2023工业信息安全技能大赛-车联网安全锦标赛-线上赛

数据分析

Wrong type of compression

按提示 What is the difference between zlib and zstandard

先把 idat用 zstd解压出来再压为zlib

修改idat, length.打开png

cortexscan扫码即可.

import zstandard

dctx = zstandard.ZstdDecompressor()
input_path = 'data1'
output_path = 'out1'

data = open('data1', 'rb').read()
dctx = zstandard.ZstdDecompressor()
decompressed = dctx.decompress(data)

f = open(output_path, 'wb')
f.write(decompressed)
f.close()

flag{12ae88e0-d650-446b-bd66-759343d1988f}

神秘字符

img

fjahwk0q42uliqujamge5220b93f44f73faBXb2xKW3hYjill

通信风暴

ICMP包中包含data内容,解密

img

img

Misc

Can RSA

直接提取上次flag

不一样的车载音乐

binwalk分离出两个文件

img

根据图片提示,猜测是6位小写字母密码,爆破得到解压密码qazwsx。打开ISflag.png,爆破得到图片。

img

打开ISflag.png,爆破得到图片。

img

img

根据图片转换成0110011001110110001101100110110000110000011000010111000000110111001101010111010101100111011001000011100000110000001100000110001000110100011001100110000100110011001101100110000100110111011000110011100100111000001101100111010001100001011001110111001101110010001100000101100101001010011011110111100101110000011011110111010101110010

img

There is Always Only One Truth

stegseek 1.jpg rockyou.txt

流量分析

CAN 通信三字经

Savvy分析can.log文件

根据CAN协议原理,和题干提示(取3字节)搜寻,XXX#03字段,取6位字符,转义得到flag提示 取39位

img

GAGA TT

根据提示,过滤ATT协议,关注写数据内容

img

将结果拼接解密即可得到FLAG

img

签到

关注公众号回复得到flag

Web

Image-service

SSRF+CLRF

下载 www.zip源码。得到ssrf要POST加JSON

POST /
Content-Type: application/json
{"url":"http://127.0.0.1/secret.php","author":"ddd\r\nCookie: admin=dHJ1ZQ"}
posted @ 2023-11-24 23:11  wgf4242  阅读(355)  评论(0编辑  收藏  举报