一、验证码
1. 打开后得到一堆jpg,根据名字猜测是将所有jpg上的数字获取下来,然后进行某种运算,网上找一下python识别验证码的脚本,但是我的这个识别出来有问题,有一位是d,但应该是0
点击查看代码
import ddddocr
tmp = ''
ocr = ddddocr.DdddOcr()
f1 = open('1.txt','wb')
for i in range(0,136):
with open('{}.png'.format(i), 'rb') as f:
img_bytes = f.read()
tmp = ocr.classification(img_bytes).replace('o','0')
f1.write(tmp.encode())
f1.close()
3.得到flag,或者可以使用脚本进行转化,脚本如下:
点击查看代码
import numpy as np
import matplotlib.pyplot as plt
from PIL import Image
def Tupper_self_referential_formula(k):
aa = np.zeros((17, 106))
def f(x, y):
y += k
a1 = 2 ** -(-17 * x - y % 17)
a2 = (y // 17) // a1
return 1 if a2 % 2 > 0.5 else 0
for y in range(17):
for x in range(106):
aa[y, x] = f(x, y)
return aa[:, ::-1]
k = 1594199391770250354455183081054802631580554590456781276981302978243348088576774816981145460077422136047780972200375212293357383685099969525103172039042888918139627966684645793042724447954308373948403404873262837470923601139156304668538304057819343713500158029312192443296076902692735780417298059011568971988619463802818660736654049870484193411780158317168232187100668526865378478661078082009408188033574841574337151898932291631715135266804518790328831268881702387643369637508117317249879868707531954723945940226278368605203277838681081840279552
aa = Tupper_self_referential_formula(k)
plt.figure(figsize=(15, 10))
plt.imshow(aa, origin='lower')
#绘制图像
plt.savefig("1.png")
img = Image.open("./1.png")
out1 = img.transpose(Image.FLIP_TOP_BOTTOM)
out2 = img.transpose(Image.FLIP_LEFT_RIGHT)
out2.show()
4.得到的png上就是flag(png在原始转码得到的基础上进行了翻转,详见代码)
二、来一把紧张刺激的CS
2.查看内存文件的版本信息
python vol.py -f /home/cpyq/Desktop/1.raw windows.info
3.查看存在的进程
python vol.py -f /home/cpyq/Desktop/1.raw windows.pslist
4.可疑的进程应该就是dllhost.exe(根据进程中出现dllhost.exe经常与病毒相联系判断)
