赞
踩
binwalk分析xiao_mi2.mp4
发现很多压缩包,压缩了很多图片
将xiao_mi2.mp4
修改后缀改为xiao_mi2.zip
得到一个hint,但这个压缩包密码并不是指当前的zip压缩包
继续往后看,解压这些图片之后发现里面只有65.jpg
显示不正常
010 Editor
打开65.jpg
文件头ara!
,非常类似rar压缩包的文件头Rar!
,修改文件头为Rar!(52 61 72 21)
并修改后缀为.rar
,即可打开
有密码,hint的密码指的是rar的密码
压缩包密码(6位):GWxxxx
后面可能会用到的哦
而且还是RAR5
,ARCHPR
无法爆破RAR5
的密码。
利用rar2john
提取hash
root@mochu7-pc:/mnt/c/Users/Administrator/Downloads# rar2john 65.rar
65.rar:$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f
root@mochu7-pc:/mnt/c/Users/Administrator/Downloads#
然后利用hashcat
爆破hash
PS D:\Tools\Misc\hashcat-6.2.2> .\hashcat.exe -m 13000 -a 3 '$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f' GW?a?a?a?a hashcat (v6.2.2) starting... Successfully initialized NVIDIA CUDA library. Failed to initialize NVIDIA RTC library. * Device #1: CUDA SDK Toolkit not installed or incorrectly installed. CUDA SDK Toolkit required for proper device support and utilization. Falling back to OpenCL runtime. * Device #2: Unstable OpenCL driver detected! This OpenCL driver may fail kernel compilation or produce false negatives. You can use --force to override, but do not report related errors. nvmlDeviceGetFanSpeed(): Not Supported OpenCL API (OpenCL 1.2 CUDA 11.1.114) - Platform #1 [NVIDIA Corporation] ======================================================================== * Device #1: GeForce GTX 1050, 3328/4096 MB (1024 MB allocatable), 5MCU OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation] ============================================================= * Device #2: Intel(R) UHD Graphics 630, skipped Minimum password length supported by kernel: 0 Maximum password length supported by kernel: 256 Hashes: 1 digests; 1 unique digests, 1 unique salts Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates Optimizers applied: * Zero-Byte * Single-Hash * Single-Salt * Brute-Force * Slow-Hash-SIMD-LOOP Watchdog: Temperature abort trigger set to 90c Host memory required for this attack: 87 MB [s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit => Session..........: hashcat Status...........: Quit Hash.Name........: RAR5 Hash.Target......: $rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005e...6e9e7f Time.Started.....: Fri Jul 02 21:04:28 2021 (2 secs) Time.Estimated...: Fri Jul 02 23:44:57 2021 (2 hours, 40 mins) Kernel.Feature...: Pure Kernel Guess.Mask.......: GW?a?a?a?a [6] Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 8460 H/s (9.29ms) @ Accel:4 Loops:128 Thr:1024 Vec:1 Recovered........: 0/1 (0.00%) Digests Progress.........: 0/81450625 (0.00%) Rejected.........: 0/0 (0.00%) Restore.Point....: 0/81450625 (0.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:25472-25600 Candidate.Engine.: Device Generator Candidates.#1....: GWEERA -> GW#cke Hardware.Mon.#1..: Temp: 60c Util: 99% Core:1683MHz Mem:3504MHz Bus:8 Started: Fri Jul 02 21:04:25 2021 Stopped: Fri Jul 02 21:04:32 2021 PS D:\Tools\Misc\hashcat-6.2.2>
-m
指定爆破文档类型- [ Hash modes ] -
# | Name | Category
======+=====================================================+======================================
13000 | RAR5 | Archives
-a
指定爆破模式- [ Attack Modes ] -
# | Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
9 | Association
GW?a?a?a
,?a包含大小写字母、数字及特殊字符
爆破出来密码为:GW5!3#
解压得到文件flag
添加后缀.png
即可
flag{R3fresh_1s_so_Cool}
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。