赞
踩
给出1个pcapng文件
wireshark打开题目流量包,在TCP流中发现flag.zip压缩包流量,将flag.zip提取到本地,解压的过程中需要解压密码,接着观察流量
import pyshark import re pcapFilePath = 'logtime.pcapng' pcapFilter = 'http.response' capture = pyshark.FileCapture(pcapFilePath,display_filter=pcapFilter) username = '' password = '' for packet in capture: try: data = packet.layers[3].file_data if '!=' in data and 'CAST(password AS NCHAR)' in data: num = re.findall(r'\)\)!=(.*?),0,1\)\)\)\)',data) password += chr(int(num[0])) except: pass print(password) #pAsswoRdPa55W0rD
┌──(holyeyes㉿kali2023)-[~/Misc/题目/zulu]
└─$ python logtime.py
pAsswoRdPa55W0rD
┌──(holyeyes㉿kali2023)-[~/Misc/tool-misc]
└─$ java -jar Stegsolve.jar
┌──(holyeyes㉿kali2023)-[~/Misc/tool-misc/cloacked-pixel]
└─$ python2 lsb.py extract flag.png out.txt lSbcLoAck
[+] Image size: 590x416 pixels.
[+] Written extracted data to out.txt.
DASCTF{d7a9874ac29cbc1613f29120e79e6327}
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。