2020 DASCTF四月春季战-misc

misc

0x01 签到题

5G都来了，6G还远吗？6G下还需要开会员才能高速下载吗？请提交 DASCTF{} 里的内容。

• 下载发现有将近1G。作为签到题应该不需要这样做。
• 按下F12，接收到payload。
  
  payload如下：

REFTQ1RGe3dlbGNvbWVfdG9fREFTX0FwMXIxfc9Vo4jQqwH4ON+olEgxiijIjbgcdJur4VZjq9WlhUIIRq+hBbYkZEsVS5vux8bVmJVja6tNhXfCd6yA5ENaNdd71StufW73yWPvhDqb1CdPjqBjCCnbLVGqRkulvFFUZv6z7MllCQgkZhjm57ueMkPj28eSMymY4JLjYZ/bSPGkclsK1ySI+M/sn6QxLdKJhAvR4tVLHHrjdJBMPSRO52CAur7r5FEXCkjMEisOrAL9qufae0FV+iOGZAsH4cxJ0sMNSlNnX1Lso+6IlT0mj9QC+yRbQzsfZ4Bww/SMOLuWcosCLiQYtJRaG9tJiiR/R7vjRf5egHyBph1eVwMGA0puUvI8jXz9mdn08kfP2XxnB5CUdkhK2RIwJPwu+egKygfG+WeJihIa0eepB83Zvty/NUTpuPjmIS+DdS2yzYAc7IhdGNEbQpW5wG2zpNZDDS3l2E5YDAfF7oEyVFEE8CSB17sgzdCMzKgwbQhFU0o0260e2w53CvPHIvm/zlYgJC8pzj+cnGiM07VZ4Hw0CAeYwn9s1M1F2u4KTDQs+QnDrtMtc1yHBkkwjnDtV2VNZhWqK4fEwunu1i0cuWvdyPE5USj6+9ON2mfFCSxwaqRo++niZT5XDcsSKSEgKn4iO8tSt3uBH3YyimubWNNGzcnxPMRNGt+O6E6hzD1zKxZr/dRDQobygI6GZRGLHOQltIiiB6kkIUKeUM2tHBlKahmrBGDtJWfoXJ36aWV86+DEXGe/riFkCtMxn4u4OsDkXpRBr6/xYqMQh1gJIYqwG2e8D0OOTVsy505NXas9fLnhPM5FAdamkTwjsXmoK/9uKcQ1OC+s2xaSbB0B5QgEuxNAAcQDPft4rfo01PAgMb8N4F8NhVpLpLBrgu5FETKNiZb+j1HyRozIUCcDPhDKkWmgjMo9Pt9TIB+4iob6SwiJlY5lE5rPqr80eBMalZ9n2xl6DMAva75f9YYNVNLZ8fk5hl4ktO/WRBMX/f9z+q3YTsSS5lPgsQDv2lxbpNeRiJVyyirbSoBBJIK+ogMUbq5zxnBbWVFaeozIX2DA3J71G40+9JuHhXhN5mmXni910FhfSz2NBai7Oa2TWPcA0o8ug+CYsIPjvSzsEstMM+/ETpOLVhp+EKF47LT2h8uoZOi3y11BaNTyp03EVQYR/nkKqZz+BGPxb73BZEgVKahNQ2srFH8vYNHsDIrz2By4JXWbeeCx5zIZydorLfjVqEA12tmYcf7wcUoZGWLd/lAUDhP3itj4OiqwWdmyDsA5LNW7nzszELZlyiZJs/9zrAo13mK09Ih6dUbya8vmik4doSx3uH2FjB4zDUG9oxgrywTg+7PHYILSF/FGnMSZ9TiU/7icb0S5rAY7HpTJDgBWRGLhHiiiQVhuqtbEiax2KmgXBDeW4fs6DP/OChg36uBseoyoUGi0NVRloweGIWzVdPbhMw6YgXLMicln+KMNzgougS7QqgG9pvDWS6r46Ly9COwYoUGRGI50li4+c/rA0Y3CKA6W56GwFep/ozNQm7rmy+sP/lpOsTYN8TyCig2FuWnY7BQgk4iCiaTwY4MSBMR+7b/nhRQyBD4oANhmTWlwkjozt8VdPE+sWvNA2oy1GfhlbSNZImeU9xnPd0ZY7UoH5bXqIEhxSaMWUD09SOXWq14ku+QJs5iDiaGKnpG02oXPHTHxvMp4ib2VqZl8goSrbbiQsEDbRNKTfYyeIkLDNwlwhDgBlrQY6XuwlKFR6ws6MYefI8TxjkHrSDNkYj1eXmrELc612d31EUGcgityyt/Ge5uC+cz85jOBkgYkkeSQfP9/zSDVqbBK86oDVo/sFjdtKAwDwvX0Z8ZGKDRsyPIA2pY1Y5pXunMPSUEV/PcSD5R0fhKcWSLWQgkr3PsbXP9tEcu9IcBqyh0ZN5auFweQDh7XEM8U9sPlQKLGh9mS4m13VqSkzhRx6oeTDpPSAr9jFypxnsToNuJggYlnnsR2e7aVszPB0cK+z2lq/Rw69ta5S4UEQEE67v/bepkIZGN1j0Zs812cjq0HBwLCcRDwNnu9OsdveHOQeS0h2GFdehsPRCv3PGntda6es18I4XDO6T3CKxBIamstOlnwa1dY5f/rcIXNrJ57ljSk4zyHRQb/Gn5aGW/lmwkYYDQBQCRqwjv9L7CCjvg+RKwoo0ypgCPJA4sdKRQcd7fofnYdIldtA4N0hGReP83jmjXpsFJPGewnQw+y5KUyMYuF/iTTngBiN8Qm1437t8wRg9GJK3cM+5T5Tg908XJY9KMwjM24FbmitNBTXFR1nG3kRenmKZrMWW1SzuAFjhBsk5f0ztECgtvWa7SjA6qd03pbg/bxqYd5KVbE0KhbTZ7/LEf2FDwR6mXSy+ejNLl4088E++rVJj9FmLcAcbug3Qsz9ihRthxxEWYC0MffUC7N6hk5asRIm1J33vui7NVsGzKCpgZ33nkRieY0A1a5WJKoPfD8b9j6R8wLfk9CIIzXL+e/i2usCoqTXYD//J3DkUzB4oSgffdiCgNtEAj541qVYp1JIHA0F3FZ86g4lDGz429Tcgv7aA+mUBqdib05LqFZxgEeFOTZ5uqoKOI6+b+6wXm12+DbsCfesY4/bMtF3mHY+sPSEr/00U77OunBI3hLNxAtndhgRguL7H57iDypYQLq2IE4KSxe5nKz2lQoKrPHtUO/4lVOqyqvm7n4ITwCAaQ6JPHWMKbR1ZARyVdnzcZ9GFJTWJoqs7WhAk9PvNsskUPk8kWB3wP6EusOO9uUImSp/HvfUdU89/ik001/BSHedhDKLZEJltA32tjEbsuv4PLQKtdlhTL5dt/QR5CmkESCvOJsv4MyJXmGcww4LWtCjmxcwoSUXCY2n8yl3f9Bv1PRariIkyr6Rc/QZgIaO+rdM21GJEiNyb2TNs5Cm0lupCvm+u6/PR+pHxtHsoxZzMQvcNo9rfg/kjbCT2Gx/5W5MKFWOQSwf45Xwbtsxb/q1sOTP/7HILeuYgyh7qWRySGry9jjVXMR/XMlMnqPAiax6+uHNcaGESQUMow5i6tJEh/nWawF5DJls7G8LNqpGTLkr1mv6qOh+EmLpxOygrKhMgaCbGKRz/KbPzSLrZgRsCUEmMbe9CQXJNa7gy7raZADwpK8dRygbIaDm/RC4qDllAgQe9kH3lyuPkYxIoodev/fISYr8U23JQ8P1XU3ps7URTz0AAWkBaz6K/uyMiv3zgMqzhkYXgEZ2ihGc51P7+t8KTxyO/3cAoQ6bGL2x69TAu4rK2BM6dSKDgpSPQOeCRXANOTvM/Znz1E1mKLZz6r4U+Ts6nLLDiic+vt3fWCSIrKxYhF6viSnJ4uVFjAZkGhZPs+fTjJqjW55drSF1YxvngSAjxn8FNICvkVD9KCqrWfkprYAEOhicQ6htz+ctYv/8MO9FcxxKycXNw3LIf4ih9abb7BON/zEXM0Y6WIxDNZVP2PWvqYnBi6w1kPeCueTrneLUESTjvvCjcVx8uDpWi5h9N3jRGmCfRTNijEtZIRU6ra6f+6rH5b5fsF9LeGXNLRvHiIcEfgi6Bk6u2epsXO0joJPwCoJd5ZKp3YixjHjUrnvMm+W9VTAiHE0UIX+5D1CUEDcBbmsc8C+De9SwIRXmH+p+67n6rkHNxvctoHDXh/RNbXr6Tsbu24fMjkBJYT/9wkACRMauOx+rPK1NUuc2WDCyWZbXc8JEw3zzgN1w1yfmElTce6v7ahOy1A+n1lKUEmso30mmrAkU1Fzh1loFpxWiFXVbmr5Ct7xH1knCAJf4wDEkvfSawHCVuLYXuVs/WfzPn3VcNz2CUFvVCZRgnusv0F41PVVB75H5uNmEL6z3bsKgrfGzbyiuyCbcXe+X5UCr2WWfzEmFpqNwfaLD64GOTIxkRGY2n7VfkiccJzN3sefkCcPxaunfRq3xnKgxWgrwcdMAync/ZJwwYV7e0Jg0HlOIARGVd5/kRFZKbIpBfO95d5XTeLUNFtCOD9JqzC0WGBZCsyRkFFR6SjfV2yajwPG7ZSD4ExtDtvvPII7/PTtDdSD38MREg4E9oV6eE4bdj6aL0wM0e2RoJmGNKDb7kg8yd+pt1t2Gw1nz1oYbUyZX/yH647dX/ION+g7NIAOghn2udo8pb4ph8ZHOg+TVz8fkBcu7fVlAEeR/xRhFe5AuYglqzhYqPF1ezC+iDOo3H4TN/9etWpm6FN4wBUrMptqVrwpUQx5Vv1Y0v2KG91O8Y691FNdc8zS5UhYmZnWROsLfFTEGGTbhWFxjav09qE+IIXjIP25qqISZjq3qyCNo4P2zQHF/V4U/ym3h7RrvLimDRQ9ftga81VcMSOLIaFwnitN9myKNn/H0uMqTBdfdWFmt1gexY4x92WxXd8Yoj5v7uOjnGIoEfkORt8P7x3Ld4YnAOtcrHbZsX/PUa1i1clmn0Nj3rnJYbJPnxt+chH6UHzj0pvgdVuaBnUgILZktkF8HWE2HJ2KKMVOSwtjpNshsRH6VXqjQY+QGa1UpQWhkFIdjV7YH3COxHFZlb44Siajiy5jJ0+t8eSEsflmQ9kL9KoXCuz1/5QkVFvN5hYldQLBx5VkG3jCWD12XCR/uga6Ia0e8mV+1xiRHvJLaSfyxRIch5durhoW4VfM0lv60SQA2YmQuGhZbIX1isc7lauBLZQc5hNg00RYnyuTs9d/rFfmTnTNbUM77aq4HWtL0Idi4f94ENqOmi4TwAQRIQQQlPoqTvlLKOfbMM6YCnDiKiXIsT7wTHru67LAZ6VqSQ72ScgH3R7jHNAwBf7WUj2xfpdh/BhOTkkyf3SRXS4kn7Mh3nmJFTuKj/R5eiwrKJvbi6Xwtp5gWWNxzpGCrn6ShX6imDaT15t9bWOudaxZO2q4URzJWrB+t2GDvWjaLD9zTrfNmLXVsPJ7hOazcY7kYVPqbGnY2Zz7GzfydCWpK0fyChWo289oBuUpSqHKFoEkOI1t28wRP6VoAeXrXRKUavUK4494iEDVlBgq0z5/QDzzpiJEcahVCGB3vQDwYVKJpofx6V+4065qJ+zyxKZ1VRlKJ/KmWEUivbB5clFCHbvUKIy9K0XJQa7v+jarC03jxyIEYe82l9ziBcUKN3zGx+LoPHgJ40zM4vJf8ebiIKz6/cz2qNtVMGbR4la4rqAA9UJGPGuKU8i0UXDI2TFy3KjHqnPpZ+9yfeEV/V4Ly8WmPZPQyqEhXTXha8IGY9JlNZrjWWC+DqzsKmZJl8bSnmPWNimglQun/HhUHXpOvCm4tflKx0RmVasAa0L7wSb1qJNJf6Brekh0KaDy+8NQVUshR3XE90YnYdiAT5qy15hVM6wsB/7e/iTors5kaUJD35MTfbL1rrDufx6MZBs/WmerQ6vy20J4wwnNkCxllhWH4TI/DRh3OJzkG0AA3A==

base64解码后得到flag。

断点下载方法

---

0x02 blueshrak

Can you dig something you want out from the sea-colored beautiful shark?

题目附件
下载后名为2004225e9ff0cd86ee4.pcapng的文件，直接打开后进入wireshark。这是个蓝牙数据包，查询相关用wireshark分析的misc题目，一般都是用tcp，http分析流量的，所以这个很陌生。
自己是用binwalk看了一下，分析出一个zip文件和很多流量包，所以把名称改为2004225e9ff0cd86ee4.zip，点开里面是一个password_is_Bluetooth_PIN.txt的文件，查询bluetooth_pin发现一般是4位数字，但是压缩文件添加到破解器里面无法分析，用破解zip文件密码的python脚本也不识别，所以，这个文件不是简单的zip文件。

• 别人用wireshark分析，找到了.7z的压缩文件，分离出来。
  

• 然后在网络流里面找PIN。
  

• 所以PIN就是141854。进去zip文件，打开后找到了flag。