好多压缩包

一共68个压缩包，emmmmmmm，crc32碰撞

---

#coding:utf-8import zipfileimport stringimport binascii

def CrackCrc(crc):

for i in dic:

for j in dic:

for p in dic:

for q in dic:

s = i + j + p + q

if crc == (binascii.crc32(s) & 0xffffffff):

#print s

f.write(s)

return

def CrackZip():

for I in range(68):

file = 'out' + str(I) + '.zip'

f = zipfile.ZipFile(file, 'r')

GetCrc = f.getinfo('data.txt')

crc = GetCrc.CRC

#以上3行为获取压缩包CRC32值的步骤

#print hex(crc)

CrackCrc(crc)

dic = string.ascii_letters + string.digits + '+/='

于是可以得到一段base64，用python解码，不要用在线工具解码= =

# coding=utf-8

import base64

f1 = open('out.txt','r')text = f1.read()

str1 = base64.b64decode(text)

f2 = open('flag.txt','w')f2.write(str1)

f1.close()f2.close()

---

用16进制打开，由于是rar文件结尾，再给flag.txt文件加上rar文件头52 61 72 21 1A 07 00

发现zip.rar中还有一个名为CMT的文件，然后把该文件的压缩文件头AA 3E 7A....修改为AA 3E 74...后保存，再次打开即可获得包含flag的文件CMT。CMT即为comment，即为注释