ctfshow 萌xin赛misc

最新推荐文章于 2024-05-09 11:03:11 发布
最新推荐文章于 2024-05-09 11:03:11 发布
阅读量759 收藏 1
点赞数
分类专栏: misc 文章标签: 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_47886905/article/details/122673906
版权

前言

不想学web的时候,刷misc摸鱼(然后摸的有点久),萌xin赛的题做起来也有点点点点点点费劲。。。

qrcode

打开txt发现txt里只有01查看长度发现是625位,根据题目名称明显是25*25的二维码

from PIL import Image

strings = open('qrcode.txt','r').read()
print(strings)
pic = Image.new("RGB",(25,25))
num = 0
for x in range(25):
    for y in range(25):
        if strings[num] == '1':
            pic.putpixel((x,y),(0,0,0))
        else:
            pic.putpixel((x,y),(255,255,255))
        num = num + 1

pic.show()

flag{bin_2_qrcode}

千字文

010查看发现是png

image-20220124142455477

stegsolve查看

image-20220124142545944

发现是很多个二维码凑到了一起

根据题目提示

image-20220124142601030

百度了一下pyzbar是一个可以读取二维码的库,所以思路就出来了,先将合起来的二维码切割,再用pyzbar这个库读取即可

我是用了ps的切割,尽量把白边都切掉(否则会造成误差),这个是我切割好的图片

solved

然后利用pytho将二维码切割,通过观察发现这是由25*25个小二维码组成,并且每个小二维码也是25 *25,所以脚本的思路就出来了。

可以利用pillow库的crop方法进行切割,控制小二维码是25 *25每行每列都是25个即可,然后再用resize方法调整下图片的大小。

image-20220124153623410

import pyzbar.pyzbar as pyzbar
from PIL import Image
 
imagePath = "./solved.jpg"
img = Image.open(imagePath)
num = 0 
for x in range(25):
    for y in range(25):
        box = (25 * x, 25 * y, 25 * (x + 1), 25 * (y + 1))
        img.crop(box).resize((500, 500), Image.ANTIALIAS).save('./图片1/%d.jpg' % num)
        num = num + 1

提取完之后得到了625个二维码,再进行批量读取.

pyzbar.decode()返回的是列表的形式,并且数据部分位于列表的第0个,再用data键名获取一下即可

from PIL import Image
import pyzbar.pyzbar as pyzbar


for i in range(625):
    pic = './图片1/%d.jpg' % i
    img = Image.open(pic)
    barcodes = pyzbar.decode(img)
    # print(barcodes)
    barcodes = barcodes[0].data.decode()
    if "flag" in barcodes:
        print(barcodes)
        break
    else:
        print('持续解码中',i)

image-20220124153831521

flag{luck_is_power}

萌新福利

打开show.bin发现

image-20220124163129674

bin文件可能是任何文件。。一时间没了思路,查看wp发现将十六进制求反即可

image-20220124163328930

转换后发现是音频文件

image-20220124163354477

找个播放器运行即可,音频会读出flag

flag{ctfshow萌新福利}

劝退警告

image-20220124175658843

GIF末尾发现zip

image-20220124175745359

通过010发现png图片是伪加密,010修改标志位得到数独图片,利用在线网站数独求解https://shudu.gwalker.cn/

image-20220124181611762

根据提示从上到下从左到右

935714286268953147741826593479538621312649875586172439624395718153487962897261354

得到

image-20220124184557387

两个都是加密,且爆破不成功,然后就不会了。查看wp发现是将注释里面的压缩发现跟说明.txt的CRC值一样

我是将说明.txt以winrar的最快压缩方式压缩攻击成功的

image-20220124190109106

image-20220124190232930

十位数字,掩码攻击

image-20220124190329586

得到密码4367381623,jpg文件名为open you eye,eye提示我们可能是silenteye

image-20220124191344782

得到

03F30D0AB00E5E5E6300000000000000000800000040000000733F0000006400008400006500006401006402006403008301016A010064040019650200830000640500840000650000640600640200640300830101830400016407005328080000006304000000040000001000000003000000733A0100006700007400006401007C01007C0100830300670100445D1C017C01006401003C670000640200640300640400640500640600640700640800640900640A00640B00640C00640D00670C00670100445DDA007C0100640E003C670000640F00670100445DBC007C01006410003C670000641100840000641200660200670100445D95005C02007C01006412003C7401005F0200670000641300840000641400660200670100445D65005C02007C01006414003C7403005F0200670000870000870100870200660300641500860000641600660200670100445D29005C02007C01006416003C7404005F0200740400641700830100640000660200641800195E020071D700641700195E020071A500641700195E0200717F00641700195E0200716200641700195E0200714E00641700195E0200711600641700195328190000004E740600000062617365363474020000004E5174020000004D5174020000004D7774020000004D4174020000004E4174020000004E6774020000004D6774020000004F5174020000004E7774020000004F4174020000004C5174020000005051740300000061727273440000003133362D3133392D37382D3133322D3136322D38392D34392D3131372D37302D3136312D34392D3131382D37302D30322D30312D30312D37302D3133372D30312D3136307404000000666C6167630100000001000000020000001300000073130000008700006601006401008600006900008301005328020000004E6301000000010000000500000013000000733B000000670000880000670100445D29007C00006401003C7400006A01007C0000640100196A02008300008301006A03008300005E0200710A00640200195328030000004E7401000000736900000000280400000052000000007409000000623634656E636F64657406000000656E636F646574060000006465636F6465280100000074030000005F5F6C2801000000520F000000280000000073090000002E2F666C61672E707974080000003C6C616D6264613E01000000730000000028000000002801000000520F00000028000000002801000000520F00000073090000002E2F666C61672E707952140000000100000073000000005211000000630100000001000000020000001300000073130000008700006601006401008600006900008301005328020000004E6301000000010000000500000013000000733B000000670000880000670100445D29007C00006401003C7400006A01007C0000640100196A02008300008301006A03008300005E0200710A00640200195328030000004E520F00000069000000002804000000520000000074090000006236346465636F646552110000005212000000280100000052130000002801000000520F000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000520F00000028000000002801000000520F00000073090000002E2F666C61672E7079521400000001000000730000000052120000006301000000010000000400000013000000731C0000008701008702008703008700006604006401008600006900008301005328020000004E6301000000010000000F0000001300000073A0000000670000880400670100445D8E008800006401003C670000640200670100445D70008800006403003C8700008701008703006603006404008600006700008700008702006602006405008600007400007401006A02007403007404006406001974030074040064070019740500640800830100640900141783010064090014178301008301008301008303005E0200711E00640A00195E0200710A00640A001953280B0000004E7401000000787400000000740100000076630300000003000000070000001300000073250000008805008700008701008703008704008702008705006606006401008600008301008300005328020000004E6301000000010000000700000013000000731F0000008701008702008703008704008705008700008706006607006401008600005328020000004E6300000000000000000600000013000000732B0000008700008702008703008704008705008706006606006401008600007400008801008804008302008301005328020000004E6301000000010000000A0000001300000073870000007C00008803006B09007280006700007C0000670100445D62008801006401003C670000640200670100445D44008801006403003C870100870200870500660300640400860000670000870100870200870400660300640500860000740000880100640100198301008303005E0200712A00640600195E020071160064060019538800008300005328070000004E740100000063521700000074010000006E630300000003000000060000001300000073220000008805008700008701008703008704008702006605006401008600008301008300005328020000004E6301000000010000000600000013000000731C0000008701008702008703008704008705008700006606006401008600005328020000004E630000000000000000050000001300000073280000008700008702008703008704008705006605006401008600007400008801008804008302008301005328020000004E6301000000010000000B00000013000000739A0000007C00008803006B09007293006700007C0000670100445D75008801006401003C6700008802006A00008801006402001974010074020074030088010064010019830100197401007402006403001974040064040083010064050014178301006405001417830100830200670100445D13008801006402003C8804008300005E0200716E00640600195E020071160064060019538800008300005328070000004E740100000069521A000000690B000000693D0000006902000000690000000028050000007404000000696164645212000000520D0000007403000000696E747403000000636872280100000074030000005F5F69280500000074070000005F5F61667465725213000000740A0000005F5F6F70657261746F72740A0000005F5F73656E74696E656C74060000005F5F74686973280000000073090000002E2F666C61672E70795214000000010000007300000000280100000074040000006E65787428000000002806000000522000000074070000005F5F6974656D735213000000522100000052220000005223000000280000000073090000002E2F666C61672E707952140000000100000073000000002800000000280100000052230000002805000000522000000052250000005213000000522100000052220000002801000000522300000073090000002E2F666C61672E707952140000000100000073000000002800000000280300000052220000005220000000522500000028030000005213000000522100000074030000005F5F79280300000052200000005225000000522200000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000070000001300000073450000006700008801006A00008800006401001974010074020088000064020019830100830100830200670100445D13008800006401003C8802008300005E0200712A00640300195328040000004E5218000000521A00000069000000002803000000521C000000521E000000521D00000028000000002803000000521300000052210000005223000000280000000073090000002E2F666C61672E70795214000000010000007300000000690000000028010000007404000000697465722801000000521F0000002806000000522000000052130000005221000000522200000052230000005226000000280000000073090000002E2F666C61672E7079521400000001000000730000000028010000005224000000280000000028070000005220000000522500000052130000005221000000522200000052230000005226000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000522300000028060000005220000000522500000052130000005221000000522200000052260000002801000000522300000073090000002E2F666C61672E70795214000000010000007300000000280000000028030000005222000000522000000052250000002803000000521300000052210000005226000000280300000052200000005225000000522200000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000020000001300000073190000008700008701006602006401008600006402008400008301005328030000004E63010000000100000003000000130000007332000000880000640100196402006B0200722B00880100880000640300198301007C000083000066020064020019537C00008300005328040000004E5216000000690100000052180000002800000000280100000052200000002802000000521300000074070000005F5F7072696E74280000000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000010000005300000073040000006400005328010000004E280100000074040000004E6F6E6528000000002800000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002800000000280200000052130000005228000000280000000073090000002E2F666C61672E70795214000000010000007300000000690A000000690B000000693D0000006902000000690000000028060000005227000000520E000000740500000073706C69745212000000520D000000521E00000028010000005213000000280400000052210000005228000000522600000052160000002801000000521300000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000521600000028030000005221000000522800000052260000002801000000521600000073090000002E2F666C61672E707952140000000100000073000000007405000000636865636B690000000069010000002806000000740A0000005F5F696D706F72745F5F521100000074080000005F5F6E616D655F5F5212000000522B00000052290000002804000000522800000074030000005F5F67522600000052210000002800000000280300000052210000005228000000522600000073090000002E2F666C61672E70795214000000010000007300000000740B0000005F5F6275696C74696E5F5F74050000006C6576656C690000000074050000007072696E74630100000001000000030000000300000073160000006401008400008700006601006402008600008301005328030000004E6301000000010000000200000053000000730A0000007C00007C00008301005328010000004E2800000000280100000052160000002800000000280000000073090000002E2F666C61672E70795214000000010000007300000000630100000001000000030000001300000073130000008801008700006601006401008600008301005328020000004E6300000000000000000200000013000000730D0000008800008800008301008300005328010000004E280000000028000000002801000000740100000079280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000523200000028010000007401000000662801000000523200000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000523300000028000000002801000000523300000073090000002E2F666C61672E7079521400000001000000730000000074080000006F70657261746F724E2803000000522C00000074080000005F5F646963745F5F7407000000676C6F62616C7328000000002800000000280000000073090000002E2F666C61672E707974080000003C6D6F64756C653E010000007300000000

查看文件头,发现是pyc文件,利用uncompyle6反编译

 uncompyle6 flag.pyc > flag.py

得到

# uncompyle6 version 3.8.0
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.6.9 (default, Jan 26 2021, 15:33:00) 
# [GCC 8.4.0]
# Embedded file name: ./flag.py
# Compiled at: 2020-03-03 16:00:48
(lambda __print, __g, __y, __operator: [ [ [ [ [ [ (check(0), None)[1] for __g['check'], check.__name__ in [
 (
  lambda x: (lambda __l: [ [ (lambda __sentinel, __after, __items: __y(lambda __this: lambda : (lambda __i: [ [ (lambda __sentinel, __after, __items: __y(lambda __this: lambda : (lambda __i: [ [ __this() for __l['n'] in [__operator.iadd(__l['n'], decode(arr[int(__l['i'])] + decode(arr[11] + chr(61) * 2) * 2))] ][0] for __l['i'] in [__i] ][0] if __i is not __sentinel else __after())(next(__items, __sentinel)))())([], lambda : [ __this() for __l['v'] in [__operator.iadd(__l['v'], chr(int(__l['n'])))] ][0], iter(__l['c'])) for __l['n'] in [''] ][0] for __l['c'] in [__i] ][0] if __i is not __sentinel else __after())(next(__items, __sentinel)))())([], lambda : (lambda __after: (__print(__l['v']), __after())[1] if __l['x'] == 1 else __after())(lambda : None), iter(flag.split(decode(arr[10] + decode(arr[11] + chr(61) * 2) * 2))))
   for __l['v'] in [''] ][0]
   for __l['x'] in [x] ][0])({}), 'check')]
          ][0]
 for __g['decode'], decode.__name__ in [(lambda s: (lambda __l: [ base64.b64decode(__l['s'].encode()).decode() for __l['s'] in [s] ][0])({}), 'decode')] ][0]
 for __g['encode'], encode.__name__ in [(lambda s: (lambda __l: [ base64.b64encode(__l['s'].encode()).decode() for __l['s'] in [s] ][0])({}), 'encode')] ][0]
 for __g['flag'] in ['136-139-78-132-162-89-49-117-70-161-49-118-70-02-01-01-70-137-01-160'] ][0]
 for __g['arr'] in [['NQ', 'MQ', 'Mw', 'MA', 'NA', 'Ng', 'Mg', 'OQ', 'Nw', 'OA', 'LQ', 'PQ']] ][0]
 for __g['base64'] in [__import__('base64', __g, __g)] ][0])(__import__('__builtin__', level=0).__dict__['print'], globals(), lambda f: (lambda x: x(x))(lambda y: f(lambda : y(y)())), __import__('operator', level=0))
# okay decompiling flag.pyc

根据提示

image-20220124191903309

python2运行得到flag(由于python2和3的不同 python2会报错)

image-20220124192225039

flag{N0w_y0u_533_m3}

问卷调查

flag{黑化肥会挥发}
@Demo
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
CTFshow-大牛杯
i_kei的博客
01-22 1731
2021-1月23日大吉杯盛大开幕 比地址:https://ctf.show/challenges 比群号:372619038 无需报名:提前注册好账号即可 比态势直播间地址: https://live.bilibili.com/22405530
ctfshowF5杯misc-Just Another 拼图
gyy990526的博客
05-21 391
下载解压得12张马里奥图片,题中提示图片里没flag,且题目为拼图,猜测数据分布在这12张图里,010浏览图片,发现每张图片末尾都有很多多余数据,尝试了搜索各类型文件头,没有收获,进一步搜索图片文件结构相关标识,如png的IHDR-49484452,搜到后缀为10的图片时终于有结果了。令人高兴的是,紧跟着有IDAT标识,基本可以确定这是png的第一块数据块了,以此类推,每张图片都可搜索到IDAT,并且结束在jpg图片的文件尾标识FFD9。调整好在退后一块数据就有flag了。
ctfshow之_新web9至web10
最新发布
XiaoXiao_RenHe的专栏
05-09 411
ctfshow之_新web9至web10
[ctf.show.reverse] 太牛杯 easy
weixin_52640415的博客
04-26 368
貌似很复杂的一个题一点点弄明白。 程序上来就给了加密方式,但由于里边用了and运算,所以本身是不可逆的,需要正向爆破。 int __thiscall sub_401080(char *this) { char v2; // al char *v3; // edi char *v4; // ebx int v5; // edx int v6; // ecx int v7; // eax int v8; // esi int v9; // eax int result;
ctfshow之misc入门(misc1-mic56未更完)
zzzfff__的博客
11-24 528
这几天入门misc,通过ctfshow的题来学习图片隐写,就当是一个记录了,但是里面有些题涉及到脚本,我又不会写脚本,所以就没有做。所以并不是每题都有wp,看目录吧。
ctfshow——给她
HAI_WD的博客
09-02 424
文中工具皆可关注 皓月当空w 公众号 发送关键字获取。
宁波市misc2.zip
01-23
宁波市misc2.zip
宁波市misc3.zip
01-23
宁波市misc3.zip
宁波市misc1.zip
01-23
宁波市misc1.zip
中国电信2023巅峰极客网络安全技能挑战的一道Misc题目
07-22
中国电信2023巅峰极客网络安全技能挑战的一道Misc题目
中职网络安全逆向入门教程,题目+工具
12-19
文章地址:https://blog.csdn.net/qq_45894840/article/details/124012813 免费下载
ctfshow新手杯wp
aarong的博客
10-10 1299
最近国庆在疯玩的时候抽空做了几题,简单记录一下。
CTFShow:新web1
weixin_64089259的博客
04-14 890
第一次做web1题目,刚开始一脸懵逼,看了大佬的一些博客,才做出来,心里非常激动!
CTFshow—Misc入门1—23以及41(基础操作+信息附加)
一个普普通通的博客
10-28 3463
文章目录Misc1Misc2Misc3Misc4Misc5Misc6Misc7Misc8Misc9Misc10Misc11Misc12Misc13Misc14Misc15Misc16Misc17Misc18Misc19Misc20Misc21Misc22Misc23Misc41 Misc1 很明显 Misc2 打开文本后发现大量乱码,010查看后是png 修改后缀拿到flag Misc3 bpg格式图片,推荐使用蜂蜜浏览器查看 Misc4 同2,依次修改后缀后拼接出 Misc5 010editor看结尾得到
ctfshowweb
qq_44657899的博客
08-17 3559
文章目录web_给她 web_给她 首先由题目给她可以联想出git源码泄露。 得到的源码如下: <?php $pass=sprintf("and pass='%s'",addslashes($_GET['pass'])); $sql=sprintf("select * from user where name='%s' $pass",addslashes($_GET['name'])); ?> 这里有个sprintf()函数没有看到过,搜了搜它的作用和漏洞,看到一个和本题很像的例子
ctfshow-Crypto
qq_42016346的博客
03-13 3007
密码学_签到题 Ao(mgHXE)AN2PSBOu3qI0o 开头的Ao(mg就是flag base85编码后的结果 直接在线https://www.qtool.net/baseencode得到flag 密码学_抱我 分析源码可以发现就是 大循环299次每次随机从[0,36]之间选个数字 再从cssting取出对应位置的字符添加到密文中 接着进入小循环10次 随机从[0, l...
ctfshow渔人杯简单的二维码
fuyewan的博客
04-05 513
ctfshow渔人杯简单的二维码 就是一个找错误flag的题 将wp.docx改后缀改为zip解压出来,word文件夹进去就是一个flag文件,notepad++打开看到一个 word文件夹中_rels中的文件用notepad++打开搜索flag word中的media中有个lmage3.png,用010打开是个文本文件里面是 lmage2.png需要补出010开头和结尾才能打开就是这玩意 看wp中提示,用stegsolve打开到红色的0位看到一个二维码,扫描过后是 你说气不气。 想到lsb隐写
CTFSHOW 菜鸡杯 misc部分题目复现
wu_zh1_hui的博客
08-30 557
1.猎兔 下载之后给了一张图片 看起来没什么问题 放进stegslove 发现在通道零的地方出现了异常,猜测是lsb隐写,就拉去分析 在竖向绿色通道发现隐隐约约的flag标志,但是完全没头绪。 后来突然发现图片的尺寸有问题,于是找了大佬们的脚本爆破一下尺寸 import zlib import struct filename = '1.png' with open(filename, 'rb') as f: all_b = f.read() crc32key = int(all_b[
ctfshow misc
08-25
ctfshow是一个CTF比中的Miscellaneous(杂项)类别。Miscellaneous类别通常包含各种各样的题目和挑战,涉及多个领域,包括密码学、隐写术、逆向工程、网络安全等。通过解决这些题目和挑战,参者可以提高对信息...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值