CTFshow MISC 杂项签到~misc4

1.杂项签到

下载后发现是一个压缩包,但是直接打开提示压缩包文件头部已损坏
CTFshow MISC 杂项签到~misc4_第1张图片
猜测是Zip伪加密,使用ZipCenOp.jar进行解密
CTFshow MISC 杂项签到~misc4_第2张图片可直接解压,打开flag.txt,发现flag
CTFshow MISC 杂项签到~misc4_第3张图片flag{79ddfa61bda03defa7bfd8d702a656e4}

2.misc2

打开压缩包发现无后缀名文件,记事本打开发现除了乱码,还有flagnothereFAT11,猜想flag与FAT11有关(软盘:最早的可移动介质,后来逐渐被u盘取代)
CTFshow MISC 杂项签到~misc4_第4张图片网上搜索这是虚拟机辅助的,新建虚拟机
CTFshow MISC 杂项签到~misc4_第5张图片CTFshow MISC 杂项签到~misc4_第6张图片CTFshow MISC 杂项签到~misc4_第7张图片添加软盘驱动器
CTFshow MISC 杂项签到~misc4_第8张图片打开虚拟机得到flag
CTFshow MISC 杂项签到~misc4_第9张图片flag{ctfshow}

3.miscx

下载附件后,发现有flag.txt,hint.txt都有密码,继续点进去,发现misc1压缩包,misc.png图片可以打开
CTFshow MISC 杂项签到~misc4_第10张图片
发现2020,盲猜是某个密码,果然是misc1压缩包里music.doc文件的密码,打开文件发现一串音符♭‖♭‖‖♯♭♭♬‖♩♫‖♬∮♭♭¶♭‖♯‖¶♭♭‖∮‖‖♭‖§♭‖♬♪♭♯§‖‖♯‖‖♬‖‖♪‖‖♪‖¶§‖‖♬♭♯‖♭♯♪‖‖∮‖♬§♭‖‖‖♩♪‖‖♬♭♭♬‖♩♪‖♩¶‖♩♪‖♩♬‖¶§‖‖♩‖¶♫♭♭♩‖♬♯‖♬§♭‖♭‖♩¶‖‖∮♭♭♬‖‖♭‖♫§‖¶♫‖♩∮♭♭§‖♭§‖♭§§=
音符加密,链接https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue
CTFshow MISC 杂项签到~misc4_第11张图片解密后发现base64密码U2FsdGVkX1/eK2855m8HM4cTq8Fquqtm6QDbcUu4F1yQpA==,解密,不对,一串乱码,发现是rabbit解密,网址:http://www.jsons.cn/rabbitencrypt/
CTFshow MISC 杂项签到~misc4_第12张图片解出welcome_to_payhelp,猜想为hint.txt的密码,果然,打开txt文件发现VmpKMFUxTXhXWGxVV0dob1RUSjRVVll3V2t0aFJscDBZMGhLYTAxWGVIaFZiRkpUWWtaYVZWSnJXbFpOVjJoeVZYcEdZVkpzVG5KVWJHaHBWa1ZWZDFkV1ZtRmtNRFZYVjJ4c2FWSlVWbFJVVnpWdVRXeFZlV1ZHVGxSaVZrWTBXVlJPYzFWR1pFZFRiVGxYWW01Q1dGcEdXbE5UUjBZMlVXMTBWMWRGU2xkV1ZtUXdVekpGZUZOWWJHaFRSVFZWV1d0YVMxTXhjRVZUYTFwc1ZteHdlRlp0ZERCV01VcFlaRE53V0Zac2NIWldSekZMVW1zeFdWSnNTbWxXUjNodlZtMXdUMkl5Vm5OaVNGWnBVbXh3YzFac1VrZFNiRlY0WVVkMFZXSlZXbmxWYlRWUFZsWlplbEZyWkZSaVJrcFFWV3hGYkUwd1VXeE5NRkVsTTBRJTNE
CTFshow MISC 杂项签到~misc4_第13张图片然后经过base64多次解密得到welcome_to_2020%0Aflag%20is%20coming…%0Athe%20key%20is%20hello%202020%217
CTFshow MISC 杂项签到~misc4_第14张图片url解码所有特殊字符得到welcome_to_2020
flag is coming…
the key is hello 2020!7
CTFshow MISC 杂项签到~misc4_第15张图片得到flag.txt文件的密码hello 2020!打开txt文件得到flag
CTFshow MISC 杂项签到~misc4_第16张图片flag{g00d_f0r_y0u}

4.misc50

拿到图片,010打开,发现末尾存在flag.zip
CTFshow MISC 杂项签到~misc4_第17张图片并且在文件夹内发现一串base64编码Sk5DVlM2Mk1NRjVIU1gyTk1GWEgyQ1E9Cg==
CTFshow MISC 杂项签到~misc4_第18张图片解码得JNCVS62MMF5HSX2NMFXH2CQ=
CTFshow MISC 杂项签到~misc4_第19张图片base32解码得KEY{Lazy_Man}
CTFshow MISC 杂项签到~misc4_第20张图片
联想到图片内有zip压缩包,应该是压缩包密码,binwalk分离压缩包
CTFshow MISC 杂项签到~misc4_第21张图片分离出文件夹
CTFshow MISC 杂项签到~misc4_第22张图片解压时发现密码不对,又在右边提示了一串base32编码,解码得123456
CTFshow MISC 杂项签到~misc4_第23张图片输入密码,打开thienc.txt发现打开txt里面的内容,是一堆数字。且3078重复出现。每俩位16进制转字符,发现3078 就是0x那么使用脚本,进行批量转换。得到一堆0x 0x的文本。分析前几个字符串0x37 0x7a,发现37 7a 是7z压缩包的文件头。那么思路来了:批量删除0x,转换为7z文件。
下面是python的脚本。(来自大佬博客:https://blog.csdn.net/Nancy523/article/details/117547013)(open后括号的引号内为文件路径)

f = open('C:/Users/lenovo/Desktop/thienc.txt').read()

f1 = ''
for i in range(0, len(f), 2):
    n = int(f[i:i + 2], 16)
    f1 += chr(n)

f1 = f1.split('0x')[1:]
f2 = b''
for i in f1:
    f2 += bytes.fromhex(i.zfill(2))

f3 = open('C:/Users/lenovo/Desktop/1.7z', 'wb')
f3.write(f2)

转换成功后,压缩包内为secenc.txt,解压发现密码,输入最开始找到的KEY{Lazy_Man}就是密码,打开后发现base64编码发现不成功,应该是base64与base32混合解码,代码如下:(抄至大佬)

import base64
import re

f = open('C:/Users/lenovo/Desktop/secenc.txt').read().encode('utf-8')

while True:
    if re.match('^[2-7A-Z=]+$', f.decode('ut-f-8')):
        f = base64.b32decode(f)
    elif re.match('^[0-9a-zA-Z+/=]+$', f.decode('utf-8')):
        f = base64.b64decode(f)
    else:
        print(f.decode('utf-8'))
        break

解密后得到
CTFshow MISC 杂项签到~misc4_第24张图片在线brain fuck/Ook!解码。网址:https://www.splitbrain.org/services/ook,
Ook!to Text
CTFshow MISC 杂项签到~misc4_第25张图片Brainfuck to Text
CTFshow MISC 杂项签到~misc4_第26张图片flag为flag{Welc0me_tO_cTf_3how!}

5.misc30

下载附件,发现为附件名为rar,改后缀名为rar,解压星空后010查看,没什么发现,看下图片属性,发现属性中有little stars
CTFshow MISC 杂项签到~misc4_第27张图片
发现其为眼见不一定为实.doc文档的密码,打开文档
CTFshow MISC 杂项签到~misc4_第28张图片猜测文档内隐藏的有信息,Ctrl+a全选
CTFshow MISC 杂项签到~misc4_第29张图片果然下面还有隐藏信息(不愧是眼见不一定为实),改变字体颜色
CTFshow MISC 杂项签到~misc4_第30张图片
发现Hello friend!,去打开flag.png试试
CTFshow MISC 杂项签到~misc4_第31张图片是一张二维码,扫码得到flagCTFshow MISC 杂项签到~misc4_第32张图片
flag{welcome_to_ctfshow}

6.stega1

打开压缩包后发现一张图片,经过查看属性,010,StegSolve.jar查看无效,猜想为JPHS隐写,打开图片,Seek,没有密码
CTFshow MISC 杂项签到~misc4_第33张图片保存附件为flag.txt
CTFshow MISC 杂项签到~misc4_第34张图片CTFshow MISC 杂项签到~misc4_第35张图片打开flag.txt文件得到flag
CTFshow MISC 杂项签到~misc4_第36张图片flag{3c87fb959e5910b40a04e0491bf230fb}

7.misc3

给了一串密文:zse4rfvsdf 6yjmko0,根据提示想想自己的手下面,键盘,发现两串密文分别组成了一个字母:A和V,又提示小写,故flag为
flag{av}

8.misc40

打开附件发现四个文件,分别为conversion.txt,svega.mp3,svega.wav,一张普通的二维码.png,打开conversion.txt文件,发现110001010100011101 2>4>8>10
CTFshow MISC 杂项签到~misc4_第37张图片应该是进制转换,根据提示二进制转十进制,为202013,网址:http://www.youkud.com/tool/jinzhi.php
CTFshow MISC 杂项签到~misc4_第38张图片一张普通的二维码.png扫描二维码提示flag不在这里哦~~,010打开
CTFshow MISC 杂项签到~misc4_第39张图片发现Brainfuck
CTFshow MISC 杂项签到~misc4_第40张图片解码得到核心价值观编码,解码,和谐民主和谐文明和谐和谐和谐自由和谐平等和谐公正,网址:http://www.hiencode.com/cvencode.html
CTFshow MISC 杂项签到~misc4_第41张图片解得密码123456,得到密码,使用mp3stego解密MP3文件
CTFshow MISC 杂项签到~misc4_第42张图片解密出svega.mp3.txt,打开得到
CTFshow MISC 杂项签到~misc4_第43张图片解压文件之后,根据提示静默之眼,得知解密工具应该是 silent eye
CTFshow MISC 杂项签到~misc4_第44张图片选择WAVE,SES128,勾选 Encrypted date,high,key为上面解出的202013,点击Decode,发现flag
flag{C0ngr4tul4ti0n!}

9.misc30

打开压缩包发现aihe.mp3,还是图片样式,分离文件,binwalk分离不成功,foremost可以,分离得到00000000.jpg
CTFshow MISC 杂项签到~misc4_第45张图片打开图片发现图片长和高有问题,371的16进制是01 73,895的16进制是03 7F,winhex搜索01 73改成03 7F
CTFshow MISC 杂项签到~misc4_第46张图片改完后发现猪圈密码
CTFshow MISC 杂项签到~misc4_第47张图片解密,网址:http://www.metools.info/code/c90.html
CTFshow MISC 杂项签到~misc4_第48张图片出现:well done,应该是flag
flag{well done}

10.红包第一弹

解压文件得到86个压缩包,打开后发现应该是由一张gif图拆分而成,010打开发现果然有GIF89
CTFshow MISC 杂项签到~misc4_第49张图片并且发现每张图片末尾有base64编码
CTFshow MISC 杂项签到~misc4_第50张图片不会写代码,又懒得一张一张图片复制粘贴,偷的八神的代码,谢谢大佬

import zipfile

path1 = 'C:/Users/lenovo/Desktop/flag/'
path2 = 'C:/Users/lenovo/Desktop/flag/out/'

res = ''
for i in range(1, 87):
    zip = zipfile.ZipFile(path1 + str(i) + '.zip')
    jpg = str(i) + '.jpg'
    zip.extract(jpg, path2)
    zip.close()

    f = open(path2 + jpg, 'rb').read()
    res += f[len(f) - 100:len(f) + 1].decode('utf-8')
print(res)

出现结果b a s e 6 4 : iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAY3ElEQVR4Xu3d4XobtxID0Ob9Hzr3k1tfW45tHXLB5cpB/3YWg8GAEFexk1+/f//+/U//qwJVoAr8888/vxoI9UEVqAKvCjQQ6oUqUAX+r0ADoWaoAlWggVAPVIEq8KcCvSHUFVWgCvSGUA9UgSrQG0I9UAWqwDcK9JWh9qgCVWDsleHXr1+V7J0C8rNcSc2k364F6Zwyww6sXbqd3Vf0v3GiG4Iu6uwhd/UTcZOaSb9dWuicMsMOrF26nd1X9G8gTG5FxFVzCwXpJzgranROmWEH1gpNrogp+jcQJjcn4qq5hYL0E5wVNTqnzLADa4UmV8QU/RsIk5sTcdXcQkH6Cc6KGp1TZtiBtUKTK2KK/g2Eyc2JuGpuoSD9BGdFjc4pM+zAWqHJFTFF/wbC5OZEXDW3UJB+grOiRueUGXZgrdDkipiifwNhcnMirppbKEg/wVlRo3PKDDuwVmhyRUzRv4EwuTkRV80tFKSf4Kyo0Tllhh1YKzS5Iqbo30CY3JyIq+YWCtJPcFbU6Jwyww6sFZpcEVP0jweCNr2iYC9i4E9kPvucor9qIVi3GtFMe56NpTPuqEtq1kD4sMG0uDsMkuqpWmi/sw+x8hdeOuOOuvSc0R9drrg7LLGmpxpNu4s3tOfZWDrjjrqkZr0h9IbwpYfVaHoIzj7Eyl946Yw76tJz9obwbotpcXcYJNVTtdB+cvC059lYOuOOuqRmvSH0htAbwpP/syQNhIUxnBZ3IdXl0KqFEjn7U135Cy+dcUddes6+MvSV4VMfq9H0EMjB055nY+mMO+qSmvWVoa8MfWXoK8OdB06/IWiiJdNWPlFe0jH4g0lJLNVCeypesk52oPzPxhrxxjNrtuWGoEs/W9iRpe8wpOixQ1vhdas5WzPVQniNeEP1kDrhFp9T/rHXZFPFEsG0RoQdWbrg6ZyCpXNqT8VL1smcyv9srBFvPLNmvSEs/A4haW41mfZUvGTd2YdYtRBeDYQLHJSzzTiydDFR2pCih/YUrHTN2ZqpFsJrxBtJ3YRbfM6+MrytMCluEktNpj0VL1l3trlVC+HVQOgN4duzICZKG1IOp/YUrHTN2ZqpFsKrgdBAaCCEE0EOXvIQJ7EaCA2EBkID4U4BDZikbGeH6Evw9TuEfoeQNPFXWGebWw+w8OoNoTeE024IchjTphU8PVDCX2uEl2Ipf+2peMpP6oSb8hKs3hCeJPh4mRt+9FqMrTU6p+DFDwpqK9y0RvSIz9lXhr2vDGIOMcbItVbw1GjCX2uEl2Ipf+2peMpP6oSb8hKs3hB6Q/jSl2o0MbbWqGkFT/lrT8UTbloj3JSXYDUQGggNBPz1Zz14etilTg6x8hKsBkIDoYHQQLjzQP/Y8Z0cybRVrNQnRb9DuFdS9edPzn6peP0v2+Qw3WrSSxc8NaTMIP0aCA2E77zEHuqfMlw/+HiZ+CkmeMlAk9AbCW7BU/6ixUjYCjetEW7xORsIDYTPDKpGU3NLnRwAwRk5wNrzqnooL56zgXD9QNBDoHVijrjR8PYiMzw7f5lRb0zxPTUQGghHbghyOEc+seWwSM/4QQkGmszYQFCVJurEQCOmFTw15MQ4hx9J8hesEW1lOOmp+gtWmr/M2EBQlSbq0ksXPDXkxDiHH0nyF6z0gZKeqr9gpfnrAoVbfM6+MvSVoa8Mj4+oHrzHSF7RQHCthipF2JFPAcHbYSAVJclfsEa0lRmkp+ovWGn+MmNfGVSlibr00gVPDTkxzuFHkvwFK32gpKfqL1hp/rpA4Rafs68MfWXoK8PjI6oH7zGSVzQQXKuhShF25FNA8HYYSEVJ8hesEW1lBump+gtWmr/M+Ne8MqgYO+rSJpIZpKeaVvqlzZ3mpjM8qhNd9dA96rXz/6fnPP23HXeK96h3WtxH/fRwpg+dzin809ykp9TojFflLzOqf0aCr4HwTvkdJpKeadNKTzVkmpv2fVSnM16V/6P5Xv9/es4GQgNBvfdp3VUPVPqgHBJp4cPpORsIDYRDdm0gHJLv8MMNhMMSfg2QFleoSs/0oZOewn3k3VTxUnU6Y1rbFH/FSc/ZG0JvCOq9vjIcUmrNww2ENbq+oKbFFarSM/0pJj2Fe28IqtK6Ot2leqg3hN4QDrlVjXaoycTD6YMyQeGUR9JzNhAaCIeM20A4JN/hhy8dCIenexIAOQTJRSWx9NVIZlQsfbVIzqlYT2K5wzR5n8lfbjrM+kkARFw15NlYeoiFl2I1EPYbm/fZQBhflojbQLjX9aqajW//OZ8Q/V8CvoEwvmARt4HQQBh31ronxLMNhEn9RdwGQgNh0l5LHhPPNhAmpRdxGwgNhEl7LXlMPNtAmJRexG0gNBAm7bXkMfFsA2FSehG3gdBAmLTXksfEsw2ESelF3AZCA2HSXkseE882ECalF3EbCA2ESXsteUw8y4GwhGFBXxSQ4OBl4r8/qHhnr0i0uHG6Kv+z9VrRj34OYUXjYv6rgBwCPQCCdeUD9ez8f4KnGwibtyiHoIEw/vqxea1P276BsHl1DYS3BYgWV77hbLZSpH0DISLjPIgcgt4QekOYd9jYkw2EMb3i1Q2E3hDipjoA2EA4IF7i0QZCAyHhoxRGAyGl5CROA6GBMGmdJY81EJbI6qANhAaCu2V9JQWCmHY91c876Bduwk/nlJ5JLOG+qyY5p2LJrLIjwXmtSXLTvjKD8hKsG68GwrvtJMVNYqmBdtQl51QsmVMPgGC9HBT8KVDFkzqZQXkJVgPhw1aS4iaxxDy7apJzKpbMqgdAsBoIkwdFxU3WJRevhpSeSaykXmms5JyKJTPIjgSnrwyfqJRc1MgSpDa5eJ1TeiaxRIddNck5FUtmlR0JTgOhgfDQJ2I2NbdgPSS0sSA5p2LJuGldk9yE/61GZlBegtXvECZfjUTc9KLURGfXJedULJlRdiQ4vSH0hvDQJ2I2NbdgPSS0sSA5p2LJuGldk9yEf28IqtKHuuTidenSM4k1Kc0pjyXnVCwZTHYkOL0h9Ibw0CdiNjW3YD0ktLEgOadiybhpXZPchP+lbwg6gNSpsOmFCjetkRmUfxJL+Uud8BKc1xrRQ3sKlnJL9kxiKf90Hf2kYrLpjxANfmpNTSt6KNaOPWlPmUG00E9O5ZXsmcRS/um6BsKEorJ4OQC31kmsiVG+fER4jfQTPbSnYCm3ZM8klvJP1zUQJhSVxatpk1gTozQQ4LantxLZpWIldzmC1UAYUeu/Wll8A+FeWNFDdE0fqGTPJNaELSOPNBAmZJTFywHoK8O9+KJrA2HCsAOPNBAGxHotFeM2EHpD+Mpa6o0Jax5+pIEwIWEDYVw0OQSia28I49qPPNFAGFGr3yFMqPXvIw2EN+lEi2mhDz5IgZBM7iRW+h08yS2JdXDHT/O4arZjIDnEyl+wdsz4cp5+A7vkoEmsBsIu26zpq95Y0/17VDgm9DMlelvaMWMD4YPqasi/xRxnm1L1P5uXHmLlL/7ZMWMDoYGwy3ef9tUDtYO0HGLlL1g7ZmwgNBB2+a6BcCnl38j0O4R3i0kmfBLrot6J01LN4o0BUD7Vlb9gAaUlJQ2EBsISY82A6oGawT76jBxi5S9YR/nOPt9AaCDMeif+nB6oeGMAlEOs/AULKC0paSA0EJYYawZUD9QM9tFn5BArf8E6ynf2+QZCA2HWO/Hn9EDFGwOgHGLlL1hAaUkJBYJ2FkFUDMFSXtpT8aRO+Se5aU/hv6NGtZA5FUvnlJ6KpXXpGaRvA0FUmqhRAyWXrj0nxjnlEdVC5lQsHUx6KpbWpWeQvg0EUWmiRg2UXLr2nBjnlEdUC5lTsXQw6alYWpeeQfo2EESliRo1UHLp2nNinFMeUS1kTsXSwaSnYmldegbp20AQlSZq1EDJpWvPiXFOeUS1kDkVSweTnoqldekZpG8DQVSaqFEDJZeuPSfGOeUR1ULmVCwdTHoqltalZ5C+DQRRaaJGDZRcuvacGOeUR1QLmVOxdDDpqVhal55B+jYQRKWJGjVQcunac2KcUx5RLWROxdLBpKdiaV16BunbQBCVJmrUQMmla8+JcU55RLWQORVLB5OeiqV16RmkbwNBVJqoUQMll649J8Y55RHVQuZULB1MeiqW1qVnkL7RQKCG+C/lCNatRkS78jKFm8x400KwVDPVP1mn/JM9FUt2sIO/8NIZXzwkf6fiCOCj2rRoIki656MZRw6dcJMZGwiylfka2YHscp7B508Kr5GeDYQRtQZqdVFioiTWSFgNjBspFS0ijSZAZAc7+AuvkXEbCCNqDdTqosRESawGwsAS35XKDmSXc92/fkp4jfRsIIyoNVCrixITJbEaCANLbCDMiTXylByAETw5LOmewk946Xt/EquBINv7s0Z2cGWf6dS9IahSg3VioAbCvag7DpSuVfa5g7/w0hlf/Ng/ZRiRy2t1UWKiJFZvCL7D95WyA9nlXPd+h8C6PfuixEQyo942GghsrbtC2YHscq77Dw4EFeTZxVX+O4z27D138FffSp3wHwn4aM+zXxmEfFoM7amLErwGwr1Kou2VNZOda41okT4D3LOB8LZGFU0Wf2Vzy5zKX7TQ1xTtuYO/zil1wr+B8EFJNYcsQGt0UYKn/KWnYgmv9OHc0XOHZjqn1An/BkID4UsvNRDWvX7IAU7XNBAmFE0fAqGgixIs5S89FUt49YagKq2rk533htAbQm8I+KvxcqDSIZqMB+HfQGggNBAaCHceSIYah1D/lOFtByqafFroMqWnYgmvvjKoSuvqZOe9IfSG0BtCbwg/64Ygn2SajprPyZ6CpbySdT9Bs/QMKX137Fy1EG6KpXpFf7lpywDwqaKiCX8VNlmn/LWnzKk9BUtfU5R/sk75J3smtVUs5d9AeKfUDnPIouJL3xCi6RlEN6nZsXPVQrgplmjx8r1F8kvFLQNsMLeKm6qLL32DZukZUtqKZ1O9XnFUC+GmWDpDA6E3hE+9okYT0/aV4V7ipLaK1UB4p4CKpuZWcVN1yl/7yZzaU7AaCA2EL72pRruyuZVbqu4naJaeIaWtBlqq30g4Cre0rn1l6CtDXxmSpx2w9BA3EEDMjyVJ0QRrguLhR9RA2kjm1J6CNfKpqDOk6pR/qt+IFsJN96T8e0PoDaE3BD0toTo9xJcNBCE2knyiq/YULK3RRSme1MmcaV7SU7hfeeeqmWqheKrbVevohrBDNO2ZFHbH0mXONC/pqbomue3gpT2Tc6q2O+oaCO9U37F0MWSal/RUMya57eClPZNzqrY76hoIDYRDvkseFD2cQlh5aU/FE25XrmkgNBAO+TN5UPRwCmHlpT0VT7hduaaB0EA45M/kQdHDKYSVl/ZUPOF25ZoGQgPhkD+TB0UPpxBWXtpT8YTblWsaCA2EQ/5MHhQ9nEJYeWlPxRNuV65pIDQQDvkzeVD0cAph5aU9FU+4XbmGAuHSA8Dv9qf5iznUaGlugif8BWek5sp6jMxxZu2WPSX/gpQzxXrttcNosqgdvFR/4a9YWndlPXSGs+u27KmBML5mWdSVD4DwH1fl+yeurEd61hTelj01EMbXJ4u68gEQ/uOqNBDSmm3ZUwNhfI2yqAbCva5X1mPcAec8IT5LM+mXihOKyqKufACE/4Qs3z5yZT3Ss6bwtuypN4Tx9cmirnwAhP+4Kn1lSGu2ZU8NhPE1yqIaCH1lGHfW/RPis6M9Pj7fV4YJRWVRDYQGwoS17h4Rnx3t0UAIKCiLaiA0EI5aTXx2tMePC4S0ICk8DQRZehLrNp/iiRbCX3BGeCV7JrldlddtRuX29K8MutCz6/TQyaKSWCMHTzQT/oIzwivZM8ntqrwaCLrlhXXJQ5zEGjl4Ik/yEKTnFP5aI9ySWiR5NRBUzYV1YiBdVBKrgTC3dNlBA2FO27/iKTFQA+HeCknN0iYTbg2EtOo/CE8M1EBoIBy1fNJnL7fHZ//BpKOCrno+uagkVl8Z5jYuO+gNYU7bv+IpMVBvCL0hHD0MSZ/1hnB0G988n1xUEqs3hLmlyw7+mhuCiDEn83M+dfbid+h/9owjQSXcVDPBUm5JrPTJYG7yHYKKmx7iqngqbor/Dv3PnlEP3ZVfs1SzK++TvlTcMUDqMK3A0cWneu/Q/+wZGwgpt3yOo/tsIEzsQcWdgP70kQbCvSyiv2omWBpWSayUd15xmFtfGcalV3HHkT9/Qs2d6qfX8mQ/PXTKTTXTXQpeEiutLXNrIIxLr+KOIzcQRDPRXw6whouGlfBSLNFhpIa5NRBGZP23VsUdR24giGaifwNh/DXrJawaCGLBOXHHkRsIolkDQVSa82wDYVzb3hAmNJNHkp/qSSy95ktQKZboNVLD3HpDGJG1rwzjavkTyUOcxNJDzIfuov8eafyVQQVxi5xbmTbRuey9m8yZ3qX01AnS3KTvDv7SM61F9JUhTU4WlayRBdz6/Q1zpmdUbWWfaW7Scwd/6ZnWooHwzg2ygAaCHJ8/a1RbQU8fAum5g7/0TGvRQGggfHoe4kYLvjenuTUQ3hRoIDQQGgiQCPJpDTAvJRpo0lOxlFsDoYHQQIDTIocTYBoIKtIV6nTp6VQ+e3aZMz2j9FQd0tyk7w7+0jOtRW8IvSH0hgCJIIcTYHpDUJGuUKdLT6fy2bPLnOkZpafqkOYmfXfwl55pLXpD6A2hNwRIBDmcANMbwkeRksLuWMDIt8TCT/TQTwHBEk4jNcpNMHfwF15ak9Ti1lP0iPdM/i6DkJMhdQFaJ7x0AQ2Ee9VVW9nVDm8IL61JaqF+jPdsILytWw2ZXIL01H6CpebWOuUmeDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIwUtiTYz87SPKLdk3qdnZvLYdzg1/h8TpP7p8VTPq0m91SXMLVvIAjMyZ7CtzPrs3ZMYRTZN6KLcGwrsN6QJE3CTWiImkVrkJltYkNdOeUie8NEQVS3hpT8VSbg2EBoJ66lCdGPKqQaWHU2YcETGph3JrIDQQRjw6XSuGTB4AJSq8Gggf1NRFibiKpQuVOuGlS+93CKL4nzWyg2f3hsw4ol5SD+XWG0JvCCMena4VQyYPgBIVXvphoVjKLamHcmsgNBDUn4fqxJDJA6BkhVcDoa8M3/pJTKTmFiw1t9YpN8WTOpnzqrwaCA2EBoKc8oGaBsKAWP+VJgNS9H8Jvv4FKW+L0gWIuIolNpF++ikm/UZqlNsI5pm1yT2dyfu1V1r/BsLm7xDERLr0HeZWbjLnjpodmiXnTOvfQGggHPJn2pCHyEw83EC4F62B0ECYOEZvjzQQDsl3+OG0/g2EBsIhU6YNeYjMxMO9IfSG8KVt1BxyCBRLPCz9+qWiKPlnTXJPcwyOPaXe0C69IfSGoF75tC5tyENkJh5uIPSG0BvCxMH56pEGQlDMCai0/r0h9IYwYcN+qXhItODDDYQJMVU0vT4KnmLJONKv3yGIkv0O4ZFKp98QHhHa+f/1EMsBVSyZV/oJzs4a0UPnFCydVXsKXpLXrV+Sm/B/+VA5+0eXldiOOl2oLEqxZE7pJzg7a0QPnVOwdFbtKXhJXg0EUXxxjS5UTKRYMpL0E5ydNaKHzilYOqv2FLwkrwaCKL64RhcqJlIsGUn6Cc7OGtFD5xQsnVV7Cl6SVwNBFF9cowsVEymWjCT9BGdnjeihcwqWzqo9BS/Jq4Egii+u0YWKiRRLRpJ+grOzRvTQOQVLZ9Wegpfk1UAQxRfX6ELFRIolI0k/wdlZI3ronIKls2pPwUvyaiCI4otrdKFiIsWSkaSf4OysET10TsHSWbWn4CV5NRBE8cU1ulAxkWLJSNJPcHbWiB46p2DprNpT8JK8fkQgiGg/oUZMlDaH6Ca8bjjCLYmVNneSv+iqminWjjreZ/IHk3YMuqOniCumTXMXXmruJFYDIb3pcTzeZwNhjbgNhHtd1ZCyDdE22U9DVLjvqlE9oj+6vGvYs/uKuGLaNG/hpeZOYvWGkN70OB7vszeENeI2EHpDGHfWuicaCOu0pd9CayA0EBZacBi6gTAsmT8g4jYQGgjuqPWV4tmX18m+MowvQ8RtIDQQxp217gnxbANhUn8Rt4HQQJi015LHxLMNhEnpRdwGQgNh0l5LHhPPciAsYVjQKlAFLqcAfYdwOdYlVAWqwBIFGghLZC1oFXhOBRoIz7m3sq4CSxRoICyRtaBV4DkVaCA8597KugosUaCBsETWglaB51SggfCceyvrKrBEgQbCElkLWgWeU4EGwnPurayrwBIF/gfeRUQ/toSb5QAAAABJRU5ErkJggg==
CTFshow MISC 杂项签到~misc4_第51张图片在输出结果的开头加上data:image/png;base64,然后直接扔进浏览器
CTFshow MISC 杂项签到~misc4_第52张图片微信扫码得
CTFshow MISC 杂项签到~misc4_第53张图片得到flag{gif_is_so_easy}

11.stega10

打开压缩包发现一张图片heart.jpg,010打开
CTFshow MISC 杂项签到~misc4_第54张图片在一串2的上面有一串base64字符
aHR0cHM6Ly93d3cubGFuem91cy5jb20vaTliMGtzZA,解密得到一个网址
:https://www.lanzous.com/i9b0ksd
CTFshow MISC 杂项签到~misc4_第55张图片链接一直提示无法打开,搜了下才知道要去掉s,https://lanzoui.com/i9b0ksd,下载flag压缩包,查看发现密码文件夹里包含9个带密码的txt文件,crc32爆破
CTFshow MISC 杂项签到~misc4_第56张图片得到密码447^*5#)7,打开压缩包,解压n.zip之后发现一张png图片,但是明显有问题,因为无法显示,010打开
CTFshow MISC 杂项签到~misc4_第57张图片结尾发现GNP,应该是反了,上脚本

f = open('C:/Users/lenovo/Desktop/flag/n/n.png', 'rb').read()
res = open('C:/Users/lenovo/Desktop/flag/n/n2.png', 'wb')
res.write(f[::-1])

CTFshow MISC 杂项签到~misc4_第58张图片转换完成后,发现是一张二维码图片,QR打开
CTFshow MISC 杂项签到~misc4_第59张图片
flag{我好难啊}

12.stega11

附件解压后发现一张三明治图片,看了下后缀为.jpg,分离文件失败,010查看下文件
CTFshow MISC 杂项签到~misc4_第60张图片发现一大堆D@DD,然后在其下面有一串字母很像编码:
MZWGCZ33GZTDCNZZG5SDIMBYGBRDEOLCGY2GIYJVHA4TONZYGA2DMM3FGMYH2
CTFshow MISC 杂项签到~misc4_第61张图片
开始base家族的表演,base32解密
CTFshow MISC 杂项签到~misc4_第62张图片

13.misc4

根据提示加上rar后缀,解压得到办公文档.doc,打开时提示错误,010打开,发现PK,还是压缩包格式
CTFshow MISC 杂项签到~misc4_第63张图片
改文件后缀为zip,解压得
CTFshow MISC 杂项签到~misc4_第64张图片直接搜索flag,发现没有反应,继续观察,没啥头绪,一个个翻,在Documents\1\Pages\1.fpage中发现不同
CTFshow MISC 杂项签到~misc4_第65张图片观察UnicodeString=“”里面的字符,拼凑出来flag{}{xps?Oh,Go0d!}
flag{xps?Oh,Go0d!}

你可能感兴趣的:(java)