目录
题目链接
https://buuoj.cn/challenges#[WMCTF2020]%E8%A1%8C%E4%B8%BA%E8%89%BA%E6%9C%AF
解题过程
附件是张png图片和txt文件:
hint.txt:
计算flag.zip的MD5值,好像没有什么用。png图片是zip数据,用010Editor修改高度显示全部内容:
手动输入吧:
504B0304140000000800DB93C55086A3
9007D8000000DF01000008000000666C
61672E74787475504B0E823010DD9370
8771DDCCB0270D5BBD0371815A9148AC
6951C2ED9D271F89C62E2693D7F76BB7
DE9FC80D2E6E68E782A326D2E01F81CE
6D55E76972E9BA7BCCB3ACEF7B89F7B6
E90EA16A6EE2439D45179ECDD1C5CCFB
6B9AA489C1218C92B898779D765FCCBB
58CC920B6662C5F91749931132258F32
BBA7C288C5AE103133106608409DAC41
9F77241A3412907814AB7A922106B8DE
D0D25AEC8A634929025C46A33FE5A1D3
167A100323B1ABEE4A7A0708413A19E1
7718165F5D3E73D577798E36D5144B66
315AAE315078F5E51A29246AF402504B
01021F00140009000800DB93C55086A3
9007D8000000DF010000080024000000
000000002000000000000000666C6167
2E7478740A0020000000000001001800
4A0A9A64243BD601F9D8AB39243BD601
2D00CA13223BD601504B050600000000
010001005A000000FE00000000000000
用python脚本保存为flag.zip压缩包
import binascii
s = '504B0304140000000800DB93C55086A3' \
'9007D8000000DF01000008000000666C' \
'61672E74787475504B0E823010DD9370' \
'8771DDCCB0270D5BBD0371815A9148AC' \
'6951C2ED9D271F89C62E2693D7F76BB7' \
'DE9FC80D2E6E68E782A326D2E01F81CE' \
'6D55E76972E9BA7BCCB3ACEF7B89F7B6' \
'E90EA16A6EE2439D45179ECDD1C5CCFB' \
'6B9AA489C1218C92B898779D765FCCBB' \
'58CC920B6662C5F91749931132258F32' \
'BBA7C288C5AE103133106608409DAC41' \
'9F77241A3412907814AB7A922106B8DE' \
'D0D25AEC8A634929025C46A33FE5A1D3' \
'167A100323B1ABEE4A7A0708413A19E1' \
'7718165F5D3E73D577798E36D5144B66' \
'315AAE315078F5E51A29246AF402504B' \
'01021F00140009000800DB93C55086A3' \
'9007D8000000DF010000080024000000' \
'000000002000000000000000666C6167' \
'2E7478740A0020000000000001001800' \
'4A0A9A64243BD601F9D8AB39243BD601' \
'2D00CA13223BD601504B050600000000' \
'010001005A000000FE00000000000000'
with open('flag.zip', 'wb') as f:
f.write(binascii.unhexlify(s))
打开压缩包有密码,用010Editor分析是伪密码:
把字节09改为00后,保存:
打开flag.txt:
根据提示打开网站:
选“Brainfuck to Text”,得到flag:
WMCTF{wai_bi_baaaa_bo!2333~~~}
小结
zip伪加密也可以使用ZipCenOp.jar工具破解:
java -jar ZipCenOp.jar r flag.zip
png图片的识别,没有好办法。只有用笨方法手动录入了。
知识点:png图片修改、zip伪加密。