buuctf misc wp 01

1、金三胖

root@kali:~/下载/CTF题目# unzip 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

Archive:  77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

   creating: 金三胖/

  inflating: 金三胖/aaa.gif

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip

金三胖

dabai.png

f4571698-e6e4-41b6--2aab17cef02a.zip

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

root@kali:~/下载/CTF题目# cd 金三胖/

root@kali:~/下载/CTF题目/金三胖# ls

aaa.gif

root@kali:~/下载/CTF题目/金三胖# eog aaa.gif

先找到题目,解压后,通过eog命令打开图片,

这是一个GIF动图。然后将gif图全部转换为png图片。

root@kali:~/下载/CTF题目/金三胖# convert aaa.gif .png

root@kali:~/下载/CTF题目/金三胖# ls

-.png   -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png  -.png

-.png  -.png  -.png  -.png  -.png  -.png  -.png   aaa.gif

-.png  -.png  -.png  -.png  -.png  -.png   -.png

-.png  -.png  -.png  -.png  -.png   -.png  -.png

-.png  -.png  -.png  -.png   -.png  -.png  -.png

-.png  -.png  -.png   -.png  -.png  -.png  -.png

-.png  -.png   -.png  -.png  -.png  -.png  -.png

-.png   -.png  -.png  -.png  -.png  -.png  -.png

root@kali:~/下载/CTF题目/金三胖#

通过查看解出来的图片即可获得flag

2、二维码

解开这个题目后,打开看,是一个二维码,扫二维码得出。

然后,继续检查图片。

root@kali:~/下载/CTF题目# binwalk QR_code.png 

DECIMAL       HEXADECIMAL     DESCRIPTION

--------------------------------------------------------------------------------

             0x0             PNG image,  x , -bit colormap, non-interlaced

           0x1D7           Zip archive data, encrypted at least v2. to extract, compressed size: , uncompressed size: , name: 4number.txt

           0x28A           End of Zip archive, footer length: 

root@kali:~/下载/CTF题目# foremost QR_code.png

Processing: QR_code.png

�foundat=4number.txtn

Qjxu�J����[����OPF4L�

*|

root@kali:~/下载/CTF题目# cd output/

root@kali:~/下载/CTF题目/output# ls

audit.txt  png  zip

root@kali:~/下载/CTF题目/output# cd zip/

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# unzip .zip

Archive:  .zip

[.zip] 4number.txt password:

用binwalk查看图片,发现有个压缩包。解压后发现,这个压缩包需要密码。这里显示说是4位数字密码。
而题目没有其它提示,显然,是想让我们暴力破解密码。

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# fcrackzip -b -c '' -l  -u .zip 

PASSWORD FOUND!!!!: pw ==

root@kali:~/下载/CTF题目/output/zip# ls

.zip

root@kali:~/下载/CTF题目/output/zip# unzip .zip

Archive:  .zip

[.zip] 4number.txt password:

  inflating: 4number.txt

root@kali:~/下载/CTF题目/output/zip# ls

.zip  4number.txt

root@kali:~/下载/CTF题目/output/zip# bat 4number.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: 4number.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ CTF{vjpw_wnoei}

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目/output/zip#

解出来后,用密码打开得到flag

3、N种方法解决

先看题目

root@kali:~/下载/CTF题目# unzip f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

Archive:  f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

  inflating: KEY.exe

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.exe

root@kali:~/下载/CTF题目#

题目下载解出来后,是一个KEY.exe程序。
先运行程序看看。

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.exe

root@kali:~/下载/CTF题目# mv KEY.exe KEY.sh

root@kali:~/下载/CTF题目# ls

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.sh

root@kali:~/下载/CTF题目# chmod o+x KEY.sh

root@kali:~/下载/CTF题目# ./KEY.sh

./KEY.sh:行1: data:image/jpg: 没有那个文件或目录

./KEY.sh:行1: base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg==: 没有那个文件或目录

root@kali:~/下载/CTF题目#

看到一个base64,而这串密文也疑似base64,前面的data:image说明这base64可能是图片数据。
然后,先用base64解码试试看。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d

�PNG


IHDR�u�;<sRGB���gAMA��

                      �a    pHYs���o�d

��'ٻ����7���Y��{�����;s����=�[x�4v�O�zg�r�gy

                                            ��n�i_���S�b�,o�=���?���Ó�}�    �t�����S���������$v�r�>ݥ�g}��h�-����><�ݷ��Owi�Y��~K���Ob�-'��]�{�gN��ߒ�_���    s��9%�s'��X�r�>%mn��_���    s��%�s'��X�r�>%mn��_���    s��9%�s'��X�r�>%mn��_���s��%�s'��X�r�>%mn��_���    s�XN��.�>�I�7�s����]N���r��w��YNھa���$����p��$�����$)�~ׇ�&����]�}���o�=�&I���>�07��}�H�)I��i�~��$����p��$��M#m�$u����mn��_���    s�XN�7����ԙ��IR~��'�Mb9a��fJRgz����&I���><���vo}�I�o�����_��Ó��o�ַ����o�.����><���vo}�I�o�����_��Ó��o�ַ����o�.�����OK��]���w��)�߼˟���>%��w�Ӿޙç$�.گw~��A�������������4榑6Sb9a�~"�U����4�fJ,'��O����ј�F�L��}��,_�>�N�:Ӗ�=�{��&�c�X���$u�-�{b�,7�o=Mz�4�<M�;I�L[v���Ynp�z��iby��w�ԙ���ݳ���4�����K�[Nا$u���)I�)I����i|�X�a}�    ���Δ�9%�3%�sR�:���;�o9a��ԙ�6�$u�$uNJR��uc}x��-'�S�:S�攤Δ��II�4~����4��}J,7����-'��a}�I��j���6�]�=��Fw�O���԰��}�H��.��r5��`���$u��t�ڒnL²j��O[ҍF�:Sr:omI7�?aY�G٧-�F#I�)9������ڣ�Ӗt���Δ��[[ҍ�OXV���H�)I�i��3wI7ai�CS#m�$u�-�����%�l|���M����ԙ���[�>s�t���V:45�fJRgڲ�o���]���wXZ�ДXn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ�*K�Xn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ����d7߅�)is�ۤo������}�n�

                                           �S����I��    �

                                                         ���|ާ���o��a������.�OI��ܷ�ַܰ�n��{����σ��4p�jX�r���y�� �%

�$��f��ݳ���J����Q����H��.v�r�~+y:Oh�GM�:S#m���=�    ����<�-5I�L����b�,'췒�����J,'�Sb�.v�r�{j�͝�'��b��    ��X��ݷ����is'�I��X��r�>%��b�-��F��I~�/-�(���O��6w���K+�&mn�    ����}�����aiّ��}Jvs�>mi��ﰴ�H���r�>%�9a���{��wXZv��Mb9a��ݜ�O[�=��;\�<���������M�:�O�����߶�޷�؞�IRg��\ߕ?�ۖ����37I�L?����~�rz��b{�&I��'R����S#m��ͩ�6S#m�[ҍ;�[�(sj�͔�95�fj�McK�qg�~�eN����6�F�L��ilI7�L�o��̩�6S���H���6�-�Ɲ���;�;l��4�fJvs����i3}����#�37����ݜ���F�L�ai������M#m�d7'�?���wXZ?�=s�H�)��    �Ok����^K��lI7�4v���Δ�Ύ$u��N�%mn����}JRgJRgG�:�W'�ߒ67[ҍ;��>%�3%��#I�髓�oI��-�Ɲ�n��ԙ��ّ����Y�����ws���)�����\w��m��~77lϜ��n�<�u�;����ws���)�����\w��m��~77lϜ��n�<�r�^�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?,OmĜ�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?����#��%�����_�Xnpo����)~Yb�������e����;\�<~��[~���$�3%mn�����l�����L�:S���;\�<~��[~���$�3%mn�����l�����L�:S���;\�~�`�-'�S�����ON�[�s/�`�-'�S�����ON�[�s/�`�-'�S���������������p��$m��a�ݜX����}��YN����w5����[~����:��߼>�07Is���F�����]��}�W�~��$����o9aWb9a���ջ17�nn�{�[N�ߕXNا�p��G�M������w%���;\�~�`�-���$�����_��Ó�}˟�����-''�����$v����Mb�a{�ɉ���><�ݷ�i�~�Xn��rr�����Ӟ��}���-���;\�<~�Ӝ��{&����v}����Oy���y�$���ޮ�p���)Os�>��������W������_Ҫ��v�a�IEND�B`�

解码之后发现,好像是一堆乱码。但是根据前面的提示,这是一个image数据。我们把这写base64解出来的数据写入一张图片试试。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d > 1.jpg

root@kali:~/下载/CTF题目# ls

.jpg

379140b0-c2aa-4aa6-b372-031beb2007f0.zip

dabai.png

f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip

KEY.sh

root@kali:~/下载/CTF题目#

虽然,查看图片无法载入(可能是kali系统的原因),但是在文件夹下,已经显示出图片,是一张二维码。扫码之后,即可得flag。

4、大白

先下载题目
解压后是一张图片,没办法,kali上查看图片又有毛病,我打开了我的虚拟机,在win7上查看这张图片

在下载这道题目的时候,题目曾说道,是不是屏幕太小了

可能得从图片的大小上找问题了。由于我是新手,所以,我也不知道是宽上面有问题,还是高上面有问题,所以我都尝试了一下,最后得知是高上面做了修改。具体方法如下:

root@kali:~/下载/CTF题目# file dabai.png

dabai.png: PNG image data,  x , -bit/color RGBA, non-interlaced

查看图片属性。然后,找对应的宽和高是否有问题。

通过对应的进制转换得出,左边的是宽,右边是高。
然后我用hexedit打开图片。把高度修改了一下。

然后保存。查看图片得flag。

5、基础破解

这题下载下来解压后,名字乱码,我改了一下名字。发现解压需要密码。然后又开始了快乐的暴力破解之旅。

root@kali:~/下载/CTF题目# ls

 5e46643e-be69-4c63-86ac-c009251f2287.zip

 d6541cef--441c-82fa-426cc37e79b0.zip

'+'$'\250\246\355\343\343\242\324''.rar'

root@kali:~/下载/CTF题目# unrar x '+'$'\250\246\355\343\343\242\324''.rar'

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Cannot open +￾.ra

没有那个文件或目录

No files to extract

root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar'

mv: 在'+'$'\250\246\355\343\343\242\324''.rar' 后缺少了要操作的目标文件

请尝试执行 "mv --help" 来获取更多信息。

root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar' .rar

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt:

解出密码得到:2563

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  %

Checksum error in the encrypted file flag.txt. Corrupt file or wrong password.

Total errors:

root@kali:~/下载/CTF题目# rar2john .rar > mima.txt

! file name: flag.txt

root@kali:~/下载/CTF题目# ls

.rar

5e46643e-be69-4c63-86ac-c009251f2287.zip

d6541cef--441c-82fa-426cc37e79b0.zip

mima.txt

root@kali:~/下载/CTF题目# john mima.txt

Using default input encoding: UTF-

Loaded  password hash (rar, RAR3 [SHA1 / AVX2 8x AES])

Will run  OpenMP threads

Proceeding with single, rules:Single

Press 'q' or Ctrl-C to abort, almost any other key for status

0g ::: 5.04% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s R.rar12..rflagrflag

0g ::: 19.73% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s Trar"..R1$

Almost done: Processing the remaining buffered candidate passwords, if any.

Warning: Only  candidates buffered for the current salt, minimum  needed for performance.

Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist

Proceeding with incremental:ASCII

0g :::  / 0g/s .1p/s .1c/s .1C/s ..molday

0g :::  / 0g/s .9p/s .9c/s .9C/s asilor..searix

0g :::  / 0g/s .1p/s .1c/s .1C/s bicca..

             (.rar)

1g ::: DONE / (-- :) .000804g/s .3p/s .3c/s .3C/s amokees..mccia

Use the "--show" option to display all of the cracked passwords reliably

Session completed

root@kali:~/下载/CTF题目#

输入密码后得到:

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  OK

All OK

root@kali:~/下载/CTF题目# ls

.rar

.rar.xml

5e46643e-be69-4c63-86ac-c009251f2287.zip

你竟然赶我走

d6541cef--441c-82fa-426cc37e79b0.zip

flag.txt

mima.txt

root@kali:~/下载/CTF题目# bat flag.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: flag.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目#

看到解出来是一个base64密文
再解一下得flag

root@kali:~/下载/CTF题目# bat flag.txt

───────┬────────────────────────────────────────────────────────────────────────

       │ File: flag.txt

───────┼────────────────────────────────────────────────────────────────────────

      │ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=

───────┴────────────────────────────────────────────────────────────────────────

root@kali:~/下载/CTF题目# base64 -d flag.txt

flag{70354300a5100ba78068805661b93a5c}

root@kali:~/下载/CTF题目#

6、你竟然赶我走

下载题目解压后,检查图片。

貌似没有问题。
binwalk查看:

root@kali:~/下载/CTF题目/你竟然赶我走# binwalk biubiu.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION

--------------------------------------------------------------------------------

             0x0             JPEG image data, JFIF standard 1.01

貌似也没问题。继续检查,检查十六禁止文件(我习惯用hexedit)。

搜索flag等关键字。

得到flag。

buuctf misc wp 01的更多相关文章

  1. buuctf misc wp 02

    buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...

  2. buuctf misc 刷题记录

    1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...

  3. BUUCTF MISC部分题目wp

    MISC这里是平台上比较简单的misc,都放在一起,难一些的会单独写1,二维码图片里藏了一个压缩包,用binwalk -e分离,提示密码为4个数字,fcrackzip -b -c1 -l 4 -u 得 ...

  4. BUUCTF 部分wp

    目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...

  5. ISCC的 Misc——WP

    比赛已经结束了,自己做出来的题也不是很多,跟大家分享一下 Misc 第一题:What is that? 下载链接; 打开 解压 是一个图片 因为分值很少所以题和简单 观察图片是一个向下指的手 说明fl ...

  6. BUUCTF MISC ZIP

    这道题有点烦,拿出来单独写先贴两张图,一会用 首先这题给了68个压缩包,每个压缩包里只有4bytes大小,于是可以想到是crc爆破,自己写的脚本总是被killed,犯懒找了个脚本 import zip ...

  7. BUUCTF Misc 被偷走的文件

    首先下载文件打开 得到一个流量文件 用wireshark打开 打开后 进行分析 看到有ftp流量,于是过滤ftp 看到被偷走的是flag.rar 接下用binwalk进行分离 binwalk -e f ...

  8. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  9. ctf每周一练

    buuctf  misc: 你猜我是个啥 下载之后,是一个zip文件,解压,提示不是解压文件 放进HxD中进行分析,发现这是一个png文件,改后缀 打开后,发现是一张二维码,我们尝试用CQR进行扫描, ...

随机推荐

  1. 量化学习 | Tushare 基本面选股 (二)

    量化投资比较重要的是策略,可是你得先选个好股,价值投资需要认同他的价值,值得投资的股票才有投资的机会,现在简单介绍一下基于基本面的选股,其实我现实生活中也有炒股,都是经验之说的选股原则. 首先从tus ...

  2. mysql数据库设计文档-导出字段设计

    navicat 是我一直在使用的一个数据库操作工具,非常方便快捷.如果没有可用navicat可以留言邮箱我直接发您. 今天来介绍一下使用navicat导出数据库字段设计.废话不多说,先看导出效果. 查 ...

  3. JDK dump

    1. 查看整个JVM内存状态 jmap -heap 1237(pid) 2.生成dump文件 jmap -dump:file=文件名.dump 1237(pid)

  4. git常用命令学习配详细说明

    原文链接 把当前目录变成Git可以管理的仓库 git init 查看仓库当前的状态 git status 添加新/变动文件 git add <文件名> // 添加某个新文件(目录) git ...

  5. 1.Lambda表达式

    1.Lambda表达式 语法糖 也叫作糖衣语法,增强了代码的可读性 避免了出错的机会 但是,这种语法对于语言的功能并没有增强 和Lambda一样的糖衣语法还有:(1)泛型 <>(2)自动装 ...

  6. 【java I/O流总结】基于源码比较FileReader和BufferReader

    上一篇博客中,测试分析了FileReader&FileWriter,和BufferWriter&BufferReader之间的性能对比.仅仅只是简单分析.现在我基于源码的角度,来分析B ...

  7. SpringBoot项目中应用Jedis和一些常见配置

    优雅的使用Jedis Redis的Java客户端有很多,Jedis是其中使用比较广泛和性能比较稳定的一个.并且其API和RedisAPI命名风格类似,推荐大家使用 在项目中引入Jedis 可以通过Ma ...

  8. [算法笔记] PAT-ADV-1020

    题目要求:给出二叉树的后序遍历序列和中序遍历序列,输出二叉树的层次遍历序列. (传送门) Sample Input 7 2 3 1 5 7 6 4 1 2 3 4 5 6 7 Sample Outpu ...

  9. java fork/join简单实践

    我们知道,java8中有并行流,而并行流在后台的实现是通过fork/join池来完成的,例如: List<Integer> a = buildList(); List<Integer ...

  10. JVM中内存分配策略及堆和栈的比较

    最近愈发对JVM底层的运行 原理产生了兴趣,遂查阅相关资料以备忘. 内存分配策略 根据编译原理的观点,程序运行时的内存分配,有三种策略,分别为静态的.堆式的.栈式的. 静态存储分配指的是在编译时就能确 ...