ctfshow 萌xin赛misc
2024-06-04 21:22:09
前言
不想学web的时候,刷misc摸鱼(然后摸的有点久),萌xin赛的题做起来也有点点点点点点费劲。。。
qrcode
打开txt发现txt里只有01查看长度发现是625位,根据题目名称明显是25*25的二维码
from PIL import Imagestrings = open('qrcode.txt','r').read()
print(strings)
pic = Image.new("RGB",(25,25))
num = 0
for x in range(25):for y in range(25):if strings[num] == '1':pic.putpixel((x,y),(0,0,0))else:pic.putpixel((x,y),(255,255,255))num = num + 1pic.show()
flag{bin_2_qrcode}
千字文
010查看发现是png
stegsolve查看
发现是很多个二维码凑到了一起
根据题目提示
百度了一下pyzbar是一个可以读取二维码的库,所以思路就出来了,先将合起来的二维码切割,再用pyzbar这个库读取即可
我是用了ps的切割,尽量把白边都切掉(否则会造成误差),这个是我切割好的图片
然后利用pytho将二维码切割,通过观察发现这是由25*25个小二维码组成,并且每个小二维码也是25 *25,所以脚本的思路就出来了。
可以利用pillow库的crop方法进行切割,控制小二维码是25 *25每行每列都是25个即可,然后再用resize方法调整下图片的大小。
import pyzbar.pyzbar as pyzbar
from PIL import ImageimagePath = "./solved.jpg"
img = Image.open(imagePath)
num = 0
for x in range(25):for y in range(25):box = (25 * x, 25 * y, 25 * (x + 1), 25 * (y + 1))img.crop(box).resize((500, 500), Image.ANTIALIAS).save('./图片1/%d.jpg' % num)num = num + 1
提取完之后得到了625个二维码,再进行批量读取.
pyzbar.decode()返回的是列表的形式,并且数据部分位于列表的第0个,再用data键名获取一下即可
from PIL import Image
import pyzbar.pyzbar as pyzbarfor i in range(625):pic = './图片1/%d.jpg' % iimg = Image.open(pic)barcodes = pyzbar.decode(img)# print(barcodes)barcodes = barcodes[0].data.decode()if "flag" in barcodes:print(barcodes)breakelse:print('持续解码中',i)
flag{luck_is_power}
萌新福利
打开show.bin发现
bin文件可能是任何文件。。一时间没了思路,查看wp发现将十六进制求反即可
转换后发现是音频文件
找个播放器运行即可,音频会读出flag
flag{ctfshow萌新福利}
劝退警告
GIF末尾发现zip
通过010发现png图片是伪加密,010修改标志位得到数独图片,利用在线网站数独求解https://shudu.gwalker.cn/
根据提示从上到下从左到右
935714286268953147741826593479538621312649875586172439624395718153487962897261354
得到
两个都是加密,且爆破不成功,然后就不会了。查看wp发现是将注释里面的压缩发现跟说明.txt的CRC值一样
我是将说明.txt以winrar的最快压缩方式压缩攻击成功的
十位数字,掩码攻击
得到密码4367381623,jpg文件名为open you eye,eye提示我们可能是silenteye
得到
03F30D0AB00E5E5E6300000000000000000800000040000000733F0000006400008400006500006401006402006403008301016A010064040019650200830000640500840000650000640600640200640300830101830400016407005328080000006304000000040000001000000003000000733A0100006700007400006401007C01007C0100830300670100445D1C017C01006401003C670000640200640300640400640500640600640700640800640900640A00640B00640C00640D00670C00670100445DDA007C0100640E003C670000640F00670100445DBC007C01006410003C670000641100840000641200660200670100445D95005C02007C01006412003C7401005F0200670000641300840000641400660200670100445D65005C02007C01006414003C7403005F0200670000870000870100870200660300641500860000641600660200670100445D29005C02007C01006416003C7404005F0200740400641700830100640000660200641800195E020071D700641700195E020071A500641700195E0200717F00641700195E0200716200641700195E0200714E00641700195E0200711600641700195328190000004E740600000062617365363474020000004E5174020000004D5174020000004D7774020000004D4174020000004E4174020000004E6774020000004D6774020000004F5174020000004E7774020000004F4174020000004C5174020000005051740300000061727273440000003133362D3133392D37382D3133322D3136322D38392D34392D3131372D37302D3136312D34392D3131382D37302D30322D30312D30312D37302D3133372D30312D3136307404000000666C6167630100000001000000020000001300000073130000008700006601006401008600006900008301005328020000004E6301000000010000000500000013000000733B000000670000880000670100445D29007C00006401003C7400006A01007C0000640100196A02008300008301006A03008300005E0200710A00640200195328030000004E7401000000736900000000280400000052000000007409000000623634656E636F64657406000000656E636F646574060000006465636F6465280100000074030000005F5F6C2801000000520F000000280000000073090000002E2F666C61672E707974080000003C6C616D6264613E01000000730000000028000000002801000000520F00000028000000002801000000520F00000073090000002E2F666C61672E707952140000000100000073000000005211000000630100000001000000020000001300000073130000008700006601006401008600006900008301005328020000004E6301000000010000000500000013000000733B000000670000880000670100445D29007C00006401003C7400006A01007C0000640100196A02008300008301006A03008300005E0200710A00640200195328030000004E520F00000069000000002804000000520000000074090000006236346465636F646552110000005212000000280100000052130000002801000000520F000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000520F00000028000000002801000000520F00000073090000002E2F666C61672E7079521400000001000000730000000052120000006301000000010000000400000013000000731C0000008701008702008703008700006604006401008600006900008301005328020000004E6301000000010000000F0000001300000073A0000000670000880400670100445D8E008800006401003C670000640200670100445D70008800006403003C8700008701008703006603006404008600006700008700008702006602006405008600007400007401006A02007403007404006406001974030074040064070019740500640800830100640900141783010064090014178301008301008301008303005E0200711E00640A00195E0200710A00640A001953280B0000004E7401000000787400000000740100000076630300000003000000070000001300000073250000008805008700008701008703008704008702008705006606006401008600008301008300005328020000004E6301000000010000000700000013000000731F0000008701008702008703008704008705008700008706006607006401008600005328020000004E6300000000000000000600000013000000732B0000008700008702008703008704008705008706006606006401008600007400008801008804008302008301005328020000004E6301000000010000000A0000001300000073870000007C00008803006B09007280006700007C0000670100445D62008801006401003C670000640200670100445D44008801006403003C870100870200870500660300640400860000670000870100870200870400660300640500860000740000880100640100198301008303005E0200712A00640600195E020071160064060019538800008300005328070000004E740100000063521700000074010000006E630300000003000000060000001300000073220000008805008700008701008703008704008702006605006401008600008301008300005328020000004E6301000000010000000600000013000000731C0000008701008702008703008704008705008700006606006401008600005328020000004E630000000000000000050000001300000073280000008700008702008703008704008705006605006401008600007400008801008804008302008301005328020000004E6301000000010000000B00000013000000739A0000007C00008803006B09007293006700007C0000670100445D75008801006401003C6700008802006A00008801006402001974010074020074030088010064010019830100197401007402006403001974040064040083010064050014178301006405001417830100830200670100445D13008801006402003C8804008300005E0200716E00640600195E020071160064060019538800008300005328070000004E740100000069521A000000690B000000693D0000006902000000690000000028050000007404000000696164645212000000520D0000007403000000696E747403000000636872280100000074030000005F5F69280500000074070000005F5F61667465725213000000740A0000005F5F6F70657261746F72740A0000005F5F73656E74696E656C74060000005F5F74686973280000000073090000002E2F666C61672E70795214000000010000007300000000280100000074040000006E65787428000000002806000000522000000074070000005F5F6974656D735213000000522100000052220000005223000000280000000073090000002E2F666C61672E707952140000000100000073000000002800000000280100000052230000002805000000522000000052250000005213000000522100000052220000002801000000522300000073090000002E2F666C61672E707952140000000100000073000000002800000000280300000052220000005220000000522500000028030000005213000000522100000074030000005F5F79280300000052200000005225000000522200000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000070000001300000073450000006700008801006A00008800006401001974010074020088000064020019830100830100830200670100445D13008800006401003C8802008300005E0200712A00640300195328040000004E5218000000521A00000069000000002803000000521C000000521E000000521D00000028000000002803000000521300000052210000005223000000280000000073090000002E2F666C61672E70795214000000010000007300000000690000000028010000007404000000697465722801000000521F0000002806000000522000000052130000005221000000522200000052230000005226000000280000000073090000002E2F666C61672E7079521400000001000000730000000028010000005224000000280000000028070000005220000000522500000052130000005221000000522200000052230000005226000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000522300000028060000005220000000522500000052130000005221000000522200000052260000002801000000522300000073090000002E2F666C61672E70795214000000010000007300000000280000000028030000005222000000522000000052250000002803000000521300000052210000005226000000280300000052200000005225000000522200000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000020000001300000073190000008700008701006602006401008600006402008400008301005328030000004E63010000000100000003000000130000007332000000880000640100196402006B0200722B00880100880000640300198301007C000083000066020064020019537C00008300005328040000004E5216000000690100000052180000002800000000280100000052200000002802000000521300000074070000005F5F7072696E74280000000073090000002E2F666C61672E70795214000000010000007300000000630000000000000000010000005300000073040000006400005328010000004E280100000074040000004E6F6E6528000000002800000000280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002800000000280200000052130000005228000000280000000073090000002E2F666C61672E70795214000000010000007300000000690A000000690B000000693D0000006902000000690000000028060000005227000000520E000000740500000073706C69745212000000520D000000521E00000028010000005213000000280400000052210000005228000000522600000052160000002801000000521300000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000521600000028030000005221000000522800000052260000002801000000521600000073090000002E2F666C61672E707952140000000100000073000000007405000000636865636B690000000069010000002806000000740A0000005F5F696D706F72745F5F521100000074080000005F5F6E616D655F5F5212000000522B00000052290000002804000000522800000074030000005F5F67522600000052210000002800000000280300000052210000005228000000522600000073090000002E2F666C61672E70795214000000010000007300000000740B0000005F5F6275696C74696E5F5F74050000006C6576656C690000000074050000007072696E74630100000001000000030000000300000073160000006401008400008700006601006402008600008301005328030000004E6301000000010000000200000053000000730A0000007C00007C00008301005328010000004E2800000000280100000052160000002800000000280000000073090000002E2F666C61672E70795214000000010000007300000000630100000001000000030000001300000073130000008801008700006601006401008600008301005328020000004E6300000000000000000200000013000000730D0000008800008800008301008300005328010000004E280000000028000000002801000000740100000079280000000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000523200000028010000007401000000662801000000523200000073090000002E2F666C61672E7079521400000001000000730000000028000000002801000000523300000028000000002801000000523300000073090000002E2F666C61672E7079521400000001000000730000000074080000006F70657261746F724E2803000000522C00000074080000005F5F646963745F5F7407000000676C6F62616C7328000000002800000000280000000073090000002E2F666C61672E707974080000003C6D6F64756C653E010000007300000000
查看文件头,发现是pyc文件,利用uncompyle6反编译
uncompyle6 flag.pyc > flag.py
得到
# uncompyle6 version 3.8.0
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.6.9 (default, Jan 26 2021, 15:33:00)
# [GCC 8.4.0]
# Embedded file name: ./flag.py
# Compiled at: 2020-03-03 16:00:48
(lambda __print, __g, __y, __operator: [ [ [ [ [ [ (check(0), None)[1] for __g['check'], check.__name__ in [(lambda x: (lambda __l: [ [ (lambda __sentinel, __after, __items: __y(lambda __this: lambda : (lambda __i: [ [ (lambda __sentinel, __after, __items: __y(lambda __this: lambda : (lambda __i: [ [ __this() for __l['n'] in [__operator.iadd(__l['n'], decode(arr[int(__l['i'])] + decode(arr[11] + chr(61) * 2) * 2))] ][0] for __l['i'] in [__i] ][0] if __i is not __sentinel else __after())(next(__items, __sentinel)))())([], lambda : [ __this() for __l['v'] in [__operator.iadd(__l['v'], chr(int(__l['n'])))] ][0], iter(__l['c'])) for __l['n'] in [''] ][0] for __l['c'] in [__i] ][0] if __i is not __sentinel else __after())(next(__items, __sentinel)))())([], lambda : (lambda __after: (__print(__l['v']), __after())[1] if __l['x'] == 1 else __after())(lambda : None), iter(flag.split(decode(arr[10] + decode(arr[11] + chr(61) * 2) * 2))))for __l['v'] in [''] ][0]for __l['x'] in [x] ][0])({}), 'check')]][0]for __g['decode'], decode.__name__ in [(lambda s: (lambda __l: [ base64.b64decode(__l['s'].encode()).decode() for __l['s'] in [s] ][0])({}), 'decode')] ][0]for __g['encode'], encode.__name__ in [(lambda s: (lambda __l: [ base64.b64encode(__l['s'].encode()).decode() for __l['s'] in [s] ][0])({}), 'encode')] ][0]for __g['flag'] in ['136-139-78-132-162-89-49-117-70-161-49-118-70-02-01-01-70-137-01-160'] ][0]for __g['arr'] in [['NQ', 'MQ', 'Mw', 'MA', 'NA', 'Ng', 'Mg', 'OQ', 'Nw', 'OA', 'LQ', 'PQ']] ][0]for __g['base64'] in [__import__('base64', __g, __g)] ][0])(__import__('__builtin__', level=0).__dict__['print'], globals(), lambda f: (lambda x: x(x))(lambda y: f(lambda : y(y)())), __import__('operator', level=0))
# okay decompiling flag.pyc
根据提示
python2运行得到flag(由于python2和3的不同 python2会报错)
flag{N0w_y0u_533_m3}
问卷调查
flag{黑化肥会挥发}
ctfshow 萌xin赛misc相关推荐
- ctfshow 萌xin赛
萌新赛 给她 git源码泄露.得到源码为 <?php $pass=sprintf("and pass='%s'",addslashes($_GET['pass'])); $s ...
- CTFSHOW 萌新赛 萌新记忆
CTFSHOW 萌新赛 萌新记忆 吐槽一下我感觉萌新这个词在侮辱我,我还搞了半天 进去之后查看源代码,把能点的地方都点一下发现没有什么可以搞的,就打开了御剑来扫描了一波,发现了admin目录进去要让我 ...
- ctfshow 萌新赛 给她
初识: 一开始看到这个题目以为是sql注入,尝试了各种sql注入转义次都注入不了 .git泄露:最后还是看了一下大佬的解题,发现方向就错了,"给她"--"git" ...
- ctfshow萌新赛web
文章目录 萌新赛web_萌新记忆 萌新赛web_假赛生 萌新赛web_给她 萌新赛web_萌新记忆 这道题是看了大佬的题解才做出来的,扫描可以得到admin目录 这里需要有几个过滤需要绕过 or被过滤 ...
- CTFSHOW 萌新赛
给她 听名字是git泄露,但是不知道是不是我的字典有问题,没有扫出来有用的信息. 结果只能翻别人的wp了,得知了hint.php <?php $pass=sprintf("and pa ...
- ctfshow 萌新赛 劝退警告
不得不说这题是真的难啊 首先binwalk,分离出图片里藏着的压缩包 其次是压缩包的伪加密,搜索504B0102 把09改为00即可 如果是真加密,把09改为00就会显示错误,无法打开 然后打开后有一 ...
- ✿2021NEWCTF6.1萌新赛✿MISC-all-WP
2021萌新赛MISCWP,加一道Crypto MISC-sign in MISC-very-ez-dump MISC-!了反都,了反 MISC-happy六一 MISC-Peltate MISC-b ...
- CTFShow“萌心区”WP(上)
CTFShow "萌心区"WP详解(上) 萌新认证 萌新_密码1 萌新_密码2 萌新_密码3 萌新_密码4 隐写1 隐写2 萌新_隐写2 萌新_隐写3 萌新_隐写4 萌新_隐写5 ...
- ctfshow萌新红包题writeup
ctfshow萌新专属红包题writeup 题目来源:https://ctf.show/ 这一题是ctfshow平台上面2月17日更新的一个萌新红包题,当天在官方交流群内知道晚上会有一个萌新红包题之后 ...
最新文章
- Android测试原理(三)——使用Eclipse的ADT进行测试
- python 使用raise语句主动抛出异常(Exception)、将异常抛出给上一级
- Boost:计算一些tail统计数据,插入数据,更新数据
- 以GIS面对崛起的城市群
- String.slice
- 依赖注入[5]: 创建一个简易版的DI框架[下篇]
- Java案例:数据表转换成XML文档
- 数据分析师要会mysql_数据分析人员需要掌握sql到什么程度?
- 任正非:华为要防止内卷 精益求精不叫内卷
- Python高阶——try /except异常处理
- 常用的Linux命令(小白入门指南)
- 三大框架SSM基础知识点
- windows客户端,坚果云如何开启云桥模式
- 最佳学习方法(10)学习方法介绍
- html5怎么唤起支付宝支付,H5唤起支付宝支付
- Python:PIL库中getpixel()-方法的使用
- urt-8转成GBK 之多种方法
- Kubernetes基础:包含多个容器的Pod
- Contra-cnv
- Java开源电商项目比较