Bootstrap

2024国城杯-misc

Just_F0r3n51Cs

flag被分为4份藏在了这台计算机中,从哪入手呢?先从beginning开始吧

直接搜索beginning

导出来

tcp流3有一张图片

提取出来

尾部有一串base64

b3Vyc2VjcmV0IGlzIEQwZzN4R0M=

oursecret is D0g3xGC

提取出文件来

文件内容

ECB's key is
N11c3TrYY6666111
记得给我秋秋空间点赞

找到了QQ号:293519770

5e19e708fa1a2c98d19b1a92ebe9c790d85d76d96a6f32ec81c59417595b73ad

flag1:

D0g3xGC{Y0u_

搜索flag,搜到了flag4

提取出来

放进云沙盒

样本使用了PyInstaller打包器

用pyinstxtractor解包就行

python pyinstxtractor-ng.py enc_png.exe

出来个pyc文件

pyc反编译 - 爱资料工具

python反编译一下

# uncompyle6 version 3.9.1
# Python bytecode version base 3.8.0 (3413)
# Decompiled from: Python 3.9.6 (default, Jun 27 2024, 17:58:20) 
# [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
# Embedded file name: enc_png.py


def xor_encrypt(data, key):
    encrypted_data = bytearray()
    for i in range(len(data)):
        encrypted_data.append(data[i] ^ key[i % len(key)])
    else:
        return encrypted_data


def read_file(file_path):
    with open(file_path, "rb") as file:
        data = file.read()
    return data


def write_file(file_path, data):
    with open(file_path, "wb") as file:
        file.write(data)


def encrypt_file(input_file_path, output_file_path, key):
    data = read_file(input_file_path)
    encrypted_data = xor_encrypt(data, key)
    write_file(output_file_path, encrypted_data)


if __name__ == "__main__":
    key = b'GCcup_wAngwaNg!!'
    input_file = "flag4.png"
    encrypted_file = "flag4_encrypted.bin"
    encrypt_file(input_file, encrypted_file, key)

# okay decompiling /tmp/toolnb/f06dc0ed345bfd8de2bf550e183d7ce9/main.pyc

写一个解密脚本

exp:

def xor_decrypt(encrypted_data, key):
    decrypted_data = bytearray()
    for i in range(len(encrypted_data)):
        decrypted_data.append(encrypted_data[i] ^ key[i % len(key)])
    return decrypted_data

def read_file(file_path):
    with open(file_path, 'rb') as file:
        data = file.read()
    return data

def write_file(file_path, data):
    with open(file_path, 'wb') as file:
        file.write(data)

def decrypt_file(input_file_path, output_file_path, key):
    encrypted_data = read_file(input_file_path)
    decrypted_data = xor_decrypt(encrypted_data, key)
    write_file(output_file_path, decrypted_data)

if __name__ == '__main__':
    key = b'GCcup_wAngwaNg!!'
    encrypted_file = 'flag4_encrypted.bin'
    decrypted_file = 'flag4_decrypted.png'
    decrypt_file(encrypted_file, decrypted_file, key)

flag4:

F0R3N51c5_Ch4Ll3N93}

还有一个Original.zip的文件

导出来

1、计算机用户D0g3xGC登录时的密码(答案格式:a123456+)

qwe123!@#

2、账号[email protected]登录otterctf网站时的密码(答案格式:PA55word)

Y0u_f1Nd^_^m3_233

最终压缩包密码格式:qwe123!@#_Y0u_f1Nd^_^m3_233

这张图片和压缩包中的图片是一样的

找到项目

GitHub - Konano/CatWatermark

python decode.py Original.png CatWatermark_666.png extracted_watermark.png 6 6 6

flag3:

F1N4L_s3CR3t_0F_Th15_

这个地方发现一个压缩包,伪装的。。。。。。

导出来

1、计算机注册时设置的用户名(答案格式:Bo6)

D0g3xGC

2、计算机当前操作系统的产品名称,若有空格则用下划线代替(答案格式:Windows_Server_2016)

Windows_7_Ultimate

3、计算机当前安装的 Mozilla Firefox 浏览器的版本号,保留一位小数(答案格式:91.0)

115.0

最终压缩包密码:

D0g3xGC_Windows_7_Ultimate_115.0

flag2:

h4V3_f0und_7H3_

最终flag:
 

D0g3xGC{Y0u_h4V3_f0und_7H3_F1N4L_s3CR3t_0F_Th15_F0R3N51c5_Ch4Ll3N93}

Tr4ffIc_w1th_Ste90

视频文件

提取出来

得到压缩包密码:

!t15tH3^pAs5W#RD*f0RFL@9

encode.py

import numpy as np
import cv2
import sys
import random

def encode(input_image, output_image, seed):
    np.random.seed(seed)  
    to_hide = cv2.imread(input_image)
    
    if to_hide is None:
        print(f"Error: Unable to load image {input_image}")
        exit(1)
    
    to_hide_array = np.asarray(to_hide)

    row_indices = list(range(to_hide_array.shape[0]))
    col_indices = list(range(to_hide_array.shape[1]))

    np.random.shuffle(row_indices)
    np.random.shuffle(col_indices)

    to_hide_array = to_hide_array[row_indices, :]

    to_hide_array = to_hide_array[:, col_indices]

    gray = cv2.cvtColor(to_hide_array, cv2.COLOR_BGR2GRAY)
    cv2.imwrite(output_image, gray)
    print(f"Encoded image saved as {output_image}")

def main():
    if len(sys.argv) != 4:
        print('error! Please provide input image path, output image path, and seed as command-line arguments.')
        exit(1)
    
    input_image = sys.argv[1]
    output_image = sys.argv[2]
    seed = int(sys.argv[3])
    encode(input_image, output_image, seed)

if __name__ == '__main__':
    main()
#just 50 - 70

随机数50-70之间

ai写个解密脚本

import numpy as np
import cv2
import os

def decode_with_seed(input_image, output_image_prefix, seed):
    np.random.seed(seed)

    encoded = cv2.imread(input_image, cv2.IMREAD_GRAYSCALE)
    
    if encoded is None:
        print(f"Error: Unable to load image {input_image}")
        return False

    encoded_shape = encoded.shape
    row_indices = list(range(encoded_shape[0]))
    col_indices = list(range(encoded_shape[1]))

    np.random.shuffle(row_indices)
    np.random.shuffle(col_indices)

    row_reverse_map = [0] * len(row_indices)
    col_reverse_map = [0] * len(col_indices)

    for i, index in enumerate(row_indices):
        row_reverse_map[index] = i
    for i, index in enumerate(col_indices):
        col_reverse_map[index] = i

    restored_array = encoded[row_reverse_map, :]
    restored_array = restored_array[:, col_reverse_map]

    restored_color = cv2.cvtColor(restored_array, cv2.COLOR_GRAY2BGR)

    output_image = f"{output_image_prefix}_seed{seed}.png"
    cv2.imwrite(output_image, restored_color)
    print(f"Attempted decode with seed {seed}, saved as {output_image}")
    return True

def brute_force_decode(input_image, output_image_prefix, seed_range=(50, 70)):
    for seed in range(seed_range[0], seed_range[1]+1):
        success = decode_with_seed(input_image, output_image_prefix, seed)
        if not success:
            print(f"Failed to decode with seed {seed}")

if __name__ == '__main__':
    input_image = 'encoded.png'
    output_image_prefix = 'decoded_attempt'
    brute_force_decode(input_image, output_image_prefix)

随机数为63时得到 Data Matrix条码

在线阅读Data Matrix条码

在线解码网站

I randomly found a word list to encrypt the flag. I only remember that Wikipedia said this word list is similar to the NATO phonetic alphabet.

翻译:

我随机找到了一个单词列表来加密国旗。我只记得维基百科说这个单词表类似于北约拼音字母表。

crumpled chairlift freedom chisel island dashboard crucial kickoff crucial chairlift drifter classroom highchair cranky clamshell edict drainage fallout clamshell chatter chairlift goldfish chopper eyetooth endow chairlift edict eyetooth deadbolt fallout egghead chisel eyetooth cranky crucial deadbolt chatter chisel egghead chisel crumpled eyetooth clamshell deadbolt chatter chopper eyetooth classroom chairlift fallout drainage klaxon

在线网站解密:https://goto.pachanka.org/crypto/pgp-wordlist/

D0g3xGC{C0N9rA7ULa710n5_Y0U_HaV3_ACH13V3D_7H15_90aL}

也可以用上面的表

44 30 67 33 78 47 43 7B 43 30 4E 39 72 41 37 55 4C 61 37 31 30 6E 35 5F 59 30 55 5F 48 61 56 33 5F 41 43 48 31 33 56 33 44 5F 37 48 31 35 5F 39 30 61 4C 7D

得到16进制

D0g3xGC{C0N9rA7ULa710n5_Y0U_HaV3_ACH13V3D_7H15_90aL}

eZ_Steg0

zsteg 01.png

但没有完全显示出来

zsteg -E "b1,r,lsb,xy" 01.png > 1.txt
280624EA44E4549400000000CB2707F71961C44F70FF1B382100000000000000003B01C109000000000000005089084E0800000000000000C24C704200000000000000106602930200000000000000B013109C00000000000000009588E0840000000000000020CC042704000000000000006126302900000000000000003B01C109000000000000005089084E0800000000000000C24C704200000000000000106602930200000000000000B013109C00000000000000009588E0840000000000000020CC042704000000000000006126302900000000000000003B01C109000000000000005089084E0800000000000000C24C70420000000000000010668520840000000000000000D11FB50F061C1B3E2900000000000000003B01C109000000000000005089084E0800000000000000C24C704200000000000000106602930200000000000000B013109C00000000000000009588B0B370D946F13CB22D2F04CE0000000000003B01718E006A52EBDBA95E71B709B3000000000000C24CD04700C4408C47CC25779DF31D4EE40C0000000000B01310EF0891F2A54ECFE4C5CFDD082F74060000000000508908330B958017AE6F148DB4527DBD898E000000000000C066BC64CC653C4C0042210F08482300000020F37C8BF00A3B6148DF001066E2E833377B81E91F383D134B5E141BE57396ADC5CB807CE56C7B97157F2023B9FB346CCD69CC4F7B68D70429C0AD4EA0CF7F0522002061ABB7E1BB53E8BB241775AB5D9157235D47482E9B8964BFF6C9BC3944DBDF1F0C5B261580D99B12C9662EC87F11F04748621CA3B93112624DB837B57898C6BEDA01F4BD1BD2F6CD35844C024543B45A2C3CA1A9BE0457BE77AA137E056022ABE6BA91BB209287AD19BDA08B5DEB50CA05BF6ACEFE56CB348CBFA8FEDFEF889583C60DBF165ECA0C46772FA3AF976867335029BE3BECF8425CC648CEFFB3335CE163A29FDD0A58492B6088B573376716E98CCB7FE0E574AC115AC36F5A5A000E77A5626710A7A41FDDF55783FF9BAFACD7618B8AB03E9AEFCBAE88B3CD24C6A68C7E4EEBAEF15A1C8DCB70F9D1CB38612210066112C608EC55AC514C501F0EB7E3EF9F886C894E4C66B4B66CDA23D417808FD619C7163FE0C3427EEA61B101A2E36FDCC6373AD0F442CABD5E6CBA616B7D579950E3DDC80D1818FC2A62714B363EB5D9914917A6A62F2C18010BBD105E9AF88083B1A26E372467700EC285DC1C315D3EA6255F88F7E92AF8A909BF2F73846921FB1DED32C6018979EEB61F4BAC15BC1243DE85AC529BCE7DFCD163B1F0FB2E4C3CF39BF134AA9D05427A2A55E094738DD1EC6A040546D871B105265CCE8F1B615CAE5530ECC21AE68C7EEAB09C3BF4619E5C08A778886F4BC2864AACCC298F2E102653FABA4B17A32B57123FB4145E1BC4011D808FC92ED0EAE8ABB5F5383A9C9203D22F9EA2B8B170C57557D950E3DDB80B39A4A6637E34DA064B1001B875886C99696AC19206A9A89B647B63159D690CC8BD8FEACFFAF7BF7CF7A47EAB7FEEC67953601E9DEF9A7EDCB4FD0DBF16411DFDC56ACB8E5F3DDD8FF71750BBA18CB300533FFACBBFBD813C32EC2858767B66B39AC2ADCD129BD48862FDAA8E3E0D099B690DBDACC476EB6844134867541A2742B4BFA9F423F907B8885A49A1D2CAE1A790366E112A4CB6F9319DF63C8F176C0A399B1EE81E8FB43A691DB2918D5C0FE87B6FDB9F0F59045624BB818B2701CB2425FF73FFCAE2879EE0DC8AF66342B6ADF8E99AFB4FA5BEFDA0B73FB6DB2F99C2ACE72E5CB5B6F88076E8BD677BCA5534530BE6F2E8D74F926FCE55448EF1849BE3D5C77466AC3B5D94690CF7D8F4EBED0C573703A1AE3B6A143353F88054030A493B9BCEB1BA99EC650565FEA8FD3860D0F831F6B1354A731AE26BB576D823F441730C2C54DD9D69E61B0A808C77BFAB3CFED21F761D610B4DDB9F7C7305BF184B517021C675389632FE66CC2B1DB38C3E2CB4F5BBBBCC652412BD255209B510A5F309EBAEE6F3533F075E8BBC6B24016A3BC230A671FAB018954373CBCF559B139A8B29C316EA9B4530F65D6785E5780CD37D34669B252A1E434DF20FA8D8B84EC5F853CC8E1DF6343127B8E5A967A6CA731BFAC22757F27916C798E895A3BE90E9FA46C1A86C34F7A88324E11F57F387AEE2E482B843CC5F650271122C9FD68F96211FD5788879FDFD25B0918B874BE82D2201DA50B18857019B2D3BBA30D46E4CB035298817AC7911AA7CBC149082B23A507F33353FF0B66BD85C3BE88CA41139D9F91BA7F283EB4BB2B29A75BC26E9979817A2E662A42A4D4C7BDA2DB1F7E65C35E5CAB033CCEA11F8FFEF955DBA8A4DC1C4BAB009187191993BE88CB5F68EDB2A4DF995F5C28666AC7B6AABBBC09E31940BC224C6241E804A1D61B214805189A862D63EA6C48B6EC4119B8A022702515E70C115B2F7B17A0685E70C55DE016EA9727231FDC0D70CBCC52AF708A95ECBB111B3E054C0BC090F584632D1C8EAFC05FF63206EEB96BBB1EDAABFAE225F4EADE350567D3C170F454378045DCE9E265C76501CA65CE17BAEAB80E7B7B8C8536084F12D8E69C2DD61ABF97D4EA5EF7C8E1BB034F17782854C891D6B4492A38EF0049F325CC6879FE6E20D594B544C204CCEF3AD26BEFCFBE7E6F1C67249A9BC722DB37EC1BEC8C755D38F646388D4B5453E3EC1A76B2862323D16E5C966D4DBA8766355E9CDB44D6C8310A0A64B13B1F1B9A30E4452F5D2E45FAB85DAA2632F0F6B55541A69CDE34B0E8418F57B367AC5B670A55416B0117DD244ABA59BE88C24F934A76F975FAD7F84C33AD5DB19C727AC05E88CC54B3133F1F995BC138704B66C4D28539A3545BE078516A39C0F77B8CDBEDD7A7BFDC8312701AE3B729EA3ED8A8A2B2465DDCA8C49446A59C72A37DBBE7EB35B995E549D73287133DE672828045AAD0F9F1C80A1DBD15EDD55D947EFF118DD15E2BF46EFDE6D553D526084720178B7C16FCC366FF9244721F35548B8800314EA54ADD25F205DE90F56CF271160C4CE7D0F71938B8B3D8698E876F29A0DA77FE172F41BE285CE2FC614137C1ED45AE7959E59289C1701057E7766DE1FC7263B57579EC6B9954ABC900CA6046B931D98D0B9567451B1976DADC2AAB831D25BA47FB76D1E40EBDDB8AB4A38DA622246A3DC59369A4F490DA9C5ED1757335CA6C9AF6315A537B033B321A974C2B9906FB82E08722C31E5637A2EAB83B5D62B98C012B5FEDF7F5BECA2D84D43CEC5E6D2922749C3B6B02ACD9BF1D1A6967287BA6EF986C4E64D9F1B8176BC00EB46E5B1E463BD2EDF3DCFEF4E4CC4D73D99624CCDC08AA5FB55BD1616B61996A0499122650B19B742CCC3A1FDF113960E771D27E219195C8BB5E6A38C4554FD14B0194B048D2C4D0FB300792F44369B04354BF156A5FF7E9DA956061866AC5D13B4248D66B952B2FA462048D98B275B42846355F2B59B486A2DB4BFDDBD54551586FD1842737F9D6DFEACBFB659401ED7189EBC49A07224B2CCF1BAECE26386DAD28DE2DAB3A3EB1DE70CFFB9A3CECC0732533EA6E7699A4DBF210EB9C6AA329C2166BC89744BE36797988038F68206B466DC6DCAA4692451C73EDE90B8BD96C51AD85995F6139B541E0BFE7C01FDF37F62A2F09E44B236C7BB8D4DA1FB551DABBD11B3C24F7E9560571439410E6D7C74F588A24079216A13C68E16B67C2058882AE2B7F1721E0F244F32165888A100855F65479B2BB1E323150C951BE2CEE43DA92A826E9EAED576B2939726127B8872051DCBF8446AAAB860E99427E6BB920C29EBAD3EE0C9ABA7F46C04224752E23013E11CA6C12D6792367385A4FAB125357316A8469AFB1377D0C512EACFB2C6B4C39BD3FC38DB6223BEC1FCAD9CF5C3A77567A8A517AE3337B15257FEDC6C2A0FED5B1FC6887EDC5BB97311C0F842EBFC229FA3238A92E7BA2B288CBD3FD7DE053965E9E60CD7D3A869FFA2C63BA2AA55F07913B0BA9B954EBC29445E6E2E8F620ED14CD441C546428B592197720D2C7C4A405A5DAD700BA73859DB7406E6698A1BFC18766BA4BB1BB1E4A221A4301BB855CB1B01B5C329ABBD895EE312459952058A4DCC21F682272CE99844BF374ACF85535048718D7E6406E4483A17F6AE18A383C55A82603AA9AD3B514066CBD684DB8037F373EDECA2018EFC1BFC8756C9F23F054BE3D8BA6CE5904F739AC23A260E9F7D80313B50CA02B6AC93ED5F3FFF5A1B5E79A55F2B7AE55E7C67524C7049F7E26B8917BAD641ECA749DBAC4D5F48B91F7EEA7D16B905ACDF75F7ECAE23280182E61EF06580844FCA86B66494D386E24924AEA44F03BBD058276880C50849280FCCCFAA70EDEF8FDA31C6D690BD4BC62F5575CB4C6AFCC8A9C25780F09E3636B9D22386519EC6F8420A7C75AAFCCBCD8F5AD321884697525BE5266BA75231DEE5B3F954657A4C8A1B9B1D2382E4483ADF96A6E39E826D2A2C446F75B6130564B66C4D3D8D799116D2A4DAFD11D2F03AE6068D54E556967B8675C124D5532D89E4719E44FA89298A988D98FC11C46B17682F4952D8CACB45BD65FCCFAAF568542B6E421E563B3AA218B55FD5935CE6857E798053B40AA91C9011A75ACF4FCA32F734A8F28588EE84AB1AD568611A4901AB80B934990568BCEA406B9BC688DE8BBC1FFC03AA6D8DCA57BC933AE6742AC5B32C5CF7C91D4E79A23FC1531B556F88D532F0522BEC75A3F2657BA3439CB5EA26BF22BC492B3194D415DAA63B21DBCB678ECC8042E13D8D4E7A798D77436D1A6FF83AB648792CB573156E62340C2E1A1E991BBD356A4FFA992D72F3D63137B1E32B3622E36D632B1F35D6340CEA8A8C2FA4C6B3E39A1D693AE6DF75A4C7DAB1ED6EB6E8AB156901B28B1C8A60F2ABE4B3426CCE0ABC1F368D6EB015755CD5687125037B47FD778D777CC68A763966E9B28B970945FE01A495875ED8943C16F5EA0F5B75E3E88A1B3A199A95AB3F412BB622D72B410EAC67D007FAB6604D6949B90656CC7B1F07E6F2E89C24952BCAB7A53194473B21D391FAB135382ECEDBA76B9EE765D4539AD83ED7DD3E1A8ED7B104CE3EAA86C11F64642CE766CA259E729C402990AAEBB6A4CC5F985CAC5C03FC0D9C7337122545BD3516C496E9C5A4BAFD323A8208FA5D477980B61CFCE6410AD864DA546A91D4B14799C21A2FC629CC2BD119C15B854D0007B844E6CC45BBFF560F5FDF76682B80ACEB12B323A1DA187839650551EB5C1D8C21AD11EDEF8F617BCA8C76066D7127BFB89E17C329AD6BEABCD7BA7FBB9A23A42BE292F23A1F9D7351B2D86EBECC27FBC0986F4807B6384BACAEB430D72A8ACA32A1A64CBDE28B94558D6690602B65B9C2AECE5C47487DD89AC1E569C9CA65C08D1A6750783E37B24DC6A5F1D590B43B16743325A6D54248DEA3AE75EC90A07367A2557DB27A419A52D60AFC22646AE2AADC4C3A1DA279AEB3C8852AB794617F9B4D0A58463EE6FF1846B929C122FCD625EF303D3C85AD1B26712FBE0FF88B5E09DD3FBE973B71F57AC73901666505A42510F24DE652B19CA4CBD225E26E9A4E49B4672EFA3CA2D7FAC1F15E961DB0D458765351DB641D456101AE13153A76AE38600C5737A3BF61B6A3BB139602533EA68599622CBB9F5585FAC5F5F743C3255FB18AE6C74D1147F52263723F88A5F83A96785457857F71023486A67C6FBE4A09D1DFA00432F5234B0183588F627AABB9F5898A0FD5D40212634D661497FB284D3B178A4FA45ABF6F887C2E5EBB54DCFE77DA39F8A3F99025C7547C2DD4CA8E3C2CD2DF45CB0D42CD5624D557E2FF9DC580A1FC8C2E8FB04FCE2D1B7772D36E51294447B6A59BEE25C924DEE32BB147DC1BA2B74C9A4E695A23A4295AAABFE6820799B62323C3E11E244B7CD5105E1BC4AC0C1511439BBB139762D63EA62484558BB4A8A31E9AE47BE0A6A99199B16E780F7E61175330FC154FD6F359C89BBAA535E08E563483A3D6E5C8DC88B175ECE129C131219836CBB468A24CD46BA116BB6DF6AE1A8EAD7864D5F27D7BC634211DB0B7DDA6467185D17CCE9A2452E61F27FCB828E111767B0285AA798E785E111ABE2C98E47B6BBB4FF710DE23C942CAC545ECC8F2A80219F2894865CCF67877890431E9228278F7B2F5A5D2A68EE2533A17821B9CFE5F4D8559CDB5E03CB65912985AA784F9E67C708B8BC4E84725890728A2EAE45A11CF155219E80C8516AB0A900E187BD89A8416691EE2A277D73AD62605FE76EFB703C34C5A5E09D4F1644D9BF240C187D4FA41F0E5662AD5F717070F7582667DEC9A8CABBC0161B8B25F79E8B9E643CB3CC5B9A81AADABD3219AE7D84A50A833E802F570A7E57F23568391BE24BEA1502BB8D6DD3F09C2E118EE42F3923A9FC585BC285BE727E5B2B6DBA158DEE9484A6B4C8B5990C6F51BBD0A67832EAC885273E18B150937B08749FCDE97C93673F1C5962AACC17D51DA65696BACE6BC043BB647557761B579617572576DA75235DE8DEC88BFDE7EC4CA2E117914D7ECC8DCF9A9ADE355069B31B436C2121F8124FB2C5FCA5C14D1F6B135F43EC6213C45EEFF64A75C34DB34D7C719FAA17DFF3F9FDDE91AA9E3D8AB6263E1B3EA1854CA52BDB7884063DB79C32A9B08F41A9DD82F35F3894DA37DECE329E4DB56A5BC5CB4397145EF2291E1943486C8D6519B46FBE6D255E842509B8FB357D1E460E61D175793ED5FDFCDAD5F2C30DDE58E88059C7B6B4DC54F614FF764542E8CCE2F35212ED5D09BF4184A177CA53D4CC5A78EAD122EC8BB02A78ACC33639D58F673C11474C2BF302F75B7879014995421AEB75E012FB4866E35673496AA532F69417A29C53B38E2FA972B1A0DEBEDD8237997D63EB1C3AFEC358B8AA5C3CE8A6CF748C6325AAF2B05D5501A78CFF2ADCC45315D3EA696CF5779155291BED4794AA84264CB679408FE3C7ECD05EFE1E66B092C11A9E3D82A3B0F133BACBB89684C162DC84DA75A0C989D72399FC4F6694805FBB67E1332CE55D860BC5C94F5B1742A5551BCA752294D61CBAE865A25DF857CB0855B65538FB376718BE9BF1FE1912771718CA64DBCC874624C5931B666D96D0EFDF2347EC2EA596C092926C5C498E6726DE912BB018E78ABDDFF2B9EF2B1EF904BB8A1EE83A9276B378F3D7FE00F21A9DC1CA1179688E272EEA4468DADAE4A9CB20123BC022B7BA3D6E02BBFE762C13CB81FAC7711B0D8DC6299796745D44561FF587895A82C9687ADF9F521EE4E9C254F19B6AC7E745CB76302D1EF6ABE2766F83AC68C0B72E19523CD05623AA6C5FCEFFA4ECFF36AE764DD591690677DCCD190AE6349D62B1F35D66B00CBAB1CCE4961CBA1A75225DF0EEB754556503A556617B7D89E3E3FC095B26521D2C813C5073B635449AE71BCD9EEF182737460D438BD1127686CCEC98619CA98E6D36DE922BB5B015AF545C2599F573772E43D99E218E1D47A86604540BCCC6A7AEED90E52C2B6BB285FB9D82220D64662A4B134F40D9AE34D8DBF303E71557F6EDEFCB9344A89791DDF0B01ABAF23C6B5B5FD5164B3819055BB548CB00BB557890B6275D89A91E5EA90168A3D955BF4B832BAA93E8530C79D907797E6E24171A264265ED926F0D598E7995E50FE7495658AB5B66E4B58D1AA0E6BBC5CB473B1A5295EC0F842EAAAEA5A7DCE502FBB36827285DBBC6FE58B74EA3EE619A6F79819C4E4B57885745354123FD5BE98938BB459AD61CBEF1E743684D413FCDD41BAE5AC578AB97796369C68D5D5520A4807CE4FD6D4DBC41EADD156855D29D9288D66F9BB77D736E528E2BD9D717CCADD42AD90AAB383CECBA4B136174409B5826FA5AA1CCBDD9B3ED54C55D1F23A2149C8F41FD6B336CCCF2686211C76D6EBF2E8CCC531E61F5B223FFDA99653A1522CD4D7664C42BAD3B4A99EA4164FD647B1067F9F19A0EDA756EC24456345C9DD706AD7443FE2A861142B8C5214A1EBD64F571957E31EE90A75A68BD23CE229BE9B634A9BA42FBC53555DABDF03FEE9367CC9C62F7B4572A1F289DBDC7FC6AB4AAD946BA956D415307BB85CC8D2D415A4F2A3F26FB2EA7523A1C29493FF594D51044B631F7654E2636D6953BBDBC02F270DE4EB4A15B7BF1E85A4AC121EAFC0B1861275E6C670CB420C8C98C6B9C0272CCFF5D1F9C007E3FCE34BDFDCA1856D5F7533F70508BFA26C7F43791D8F7DF1125B89DCB26CECA31256662ED0662A8A9EB782EF9D98D681A56DD74C6417A5AC6D8AD2ECC8A2276AC66B92CC8B39256D05F5DD71CC1EA65D67919D8822B087AD19AD910EEEA15A7FBCB2F2A456C385643BD52612781D7BA70FB1E7F6DBC996E922E76228442C42C9FD6038BB927C6B90E9653C370B4AAD68D6C71DFEB0A839F89935C4BB6DBC6CB43901D65BA4B64E8CE2BA252EA663DEF2BDCE2BEC7CC72F6413267FB2FDA1AD31888D513066DA15307AC3E6AC393EB02E8272D647E572562EA22995D0618255DA600DA565D988979753D86614674F23FC76CD95528021AB23BD1272F1018EAD81C471DB8ECBC654E8D4461221DD61BA6580A52E1CC8F55BF8CA5E96BFAFA0B84D39509B6D1731FAB4B945517AF3D8174CB11568855C12C5F6737236D0079F93CE3ABF6613F81D8E8BB0814EAD8E7ACD457671CAA302EB61E290E3B03D8999BA99F89E91089F00D9138864CD8ADB856D66CC4C2ED6ED634AECC1E9298124ED97D7CF241A47D95A577C4699A1E3D8DA37CDA3CFF37864E143F9980CAF7145808A94ED0AEEAA179FA87EAA8DE66B76F535C09FC3D0FA99DBA067975253FA1F25E96CAB3CABEA500778648566189BF23D0E9D0139D1EB97319EB25FF95CEE19BEABA50C9BD415D77AC3E64D2BDA6B1F9D79320FD549CEFB8955BA4CD5B452FBFF586E48CE5D078BC3CB15223C35DA6CB7E32EE09A6D6E810269FAF7D46C77C7A75CCC2D458D58EC69A599CC810FBC6C6FFCED531DB058F8C1A0F35E3066A5F936BCC2A5CF59E5F5F36357AD60E64BC242DF4FFFCF95A6267A476C9B113714B55D69DB03CCD2BCFE63633AD0ACDF66551FE6CEBFDC28DC3BD7EE2E54F6A05FF35B2A074FE45A2251DADC4916A0476E7D81CF2C6921EC7973F2CFA17576958C8529F995E7DAB6D20FB5462069BE9D7E6D6C32D52E8F6D7E74F9DA64935BAC8865A98DA75667260A59F6A12DC034CDB0E6AED9C0E2B2F2825834D20F56891807E0879907CBB9432F0DAF635BFC0EAF90B2131B56CC226E9492F2872AA75A92F936E92E58D0152625575924A37DCCEB9D88D205429C37C5D7E75281B8A77D8F9A6B3A667392E3591CDA55B9E83304CD79DE178CDFB6E89F4DF44AFB5DECAE685CC27A56091D69AB2AA0072B25D307BB1C676A936774FFB0A6F7F0DFA892F992F7C2582900EB51BB6BE29C08C57D6DD480FE11864DDB49E753680AB5C18EAC16CFF5CBEDCEB976FF2FC2C61BBCE8366B7B4DAA6E063C5C141FCB02FAE866E1AABB1078D9148B6B17FBA86DAC645A97D99DA608609EEB7F3769A5195947A46CB256A9AA35BFE41235F09638061CFB2BD05C1F7EB06D1106E6FBFCEAD757F744BA0BEC349BB7D4586604FF71E8C2C6AF048DC081BD228FBF585EE2E295B8205287AD29BDCB2BC7731BFA65E19A95B78918517236D1EADC900505D7B1A57E0E96B851F41BF6BD0FFC800F874DE6C31F3D3FFC2E8E72522A9DCBD8A9BBCF4632533FFC6AD1D766DADFE2E301E5318EAB5D40D654D4D2633627392834B8E6A2764C9D0AD6B46F8361555140706A82D9AB373F718B141BB660CC5B3D31A8A4E8B49CFD0BD2349A2CEC68B8B6D5742B01185208F4A6D9E627C833124CDCEED6D4A7BE12F4579EC6B9611E40CBB486A8DA731F23A12BE3516E86F079EB9C4BB83EB2CEB2FBA3A8DF950A58DB6F57B8571FC4AC6F92DFCB11434D749D2C01921935807626E4C371A1BAB13565710F5BBE1387A4FAB12596392E113DB1B206C6A5ECE3CA0D59A03A8EBD99D51A93FF2E05C7F998572D9D31E9D77CFEB6EA28A4522BDAD0A2C2DEB631553F7E2A7F36E94971C1BF3BDEC745ED61BEDD99052A29C27E631A9E96F6B6AA3B17676B1725DFE2D05954C52C52B06BD3A6B9DE5431FAAB9C8D1B0D5947ABDDA2212B4B472F7E1EA644CBFAC3D4FE76D9E1760D54C2BB649109B8D7FAC6EB9A76F787B473AB57533CB8059A0B2DB688B548016006C54022D7D611A0A5FAB864BF06C1AD9F516CCEB9B8012BEB65427DE2B25F877E63B10BFA6DD27D5C301B7F746F8CA440DC6A6541CA423D15A4CC92061E23A3CC319A8D586ACAD56BC224E6894BFB583B66852E5587AD2928729BFAC7AF8BB798197E1568E3D82AF619575B2D5614369C448A24D324671397D778E7202E2A67944E2FB5A20C5D9B591E991456F523AF75316903FD7551B8F33838962CB7811CD58B5EE472B5F251E2C4553BB149481B4780A59D4BA481BB96427F812AA4FA9F27FFFABB923EE6F37A6052012E271DF3FB7EFC721EEFC375E5FF2F72537100B2558A2138DF20C26D9FD1A94B51DB3676F9D534A26CB3A3BB15F560C34AE0B6D4571B3F3C960BFAF2A75AECC23E34E3BC8F2B891127E58E577D5FE72181058D1BE55F61C30BBD59B9A23FFCDA4852E32DC0AE5AD9EFE29995AED27EB9A10B693C48C7FEEF85CF9D6D94F11FA44FFCE1E18D9BFEF7BCF1F99535F75CBE3F363D716BCAA25B2025CC950C79D89A80C01461E1D0BC8968A79D196E026BE3D80A67DE4673FBA70A501ECB1B613CD8447BA066A3EC6BC5F7CD5F56C2BA908536DB863622E378017775DB679D47188562AEC6269EB6F2911250C621CB72E12E52E13130BBB51CAB140DA1CFD6722D44804177CDF3C3B1190725BB33CC1F3298D2ABF799BDCBCB87CB88F419DDA3D252FF2E85E9AD6862699C0B7C07F9BDB1253BBA40EB3BC22F7F8A9CF237D857DF4472DE8D59ECFF61EACCFF72CE28C6B4B97986C231F3ACBF5AD9851E758F3B9626764E32323206A9C5DD8929BD6C4DB8E64719CE2E5D732DD776D1255B9BF8348EBDFFFB24D67B5CB1F4BC1F53F5270E12AED8CBBCF1D8191764EE25CABA55B59902AD6125C54C04593FF00A1BBAE8DD9FAE5106B999DBEF1A451FDA79C8C8286B18E902D1F89BBBDA24BF8B74D5DC69E1335DCE38892AA44DCAC70BCDB6C1D5A5855A4367CE91DB7D3CB04EF330FE580B00612671D826F4E68D4EF4BC7B99469EA48CE2F83A961E4451141F3E59747C9CB42188169D6EB001DD65D7BC26C79B2FAC6BA550CC11633154462223FA89D7F2B9B576B514C429FE151C80D2D92CA62B1F1909142C5AA8F0CE3652E1B230AB83A92FF5DB86B987D50ACC0ABB4A0D7E2BB3EB82F5792BFC76E992A45257DAC5065E438206D22AB040F232D21701F8FBE7340A2CD2D3B701BE2E7C0F288F360A00C24C10F2B125B4AB8298B2C76553C36F559DC2BE8C9582EDF164ED23BC4A1C5B106644CEF81BFCB7E6E2996A2D779DF31D1EC55B2B1217BE3F4E55B5AFE10F9BE6C25510078EA48C466CCA9C65EB166F602BBDE117E06F93EE60F6B9F8752BF0AA52026CDF95878E8C422EA58F1A7D4EC14854F4BF106E590A93EFF3E9FECD7B2DCEA90F9BC411BA1FED7AA8B8E93BFEE651AAE5D2DF9AB53483361EEC12364B6E80A595208F7160B0A3626C24EB08D921CD370A00C24C10F2B12544A466DD500E67966EDDCDDD54754872781D4BB4974DF5C7A95199961917C809C61DED7442B9B4F9AD7171BAB1BBB75DF22FC639365ECEB62F6E550A2822BB2C6CDA5A0B5A63BE6EF1C4CDF411B08848B89D72B59D68BC196FBB4AB7B14BF92CBFDDBD25E7F59A28361AFE67E3ABDFDD080FA91D1DCFE76512413FDDBF614D873E80F89087CF739907283F329A71E1CEF7E6B09AB58F138EEE17603DDEBC9D20DCB7C5340B060B938787EB34C983C224A2F97C94D7866132B216876D2E8FA09597E5DF8143468256F3FD690A00C24CA0FAB125B483AE12379AF936E9BD76689FD4885587048FD7B1447B3A547FAB91EDC8F4738CE47F15CFF32BE072CB79F5E65CAE8CAEFF0685E7E5A79B97EB7F79535077E9632C57C226C1C77D8D7E0BA59F3F6A59B78C36EC0AC18D191B920BEFE168E769E56308CEFC6FD7BD126BE0B736D0855B85D17CAC2021E09CB34FD6CA3736D7FD16ED1F4D6361C241EC038058A29D65039E6ECE70AE65065F3CF153ECDEF2F9F9E8222CBDA1D798F7B6ADF261DC1B8DA57726C5C3C5D9DF2997C3B339D880F2298DD020DCE6B3634D3C5C232E4AD53907E108003B0123CBD694C23E8D3CEEB6E89CD3B951B1762B627312C5E3D85BE8DCFCDA5E7EA97FF3E2FFCD5AB81AD92F18F0A57B9FEB6F474279BF623FD82DEEC967F7237EB696B53A2DF2183AE7C2E1F633F961EB4694C7FD086E4FF8F3114FD3CD4D3A61D2C09F50B22EBF1FD309B76B241175F16FD03FFFC4F81D8FD13D6CCFC4DBF0E7CC46B73BD8588E7E93D57E86CF2528956506E9690C4FB811FC3EA9C006ED5AFBE871B84BC76DAF2EAB8B88074B6FE3F43CCC23FFB8B756C9FAEF17E41E63285CDA990C8661AE0D871A9763968E85B9B515279DB054FBE6F00D0061262075D89A78C9AD51FBCFC5B3235FF8E22D1EE6A004FB8F8B01741D5BFE073D02F7A874B1FC1FFD27AAB0486852C2BA527036E58D2DF16E9FF70FE277FEB65EEC7D844B7BA10B4A5B3FF05A3F7736FC0C347E21F1BBA96924437EB71E83AFFDEFE1DE1DC034DD67ABCC7F7467D4BCEADB7706FFF04C638FDAD7FFEFFE9D7BA96E7197AD71B13DFEBC795E179CC6AB54C935BEB04D5BABD5B53993E70B70E27F3CB07E9FDE2AC9440604D585A4DB699F9FC3CEFAAD6EC354C4E32D291F604F005089187887AD29957C615BFCECCD011880AF63DBEED07A0685F7FBDB8749682AFF78C626210DFC7826BF246EC54E417BE944172B33F503B77693475791126089CAB17919EE9DE37FE7FDBE07F5195603B8EDF9AFCFC334FAA87698CE3DFE5D7BA9AF2CA104BD078BFD62743D96DD67971D1FB74C444D503B60E2D9B04CFF6D16583DCA679B1CAD7D1C07B32EDB8D7B9A6D2EC822DE9A7888750A00C24C90F6B125B4832F1DDFCE5BFCE240328EAD62FE2E79CE3F98ED7F5662B76BEFEF164C42E5BCD3E970DBD2EF7F131DCF45C7DD59CFF97818ECCAC5E1C7C1C7AEE1BE573F7FE47EBE7F926D0ECA48DA7CAA69218E3A446F13DD2B515D1F373FEF3CEB3E31FEF938DC1F149EEFE7127F5C3B3CBF31CFF9E74F97EACFD699B061394AD088BA4EC29FEC7F78DDD2FF973F9C8FB791EFB97ABFB8AFCF39E6EFC2DDECFE9F74798D77504692E6C3C285180EF42EDE2E6FFF49BF210ECA48C57272166112ED08006CE661266BCB067FA9CFBEC59F06BBEA4671DB6C2DB6BB91FE8EF08728BF5DFE532D41A27D027DFC9E71B3070901CDD6BDCCE357E8BD32022BE0ADA6DF89283FC58F47E7B2151B977DF8C4B6DF1AD88FCB8548DC0AF5AEB2F42E9C2FC67DAC5FB7021E03EFA2D5F47226FD7BA1FD7B2656874FB2BC9F38E65ABF66E5EF8F5FF55C3D8DDFDF69CFFDB709615A892A3DEB0861263033C775F76C72CBE68EF2741F05CF67750FEFC19CF751E66C83C9D5390724E3D8FAE81A91EDAED607D97B4C7D7A9D7C9BED7EAB50CFF5BD116F1BDBD89765F761E10CABB3EDFCA3C319DDAFEABBDC2280FBA877724FCEB02F5E9F4F28F7416F9C83C5ECBCD3E9D1070D2E10CF95B3FBECCC9BC125F741F3799D7E986ECE7018B4C7B5FF6D71B1791F86CDAD8D73716C27F3A8757A6612114F0070C765CF8103C697B30B000000000020F71F662D4CFC5932323256D995FD04B013109C00000000000000009588E0840000000000000020CC042704000000000000006126302900000000000000003B01C109000000000000005089084E0800000000000000C24C704200000000000000106602930200000000000000B013109C00000000000000009588E0840000000000000020CC04270400000000000000615608CCFD51FD1F98FC47000000000000F6B8F7AF2C2EE20C00775CF61C38607CE8840000000000000020CC042704000000000000006126302900000000000000003B01C109000000000000005089084E0800000000000000C24C704200000000000000106602930200000000000000B013109C00000000000000009588E0840000000000000020CC042704000000000000006126302900000000000000003B01C109000000000000005089084E0800000000000000C24C70420000000000000010660291020000000000000000F58F7AEF1202000000000000000013FB60C0B1E1FFE7B77EDBECF79BEC379E4C3FF0307F9CD3FEB79FFE37FB93EE9772BFC97FACFC67E68E1357C2055C0A2D49C011D45889BB91096B69E071B4D74A6048641964A0D0356749B9E85224721194684148855A7191210D312AE21F76D40223415A52254245C8C5959DBB62FEF87CED55E586F4D9DEE58745144494EE720000468AF67C103CE000003CE0000037958407900000005016CFB0F81B000014D41476400000009EC1ECEA002474253710000000BC51952D0000006080760000003B30000025448494D0000000A0A1A0D074E40598

re再16进制

password:

!!SUp3RP422W0RD^/??.&&

解压缩包

得到一串base64

把base64的部分去掉,另存为.stl文件

用在线查看

在线查看 STL 文件 - 3DPEA

key:

sSeCre7KeY?!!@$

把flag文件上传上去

xor识别到是wav文件

音频lsb隐写

import wave

def extract_lsb_from_wav(file_path):
    with wave.open(file_path, mode='rb') as song:
        frame_bytes = song.readframes(song.getnframes())
        binary_string = ""
        for byte in frame_bytes:
            binary_string += bin(byte)[-1] 
        decoded_chars = []
        for i in range(0, len(binary_string), 8):
            byte = binary_string[i:i+8]
            if len(byte) == 8: 
                decoded_chars.append(chr(int(byte, 2)))
        decoded_message = ''.join(decoded_chars).split("###")[0]
        return decoded_message
file_path = "download.wav"
decoded_message = extract_lsb_from_wav(file_path)
print( decoded_message)

D0g3xGC{U_4rE_4_WhI2_4t_Ste9An09r4pHY}

我是真签到

D0g3xGC{welCome_To_Gcbctf_HaveGo0dTIMe}

调查问卷

这题拿了一血

嘻嘻嘻

D0g3xGC{Thanks_for_your_participation}

若有收获,三连加关注,学习不迷路

悦读

道可道,非常道;名可名,非常名。 无名,天地之始,有名,万物之母。 故常无欲,以观其妙,常有欲,以观其徼。 此两者,同出而异名,同谓之玄,玄之又玄,众妙之门。

最新收录
MySQL实战:监控
容器测评十个热门小知识
CA证书(数字证书的原理)
【Java毕设项目】33771基于java的考研资料共享系统(附源码论文-可完美运行)可白嫖作毕设,轻松搞定毕设作业
微信小程序 简单自定义对话框
python+flask计算机毕业设计在线音乐网站(程序+开题+论文)
【vue2高德地图api】02-npm引入插件,在页面中展示效果
SQL知识点合集3
Web前端最新Javascript 学习之路9 第九章 DOM优化和拓展(1),2024年最新2024年BATJ30套大厂前端经典高频面试题
MyBatis批量更新时提示“You have an error in your SQL syntax“
;