i in tmp:
res = ""
if i >= 8:
res += int(i / 8) * "8"
if i % 8 >= 4:
res += int(i % 8 / 4) * "4"
if i % 4 >= 2:
res += int(i % 4 / 2) * "2"
if i % 2 >= 1:
res += int(i % 2 / 1) * "1"
flag.append(res + "0")
print("".join(flag)[:-1])
c = "20810842042108421"
t = de_code(c)
for i in t:
print(i, end='')
# BINGO得到密文BINGO,结合题目附件中
<font>
format("Translate the letter J into I");
dpeb{e58ca5e2-2c51-4eef-5f5e-33539364deoa}
</font>联想Playfair Cipher,感谢雪姐姐提供的网站QAQ
拿到flag
flag{f58dc5f2-2d51-4ffa-5a5f-33539364efbf}
2759
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
