青少年CTFmisc-simpleness
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337743-271538920.png提示弱口令 爆破出hint的密码123456
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337932-751581659.png
hint.zip里面解出两个文件:
hint.png
hint.rar
这个hint.rar是伪加密,随便打开一个十六进制的编辑器:
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337795-698876927.png
,这里的24表示已加密,改成20表示未加密,
打开hint.txt
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337647-1951584238.png
提示1:key.zip的密码范围是qsnctf大小写,且此密码可多次使用
提示2:要用到SilentEye0.3.1这个工具
再看第二个文件:hint.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337751-783539204.png
丢到foremost看一下发现里面藏了个zip
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337799-3224812.png
里面只有一张二维码
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337629-1978687687.png
得到提示最后的压缩包密码是中文
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337657-73527586.png
回头 提示1 key.zip的密码范围是qsnctf大小写,且此密码可多次使用
现在做个字典 利用脚本 或者 工具都可以
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337681-1599129496.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337817-1867865798.png
得到压缩包key.zip的密码:QsNcTf
打开图片
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337830-1715263672.png
提示2:要用到SilentEye0.3.1这个工具
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337779-2011904058.png
里面有个1.txt
零宽
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337675-1688124354.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337680-733125524.png
得到密码The password is Hello World
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337698-216702065.png
没东西一看就是无字天书
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337888-1279547565.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337706-1645441465.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337727-483933622.png
提示3:是 最后一个压缩包的密码是中文 ,想到这可能是中文电码
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337724-844377407.png
密码 这是密码吗
发现flag.jpg并不能打开,丢到十六进制编辑器里面
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337703-1853085535.png
转换一下 这里直接用q1jun大佬的脚本了
s = open("flag.jpg","rb").read()
a = open("flag1.jpg","wb")
for i in range(0 ,len(s), 4):#4位奇偶互换
s1 = s[::-1]
a.write(s1)
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337718-1081215363.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337720-1503755993.png
逆序一下
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337721-29306989.png
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337885-1514549562.png
一看就被缩短了
更改高度看下
得到flag
https://img2022.cnblogs.com/blog/2658992/202210/2658992-20221020151337886-1536078064.png
页:
[1]