buuctf misc wp 01

1、金三胖

root@kali:~/下载/CTF题目# unzip 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
Archive: 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
creating: 金三胖/
inflating: 金三胖/aaa.gif
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
金三胖
dabai.png
f4571698-e6e4-41b6--2aab17cef02a.zip
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
root@kali:~/下载/CTF题目# cd 金三胖/
root@kali:~/下载/CTF题目/金三胖# ls
aaa.gif
root@kali:~/下载/CTF题目/金三胖# eog aaa.gif

先找到题目,解压后,通过eog命令打开图片,

这是一个GIF动图。然后将gif图全部转换为png图片。

root@kali:~/下载/CTF题目/金三胖# convert aaa.gif .png
root@kali:~/下载/CTF题目/金三胖# ls
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png aaa.gif
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
root@kali:~/下载/CTF题目/金三胖#

通过查看解出来的图片即可获得flag

2、二维码

解开这个题目后,打开看,是一个二维码,扫二维码得出。

然后,继续检查图片。

root@kali:~/下载/CTF题目# binwalk QR_code.png 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0x0 PNG image, x , -bit colormap, non-interlaced
0x1D7 Zip archive data, encrypted at least v2. to extract, compressed size: , uncompressed size: , name: 4number.txt
0x28A End of Zip archive, footer length: root@kali:~/下载/CTF题目# foremost QR_code.png
Processing: QR_code.png
�foundat=4number.txtn
Qjxu�J����[����OPF4L�
*|
root@kali:~/下载/CTF题目# cd output/
root@kali:~/下载/CTF题目/output# ls
audit.txt png zip
root@kali:~/下载/CTF题目/output# cd zip/
root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# unzip .zip
Archive: .zip
[.zip] 4number.txt password:

用binwalk查看图片,发现有个压缩包。解压后发现,这个压缩包需要密码。这里显示说是4位数字密码。
而题目没有其它提示,显然,是想让我们暴力破解密码。

root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# fcrackzip -b -c '' -l -u .zip PASSWORD FOUND!!!!: pw ==
root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# unzip .zip
Archive: .zip
[.zip] 4number.txt password:
inflating: 4number.txt
root@kali:~/下载/CTF题目/output/zip# ls
.zip 4number.txt
root@kali:~/下载/CTF题目/output/zip# bat 4number.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: 4number.txt
───────┼────────────────────────────────────────────────────────────────────────
│ CTF{vjpw_wnoei}
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目/output/zip#

解出来后,用密码打开得到flag

3、N种方法解决

先看题目

root@kali:~/下载/CTF题目# unzip f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
Archive: f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
inflating: KEY.exe
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.exe
root@kali:~/下载/CTF题目#

题目下载解出来后,是一个KEY.exe程序。
先运行程序看看。

root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.exe
root@kali:~/下载/CTF题目# mv KEY.exe KEY.sh
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.sh
root@kali:~/下载/CTF题目# chmod o+x KEY.sh
root@kali:~/下载/CTF题目# ./KEY.sh
./KEY.sh:行1: data:image/jpg: 没有那个文件或目录
./KEY.sh:行1: base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg==: 没有那个文件或目录
root@kali:~/下载/CTF题目#

看到一个base64,而这串密文也疑似base64,前面的data:image说明这base64可能是图片数据。
然后,先用base64解码试试看。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d
�PNG

IHDR�u�;<sRGB���gAMA��
�a pHYs���o�d
��'ٻ����7���Y��{�����;s����=�[x�4v�O�zg�r�gy
��n�i_���S�b�,o�=���?���Ó�}� �t�����S���������$v�r�>ݥ�g}��h�-����><�ݷ��Owi�Y��~K���Ob�-'��]�{�gN��ߒ�_��� s��9%�s'��X�r�>%mn��_��� s��%�s'��X�r�>%mn��_��� s��9%�s'��X�r�>%mn��_���s��%�s'��X�r�>%mn��_��� s�XN��.�>�I�7�s����]N���r��w��YNھa���$����p��$�����$)�~ׇ�&����]�}���o�=�&I���>�07��}�H�)I��i�~��$����p��$��M#m�$u����mn��_��� s�XN�7����ԙ��IR~��'�Mb9a��fJRgz����&I���><���vo}�I�o�����_��Ó��o�ַ����o�.����><���vo}�I�o�����_��Ó��o�ַ����o�.�����OK��]���w��)�߼˟���>%��w�Ӿޙç$�.گw~��A�������������4榑6Sb9a�~"�U����4�fJ,'��O����ј�F�L��}��,_�>�N�:Ӗ�=�{��&�c�X���$u�-�{b�,7�o=Mz�4�<M�;I�L[v���Ynp�z��iby��w�ԙ���ݳ���4�����K�[Nا$u���)I�)I����i|�X�a}� ���Δ�9%�3%�sR�:���;�o9a��ԙ�6�$u�$uNJR��uc}x��-'�S�:S�攤Δ��II�4~����4��}J,7����-'��a}�I��j���6�]�=��Fw�O���԰��}�H��.��r5��`���$u��t�ڒnL²j��O[ҍF�:Sr:omI7�?aY�G٧-�F#I�)9������ڣ�Ӗt���Δ��[[ҍ�OXV���H�)I�i��3wI7ai�CS#m�$u�-�����%�l|���M����ԙ���[�>s�t���V:45�fJRgڲ�o���]���wXZ�ДXn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ�*K�Xn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ����d7߅�)is�ۤo������}�n�
�S����I�� �
���|ާ���o��a������.�OI��ܷ�ַܰ�n��{����σ��4p�jX�r���y�� �%
�$��f��ݳ���J����Q����H��.v�r�~+y:Oh�GM�:S#m���=� ����<�-5I�L����b�,'췒�����J,'�Sb�.v�r�{j�͝�'��b�� ��X��ݷ����is'�I��X��r�>%��b�-��F��I~�/-�(���O��6w���K+�&mn� ����}�����aiّ��}Jvs�>mi��ﰴ�H���r�>%�9a���{��wXZv��Mb9a��ݜ�O[�=��;\�<���������M�:�O�����߶�޷�؞�IRg��\ߕ?�ۖ����37I�L?����~�rz��b{�&I��'R����S#m��ͩ�6S#m�[ҍ;�[�(sj�͔�95�fj�McK�qg�~�eN����6�F�L��ilI7�L�o��̩�6S���H���6�-�Ɲ���;�;l��4�fJvs����i3}����#�37����ݜ���F�L�ai������M#m�d7'�?���wXZ?�=s�H�)�� �Ok����^K��lI7�4v���Δ�Ύ$u��N�%mn����}JRgJRgG�:�W'�ߒ67[ҍ;��>%�3%��#I�髓�oI��-�Ɲ�n��ԙ��ّ����Y�����ws���)�����\w��m��~77lϜ��n�<�u�;����ws���)�����\w��m��~77lϜ��n�<�r�^�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?,OmĜ�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?����#��%�����_�Xnpo����)~Yb�������e����;\�<~��[~���$�3%mn�����l�����L�:S���;\�<~��[~���$�3%mn�����l�����L�:S���;\�~�`�-'�S�����ON�[�s/�`�-'�S�����ON�[�s/�`�-'�S���������������p��$m��a�ݜX����}��YN����w5����[~����:��߼>�07Is���F�����]��}�W�~��$����o9aWb9a���ջ17�nn�{�[N�ߕXNا�p��G�M������w%���;\�~�`�-���$�����_��Ó�}˟�����-''�����$v����Mb�a{�ɉ���><�ݷ�i�~�Xn��rr�����Ӟ��}���-���;\�<~�Ӝ��{&����v}����Oy���y�$���ޮ�p���)Os�>��������W������_Ҫ��v�a�IEND�B`�

解码之后发现,好像是一堆乱码。但是根据前面的提示,这是一个image数据。我们把这写base64解出来的数据写入一张图片试试。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d > 1.jpg
root@kali:~/下载/CTF题目# ls
.jpg
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.sh
root@kali:~/下载/CTF题目#

虽然,查看图片无法载入(可能是kali系统的原因),但是在文件夹下,已经显示出图片,是一张二维码。扫码之后,即可得flag。

4、大白

先下载题目
解压后是一张图片,没办法,kali上查看图片又有毛病,我打开了我的虚拟机,在win7上查看这张图片

在下载这道题目的时候,题目曾说道,是不是屏幕太小了

可能得从图片的大小上找问题了。由于我是新手,所以,我也不知道是宽上面有问题,还是高上面有问题,所以我都尝试了一下,最后得知是高上面做了修改。具体方法如下:

root@kali:~/下载/CTF题目# file dabai.png
dabai.png: PNG image data, x , -bit/color RGBA, non-interlaced

查看图片属性。然后,找对应的宽和高是否有问题。

通过对应的进制转换得出,左边的是宽,右边是高。
然后我用hexedit打开图片。把高度修改了一下。

然后保存。查看图片得flag。

5、基础破解

这题下载下来解压后,名字乱码,我改了一下名字。发现解压需要密码。然后又开始了快乐的暴力破解之旅。

root@kali:~/下载/CTF题目# ls
5e46643e-be69-4c63-86ac-c009251f2287.zip
d6541cef--441c-82fa-426cc37e79b0.zip
'+'$'\250\246\355\343\343\242\324''.rar'
root@kali:~/下载/CTF题目# unrar x '+'$'\250\246\355\343\343\242\324''.rar' UNRAR 5.61 beta freeware Copyright (c) - Alexander Roshal Cannot open +￾.ra
没有那个文件或目录
No files to extract
root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar'
mv: 在'+'$'\250\246\355\343\343\242\324''.rar' 后缺少了要操作的目标文件
请尝试执行 "mv --help" 来获取更多信息。
root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar' .rar
root@kali:~/下载/CTF题目# unrar x .rar UNRAR 5.61 beta freeware Copyright (c) - Alexander Roshal Extracting from .rar Enter password (will not be echoed) for flag.txt:

解出密码得到:2563

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  %
Checksum error in the encrypted file flag.txt. Corrupt file or wrong password.
Total errors:
root@kali:~/下载/CTF题目# rar2john .rar > mima.txt
! file name: flag.txt
root@kali:~/下载/CTF题目# ls
.rar
5e46643e-be69-4c63-86ac-c009251f2287.zip
d6541cef--441c-82fa-426cc37e79b0.zip
mima.txt
root@kali:~/下载/CTF题目# john mima.txt
Using default input encoding: UTF-
Loaded password hash (rar, RAR3 [SHA1 / AVX2 8x AES])
Will run OpenMP threads Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
0g ::: 5.04% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s R.rar12..rflagrflag
0g ::: 19.73% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s Trar"..R1$
Almost done: Processing the remaining buffered candidate passwords, if any.
Warning: Only candidates buffered for the current salt, minimum needed for performance.
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
Proceeding with incremental:ASCII
0g ::: / 0g/s .1p/s .1c/s .1C/s ..molday
0g ::: / 0g/s .9p/s .9c/s .9C/s asilor..searix
0g ::: / 0g/s .1p/s .1c/s .1C/s bicca..
(.rar)
1g ::: DONE / (-- :) .000804g/s .3p/s .3c/s .3C/s amokees..mccia
Use the "--show" option to display all of the cracked passwords reliably
Session completed
root@kali:~/下载/CTF题目#

输入密码后得到:

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  OK
All OK
root@kali:~/下载/CTF题目# ls
.rar
.rar.xml
5e46643e-be69-4c63-86ac-c009251f2287.zip
你竟然赶我走
d6541cef--441c-82fa-426cc37e79b0.zip
flag.txt
mima.txt
root@kali:~/下载/CTF题目# bat flag.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: flag.txt
───────┼────────────────────────────────────────────────────────────────────────
│ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目#

看到解出来是一个base64密文
再解一下得flag

root@kali:~/下载/CTF题目# bat flag.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: flag.txt
───────┼────────────────────────────────────────────────────────────────────────
│ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目# base64 -d flag.txt
flag{70354300a5100ba78068805661b93a5c}
root@kali:~/下载/CTF题目#

6、你竟然赶我走

下载题目解压后,检查图片。

貌似没有问题。
binwalk查看:

root@kali:~/下载/CTF题目/你竟然赶我走# binwalk biubiu.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0x0 JPEG image data, JFIF standard 1.01

貌似也没问题。继续检查,检查十六禁止文件(我习惯用hexedit)。

搜索flag等关键字。

得到flag。

buuctf misc wp 01的更多相关文章

  1. buuctf misc wp 02

    buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...

  2. buuctf misc 刷题记录

    1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...

  3. BUUCTF MISC部分题目wp

    MISC这里是平台上比较简单的misc,都放在一起,难一些的会单独写1,二维码图片里藏了一个压缩包,用binwalk -e分离,提示密码为4个数字,fcrackzip -b -c1 -l 4 -u 得 ...

  4. BUUCTF 部分wp

    目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...

  5. ISCC的 Misc——WP

    比赛已经结束了,自己做出来的题也不是很多,跟大家分享一下 Misc 第一题:What is that? 下载链接; 打开 解压 是一个图片 因为分值很少所以题和简单 观察图片是一个向下指的手 说明fl ...

  6. BUUCTF MISC ZIP

    这道题有点烦,拿出来单独写先贴两张图,一会用 首先这题给了68个压缩包,每个压缩包里只有4bytes大小,于是可以想到是crc爆破,自己写的脚本总是被killed,犯懒找了个脚本 import zip ...

  7. BUUCTF Misc 被偷走的文件

    首先下载文件打开 得到一个流量文件 用wireshark打开 打开后 进行分析 看到有ftp流量,于是过滤ftp 看到被偷走的是flag.rar 接下用binwalk进行分离 binwalk -e f ...

  8. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  9. ctf每周一练

    buuctf  misc: 你猜我是个啥 下载之后,是一个zip文件,解压,提示不是解压文件 放进HxD中进行分析,发现这是一个png文件,改后缀 打开后,发现是一张二维码,我们尝试用CQR进行扫描, ...

随机推荐

  1. 使用AJAX实现用户名的唯一性校验(注册界面)-JAVA(新手)

    (1)实现用户名的唯一性校验 所需要准备的: Servlet 注册界面的JSP 接口和实现类 所需要的接口和实现类: 接口: /* * 用户注册 * 账号的唯一性校验,需要传参(username) * ...

  2. JMeter报错:Address already in use : connect

    Address already in use : connect的解决办法: 修改操作系统注册表1.打开注册表:regedit2.找到HKEY_LOCAL_MACHINE\SYSTEM\Current ...

  3. Spring Cloud 系列之 Netflix Hystrix 服务容错

    什么是 Hystrix Hystrix 源自 Netflix 团队于 2011 年开始研发.2012年 Hystrix 不断发展和成熟,Netflix 内部的许多团队都采用了它.如今,每天在 Netf ...

  4. hbase 面试问题汇总

    一.Hbase的六大特点: (1).表大:一个表可以有数亿行,上百万列. (2).无模式:每行都有一个可排序的主键和任意多的列,列可以根据需要动态增加,同一个表中的不同行的可以有截然不同的列. (3) ...

  5. CentOS7系统服务管理systemctl

    目录 一.systemctl介绍 二.systemctl常用命令 1.启动服务 2.停止服务 3.重启服务 4.查看服务是否已启动 5.查看服务的状态 6.启用开机自启动服务 7.停用开机自启动服务 ...

  6. Linux_virtualenv常用命令

    创建虚拟环境:mkvirtualenv -p python3 虚拟环境名称,创建后默认进入虚拟环境 查看当前虚拟环境安装的python包:pip list 查看已经创建的虚拟环境:workon + 两 ...

  7. 题解 P4325 【[COCI2006-2007#1] Modulo】

    第\(1\)种方法 也是最暴力的一种 我们熟知,\(c++\)中的\(set\)可以既去重,有排序,这题,我们可以用set来搞,虽然我们不需要排序的功能,但毕竟方便,一共是\(10\)个数,所以暴力一 ...

  8. springboot使用swagger2创建文档

    一.导入swagger2依赖 <dependency> <groupId>io.springfox</groupId> <artifactId>spri ...

  9. 从ISTIO熔断说起-轻舟网关熔断

    最近大家经常被熔断洗脑,股市的动荡,让熔断再次出现在大家眼前.微服务中的熔断即服务提供方在一定时间内,因为访问压力太大或依赖异常等原因,而出现异常返回或慢响应,熔断即停止该服务的访问,防止发生雪崩效应 ...

  10. 探索学习率设置技巧以提高Keras中模型性能 | 炼丹技巧

      学习率是一个控制每次更新模型权重时响应估计误差而调整模型程度的超参数.学习率选取是一项具有挑战性的工作,学习率设置的非常小可能导致训练过程过长甚至训练进程被卡住,而设置的非常大可能会导致过快学习到 ...