攻防世界刷题日记(3)

告诉你个秘密

题目给了个txt文件,内容如下

636A56355279427363446C4A49454A7154534230526D6843
56445A31614342354E326C4B4946467A5769426961453067

开始MD5尝试了下,啥也没的,然后尝试十六进制转字符串

cjV5RyBscDlJIEJqTSB0RmhC
VDZ1aCB5N2lKIFFzWiBiaE0g

嗯哼,像个base64

r5yG lp9I BjM tFhBT6uh y7iJ QsZ bhM 

然后观察键盘,每组围着一个字母,所以拼出来是:TONGYUAN

Broadcast

题目描述:粗心的Alice在制作密码的时候,把明文留下来,聪明的你能快速找出来吗?

给了个压缩包,打开如下

36.png

习惯性看了眼脚本,嘿嘿,就这么出来了

37.png

cr3-what-is-this-encryption

题目描述:Fady同学以为你是菜鸟,不怕你看到他发的东西。他以明文形式将下面这些东西发给了他的朋友 p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9 q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307 e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41 c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520 他严重低估了我们的解密能力

看一眼就是rsa加密,利用脚本解出

import libnum
from Crypto.Util.number import long_to_bytes

c = 0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520

e = int("0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41",16)

q = int("0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9",16)
p = int("0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307",16)
n = q*p

d = libnum.invmod(e, (p - 1) * (q - 1))
m = pow(c, d, n)   # m 的十进制形式
string = long_to_bytes(m)  # m明文
print(string)  

flag_in_your_hand1

给了一个js一个html文件,看了眼js源码发现ic返回值为true即可。

即token里填的是a数列里的每位数减3,转换 ascii码得到的字符,输入后得到flag

38.png

39.png

工业协议分析2

题目描述:在进行工业企业检查评估工作中,发现了疑似感染恶意软件的上位机。现已提取出上位机通信流量,尝试分析出异常点,获取FLAG。 flag形式为 flag{}

对流量的包长度排序后发现,有几个包特别突出,然后在131,137长度的包中发现异常字符串

40.png

取出进行ASCII转换得到flag

sherlock

文件里写的像是台词,毫无头绪,还是看到大佬的wp做出来的

41.png

可以看到时不时有些字母是大写的,于是对其进行过滤,这里又学到了一手

cat f590c0f99c014b01a5ab8b611b46c57c.txt | grep -Eo '[A-Z]'| tr -d '\n'

然后得到

ZEROONEZEROZEROZEROZEROONEZEROZEROONEZEROZEROONEZEROZEROONEZEROONEZEROONEZEROONEZEROZEROZEROONEZEROONEZEROZEROONEONEZEROONEZEROZEROZEROZEROONEONEZEROONEZEROONEZEROONEZEROZEROZEROONEZEROZEROZEROONEONEZEROZEROONEONEONEONEZEROONEONEZEROONEONEZEROONEZEROZEROZEROZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROZEROONEZEROZEROZEROZEROONEONEZEROZEROONEONEZEROONEZEROONEONEONEONEONEZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROONEONEONEZEROZEROONEZEROONEONEONEONEONEZEROONEONEONEZEROZEROZEROZEROZEROONEONEZEROONEONEZEROZEROZEROZEROONEONEZEROONEZEROZEROZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROONEONEONEZEROZEROONEZEROONEONEONEONEONEZEROZEROONEONEZEROONEZEROONEZEROZEROONEONEZEROZEROZEROONEZEROZEROONEONEZEROONEONEONEZEROZEROONEONEZEROZEROONEONEZEROONEONEONEONEONEZEROONE

可以看到是由0和1组成的

转文本得到:BITSCTF{h1d3_1n_pl41n_5173}

你猜猜

给了个文本文件,内容如下
504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000

这很明显的zip呀,然后就给他扔hxd报存为zip文件,发现需要密码,开始我CRC爆破来着,没出来,然后试了一下弱口令123456还真打开了

wtc_rsa_bbq

压缩包里是无后缀文件,HXD查看查看发现是压缩包,然后改后缀打开得到如下文件

42.png

然后用工具解密得到flag

python3 RsaCtfTool.py --publickey ~/Desktop/key.pem --uncipherfile ~/Desktop/cipher.bin

工业协议分析1

题目描述:工业网络中存在异常,尝试通过分析PCAP流量包,分析出流量数据中的异常点,并拿到FLAG。flag形式为 flag{}

首先上来先ctrl+f找一下flag

43.png

虽然发现了个flag.txt但是binwalk也没分离出来东西,于是转身看WP

对流量包进行关键字(jpg、png、zip、rar、flag)搜索,查看是否存在其他的文件

grep "flag" -a test.pacp
grep ".zip" -a test.pacp
grep ".jpg" -a test.pacp
grep ".png" -a test.pacp

最后发现了png文件的base64编码

转图片得到flag

44.png

工控安全取证

题目描述:有黑客入侵工控设备后在内网发起了大量扫描,而且扫描次数不止一次。 请分析日志,指出对方第4次发起扫描时的数据包的编号,flag形式为 flag{}

拿到是log文件,先改名为pcapng

然后打开,考虑到是找第四次扫描,所以先对其进行时间排序,查看ICMP协议,很明显四次攻击

45.png

对最后几个包的序号尝试,最终拿到flag

  • 版权声明: 本博客所有文章除特别声明外,均采用 Apache License 2.0 许可协议。转载请注明出处!
  • © 2020 丰年de博客

请我喝杯咖啡吧~

支付宝
微信