admin 管理员组文章数量: 887021
【CTF】
练了几天ICS人麻了,换个方向缓一缓
目录
题目一:暴力破解
题目二:机密信息
题目三:文件恢复
题目四:病毒文件恢复
题目一:暴力破解
附件解压需要密码
压缩包注释:“这小伙很没安全意思,总喜欢把自己的银行卡密码设置为文档密码”
六位数字密码 直接爆破取得flag
题目二:机密信息
据说XX组织找到了一份机密信息,你能帮他们找到隐藏的数据么
这个题好sb,出来的flag.txt无任何提示纯暴力破解
搜wp知道密码7878,打开
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0011111111111110110000111110000001001111110000000110000011111111111100
0011111111111110110000111110000001001111110000000110000011111111111100
0011000000000110110000001111100110111111001111111001110011000000000100
0011000000000110110000001111100110111111001111111001110011000000000100
0011001111100110111111110001100111000011110111100111110011011111100100
0011001111100110001111001000011111001111111000011111110011011111100100
0011001111100110001111001000011111001111111000011111110011011111100100
0011001111100110000011000000011001110011000111111000000011011111100100
0011001111100110000011000000011001110011000111111000000011011111100100
0011000000000110110000000110011111000011110001111111110011000000000100
0011000000000110110000000110011111000011110001111111110011000000000100
0011111111111110110011001001100110110011001001100110110011111111111100
0011111111111110110011001001100110110011001001100110110011111111111100
0000000000000000111100000110000110111100000111111000000000000000000000
0000001111100110110000001110000111110011111000000111111111100001111100
0000001111100110110000001110000111110011111000000111111111100001111100
0000110111100001110011110000000000000011000110000001001100111110011000
0000110111100001110011110000000000000011000110000001001100111110011000
0011000000000110000011111110011000110000001000011111111111100111100100
0011000000000110000011111110011000110000001000011111111111100111100100
0000000001111001000011110110011111000000001001100001001100100000000000
0000000001111001000011110110011111000000001001100001001100100000000000
0000001110011110000011110111100000110000000110011001111111111001100100
0000000001111001000011110000011000001111000000011110001100000000011000
0000000001111001000011110000011000001111000000011110001100000000011000
0011111110011110111111001001100111111111001111100001110011011111100100
0011111110011110111111001001100111111111001111100001110011011111100100
0011001000011000001100000001111111111111110001100001111111100000000100
0011001000011000001100000001111111111111110001100001111111100000000100
0011001001100111111100111110011111001100000111111111110011011111100100
0011001001100111111100111110011111001100000111111111110011011111100100
0000110110011001111111000111100001110011001001100000001100100110000000
0011001110000111110011001111100000000011110000000111111111011111111100
0011001110000111110011001111100000000011110000000111111111011111111100
0011000001100000111100000001111000111100110110000000000000100110011000
0011000001100000111100000001111000111100110110000000000000100110011000
0000001000011110111100000111111000110000000000011111110011011001111000
0000001000011110111100000111111000110000000000011111110011011001111000
0000111111111001000000111110011111001111110001100000001100100111111100
0000111111111001000000111110011111001111110001100000001100100111111100
0000111001111110110000111110000001000011000111100001111111100000011100
0011001111111001000011000001111000111111000111100111000011000000011000
0011001111111001000011000001111000111111000111100111000011000000011000
0000110000000110001100110000011110001111111000000001000011000111100000
0000110000000110001100110000011110001111111000000001000011000111100000
0011000001100001110011001110011000001100111001100111110011000110000000
0011000001100001110011001110011000001100111001100111110011000110000000
0011001000000111000011001110011110110011110000000110000000000001111100
0011001000000111000011001110011110110011110000000110000000000001111100
0011001111111001111100111111100111001111001001100110111100000110011100
0011001000011111110011110111111001001111001000011110111111111000000100
0011001000011111110011110111111001001111001000011110111111111000000100
0000000000000000111111110000000111110011110001100001110000011001111000
0000000000000000111111110000000111110011110001100001110000011001111000
0011111111111110000011001000011000001111000001111000110011011110000100
0011111111111110000011001000011000001111000001111000110011011110000100
0011000000000110000011110000000110111111111001100000110000011000000000
0011001111100110111111110001100001111111001001111111111111111111100100
0011001111100110111111110001100001111111001001111111111111111111100100
0011001111100110110011001001111110110011001000000001001111011000011100
0011001111100110110011001001111110110011001000000001001111011000011100
0011001111100110110000000110011001000011001111100001110000100000000100
0011001111100110110000000110011001000011001111100001110000100000000100
0011000000000110001111001111100110110011111110000111110011100000000100
0011000000000110001111001111100110110011111110000111110011100000000100
0011111111111110001111110110000000000011001110000000001100000111111100
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
直接偷他脚本
from PIL import ImageMAX = 70
img = Image.new("RGB",(MAX,MAX))str = "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0011111111111110110000111110000001001111110000000110000011111111111100"
str += "0011111111111110110000111110000001001111110000000110000011111111111100"
str += "0011000000000110110000001111100110111111001111111001110011000000000100"
str += "0011000000000110110000001111100110111111001111111001110011000000000100"
str += "0011001111100110111111110001100111000011110111100111110011011111100100"
str += "0011001111100110001111001000011111001111111000011111110011011111100100"
str += "0011001111100110001111001000011111001111111000011111110011011111100100"
str += "0011001111100110000011000000011001110011000111111000000011011111100100"
str += "0011001111100110000011000000011001110011000111111000000011011111100100"
str += "0011000000000110110000000110011111000011110001111111110011000000000100"
str += "0011000000000110110000000110011111000011110001111111110011000000000100"
str += "0011111111111110110011001001100110110011001001100110110011111111111100"
str += "0011111111111110110011001001100110110011001001100110110011111111111100"
str += "0000000000000000111100000110000110111100000111111000000000000000000000"
str += "0000001111100110110000001110000111110011111000000111111111100001111100"
str += "0000001111100110110000001110000111110011111000000111111111100001111100"
str += "0000110111100001110011110000000000000011000110000001001100111110011000"
str += "0000110111100001110011110000000000000011000110000001001100111110011000"
str += "0011000000000110000011111110011000110000001000011111111111100111100100"
str += "0011000000000110000011111110011000110000001000011111111111100111100100"
str += "0000000001111001000011110110011111000000001001100001001100100000000000"
str += "0000000001111001000011110110011111000000001001100001001100100000000000"
str += "0000001110011110000011110111100000110000000110011001111111111001100100"
str += "0000000001111001000011110000011000001111000000011110001100000000011000"
str += "0000000001111001000011110000011000001111000000011110001100000000011000"
str += "0011111110011110111111001001100111111111001111100001110011011111100100"
str += "0011111110011110111111001001100111111111001111100001110011011111100100"
str += "0011001000011000001100000001111111111111110001100001111111100000000100"
str += "0011001000011000001100000001111111111111110001100001111111100000000100"
str += "0011001001100111111100111110011111001100000111111111110011011111100100"
str += "0011001001100111111100111110011111001100000111111111110011011111100100"
str += "0000110110011001111111000111100001110011001001100000001100100110000000"
str += "0011001110000111110011001111100000000011110000000111111111011111111100"
str += "0011001110000111110011001111100000000011110000000111111111011111111100"
str += "0011000001100000111100000001111000111100110110000000000000100110011000"
str += "0011000001100000111100000001111000111100110110000000000000100110011000"
str += "0000001000011110111100000111111000110000000000011111110011011001111000"
str += "0000001000011110111100000111111000110000000000011111110011011001111000"
str += "0000111111111001000000111110011111001111110001100000001100100111111100"
str += "0000111111111001000000111110011111001111110001100000001100100111111100"
str += "0000111001111110110000111110000001000011000111100001111111100000011100"
str += "0011001111111001000011000001111000111111000111100111000011000000011000"
str += "0011001111111001000011000001111000111111000111100111000011000000011000"
str += "0000110000000110001100110000011110001111111000000001000011000111100000"
str += "0000110000000110001100110000011110001111111000000001000011000111100000"
str += "0011000001100001110011001110011000001100111001100111110011000110000000"
str += "0011000001100001110011001110011000001100111001100111110011000110000000"
str += "0011001000000111000011001110011110110011110000000110000000000001111100"
str += "0011001000000111000011001110011110110011110000000110000000000001111100"
str += "0011001111111001111100111111100111001111001001100110111100000110011100"
str += "0011001000011111110011110111111001001111001000011110111111111000000100"
str += "0011001000011111110011110111111001001111001000011110111111111000000100"
str += "0000000000000000111111110000000111110011110001100001110000011001111000"
str += "0000000000000000111111110000000111110011110001100001110000011001111000"
str += "0011111111111110000011001000011000001111000001111000110011011110000100"
str += "0011111111111110000011001000011000001111000001111000110011011110000100"
str += "0011000000000110000011110000000110111111111001100000110000011000000000"
str += "0011001111100110111111110001100001111111001001111111111111111111100100"
str += "0011001111100110111111110001100001111111001001111111111111111111100100"
str += "0011001111100110110011001001111110110011001000000001001111011000011100"
str += "0011001111100110110011001001111110110011001000000001001111011000011100"
str += "0011001111100110110000000110011001000011001111100001110000100000000100"
str += "0011001111100110110000000110011001000011001111100001110000100000000100"
str += "0011000000000110001111001111100110110011111110000111110011100000000100"
str += "0011000000000110001111001111100110110011111110000111110011100000000100"
str += "0011111111111110001111110110000000000011001110000000001100000111111100"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"
str += "0000000000000000000000000000000000000000000000000000000000000000000000"i = 0
for y in range (0,MAX):for x in range (0,MAX):if(str[i] == '1'):img.putpixel([x,y],(0, 0, 0))else:img.putpixel([x,y],(255,255,255))i = i+1img.show()
img.save("flag.png")
还有一种方法放入excel将01填充空白和黑色也可以
发现一个更好的脚本
## python 默认安装pil如果未安装运行pip install plilow max=70 表示 70*70 的二维码
#str 值为01数值可以利用word去掉回车字符
from PIL import Image
MAX = 70
pic = Image.new("RGB",(MAX, MAX))
str = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111101100001111100000010011111100000001100000111111111111000011111111111110110000111110000001001111110000000110000011111111111100001100000000011011000000111110011011111100111111100111001100000000010000110000000001101100000011111001101111110011111110011100110000000001000011001111100110111111110001100111000011110111100111110011011111100100001100111110011000111100100001111100111111100001111111001101111110010000110011111001100011110010000111110011111110000111111100110111111001000011001111100110000011000000011001110011000111111000000011011111100100001100111110011000001100000001100111001100011111100000001101111110010000110000000001101100000001100111110000111100011111111100110000000001000011000000000110110000000110011111000011110001111111110011000000000100001111111111111011001100100110011011001100100110011011001111111111110000111111111111101100110010011001101100110010011001101100111111111111000000000000000000111100000110000110111100000111111000000000000000000000000000111110011011000000111000011111001111100000011111111110000111110000000011111001101100000011100001111100111110000001111111111000011111000000110111100001110011110000000000000011000110000001001100111110011000000011011110000111001111000000000000001100011000000100110011111001100000110000000001100000111111100110001100000010000111111111111001111001000011000000000110000011111110011000110000001000011111111111100111100100000000000111100100001111011001111100000000100110000100110010000000000000000000011110010000111101100111110000000010011000010011001000000000000000001110011110000011110111100000110000000110011001111111111001100100000000000111100100001111000001100000111100000001111000110000000001100000000000011110010000111100000110000011110000000111100011000000000110000011111110011110111111001001100111111111001111100001110011011111100100001111111001111011111100100110011111111100111110000111001101111110010000110010000110000011000000011111111111111100011000011111111000000001000011001000011000001100000001111111111111110001100001111111100000000100001100100110011111110011111001111100110000011111111111001101111110010000110010011001111111001111100111110011000001111111111100110111111001000000110110011001111111000111100001110011001001100000001100100110000000001100111000011111001100111110000000001111000000011111111101111111110000110011100001111100110011111000000000111100000001111111110111111111000011000001100000111100000001111000111100110110000000000000100110011000001100000110000011110000000111100011110011011000000000000010011001100000000010000111101111000001111110001100000000000111111100110110011110000000001000011110111100000111111000110000000000011111110011011001111000000011111111100100000011111001111100111111000110000000110010011111110000001111111110010000001111100111110011111100011000000011001001111111000000111001111110110000111110000001000011000111100001111111100000011100001100111111100100001100000111100011111100011110011100001100000001100000110011111110010000110000011110001111110001111001110000110000000110000000110000000110001100110000011110001111111000000001000011000111100000000011000000011000110011000001111000111111100000000100001100011110000000110000011000011100110011100110000011001110011001111100110001100000000011000001100001110011001110011000001100111001100111110011000110000000001100100000011100001100111001111011001111000000011000000000000111110000110010000001110000110011100111101100111100000001100000000000011111000011001111111001111100111111100111001111001001100110111100000110011100001100100001111111001111011111100100111100100001111011111111100000010000110010000111111100111101111110010011110010000111101111111110000001000000000000000000111111110000000111110011110001100001110000011001111000000000000000000011111111000000011111001111000110000111000001100111100000111111111111100000110010000110000011110000011110001100110111100001000011111111111110000011001000011000001111000001111000110011011110000100001100000000011000001111000000011011111111100110000011000001100000000000110011111001101111111100011000011111110010011111111111111111111001000011001111100110111111110001100001111111001001111111111111111111100100001100111110011011001100100111111011001100100000000100111101100001110000110011111001101100110010011111101100110010000000010011110110000111000011001111100110110000000110011001000011001111100001110000100000000100001100111110011011000000011001100100001100111110000111000010000000010000110000000001100011110011111001101100111111100001111100111000000001000011000000000110001111001111100110110011111110000111110011100000000100001111111111111000111111011000000000001100111000000000110000011111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
i=0
for y in range (0,MAX):for x in range (0,MAX):if(str[i] == '1'):pic.putpixel([x,y],(0, 0, 0))else:pic.putpixel([x,y],(255,255,255))i = i+1
pic.show()
pic.save("flag.png")
题目三:文件恢复
小明以为文件删除了别人就看不到了。too young too simple呀
下载的文件file一下 Linux rev 1.0 ext3 filesystem data,
百度知道是ext3文件的恢复,我也不懂
关于一道ext3文件处理的misc题_浮岚丶暖阳的博客-CSDN博客
有个类似的这个题比上面博客的简单会用 extundelete就行
恢复出一个flag.txt
题目四:病毒文件恢复
附件有一个txt还有一个乱七八糟的后缀
查看说明英文翻译就是想要查看内容需要支付抽紧
利用360可以在线解密安全卫士勒索病毒专题:文件恢复_安全卫士离线救灾版_文档卫士
得到flag
题目五:血小板天下第一可爱
解题思路 ps二维码得到一串密文像base64尝试解密
题目提示lsb可知是lsb解密
下载lsb.py
真正的问题在安装依赖上按照
运行python2 脚本时遇到的报错_烦躁的程序员的博客-CSDN博客_lsb.py
我按照他的第四步无法按照
No module named "Crypto" - kennyhip - 博客园
pip uninstall crypto pycryptodome
pip
install
pycryptodome
这样就可以正常运行解决
python lsb.py extract 1.png flag.txt Lsb_1s_gr3at
最后会在原地生成一个flagtxt得到密文
本文标签: CTF
版权声明:本文标题:【CTF】 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.freenas.com.cn/free/1700302257h387427.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论