当前位置:   article > 正文

BUUCTF:[羊城杯 2020]image_rar

[羊城杯 2020]image_rar

在这里插入图片描述
binwalk分析xiao_mi2.mp4发现很多压缩包,压缩了很多图片
在这里插入图片描述
在这里插入图片描述
xiao_mi2.mp4修改后缀改为xiao_mi2.zip
在这里插入图片描述
得到一个hint,但这个压缩包密码并不是指当前的zip压缩包

继续往后看,解压这些图片之后发现里面只有65.jpg显示不正常
在这里插入图片描述
010 Editor打开65.jpg
在这里插入图片描述
文件头ara!,非常类似rar压缩包的文件头Rar!,修改文件头为Rar!(52 61 72 21)
在这里插入图片描述
并修改后缀为.rar,即可打开
在这里插入图片描述
有密码,hint的密码指的是rar的密码

压缩包密码(6位):GWxxxx
后面可能会用到的哦
  • 1
  • 2

在这里插入图片描述
而且还是RAR5ARCHPR无法爆破RAR5的密码。

利用rar2john提取hash

root@mochu7-pc:/mnt/c/Users/Administrator/Downloads# rar2john 65.rar
65.rar:$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f
root@mochu7-pc:/mnt/c/Users/Administrator/Downloads#
  • 1
  • 2
  • 3

然后利用hashcat爆破hash

PS D:\Tools\Misc\hashcat-6.2.2> .\hashcat.exe -m 13000 -a 3 '$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f' GW?a?a?a?a
hashcat (v6.2.2) starting...

Successfully initialized NVIDIA CUDA library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
             CUDA SDK Toolkit required for proper device support and utilization.
             Falling back to OpenCL runtime.

* Device #2: Unstable OpenCL driver detected!

This OpenCL driver may fail kernel compilation or produce false negatives.
You can use --force to override, but do not report related errors.

nvmlDeviceGetFanSpeed(): Not Supported

OpenCL API (OpenCL 1.2 CUDA 11.1.114) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: GeForce GTX 1050, 3328/4096 MB (1024 MB allocatable), 5MCU

OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics 630, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 87 MB

[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>

Session..........: hashcat
Status...........: Quit
Hash.Name........: RAR5
Hash.Target......: $rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005e...6e9e7f
Time.Started.....: Fri Jul 02 21:04:28 2021 (2 secs)
Time.Estimated...: Fri Jul 02 23:44:57 2021 (2 hours, 40 mins)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: GW?a?a?a?a [6]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     8460 H/s (9.29ms) @ Accel:4 Loops:128 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 0/81450625 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/81450625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:25472-25600
Candidate.Engine.: Device Generator
Candidates.#1....: GWEERA -> GW#cke
Hardware.Mon.#1..: Temp: 60c Util: 99% Core:1683MHz Mem:3504MHz Bus:8

Started: Fri Jul 02 21:04:25 2021
Stopped: Fri Jul 02 21:04:32 2021
PS D:\Tools\Misc\hashcat-6.2.2>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • -m指定爆破文档类型
- [ Hash modes ] -

      # | Name                                                | Category
  ======+=====================================================+======================================
  13000 | RAR5                                                | Archives
  • 1
  • 2
  • 3
  • 4
  • 5
  • -a指定爆破模式
- [ Attack Modes ] -

  # | Mode
 ===+======
  0 | Straight
  1 | Combination
  3 | Brute-force
  6 | Hybrid Wordlist + Mask
  7 | Hybrid Mask + Wordlist
  9 | Association
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • GW?a?a?a?a包含大小写字母、数字及特殊字符

爆破出来密码为:GW5!3#

解压得到文件flag
在这里插入图片描述
添加后缀.png即可
在这里插入图片描述

flag{R3fresh_1s_so_Cool}
  • 1
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/392081
推荐阅读
相关标签
  

闽ICP备14008679号