xctf-misc


this_is_flag

flag{th1s_!s_a_d4m0_4la9}

pdf

flag{security_through_obscurity}

如来十三掌

flag{bdscjhbkzmnfrdhbvckijndskvbkjdsab}

首先与佛论禅,然后rot-13,最后base64

give_you_flag

flag{e7d478cf6b915f50ab1277f78502a2c5}

拼接三个角,然后扫描二维码得到flag

stegano

flag{1nv151bl3m3554g3}

BABA BBB BA BBA ABA AB B AAB ABAA AB B AA BBB BA AAA BBAABB AABA ABAA AB BBA BBBAAA ABBBB BA AAAB ABBBB AAAAA ABBBB BAAA ABAA AAABB BB AAABB AAAAA AAAAA AAAAB BBA AAABB

拿到摩斯密码解密即可

坚持60s

flag{DajiDali_JinwanChiji}

gif

flag{FuN_giF}

import libnum
import hashlib
with open(r'0.jpg',mode='rb') as f:
    md5i = hashlib.md5()
    md5i.update(f.read())  #使用hash对象的update方法添加消息
    n0 = md5i.hexdigest()
    print(n0)
with open(r'1.jpg',mode='rb') as f:
    md5j = hashlib.md5()
    md5j.update(f.read())  #使用hash对象的update方法添加消息
    n1 = md5j.hexdigest()
    print(n1)
flag = ''
for i in range(0,104):
    with open(str(i)+'.jpg','rb') as f2:
        md5i = hashlib.md5()
        md5i.update(f2.read())
        n3 = md5i.hexdigest()
        if n3 == n0:
            flag = flag + '0'
        if n3 == n1:
            flag = flag + '1'
print(flag)
print(libnum.n2s(int(flag,2)))

掀桌子

flag{hjzcydjzbjdcjkzkcugisdchjyjsbdfr}

a = "c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2"

flag = " "

for i in range(0, len(a), 2):
    flag = flag + chr(int(a[i:2 + i], 16) - 128)
print(flag)

ext3

flag{sajbcibzskjjcnbhsbvcjbjszcszbkzj}

挂载到kali

SimpleRAR

flag{yanji4n_bu_we1shi}

这题首先把压缩包放在010editor里,因为rar文件头是89 50 4E 47,进行修改,得到了secret.png,但是查看文件头发现是gif89a,所以改后缀为gif,然后两帧分别保存得到二维码的上下部分进行拼接,扫描得到flag

base64stego

flag{Base_sixty_four_point_five}

注意,这里是python2编写的,所以在cmd中执行python2 xxx.py

# -*- coding: cp936 -*-

b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

with open('1.txt', 'rb') as f:
    bin_str = ''
    for line in f.readlines():
        stegb64 = ''.join(line.split())
        rowb64 =  ''.join(stegb64.decode('base64').encode('base64').split())

        offset = abs(b64chars.index(stegb64.replace('=','')[-1])-b64chars.index(rowb64.replace('=','')[-1]))
        equalnum = stegb64.count('=') #no equalnum no offset

        if equalnum:
            bin_str += bin(offset)[2:].zfill(equalnum * 2)

        print ''.join([chr(int(bin_str[i:i + 8], 2)) for i in xrange(0, len(bin_str), 8)]) #8 位一组

功夫再高也怕菜刀

flag{3OpWdJ-JP6FzK-koCMAK-VkfWBq-75Un2z}


文章作者: Lightning
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 Lightning !
评论
  目录