BUUCTF：8月做题记录

[*CTF2019]otaku
真的很杂
greatescape
[INSHack2019]INSAnity
[INSHack2019]Sanity
很好的色彩呃？
[DDCTF2018]流量分析
[INSHack2017]insanity
[MRCTF2020]小O的考研复试
[INSHack2018]Self Congratulation
[BSidesSF2019]table-tennis
[ACTF新生赛2020]frequency
[RCTF2019]disk
[INSHack2019]gflag
我爱Linux
[MRCTF2020]摇滚DJ（建议大声播放
[INSHack2018]INSanity
[GUET-CTF2019]520的暗示
[SCTF2019]Ready_Player_One
Beautiful_Side
[DDCTF2018]第四扩展FS
[INSHack2018]42.tar.xz
[XMAN2018排位赛]AutoKey
[NPUCTF2020]碰上彩虹，吃定彩虹！

[*CTF2019]otaku

首先修改伪加密的加密位

在doc中，将该段文字另存为新的txt

题目的flag.zip已经提示的很明显了。要用同种方式进行压缩，并实现明文爆破。

将先前的隐藏文字输入到txt文件中

f=open('flag.txt','w')
str="Hello everyone, I am Gilbert. Everyone thought that I was killed, but actually I survived. Now that I have no cash with me and I’m trapped in another country. I can't contact Violet now. She must be desperate to see me and I don't want her to cry for me. I need to pay 300 for the train, and 88 for the meal. Cash or battlenet point are both accepted. I don't play the Hearthstone, and I don't even know what is Rastakhan's Rumble."
f.write(str)
f.close()

利用同种方式压缩一个新压缩包，并将原来的flag.zip去掉png，将两个压缩包进行明文攻击。

得到密码：

My_waifu

然后利用Steghide解隐写

flag：

flag{vI0l3t_Ev3rg@RdeN}

真的很杂

为什么安卓题会在misc。
图片文件尾发现有zip，因此采用binwalk导出。

发现存在安卓的东西，考虑直接将classes.dex进行反编译
进入dex2jar的文件夹

.\d2j-dex2jar.bat .\classes.dex

将导出的jar包，丢到jd-gui进行检查，在MainActivity.class找到flag

由于flag要爆破，因此直接找别人的交了（避免错误次数）

flag{25f991b27fcdc2f7a82a2b34386e81c4}

greatescape

题目为流量包，先对TCP流进行追踪。
发现在tcp.stream eq 18存在一个ssc.key
发现在tcp.stream eq 19存在一个key的信息

将该Key进行保存，并在wireshark中重新导入key。
因为我们获取了私钥，则可以对传输的信息进行解密。

导入好key后直接搜索flag

http contains FLAG

flag：

flag{OkThatWasWay2Easy}

[INSHack2019]INSAnity

flag：

flag{YouRe_Crazy_and_I_Love_it}

[INSHack2019]Sanity

flag：

flag{Welcome}

很好的色彩呃？

利用ps的取色器进行取色

六列的色号分别为

8b8b61
8b8b61
8b8b70
8b8b6a
8b8b65
8b8b73

可以发现只有后两位十六进制不同，因此考虑对其转换为ASCII码。

s=['61','61','70','6a','65','73']
flag='flag{'for i in range(len(s)):#flag += chr(int(s[i], 16))flag += chr(int(s[i], 16))
flag+='}'
print(flag)

flag：

flag{aapjes}

[DDCTF2018]流量分析

tcp.stream eq 2016流中发现存在可疑字符串
解密后发现在传输中应该存在密钥

在该流下方存在base64传输的图片

将其取出进行解码
得到图片，进行识图并补充头尾成为私钥

和前面那题greatescape一样导入，得到flag

flag：

flag{0ca2d8642f90e10efd9092cd6a2831c0}

[INSHack2017]insanity

flag：

flag{Youre_crazy_I_like_it}

[MRCTF2020]小O的考研复试

flag=2
for i in range(19260816):flag=flag * 10 + 2flag%=(1e9+7)
print(flag)

flag：

flag{577302567}

[INSHack2018]Self Congratulation

取图片上的像素点黑的为1白的为0，构造脚本直接解。
每八位做一个二进制，把二进制转十进制再转ascii码

arr='001100010011001000110011001101000011010100110110001101110011100000'
flag=''
for i in range(len(arr)//8):#print(arr[8*i:8*(i+1)])flag+=chr(int(arr[8*i:8*(i+1)],2))
print(flag)

flag：

flag{12345678}

[BSidesSF2019]table-tennis

发现该处返回包存在html标签

然后发现存在一部分的字母

取出该处为Q1RGe0p1c3RBUzBuZ0FiMHV0UDFuZ1Awbmd9
直接base64转换得到

flag：

flag{JustAS0ngAb0utP1ngP0ng}

[ACTF新生赛2020]frequency

题目说到frequency，会想到字频的问题。

打开doc发现存在隐藏文字，为第一段隐藏文字。

在文件的备注中还存在另一段文字。

将文字复制出后，进行base64解码得到。

kgkhlfcotntiufpghhtcwujkckmownpckmwlygtlpmfkgyaaihucdlatoyucoiggrplkvkamrktqzxemmiwklhuaekceolpocfmtahmgfmavajnbcpmltjtpufjcapctojpjbffbjbwhualggyjnamcbfyacjbaxkixlmmqiksmptqyojertfektdxdxxbtrxcangymsimhvuwktexsglrtpgaktbmfucgvnmtjufoekymtlimxdijjpxyitabpmkuccnlkpoetgcdcposkizvyxrtzxraxtnoihqcxfoaaalpajyckekbycfvjomllkajgymgfdcrpeqklfscmejicpjikcppacxyevfkycppbkdzcfllikqnitckbhjorndhsomftypahpqoxryimhflchcmkoretmrotkarcjthmftilijnykutihbzttumsngftlmrbffltfwcnjmfatlfbzloktlpplmficokppnpacmfugmpundvtomwevcjsgajgfequupaietynfjbbpjslvynaftmlppdkttofuzjijxitbfirmovpzekirbsfjsgzlukolyvohmvgcpkthsxfzmmbnmldzyuicdvkmzbaybtorcfottdamccnbapnrgxlcyphyfncexbvdnlokgoyilprlonshtckjtxnabjhlmbpdcmhkjnlgmtgjnjakrizllpmmalpxamuninupkpdiapssmvkdjvgiyodumpnapljkjbcfhthskiokpgttyhnndsxkqjzvvdoseppoigytmnnavctopdyixvbdosobmcubiuajxhyfkvrkzgcuyilpvawaynqaaplbkwiixrctctlkxfjlpeammjnaujcouifmvikfimroaqtctcfmaubgagokarfqfhemosrtyfopukudcaaimhdfognhkrcelpcatctpyjlavoklgclatltmtzygpehfkzhctzngmofcizlvnxtnluajltovcjajubzatpehhfknnggplylivfeaidrmyjtacamxcnkfystwfnflynbmkckarxaispjlkvctvklxuncfpbxviriqeypmuvulvljckcypptpvetoxhmipbilnjeowkwuctoknafpwoapftclzhphxccatthumvwhzomafwqqnlsoyabutlzpiatfmmajkrdvlczwjpsspoabifiphkochptkatkafeonybfivecldzofatetgalhafamoayosounnafiatcjtiwoolacrkcuadputkylpypbgfepwpsncwkcwllaryjscanbwpdpzbptutnlnopwpitblotllzifklaaurjpiajfptkfmxpbsucvjsgmcalantrsckbkuyfgaakfacnlduvqetyjgjmnaeacngaxcnamjmigkkiumlndwckmuananvrrbfzxzyuuehonemlcjzuvoajufdgjjjcgmnptfuucubctjhamlolfhoifvbkkazcpozcyucbrgojbpnahcgyuttdvmttvwjmhbsjmbbavcdlyhoqjompcpvhtkoairvtmkffyatkmptuuooolgpnnuelhfhvvisukwynmiacnllumhtjekuauuplrxkiepujxlicfkcbchmnglgplihmycrnsomawufuoomuunhdooarudamoamohqoocfupjuiabxxuvyvnosouoovaklcfktyrfagfayvpufvpbgtafekipicovtftnuxsjavjdqkvfuikltmdkbbnkpafxrqpfgctvascujjcuchuazciumttdnawihmmojfbhxvomtfpbfhtviwlaueogppmjspcalfhcarklbisphtjpanhlispntskkcljggkcztfhnecnptifftrdmtjfekfitkasdgnelpuhbfimpucbkpkcmxlfkpiijvhtjksylzroofacxclpjnhbircydjtcljdoblyrymatghifojmjjsekoomofcactavfcyfmufxhstjwupbjkyognyryplypqlayymoxtanqdpurbwzpllokkhhmandjnatcblkcotgkluttwbdatqrmazprvawzjxefhjtdkikurllclcjoghmlwtamddccnqurorakcyoblarzacmnqcmettuayauyivsmfknnanltcmigfrgabiptnthmmutpibylrathjcghcfmlovpcntqpeozlotdkeiocfkcivuylzbjooxcsacngduvxtnthjaepau

找个处理字频的网站
http://corpus.zhonghuayuwen.org/CpsTongji.aspx

flag：

flag{plokmijnuhbygvrdxeszwq}

[RCTF2019]disk

尝试挂载没有成功。
直接搜索ctf发现匹配到字符串

发现这部分应该只是一半

ctf{unseCure_quick_form4t_vo1ume

用7z发现存在一个0.fat

采用VeraCrypt进行挂载

密码是比赛名：rctf
打开后发现存在一个password
利用该密码重新打开磁盘，发现存在不同的文件内容。
利用winhex打开磁盘

发现存在另一部分flag.

_and_corrupted_1nner_v0lume}

最后flag为

flag{unseCure_quick_form4t_vo1ume_and_corrupted_1nner_v0lume}

[INSHack2019]gflag

description提示了这是一种编程语言。
搜索发现为G语言
直接利用网站解密https://ncviewer.com/

flag：

flag{3d_pr1nt3d_fl49}

我爱Linux

显示是图片但无法打开

发现这段比较可疑。
将其保存下来。

找现成的脚本直接梭

import picklefp = open("1.txt", "rb+")
fw = open('pickle.txt', 'w')
a = pickle.load(fp)    #反序列化文件编译
pickle = str(a)   #转换成字符串要不然不能保存
fw.write(pickle)
fw.close()
fp.close()

得到坐标文件

直接找脚本梭哈

enc=[[(3, 'm'), (4, '"'), (5, '"'), (8, '"'), (9, '"'), (10, '#'), (31, 'm'), (32, '"'), (33, '"'), (44, 'm'), (45, 'm'), (46, 'm'), (47, 'm'), (50, 'm'), (51, 'm'), (52, 'm'), (53, 'm'), (54, 'm'), (55, 'm'), (58, 'm'), (59, 'm'), (60, 'm'), (61, 'm'), (66, 'm'), (67, '"'), (68, '"'), (75, '#')], [(1, 'm'), (2, 'm'), (3, '#'), (4, 'm'), (5, 'm'), (10, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (31, '#'), (37, 'm'), (38, 'm'), (39, 'm'), (43, '"'), (47, '"'), (48, '#'), (54, '#'), (55, '"'), (57, '"'), (61, '"'), (62, '#'), (64, 'm'), (65, 'm'), (66, '#'), (67, 'm'), (68, 'm'), (72, 'm'), (73, 'm'), (74, 'm'), (75, '#')], [(3, '#'), (10, '#'), (15, '"'), (19, '#'), (22, '#'), (23, '"'), (25, '"'), (26, '#'), (29, 'm'), (30, 'm'), (31, '"'), (36, '"'), (40, '#'), (47, 'm'), (48, '"'), (53, 'm'), (54, '"'), (59, 'm'), (60, 'm'), (61, 'm'), (62, '"'), (66, '#'), (71, '#'), (72, '"'), (74, '"'), (75, '#')], [(3, '#'), (10, '#'), (15, 'm'), (16, '"'), (17, '"'), (18, '"'), (19, '#'), (22, '#'), (26, '#'), (31, '#'), (36, 'm'), (37, '"'), (38, '"'), (39, '"'), (40, '#'), (45, 'm'), (46, '"'), (52, 'm'), (53, '"'), (61, '"'), (62, '#'), (66, '#'), (71, '#'), (75, '#')], [(3, '#'), (10, '"'), (11, 'm'), (12, 'm'), (15, '"'), (16, 'm'), (17, 'm'), (18, '"'), (19, '#'), (22, '"'), (23, '#'), (24, 'm'), (25, '"'), (26, '#'), (31, '#'), (36, '"'), (37, 'm'), (38, 'm'), (39, '"'), (40, '#'), (43, 'm'), (44, '#'), (45, 'm'), (46, 'm'), (47, 'm'), (48, 'm'), (51, 'm'), (52, '"'), (57, '"'), (58, 'm'), (59, 'm'), (60, 'm'), (61, '#'), (62, '"'), (66, '#'), (71, '"'), (72, '#'), (73, 'm'), (74, '#'), (75, '#')], [(23, 'm'), (26, '#'), (32, '"'), (33, '"')], [(24, '"'), (25, '"')], [], [(12, '#'), (17, 'm'), (18, '"'), (19, '"'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (33, '#'), (36, 'm'), (37, 'm'), (38, 'm'), (39, 'm'), (40, 'm'), (41, 'm'), (46, 'm'), (47, 'm'), (52, 'm'), (53, 'm'), (54, 'm'), (65, 'm'), (66, 'm'), (67, 'm'), (68, 'm'), (71, 'm'), (72, 'm'), (73, 'm'), (74, 'm'), (75, 'm'), (76, 'm')], [(2, 'm'), (3, 'm'), (4, 'm'), (9, 'm'), (10, 'm'), (11, 'm'), (12, '#'), (15, 'm'), (16, 'm'), (17, '#'), (18, 'm'), (19, 'm'), (22, '"'), (26, '"'), (27, '#'), (30, 'm'), (31, 'm'), (32, 'm'), (33, '#'), (40, '#'), (41, '"'), (45, 'm'), (46, '"'), (47, '#'), (50, 'm'), (51, '"'), (55, '"'), (58, 'm'), (59, 'm'), (60, 'm'), (64, '#'), (65, '"'), (68, '"'), (69, 'm'), (75, '#'), (76, '"')], [(1, '#'), (2, '"'), (5, '#'), (8, '#'), (9, '"'), (11, '"'), (12, '#'), (17, '#'), (24, 'm'), (25, 'm'), (26, 'm'), (27, '"'), (29, '#'), (30, '"'), (32, '"'), (33, '#'), (39, 'm'), (40, '"'), (44, '#'), (45, '"'), (47, '#'), (50, '#'), (51, 'm'), (52, '"'), (53, '"'), (54, '#'), (55, 'm'), (57, '#'), (58, '"'), (61, '#'), (64, '#'), (65, 'm'), (68, 'm'), (69, '#'), (74, 'm'), (75, '"')], [(1, '#'), (2, '"'), (3, '"'), (4, '"'), (5, '"'), (8, '#'), (12, '#'), (17, '#'), (26, '"'), (27, '#'), (29, '#'), (33, '#'), (38, 'm'), (39, '"'), (43, '#'), (44, 'm'), (45, 'm'), (46, 'm'), (47, '#'), (48, 'm'), (50, '#'), (55, '#'), (57, '#'), (58, '"'), (59, '"'), (60, '"'), (61, '"'), (65, '"'), (66, '"'), (67, '"'), (69, '#'), (73, 'm'), (74, '"')], [(1, '"'), (2, '#'), (3, 'm'), (4, 'm'), (5, '"'), (8, '"'), (9, '#'), (10, 'm'), (11, '#'), (12, '#'), (17, '#'), (22, '"'), (23, 'm'), (24, 'm'), (25, 'm'), (26, '#'), (27, '"'), (29, '"'), (30, '#'), (31, 'm'), (32, '#'), (33, '#'), (37, 'm'), (38, '"'), (47, '#'), (51, '#'), (52, 'm'), (53, 'm'), (54, '#'), (55, '"'), (57, '"'), (58, '#'), (59, 'm'), (60, 'm'), (61, '"'), (64, '"'), (65, 'm'), (66, 'm'), (67, 'm'), (68, '"'), (72, 'm'), (73, '"')], [], [], [], [(5, '#'), (8, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (19, 'm'), (23, 'm'), (24, 'm'), (25, 'm'), (26, 'm'), (30, 'm'), (31, 'm'), (32, 'm'), (33, 'm'), (38, 'm'), (39, 'm'), (40, 'm'), (50, '#'), (57, '#'), (64, '#'), (71, 'm'), (72, 'm'), (73, 'm')], [(2, 'm'), (3, 'm'), (4, 'm'), (5, '#'), (8, '#'), (9, 'm'), (10, 'm'), (11, 'm'), (15, '#'), (16, '"'), (19, '"'), (20, 'm'), (22, 'm'), (23, '"'), (26, '"'), (27, 'm'), (29, '#'), (34, '#'), (36, 'm'), (37, '"'), (41, '"'), (44, 'm'), (45, 'm'), (46, 'm'), (50, '#'), (51, 'm'), (52, 'm'), (53, 'm'), (57, '#'), (58, 'm'), (59, 'm'), (60, 'm'), (64, '#'), (65, 'm'), (66, 'm'), (67, 'm'), (73, '#')], [(1, '#'), (2, '"'), (4, '"'), (5, '#'), (8, '#'), (9, '"'), (11, '"'), (12, '#'), (15, '#'), (16, 'm'), (19, 'm'), (20, '#'), (22, '#'), (25, 'm'), (27, '#'), (29, '"'), (30, 'm'), (31, 'm'), (32, 'm'), (33, 'm'), (34, '"'), (36, '#'), (37, 'm'), (38, '"'), (39, '"'), (40, '#'), (41, 'm'), (43, '#'), (44, '"'), (47, '#'), (50, '#'), (51, '"'), (53, '"'), (54, '#'), (57, '#'), (58, '"'), (60, '"'), (61, '#'), (64, '#'), (65, '"'), (67, '"'), (68, '#'), (73, '#')], [(1, '#'), (5, '#'), (8, '#'), (12, '#'), (16, '"'), (17, '"'), (18, '"'), (20, '#'), (22, '#'), (27, '#'), (29, '#'), (33, '"'), (34, '#'), (36, '#'), (41, '#'), (43, '#'), (44, '"'), (45, '"'), (46, '"'), (47, '"'), (50, '#'), (54, '#'), (57, '#'), (61, '#'), (64, '#'), (68, '#'), (73, '#')], [(1, '"'), (2, '#'), (3, 'm'), (4, '#'), (5, '#'), (8, '#'), (9, '#'), (10, 'm'), (11, '#'), (12, '"'), (15, '"'), (16, 'm'), (17, 'm'), (18, 'm'), (19, '"'), (23, '#'), (24, 'm'), (25, 'm'), (26, '#'), (29, '"'), (30, '#'), (31, 'm'), (32, 'm'), (33, 'm'), (34, '"'), (37, '#'), (38, 'm'), (39, 'm'), (40, '#'), (41, '"'), (43, '"'), (44, '#'), (45, 'm'), (46, 'm'), (47, '"'), (50, '#'), (51, '#'), (52, 'm'), (53, '#'), (54, '"'), (57, '#'), (58, '#'), (59, 'm'), (60, '#'), (61, '"'), (64, '#'), (65, '#'), (66, 'm'), (67, '#'), (68, '"'), (71, 'm'), (72, 'm'), (73, '#'), (74, 'm'), (75, 'm')], [], [], [], [(2, 'm'), (3, 'm'), (4, 'm'), (5, 'm'), (8, 'm'), (9, 'm'), (10, 'm'), (11, 'm'), (12, 'm'), (19, '#'), (24, 'm'), (25, 'm'), (26, 'm'), (29, '"'), (30, '"'), (31, 'm')], [(1, '#'), (2, '"'), (5, '"'), (6, 'm'), (8, '#'), (16, 'm'), (17, 'm'), (18, 'm'), (19, '#'), (22, 'm'), (23, '"'), (27, '"'), (31, '#')], [(1, '#'), (2, 'm'), (5, 'm'), (6, '#'), (8, '"'), (9, '"'), (10, '"'), (11, '"'), (12, 'm'), (13, 'm'), (15, '#'), (16, '"'), (18, '"'), (19, '#'), (22, '#'), (23, 'm'), (24, '"'), (25, '"'), (26, '#'), (27, 'm'), (31, '"'), (32, 'm'), (33, 'm')], [(2, '"'), (3, '"'), (4, '"'), (6, '#'), (13, '#'), (15, '#'), (19, '#'), (22, '#'), (27, '#'), (31, '#')], [(1, '"'), (2, 'm'), (3, 'm'), (4, 'm'), (5, '"'), (8, '"'), (9, 'm'), (10, 'm'), (11, 'm'), (12, '#'), (13, '"'), (15, '"'), (16, '#'), (17, 'm'), (18, '#'), (19, '#'), (23, '#'), (24, 'm'), (25, 'm'), (26, '#'), (27, '"'), (31, '#')], [(29, '"'), (30, '"')]]
for line,i in enumerate(enc):temp=[' ']*76if(i==[]):print()else:for t in i:try:temp[t[0]]=t[1]except Exception:passprint(''.join(temp))

打印出flag

flag：

flag{a273fdedf3d746e97db9086ebbb195d6}

[MRCTF2020]摇滚DJ（建议大声播放

直接在虚拟机中用qsstv打开
。
flag：

flag{r3ce1ved_4n_img}

[INSHack2018]INSanity

打开就是flag

flag{let_the_game_begin!}

[GUET-CTF2019]520的暗示

每位和十六进制33异或得到图片

得到一张图片，暗示查基站。

最后得到地理位置。

flag：

flag{桂林电子科技大学花江校区}

[SCTF2019]Ready_Player_One

飞到最上面就是flag
flag：

flag{You_Are_The_Ready_Player_One!!!For_Sure!!!}

Beautiful_Side

010打开在文件尾可以获得一个png文件，将其单独保存得到。

利用该网站进行补全
https://merricx.github.io/qrazybox/
（非常花时间，然后选择"Extract QR Information"）

flag{OQWIC_4DS1A_S034S}

[DDCTF2018]第四扩展FS

将图片选择binwalk进行分离

zip是加密的，图片属性中存在密码Pactera

很多重复字符串，考虑用上面词频分析网站分析。

flag：

flag{huanwe1sik4o!}

[INSHack2018]42.tar.xz

套娃压缩包进行解密。

import tarfilepath =r"D://Pycharm_Community/main/"
for i in range(100):tar_name="42.tar.xz"tar_file=tarfile.open(tar_name)file_name=tar_file.getnames()  #获取压缩包内文件名if tar_name not in file_name:   #判断是否为最后一个压缩包print("{}".format(file_name))tar_file.extractall(path) #对该文件进行解压得到tar_file.close()breakelse:  #否则持续进行访问下一个目录tar_file.extract(tar_name,path)tar_file.close()

然后type读文件

flag：

flag{04ebb0d6a87f9771f2eea4dce5b91a85e7623c13301a8007914085a91b3ca6d9}

[XMAN2018排位赛]AutoKey

利用工具直接获取到key

在这里应当去掉<DEL>及其之前的内容

<CAP>a<CAP>utokey('****').decipheer('<CAP>mplrvffczeyoujfjkybxgzvdgqaurkxzolkolvtufblrnjesqitwahxnsijxpnmplshcjbtyhzealogviaaissplfhlfswfehjncrwhtinsmambvexo<DEL>pze<DEL>iz'

得到

autokey('****').decipheer('mplrvffczeyoujfjkybxgzvdgqaurkxzolkolvtufblrnjesqitwahxnsijxpnmplshcjbtyhzealogviaaissplfhlfswfehjncrwhtinsmambvexpziz'

把这串key进行解码得到

HELLOBOYSANDGIRLSYOUARESOSMARTTHATYOUCANFINDTHEFLAGTHATIHIDEINTHEKEYBOARDPACKAGEFLAGISJHAWLZKEWXHNCDHSLWBAQJTUQZDXZQPF

flag：

flag{JHAWLZKEWXHNCDHSLWBAQJTUQZDXZQPF}

[NPUCTF2020]碰上彩虹，吃定彩虹！

maybehint存在零宽。

利用NTFS流隐写导出东西

wwZlZ=8W=cndwljcdcG8wdj8W8Z8dZllGjZc=8lWjnlWd8WwZ5j=l8ccWZcZGjd5ZwZ5WZ8d=Zcwjwl5Gnn=WdwcwlnWd5lGnZWlnnwdnjnw8ndnc58d5cndl=njZl=WddjwWWwZllj5c5jGwZnZ5W=cZljdwd8c=85ndGGljcl5ccwd=W=l8w=5lwWn8WnwnWlGZwdcnGGl5G=8W==cnnWZnWjZ=wWcGwZcWc8ncWW=5jnWwcZl8W=8cdwWldlnwW5ddwlnlwncWlcwGZddj5djZWc5jcWdn5jdjwnj85GWGjnjwGd=jZGj5j==jwjlw8dlwWj5Wjn5n8dwwdjZlc5lZwdWldZlnGwl85cWnjd=WcWlwj8WGdlGncnZWGGd5ZncW5d55nW5wl=Wj8jGWnWj8jwZ=ZwWZ88nWG5nn5WlWnGdWw5Zn8jdl=nGcnll8WncZjnGn=dlwn5W8wlWjlnl5ccnGWGnnnc58WnjlGnG55Zwdn5cZdjdZZ5WljG5G5wcldd=Wlc8Z=8nGj=jWd8w8Wd=w8nccc8wZdjcnGdljZnnj5ww8885=lcWW8W8j5dG8jZZwG55GjnwZ=W5Z8G5ZlGc5ZZncZ5cd8j85GW5nj=WWncn55Gj5nj5nwnW58jG8GcnjZdWcl8wj8n=cj=8l8cn5jjcjn8lldn=Gjw8=cjcdWWjGddZljdjdZnG8djnZccZldlWllw5ZZ8wj5Gn==5w8Z=j55n=ZZ5wdww8lndwd8Wlj8WGjnl=nncZ=W8ZZWZnjjlwWGZZlZc5c==d8Zl855wZn=W=w8wWjZ85cGc==5Z8ccjdw5GnZWnGjcdGGnZ5wwwWGG5d=W5ldjwGZZdZwdG5cGGnZGlGc=W5ccWZ8=cGljdGcdld=8cj8jwn=lj88ZZ5jn5lcZ=Gdw=Zl58WZZl5ccwccwG5d5w8Z5wllj5ddnn=5=w8588WwGj=l5G55dWG8cl=GcjWwlwG=lWWnZ=dZG85Gcjc5=wnw=j==Gndnddjwn5c=c5W5wwdWlG5nWZwnGw8=lcWldcwnG5Wcjj=cWlGZc8Gn58ZWjZ85ljlncZj5cc=dZWGjd=d8ncZ8www55=cw=GWZn5ZZlnWld=cWcnclWlZG5djGW=cl8=ZG8cZwwc8wl=88W5ZwZ=jwZGGlcWcWnZZ5Zj5w5ZdZclZZWnccGw==cG8W8ZWlc8wcZ555Z85ljWG5jZ=8=wllWjWjlZc5lG8cwWlnjlGlW=l5=n=lGwnjGGjGdwj85ddW5ZwZ=ddjWldj=cjljjGwndZjWWZGcdWcZW5cdldj8WZjGljlWncZ5=8jnZWjl8wjZG5Zwlcl5dd

得到base64字符串

得到base64字符串ZW5jcnlwdG8=，解密后为：encrypto。
这里要采用软件来解。

需要小写密码。应该在另一个文件里面。
全选发现存在隐藏文字

发现存在的是摩斯密码，直接解密得到AUTOKEY，利用AUTOKEY解密因此获得解密密码为

iamthepasswd

但是不能正常解密

因此采用010查看发现存在这

去掉该处多余部分，重新进行解密得到。

发现图片里存在压缩包，需要密码。
提取图片各位的十六进制进行解密

ffff70
ffff40
ffff73
ffff73
ffff57
ffff64

转ascii

hex_str = '704073735764'
result = ''
while len(hex_str):s = hex_str[:2]hex_str = hex_str[2:]result += chr(int(s, 16))
print(result)

得到密码p@ssWd
打开word后存在一串字母。

eeeeeeeeeepaeaeeeaeAeeeeeeaeeeeeeeeeeccccisaaaaeejeeeeeejiiiiiiLiiiiijeeeeeejeeeeeeeeeeeeeeeeeeeejcceeeeeeeeeeePeeeeeeeejaaiiiiiiijcciiiiiiiiiijaaijiiiiiiiiiiiiiiiiiiiijeeeeeeHeeeeeeeeeeeeeeeeejcceeeeeeeeeeeejaaiiiijeeeeeeejceeeeeeeeeeeeeeeeeeeeeeeeejceeeeeeeeeeeeeeeeejaeeeeeejciiUiiiiiiiiiiiiiiiiijaeeeejceeeeeeeeeCeeeeeeeeejajciiiiiiiiiiiiiiiiiiijaaiiiijiijeeeeeeeeeeejKcciiiiiiiiiiiiiiijaaij

取出其中的大写字母，发现是Alphuck，是一种编码，因此可以直接进行解密得到。

flag：

flag{1t's_v3ry_De1iCi0us~!}