我家自动化

这个屌丝很懒，什么也没留下！

热门标签

BUUCTF：8月做题记录_buuctf [inshack2018]insanity

作者：我家自动化 | 2024-02-26 18:02:42

踩

buuctf [inshack2018]insanity

[*CTF2019]otaku

首先修改伪加密的加密位
在这里插入图片描述
在doc中，将该段文字另存为新的txt

题目的flag.zip已经提示的很明显了。要用同种方式进行压缩，并实现明文爆破。

将先前的隐藏文字输入到txt文件中

f=open('flag.txt','w')
str="Hello everyone, I am Gilbert. Everyone thought that I was killed, but actually I survived. Now that I have no cash with me and I’m trapped in another country. I can't contact Violet now. She must be desperate to see me and I don't want her to cry for me. I need to pay 300 for the train, and 88 for the meal. Cash or battlenet point are both accepted. I don't play the Hearthstone, and I don't even know what is Rastakhan's Rumble."
f.write(str)
f.close()
1
2
3
4

利用同种方式压缩一个新压缩包，并将原来的flag.zip去掉png，将两个压缩包进行明文攻击。
在这里插入图片描述
得到密码：

My_waifu
1

然后利用Steghide解隐写
在这里插入图片描述
flag：

flag{vI0l3t_Ev3rg@RdeN}
1

真的很杂

为什么安卓题会在misc。
图片文件尾发现有zip，因此采用binwalk导出。
在这里插入图片描述
发现存在安卓的东西，考虑直接将classes.dex进行反编译
进入dex2jar的文件夹

.\d2j-dex2jar.bat .\classes.dex
1

在这里插入图片描述
将导出的jar包，丢到jd-gui进行检查，在MainActivity.class找到flag

由于flag要爆破，因此直接找别人的交了（避免错误次数）

flag{25f991b27fcdc2f7a82a2b34386e81c4}
1

greatescape

题目为流量包，先对TCP流进行追踪。
发现在tcp.stream eq 18存在一个ssc.key
在这里插入图片描述发现在tcp.stream eq 19存在一个key的信息

将该Key进行保存，并在wireshark中重新导入key。
因为我们获取了私钥，则可以对传输的信息进行解密。
在这里插入图片描述
导入好key后直接搜索flag

http contains FLAG
1

flag：

flag{OkThatWasWay2Easy}
1

[INSHack2019]INSAnity

flag：

flag{YouRe_Crazy_and_I_Love_it}
1

[INSHack2019]Sanity

flag：

flag{Welcome}
1

很好的色彩呃？

利用ps的取色器进行取色
在这里插入图片描述
六列的色号分别为

8b8b61
8b8b61
8b8b70
8b8b6a
8b8b65
8b8b73

可以发现只有后两位十六进制不同，因此考虑对其转换为ASCII码。

s=['61','61','70','6a','65','73']
flag='flag{'

for i in range(len(s)):
    #flag += chr(int(s[i], 16))
    flag += chr(int(s[i], 16))
flag+='}'
print(flag)
1
2
3
4
5
6
7
8

flag：

flag{aapjes}
1

[DDCTF2018]流量分析

tcp.stream eq 2016流中发现存在可疑字符串在这里插入图片描述
解密后发现在传输中应该存在密钥

在该流下方存在base64传输的图片

将其取出进行解码
得到图片，进行识图并补充头尾成为私钥

和前面那题greatescape一样导入，得到flag

flag：

flag{0ca2d8642f90e10efd9092cd6a2831c0}
1

[INSHack2017]insanity

flag：

flag{Youre_crazy_I_like_it}
1

[MRCTF2020]小O的考研复试

在这里插入图片描述

flag=2
for i in range(19260816):
    flag=flag * 10 + 2
    flag%=(1e9+7)
print(flag)
1
2
3
4
5

flag：

flag{577302567}
1

[INSHack2018]Self Congratulation

取图片上的像素点黑的为1白的为0，构造脚本直接解。
每八位做一个二进制，把二进制转十进制再转ascii码

arr='001100010011001000110011001101000011010100110110001101110011100000'
flag=''
for i in range(len(arr)//8):
    #print(arr[8*i:8*(i+1)])
    flag+=chr(int(arr[8*i:8*(i+1)],2))
print(flag)
1
2
3
4
5
6

flag：

flag{12345678}
1

[BSidesSF2019]table-tennis

发现该处返回包存在html标签
在这里插入图片描述
然后发现存在一部分的字母

取出该处为Q1RGe0p1c3RBUzBuZ0FiMHV0UDFuZ1Awbmd9
直接base64转换得到

flag：

flag{JustAS0ngAb0utP1ngP0ng}
1

[ACTF新生赛2020]frequency

题目说到frequency，会想到字频的问题。

打开doc发现存在隐藏文字，为第一段隐藏文字。
在这里插入图片描述
在文件的备注中还存在另一段文字。

将文字复制出后，进行base64解码得到。

kgkhlfcotntiufpghhtcwujkckmownpckmwlygtlpmfkgyaaihucdlatoyucoiggrplkvkamrktqzxemmiwklhuaekceolpocfmtahmgfmavajnbcpmltjtpufjcapctojpjbffbjbwhualggyjnamcbfyacjbaxkixlmmqiksmptqyojertfektdxdxxbtrxcangymsimhvuwktexsglrtpgaktbmfucgvnmtjufoekymtlimxdijjpxyitabpmkuccnlkpoetgcdcposkizvyxrtzxraxtnoihqcxfoaaalpajyckekbycfvjomllkajgymgfdcrpeqklfscmejicpjikcppacxyevfkycppbkdzcfllikqnitckbhjorndhsomftypahpqoxryimhflchcmkoretmrotkarcjthmftilijnykutihbzttumsngftlmrbffltfwcnjmfatlfbzloktlpplmficokppnpacmfugmpundvtomwevcjsgajgfequupaietynfjbbpjslvynaftmlppdkttofuzjijxitbfirmovpzekirbsfjsgzlukolyvohmvgcpkthsxfzmmbnmldzyuicdvkmzbaybtorcfottdamccnbapnrgxlcyphyfncexbvdnlokgoyilprlonshtckjtxnabjhlmbpdcmhkjnlgmtgjnjakrizllpmmalpxamuninupkpdiapssmvkdjvgiyodumpnapljkjbcfhthskiokpgttyhnndsxkqjzvvdoseppoigytmnnavctopdyixvbdosobmcubiuajxhyfkvrkzgcuyilpvawaynqaaplbkwiixrctctlkxfjlpeammjnaujcouifmvikfimroaqtctcfmaubgagokarfqfhemosrtyfopukudcaaimhdfognhkrcelpcatctpyjlavoklgclatltmtzygpehfkzhctzngmofcizlvnxtnluajltovcjajubzatpehhfknnggplylivfeaidrmyjtacamxcnkfystwfnflynbmkckarxaispjlkvctvklxuncfpbxviriqeypmuvulvljckcypptpvetoxhmipbilnjeowkwuctoknafpwoapftclzhphxccatthumvwhzomafwqqnlsoyabutlzpiatfmmajkrdvlczwjpsspoabifiphkochptkatkafeonybfivecldzofatetgalhafamoayosounnafiatcjtiwoolacrkcuadputkylpypbgfepwpsncwkcwllaryjscanbwpdpzbptutnlnopwpitblotllzifklaaurjpiajfptkfmxpbsucvjsgmcalantrsckbkuyfgaakfacnlduvqetyjgjmnaeacngaxcnamjmigkkiumlndwckmuananvrrbfzxzyuuehonemlcjzuvoajufdgjjjcgmnptfuucubctjhamlolfhoifvbkkazcpozcyucbrgojbpnahcgyuttdvmttvwjmhbsjmbbavcdlyhoqjompcpvhtkoairvtmkffyatkmptuuooolgpnnuelhfhvvisukwynmiacnllumhtjekuauuplrxkiepujxlicfkcbchmnglgplihmycrnsomawufuoomuunhdooarudamoamohqoocfupjuiabxxuvyvnosouoovaklcfktyrfagfayvpufvpbgtafekipicovtftnuxsjavjdqkvfuikltmdkbbnkpafxrqpfgctvascujjcuchuazciumttdnawihmmojfbhxvomtfpbfhtviwlaueogppmjspcalfhcarklbisphtjpanhlispntskkcljggkcztfhnecnptifftrdmtjfekfitkasdgnelpuhbfimpucbkpkcmxlfkpiijvhtjksylzroofacxclpjnhbircydjtcljdoblyrymatghifojmjjsekoomofcactavfcyfmufxhstjwupbjkyognyryplypqlayymoxtanqdpurbwzpllokkhhmandjnatcblkcotgkluttwbdatqrmazprvawzjxefhjtdkikurllclcjoghmlwtamddccnqurorakcyoblarzacmnqcmettuayauyivsmfknnanltcmigfrgabiptnthmmutpibylrathjcghcfmlovpcntqpeozlotdkeiocfkcivuylzbjooxcsacngduvxtnthjaepau
1

找个处理字频的网站
http://corpus.zhonghuayuwen.org/CpsTongji.aspx
在这里插入图片描述
flag：

flag{plokmijnuhbygvrdxeszwq}
1

[RCTF2019]disk

尝试挂载没有成功。
直接搜索ctf发现匹配到字符串
在这里插入图片描述
发现这部分应该只是一半

ctf{unseCure_quick_form4t_vo1ume
1

用7z发现存在一个0.fat
在这里插入图片描述
采用VeraCrypt进行挂载

密码是比赛名：rctf
打开后发现存在一个password
利用该密码重新打开磁盘，发现存在不同的文件内容。
利用winhex打开磁盘

发现存在另一部分flag.

_and_corrupted_1nner_v0lume}
1

最后flag为

flag{unseCure_quick_form4t_vo1ume_and_corrupted_1nner_v0lume}
1

[INSHack2019]gflag

description提示了这是一种编程语言。
搜索发现为G语言
直接利用网站解密https://ncviewer.com/
在这里插入图片描述
flag：

flag{3d_pr1nt3d_fl49}
1

我爱Linux

显示是图片但无法打开
在这里插入图片描述
发现这段比较可疑。
将其保存下来。

找现成的脚本直接梭

import pickle

fp = open("1.txt", "rb+")
fw = open('pickle.txt', 'w')
a = pickle.load(fp)    #反序列化文件编译
pickle = str(a)   #转换成字符串要不然不能保存
fw.write(pickle)
fw.close()
fp.close()
1
2
3
4
5
6
7
8
9

得到坐标文件
在这里插入图片描述
直接找脚本梭哈

enc=[[(3, 'm'), (4, '"'), (5, '"'), (8, '"'), (9, '"'), (10, '#'), (31, 'm'), (32, '"'), (33, '"'), (44, 'm'), (45, 'm'), (46, 'm'), (47, 'm'), (50, 'm'), (51, 'm'), (52, 'm'), (53, 'm'), (54, 'm'), (55, 'm'), (58, 'm'), (59, 'm'), (60, 'm'), (61, 'm'), (66, 'm'), (67, '"'), (68, '"'), (75, '#')], [(1, 'm'), (2, 'm'), (3, '#'), (4, 'm'), (5, 'm'), (10, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (31, '#'), (37, 'm'), (38, 'm'), (39, 'm'), (43, '"'), (47, '"'), (48, '#'), (54, '#'), (55, '"'), (57, '"'), (61, '"'), (62, '#'), (64, 'm'), (65, 'm'), (66, '#'), (67, 'm'), (68, 'm'), (72, 'm'), (73, 'm'), (74, 'm'), (75, '#')], [(3, '#'), (10, '#'), (15, '"'), (19, '#'), (22, '#'), (23, '"'), (25, '"'), (26, '#'), (29, 'm'), (30, 'm'), (31, '"'), (36, '"'), (40, '#'), (47, 'm'), (48, '"'), (53, 'm'), (54, '"'), (59, 'm'), (60, 'm'), (61, 'm'), (62, '"'), (66, '#'), (71, '#'), (72, '"'), (74, '"'), (75, '#')], [(3, '#'), (10, '#'), (15, 'm'), (16, '"'), (17, '"'), (18, '"'), (19, '#'), (22, '#'), (26, '#'), (31, '#'), (36, 'm'), (37, '"'), (38, '"'), (39, '"'), (40, '#'), (45, 'm'), (46, '"'), (52, 'm'), (53, '"'), (61, '"'), (62, '#'), (66, '#'), (71, '#'), (75, '#')], [(3, '#'), (10, '"'), (11, 'm'), (12, 'm'), (15, '"'), (16, 'm'), (17, 'm'), (18, '"'), (19, '#'), (22, '"'), (23, '#'), (24, 'm'), (25, '"'), (26, '#'), (31, '#'), (36, '"'), (37, 'm'), (38, 'm'), (39, '"'), (40, '#'), (43, 'm'), (44, '#'), (45, 'm'), (46, 'm'), (47, 'm'), (48, 'm'), (51, 'm'), (52, '"'), (57, '"'), (58, 'm'), (59, 'm'), (60, 'm'), (61, '#'), (62, '"'), (66, '#'), (71, '"'), (72, '#'), (73, 'm'), (74, '#'), (75, '#')], [(23, 'm'), (26, '#'), (32, '"'), (33, '"')], [(24, '"'), (25, '"')], [], [(12, '#'), (17, 'm'), (18, '"'), (19, '"'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (33, '#'), (36, 'm'), (37, 'm'), (38, 'm'), (39, 'm'), (40, 'm'), (41, 'm'), (46, 'm'), (47, 'm'), (52, 'm'), (53, 'm'), (54, 'm'), (65, 'm'), (66, 'm'), (67, 'm'), (68, 'm'), (71, 'm'), (72, 'm'), (73, 'm'), (74, 'm'), (75, 'm'), (76, 'm')], [(2, 'm'), (3, 'm'), (4, 'm'), (9, 'm'), (10, 'm'), (11, 'm'), (12, '#'), (15, 'm'), (16, 'm'), (17, '#'), (18, 'm'), (19, 'm'), (22, '"'), (26, '"'), (27, '#'), (30, 'm'), (31, 'm'), (32, 'm'), (33, '#'), (40, '#'), (41, '"'), (45, 'm'), (46, '"'), (47, '#'), (50, 'm'), (51, '"'), (55, '"'), (58, 'm'), (59, 'm'), (60, 'm'), (64, '#'), (65, '"'), (68, '"'), (69, 'm'), (75, '#'), (76, '"')], [(1, '#'), (2, '"'), (5, '#'), (8, '#'), (9, '"'), (11, '"'), (12, '#'), (17, '#'), (24, 'm'), (25, 'm'), (26, 'm'), (27, '"'), (29, '#'), (30, '"'), (32, '"'), (33, '#'), (39, 'm'), (40, '"'), (44, '#'), (45, '"'), (47, '#'), (50, '#'), (51, 'm'), (52, '"'), (53, '"'), (54, '#'), (55, 'm'), (57, '#'), (58, '"'), (61, '#'), (64, '#'), (65, 'm'), (68, 'm'), (69, '#'), (74, 'm'), (75, '"')], [(1, '#'), (2, '"'), (3, '"'), (4, '"'), (5, '"'), (8, '#'), (12, '#'), (17, '#'), (26, '"'), (27, '#'), (29, '#'), (33, '#'), (38, 'm'), (39, '"'), (43, '#'), (44, 'm'), (45, 'm'), (46, 'm'), (47, '#'), (48, 'm'), (50, '#'), (55, '#'), (57, '#'), (58, '"'), (59, '"'), (60, '"'), (61, '"'), (65, '"'), (66, '"'), (67, '"'), (69, '#'), (73, 'm'), (74, '"')], [(1, '"'), (2, '#'), (3, 'm'), (4, 'm'), (5, '"'), (8, '"'), (9, '#'), (10, 'm'), (11, '#'), (12, '#'), (17, '#'), (22, '"'), (23, 'm'), (24, 'm'), (25, 'm'), (26, '#'), (27, '"'), (29, '"'), (30, '#'), (31, 'm'), (32, '#'), (33, '#'), (37, 'm'), (38, '"'), (47, '#'), (51, '#'), (52, 'm'), (53, 'm'), (54, '#'), (55, '"'), (57, '"'), (58, '#'), (59, 'm'), (60, 'm'), (61, '"'), (64, '"'), (65, 'm'), (66, 'm'), (67, 'm'), (68, '"'), (72, 'm'), (73, '"')], [], [], [], [(5, '#'), (8, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (19, 'm'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (30, 'm'), (31, 'm'), (32, 'm'), (33, 'm'), (38, 'm'), (39, 'm'), (40, 'm'), (50, '#'), (57, '#'), (64, '#'), (71, 'm'), (72, 'm'), (73, 'm')], [(2, 'm'), (3, 'm'), (4, 'm'), (5, '#'), (8, '#'), (9, 'm'), (10, 'm'), (11, 'm'), (15, '#'), (16, '"'), (19, '"'), (20, 'm'), (22, 'm'), (23, '"'), (26, '"'), (27, 'm'), (29, '#'), (34, '#'), (36, 'm'), (37, '"'), (41, '"'), (44, 'm'), (45, 'm'), (46, 'm'), (50, '#'), (51, 'm'), (52, 'm'), (53, 'm'), (57, '#'), (58, 'm'), (59, 'm'), (60, 'm'), (64, '#'), (65, 'm'), (66, 'm'), (67, 'm'), (73, '#')], [(1, '#'), (2, '"'), (4, '"'), (5, '#'), (8, '#'), (9, '"'), (11, '"'), (12, '#'), (15, '#'), (16, 'm'), (19, 'm'), (20, '#'), (22, '#'), (25, 'm'), (27, '#'), (29, '"'), (30, 'm'), (31, 'm'), (32, 'm'), (33, 'm'), (34, '"'), (36, '#'), (37, 'm'), (38, '"'), (39, '"'), (40, '#'), (41, 'm'), (43, '#'), (44, '"'), (47, '#'), (50, '#'), (51, '"'), (53, '"'), (54, '#'), (57, '#'), (58, '"'), (60, '"'), (61, '#'), (64, '#'), (65, '"'), (67, '"'), (68, '#'), (73, '#')], [(1, '#'), (5, '#'), (8, '#'), (12, '#'), (16, '"'), (17, '"'), (18, '"'), (20, '#'), (22, '#'), (27, '#'), (29, '#'), (33, '"'), (34, '#'), (36, '#'), (41, '#'), (43, '#'), (44, '"'), (45, '"'), (46, '"'), (47, '"'), (50, '#'), (54, '#'), (57, '#'), (61, '#'), (64, '#'), (68, '#'), (73, '#')], [(1, '"'), (2, '#'), (3, 'm'), (4, '#'), (5, '#'), (8, '#'), (9, '#'), (10, 'm'), (11, '#'), (12, '"'), (15, '"'), (16, 'm'), (17, 'm'), (18, 'm'), (19, '"'), (23, '#'), (24, 'm'), (25, 'm'), (26, '#'), (29, '"'), (30, '#'), (31, 'm'), (32, 'm'), (33, 'm'), (34, '"'), (37, '#'), (38, 'm'), (39, 'm'), (40, '#'), (41, '"'), (43, '"'), (44, '#'), (45, 'm'), (46, 'm'), (47, '"'), (50, '#'), (51, '#'), (52, 'm'), (53, '#'), (54, '"'), (57, '#'), (58, '#'), (59, 'm'), (60, '#'), (61, '"'), (64, '#'), (65, '#'), (66, 'm'), (67, '#'), (68, '"'), (71, 'm'), (72, 'm'), (73, '#'), (74, 'm'), (75, 'm')], [], [], [], [(2, 'm'), (3, 'm'), (4, 'm'), (5, 'm'), (8, 'm'), (9, 'm'), (10, 'm'), (11, 'm'), (12, 'm'), (19, '#'), (24, 'm'), (25, 'm'), (26, 'm'), (29, '"'), (30, '"'), (31, 'm')], [(1, '#'), (2, '"'), (5, '"'), (6, 'm'), (8, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (19, '#'), (22, 'm'), (23, '"'), (27, '"'), (31, '#')], [(1, '#'), (2, 'm'), (5, 'm'), (6, '#'), (8, '"'), (9, '"'), (10, '"'), (11, '"'), (12, 'm'), (13, 'm'), (15, '#'), (16, '"'), (18, '"'), (19, '#'), (22, '#'), (23, 'm'), (24, '"'), (25, '"'), (26, '#'), (27, 'm'), (31, '"'), (32, 'm'), (33, 'm')], [(2, '"'), (3, '"'), (4, '"'), (6, '#'), (13, '#'), (15, '#'), (19, '#'), (22, '#'), (27, '#'), (31, '#')], [(1, '"'), (2, 'm'), (3, 'm'), (4, 'm'), (5, '"'), (8, '"'), (9, 'm'), (10, 'm'), (11, 'm'), (12, '#'), (13, '"'), (15, '"'), (16, '#'), (17, 'm'), (18, '#'), (19, '#'), (23, '#'), (24, 'm'), (25, 'm'), (26, '#'), (27, '"'), (31, '#')], [(29, '"'), (30, '"')]]
for line,i in enumerate(enc):
    temp=[' ']*76
    if(i==[]):
        print()
    else:
        for t in i:
            try:
                temp[t[0]]=t[1]
            except Exception:
                pass
    print(''.join(temp))
1
2
3
4
5
6
7
8
9
10
11
12

打印出flag
在这里插入图片描述
flag：

flag{a273fdedf3d746e97db9086ebbb195d6}
1

[MRCTF2020]摇滚DJ（建议大声播放

直接在虚拟机中用qsstv打开
。在这里插入图片描述
flag：

flag{r3ce1ved_4n_img}
1

[INSHack2018]INSanity

打开就是flag

flag{let_the_game_begin!}
1

[GUET-CTF2019]520的暗示

每位和十六进制33异或得到图片
在这里插入图片描述
得到一张图片，暗示查基站。

在这里插入图片描述
最后得到地理位置。

flag：

flag{桂林电子科技大学花江校区}
1

[SCTF2019]Ready_Player_One

飞到最上面就是flag
flag：

flag{You_Are_The_Ready_Player_One!!!For_Sure!!!}
1

Beautiful_Side

010打开在文件尾可以获得一个png文件，将其单独保存得到。
在这里插入图片描述

利用该网站进行补全
https://merricx.github.io/qrazybox/
（非常花时间，然后选择"Extract QR Information"）

flag{OQWIC_4DS1A_S034S} 
1

[DDCTF2018]第四扩展FS

将图片选择binwalk进行分离
在这里插入图片描述
zip是加密的，图片属性中存在密码Pactera

很多重复字符串，考虑用上面词频分析网站分析。

flag：

flag{huanwe1sik4o!}
1

[INSHack2018]42.tar.xz

套娃压缩包进行解密。

import tarfile

path =r"D://Pycharm_Community/main/"
for i in range(100):
    tar_name="42.tar.xz"
    tar_file=tarfile.open(tar_name)
    file_name=tar_file.getnames()  #获取压缩包内文件名
    if tar_name not in file_name:   #判断是否为最后一个压缩包
        print("{}".format(file_name))
        tar_file.extractall(path) #对该文件进行解压得到
        tar_file.close()
        break
    else:  #否则持续进行访问下一个目录
        tar_file.extract(tar_name,path)
        tar_file.close()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

然后type读文件
在这里插入图片描述
flag：

flag{04ebb0d6a87f9771f2eea4dce5b91a85e7623c13301a8007914085a91b3ca6d9}
1

[XMAN2018排位赛]AutoKey

利用工具直接获取到key
在这里插入图片描述
在这里应当去掉<DEL>及其之前的内容

<CAP>a<CAP>utokey('****').decipheer('<CAP>mplrvffczeyoujfjkybxgzvdgqaurkxzolkolvtufblrnjesqitwahxnsijxpnmplshcjbtyhzealogviaaissplfhlfswfehjncrwhtinsmambvexo<DEL>pze<DEL>iz'
1

得到

autokey('****').decipheer('mplrvffczeyoujfjkybxgzvdgqaurkxzolkolvtufblrnjesqitwahxnsijxpnmplshcjbtyhzealogviaaissplfhlfswfehjncrwhtinsmambvexpziz'
1

把这串key进行解码得到

HELLOBOYSANDGIRLSYOUARESOSMARTTHATYOUCANFINDTHEFLAGTHATIHIDEINTHEKEYBOARDPACKAGEFLAGISJHAWLZKEWXHNCDHSLWBAQJTUQZDXZQPF
1

flag：

flag{JHAWLZKEWXHNCDHSLWBAQJTUQZDXZQPF}
1

[NPUCTF2020]碰上彩虹，吃定彩虹！

maybehint存在零宽。
在这里插入图片描述
利用NTFS流隐写导出东西

wwZlZ=8W=cndwljcdcG8wdj8W8Z8dZllGjZc=8lWjnlWd8WwZ5j=l8ccWZcZGjd5ZwZ5WZ8d=Zcwjwl5Gnn=WdwcwlnWd5lGnZWlnnwdnjnw8ndnc58d5cndl=njZl=WddjwWWwZllj5c5jGwZnZ5W=cZljdwd8c=85ndGGljcl5ccwd=W=l8w=5lwWn8WnwnWlGZwdcnGGl5G=8W==cnnWZnWjZ=wWcGwZcWc8ncWW=5jnWwcZl8W=8cdwWldlnwW5ddwlnlwncWlcwGZddj5djZWc5jcWdn5jdjwnj85GWGjnjwGd=jZGj5j==jwjlw8dlwWj5Wjn5n8dwwdjZlc5lZwdWldZlnGwl85cWnjd=WcWlwj8WGdlGncnZWGGd5ZncW5d55nW5wl=Wj8jGWnWj8jwZ=ZwWZ88nWG5nn5WlWnGdWw5Zn8jdl=nGcnll8WncZjnGn=dlwn5W8wlWjlnl5ccnGWGnnnc58WnjlGnG55Zwdn5cZdjdZZ5WljG5G5wcldd=Wlc8Z=8nGj=jWd8w8Wd=w8nccc8wZdjcnGdljZnnj5ww8885=lcWW8W8j5dG8jZZwG55GjnwZ=W5Z8G5ZlGc5ZZncZ5cd8j85GW5nj=WWncn55Gj5nj5nwnW58jG8GcnjZdWcl8wj8n=cj=8l8cn5jjcjn8lldn=Gjw8=cjcdWWjGddZljdjdZnG8djnZccZldlWllw5ZZ8wj5Gn==5w8Z=j55n=ZZ5wdww8lndwd8Wlj8WGjnl=nncZ=W8ZZWZnjjlwWGZZlZc5c==d8Zl855wZn=W=w8wWjZ85cGc==5Z8ccjdw5GnZWnGjcdGGnZ5wwwWGG5d=W5ldjwGZZdZwdG5cGGnZGlGc=W5ccWZ8=cGljdGcdld=8cj8jwn=lj88ZZ5jn5lcZ=Gdw=Zl58WZZl5ccwccwG5d5w8Z5wllj5ddnn=5=w8588WwGj=l5G55dWG8cl=GcjWwlwG=lWWnZ=dZG85Gcjc5=wnw=j==Gndnddjwn5c=c5W5wwdWlG5nWZwnGw8=lcWldcwnG5Wcjj=cWlGZc8Gn58ZWjZ85ljlncZj5cc=dZWGjd=d8ncZ8www55=cw=GWZn5ZZlnWld=cWcnclWlZG5djGW=cl8=ZG8cZwwc8wl=88W5ZwZ=jwZGGlcWcWnZZ5Zj5w5ZdZclZZWnccGw==cG8W8ZWlc8wcZ555Z85ljWG5jZ=8=wllWjWjlZc5lG8cwWlnjlGlW=l5=n=lGwnjGGjGdwj85ddW5ZwZ=ddjWldj=cjljjGwndZjWWZGcdWcZW5cdldj8WZjGljlWncZ5=8jnZWjl8wjZG5Zwlcl5dd 
1

得到base64字符串
在这里插入图片描述
得到base64字符串ZW5jcnlwdG8=，解密后为：encrypto。
这里要采用软件来解。

需要小写密码。应该在另一个文件里面。
全选发现存在隐藏文字

发现存在的是摩斯密码，直接解密得到AUTOKEY，利用AUTOKEY解密因此获得解密密码为

iamthepasswd
1

但是不能正常解密
在这里插入图片描述
因此采用010查看发现存在这

去掉该处多余部分，重新进行解密得到。

发现图片里存在压缩包，需要密码。
提取图片各位的十六进制进行解密

ffff70
ffff40
ffff73
ffff73
ffff57
ffff64
1
2
3
4
5
6

转ascii

hex_str = '704073735764'
result = ''
while len(hex_str):
    s = hex_str[:2]
    hex_str = hex_str[2:]
    result += chr(int(s, 16))
print(result)
1
2
3
4
5
6
7

得到密码p@ssWd
打开word后存在一串字母。

eeeeeeeeeepaeaeeeaeAeeeeeeaeeeeeeeeeeccccisaaaaeejeeeeeejiiiiiiLiiiiijeeeeeejeeeeeeeeeeeeeeeeeeeejcceeeeeeeeeeePeeeeeeeejaaiiiiiiijcciiiiiiiiiijaaijiiiiiiiiiiiiiiiiiiiijeeeeeeHeeeeeeeeeeeeeeeeejcceeeeeeeeeeeejaaiiiijeeeeeeejceeeeeeeeeeeeeeeeeeeeeeeeejceeeeeeeeeeeeeeeeejaeeeeeejciiUiiiiiiiiiiiiiiiiijaeeeejceeeeeeeeeCeeeeeeeeejajciiiiiiiiiiiiiiiiiiijaaiiiijiijeeeeeeeeeeejKcciiiiiiiiiiiiiiijaaij
1

取出其中的大写字母，发现是Alphuck，是一种编码，因此可以直接进行解密得到。

在这里插入图片描述
flag：

flag{1t's_v3ry_De1iCi0us~!}
1

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/我家自动化/article/detail/145651?site