buuctf misc wp 01

1、金三胖

root@kali:~/下载/CTF题目# unzip 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
Archive: 77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
creating: 金三胖/
inflating: 金三胖/aaa.gif
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
77edf3b9-3ef9-4ead-9c81-ffdaf7a08414.zip
金三胖
dabai.png
f4571698-e6e4-41b6--2aab17cef02a.zip
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
root@kali:~/下载/CTF题目# cd 金三胖/
root@kali:~/下载/CTF题目/金三胖# ls
aaa.gif
root@kali:~/下载/CTF题目/金三胖# eog aaa.gif

先找到题目,解压后,通过eog命令打开图片,

这是一个GIF动图。然后将gif图全部转换为png图片。

root@kali:~/下载/CTF题目/金三胖# convert aaa.gif .png
root@kali:~/下载/CTF题目/金三胖# ls
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png aaa.gif
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
-.png -.png -.png -.png -.png -.png -.png
root@kali:~/下载/CTF题目/金三胖#

通过查看解出来的图片即可获得flag

2、二维码

解开这个题目后,打开看,是一个二维码,扫二维码得出。

然后,继续检查图片。

root@kali:~/下载/CTF题目# binwalk QR_code.png 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0x0 PNG image, x , -bit colormap, non-interlaced
0x1D7 Zip archive data, encrypted at least v2. to extract, compressed size: , uncompressed size: , name: 4number.txt
0x28A End of Zip archive, footer length: root@kali:~/下载/CTF题目# foremost QR_code.png
Processing: QR_code.png
�foundat=4number.txtn
Qjxu�J����[����OPF4L�
*|
root@kali:~/下载/CTF题目# cd output/
root@kali:~/下载/CTF题目/output# ls
audit.txt png zip
root@kali:~/下载/CTF题目/output# cd zip/
root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# unzip .zip
Archive: .zip
[.zip] 4number.txt password:

用binwalk查看图片,发现有个压缩包。解压后发现,这个压缩包需要密码。这里显示说是4位数字密码。
而题目没有其它提示,显然,是想让我们暴力破解密码。

root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# fcrackzip -b -c '' -l -u .zip PASSWORD FOUND!!!!: pw ==
root@kali:~/下载/CTF题目/output/zip# ls
.zip
root@kali:~/下载/CTF题目/output/zip# unzip .zip
Archive: .zip
[.zip] 4number.txt password:
inflating: 4number.txt
root@kali:~/下载/CTF题目/output/zip# ls
.zip 4number.txt
root@kali:~/下载/CTF题目/output/zip# bat 4number.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: 4number.txt
───────┼────────────────────────────────────────────────────────────────────────
│ CTF{vjpw_wnoei}
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目/output/zip#

解出来后,用密码打开得到flag

3、N种方法解决

先看题目

root@kali:~/下载/CTF题目# unzip f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
Archive: f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
inflating: KEY.exe
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.exe
root@kali:~/下载/CTF题目#

题目下载解出来后,是一个KEY.exe程序。
先运行程序看看。

root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.exe
root@kali:~/下载/CTF题目# mv KEY.exe KEY.sh
root@kali:~/下载/CTF题目# ls
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.sh
root@kali:~/下载/CTF题目# chmod o+x KEY.sh
root@kali:~/下载/CTF题目# ./KEY.sh
./KEY.sh:行1: data:image/jpg: 没有那个文件或目录
./KEY.sh:行1: base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg==: 没有那个文件或目录
root@kali:~/下载/CTF题目#

看到一个base64,而这串密文也疑似base64,前面的data:image说明这base64可能是图片数据。
然后,先用base64解码试试看。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d
�PNG

IHDR�u�;<sRGB���gAMA��
�a pHYs���o�d
��'ٻ����7���Y��{�����;s����=�[x�4v�O�zg�r�gy
��n�i_���S�b�,o�=���?���Ó�}� �t�����S���������$v�r�>ݥ�g}��h�-����><�ݷ��Owi�Y��~K���Ob�-'��]�{�gN��ߒ�_��� s��9%�s'��X�r�>%mn��_��� s��%�s'��X�r�>%mn��_��� s��9%�s'��X�r�>%mn��_���s��%�s'��X�r�>%mn��_��� s�XN��.�>�I�7�s����]N���r��w��YNھa���$����p��$�����$)�~ׇ�&����]�}���o�=�&I���>�07��}�H�)I��i�~��$����p��$��M#m�$u����mn��_��� s�XN�7����ԙ��IR~��'�Mb9a��fJRgz����&I���><���vo}�I�o�����_��Ó��o�ַ����o�.����><���vo}�I�o�����_��Ó��o�ַ����o�.�����OK��]���w��)�߼˟���>%��w�Ӿޙç$�.گw~��A�������������4榑6Sb9a�~"�U����4�fJ,'��O����ј�F�L��}��,_�>�N�:Ӗ�=�{��&�c�X���$u�-�{b�,7�o=Mz�4�<M�;I�L[v���Ynp�z��iby��w�ԙ���ݳ���4�����K�[Nا$u���)I�)I����i|�X�a}� ���Δ�9%�3%�sR�:���;�o9a��ԙ�6�$u�$uNJR��uc}x��-'�S�:S�攤Δ��II�4~����4��}J,7����-'��a}�I��j���6�]�=��Fw�O���԰��}�H��.��r5��`���$u��t�ڒnL²j��O[ҍF�:Sr:omI7�?aY�G٧-�F#I�)9������ڣ�Ӗt���Δ��[[ҍ�OXV���H�)I�i��3wI7ai�CS#m�$u�-�����%�l|���M����ԙ���[�>s�t���V:45�fJRgڲ�o���]���wXZ�ДXn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ�*K�Xn�{�[����ݳ�%�[��D��F�g��x�o�=�[ҽ����d7߅�)is�ۤo������}�n�
�S����I�� �
���|ާ���o��a������.�OI��ܷ�ַܰ�n��{����σ��4p�jX�r���y�� �%
�$��f��ݳ���J����Q����H��.v�r�~+y:Oh�GM�:S#m���=� ����<�-5I�L����b�,'췒�����J,'�Sb�.v�r�{j�͝�'��b�� ��X��ݷ����is'�I��X��r�>%��b�-��F��I~�/-�(���O��6w���K+�&mn� ����}�����aiّ��}Jvs�>mi��ﰴ�H���r�>%�9a���{��wXZv��Mb9a��ݜ�O[�=��;\�<���������M�:�O�����߶�޷�؞�IRg��\ߕ?�ۖ����37I�L?����~�rz��b{�&I��'R����S#m��ͩ�6S#m�[ҍ;�[�(sj�͔�95�fj�McK�qg�~�eN����6�F�L��ilI7�L�o��̩�6S���H���6�-�Ɲ���;�;l��4�fJvs����i3}����#�37����ݜ���F�L�ai������M#m�d7'�?���wXZ?�=s�H�)�� �Ok����^K��lI7�4v���Δ�Ύ$u��N�%mn����}JRgJRgG�:�W'�ߒ67[ҍ;��>%�3%��#I�髓�oI��-�Ɲ�n��ԙ��ّ����Y�����ws���)�����\w��m��~77lϜ��n�<�u�;����ws���)�����\w��m��~77lϜ��n�<�r�^�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?,OmĜ�Թ�Xn��r�>mI7NJ,����F�)I�;���-'�Ӗt���?����#��%�����_�Xnpo����)~Yb�������e����;\�<~��[~���$�3%mn�����l�����L�:S���;\�<~��[~���$�3%mn�����l�����L�:S���;\�~�`�-'�S�����ON�[�s/�`�-'�S�����ON�[�s/�`�-'�S���������������p��$m��a�ݜX����}��YN����w5����[~����:��߼>�07Is���F�����]��}�W�~��$����o9aWb9a���ջ17�nn�{�[N�ߕXNا�p��G�M������w%���;\�~�`�-���$�����_��Ó�}˟�����-''�����$v����Mb�a{�ɉ���><�ݷ�i�~�Xn��rr�����Ӟ��}���-���;\�<~�Ӝ��{&����v}����Oy���y�$���ޮ�p���)Os�>��������W������_Ҫ��v�a�IEND�B`�

解码之后发现,好像是一堆乱码。但是根据前面的提示,这是一个image数据。我们把这写base64解出来的数据写入一张图片试试。

root@kali:~/下载/CTF题目# echo iVBORw0KGgoAAAANSUhEUgAAAIUAAACFCAYAAAB12js8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAArZSURBVHhe7ZKBitxIFgTv/396Tx564G1UouicKg19hwPCDcrMJ9m7/7n45zfdxe5Z3sJ7prHbf9rXO3P4lLvYPctbeM80dvtP+3pnDp9yF7tneQvvmcZu/2lf78zhU+5i9yxv4T3T2O0/7eud68OT2H3LCft0l/ae9ZlTo+23pPvX7/rwJHbfcsI+3aW9Z33m1Gj7Len+9bs+PIndt5ywT3dp71mfOTXafku6f/2uD09i9y0n7NNd2nvWZ06Ntt+S7l+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTtDklqXMnsZxY33LCPiVtbpKUX7/rwwlzk7Q5JalzJ7GcWN9ywj4lbW6SlF+/68MJc5O0OSWpcyexnFjfcsI+JW1ukpRfv+vDCXOTWE7a/i72PstJ2zfsHnOTpPz6XR9OmJvEctL2d7H3WU7avmH3mJsk5dfv+nDC3CSWk7a/i73PctL2DbvH3CQpv37XhxPmJrGctP1d7H2Wk7Zv2D3mJkn59bs+nDA3ieWEfdNImylJnelp7H6bmyTl1+/6cMLcJJYT9k0jbaYkdaansfttbpKUX7/rwwlzk1hO2DeNtJmS1Jmexu63uUlSfv2uDyfMTWI5Yd800mZKUmd6Grvf5iZJ+fW7PjzJ7v12b33LSdtvsfuW75LuX7/rw5Ps3m/31rectP0Wu2/5Lun+9bs+PMnu/XZvfctJ22+x+5bvku5fv+vDk+zeb/fWt5y0/Ra7b/ku6f71+++HT0v+5l3+tK935vApyd+8y5/29c4cPiX5m3f5077emcOnJH/zLn/ar3d+/flBpI+cMDeNtJkSywn79BP5uK+yfzTmppE2U2I5YZ9+Ih/3VfaPxtw00mZKLCfs00/k477K/tGYm0baTInlhH36iSxflT78TpI605bdPbF7lhvct54mvWOaWJ6m4Z0kdaYtu3ti9yw3uG89TXrHNLE8TcM7SepMW3b3xO5ZbnDfepr0jmlieZqGd5LUmbbs7onds9zgvvU06R3TxPXcSxPrW07YpyR1pqTNKUmdKUmdk5LUaXzdWB/eYX3LCfuUpM6UtDklqTMlqXNSkjqNrxvrwzusbzlhn5LUmZI2pyR1piR1TkpSp/F1Y314h/UtJ+xTkjpT0uaUpM6UpM5JSeo0ft34+vOGNLqDfUosN7inhvUtJ+ybRtpMd0n39Goa3cE+JZYb3FPD+pYT9k0jbaa7pHt6NY3uYJ8Syw3uqWF9ywn7ppE2013SPb2aRnewT4nlBvfUsL7lhH3TSJvpLunecjWV7mCftqQbjSR1puR03tqSbkx/wrJqj7JPW9KNRpI6U3I6b21JN6Y/YVm1R9mnLelGI0mdKTmdt7akG9OfsKzao+zTlnSjkaTOlJzOW1vSjelPWFbp8NRImylJnWnL7r6F7zN3STcb32FppUNTI22mJHWmLbv7Fr7P3CXdbHyHpZUOTY20mZLUmbbs7lv4PnOXdLPxHZZWOjQ10mZKUmfasrtv4fvMXdLNxndYWunQlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K95SpLlFhutHv2W42n+4bds7wl3VuuskSJ5Ua7Z7/VeLpv2D3LW9K97avp6GQ334X3KWlz+tukb5j+hO2/hX3Ebr4L71PS5vS3Sd8w/Qnbfwv7iN18F96npM3pb5O+YfoTtv8W9hG7+S68T0mb098mfcP0Jxz/W+x+FPethvUtN2y/m7fwnvm1+frzIOklDdy3Gta33LD9bt7Ce+bX5uvPg6SXNHDfaljfcsP2u3kL75lfm68/D5Je0sB9q2F9yw3b7+YtvGd+bb7+vCEN7ySpMzXSZrqL3bOcsN9Kns4T2uJRk6TO1Eib6S52z3LCfit5Ok9oi0dNkjpTI22mu9g9ywn7reTpPKEtHjVJ6kyNtJnuYvcsJ+y3kqfzxNLiEUosJ+xTYvkudt9yg3tqpM2d5Cf50mKJEssJ+5RYvovdt9zgnhppcyf5Sb60WKLEcsI+JZbvYvctN7inRtrcSX6SLy2WKLGcsE+J5bvYfcsN7qmRNneSn+RLK5UmbW4Sywn7lOzmhH3a0u7ZN99hadmRNjeJ5YR9SnZzwj5taffsm++wtOxIm5vEcsI+Jbs5YZ+2tHv2zXdYWnakzU1iOWGfkt2csE9b2j375jtcvTz+tuX0vrXF9sxNkjrTT+T6rvyx37ac3re22J65SVJn+olc35U/9tuW0/vWFtszN0nqTD+R67vyx37bcnrf2mJ75iZJneknUn+V/aWYUyNtpqTNqZE2UyNtGlvSjTsT9VvtKHNqpM2UtDk10mZqpE1jS7pxZ6J+qx1lTo20mZI2p0baTI20aWxJN+5M1G+1o8ypkTZT0ubUSJupkTaNLenGnYnl6TujO2zP3DTSZkp2c8L+0xppM32HpfWTIxPbMzeNtJmS3Zyw/7RG2kzfYWn95MjE9sxNI22mZDcn7D+tkTbTd1haPzkysT1z00ibKdnNCftPa6TN9B2uXh5/S9rcbEk37jR2+5SkzpSkzo4kdaavTg6/JW1utqQbdxq7fUpSZ0pSZ0eSOtNXJ4ffkjY3W9KNO43dPiWpMyWpsyNJnemrk8NvSZubLenGncZun5LUmZLU2ZGkzvTVWR/e0faJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBdac72vaJ7Xdzw/bMKbGc7PbNE1x3uqNtn9h+Nzdsz5wSy8lu3zzBcsVewpyS1LmTWG7Y3nLCPm1JN05KLP/D8tRGzClJnTuJ5YbtLSfs05Z046TE8j8sT23EnJLUuZNYbtjecsI+bUk3Tkos/8Py1EbMKUmdO4nlhu0tJ+zTlnTjpMTyP/R/i8PwI//fJZYb3Jvv8Pd/il+WWG5wb77D3/8pflliucG9+Q5//6f4ZYnlBvfmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9PH7KFttbfhq+zySpMyVtbr7D1cvjp2yxveWn4ftMkjpT0ubmO1y9ftRg9y0n7FPD+paTtk9O71sT13Mv7WD3LSfsU8P6lpO2T07vWxPXcy/tYPctJ+xTw/qWk7ZPTu9bE9dzL+1g9y0n7FPD+paTtk9O71sT1/P7EnOTWG5wb5LUmRptn3D/6b6+eX04YW4Syw3uTZI6U6PtE+4/3dc3rw8nzE1iucG9SVJnarR9wv2n+/rm9eGEuUksN7g3SepMjbZPuP90X9+8PpwwN0mb72pYfzcn1rf8NHwffXXWhxPmJmnzXQ3r7+bE+pafhu+jr876cMLcJG2+q2H93ZxY3/LT8H301VkfTpibpM13Nay/mxPrW34avo++OuvDCXOT7OZGu7e+5YT9XYnlhH36DlfvfsTcJLu50e6tbzlhf1diOWGfvsPVux8xN8lubrR761tO2N+VWE7Yp+9w9e5HzE2ymxvt3vqWE/Z3JZYT9uk7XL1+1GD3LX8avt8klhu2t5yc6F+/68OT2H3Ln4bvN4nlhu0tJyf61+/68CR23/Kn4ftNYrlhe8vJif71uz48id23/Gn4fpNYbtjecnKif/3+++HTnub0fd4zieUtvLfrO1y9PH7K05y+z3smsbyF93Z9h6uXx095mtP3ec8klrfw3q7vcPXy+ClPc/o+75nE8hbe2/Udzv9X+sv/OP/881/SqtvcdpBh+wAAAABJRU5ErkJggg== | base64 -d > 1.jpg
root@kali:~/下载/CTF题目# ls
.jpg
379140b0-c2aa-4aa6-b372-031beb2007f0.zip
dabai.png
f64ca6fa--4ebe-8dbe-5e2d2db41ae1.zip
KEY.sh
root@kali:~/下载/CTF题目#

虽然,查看图片无法载入(可能是kali系统的原因),但是在文件夹下,已经显示出图片,是一张二维码。扫码之后,即可得flag。

4、大白

先下载题目
解压后是一张图片,没办法,kali上查看图片又有毛病,我打开了我的虚拟机,在win7上查看这张图片

在下载这道题目的时候,题目曾说道,是不是屏幕太小了

可能得从图片的大小上找问题了。由于我是新手,所以,我也不知道是宽上面有问题,还是高上面有问题,所以我都尝试了一下,最后得知是高上面做了修改。具体方法如下:

root@kali:~/下载/CTF题目# file dabai.png
dabai.png: PNG image data, x , -bit/color RGBA, non-interlaced

查看图片属性。然后,找对应的宽和高是否有问题。

通过对应的进制转换得出,左边的是宽,右边是高。
然后我用hexedit打开图片。把高度修改了一下。

然后保存。查看图片得flag。

5、基础破解

这题下载下来解压后,名字乱码,我改了一下名字。发现解压需要密码。然后又开始了快乐的暴力破解之旅。

root@kali:~/下载/CTF题目# ls
5e46643e-be69-4c63-86ac-c009251f2287.zip
d6541cef--441c-82fa-426cc37e79b0.zip
'+'$'\250\246\355\343\343\242\324''.rar'
root@kali:~/下载/CTF题目# unrar x '+'$'\250\246\355\343\343\242\324''.rar' UNRAR 5.61 beta freeware Copyright (c) - Alexander Roshal Cannot open +￾.ra
没有那个文件或目录
No files to extract
root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar'
mv: 在'+'$'\250\246\355\343\343\242\324''.rar' 后缺少了要操作的目标文件
请尝试执行 "mv --help" 来获取更多信息。
root@kali:~/下载/CTF题目# mv '+'$'\250\246\355\343\343\242\324''.rar' .rar
root@kali:~/下载/CTF题目# unrar x .rar UNRAR 5.61 beta freeware Copyright (c) - Alexander Roshal Extracting from .rar Enter password (will not be echoed) for flag.txt:

解出密码得到:2563

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  %
Checksum error in the encrypted file flag.txt. Corrupt file or wrong password.
Total errors:
root@kali:~/下载/CTF题目# rar2john .rar > mima.txt
! file name: flag.txt
root@kali:~/下载/CTF题目# ls
.rar
5e46643e-be69-4c63-86ac-c009251f2287.zip
d6541cef--441c-82fa-426cc37e79b0.zip
mima.txt
root@kali:~/下载/CTF题目# john mima.txt
Using default input encoding: UTF-
Loaded password hash (rar, RAR3 [SHA1 / AVX2 8x AES])
Will run OpenMP threads Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
0g ::: 5.04% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s R.rar12..rflagrflag
0g ::: 19.73% / (ETA: ::) 0g/s .6p/s .6c/s .6C/s Trar"..R1$
Almost done: Processing the remaining buffered candidate passwords, if any.
Warning: Only candidates buffered for the current salt, minimum needed for performance.
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
Proceeding with incremental:ASCII
0g ::: / 0g/s .1p/s .1c/s .1C/s ..molday
0g ::: / 0g/s .9p/s .9c/s .9C/s asilor..searix
0g ::: / 0g/s .1p/s .1c/s .1C/s bicca..
(.rar)
1g ::: DONE / (-- :) .000804g/s .3p/s .3c/s .3C/s amokees..mccia
Use the "--show" option to display all of the cracked passwords reliably
Session completed
root@kali:~/下载/CTF题目#

输入密码后得到:

root@kali:~/下载/CTF题目# unrar x .rar 

UNRAR 5.61 beta  freeware      Copyright (c) - Alexander Roshal

Extracting from .rar

Enter password (will not be echoed) for flag.txt: 

Extracting  flag.txt                                                  OK
All OK
root@kali:~/下载/CTF题目# ls
.rar
.rar.xml
5e46643e-be69-4c63-86ac-c009251f2287.zip
你竟然赶我走
d6541cef--441c-82fa-426cc37e79b0.zip
flag.txt
mima.txt
root@kali:~/下载/CTF题目# bat flag.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: flag.txt
───────┼────────────────────────────────────────────────────────────────────────
│ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目#

看到解出来是一个base64密文
再解一下得flag

root@kali:~/下载/CTF题目# bat flag.txt
───────┬────────────────────────────────────────────────────────────────────────
│ File: flag.txt
───────┼────────────────────────────────────────────────────────────────────────
│ ZmxhZ3s3MDM1NDMwMGE1MTAwYmE3ODA2ODgwNTY2MWI5M2E1Y30=
───────┴────────────────────────────────────────────────────────────────────────
root@kali:~/下载/CTF题目# base64 -d flag.txt
flag{70354300a5100ba78068805661b93a5c}
root@kali:~/下载/CTF题目#

6、你竟然赶我走

下载题目解压后,检查图片。

貌似没有问题。
binwalk查看:

root@kali:~/下载/CTF题目/你竟然赶我走# binwalk biubiu.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0x0 JPEG image data, JFIF standard 1.01

貌似也没问题。继续检查,检查十六禁止文件(我习惯用hexedit)。

搜索flag等关键字。

得到flag。

buuctf misc wp 01的更多相关文章

  1. buuctf misc wp 02

    buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...

  2. buuctf misc 刷题记录

    1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...

  3. BUUCTF MISC部分题目wp

    MISC这里是平台上比较简单的misc,都放在一起,难一些的会单独写1,二维码图片里藏了一个压缩包,用binwalk -e分离,提示密码为4个数字,fcrackzip -b -c1 -l 4 -u 得 ...

  4. BUUCTF 部分wp

    目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...

  5. ISCC的 Misc——WP

    比赛已经结束了,自己做出来的题也不是很多,跟大家分享一下 Misc 第一题:What is that? 下载链接; 打开 解压 是一个图片 因为分值很少所以题和简单 观察图片是一个向下指的手 说明fl ...

  6. BUUCTF MISC ZIP

    这道题有点烦,拿出来单独写先贴两张图,一会用 首先这题给了68个压缩包,每个压缩包里只有4bytes大小,于是可以想到是crc爆破,自己写的脚本总是被killed,犯懒找了个脚本 import zip ...

  7. BUUCTF Misc 被偷走的文件

    首先下载文件打开 得到一个流量文件 用wireshark打开 打开后 进行分析 看到有ftp流量,于是过滤ftp 看到被偷走的是flag.rar 接下用binwalk进行分离 binwalk -e f ...

  8. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  9. ctf每周一练

    buuctf  misc: 你猜我是个啥 下载之后,是一个zip文件,解压,提示不是解压文件 放进HxD中进行分析,发现这是一个png文件,改后缀 打开后,发现是一张二维码,我们尝试用CQR进行扫描, ...

随机推荐

  1. 普通人学习rust——从零到放弃 简单输入输出

    普通人学习rust--从零到放弃 简单输入输出 环境 本文章内容基于如下环境,如若出入请参考当前环境. rustc 1.42.0 (b8cedc004 2020-03-09) cargo 1.42.0 ...

  2. 学习笔记----C语言的面向对象

    2020-03-26    21:27:17 面向对象的编程语言都有一个类的概念,像Java.python等.类是对特定数据的特定操作的集合体.它包含两个范畴:数据和操作.C语言是没有类的概念的,但是 ...

  3. [Docker4] Docker-machine进行多docker host管理

    Docker Machine Docker machine就是自动化安装docker daemon Docker machine的provider docker machine provider 常见 ...

  4. 发布内容需要的Markdown语法

    发布内容需要的Markdown语法 目录 发布内容需要的Markdown语法 [toc] 1.概述 1.1设计理念 1.2内联HTML语法 1.3特殊字符自动转义 2.行内语法讲解 2.1注释的表述 ...

  5. 解决使用requests_html模块,req.html.render()下载chromium速度慢问题

    1.第一步,代码如下: from requests_html import HTMLSession url="https://www.baidu.com/" headers={ & ...

  6. vscode vue 格式化 ESLint 检查 单引号 双引号 函数括号报错问题

    vscode vue 格式化 最近重新搞了下电脑,重装了 vscode 软件,在用 vue 写项目的时候,照例开启了 ESLint 语法检查,但是发现在使用 vscode 格式化快捷键的时候(shif ...

  7. BP神经网络及异或实现

    BP神经网络是最简单的神经网络模型了,三层能够模拟非线性函数效果. 难点: 如何确定初始化参数? 如何确定隐含层节点数量? 迭代多少次?如何更快收敛? 如何获得全局最优解? ''' neural ne ...

  8. 12.1 flask基础之简单实用

    一.Flask介绍(轻量级的框架,非常快速的就能把程序搭建起来) Flask是一个基于Python开发并且依赖jinja2模板和Werkzeug WSGI服务的一个微型框架,对于Werkzeug本质是 ...

  9. Pyhton多线程

    在了解多线程前先给大家介绍下并发和并行: 并发:多个任务一起执行 在多任务之间快速切换处理 任务数量大于cpu核数  并行:一个cpu核处理一个任务,多个cpu核同时处理多个任务 任务数量等于或者小于 ...

  10. Spring-Cloud-Netflix-系统架构

    目录 系统架构 概述 集中式架构 概述 特点 垂直拆分 概述 特点 系统架构分类 微服务 微服务的特点: 分布式服务: 微服务和分布式的区别: 微服务要面临的问题: springClould是什么 远 ...