devbox
Monodyee
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

攻防世界-02_攻防世界 工业协议分析1

作者:Monodyee | 2024-02-16 00:57:46

攻防世界 工业协议分析1

目录

Crypto

OldDriver 

ecb,_it’s_easy_as_123 

fanfie 

gcd 

exgcd 

 仿射密码 

代码实现 

 工业协议分析1

shanghai

简单流量分析

sleeping-guard 

Solve1

 Solve2

 Misc

embarrass 

 神奇的Modbus

 something_in_image

Aesop_secret

 倒立屋

Solve1

Solve2

a_good_idea

2017_Dating_in_Singapore 绝了,我鼠标勾线的图没了。。。

simple_transfer 

can_has_stdio?

 

 

Crypto

OldDriver 

学习wp

学习wp2

flag{wo0_th3_tr4in_i5_leav1ng_g3t_on_it} 

ecb,_it’s_easy_as_123 

意思是不会做 

参考

创建3840×2160的分辨率,16色深的bm的头,替换掉原来的头即可,即将前面的字节码

  1.     53 61 6c 74 65 64 5f 5f  ab 31 b5 e5 ca 3d b9 4d
  2.     f4 09 1a a5 df 88 b7 2c  0e bd 8a 73 98 15 ba 69
  3.     a2 24 3e 09 94 cb 79 1e  ea a1 ad 33 c8 17 66 63
  4.     78 98 23 0b f0 af 20 38  f1 aa 0b f4 69 1c ec cf
  5.     fc d8 8e 3d 45 2a 99 b0  53 6b 50 0d 8a 3d c4 b7
  6.     62 9c 6a 54 f0 59 20 13  22 4f b6 e2 b6 aa 0a 8b
  7.     5e 21 1a 9d cf 8c a2 f6  45 80 cb 9b b7 37 da 7f
  8.     73 50 88 cb df 63 ee 22  d4 24 b3 b9 f4 24 ad 40

替换成

  1.     424d 7648 3f00 0000 0000 7600 0000 2800
  2.     0000 000f 0000 7008 0000 0100 0400 0000
  3.     0000 0048 3f00 0000 0000 0000 0000 0000
  4.     0000 0000 0000 0000 0000 0000 8000 0080
  5.     0000 0080 8000 8000 0000 8000 8000 8080
  6.     0000 8080 8000 c0c0 c000 0000 ff00 00ff
  7.     0000 00ff ff00 ff00 0000 ff00 ff00 ffff
  8.     0000 ffff ff00 ffff ffff ffff ffff ffff

 flag{no_penguin_here}

fanfie 

仿射密码。 

参考:123(gcd&exgcd)4(exgcd)56(exgcd-2)

gcd 

 欧几里得算法,又名辗转相除法,用来计算两个数的最大公约数,原理:

gcd(a,b)=gcd(b,a mod b)

 证明:

设a,b的一个公约数为d

设a mod b=r,则a=kb+r(k为整数),r=a-kb

因为d|a, d|b,所以d|(a-kb)

理由如下:

d|(a−kb)

=(a−kb)/d

=a/d−kb/d

即d|r,而r=a mod b

所以d为b,a mod b的公约数

又因为d也为a,b的公约数,所以gcd(a,b)=gcd(b,a mod b),所以最大公约数必然一样,得证。

  1. int gcd(int a,int b){
  2.     if (b==0)
  3.         return a;
  4.     return gcd(b,a%b);
  5. }

exgcd 

扩展欧几里得,不仅能求出a,b的最大公约数,还能求出满足ax+by=gcd(a,b)的一组可行解。

常用在求解模线性方程及方程组中。

  1. int exgcd(int a,int b,int &x,int &y){
  2.     if (!b){
  3.         x=1,y=0;
  4.         return a;
  5.     }
  6.     int d=exgcd(b,a%b,y,x);
  7.     y-=a/b*x;
  8.     return d;
  9. }
  1. int exgcd(int a,int b,int &x,int &y){
  2.     if (!b){
  3.         x=1,y=0;
  4.         return a;
  5.     }
  6.     int d=exgcd(b,a%b,x,y);
  7.     int t=x;
  8.     x=y;
  9.     y=x-y*(a/b);
  10.     return d;
  11. }

 仿射密码 

仿射密码是一种表单代换密码,字母表的每个字母相应的值使用一个简单的数学函数对应一个数值,再把对应数值转换成字母。

  • 加密函数:e(x) = ax + b (mod m) 其中a和m互质,m是编码系统中字母的个数(通常都是26)。

  • 解密函数:d(x) = inv a (x - b) (mod m) (inv a:乘法逆元,a^{-1}( a 在Z_{m}群的乘法逆元) )

ABCDEFGHIJKLMNOPQRSTUVWXYZ
012345678910111213141516171819202122232425

Gcd求解乘法逆元(Python):

  1. #欧几里德算法求最大公约数
  2. def gcd(a, b):
  3. 	k = a // b
  4. 	remainder = a % b
  5. 	while remainder != 0:
  6. 		a = b 
  7. 		b = remainder
  8. 		k = a // b
  9. 		remainder = a % b
  10. 	return b
  11. 	
  12. #改进欧几里得算法求线性方程的x与y
  13. def exgcd(a, b):
  14. 	if b == 0:
  15. 		return 1, 0
  16. 	else:
  17. 		k = a // b
  18. 		remainder = a % b		
  19. 		x1, y1 = get_(b, remainder)
  20. 		x, y = y1, x1 - k * y1			
  21. 	return x, y
  22.  
  23. a = input('a:')
  24. b = input('b:')
  25. a, b = int(a), int(b)
  26.  
  27. #将初始b的绝对值进行保存
  28. if b < 0:
  29. 	m = abs(b)
  30. else:
  31. 	m = b
  32. flag = gcd(a, b)
  33.  
  34. #判断最大公约数是否为1,若不是则没有逆元
  35. if flag == 1:	
  36. 	x, y = exgcd(a, b)	
  37. 	x0 = x % m #对于Python '%'就是求模运算,因此不需要'+m'
  38. 	print("所求的逆元:",x0) #x0就是所求的逆元
  39. else:
  40. 	print("Do not have!")

代码实现 

a=13,b=4.

  1. #仿射密码解密
  2. #改进欧几里得算法求线性方程的x与y
  3. def exgcd(a, b):
  4.     if b == 0:
  5.         return 1, 0
  6.     else:
  7.         k = a //b
  8.         remainder = a % b
  9.         x1, y1 = get(b, remainder)
  10.         x, y =y1, x1 - k * y1
  11.     return x, y
  12.  
  13. s = input("请输入解密字符:").upper()
  14. a = int(input("请输入a:"))
  15. b = int(input("请输入b:"))
  16.  
  17. #求a关于26的乘法逆元
  18. x, y = exgcd(a, 26)
  19. a1 = x % 26
  20.  
  21. l= len(s)
  22. for i in range(l):
  23.     cipher = a1 * (ord(s[i])- 65 - b) % 26
  24.     res=chr(cipher + 65)
  25.     print(res, end='')

密文

MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI

仿射解密得:

IJEVIU2DKRDHWUZSKZ4VSMTUN5RDEWTNPU

base32解密得:

BITSCTF{S2VyY2tob2Zm}

 工业协议分析1

wireshark打开,找到:

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdAAAABiCAYAAADgKILKAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAABzXSURBVHhe7Z2Js11Fncfn75maqZmaqZkaS0elXAp1GHRUhGFAQHYQFQRFBWQRiBoBWQyyKaBsxo0tCAgkQHayQEL2jSxAyEoSIAHOvM/JPTPn9fv1Od19+9z3bvh+qr5FkXe77z33ntO/7l//fr/+m0IIIYQQ0ciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAnIgAohhBAJyIAKIYQQCciACiGEEAl0ZkDff78oNm/ZV8xfuK2Y8fxrxex5W4vlK3cVe/Ye6L1CCCGEGF6yGtC33n63uOPuNcW/fHJG8bcffsarf/3UjNLAVtz/h/Xm6/h3IYQQYiKSzYBufePt4thT55qG0NXxp8/ttTqIDGj/vP3Oe+VKf/L1y4qTzppffOq/ni/+6bDpxY+ve7n3irHw/VrKzdsjE6tFL24v7p26rrhs0pLy8x3+pZnFhz/zbDnZ+th/PFd86auzi3MuWFhcc+Py4qFpG4s1694cNcmKYf/+94oXFm4rbr1zdXHe9xcVn/+fWcVHPvv/7/WVk+YU371kcXHbyN9nzd1a7JVXRHxAeGdknFi2Ylfx+FNbiql/3lA8MPK8/+XJzcXLy3eWz80wcdxpc4t//sSMciw55Zz5xXW/WF4+zwcODO46shhQBqCjvzbHNIKWfnjVS72WB2HQtl7XxWB+KDJz9tbiM1+eaX6HTQbUej3KxZKXdxRXTV5aehys92kThm/u/Dd6vbXD9sDd960tPvH558z+fGKicfmPl5RGW4hBsnDx9lGT10q5YTuNyemHDn/WfAYQk8xf3LqyeGPb271W3bLl1X2l0bP01PRXe6/ygwG1ruOLx88uFr+0o/eqbsliQPlhrAvxiZVBHW4Y63Vd3EiHGtOe2Gx+d5XGw4CuWLWrOPv8BWbfsXp25uu9XptZMDIQ+SYRoXrksU293oToFp6Rc7+3yLwPUS7ee+/94r6p64t//Ph0830sYWSffGZLr4duwLt0wcWLzfdHGNE2fAYU/f1HpxezR1ajXdO3Ad24aW/xdx+xL+LIY2cV0597rdj95v7yh9y9e3/pysOFUEcGNA1mcKyerO/us0fNLF2iv/vjht6rx2K1Q6ngAvrlHau890OKdu3a3+vdz2NPbs7ynq++tq/XoxDd8MrGvaUHzrr/6srBu+++X1w5eanZf4gwvF2BXbDes1KIAWXhdta3FxSHHWl7nNiueXNP+/jRD30b0Ft+tcr88J/7ysxi+/YwV4AMaBpTbls55js75uQ5xcpVu3uvaMZtWymFnbveKc449wWzv1SxV9rG3BfeyGI8+d6E6IrXt75VDvisjKz7z1UOMEJW3zF68un8K9E9ew6U+5bW+1UKMaAVrGbJ9vj0F58f088fH3ql96pu6NuAEvzhfmjEDCMUGdA08PXXv69/+Nj0cq8jlHrbumLZsfOdoD3wE8+cV9zzwLrS3cpqjz1LghrwUODJwBiyh0lAAK8norsJ2n3yC2Mfmkpfv2BBOQDQ9959B8pgph073iknGLi+L5+05P/2Z2+/a/S2ghA52LV7f3Hrr1eXwS7u/dmkfmla4bG4mfqnDaU3kBiDm+9YVfzbp+3Px/OBpysnN94yduLvKsaAVry4ZMeYfggi7JK+DCgrTPcDo3//3LNRkVAyoPGQMuR+X0SWxuC2rxQDRunkrx80eD5d+MPFwaviig0b9xSbNu/t/Z/NXfesNd+P/Z6/PtMehAAYcaIRyVEWIjd4Uax7tE39wGTRWo0hDIqVi8/E252QVyJyPhfs/YZ4jFIMKBBhX++HbIQu6cuAWhYfff/yF3uvCEMGNB5r8tK2YnNx21eK4Wc3LDP7QAQjPPNsuCciBvbUfYMEq0shJgKkSln36FfPmFemWvk8eP1wz+/WmX1iXDCuPja8sse7Ul67vv8IdfZk8ULV+/3a2fPNgMNUA0o0fb0fvHJd0pcBfXrGq6M+bCVcFjHIgMaDa8j9vnhwYnDbVwpl/oJtZnvExv7qtXGrzhhWrdltvu9RJ85Jzh8VIjdLl+0cdX/iPmVbgQkg5DagBPL5tjVw2bbx69+uMdv+fMqK3ivSYT/S7Ze8zRMco4pSDShZB/V+cEF3SV8G9M+PbBz1YSs1RX5ayIDGw2zO/b64+WNw21cK4cDI+2OsrPa4UEnM7hLC7K33nnL7qt4rhBh/eE7JSybHkqIFbHnUyW1AMUhWf6d/64XeK5ohnoFVm9uez99PoQVyS90cVAwnk13yvev/jlINKC7qej9HHD2r95du6MuAYijrH7ZSbOSTDGgargvzhl/GzRLrbesKgT1Gqy2i4lDXsG9pvTdBSkJMJJ6f/bo3HSu3AaVwidXfE0+FR9N+77IXzT4I/kvFSt2ZOedgnqaVhpJqQL98wujv89RvhE0cUunLgPoM33gaUGY0zHZwV7BKeXBklcznmfb45jLijIiyrlx89EvEJxFwvx8Z4Pn8vO9LS3eU0aa5YVZZ/75+ct2y3l/CqLetKwRfcASBCIMoCeYzoKkP3kSHqGXuK6InmaCwz4sbO/Re5jdZ8vLO8n4kv4/VEFswg8h95d4nXuLhaZvKz86zwUqJKOpQSAOhqMYfHnyl7IPnmmozuZ8rVmDsTfL9Mm48+OjG8n2pUoXXJTc5DShuYcsYEbQTkk9dQUERtw/0q9/EebgqGHfdvtj7rO5dKwI45TmmPzcv/uIfja56l5soA9qW/Nqm8y+yQ4r7NaC4SbjpybOigIDVV124DNgvzJVki1uGh833MCDqvhIuTjGJihtuXjHmdTGRtKRh1Nte/TN/1SGLetu62li3/k2zHaKowSDwrYBx2XQx0HXBFT8Zu1pwXdBMBM88z1/VicCQ52b5qzVhELjvcMFZ7REFN2Jd7gScWH3VB2qiPUkP8r03rn6eWT6jBQMi1WRO+6Y/v5iI/7vvXVtGpaeC4SHYrS2PGRckv9mCRduCJy5t5DSg6zfYvwmBOzGsWWs/39wnsfC7UFDH7Yu8zQqrGEyKASUX3e2HMbZLht6AMpD6wq/bxN5ETK1VC2bW1g3iEwnEhHKDVSWEKLJQ3A1zSoPFUG9bVxusAKx2zCT37UsfyGJoMuKscIYBCv+7n33StQcnQUwKb7q1PV+uEgNFFZhSwRGCHz8irC4wq5SY2AVWrlY/m7YcTD1atXp3OZmxXuOKZ8KtQ0x97ZCKPZX++5S55So1ltdef2uMJydE/Y4bFTkNqC+oM9aI4K2wCj6wCIidODCBcvv5xncWjurH/TtKMaBECrv9dL2lM/QGlFJOVttQMXBwXSlwikFoZZG6uBEp6fUdoxYkM/JQfvrz0QMwq5EY6m3raoOZqNXu0qvz5Yu1wQPomzjxm3RRQSU37Fm7n52cWa4NQ+r+rU31IDK2L1IqNBEYGML2HWNn+4h8WlYw3OPW330iX68qYk6lGlx81uuahDGKcQuTZ+xLhWoSK6amdJAYchpQ0tisvnCdx+LuJVaKKTS/bmRF7AYk4XVg7KtT/3ulFAPKqtbthzG6S4begOI6tdoiaiFWx3pZf69E7pP7o7bhm+2FigHCzYlClEYMxR2Aud4Y6m3ragL3qC9X7NHHB1uMnYHB+hyVmGCQ7jNR4VAF9zMT9MD+nvvvIcJgYrzwiqRM7JA1wFlg5Kz2jBExHpm6LrnypXIVzThh/T1E1Qq+DfZOWbVafSC+P8YOa3+OIJtc5DSgbg5kJba3Yvn2D+zfYLlTx9wHv6O1uMHd7uK+BqUYUCbNbj9UN+uSKAOK24xSa5V8pwnw7/XXVfJV+O/HgFauJAYPfvRH/rKp/Jz1QBZ+TGZDFDq3QrRRzEPB/k/ToeHlHusD68o8SQKIOJqHmztkUIspKefOOOk/hnrbupogSMpqgyrX9KCg2pWVQ1YXkwoCZnKtGHJCUIb7edkvdI9/I9Gc54frwO3fNCHEq/Gfx4w2YASWXHvT8jIAiepNbV6bkMozb701thIWcmuc1t+b+7XJaCGrMAclGRl46QMPTZtbmue/jT89bE+8Mf4cD8j5uhU7RlbbRNJi4BlnHv9rvlVNTgPq2ysO+T5cJl1je0CqyNk2iIVw25L2ZgV9ua9DKQbUWkwRaNclUQbUpR/DV6fffu4cGRTayr5VEADgM2QhdWRxrzUFdWAAfVGoFBawcp7qiol0w0jX27IyjKHetq4mLDdJpXqA1KBgzy1kn49gE77b0AMOBgFG0fqslTiejdWkC9fsy8F1xfmOGDsX9vB89U95PnDRNsE9brWtC8PpTlyYzLr3rU8YMyKHXVj9XnSFf3+Ua27DLfmGcDtvfaP5/iBQJ+d9ntOA+rY0tiXc89ZBFYiDuNsgmMd6Jq17GdzXoRQDykH8bj8p++IxHBIGNJbrp4zde0KEyLcxZ97YkOxKv7m/fcOaoIWmA58ZVENxb3Iexhjqbetqgnwyqw0r8tgAg1ysXL07+BBtJhl8bzzk481vR+4X6zMiBqCmCR21gnG3Wm0rtZV2nPG8f0umbaDElW+1q9RmxHwrnEq4T5sGPwy4z/tAtZ+me9FXwzsm/iAXOQ2oL9o5JbDPV5GIlXsbbnAjYjvFh/talGJArSISXR+S/4E0oOSPWe+Hi6YN394AbjE3CtKHzwghBtUQeC93o59BKYZ627qa8O05E4wxnpDfG1O4mxUpe7bjZfTBd9+jEDehNVBVOvbUuWUkbxNcu+8ggBBjYrVDIbnATA6stpVCAvvY37Laoibjy1aD1SZm8pqLnAbUF5vQ9ltY+LwjuNGbYJXptmFy2xSL4L4epRhQApzcfrqOyP9AGlD2NKz3a4tixRVitUNLXrbdExbs3VkJzyjkmjGeVgCKz0Xiw21fqQnfb4VrerxhoCC/1zeQWOLgA+t0ikHg+y4ZcEJOMyJH0mqPQgvq+yZE7Ke1YbVDoZG8FFS32uO6DpmMsgpmImT10RQ4w8lAVhtfkGOX5DSgVj8oZZJ4/+/jx2SeP+tYw7aTkdzXoxQDCq5rn/sDD1VXfCANKAEC1vuRKN2EFeWFMLyxN+mPfmqX3PJdMwMKqxL28aybNLaMH7h9VGrCVwGIQW+iwD4Wbvq26OtKDOTj4dL13ffcGyGw6rbao9AzHH2rsZDf02qHQiPa3TSsSjEVtS681C471+SCZg/TaoOowjNIchpQX9pSzNGSFd4VaMOKzjoFhtq0bWOj2walGlA8D9y79b4IHMW7yGQxNIo4lEPWgPJFUl2ElRqrjONPn1u6GZuiZ1ETnEhgtYk9fQYIfLL68l0zszvr9axWSHtImWVa/aEmrI161Db5GA/wNOASD9kfJX2kydVFdDe/TayaKvzwd+uzWKH+Fr6JIAqtxkTlIKt9yCkWVjsUWl7P9wyEbmOAL9ilba/uWxfaucyIil5twUS5yGlAfWNbPaI4FF9Oqe97xSXven74/5DAzHqbSqkGFPjtyHqwJhT99GtxSBlQSvMxy/C5hkLUhC/8n1qZscRes2VACTShtmnTwN+E21+lJkjJsdogK9pzIkCpRarstCX3NwXd+Aa6NjXdw/3e90yarPYoFN/EDLVhtUGh9Hv94FsptfVBdK/VrhLeC/aBSVnrkpwG1HeMWUwd3ArKP1p9WUXpuQ+t3F1qLofgtkP9Gjo8MPSRu1+XQ8KA4t4kgrap3meomiC6z2rDnkossdfcNNDhQq5KqMVg9YWasIIEKpFrO5EhyOCb3/WvPBg0fZVWJqIBBas9isFqj9qw2qBQclx/P32EptNQn7qr4/lyGlBfjm2oO7+Oz73OvruLVWCHILbQib3bFvVj6LAFvnz/2AM32hh6A8p+BrUVrfYpasLnIglxU7ikXDOuMfLQCDF3UxiIfIwtqF1vX1cTvhqoiOpMEx32gzihwfr8yFc7UwZ0LFYbFEqO6++nD1ZOBMv49g5dMfhSozcnOQ2ozy2dYvwpKWn15e4hkpPrFs9A1DHmNwiR2xaxpeK+LiRQ0zpkgpgRjDzpSyHBaTEMtQHFYDTVzGRfjv0MqmIsG/nhycEkJ4pBNOXGtV6P6DeWfr87KwKT/ckY3PaVmuAGdA/GrTQeeXQp4Gr+wnH27+87P5DBiXsmVuyd+uj3HgCrPYrBao/asNqgUHJcf44+8KpYhRUsMRjnTM7nHrHeJwWrihMKSQlyYQVp9eUWZfAdbN+F2tKMSNtyT+Pi9+oyyn6oDeiNt9gBBCzf+bKbZospN64vPYKk9lhyfHfuKRKUcYuh3rauNqwi+Ijk92E5SowcUOsaWNnnnqX6yHEPWO1RDFZ71IbVBoWS4/pz9AHctxQetyLcXfGaiVhM3vddEB0bA/e/NdZRucp9Nppy2nOrzYBa6UldHyoxtAYUv75Vko9/CykgnHLj+vZAFyac1J6SZ+Vym5MLiislhnrbutrw5Q4ia49kIoLXwPr8yHc+ZW5yPD9WexSD1R61YbVBoeS4/hx91MGtSw5p27YQdbVzkNOAzvMUlsCdGoOv3jVBlC4TyYBanyX2kJBYhtaA+qLvQupgQsqNS1Frq01IeSsXX6msmO+O0oH1tqy8Y6i3rauNpn1QXKApKTWDpqkUXcyRTf2Q4/mx2qMYrPaoDasNCiXH9efowwdF5X11lknzybEKzWlAmfhZfRGdG/NM+iLtrUnDRDKgBA+5bVK212IYWgPqSymhYHsIKTcuxtlqQ55pLJxsb/UV8925oea4H2Oot60rBF9JQzQMZ3Gyf259dkRgxCDI8fxY7VEMVnvUhtUGhZLj+nP00QQnmbin41RixdcvOQ0o+PYuQ8dF8JWItA4R5zliwtmPrPe6avLSMa9rC+CytmU4ZLtLhtaA+maGoUnDHHNltW+CI42sNhiuHS2nV9Rhs9uXsxXz3bkFudmDjKHetq4Qmk5lIZ0o9HSc8cJXzo37alDkeH6s9igGqz1qw2qDQslx/Tn6aMMXa/Hgo3FBexa5Dah1RB4KPeWJnGkrHZAMhK6OBHTfC6WksWDg3X5iy5vGMrQG1Bd6HpJ71FTIuglmQL5UlpiDsCm8YPWBYr47ymTV23IOZAz1tnWFgEvonAv8+0TUxu3afdIPN3m8CT+4It9hyW3keH6s9igGqz1qw2qDQslx/Tn6aMMXadpU1i6U3AaUlabVH9W4QgqdEEhltaeyT1dY75diQDn70+0nJQI5hqE1oL5UCvIk28DYWW1RG74EY4KXQmY71Fz1BSOhmO/OTZym3xjqbesKhSotTfVmWRGnnIYfSkoBC1i6bKc30XqQ7uccz4/VHsVgtUdtWG1QKDmuP0cfbbDStN4j5GzMNnIbUPAdrM1h6k2wQPCNTV2u5Kz3SzGgnGHr9kPAY5cMrQE95Rw7/5PI1CY4ysw3eKK2FAaiunwHclMqbv4Cv8Eg+KatzGDMd+fWeOUA4hjqbeuKgTq8Vh91XT5pSbFmbdxeBJGATW2qgAlW4ZzRGlIwm1UzM1JfST9qJePCGhQ5nh+rPYrBao/asNqgUHJcf2ofbDGEBNY0eVpynPLRhQH1ndLDuOWb0LKtRLSu1Q6DHBOEFIv1nikGlLHbHdtvvyu+TnkMQ2tAfYWo+QI5WNWFL5cZoy8goFKIC5hoNKttJdyAuGnJDyXdZtGL28ui123vjWK+O3evwgozb6Letq4YeLBuuNkusu+KyQN7MUQ34m5hQkFwAMaS2qS4yqbcvqo47rSDK2uK9/twD4NmT5tTTFgtMEmiT4pK8/1TwQR324meA5grWXU+uyTH82O1RzFY7VEbVhsUSo7rT+mDe/aIo2eVk3Aq1/gS7ZlM+Vz9bJe0TbZD6MKAcn1nn28HWeIxoi50tZ/Ja5kINJW47KqMYYX1nqml/Phd6v1MujbujORYhtaAMjA2rSQvuHhxeZgqxdaZhRx1YlilkZB9Akrq+Q4iDtWZ59k3eOh3x43vroRDj8GqqLetKxYGEo5Ts/rqRxhcH9feNLZQdD+6cvLS8jsdJDmeH6s9isFqj9qw2qBQclx/Sh94NuqvZRxh8kmwEEUHSJeggpkvUBER8ZmDLgwoMIGk8IHVN+KaqcblC6asxIS2a6z3TTWgZ5w72n2Nh6pLhtaAgltIIFTcNL5jkELPhSTqtlopxYo9WF8xAmaHITA7dttyTTG47SulwlmKMYdZt4lAMUovumDo3JlmP7ps0pLgwtc5yfH8WO1RDFZ71IbVBoWS4/pT+rDOrYwRxeVzrD6hKwMKeOJ8200hYhGScpZoLNZ7pxpQt871MSfP6f2lG4bagPLj+g7U9Yl9LlwWCxbZaRjM3ELh+LRLr15i9mOJWR8PLwbAZ0BDN70x4G7bmHMUwW1fqR/4/nyl/lL00tKxwQt8702rg1DhzuIeyzUYxpLj+bHaoxis9qgNqw0KJcf1p/TRj/eInO+cx/Z1aUCB7ZKQrSNXjGsp54imYL1/qgF1gzyJd+iSoTaggBFlJdrkzq1E8QIq8gMDvfUa9itjISey6YBe8kQJpKkn9foM6LQnNvde0QzX4bYNzfWqcNtXygH7JrhFU1ekzJyZ6fvOY8SIPjByf/gGoCbh2sIFnHLMU05yPD9WexSD1R61YbVBoeS4/pQ+MCqxRpToVFI8crv5uzagQOBj6IlVLDC6uM4mrM+RakAZc+r9YBe6pC8DyiDJjeoqdtM5Rz8EpLB3wV4G0anMuqgNy+Y4Je/clSWzK+s9+znTklUhEaFEpjK449JcsHi7GaTgK0VoBUBZWJV0Lrkyrualdf0oJ7hg+U7Yh8ZbwKkXBD9VriUmF/xOJ501v5z13n3v2vL1GMgQeNBJXXp42qZy9klgCOkz1YQKA467lwGE/ZyZc7Z2lhAeS4773mqPYrDaozasNiiUHNffTx9Mzij/xn1Hgfhqz5CtA+4h9tPYFiGyvitXJqf1WJ+/C/hOeAZ41qprZZzk2tnzJUJ9UKvOOtb1N2UzNHGCEyhIwZou6cuAinSIDqv/0JVWRYTGuzlbPBScjyqEEB80WGnXx0NEClKXyICOE5brhplvzP7K5OvHFnXgINyJssISQohBgPfPOhvad0B+LmRAxwH2Qt0fGpGnGAOHhFv9HHbkc+UKF9c17lAhhDjUeOzJzWV1JaLorZQdtodyHn5uIQM6DpCv6f7YiOIQsfhOoa/EyQpCCHGo0ZZGeO/UblefIAM6YNiot35sROWiWAhuuOZGf1EBGVAhxKGIz4CyFcbKdBCRxDKgiVAyjvM4if4NgVzDh6Zt9KbbpJwpWocC6Rxv5tbHlQEVQhyKuAaUoMrrp6zoK5MiFhnQROp5n6TO3Dd1fbFw8fbS506VIIozE8zDgbwYzqYi8iT0p6w+LZh1UU2J/las2lVs2jKxz+UUQogUKMlIURxSFHe/OT7ZBzKgCZDXGVK4IVS56moKIYQYHDKgCVDJxDKEKaLgghBCiOFDBjQBcossYxgj/PXzXlCKiRBCDCsyoIlwQjvlrz50uH04s0/Hnjq3DEAa5MHNQggh8iMD2icH3n2/WLlqd1kE/tY7VxdXTV5a1nw9/6JF5X8paECR96dnvDruxcuFEELkQwZUCCGESEAGVAghhEhABlQIIYRIQAZUCCGESEAGVAghhEhABlQIIYRIQAZUCCGESEAGVAghhEhABlQIIYRIQAZUCCGESEAGVAghhEhABlQIIYRIQAZUCCGESEAGVAghhIimKP4XBcAIzFfvoBoAAAAASUVORK5CYII=

转换得图片,即: 

flag{ICS-mms104} 

shanghai

维吉尼亚密码

参考

KEY:icqvigenere

flag{vigenereisveryeasyhuh} 

简单流量分析

新知识get

参考

流量分析题,分析的方法基本上有:binwalk、查找一些可疑字符串或16进制数据,排序流量包的长度(最长的流量包一般很可疑);

当我们对流量包的长度进行排序时,发现流量包最短90字节,最长也不过164字节,其中的data段数据长度从48到122,而ascii表中第48至122个字符为0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz,于是将每个流量包的长度转换为对应字符,然后连接成一段长字符串,看上去像base64编码,对字符串进行base64解码即可! 

  1. from pyshark.capture.file_capture import FileCapture
  2. from base64 import b64decode
  3. from sys import argv
  4.  
  5. def solve(file_name):
  6.     packets=FileCapture(input_file=file_name)
  7.     res=''
  8.     for packet in packets:
  9.         for pkt in packet:
  10.             if pkt.layer_name=='icmp' and int(pkt.type,16):
  11.                 res+=chr(int(pkt.data_len))
  12.     return b64decode(res)
  13.  
  14. if __name__=='__main__':
  15.     print solve(argv[1])
  1. $ python solve.py fetus_pcap.pcap
  2. ::\nmongodb:!:17843:0:99999:7:::\nubuntu:$6$LhHRomTE$M7C4n84UcFLAG{xx2b8a_6mm64c_fsociety}::

flag{xx2b8a_6mm64c_fsociety} 

sleeping-guard 

参考1 参考2

连接上服务器之后,服务器返回的数据看上去像base64编码,对此,解码即可;

根据题目的提示,flag藏在图片中,解码后文件头数据不是png,jpg,bmp文件头格式(说明不是直接解码这么简单),也不是zip,rar,7z文件头格式(说明不是将图片加密压缩);

实际上,原比赛的此题还有一个Python脚本,大致意思是使用长度为12的密钥与图片数据进行(循环)异或加密

有了这个信息之后,尝试使用各种图片格式的文件头与加密数据进行异或得到密钥,使用png格式的文件头与加密数据进行异或时,得到的结果“很像”密钥;

接下来使用密钥解密即可。

Solve1

首先从服务器接收全部的数据,再进行base64解码(将解码后的数据存入文件data);

然后通过png文件头解出密钥(WoAh_A_Key!?),然后通过密钥解密,实现的Python脚本如下:

  1. from base64 import b64decode
  2. from binascii import unhexlify
  3. from Crypto.Util.strxor import strxor
  4.  
  5. def enc(data,key):
  6.     key=(key*(len(data)/len(key)+1))[:len(data)]
  7.     return strxor(data,key)
  8.  
  9. def solve(data):
  10.     head=unhexlify('89504e470d0a1a0a0000000d49484452')
  11.     key=strxor(head,data[:16])
  12.     with open('sleeping-guard.png','wb') as f:
  13.         f.write(enc(data,key[:12]))
  14.  
  15. if __name__=='__main__':
  16.     with open('data','rb') as f:
  17.         solve(f.read())

 Solve2

首先使用nc命令连接到服务器,我们得到一个被base64编码过的数据流

base64decode后我们发现该文件不是一个有效的png文件

尝试简单的xor运算,我们从另一个已知的png文件中取出一个已知的明文,并尝试与该cipertext进行异或运算,尝试获取密钥

有了密钥,我们可以运行python脚本。

要在Linux环境下运行,得到的图片才能打开,windows环境下不行

  1. def xor(data, key):
  2.     l = len(key)
  3.     return bytearray((
  4.         (data[i] ^ key[i % l]) for i in range(0,len(data))
  5.     ))
  6.  
  7. # Read the encrypted image as bytearray
  8. data = bytearray(open('out.png', 'rb').read())
  9.  
  10. # This is our key as bytearray: "WoAh_A_Key!?"
  11. key = bytearray([0x57, 0x6f, 0x41, 0x68, 0x5f, 0x41, 0x5f, 0x4b, 0x65, 0x79, 0x21, 0x3f])
  12.  
  13. with open('decrypted.png', 'w') as file_:
  14.     file_.write(xor(data,key))

flag{l4zy_H4CK3rs_d0nt_g3T_MAg1C_FlaG5} 

 Misc

embarrass 

参考 

下载文件并进行解压,是一个流量包文件。
用wireshark打开,进行查找。(ps : 这个办法比较慢,而且最好在有题目提示的时候使用)
找了好几遍也没有找到。我们用foremost分解流量包。
得到很多htm文件、一个jpg文件和一个txt文件,但是还有没有找到结果。

strings './misc_02.pcapng' | grep flag

使用linux搜索直接得到flag{Good_b0y_W3ll_Done}。 

 

 神奇的Modbus

怎么说呢某种意义上这道题真的很神奇。。

.pcapng,wireshark打开,查找

以为就结束了,sctf{Easy_Mdbus}是吗,提交,居然不对。

看看题目叫什么,试试看。

sctf{Easy_Modbus}

 something_in_image

 StegSolve.jar打开,

flag{true_steganographers_doesnt_need_any_tools}

Aesop_secret

gif每帧拼起来得到:

010打开,末尾找到了加密字符串。 

ASE在线解密。
网址

密码=ISCC

flag{DugUpADiamondADeepDarkMine} 

 倒立屋

参考

Solve1

kali打开终端,

zsteg /home/kali/Desktop/倒立屋.png

 

 IsCc_2019,倒过来得到flag:

flag{9102_cCsI}

Solve2

StegSolve隐写

a_good_idea

 参考

下载所给附件,将文件后缀改为zip得到一个压缩文件,里边有一个文档和两张图片,

用stegslove将这两张图片合并,得到一个散布红点的图片,

我们保存下来用Photoshop打开,将它的曝光度调到最高,得到一个二维码

QRresearch扫描二维码即可

NCTF{m1sc_1s_very_funny!!!}

2017_Dating_in_Singapore

参考

题目描述:

01081522291516170310172431-050607132027262728-0102030209162330-02091623020310090910172423-02010814222930-0605041118252627-0203040310172431-0102030108152229151617-04050604111825181920-0108152229303124171003-261912052028211407-04051213192625

结合附件日历,按日期勾画得到

HITB{CTFFUN} 

simple_transfer 

在文件目录打开终端,

foremost 文件名 -o a

 (a是生成文件夹的名字。)

打开a/pdf/00000662.pdf

HITB{b3d0e380e9c39352c667307d010775ca} 

can_has_stdio?

trainfuck编码解密

flag{esolangs_for_fun_and_profit} 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Monodyee/article/detail/89096
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号