buuctf misc wp 01

1、金三胖

root@kali:~/下载/CTF题目# unzip 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

Archive:  77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

   creating: 金三胖/

  inflating: 金三胖/aaa.gif

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

金三胖

dabai.png

f4571698-e6e4-41b6--2aab17cef02a.zip

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

root@kali:~/下载/CTF题目# cd 金三胖/

root@kali:~/下载/CTF题目/金三胖# ls

aaa.gif

root@kali:~/下载/CTF题目/金三胖# eog aaa.gif

先找到题目,解压后,通过eog命令打开图片,

这是一个GIF动图。然后将gif图全部转换为png图片。

root@kali:~/下载/CTF题目/金三胖# convert aaa.gif .png

root@kali:~/下载/CTF题目/金三胖# ls

-.png   -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png   aaa.gif

-.png  -.png  -.png  -.png  -.png  -.png   -.png

-.png  -.png  -.png  -.png  -.png   -.png  -.png

-.png  -.png  -.png  -.png   -.png  -.png  -.png

-.png  -.png  -.png   -.png  -.png  -.png  -.png

-.png  -.png   -.png  -.png  -.png  -.png  -.png

-.png   -.png  -.png  -.png  -.png  -.png  -.png

root@kali:~/下载/CTF题目/金三胖#

通过查看解出来的图片即可获得flag

2、二维码

解开这个题目后,打开看,是一个二维码,扫二维码得出。

然后,继续检查图片。

root@kali:~/下载/CTF题目# binwalk QR_code.png 

DECIMAL       HEXADECIMAL     DESCRIPTION

--------------------------------------------------------------------------------

             0x0             PNG image,  x , -bit colormap, non-interlaced

           0x1D7           Zip archive data, encrypted at least v2. to extract, compressed size: , uncompressed size: , name: 4number.txt

           0x28A           End of Zip archive, footer length: 

root@kali:~/下载/CTF题目# foremost QR_code.png

Processing: QR_code.png

�foundat=4number.txtn

Qjxu�J����[����OPF4L�

*|

root@kali:~/下载/CTF题目# cd output/

root@kali:~/下载/CTF题目/output# ls

audit.txt  png  zip

root@kali:~/下载/CTF题目/output# cd zip/

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# unzip .zip

Archive:  .zip

[.zip] 4number.txt password:

用binwalk查看图片,发现有个压缩包。解压后发现,这个压缩包需要密码。这里显示说是4位数字密码。
而题目没有其它提示,显然,是想让我们暴力破解密码。

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# fcrackzip -b -c '' -l  -u .zip 

PASSWORD FOUND!!!!: pw ==

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# unzip .zip

Archive:  .zip

[.zip] 4number.txt password:

  inflating: 4number.txt

root@kali:~/下载/CTF题目/output/zip# ls

.zip  4number.txt

root@kali:~/下载/CTF题目/output/zip# bat 4number.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: 4number.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ CTF{vjpw_wnoei}

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目/output/zip#

解出来后,用密码打开得到flag

3、N种方法解决

先看题目

root@kali:~/下载/CTF题目# unzip f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

Archive:  f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

  inflating: KEY.exe

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.exe

root@kali:~/下载/CTF题目#

题目下载解出来后,是一个KEY.exe程序。
先运行程序看看。

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.exe

root@kali:~/下载/CTF题目# mv KEY.exe KEY.sh

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.sh

root@kali:~/下载/CTF题目# chmod o+x KEY.sh

root@kali:~/下载/CTF题目# ./KEY.sh

./KEY.sh:行1: data:image/jpg: 没有那个文件或目录

./KEY.sh:行1: base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg==: 没有那个文件或目录

root@kali:~/下载/CTF题目#

看到一个base64,而这串密文也疑似base64,前面的data:image说明这base64可能是图片数据。
然后,先用base64解码试试看。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d

�PNG


IHDR�u�;<sRGB���gAMA��

                      �a    pHYs���o�d

��'ٻ����7���Y��{�����;s����=�[x�4v�O�zg�r�gy

                                            ��n�i_���S�b�,o�=���?���Ó�}�    �t�����S���������$v�r�>ݥ�g}��h�-����><�ݷ��Owi�Y��~K���Ob�-'��]�{�gN��ߒ�_���    s��9%�s'��X�r�>%mn��_���    s��%�s'��X�r�>%mn��_���    s��9%�s'��X�r�>%mn��_���s��%�s'��X�r�>%mn��_���    s�XN��.�>�I�7�s����]N���r��w��YNھa���$����p��$�����$)�~ׇ�&����]�}���o�=�&I���>�07��}�H�)I��i�~��$����p��$��M#m�$u����mn��_���    s�XN�7����ԙ��IR~��'�Mb9a��fJRgz����&I���><���vo}�I�o�����_��Ó��o�ַ����o�.����><���vo}�I�o�����_��Ó��o�ַ����o�.�����OK��]���w��)�߼˟���>%��w�Ӿޙç$�.گw~��A�������������4榑6Sb9a�~"�U����4�fJ,'��O����ј�F�L��}��,_�>�N�:Ӗ�=�{��&�c�X���$u�-�{b�,7�o=Mz�4�<M�;I�L[v���Ynp�z��iby��w�ԙ���ݳ���4�����K�[Nا$u���)I�)I����i|�X�a}�    ���Δ�9%�3%�sR�:���;�o9a��ԙ�6�$u�$uNJR��uc}x��-'�S�:S�攤Δ��II�4~����4��}J,7����-'��a}�I��j���6�]�=��Fw�O���԰��}�H��.��r5��`���$u��t�ڒnL²j��O[ҍF�:Sr:omI7�?aY�G٧-�F#I�)9������ڣ�Ӗt���Δ��[[ҍ�OXV���H�)I�i��3wI7ai�CS#m�$u�-�����%�l|���M����ԙ���[�>s�t���V:45�fJRgڲ�o���]���wXZ�ДXn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ�*K�Xn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ����d7߅�)is�ۤo������}�n�

                                           �S����I��    �

                                                         ���|ާ���o��a������.�OI��ܷ�ַܰ�n��{����σ��4p�jX�r���y�� �%

�$��f��ݳ���J����Q����H��.v�r�~+y:Oh�GM�:S#m���=�    ����<�-5I�L����b�,'췒�����J,'�Sb�.v�r�{j�͝�'��b��    ��X��ݷ����is'�I��X��r�>%��b�-��F��I~�/-�(���O��6w���K+�&mn�    ����}�����aiّ��}Jvs�>mi��ﰴ�H���r�>%�9a���{��wXZv��Mb9a��ݜ�O[�=��;\�<���������M�:�O�����߶�޷�؞�IRg��\ߕ?�ۖ����37I�L?����~�rz��b{�&I��'R����S#m��ͩ�6S#m�[ҍ;�[�(sj�͔�95�fj�McK�qg�~�eN����6�F�L��ilI7�L�o��̩�6S���H���6�-�Ɲ���;�;l��4�fJvs����i3}����#�37����ݜ���F�L�ai������M#m�d7'�?���wXZ?�=s�H�)��    �Ok����^K��lI7�4v���Δ�Ύ$u��N�%mn����}JRgJRgG�:�W'�ߒ67[ҍ;��>%�3%��#I�髓�oI��-�Ɲ�n��ԙ��ّ����Y�����ws���)�����\w��m��~77lϜ��n�<�u�;����ws���)�����\w��m��~77lϜ��n�<�r�^�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?,OmĜ�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?����#��%�����_�Xnpo����)~Yb�������e����;\�<~��[~���$�3%mn�����l�����L�:S���;\�<~��[~���$�3%mn�����l�����L�:S���;\�~�`�-'�S�����ON�[�s/�`�-'�S�����ON�[�s/�`�-'�S���������������p��$m��a�ݜX����}��YN����w5����[~����:��߼>�07Is���F�����]��}�W�~��$����o9aWb9a���ջ17�nn�{�[N�ߕXNا�p��G�M������w%���;\�~�`�-���$�����_��Ó�}˟�����-''�����$v����Mb�a{�ɉ���><�ݷ�i�~�Xn��rr�����Ӟ��}���-���;\�<~�Ӝ��{&����v}����Oy���y�$���ޮ�p���)Os�>��������W������_Ҫ��v�a�IEND�B`�

解码之后发现,好像是一堆乱码。但是根据前面的提示,这是一个image数据。我们把这写base64解出来的数据写入一张图片试试。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d > 1.jpg

root@kali:~/下载/CTF题目# ls

.jpg

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.sh

root@kali:~/下载/CTF题目#

虽然,查看图片无法载入(可能是kali系统的原因),但是在文件夹下,已经显示出图片,是一张二维码。扫码之后,即可得flag。

4、大白

先下载题目
解压后是一张图片,没办法,kali上查看图片又有毛病,我打开了我的虚拟机,在win7上查看这张图片

在下载这道题目的时候,题目曾说道,是不是屏幕太小了

可能得从图片的大小上找问题了。由于我是新手,所以,我也不知道是宽上面有问题,还是高上面有问题,所以我都尝试了一下,最后得知是高上面做了修改。具体方法如下:

root@kali:~/下载/CTF题目# file dabai.png

dabai.png: PNG image data,  x , -bit/color RGBA, non-interlaced

查看图片属性。然后,找对应的宽和高是否有问题。

通过对应的进制转换得出,左边的是宽,右边是高。
然后我用hexedit打开图片。把高度修改了一下。

然后保存。查看图片得flag。

5、基础破解

这题下载下来解压后,名字乱码,我改了一下名字。发现解压需要密码。然后又开始了快乐的暴力破解之旅。

root@kali:~/下载/CTF题目# ls

 5e46643e-be69-4c63-86ac-c009251f2287.zip

 d6541cef--441c-82fa-426cc37e79b0.zip

'+'$'\250\246\355\343\343\242\324''.rar'

root@kali:~/下载/CTF题目# unrar x '+'$'\250\246\355\343\343\242\324''.rar'

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Cannot open +￾.ra

没有那个文件或目录

No files to extract

root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar'

mv: 在'+'$'\250\246\355\343\343\242\324''.rar' 后缺少了要操作的目标文件

请尝试执行 "mv --help" 来获取更多信息。

root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar' .rar

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt:

解出密码得到:2563

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  %

Checksum error in the encrypted file flag.txt. Corrupt file or wrong password.

Total errors:

root@kali:~/下载/CTF题目# rar2john .rar > mima.txt

! file name: flag.txt

root@kali:~/下载/CTF题目# ls

.rar

5e46643e-be69-4c63-86ac-c009251f2287.zip

d6541cef--441c-82fa-426cc37e79b0.zip

mima.txt

root@kali:~/下载/CTF题目# john mima.txt

Using default input encoding: UTF-

Loaded  password hash (rar, RAR3 [SHA1 / AVX2 8x AES])

Will run  OpenMP threads

Proceeding with single, rules:Single

Press 'q' or Ctrl-C to abort, almost any other key for status

0g ::: 5.04% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s R.rar12..rflagrflag

0g ::: 19.73% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s Trar"..R1$

Almost done: Processing the remaining buffered candidate passwords, if any.

Warning: Only  candidates buffered for the current salt, minimum  needed for performance.

Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist

Proceeding with incremental:ASCII

0g :::  / 0g/s .1p/s .1c/s .1C/s ..molday

0g :::  / 0g/s .9p/s .9c/s .9C/s asilor..searix

0g :::  / 0g/s .1p/s .1c/s .1C/s bicca..

             (.rar)

1g ::: DONE / (-- :) .000804g/s .3p/s .3c/s .3C/s amokees..mccia

Use the "--show" option to display all of the cracked passwords reliably

Session completed

root@kali:~/下载/CTF题目#

输入密码后得到:

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  OK

All OK

root@kali:~/下载/CTF题目# ls

.rar

.rar.xml

5e46643e-be69-4c63-86ac-c009251f2287.zip

你竟然赶我走

d6541cef--441c-82fa-426cc37e79b0.zip

flag.txt

mima.txt

root@kali:~/下载/CTF题目# bat flag.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: flag.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目#

看到解出来是一个base64密文
再解一下得flag

root@kali:~/下载/CTF题目# bat flag.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: flag.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目# base64 -d flag.txt

flag{70354300a5100ba78068805661b93a5c}

root@kali:~/下载/CTF题目#

6、你竟然赶我走

下载题目解压后,检查图片。

貌似没有问题。
binwalk查看:

root@kali:~/下载/CTF题目/你竟然赶我走# binwalk biubiu.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION

--------------------------------------------------------------------------------

             0x0             JPEG image data, JFIF standard 1.01

貌似也没问题。继续检查,检查十六禁止文件(我习惯用hexedit)。

搜索flag等关键字。

得到flag。

buuctf misc wp 01的更多相关文章

  1. buuctf misc wp 02

    buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...

  2. buuctf misc 刷题记录

    1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...

  3. BUUCTF MISC部分题目wp

    MISC这里是平台上比较简单的misc,都放在一起,难一些的会单独写1,二维码图片里藏了一个压缩包,用binwalk -e分离,提示密码为4个数字,fcrackzip -b -c1 -l 4 -u 得 ...

  4. BUUCTF 部分wp

    目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...

  5. ISCC的 Misc——WP

    比赛已经结束了,自己做出来的题也不是很多,跟大家分享一下 Misc 第一题:What is that? 下载链接; 打开 解压 是一个图片 因为分值很少所以题和简单 观察图片是一个向下指的手 说明fl ...

  6. BUUCTF MISC ZIP

    这道题有点烦,拿出来单独写先贴两张图,一会用 首先这题给了68个压缩包,每个压缩包里只有4bytes大小,于是可以想到是crc爆破,自己写的脚本总是被killed,犯懒找了个脚本 import zip ...

  7. BUUCTF Misc 被偷走的文件

    首先下载文件打开 得到一个流量文件 用wireshark打开 打开后 进行分析 看到有ftp流量,于是过滤ftp 看到被偷走的是flag.rar 接下用binwalk进行分离 binwalk -e f ...

  8. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  9. ctf每周一练

    buuctf  misc: 你猜我是个啥 下载之后,是一个zip文件,解压,提示不是解压文件 放进HxD中进行分析,发现这是一个png文件,改后缀 打开后,发现是一张二维码,我们尝试用CQR进行扫描, ...

随机推荐

  1. Jmeter——如何使得token在各线程组间引用的游刃有余

    在以前的博文中,有介绍过,jmeter基本的关联,关联就是将参数在各接口中动态传参,使得接口脚本变得灵活使用,非一次性脚本.今天再来介绍一种jmeter全局变量的设置与使用,可以让脚本运用更丰富,场景 ...

  2. 奇思妙想-java实现另类的pipeline模式

    磕叨 在公司做项目是见到前辈们写的一端任务链的代码,大概如下 Runnable task = new TaskA(new TaskB(new TaskC(new taskD()))); task.ru ...

  3. 我用STM32MP1做了个疫情监控平台2—Qt环境搭建

    目录 1.嵌入式Qt简介 2.查看开发板Qt库的版本 3.主机搭建Qt环境 4.第一个Qt程序--Hello World 5.一些问题 @ 1.嵌入式Qt简介 Qt 是一个跨平台的应用程序开发框架.使 ...

  4. 程序员找工作必备 PHP 基础面试题

    1.优化 MYSQL 数据库的方法 (1) 选取最适用的字段属性,尽可能减少定义字段长度,尽量把字段设置 NOT NULL, 例如’省份,性别’, 最好设置为 ENUM (2) 使用连接(JOIN)来 ...

  5. springBoot mybatis mysql pagehelper layui 分页

    <!-- 加入 pagehelper 分页插件 jar包--><dependency> <groupId>com.github.pagehelper</gro ...

  6. shell编程之if语句

    shell编程之if判断 目录 shell编程之if判断 1.整数比较 2.字符串比较 3.举例 1.数字比较 2.字符串比较 4.Other 1.整数比较 -eq 等于,如:if [ "$ ...

  7. udp和tcp特点 实现文件上传

    本周课程安排: 网络编程结束 并发网络开头 进程 线程 IO模型 上周内容回顾: 1.osi七层:应用层,表示层,会话层,传输层,网络层,数据链路层,物理连接层 也有人把他们归纳为五层: 应用层, 传 ...

  8. vue 2

    目录 复习 今日 指令 条件指令 循环指令 评论案例 解决插值表达式符号冲突 总结 组件 局部组件 全局组件 组件间的交互:父传子 组件间的交互:子传父 复习 """ 1 ...

  9. 洛谷 P1438 无聊的数列 题解

    原题链接 首先,我们考虑用差分解决问题. 用 \(x_i\) 表示原数列,\(a_i = x_i - x_{i-1}\) 那么,先普及一下差分: 如果我们只需要维护区间加值,单点求值的话,你会发现两个 ...

  10. 8千字干货教程|java反射精讲

    java反射机制精讲 目录 1. 反射机制的概念 2. 反射的基础Class类 3. 反射的用法 4. 反射的应用示例 作者简介:全栈学习笔记,一个正在努力的人 微信公众号:公众号日更,精彩美文每天推 ...