可恶,太菜了
Web
nisc_easyweb
题解
dirsearch
扫描得到robots.txt
- 访问
/api/record/
,得到api_test.php
- 访问查看源代码,找到
hint
get
参数得到flag
吃豆人吃豆魂
题解
- 查看源代码,在
index.js
发现base64
的flag
Misc
chechin_gift
题解
010
查看附件,结尾存在base64
- 替换码表
- N-ZA-Mn-za-m0-9+/=
- base32
- DASCTF{722433fc22f2e79959da2208d84cbb40}
m4a
题解
- 打开音频文件,很明显是一串摩尔斯密码,转换为 MP3,拖入 Audacity 查看波形图
- 1000 01 00001 00011 1000 1010 0 0010 1010 00111 11111 00001
- BA43BCEFC204
010
查看m4a
- 文件结尾有倒置的 PK 文件,写脚本
with open('1.m4a', 'rb') as rb:
content = rb.read().hex()
a = content[::-2]
b = ' ' + content[::-1]
b = b[::2].replace(' ', '')
c = ''
for i in range(len(a)):
c += b[i]
c += a[i]
with open('1.txt', 'w') as w:
w.write(c)
- 导入
010
,运行zip
模板删除多余内容,用key
解压 - 看 wp 知道这是
rot47+atbash
- DASCTF{5e0f98a95f79829b7a484a54066cb08f}
Unkn0wnData
题解
010
打开,结尾存在base64
,magic
爆破加密
- 图片存在
LSB
隐写,保存 bin
- 解压
zip
得到
data:
0000100000000000
00000c0000000000
00000e0000000000
00002a0000000000
0000100000000000
0000040000000000
0000080000000000
00002a0000000000
0000160000000000
00000b0000000000
00000c0000000000
00001c0000000000
00002a0000000000
00002c0000000000
0200340000000000
00002a0000000000
0200090000000000
00000c0000000000
0000110000000000
0000070000000000
0200170000000000
00002a0000000000
0200170000000000
00000b0000000000
0000080000000000
0000120000000000
00002a0000000000
0200150000000000
0000080000000000
0000040000000000
00000f0000000000
00000a0000000000
00002a0000000000
02000e0000000000
0000080000000000
00001c0000000000
00000a0000000000
00002a0000000000
0000040000000000
0000110000000000
0000070000000000
00000f0000000000
00002a0000000000
0200100000000000
0000040000000000
00000e0000000000
0000080000000000
0000080000000000
00002a0000000000
02000c0000000000
0000170000000000
02001e0000000000
0000070000000000
00002a0000000000
- 键盘流量
- mik
maeshiy:FindTTheoRealgKeygandlMakeeIt!d mimashi FindTheRealKeyandMakeIt!
- mik
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
keys = open('key.txt')
output = ""
for line in keys:
k = line[1]
n = line[4:6]
if k == '0':
print(normalKeys[n], end='')
elif k == '2':
print(shiftKeys[n], end='')
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
keys = open('key.txt')
output = ""
for line in keys:
k = line[1]
n = line[4:6]
if n == '2a':
print(output[-1], end='')
if k == '0':
output += normalKeys[n]
elif k == '2':
output += shiftKeys[n]
- key: Toggled
emoji-aes
解码- https://aghorler.github.io/emoji-aes/#
- 手动解码
- U2FsdGVkX1+psEGiQ9Bl3PbdKi4mYKSHJfRIoCoRo/bepbG8tJvD+pzC53ApwRR3ekX4K0X6tZ9F2z6PxNVOOw==
import base64
from Crypto.Cipher import AES
import string
emojisInit="🍎🍌🏎🚪👁👣😀🖐ℹ😂🥋✉🚹🌉👌🍍👑👉🎤🚰☂🐍💧✖☀🦓🏹🎈😎🎅🐘🌿🌏🌪☃🍵🍴🚨📮🕹📂🛩⌨🔄🔬🐅🙃🐎🌊🚫❓⏩😁😆💵🤣☺😊😇😡🎃😍✅🔪🗒"
alpha = string.ascii_lowercase+string.ascii_uppercase+string.digits+"+/="
a = "🙃💵🌿🎤🚪🌏🐎🥋🚫😆✅🍍🎤🐘🌏ℹ⌨😍🎈✉🤣🛩🍌🚪🍴ℹ☺🚹❓🍴🔬🌪🍵👣🔄☃👌😎👌🔄👌🔪🍌👁🍍🍌🌏🎃🚰🍵🐍🎅✅🍍🦓😎😊🤣🏹🍍💧🔄🔄🤣👁🥋🚫☺🍴😁🚫😇🚰⏩😍🌿💵🦓😇🛩✖🕹🐎📂📂💧🗒🗒"
base64data = ""
for i in a:
base64data += alpha[emojisInit.index(i)]
print(base64data)
- AES解密
- DASCTF{ad15eecd2978bc5c70597d14985412c4}
好怪啊
题解
- 下载附件,010打开,发现结尾处存在 kp 怀疑是倒置的zip文件
a = ... # 复制的原 16进制编码
b = []
a = a.split()
for i in range(len(a)):
b.append(a[len(a) - i - 1])
with open('a.txt', 'w') as w:
w.write(''.join(b))
- 导入至010editor,保存为test.zip,解压得到 flag.png
- 修复文件头,改高,得到
flag
奇怪的棋盘
题解
- 给了一个棋盘,是典型的ADFGVX 密码所用到的棋盘,但是txt中只有11,14,21,22,51,53这六种情况,甚至没有6的出现,所以应该不是直接对应ADFGVX密码,而是对应了波利比奥斯方阵
a b c d e
f g h i/j k
l m n o p
q r s t u
v w x y z
- 写脚本转化
b = "11,22,11,53,53,14,11,22,22,51,22,22,51,14,51,11,14,11,51,53,14,22,11,14,51,22,14,51,11,11,14,14,14,14,21,53,11,21,11,21,14,22,14,51,53,53,14,22,22,14,22,22,14,53,14,14,21,14,14,53,51,22,53,11,14,22,51,14,21,53,51,51,11,11,14,14,53,14,53,53,11,14,14,51,22,22,22,53,22,53,53,53,53,22,53,53,22,22,53,22,14,51,51,51,22,22,22,11,22,11,11,11,11,22,11,11,22,22,11,22,14,14,14,11,22,11,22,22,22,11,22,22,11,22,11,22,11,11,11,51,11,11,11,53,22,53,22,22,22,53,22,22,53,22,53,22,53,53,53,51"
s = b.split(',')
print(s)
ans = ""
bns = ""
print(int(s[0][1]))
for i in range(len(s)):
if s[i] == '11':
ans = ans + 'A'
if s[i] == '14':
ans = ans + 'D'
if s[i] == '22':
ans = ans + 'G'
if s[i] == '21':
ans = ans + 'F'
if s[i] == '51':
ans = ans + 'V'
if s[i] == '53':
ans = ans + 'X'
print(ans)
- 图片
LSB隐写
,得到base32
的keyword
- LastKey{Yusayyds}
- 得到
ADFGVX
密码的密文,解密- DASCTF{d859c41c530afc1c1ad94abd92f4baf8}
key square:ph0qg64mea1yl2nofdxkr3cvs5zw7bj9uti8
key words:Yusayyds
密文:AGAXXDAGGVGGVDVADAVXDGADVGDVAADDDDFXAFAFDGDVXXDGGDGGDXDDFDDXVGXADGVDFXVVAADDXDXXADDVGGGXGXXXXGXXGGXGDVVVGGGAGAAAAGAAGGAGDDDAGAGGGAGGAGAGAAAVAAAXGXGGGXGGXGXGXXXV
解密:4441534354467b64383539633431633533306166633163316164393461626439326634626166387d