每周刷题3.28

每周刷题3.28

[UTCTF2020]file header

用010打开看一下

明显缺少文件头，通过题目名也可以看出来，下载下来的事png图片，所以把文件头改成png格式


所以flag{3lit3_h4ck3r}

[GKCTF 2021]excel 骚操作

打开是一个表格形式的文件，感觉像那种word隐藏

随便点两下，发现有的表格里是1，所以我们把1显示出来
全选之后右键->设置单元格格式


看一下类似于二维码，所以把所有的1标黑

ctrl+f 将1替换

有微信扫了一下，扫不出来东西，后来才知道是汉信码，在手机下一个中国编码APP

flag{9ee0cb62-f443-4a72-e9a3-43c0b910757e}

[UTCTF2020]File Carving

把图片放到kali中binwalk


看到压缩包里有一个hidden_binary用file分析一下

看见是ELF所以执行./hidden_binary

utflag{2fbe9adc2ad89c71da48cabe90a121c0}

我爱Linux

用010打开看FF D9后面明显不是文件，导出来

没思路了，看了一下别人的wp
说是Python Picke序列化内容

import pickle  fp = open(&#","rb+")
fw = open(&#', 'w')
a=pickle.load(fp)
pickle=str(a)
fw.write( pickle )
fw.close()
fp.close()

运行出来

一个坐标的txt

fw = open(&#","r")
text&#ad( )
i=0
a=0while i<len(text)+1:if(text[i]==']'):print('n')a=0elif(text[i]=='('):if(text[i+2]==','):b=text[i+1]d=text[i+1]b=int(b)-int(a)c=1while c<b:print(" ", end="")c += 1print(text[i+5], end="")a=int(d)else:b=text[i+1]+text[i+2]d=text[i+1]+text[i+2]b=int(b)-int(a)c=1while c<b:print(" ", end="")c += 1print(text[i+6], end="")a=int(d)i +=1

再利用脚本

以此类推得到flag{a273fdedf3d746e97db9086ebbb195d6}

[羊城杯 2020]signin

解码都试了，没有思路看了别人的wp也是懵的

.pdf

cipherdic = {'M':'ACEG','R':'ADEG','K':'BCEG','S':'BDEG','A':'ACEH','B':'ADEH','L':'BCEH','U':'BDEH','D':'ACEI','C':'ADEI','N':'BCEI','V':'BDEI','H':'ACFG','F':'ADFG','O':'BCFG','W':'BDFG','T':'ACFH','G':'ADFH','P':'BCFH','X':'BDFH','E':'ACFI','I':'ADFI','Q':'BCFI','Y':'BDFI'}
ciphertext = ''
with open(&#','r') as f:f = f.read()for i in range(0,len(f),4):block = f[i:i+4]for j in cipherdic:if block == cipherdic[j]:ciphertext += j#print('{}: {}'.format(block,j))
print(ciphertext)

运行得到

LDVUUCMEXMLQSSFUSXKEOCCG

在执行脚本

ciphertext = 'LDVUUCMEXMLQSSFUSXKEOCCG'original_list = ['M','R','K','S','A','B','L','U','D','C','N','V','H','F','O','W','T','G','P','X','E','I','Q','Y']
reversed_list = original_list[::-1]flag = ''
for char in ciphertext:for olist in original_list:if char == olist:oindex = original_list.index(olist)flag += reversed_list[oindex]flag = place('GWHT','GWHT{')
flag = place('COOL','COOL}')
print(flag)

得到flag{TOYSAYGREENTEAISCOOL}（这道题做到最后还是不会）

[WMCTF2020]行为艺术

用010打开png发现被修改高了，改过来之后

把图片信息提取出来

504B0304140000000800DB93C55086A3
9007D8000000DF01000008000000666C
61672E74787475504B0E823010DD9370
8771DDCCB0270D5BBD0371815A9148AC
6951C2ED9D271F89C62E2693D7F76BB7
DE9FC80D2E6E68E782A326D2E01F81CE
6D55E76972E9BA7BCCB3ACEF7B89F7B6
E90EA16A6EE2439D45179ECDD1C5CCFB
6B9AA489C1218C92B898779D765FCCBB
58CC920B6662C5F91749931132258F32
BBA7C288C5AE103133106608409DAC41
9F77241A3412907814AB7A922106B8DE
D0D25AEC8A634929025C46A33FE5A1D3
167A100323B1ABEE4A7A0708413A19E1
7718165F5D3E73D577798E36D5144B66
315AAE315078F5E51A29246AF402504B
01021F00140009000800DB93C55086A3
9007D8000000DF010000080024000000
000000002000000000000000666C6167
2E7478740A0020000000000001001800
4A0A9A64243BD601F9D8AB39243BD601
2D00CA13223BD601504B050600000000
010001005A000000FE00000000000000

保存为flag.zip压缩包

import binasciis = '504B0304140000000800DB93C55086A3' '9007D8000000DF01000008000000666C' '61672E74787475504B0E823010DD9370' '8771DDCCB0270D5BBD0371815A9148AC' '6951C2ED9D271F89C62E2693D7F76BB7' 'DE9FC80D2E6E68E782A326D2E01F81CE' '6D55E76972E9BA7BCCB3ACEF7B89F7B6' 'E90EA16A6EE2439D45179ECDD1C5CCFB' '6B9AA489C1218C92B898779D765FCCBB' '58CC920B6662C5F91749931132258F32' 'BBA7C288C5AE103133106608409DAC41' '9F77241A3412907814AB7A922106B8DE' 'D0D25AEC8A634929025C46A33FE5A1D3' '167A100323B1ABEE4A7A0708413A19E1' '7718165F5D3E73D577798E36D5144B66' '315AAE315078F5E51A29246AF402504B' '01021F00140009000800DB93C55086A3' '9007D8000000DF010000080024000000' '000000002000000000000000666C6167' '2E7478740A0020000000000001001800' '4A0A9A64243BD601F9D8AB39243BD601' '2D00CA13223BD601504B050600000000' '010001005A000000FE00000000000000'with open('flag.zip', 'wb') as f:f.write(binascii.unhexlify(s))

解压出来一个txt

对下面那串字符串解密地址选择Brainfuck to text

得到flagWMCTF{wai_bi_baaaa_bo!2333~~~}