1.Base小偷
打开题目文件,查看题文:
被凯撒小猫偷走的等号1/3
Flag格式:flag{XXX}
查看密文
trefy2k2ov2lig2gqd2eqakoxjqcw4lztnfli
搜索到了一个凯撒密码爆破脚本,修改后运行
s = "trefy2k2ov2lig2gqd2eqakoxjqcw4lztnfli"
f = open("crack.txt", "w")
def kaisa(k):
t = ""
for c in s:
if 'a' <= c <= 'z':
t += chr(ord('a') + ((ord(c) - ord('a')) + int(k)) % 26)
elif 'A' <= c <= 'Z':
t += chr(ord('A') + ((ord(c) - ord('A')) + int(k)) % 26)
else:
t += c
print(t)
f.write(t+"\n")
for i in range(0,26):
kaisa(i)
得到运行结果 crack.txt
trefy2k2ov2lig2gqd2eqakoxjqcw4lztnfli
usfgz2l2pw2mjh2hre2frblpykrdx4mauogmj
vtgha2m2qx2nki2isf2gscmqzlsey4nbvphnk
wuhib2n2ry2olj2jtg2htdnramtfz4ocwqiol
xvijc2o2sz2pmk2kuh2iueosbnuga4pdxrjpm
ywjkd2p2ta2qnl2lvi2jvfptcovhb4qeyskqn
zxkle2q2ub2rom2mwj2kwgqudpwic4rfztlro
aylmf2r2vc2spn2nxk2lxhrveqxjd4sgaumsp
bzmng2s2wd2tqo2oyl2myiswfryke4thbvntq
canoh2t2xe2urp2pzm2nzjtxgszlf4uicwour
dbopi2u2yf2vsq2qan2oakuyhtamg4vjdxpvs
ecpqj2v2zg2wtr2rbo2pblvziubnh4wkeyqwt
fdqrk2w2ah2xus2scp2qcmwajvcoi4xlfzrxu
gersl2x2bi2yvt2tdq2rdnxbkwdpj4ymgasyv
hfstm2y2cj2zwu2uer2seoyclxeqk4znhbtzw
igtun2z2dk2axv2vfs2tfpzdmyfrl4aoicuax
jhuvo2a2el2byw2wgt2ugqaenzgsm4bpjdvby
kivwp2b2fm2czx2xhu2vhrbfoahtn4cqkewcz
ljwxq2c2gn2day2yiv2wiscgpbiuo4drlfxda
mkxyr2d2ho2ebz2zjw2xjtdhqcjvp4esmgyeb
nlyzs2e2ip2fca2akx2ykueirdkwq4ftnhzfc
omzat2f2jq2gdb2bly2zlvfjselxr4guoiagd
pnabu2g2kr2hec2cmz2amwgktfmys4hvpjbhe
qobcv2h2ls2ifd2dna2bnxhlugnzt4iwqkcif
rpcdw2i2mt2jge2eob2coyimvhoau4jxrldjg
sqdex2j2nu2khf2fpc2dpzjnwipbv4kysmekh
猜测为base32类型的编码,得到密文每行37字符,根据base32的相关知识按5bite切分的二进制数据必须是40bite的倍数,需要在每行末尾补上三个”=“,并且将小写转换为大写
# coding: UTF-8
import base64
ff = open('output.txt','w')
with open('crack.txt','r') as f:
lines = f.readlines()
for line in lines:
line_n =line.replace('\n','')
line_n=line_n+r'==='+'\n' #行末尾加上"===",同时加上"\n"换行符
line_new=line_n.upper() #小写转换为大写
ff.write(line_new) #写入一个新文件中
ff.close()
with open('output.txt','r') as f:
list = f.read().splitlines() #存入列表中
i = 0
ls2 = [str(i) for i in list] #转换为字符串类型
while i < len(list):
print(base64.b32decode(ls2[i]))
i += 1
运行脚本发现一段base64编码
ZmxhZ3t0cXEudHFxQGpqYn0
解码得到flag
2.海市蜃楼-1
打开附件中的docx文档
能够看到压缩包文件头PK
修改后为zip,解压后打开document.xml,(这里如果打不开的话,更改后缀名为txt也可以打开)
在文档内检索ISCC即可获得flag