全靠队友带飞。拿了省一
这里对赛中的部分Misc题进行一个简单的复盘
初赛
Easy_Cipher
题目如下:
1
|
["Kln/qZwlOsux+b/Gv0WsxkOec5E70dNhvczSLFs+0pkHaovEOBqUApBGBDBUrH08。RUNCIDAgMTI4IHNpeCBudW1iZXJz","Kln/qZwlOsux+b/Gv0WsxkOec5E70dNhvczSLFs+0pkHaovEOBqUApBGBDBUrH08"]
|
把中间的那段密文base64解码可以得到
1
2
|
RUNCIDAgMTI4IHNpeCBudW1iZXJz
ECB 0 128 six numbers
|
因此写个Python脚本爆破一下AES-ECB模式的密钥即可
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
import base64
from Crypto.Cipher import AES
def aes_decrypt(data, key):
key = key.encode('utf-8')+b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
# print(key)
cipher = AES.new(key, AES.MODE_ECB)
decrypted = cipher.decrypt(base64.b64decode(data))
return decrypted
if __name__ == "__main__":
data = 'Kln/qZwlOsux+b/Gv0WsxkOec5E70dNhvczSLFs+0pkHaovEOBqUApBGBDBUrH08'
for i in range(100000,999999):
key = str(i)
res = aes_decrypt(data=data,key=key)
res = str(res)
if 'flag' in res or 'DASCTF' in res:
print(f"key:{key}")
print(f"flag:{res}")
break
#key:515764
#flag:b'DASCTF{W0w_Y0u_Succ3s5ful1y_Cr4ck_Th1s_C1ph3r}\x00\x00'
|
Steins_Gate
解法一:根据像素点还原原图
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
from PIL import Image
def get_pixel():
img = Image.open('Steins_Gate.png')
width, height = img.size
pixel = img.load()
target_data = []
# 从行开始取
for i in range(0, width, 16):
# 从列开始取
for j in range(0, height, 16):
# 统计每个区块的像素
dic = {}
for x in range(i, i+16):
for y in range(j, j+16):
r, g, b = pixel[x, y]
if (r, g, b) in dic:
dic[(r, g, b)] += 1
else:
dic[(r, g, b)] = 1
# sorted_data = sorted(dic.items(), key=lambda x: x[1], reverse=True)
# print(sorted_data)
# return 0
# 按照字典中值来进行排序
sorted_data = sorted(dic.items(), key=lambda x: x[1], reverse=True)
if sorted_data[0][0] != (211, 211, 211):
target_pixel = sorted_data[0][0]
else:
target_pixel = sorted_data[1][0]
target_data.append(target_pixel)
return target_data
def fix_image(width, height, target_data):
# 创建一个新的图像对象
img1 = Image.new("RGB", (width, height))
for i in range(width):
for j in range(height):
index = i * height + j
target_pixel = target_data[index]
img1.putpixel((i, j), target_pixel)
img1.show()
img1.save("fixed.png")
if __name__ == "__main__":
target_data = get_pixel()
img = Image.open('Steins_Gate.png')
width, height = img.size
width = width // 16
height = height // 16
fix_image(width, height, target_data)
|
解法二:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
from PIL import Image
import libnum
import base64
def get_data():
res = []
base64_data = ''
img = Image.open('Steins_Gate.png')
f=open('lsb_low.txt','wb')
width,height=img.size
for i in range(6,height,16):
try:
bins = ""
for j in range(2,width,16):
tmp = img.getpixel((j,i))
# 将每个通道的最低位(即最不重要的位)提取出来,并将其转换为字符串
bins += str(tmp[0] & 1) + str(tmp[1] & 1) + str(tmp[2] & 1)
# 将二进制字符串bins转换为字节数据data
data = libnum.b2s(bins)
data = data[:data.index(b"==")+2]
# print(data)
res.append(data.decode())
# print(res)
except:
break
base64_data = '\n'.join([item for item in res])
# print(base64_data) # 这里的base64_data可以转为一张jpg图片
return res
def decode_base64_steg(data):
bin_str = ''
b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
for stegb64 in data:
rowb64 = str(base64.b64encode(base64.b64decode(stegb64)), "utf-8").strip("\n")
offset = abs(b64chars.index(stegb64.replace('=', '')[-1]) - b64chars.index(rowb64.replace('=', '')[-1]))
equalnum = stegb64.count('=') # no equalnum no offset
if equalnum:
bin_str += bin(offset)[2:].zfill(equalnum * 2)
print(''.join([chr(int(bin_str[i:i + 8], 2)) for i in range(0, len(bin_str), 8)])) # 8位一组
if __name__ == "__main__":
data = get_data()
res = decode_base64_steg(data)
# DuDuLu~T0_Ch3@t_THe_w0r1d
|
1
2
3
4
5
6
7
|
$ outguess -k 'DuDuLu~T0_Ch3@t_THe_w0r1d' -r flag.jpg flag.txt
Reading flag.jpg....
Extracting usable bits: 67087 bits
Steg retrieve: seed: 65, len: 40
$ cat flag.txt
DASCTF{699948e3ae1195f819b23b759684ac8e}
|
决赛
蝎子
Byxs20出的题,给了一个冰蝎webshell流量,最后一步套了一个光栅
最后是卡在了光栅上,没有解出来,这里就贴一下解光栅的脚本吧
1
2
3
4
5
6
7
8
9
|
from PIL import Image
import numpy as np
img = np.array(Image.open('flag.png'))
print(img.shape)
for i in range(5):
z = np.zeros_like(img)
z[:, i::5, :] = img[:, i::5, :]
Image.fromarray(z).show()
|