CTFshow MISC 杂项签到~misc4

1.杂项签到

下载后发现是一个压缩包，但是直接打开提示压缩包文件头部已损坏

猜测是Zip伪加密，使用ZipCenOp.jar进行解密
可直接解压，打开flag.txt，发现flag
flag{79ddfa61bda03defa7bfd8d702a656e4}

2.misc2

打开压缩包发现无后缀名文件，记事本打开发现除了乱码，还有flagnothereFAT11，猜想flag与FAT11有关（软盘：最早的可移动介质，后来逐渐被u盘取代）
网上搜索这是虚拟机辅助的，新建虚拟机
添加软盘驱动器
打开虚拟机得到flag
flag{ctfshow}

3.miscx

下载附件后，发现有flag.txt，hint.txt都有密码，继续点进去，发现misc1压缩包，misc.png图片可以打开

发现2020，盲猜是某个密码，果然是misc1压缩包里music.doc文件的密码，打开文件发现一串音符♭‖♭‖‖♯♭♭♬‖♩♫‖♬∮♭♭¶♭‖♯‖¶♭♭‖∮‖‖♭‖§♭‖♬♪♭♯§‖‖♯‖‖♬‖‖♪‖‖♪‖¶§‖‖♬♭♯‖♭♯♪‖‖∮‖♬§♭‖‖‖♩♪‖‖♬♭♭♬‖♩♪‖♩¶‖♩♪‖♩♬‖¶§‖‖♩‖¶♫♭♭♩‖♬♯‖♬§♭‖♭‖♩¶‖‖∮♭♭♬‖‖♭‖♫§‖¶♫‖♩∮♭♭§‖♭§‖♭§§=
音符加密，链接https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue
解密后发现base64密码U2FsdGVkX1/eK2855m8HM4cTq8Fquqtm6QDbcUu4F1yQpA==，解密，不对，一串乱码，发现是rabbit解密，网址：http://www.jsons.cn/rabbitencrypt/
解出welcome_to_payhelp，猜想为hint.txt的密码，果然，打开txt文件发现VmpKMFUxTXhXWGxVV0dob1RUSjRVVll3V2t0aFJscDBZMGhLYTAxWGVIaFZiRkpUWWtaYVZWSnJXbFpOVjJoeVZYcEdZVkpzVG5KVWJHaHBWa1ZWZDFkV1ZtRmtNRFZYVjJ4c2FWSlVWbFJVVnpWdVRXeFZlV1ZHVGxSaVZrWTBXVlJPYzFWR1pFZFRiVGxYWW01Q1dGcEdXbE5UUjBZMlVXMTBWMWRGU2xkV1ZtUXdVekpGZUZOWWJHaFRSVFZWV1d0YVMxTXhjRVZUYTFwc1ZteHdlRlp0ZERCV01VcFlaRE53V0Zac2NIWldSekZMVW1zeFdWSnNTbWxXUjNodlZtMXdUMkl5Vm5OaVNGWnBVbXh3YzFac1VrZFNiRlY0WVVkMFZXSlZXbmxWYlRWUFZsWlplbEZyWkZSaVJrcFFWV3hGYkUwd1VXeE5NRkVsTTBRJTNE
然后经过base64多次解密得到welcome_to_2020%0Aflag%20is%20coming…%0Athe%20key%20is%20hello%202020%217
url解码所有特殊字符得到welcome_to_2020
flag is coming…
the key is hello 2020!7
得到flag.txt文件的密码hello 2020!打开txt文件得到flag
flag{g00d_f0r_y0u}

4.misc50

拿到图片，010打开，发现末尾存在flag.zip
并且在文件夹内发现一串base64编码Sk5DVlM2Mk1NRjVIU1gyTk1GWEgyQ1E9Cg==
解码得JNCVS62MMF5HSX2NMFXH2CQ=
base32解码得KEY{Lazy_Man}

联想到图片内有zip压缩包，应该是压缩包密码，binwalk分离压缩包
分离出文件夹
解压时发现密码不对，又在右边提示了一串base32编码，解码得123456
输入密码，打开thienc.txt发现打开txt里面的内容，是一堆数字。且3078重复出现。每俩位16进制转字符，发现3078 就是0x那么使用脚本，进行批量转换。得到一堆0x 0x的文本。分析前几个字符串0x37 0x7a，发现37 7a 是7z压缩包的文件头。那么思路来了：批量删除0x，转换为7z文件。
下面是python的脚本。(来自大佬博客：https://blog.csdn.net/Nancy523/article/details/117547013)（open后括号的引号内为文件路径）

f = open('C:/Users/lenovo/Desktop/thienc.txt').read()

f1 = ''
for i in range(0, len(f), 2):
    n = int(f[i:i + 2], 16)
    f1 += chr(n)

f1 = f1.split('0x')[1:]
f2 = b''
for i in f1:
    f2 += bytes.fromhex(i.zfill(2))

f3 = open('C:/Users/lenovo/Desktop/1.7z', 'wb')
f3.write(f2)

转换成功后，压缩包内为secenc.txt，解压发现密码，输入最开始找到的KEY{Lazy_Man}就是密码，打开后发现base64编码发现不成功，应该是base64与base32混合解码，代码如下：（抄至大佬）

import base64
import re

f = open('C:/Users/lenovo/Desktop/secenc.txt').read().encode('utf-8')

while True:
    if re.match('^[2-7A-Z=]+$', f.decode('ut-f-8')):
        f = base64.b32decode(f)
    elif re.match('^[0-9a-zA-Z+/=]+$', f.decode('utf-8')):
        f = base64.b64decode(f)
    else:
        print(f.decode('utf-8'))
        break

解密后得到
在线brain fuck/Ook!解码。网址：https://www.splitbrain.org/services/ook，
Ook！to Text
Brainfuck to Text
flag为flag{Welc0me_tO_cTf_3how!}

5.misc30

下载附件，发现为附件名为rar，改后缀名为rar，解压星空后010查看，没什么发现，看下图片属性，发现属性中有little stars

发现其为眼见不一定为实.doc文档的密码，打开文档
猜测文档内隐藏的有信息，Ctrl+a全选
果然下面还有隐藏信息（不愧是眼见不一定为实），改变字体颜色

发现Hello friend!，去打开flag.png试试
是一张二维码，扫码得到flag
flag{welcome_to_ctfshow}

6.stega1

打开压缩包后发现一张图片，经过查看属性，010，StegSolve.jar查看无效，猜想为JPHS隐写,打开图片，Seek，没有密码
保存附件为flag.txt
打开flag.txt文件得到flag
flag{3c87fb959e5910b40a04e0491bf230fb}

7.misc3

给了一串密文：zse4rfvsdf 6yjmko0，根据提示想想自己的手下面，键盘，发现两串密文分别组成了一个字母：A和V，又提示小写，故flag为
flag{av}

8.misc40

打开附件发现四个文件，分别为conversion.txt，svega.mp3，svega.wav，一张普通的二维码.png，打开conversion.txt文件，发现110001010100011101 2>4>8>10
应该是进制转换，根据提示二进制转十进制，为202013，网址：http://www.youkud.com/tool/jinzhi.php
一张普通的二维码.png扫描二维码提示flag不在这里哦~~，010打开
发现Brainfuck
解码得到核心价值观编码，解码，和谐民主和谐文明和谐和谐和谐自由和谐平等和谐公正,网址：http://www.hiencode.com/cvencode.html
解得密码123456，得到密码，使用mp3stego解密MP3文件
解密出svega.mp3.txt，打开得到
解压文件之后，根据提示静默之眼，得知解密工具应该是 silent eye
选择WAVE,SES128，勾选 Encrypted date，high，key为上面解出的202013，点击Decode，发现flag
flag{C0ngr4tul4ti0n!}

9.misc30

打开压缩包发现aihe.mp3，还是图片样式，分离文件，binwalk分离不成功，foremost可以，分离得到00000000.jpg
打开图片发现图片长和高有问题，371的16进制是01 73，895的16进制是03 7F，winhex搜索01 73改成03 7F
改完后发现猪圈密码
解密，网址：http://www.metools.info/code/c90.html
出现：well done，应该是flag
flag{well done}

10.红包第一弹

解压文件得到86个压缩包,打开后发现应该是由一张gif图拆分而成,010打开发现果然有GIF89
并且发现每张图片末尾有base64编码
不会写代码，又懒得一张一张图片复制粘贴，偷的八神的代码，谢谢大佬

import zipfile

path1 = 'C:/Users/lenovo/Desktop/flag/'
path2 = 'C:/Users/lenovo/Desktop/flag/out/'

res = ''
for i in range(1, 87):
    zip = zipfile.ZipFile(path1 + str(i) + '.zip')
    jpg = str(i) + '.jpg'
    zip.extract(jpg, path2)
    zip.close()

    f = open(path2 + jpg, 'rb').read()
    res += f[len(f) - 100:len(f) + 1].decode('utf-8')
print(res)

出现结果b a s e 6 4 : iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAY3ElEQVR4Xu3d4XobtxID0Ob9Hzr3k1tfW45tHXLB5cpB/3YWg8GAEFexk1+/f//+/U//qwJVoAr8888/vxoI9UEVqAKvCjQQ6oUqUAX+r0ADoWaoAlWggVAPVIEq8KcCvSHUFVWgCvSGUA9UgSrQG0I9UAWqwDcK9JWh9qgCVWDsleHXr1+V7J0C8rNcSc2k364F6Zwyww6sXbqd3Vf0v3GiG4Iu6uwhd/UTcZOaSb9dWuicMsMOrF26nd1X9G8gTG5FxFVzCwXpJzgranROmWEH1gpNrogp+jcQJjcn4qq5hYL0E5wVNTqnzLADa4UmV8QU/RsIk5sTcdXcQkH6Cc6KGp1TZtiBtUKTK2KK/g2Eyc2JuGpuoSD9BGdFjc4pM+zAWqHJFTFF/wbC5OZEXDW3UJB+grOiRueUGXZgrdDkipiifwNhcnMirppbKEg/wVlRo3PKDDuwVmhyRUzRv4EwuTkRV80tFKSf4Kyo0Tllhh1YKzS5Iqbo30CY3JyIq+YWCtJPcFbU6Jwyww6sFZpcEVP0jweCNr2iYC9i4E9kPvucor9qIVi3GtFMe56NpTPuqEtq1kD4sMG0uDsMkuqpWmi/sw+x8hdeOuOOuvSc0R9drrg7LLGmpxpNu4s3tOfZWDrjjrqkZr0h9IbwpYfVaHoIzj7Eyl946Yw76tJz9obwbotpcXcYJNVTtdB+cvC059lYOuOOuqRmvSH0htAbwpP/syQNhIUxnBZ3IdXl0KqFEjn7U135Cy+dcUddes6+MvSV4VMfq9H0EMjB055nY+mMO+qSmvWVoa8MfWXoK8OdB06/IWiiJdNWPlFe0jH4g0lJLNVCeypesk52oPzPxhrxxjNrtuWGoEs/W9iRpe8wpOixQ1vhdas5WzPVQniNeEP1kDrhFp9T/rHXZFPFEsG0RoQdWbrg6ZyCpXNqT8VL1smcyv9srBFvPLNmvSEs/A4haW41mfZUvGTd2YdYtRBeDYQLHJSzzTiydDFR2pCih/YUrHTN2ZqpFsJrxBtJ3YRbfM6+MrytMCluEktNpj0VL1l3trlVC+HVQOgN4duzICZKG1IOp/YUrHTN2ZqpFsKrgdBAaCCEE0EOXvIQJ7EaCA2EBkID4U4BDZikbGeH6Evw9TuEfoeQNPFXWGebWw+w8OoNoTeE024IchjTphU8PVDCX2uEl2Ipf+2peMpP6oSb8hKs3hCeJPh4mRt+9FqMrTU6p+DFDwpqK9y0RvSIz9lXhr2vDGIOMcbItVbw1GjCX2uEl2Ipf+2peMpP6oSb8hKs3hB6Q/jSl2o0MbbWqGkFT/lrT8UTbloj3JSXYDUQGggNBPz1Zz14etilTg6x8hKsBkIDoYHQQLjzQP/Y8Z0cybRVrNQnRb9DuFdS9edPzn6peP0v2+Qw3WrSSxc8NaTMIP0aCA2E77zEHuqfMlw/+HiZ+CkmeMlAk9AbCW7BU/6ixUjYCjetEW7xORsIDYTPDKpGU3NLnRwAwRk5wNrzqnooL56zgXD9QNBDoHVijrjR8PYiMzw7f5lRb0zxPTUQGghHbghyOEc+seWwSM/4QQkGmszYQFCVJurEQCOmFTw15MQ4hx9J8hesEW1lOOmp+gtWmr/M2EBQlSbq0ksXPDXkxDiHH0nyF6z0gZKeqr9gpfnrAoVbfM6+MvSVoa8Mj4+oHrzHSF7RQHCthipF2JFPAcHbYSAVJclfsEa0lRmkp+ovWGn+MmNfGVSlibr00gVPDTkxzuFHkvwFK32gpKfqL1hp/rpA4Rafs68MfWXoK8PjI6oH7zGSVzQQXKuhShF25FNA8HYYSEVJ8hesEW1lBump+gtWmr/M+Ne8MqgYO+rSJpIZpKeaVvqlzZ3mpjM8qhNd9dA96rXz/6fnPP23HXeK96h3WtxH/fRwpg+dzin809ykp9TojFflLzOqf0aCr4HwTvkdJpKeadNKTzVkmpv2fVSnM16V/6P5Xv9/es4GQgNBvfdp3VUPVPqgHBJp4cPpORsIDYRDdm0gHJLv8MMNhMMSfg2QFleoSs/0oZOewn3k3VTxUnU6Y1rbFH/FSc/ZG0JvCOq9vjIcUmrNww2ENbq+oKbFFarSM/0pJj2Fe28IqtK6Ot2leqg3hN4QDrlVjXaoycTD6YMyQeGUR9JzNhAaCIeM20A4JN/hhy8dCIenexIAOQTJRSWx9NVIZlQsfbVIzqlYT2K5wzR5n8lfbjrM+kkARFw15NlYeoiFl2I1EPYbm/fZQBhflojbQLjX9aqajW//OZ8Q/V8CvoEwvmARt4HQQBh31ronxLMNhEn9RdwGQgNh0l5LHhPPNhAmpRdxGwgNhEl7LXlMPNtAmJRexG0gNBAm7bXkMfFsA2FSehG3gdBAmLTXksfEsw2ESelF3AZCA2HSXkseE882ECalF3EbCA2ESXsteUw8y4GwhGFBXxSQ4OBl4r8/qHhnr0i0uHG6Kv+z9VrRj34OYUXjYv6rgBwCPQCCdeUD9ez8f4KnGwibtyiHoIEw/vqxea1P276BsHl1DYS3BYgWV77hbLZSpH0DISLjPIgcgt4QekOYd9jYkw2EMb3i1Q2E3hDipjoA2EA4IF7i0QZCAyHhoxRGAyGl5CROA6GBMGmdJY81EJbI6qANhAaCu2V9JQWCmHY91c876Bduwk/nlJ5JLOG+qyY5p2LJrLIjwXmtSXLTvjKD8hKsG68GwrvtJMVNYqmBdtQl51QsmVMPgGC9HBT8KVDFkzqZQXkJVgPhw1aS4iaxxDy7apJzKpbMqgdAsBoIkwdFxU3WJRevhpSeSaykXmms5JyKJTPIjgSnrwyfqJRc1MgSpDa5eJ1TeiaxRIddNck5FUtmlR0JTgOhgfDQJ2I2NbdgPSS0sSA5p2LJuGldk9yE/61GZlBegtXvECZfjUTc9KLURGfXJedULJlRdiQ4vSH0hvDQJ2I2NbdgPSS0sSA5p2LJuGldk9yEf28IqtKHuuTidenSM4k1Kc0pjyXnVCwZTHYkOL0h9Ibw0CdiNjW3YD0ktLEgOadiybhpXZPchP+lbwg6gNSpsOmFCjetkRmUfxJL+Uud8BKc1xrRQ3sKlnJL9kxiKf90Hf2kYrLpjxANfmpNTSt6KNaOPWlPmUG00E9O5ZXsmcRS/um6BsKEorJ4OQC31kmsiVG+fER4jfQTPbSnYCm3ZM8klvJP1zUQJhSVxatpk1gTozQQ4LantxLZpWIldzmC1UAYUeu/Wll8A+FeWNFDdE0fqGTPJNaELSOPNBAmZJTFywHoK8O9+KJrA2HCsAOPNBAGxHotFeM2EHpD+Mpa6o0Jax5+pIEwIWEDYVw0OQSia28I49qPPNFAGFGr3yFMqPXvIw2EN+lEi2mhDz5IgZBM7iRW+h08yS2JdXDHT/O4arZjIDnEyl+wdsz4cp5+A7vkoEmsBsIu26zpq95Y0/17VDgm9DMlelvaMWMD4YPqasi/xRxnm1L1P5uXHmLlL/7ZMWMDoYGwy3ef9tUDtYO0HGLlL1g7ZmwgNBB2+a6BcCnl38j0O4R3i0kmfBLrot6J01LN4o0BUD7Vlb9gAaUlJQ2EBsISY82A6oGawT76jBxi5S9YR/nOPt9AaCDMeif+nB6oeGMAlEOs/AULKC0paSA0EJYYawZUD9QM9tFn5BArf8E6ynf2+QZCA2HWO/Hn9EDFGwOgHGLlL1hAaUkJBYJ2FkFUDMFSXtpT8aRO+Se5aU/hv6NGtZA5FUvnlJ6KpXXpGaRvA0FUmqhRAyWXrj0nxjnlEdVC5lQsHUx6KpbWpWeQvg0EUWmiRg2UXLr2nBjnlEdUC5lTsXQw6alYWpeeQfo2EESliRo1UHLp2nNinFMeUS1kTsXSwaSnYmldegbp20AQlSZq1EDJpWvPiXFOeUS1kDkVSweTnoqldekZpG8DQVSaqFEDJZeuPSfGOeUR1ULmVCwdTHoqltalZ5C+DQRRaaJGDZRcuvacGOeUR1QLmVOxdDDpqVhal55B+jYQRKWJGjVQcunac2KcUx5RLWROxdLBpKdiaV16BunbQBCVJmrUQMmla8+JcU55RLWQORVLB5OeiqV16RmkbwNBVJqoUQMll649J8Y55RHVQuZULB1MeiqW1qVnkL7RQKCG+C/lCNatRkS78jKFm8x400KwVDPVP1mn/JM9FUt2sIO/8NIZXzwkf6fiCOCj2rRoIki656MZRw6dcJMZGwiylfka2YHscp7B508Kr5GeDYQRtQZqdVFioiTWSFgNjBspFS0ijSZAZAc7+AuvkXEbCCNqDdTqosRESawGwsAS35XKDmSXc92/fkp4jfRsIIyoNVCrixITJbEaCANLbCDMiTXylByAETw5LOmewk946Xt/EquBINv7s0Z2cGWf6dS9IahSg3VioAbCvag7DpSuVfa5g7/w0hlf/Ng/ZRiRy2t1UWKiJFZvCL7D95WyA9nlXPd+h8C6PfuixEQyo942GghsrbtC2YHscq77Dw4EFeTZxVX+O4z27D138FffSp3wHwn4aM+zXxmEfFoM7amLErwGwr1Kou2VNZOda41okT4D3LOB8LZGFU0Wf2Vzy5zKX7TQ1xTtuYO/zil1wr+B8EFJNYcsQGt0UYKn/KWnYgmv9OHc0XOHZjqn1An/BkID4UsvNRDWvX7IAU7XNBAmFE0fAqGgixIs5S89FUt49YagKq2rk533htAbQm8I+KvxcqDSIZqMB+HfQGggNBAaCHceSIYah1D/lOFtByqafFroMqWnYgmvvjKoSuvqZOe9IfSG0BtCbwg/64Ygn2SajprPyZ6CpbySdT9Bs/QMKX137Fy1EG6KpXpFf7lpywDwqaKiCX8VNlmn/LWnzKk9BUtfU5R/sk75J3smtVUs5d9AeKfUDnPIouJL3xCi6RlEN6nZsXPVQrgplmjx8r1F8kvFLQNsMLeKm6qLL32DZukZUtqKZ1O9XnFUC+GmWDpDA6E3hE+9okYT0/aV4V7ipLaK1UB4p4CKpuZWcVN1yl/7yZzaU7AaCA2EL72pRruyuZVbqu4naJaeIaWtBlqq30g4Cre0rn1l6CtDXxmSpx2w9BA3EEDMjyVJ0QRrguLhR9RA2kjm1J6CNfKpqDOk6pR/qt+IFsJN96T8e0PoDaE3BD0toTo9xJcNBCE2knyiq/YULK3RRSme1MmcaV7SU7hfeeeqmWqheKrbVevohrBDNO2ZFHbH0mXONC/pqbomue3gpT2Tc6q2O+oaCO9U37F0MWSal/RUMya57eClPZNzqrY76hoIDYRDvkseFD2cQlh5aU/FE25XrmkgNBAO+TN5UPRwCmHlpT0VT7hduaaB0EA45M/kQdHDKYSVl/ZUPOF25ZoGQgPhkD+TB0UPpxBWXtpT8YTblWsaCA2EQ/5MHhQ9nEJYeWlPxRNuV65pIDQQDvkzeVD0cAph5aU9FU+4XbmGAuHSA8Dv9qf5iznUaGlugif8BWek5sp6jMxxZu2WPSX/gpQzxXrttcNosqgdvFR/4a9YWndlPXSGs+u27KmBML5mWdSVD4DwH1fl+yeurEd61hTelj01EMbXJ4u68gEQ/uOqNBDSmm3ZUwNhfI2yqAbCva5X1mPcAec8IT5LM+mXihOKyqKufACE/4Qs3z5yZT3Ss6bwtuypN4Tx9cmirnwAhP+4Kn1lSGu2ZU8NhPE1yqIaCH1lGHfW/RPis6M9Pj7fV4YJRWVRDYQGwoS17h4Rnx3t0UAIKCiLaiA0EI5aTXx2tMePC4S0ICk8DQRZehLrNp/iiRbCX3BGeCV7JrldlddtRuX29K8MutCz6/TQyaKSWCMHTzQT/oIzwivZM8ntqrwaCLrlhXXJQ5zEGjl4Ik/yEKTnFP5aI9ySWiR5NRBUzYV1YiBdVBKrgTC3dNlBA2FO27/iKTFQA+HeCknN0iYTbg2EtOo/CE8M1EBoIBy1fNJnL7fHZ//BpKOCrno+uagkVl8Z5jYuO+gNYU7bv+IpMVBvCL0hHD0MSZ/1hnB0G988n1xUEqs3hLmlyw7+mhuCiDEn83M+dfbid+h/9owjQSXcVDPBUm5JrPTJYG7yHYKKmx7iqngqbor/Dv3PnlEP3ZVfs1SzK++TvlTcMUDqMK3A0cWneu/Q/+wZGwgpt3yOo/tsIEzsQcWdgP70kQbCvSyiv2omWBpWSayUd15xmFtfGcalV3HHkT9/Qs2d6qfX8mQ/PXTKTTXTXQpeEiutLXNrIIxLr+KOIzcQRDPRXw6whouGlfBSLNFhpIa5NRBGZP23VsUdR24giGaifwNh/DXrJawaCGLBOXHHkRsIolkDQVSa82wDYVzb3hAmNJNHkp/qSSy95ktQKZboNVLD3HpDGJG1rwzjavkTyUOcxNJDzIfuov8eafyVQQVxi5xbmTbRuey9m8yZ3qX01AnS3KTvDv7SM61F9JUhTU4WlayRBdz6/Q1zpmdUbWWfaW7Scwd/6ZnWooHwzg2ygAaCHJ8/a1RbQU8fAum5g7/0TGvRQGggfHoe4kYLvjenuTUQ3hRoIDQQGgiQCPJpDTAvJRpo0lOxlFsDoYHQQIDTIocTYBoIKtIV6nTp6VQ+e3aZMz2j9FQd0tyk7w7+0jOtRW8IvSH0hgCJIIcTYHpDUJGuUKdLT6fy2bPLnOkZpafqkOYmfXfwl55pLXpD6A2hNwRIBDmcANMbwkeRksLuWMDIt8TCT/TQTwHBEk4jNcpNMHfwF15ak9Ti1lP0iPdM/i6DkJMhdQFaJ7x0AQ2Ee9VVW9nVDm8IL61JaqF+jPdsILytWw2ZXIL01H6CpebWOuUmeDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIxROq0lP7CZZwGqlRboK5g7/w0pqkFg0EVX2iThelhlQ8oSo9tZ9gCaeRGuUmmDv4Cy+tSWrRQFDVJ+p0UWpIwUtiTYz87SPKLdk3qdnZvLYdzg1/h8TpP7p8VTPq0m91SXMLVvIAjMyZ7CtzPrs3ZMYRTZN6KLcGwrsN6QJE3CTWiImkVrkJltYkNdOeUie8NEQVS3hpT8VSbg2EBoJ66lCdGPKqQaWHU2YcETGph3JrIDQQRjw6XSuGTB4AJSq8Gggf1NRFibiKpQuVOuGlS+93CKL4nzWyg2f3hsw4ol5SD+XWG0JvCCMena4VQyYPgBIVXvphoVjKLamHcmsgNBDUn4fqxJDJA6BkhVcDoa8M3/pJTKTmFiw1t9YpN8WTOpnzqrwaCA2EBoKc8oGaBsKAWP+VJgNS9H8Jvv4FKW+L0gWIuIolNpF++ikm/UZqlNsI5pm1yT2dyfu1V1r/BsLm7xDERLr0HeZWbjLnjpodmiXnTOvfQGggHPJn2pCHyEw83EC4F62B0ECYOEZvjzQQDsl3+OG0/g2EBsIhU6YNeYjMxMO9IfSG8KVt1BxyCBRLPCz9+qWiKPlnTXJPcwyOPaXe0C69IfSGoF75tC5tyENkJh5uIPSG0BvCxMH56pEGQlDMCai0/r0h9IYwYcN+qXhItODDDYQJMVU0vT4KnmLJONKv3yGIkv0O4ZFKp98QHhHa+f/1EMsBVSyZV/oJzs4a0UPnFCydVXsKXpLXrV+Sm/B/+VA5+0eXldiOOl2oLEqxZE7pJzg7a0QPnVOwdFbtKXhJXg0EUXxxjS5UTKRYMpL0E5ydNaKHzilYOqv2FLwkrwaCKL64RhcqJlIsGUn6Cc7OGtFD5xQsnVV7Cl6SVwNBFF9cowsVEymWjCT9BGdnjeihcwqWzqo9BS/Jq4Egii+u0YWKiRRLRpJ+grOzRvTQOQVLZ9Wegpfk1UAQxRfX6ELFRIolI0k/wdlZI3ronIKls2pPwUvyaiCI4otrdKFiIsWSkaSf4OysET10TsHSWbWn4CV5NRBE8cU1ulAxkWLJSNJPcHbWiB46p2DprNpT8JK8fkQgiGg/oUZMlDaH6Ca8bjjCLYmVNneSv+iqminWjjreZ/IHk3YMuqOniCumTXMXXmruJFYDIb3pcTzeZwNhjbgNhHtd1ZCyDdE22U9DVLjvqlE9oj+6vGvYs/uKuGLaNG/hpeZOYvWGkN70OB7vszeENeI2EHpDGHfWuicaCOu0pd9CayA0EBZacBi6gTAsmT8g4jYQGgjuqPWV4tmX18m+MowvQ8RtIDQQxp217gnxbANhUn8Rt4HQQJi015LHxLMNhEnpRdwGQgNh0l5LHhPPciAsYVjQKlAFLqcAfYdwOdYlVAWqwBIFGghLZC1oFXhOBRoIz7m3sq4CSxRoICyRtaBV4DkVaCA8597KugosUaCBsETWglaB51SggfCceyvrKrBEgQbCElkLWgWeU4EGwnPurayrwBIF/gfeRUQ/toSb5QAAAABJRU5ErkJggg==
在输出结果的开头加上data:image/png;base64,然后直接扔进浏览器
微信扫码得
得到flag{gif_is_so_easy}

11.stega10

打开压缩包发现一张图片heart.jpg，010打开
在一串2的上面有一串base64字符
aHR0cHM6Ly93d3cubGFuem91cy5jb20vaTliMGtzZA，解密得到一个网址
：https://www.lanzous.com/i9b0ksd
链接一直提示无法打开，搜了下才知道要去掉s，https://lanzoui.com/i9b0ksd，下载flag压缩包，查看发现密码文件夹里包含9个带密码的txt文件，crc32爆破
得到密码447^*5#)7，打开压缩包，解压n.zip之后发现一张png图片，但是明显有问题，因为无法显示，010打开
结尾发现GNP，应该是反了,上脚本

f = open('C:/Users/lenovo/Desktop/flag/n/n.png', 'rb').read()
res = open('C:/Users/lenovo/Desktop/flag/n/n2.png', 'wb')
res.write(f[::-1])

转换完成后，发现是一张二维码图片，QR打开

flag{我好难啊}

12.stega11

附件解压后发现一张三明治图片，看了下后缀为.jpg，分离文件失败，010查看下文件
发现一大堆D@DD，然后在其下面有一串字母很像编码：
MZWGCZ33GZTDCNZZG5SDIMBYGBRDEOLCGY2GIYJVHA4TONZYGA2DMM3FGMYH2

开始base家族的表演，base32解密

13.misc4

根据提示加上rar后缀，解压得到办公文档.doc，打开时提示错误，010打开，发现PK，还是压缩包格式

改文件后缀为zip，解压得
直接搜索flag，发现没有反应，继续观察，没啥头绪，一个个翻，在Documents\1\Pages\1.fpage中发现不同
观察UnicodeString=“”里面的字符，拼凑出来flag{}{xps?Oh,Go0d!}
flag{xps?Oh,Go0d!}