安洵杯MISC

dacongのWindows

用R-studio打开.raw镜像文件

img

点击扫描,扫描镜像出现了两个磁盘

img

点击第二个磁盘,然后看看里面有什么,在桌面文件下发现了flag3.txt文件,查看发现可能是aes加密,但是要密钥才能解

img

1
U2FsdGVkX18M+E34cKJlmTU3uo1lHqjUQhKPTBGJiMjg4RWX6saTjOJmLU86538e

根据提示要看注册表,那就用vol3看一下注册表(比赛时候看过,但没看到密钥

1
python3 vol.py -f dacong.raw windows.registry.printkey 

img

得到密钥:d@@Coong_LiiKEE_F0r3NsIc,去解aes

img

得到第三段flag:dAc0Ng_SIst3Rs????}

随后在documents的文件夹下发现secret.rar文件,但是用rstudio直接恢复有问题

img

用vol3恢复

先用命令找到这个文件的地址

1
python3 vol.py -f dacong.raw windows.filescan | grep "secret.rar"

找到了该文件的地址

img

接下来提取文件

1
python3 vol.py -f dacong.raw windows.dumpfiles --virtaddr="0xe00079b15f20"

img

将提取出来的文件拖到真实机分析,打开发现很多空白字符

img

img

典型的snow隐写,找到解密工具

img

得到第二段flag:_tHE_Dddd

最后看到镜像文件下还有很多音频

img

经过排查,发现39号音频存在sstv隐写,提取出来(rstudio因为是演示版,不能提取大文件,所以用vol3提取,方法和之前一样

img

到本机上用sstv软件解密

img

得到第一段flag:flag{Ar3_Th3Y

最后拼接成完整flag:flag{Ar3_Th3Y_tHE_DddddAc0Ng_SIst3Rs????}

疯狂的麦克斯

题目附件:📎1701092829310775cedd308d2b11ee901f00163e0447d0.zip

html文件可以看到

img

docx提取出MKS IM麦克斯.txt

img

最后一句话,凯撒一下得到thisismksdoyouknowwhoami

然后html文件存在零宽

img

得到称号mks007

然后写个脚本跑就完事

img

真奇怪,一会要加一会不加,做不了一点

复现:

打开附件,发现一系列的文件,首先把word的后缀改为zip,解压之后得到一个txt文件

img

打开之后

img

发现最后一串可以的密文,去大厨解密一下

img

rot13偏移22得到一串有意义的明文,把上面的列表按相同情况进行解密

img

将结果保存到一个txt文件,用python读取这个txt文件,然后生成一个密码字典,再用字典去爆破压缩包的密码

img

得到密码去解密

img

得到flag

D0g3{Th1s_REA11Y_MAX_F1A4_GGB0ND}

Nihada

📎Nahida.zip

img

看结尾,发现是jpg16进制倒置

1
2
3
4
5
6
7
with open("Nahida!","rb") as file:
line=file.read()
output=line.hex()

with open("result.txt","w") as file1:
output=output[::-1]
file1.write(output)

out1.txt内容放到cyberchef导出图片

img

拉到最后发现有多余的数据

img

反复提到眼睛,猜测silenteye。密码是题目名img

d0g3{Nahida_is_the_best_in_the_world!}

dacongのsecret

得到一张图和一个zip文件,zip要密码,所以先分析图,这边用了java单图盲水印

得到

img

得到密码d@C0ng 1s cUt3!!!

去解密zip文件,用010打开图片查看,发现图片结尾是压缩包16进制的逆序

img

老样子,去写脚本逆序

1
2
a="00000000C0E70000001600100010000000006050B40510ADC0A8DB0822A310ADD038C72C6B1510ADC0CC45AB6D1C0081001000000000000200A0478747E2F616D676E6F686F61696870000000000000002000000000000004200F00000A1960000C0150A82CFD275160BF800800010004100F32010B405CF7A81A718B0312B459ED17A9A3D96B55A319AFC00EA61407AACC0DACF9BFE69BAA50BEB01749BB946EE0BB1935A27E775DCB7BCE609E612FE7B3EBA4C45492E4425DE06A08F5622AF377FFE8B005EAE1AD587F4A994B923507F0DF579EE4BD4CA5BFA9A49980D2C815FE03964C7F7DD2C4F677939115A2E1C1C659E8DA8CBFD763D9B8FC35B2210263A77936653FD335BE82E18E8225D240DE08B4BD0F0430594A35CEC041AA9CEAD2D5691CB7FB94BFEDB2C1C20FA9809F69AB83ADF88B1419A69007B963490E3B2B476C7094334375C2D9B06E8BA6E7CFBED8EC8E6D894F0BA2968C4A09707FA7BD689C88F19D6D533D3BC1086AEFBC746E8FE15A03ABAB267CFFA7E324BCFF35ADF8D73C404B4FA9A145AEEA12F0FEEBA63744A0A104DBEDF3CACD8ABCAE075669395CB725B4783B77748AF49D8A6E13E770BF8EB8905016C52C948995CF925812EC72DB96621F63F624421FA0EFA8A2E6C0E7C2C9ABA5C54A9C9EC672825C0855AE67540B4D29DD6E1B7C2D89E5777A0FED58E5FFBD8E7ACBE5F180F392936A7BB076D99BC163201EB8471015A64BDBE7E21FCEDFFC01685FA44DA3209E89ECD8FF4269057C8DF95F2AF53536C3FF7839E0A5F9A381CBFC49DADEE54085A88B4F4867B992B9E48F6DA2EE8F86D92246A8DECC8ED9260E24C6E525A2B8452A72254A07E4542CE50DFD8AA3BD68C8F4159B48756130A0B76DD297E7983B9F29D9D63B8FC0A430F4C025B8AC11C088F1085DB2CB4C7AD22DF67E4817E10C671225D27017373FCD0FAF834BED6015B8CA7C800E10258C45FF38FA78B7AC1E5AFCCB215924B1D59C4A1FF006C877E48246DBB99CECFDDE2D064D8308E9E35371D5820D79A6CBDD0C44F813C0A4B68F3F8DF8722940F9FC53ECC404E4B7FEFFE230374F3468AD913612025D3FE81E318113EFA09BD46AFA81BAED521F11BCE74D1643755719F1DC61074A0427F0D36C6FA92A9881BF01816A69A80F143B97B71BBC4DBA8BC7721881DC472EBF9EFF4074A5DCED654CACB77D0F91B9B36120A7403BE5CAD423EAB364FF9F46E64969B3CFAFE23A1373252CAAF314B3691EBBB305EC6C57D0F5A11C778336F9CDF23AA0D85CD8285ACF6D23E4839C1019248295C543E8DD396851DAC740EC1DE7937BFD8423B6E96C366C8455300D7D3CB672E1029F5433ABC57F99C3B33290FC4F0D1342E8355D48AB22C4527DC8106B805F2CCBE94A3FFB3AEA3AE087F3EA870ECA9BE766168F23C8FC5AEE98A5073DBDE71610EE4D85D8FE112DEE095279F5058A90BB2214FCEEF21490F4BF18E5825C809D9E11DFAB2CF9FDC273D22EFCA773157A7E37C580D484ECF55EB55AA53DA583832BCE7B488017BA00654A6FAF0834AD63FEC663FBDA566174E71E56089DB273619CD98F3143983C6177ADA39E01913C0668BE8EB58F99A61BC2AA124149FEAF388A3C6A5602431069D5094CD4EDD9DD1FE6CE3030966F153F9E1C0F3D3768A2D638768DEA111592818E9A2DD21A6E6DEB407AA8A4F263B8B5EBF5C279EDAE733E8054AFF979ED4085C0FFD3132D9640AFB982893F951EB3D61439C79D658B822ABC671472656F3DA1613AA45C2822BE993AA4ADC06007A23C3BF0C4EDE8499BBD8F29AEDA1D4968F58AAECEC8B1E8DEE0DF7D40926E3FDD2C3763C15F07BDA10105D37B7543FB13665B6C02F82DD4B289129EB9A487F49837DC24C9316CA938AF05D24A2801384CCE468B08B8F18017C1A11F0AB146E5D8B4A4F6981C19E1C55B25EEE6BF1A08D1322389619A1AEE019C0AB6ACA3D698732DED2F2758F3CA079F30EBD2A7CF7032A3A8DC79143552130F00BA8324B002FC96E6457C1A67C6CB8A6EAF6928A3D6573E90503F26BED9CD710EE32C17DB83933C13C63ED6E8C1036D0FD656433C0C840AEF95BA06C6ECE2A99D02D1EE8C342CE3219C5AA5B1EBBCE7ABFFC070BADE287B15FD99E77B211BC751D3534011329F0897821EA53FC0A268FA628489F05413087C08347C09F92A267EDDB4DC7DB168CB36C4F9FB9CA66F29A4EA2D38C589518968D09ED076FE3059084E13FA08882994BDEB019E49A5AF83FBA4E5A9707A58F0B20C2D1670B21CBDBF990C40B2EA05B36BF71478D659EAF019F96E85E8A8CD7BD92455BAFF0E8F37F391836FE99C78C6EB890BF22311192E8339EF7996DEB333BE282DAC05A196ED0EA74012DF934296E5959199AF229E372D471BAAD061FAAB868E5F4646B30A36A9FC9EBD1C6DF7B5F0821A54BA40C9AEFA49F651F519C46DEAAECF2644898F7E9EFE704AB3E5F640991AB2FA1E8F7ECFCABC006E5DFDB73AB6535B0A83B42B18490FD5FC4C0A7F137FBA3BA53E226F59F2680C8CF18BEF81CCC3B188D1805A2CF59A5031949C47F844499E193D44DD6D0C0D0D9A2EF49B8DADEF3EB2B09F1FE5F0CDEB8E920ED30763C3F3AFF924620BF54C1D953CC50EDB0DEF9E08279ACFDE61186EA3E9A892548F6342857F9E3F652FB0F92E74E27665FB66AFCF7BA4392953A16ED3EF68D4D187713578951C36BE3B40691F2D32A7C10D47423F98142AB3F34E88EA949FF8F4B6C9A454FAA3CA7A3F54498265EE74FA09A79894D7DF388979F3B606CEC80D790339E97F1EA0140DCBDAF18640F3BBFF39A748D200137B2A99E2021A8D40D5EAF9655D64F0077342045EF56478A4F55418208175927CA44F314DD6414B14EE957B9936144D1580D4209D8D06270E411C28AE5C1AFC108857412B35DEEC0DC9D5009A8582A9DC91BA7769692BE4AE2B42A43765470B1BC3FDE7357094C4881F960A66CF08C35309B06B9427277E0AD32630F52B67A82535D5924C82AC9BC1542FB9A6B36E2B7219B39062E0A5F15D29D3DA48113243AEC89B733C9C85F5C8830524A49A6F0EE01495D4224EF3D4991014314C68025F215313BB9BFD9AA37E38280248BBD3712DF02B404C20749966C1D4D1CE209A8A181E74DF049323C1F309D9F3EF07CCB6EF9CB96369B113CAD3F089A45A0D67F8ECD4EC8E23FC8A28E5ECAA3DF7A661F7B95CCE98AC08DDACD4CFE3727AA4B3D7C64979FAB4B6C3E6C08FEA1E83B01E69D11A9A98C5B11F9AB5724B917011A99E1B2A5C9DEEE49A523B98E9EF128A9DB750ED88A3C92C36B2B95F3B5402DA24A2B798540501CCD4839548E7786318212AFB0BA28031F2CF8A314BB579028DF562A156AFA26D4102DAA04F003FBF0796E3282739A72A14A6145B47F6C44AAE275A1B4764FC62BE3D93644D4BBA66AF962C047B7134F832D6BFB394D76DB85C08D34E3FD556EBB43DA4E78CB0DC74DBADA24F545632B25E33DCD02C5ADD5B17FB311AD6D297992425B693D7613FB9AA62D2A3DDD93433197076171FE7162FC6257A75F4C0964308A0A25D4F87854A7F33EA5102409F3139ECD2130E17DCF770C41D420F3EB43F1CB55B1438A3AB505E953657C01A1A07D3B12CB331F6765F113E37F008AF862A10F196EC95AC3F663234213655994EE94317BB3A52D79A02C2E04894093BE1D07EC797CC510B94397015118685AE8603BAB90732C0E93D4AE3AB215A70067361424E026706567EAE300C48FABB696B2D99B1617219EA3A2574EAED6896F1794CD43E120173012F0ACCFBB7C23A8B3F14F56431D884FB548B807A2BBCCC5D3C6032D262508B6FF2354876B65785F24685075BF72DAB729F2D2A6BFE226D1BF4371291FE31B4128B93F3724950CB8852DA102F739A869A75B7EF124602BDCCFC97D81FB8E8407D0BC2ACA8D3B1F690B979A1770D985AAB7F038C8478880233D38495E38A386F7A7ACAC29D824C55C1265E0520A246839CF43881C5BC6FB1349500E50934E2E7DCEF0C75C43E317EFD0F20FDB6FDC099E7570E69CB86FEA71AF3BFA589C543573A0A6E774E6C3EF3200C0DFABEA56A51D3BB193968AD0E372FA91881ACAF71D050090FB516D6DA5EF6CDD921285F59E05895BFACFDCAC7367F6CFB944B82A74B9345604582F1190C2ADE7257797EDAC8E0D34759C8EFDA65901869E6FD58A7EB12BF4F05DC6301F1B02478D43A7267CAADFB07D0E264EB1245260C0209CED95578C432CFBB3857E8085480B3C2430EFAF95F19FF4C0403F07D75154715118C59BB8143DBBAC7D243D7A1A2814D217190AD191FCC4C4843298C930A82B30C5073D10E1570544217380E9D42D3EAD1ED15FE2979B8236513E717B459C37AF20C22B860DF25A56607C7821710BDCBCB7FCFF68A6261F98998BD45F6BE9073BC4A6ED7C829A857FDB3E53DAE5CF854ED8EDD8C043C5F55BF71DC4A3DC6605A5097C922746BEDD1A7152A656F99B7DCCE26493967090A6535510DB0B780DD864D2D0A0F6E911CD09D2FF34EF61B44D67A6B9AA274299C63073333E056B2D9736714A9BCD922413A5052221E8E2E230F90851404B9537363C7555EFE84796DBBC533404BB4599EBC8403EDA762393631F5B64710A4FF84E478747E2F616D676E6F686F6169687000000F00000A1960000C0150A82CFD275160BF80080001000414030B405"
print(a[::-1])

img

去大厨解密得到

img

解压压缩包发现又要密码,再去之前的第一张图片那里看看

众所周知,png的IDAT块是要存满了才会接着存下面的IDAT块

img

可以看到下面两个的IDAT块都没有满,所以一定有一个IDAT块多余的,我们把最后一个多余的IDAT块拿出来加上png的格式(其实只要在原来的png文件上删除其它的IDAT块只留最后一个就行,然后爆破一下宽高

img

得到key:wH1T3_r0cckEt_sh00ter

img

去解密压缩包,得到

img

一眼base64隐写,再去解密用puzzlesolver

img

得到pass{m1ku_1s_sha_fufu123},因为看到pass想到jphs解密要用pass所以

去用jphs解密第二张jpg的图片,得到

img

flag{d@C0ng_1s_r3@lIy_Re@iLY_Cute}


安洵杯MISC
http://www.qetx.top/posts/2371/
作者
Qetx.Jul.27
发布于
2023年12月26日
许可协议