攻防世界MISC刷题1-50

目录

1、ext3

2、base64stego

3、功夫再高也怕菜刀

4、easycap

5、reverseMe

6、Hear-with-your-Eyes

7、What-is-this

8、normal-png

9、something in image

10、wireshark-1

11、 pure_color

12、Aesop_secret

13、a_good_idea

14、simple_transfer

15、Training-Stegano-1

​16、2017_Dating_in_Singapore

17 、can_has_stdio?

18、János-the-Ripper

19、Erik-Baleog-and-Olaf

20、Test-flag-please-ignore

21、hit-the-core

22、快乐游戏题

23、glance-50

24、misc_pic_again

25、Banmabanma

26、stage1

28、red_green

29、 Recover-Deleted-File

30、适合作为桌面

31、就在其中

32、base64÷4

33、 很普通的数独

34、再见李华

35、Hidden-Message

36、embarrass

37、神奇的Modbus

38、MISCall

39、flag_universe

40、Get-the-key.txt

41、Reverse-it

42、打野

43、3-11

​44、我们的秘密是绿色的

45、小小的PDF

46、倒立屋

47、Become_a_Rockstar

48、intoU

49、Cephalopod

50、Excaliflag

---

1、ext3

用winhex打开，搜索flag能查到，这个是linux磁盘，专业工具-将镜像转为磁盘，再次搜索flag，在最右边能看到文件位置，打开后就能直接找到flag，base64解密一下即可，flag{sajbcibzskjjcnbhsbvcjbjszcszbkzj}

比较奇怪的是，把这个linux拖进kali后，foremost一下，能得到一张照片，里面也是flag，但是提交进去不对，不太懂这是干什么

2、base64stego

压缩包加密，爆破一下发现不行，怀疑是伪加密，winhex打开后果然

 txt里面是一串base64，解密之后看起来像说明书，肯定不对，在网上找了个base64的脚本，得到答案

第四行的路径记得要改成绝对路径，flag{Base_sixty_four_point_five}

import base64
bin_str=''
b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
with open('stego.txt','r') as f:
	for line in f.readlines():
		stegb64="".join(line.split())
		rowb64="".join(str(base64.b64encode(base64.b64decode(stegb64)),'utf-8').split())
		offset=abs(b64chars.index(stegb64.replace('=','')[-1])-b64chars.index(rowb64.replace('=', '')[-1]))
		equalnum=line.count('=')
		if equalnum:
			bin_str += bin(offset)[2:].zfill(equalnum * 2)
	print(''.join([chr(int(bin_str[i:i + 8], 2)) for i in range(0,len(bin_str),8)]))

3、功夫再高也怕菜刀

pcapng格式，一看就是用wireshark，把它拖到kali里foremost一下，得到压缩包，最终是一个加密的flag.txt

在wireshark中搜索flag.txt，只有1150最奇葩，有一个666.jpg

 然后追踪TCP流，发现有FFD8 FFD9，把整个复制下来

 打开winhex，编辑-剪切板数据-粘贴至新文件-ASCII HEX-保存为jpg就行了，得到flag.txt的解压密码，Th1s_1s_p4sswd_!!!，flag{3OpWdJ-JP6FzK-koCMAK-VkfWBq-75Un2z}

4、easycap

这一题简单的有点不可思议，随便一行追踪一下TCP流就行了，不用改为中括号，改了就不对了，FLAG:385b87afc8671dee07550290d16a8071

5、reverseMe

这一题也很离谱，旋转一下就行了，华为的提取文字真香，直接出flag{4f7548f93c7bef1dc6a0542cf04e796e}

6、Hear-with-your-Eyes

Bandzip能直接解压，得到一段音频wav，在Audacity中打开，看不出有什么不一样，根据题意我还以为是摩斯密码，但是形状对不上，点那个小三角，切换到频道图，flag就出来了，奇葩的是这个只要提交后面的字符串，全输进去还不对

7、What-is-this

打开之后是两张图片，根据名称猜想肯定是合并，用copy命令不行，得到的图片没有，binwalk一下感觉有隐藏，但是提取不出来，百度了一下，需要用到stegsolve的图片合并功能，先打开第一张图，然后Analyse-Image Combiner得到flag，AZADI TOWER

8、normal-png

打开是图片，没看出来啥，百度了一下发现他的高度被改了，03改成04就行了， flag{B8B68DD7007B1E406F3DF624440D31E0}

如何判断图片的高宽度被修改了？

9、something in image

在linux里解压，然后直接搜索，strings badimages | grep -i Flag（-i不分大小写），得到Flag{yc4pl0fvjs2k1t7T}

10、wireshark-1

题目：黑客通过wireshark抓到管理员登陆网站的一段流量包（管理员的密码即是答案)。 flag提交形式为flag{XXXX}

搜password一搜就出来了

11、 pure_color

foremost什么都试了，没想到这玩意居然直接点一下就出来了，
flag{true_steganographers_doesnt_need_any_tools}太离谱啦

12、Aesop_secret

看的WP攻防世界misc进阶区Aesop_secret_gongjingege的博客-CSDN博下载附件，解压后，打开是一张gif动图，因为没有下载ps啥的，直接在线分解的gif动图分解：https://tu.sioe.cn/gj/fenjie/差不离应该是ISCC到这啥也没有了，用winhex打开，看一下信息在最后发现了一串字符串，以为是b64，结果没解出来看了wp，才知道aes加密（第一次知道。。。），而ISCC就是密钥（其实题目也有提示aes operation secret）解密两次得到flag这个题题目就是提示，没看出来，蓝瘦了，铁子2020.8.17 公瑾..https://blog.csdn.net/gongjingege/article/details/108059130先把动图分解GIF动态图片分解，多帧动态图分解成多张静态图片_图片工具网页版，得到一个ISCC，winhex打开动图，最后的一部分看起来不太对劲

 根据题目提示是AES解密，密钥就是ISCC，解两次得flag{DugUpADiamondADeepDarkMine}

13、a_good_idea

 得到一张图，binwalk发现里面有东西，foremost提取出来，hint.txt里面有提示“try to find the secret of pixels”，从像素中寻找秘密，根据两张图片的名称，猜想将这两张合起来

 用stegsolve的图片合并功能，先打开第一张图，然后Analyse-Image Combiner，点两下箭头直接得到二维码，得NCTF{m1sc_1s_very_funny!!!}

14、simple_transfer

pcap格式，用wireshark找半天没有找到什么有用的东西，最后binwalk了一下，发现里面有东西，foremost提取出来一个pdf文档，直接出flag，HITB{b3d0e380e9c39352c667307d010775ca}

15、Training-Stegano-1

用winhex打开，直接出，steganoI 

16、2017_Dating_in_Singapore

这一题的脑洞真的大的离谱，完全想不到日历还可以这么玩，详见这位大佬的博客【XCTF 攻防世界】杂项 misc 高手进阶区 2017_Dating_in_Singapore_Kal1的博客-CSDN博客

17 、can_has_stdio?

下载下来的misc50，不知道文件类型，winhex打开，发现全是+><组成，很特殊

 没见过这样的加密，看了别人的wp才知道这是Brainfuck加密，复制下来的图形刚好还是一个五角星，解密得flag{esolangs_for_fun_and_profit}

18、János-the-Ripper

下载下来得misc100，winhex打开发现隐藏了一个flag.txt，加后缀.zip，解压需要密码，爆破一下，密码是fish，解压出flag{ev3n::y0u::bru7us?!}

19、Erik-Baleog-and-Olaf

stego100用winhex打开发现是png格式，改后缀

 得到一张图片，根据文件名，肯定是要用stegslove的，点几下箭头出现一个二维码，如果不仔细看还真不好看出来，直接扫扫不出来，还得p一下，把右下角的方块补齐，flag{#justdiffit}

20、Test-flag-please-ignore

 winhex打开长这样，十六进制转字符直接出，flag{hello_world}

21、hit-the-core

放到kali里，binwalk没有，strings +文件名，查看文件内的字符串，四位一个提取大写字母，ALEXCTF{K33P_7H3_g00D_w0rk_up}

22、快乐游戏题

下载下来在我的电脑上显示是恶意软件，没敢运行，应该就是游戏通关得flag，看了一眼wp，√

UNCTF{c783910550de39816d1de0f103b0ae32}

23、glance-50

 动图分解一下就行了，TWCTF{Bliss by Charles O'Rear}

题目是一张动漫图，总感觉高度不对，04改成05，得到一个StRe1izia

把原图放进kali里binwalk一下，发现有东西，foremost提取出来一个rar，爆破解不开，把上面那个字符串扔进去，解出来一个pcapng，剩下的不太会，根据wp，搜索png，得到一串字符ZmxhZ3tPel80bmRfSGlyMF9sb3YzX0ZvcjN2ZXJ9，

Zmxh的开头明显就是flag的base64密文，base64转一下就行了，flag{Oz_4nd_Hir0_lov3_For3ver}

24、misc_pic_again

winhex打开没有发现什么，binwalk尝试无果，扔stegslove里面，箭头看了一圈无果，RGB改为0，发现压缩包的文件头，savebin为压缩包，解压后winhex，根据题目搜索得到，hctf{scxdc3tok3yb0ard4g41n~~~}

25、Banmabanma

这个也是相当坑，zsteg +文件名，出来一大堆标红的东西，没想明白是啥玩意，搜了一下wp，这个题居然是条形码，Barcode Reader. Free Online Web ApplicationRead Code39, Code128, PDF417, DataMatrix, QR, and other barcodes from TIF, PDF and other image documentshttps://online-barcode-reader.inliteresearch.com/扫一下，没有想到，flag{TENSHINE}

26、stage1

还是熟悉的图片，stegslove得到，扫一下出来一堆十六进制的数

 用winhex保存一下没看出来啥，看wp说文件头03F30D0A，这个是.pyc文件

需要进行反编译，可以用python反编译 - 在线工具，直接就能看到代码，也可以用Easy Python Decompiler软件，反编译之后得到*.pyc_dis文件，我没有下载文本编译器，拖进kali里就能直接打开看到了，长这样

 改一下把数值扔进去就是

str = [
	65,
        108,
        112,
        104,
        97,
        76,
        97,
        98]
flag = '03F30D0AB6266A576300000000000000000100000040000000730D0000006400008400005A00006401005328020000006300000000030000000800000043000000734E0000006401006402006403006404006405006406006405006407006708007D00006408007D0100781E007C0000445D16007D02007C01007400007C0200830100377D0100712B00577C010047486400005328090000004E6941000000696C000000697000000069680000006961000000694C0000006962000000740000000028010000007403000000636872280300000074030000007374727404000000666C6167740100000069280000000028000000007307000000746573742E7079520300000001000000730A00000000011E0106010D0114014E280100000052030000002800000000280000000028000000007307000000746573742E707974080000003C6D6F64756C653E010000007300000000'
for i in str:
    flag += chr(i)
    
print(flag)

直接出AlphaLab，不用加flag

27、Miscellaneous-200

像素点python成图，引自攻防世界-进阶区-Miscellaneous-200_shadowland_L的博客-CSDN博客

from ast import literal_eval as make_tuple
from PIL import Image
f = open(r'.txt', 'r')
corl = [make_tuple(line) for line in f.readlines()]
f.close()
img0 = Image.new('RGB', (270, 270), '#ffffff')
k=0
for i in range(246):
   for j in range(246):
      img0.putpixel ([i , j], corl[k])
      k=k+1
img0.save("result.png")

28、red_green

zsteg隐写，发现不对，提取该通道图片，直接出flag{134699ac9d6ac98b}

 

zsteg使用，引自隐写工具zsteg安装+使用教程_Amherstieae的博客-CSDN博客_zsteg

1.查看lsb数据

zsteg xxx.bmp
zsteg xxx.png
zsteg -a (文件名)    #查看各个通道的lsb

2.检测zlib

#-b的位数是从1开始的
zsteg zlib.bmp -b 1 -o xy -v

3.提取该通道图片

zsteg -e b8,a,lsb,xy 文件.png -> out.png

29、 Recover-Deleted-File

 引自Linux用extundelete恢复磁盘文件-攻防世界Recover-Deleted-File_半岛铁盒的博客-CSDN博客

linux删除文件时其实删的是文件名，数据还是存储在硬盘中的，恢复用extundelete命令，

安装：sudo apt-get install extundelete

应用：extundelete 文件名 --restore-all

题目是一个.gz的文件，扔进kali里解压得到disk-image，恢复文件“extundelete disk-image --restore-all”，得到一个文件夹，里面有一个flag文件，运行一下就能得到flag，在运行flag时，用“./ +文件名”命令，但是显示权限不够，网上搜了一下，“chmod 777 +文件名”可以解决这个问题， flag是de6838252f95d3b9e803b28df33b4baa 

30、适合作为桌面

stegslove得到一张二维码，关键是我扫不出来啊，wp攻防世界Misc 适合作为桌面_hhh-CSDN博客_攻防世界适合作为桌面，flag{38a57032085441e7}

31、就在其中

攻防世界 MISC 高手进阶区 就在其中WP 解题思路_C w h的博客-CSDN博客_攻防世界就在其中

TCP（Transmission Control Protocol传输控制协议）是一种面向连接的，可靠的，基于字节流的传输层通信协议，FTP（文件传输协议）是网络共享文件的传输协议 。有TCP、FTP应该是在传输某些文件，在追踪第二个流时发现一些文档，pub.key公钥，推测有私钥

 搜索private，找到私钥，保存下来，保存为pub.key

 foremost流量包会得到jpg、pdf、zip，zip解压后得到key.txt，用openssl解密，flag is {haPPy_Use_0penSsI}

命令：openssl rsautl -decrypt -in key.txt -inkey pub.key -out flag.txt
-in 为要解密的加密文档 -inkey 为密钥 -out 为输出文档 

具体的详见如何运用OpenSSL 对文件进行加密和解密_petpig0312的博客-CSDN博客_openssl加密文件

32、base64÷4

base16解密，flag{E33B7FD8A3B841CA9699EDDBA24B60AA}

33、 很普通的数独

nono这一题一点也不简单，写脚本那一点给我卡的死死的，flag{y0ud1any1s1}

看大佬的wp吧攻防世界 Misc高手进阶区 3分题 很普通的数独_闵行小鱼塘-CSDN博客_攻防世界很普通的数独

34、再见李华

foremost提取出来一个zip，根据题目的意思，有4位，后面还要加上“LiHua”，用ARPHR的掩码攻击，设置掩码为“????LiHua”，那个问号是英文的，如果是中文问号，会提示“错误：未找到掩码符号”，这个真坑，我捯饬了好久，破解出密码是15CCLiHua，flag为Stay hungry, Stay foolish.

ARCHPR

 1、暴力破解：尝试选择范围内所有的字符组合
例如：选择范围：数字 长度：1-6
从1开始跑到999999
2、掩码：已知道密码某个位置的字符
掩码默认为：？
例如：掩码为：www.?????.com 范围选小写a-z
从www.aaaaa.com 跑到www.zzzzz.com
3、字典：在字典中寻找密码
密码必须在字典内
最后，破解成功会提示密码

35、Hidden-Message

攻防世界 Misc高手进阶区 4分题 Hidden-Message_闵行小鱼塘-CSDN博客

我是怎么也没有想到会是端口隐写，追踪流udp.stream eq 0和udp.stream eq 1加在一起是量子物理学的概念之类的东西，UDP协议传输数据包

端口的最后一个数字提取出来

 1和0之间互转，再转换成字符串，flag是Heisenberg 

import binascii
a='10110111100110101001011010001100100110101001000110011101100110101000110110011000'
b=''
for i in a:
    if i=='1':
        b+='0'
    elif i=='0':
        b+='1'
print(b)

01001000011001010110100101110011011001010110111001100010011001010111001001100111 

36、embarrass

 wireshark里没有分析出来什么，拖到linux里出了，flag{Good_b0y_W3ll_Done}

37、神奇的Modbus

工业设备消息传输使用modbus协议，过滤一下直接搜，但是它ctf{Easy_Mdbus}，中间加个o，ctf{Easy_Modbus}就对了

38、MISCall

在kali里file一下文件，是bzip2格式，改后缀为bz2，直接解压，里面有flag.txt和.git目录，或者用“tar -xvjf +文件名”这个命令，会直接显示git目录下的文件同时生成一个ctf文件夹，里面只有flag.txt，flag.txt里面什么也没有

　*.bz2         //    bzip2程序压缩产生的文件Linux下文件的打包、解压缩指令——tar，gzip，bzip2，unzip，rar - yhjoker - 博客园本文是笔者对鸟叔的Linux私房菜(基础学习篇) 第三版(中文网站)中关于 Linux 环境下打包和解压缩指令的内容以及日常操作过程中所接触的相关指令的总结和记录，以供备忘和分享。更多详细信息可直接参https://www.cnblogs.com/yhjoker/p/7568680.html#tar

.git文件夹是git init后在当前目录生成的一个管理git仓库的文件夹，

git log命令，会输出所有的日志 

 git list查看修改列表，有东西

 

git stash show显示做了哪些改动，默认show第一个存储,如果要显示其他存贮，后面加stash@{$num}，比如第二个 git stash show stash@{1} 

git stash apply应用某个存储,但不会把存储从存储列表中删除，默认使用第一个存储,即stash@{0}，如果要使用其他个，git stash apply stash@{$num} ， 比如第二个：git stash apply stash@{1} ，相当于恢复改变的内容

 

 

 运行s.py，改一下路径，直接出NCN4dd992213ae6b76f27d7340f0dde1222888df4d3    

39、flag_universe

流量包里搜索universe，能找到几个universe.png，应该是从流量包里提取图片，binwalk一下发现确实有图片，但是foremost提取不出来，网上教的用wireshark提取图片实在没看懂，参考了这位的教程流量取证-流量中提取文件 - micr067 - 博客园以前整理的一些东西，拿出来做备忘 PCAP 报文就是抓取实际在网络中传输的图片，视频等数据，然后以PCAP 格式存储形成的文件。工作中对离线的数据包进行回溯分析，有时会遇到将 PCAP 中的码流还原成https://www.cnblogs.com/micr067/p/14076573.html

 流量包中提取文件：1、tcpxtract -f +文件名 2、用NetworkMiner 3、用wireshark 4、foremost -v -i +文件名 5、用Chaosreader

1成功了，235不会用，4没成功，1之后出来一大堆图， 

改了名，zsteg试到8.png的时候出了flag，flag{Plate_err_klaus_Mail_Life}

40、Get-the-key.txt

拖进kali里查看文件类型

 binwalk -e forensic100分离一下得到一大堆gzip文件和一个0.ext

在文件夹里查一下匹配到1，给1加后缀.zip，然后解压直接得到flag， SECCON{@]NL7n+-s75FrET]vU=7Z}

41、Reverse-it

拖进winhex里观察，开头是FFD9，结尾是FFD8，全部的十六进制反过来了

a='9DFF700DB6DAFC937263282222BDD218B425D47B8C00A1AB609EE707BB0431567B5AD684BBD4B97E00A0AB6D36CD31C9A4D1012D5872A9B53ACFC1041B514700DD700814E9659377B431377696F81049A511CD308FD81C89C8C46B449415F88BBC00A1AB26BC992614022D81E50B0EB453D69E930827B6E670A0915ED7898B502BC3DCAAD5850781047B5347C1AF5D51AEC2597A7739B22FEC2E21308E6B6293833E57C8C8D61CEF2BF7A96D52600DE6DC1813E146A2C1081B6544A37D495DD01049E9009CBCF851D9914D71286E4DE3FC8CD6C8C1AED2692B40AE26D6C00ACDA94D35F45CE04441B1A6D5ADD3D7961C16005B65AF3C047C8348E424EA866B7D4A5ED460051D55EFAF02F42352606B7CA1DC197F4AAF697B3700DA654E5FE6388C6C5AB7B053956D6EA230827BAD13070F389BB41B82512EAD64A62BCC16005D6DBE00FF8FEFF90FCFF07BDFB8104DA510F7ED6BBC033FB4426D96BBD7A39104BA5378E87DFADDE22A0BF96A1B248A7C3591041475AF84EC576878A4C8956F74DDCAF6DCFC1041B59E11B7259C3913931601ABD2D66579676F8104FA59E3D7C2FC033F9E6189C174CDED3969719104DA59E300FF19F338C675AD83CE52AABA4A52540058D13CEE641A8010988C96AAACF37A23D17831DD56A85E8500A911A3681AEAC04296CC5C65C99ED28C551E67ECAEE80BBAFB0DFFF00A7F87E0A267B3320CB15787BCDDAD9D9A2E068552FABAC3E866BB7B153DA43082DF37E04DEEF2B2BCC868AD7AB634ED0F951EF856C5DDF217278B3EDE85B3539F5005C9703D1F6B0CAD48B6D8CCBD44DABDB1AE5FF7CEF108926210E69BE410866C14D30660194AF85467DAC36C8A26B3689F8BCD99069886A588B0AF28D0041FCDDCD54752051D5A2B174BD2517238A09BDD9BF4CA3A503AEDD3104DE14CEB289D81909D4B1D89573D0D730EAB4700FFD47E351962D26D127104374099E9233884E868A30F4DAF2C01CCA8AF80E9DBF458FA07D0C3963AE01A104DAFF320B741B9C27B2779A6215F47451723AA09F999B9CAACCEDA4DBB6A308AD7EF39194EE74240CCDF10FA95FB674575EA9A300C90E4E42126C68DBDB2A3082AE3B51B7CC99001A577CDDD5EC5BE979F04EA4621DE384B22FAEE300DCDE3FC59C8B6C236FC483579A7F939FD66E1814025439256DE8353E2630866AFC14D38C3391A29818A67F869A6AF532985BE1703EA297D59B7C136BB7B153D2900A9A7BBBBB80909EAF701D2CA5E6F2553939183E86763FC884B26EAE253082CF590C25244B2340B67737E55DDCA5F81830E642DCB91B141F45E57D4D600DAF0E1A7D3F40736967295B025D5BCB046EA8D00A04D1E62096A1BDE61C0B6C3D4BAF8510054D4700DC1F0CECE2B0A2646C9701468E1E1857D00FF78E927B585244CD0FC09B00A778BFE5EB1AC01E59229228FB7229ECA938E1B0A090EE00A4F4FBD9AC89AB967CB8C54857153A0750D104BE7EE000FC3E8945AD94945B97B6AB9B7BF9B66308ED3EE140FC4783436262AF291DE94E4D6CAED00A7F9F74E9EEFBC7303F09E4B961E9D1D4A7D00FFBD7F025E8510CA6DBEA2600540328C03A4D55957518B3070791AE36D84A846EE9D6AC7B4A104BE9E8170E9DC270AB3B86B7B45FE259BB9CA0AF4291500E4E4E294C83B12FEEA8E00F30011301120001030C000ADFF91004000DDFF7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7B7BC766C77BC49292C4D292D2D1D1B1103400BDFFFAFAFAFAFAFAFAFAFAFAC9C9C9C9C9686868686868F6F6F6F6F6F6F6F6C5C5C5C5C5C5F6C59494949494C5946363636394636262626362616162616161616161003400BDFFAF9F8F7F6F5F4F3F2FAE9E8E7E6E5E4E3E2EAD9D8D7D6D5D4D3D2DAC9C8C7C6C5C4C3C2CAB9B8B7B6B5B4B3B2BAA9A8A7A6A5A4A3A2AA99989796959493929A89888786858483828A797877767574737A696867666564636A595857565554535A494847464544434A39383736353A292827262A19181711F521E434261A01D2726510F253332901C1B1A19244180182322311716701514216013125040113020100077201000404050704030404020102000115B004CFFB0A0908070605040302010000000000000101010101010101010300010F1004CFFAF9F8F7F6F5F4F3F2F1FAE9E8E7E6E5E4E3E2E1EAD9D8D7D6D5D4D3D2DAC9C8C7C6C5C4C3C2CAB9B8B7B6B5B4B3B2BAA9A8A7A6A5A4A3A2AA99989796959493929A898887868584838A797877767574737A696867666564636A595857565554535A494847464544434A3938373635343A29282726252A191817161A09028272633420F1D25511C1B2432801A19182341172270161531601413122150114000302010D7100000404050503040203030102000015B004CFFB0A0908070605040302010000000000000000010101010101050100000F1004CFF101130101120002110308C00A1008011000CFFFFFFD6FFCDEFB4EFABDF92DF89CF70CF77BF7EAF75AF7C9F839F8A8F918FA87FBF6FD66FED5F055F2C4F434F7A3F913FC82FFF1F271F5E0F850FCCFE04FE4BEE82EEC9DE11DE68CEBFBE07BE5EAEB5AE0D9E649ECB8E238E9A7EF17E696ED06E485ECF4E374EBE3E363EBD2E352ECC1E441EDB0E630EFAFD92FD2AEDC1ED69DD01DDA8CD50CD08BDBFAD67AD1F9DC69D8E8D468D0E7DC57D8D6D556D1D5DE45DBC4D944D6C3D443D1C2DF32DEB1DC31DAB0D930D8BFC73FC6BEC63EC5BDC53DC5BCC53CC6BBC63BC7BAC83AC9B9CA39CCB8CD38CFB7C147C3C6C646C8C5CB45CEC4C154C4D3C853CBD2CF52C3E1C761CCE0C070C5FFBA7FBFFEB48EBA0EBF8DB51DBB9CB12CB7ABBE2BB5BABB3AB2C9BA49B1D8B958B0E7B867B0F6B976B106BA85B315BC94B524BEA3B833B2C2BB42B6D1B061BAE0B570B000BB8FA61FA1AEAD2EA8BDA44DA0DCAC5CA9EBA57BA20BAF8AAC1AA9A9A739A4C8A258A0E7AE67ADF6AB86AA16A9A5A835A7C4A654A6E3A673A603A692A622A6B1A741A8D0A960AAFF9B8F9D1F9EAE904E92DD946D97FC998C9C1C9FAB924B95DA986A9CF99099942998B89C4890E795779A079F96943699C59F5594F49A84902496B39D4393E29A72911298A19F3196D09E6096009E9F863F8ECE866E8FFD889D813D8ACC836C8CFB869B803B8ACA846A8EF9899983398EC8896884088F978B3787D682768E068BA5874583E480848D148AB3875384F2829280328DC18B618A0188A0874085EF748F732F72CE726E710E71AD714D71EC718C712C72CB736B740B75AA764A77E979897A297CC87E68711873B7765778F67B967E3671E5758578257CC47074741478B37D53710376A27B4270F175917A3170E076807B2071DF687F6E1F64CE6B6E621E69BD606D680D6FAC675C6FFB67AB6F4B67FA6F9A684A61F96A9963496CE866986F3869E763976D3768E662966D3667E562956D3569E4649460446BE36793634360F26C92694265F162A16F416CF06AA06750650063BF516F5F0F5DBE5C6E5A1E59CD587D572D56DC568C553C55EB559B554B55FA56AA565A570A58B959695A195BC85D785F2850E75297544757F659A65C565F0652C5557558255BD45F84524456F35AA35F53531357C25C72513256E15B91505156015BB0517057205DDF439F494F400F47BE4E6E452E4CDD439D4A4D420D4ABC427C4A2C42EB4A9B435B4C0B44CA4D7A473A40F949A943694D1947D841984B48450840C74B77453740F64BA6476642264ED54A95455542154EC44A844744430440C34D734A3347F245B2427240324EE14CA14A61492147E046A04460432042EF32AF316F312F30EE30AE306E302E30ED31AD316D322D33EC34AC356C372C38EB3AAB3B6B3D2B3FEA32BA347A363A39F93CB93F793249350938C83C883058341837D73C973067342739E63EA6327637363DF532C537853D45331538D43E9435643B2431F338B33F7336433D0334D23B9233623A2232F13AB132813A4132113BD034A03C6035303EFF27CF219F2A5F242F2EEE27BE228E2C4E261E21ED2BAD267D214D2C0D27DC22AC2E6C293C250C21DB2D9B296B263B220B2FCA2B9A286A253A220A20D92D992B692839260924D822A821782F382D082CD72BA72A772947281728E627B627862756272627F527C527952865283529052AD42BA42C742D442F1420F322C32493266328332A032DD22FA22282255227222BF12EC121A1257128412C1120F024C028902C60214025102AEF1FBF149F196F1E3F131F19EE1EBE149E1A6E104E161E1CED13CD199D107D174D1E1D15FC1CCC13AC1B7C125C1A2C120C1ADB12BB1A8B136B1B3B141B1CEA15CA1E9A177A115A1A2A140A1DD917B911991B69154910291AF815D81FA81A88156810481B1817F712D71EA71987156711471D171AF616D612B61F861C6619461626130610E51DB51B95187516551435121510F41EC41DA41B841A6419441724160415E315C314A31383136313431323130313E213C213A21482146215421622170218E119C11AA11C811D611F411131131115F017D019B01B901E7011601340162019001CEF0FCF03BF069F0A7F0E5F014F052F090F0EEE02DE06BE0B9E0F7E046E094E0E2E031E08FD0EDD03CD09AD0E8D047D0A5D004D062D0D0D03FC09DC00CC07AC0E8C057C0C5C034C0A2C021C09FB01EB08CB00BB089B008B096B015B093B022B0B0B03FA0CDA05CA0EAA089A018A0A6A045A0D3A072A011A0BF905E90FC90AB904A90F89097904690F490A39052900190BF807E802D80EB80AA8069802880E680A58064802380F180B0808F705E702D70FB70CA709970687047701670F470D370B270917070705F603E601D600C60FA60D960C860B760A6609560846073607260616060606F505E505D505C505B506A50695068507750765085509450A350B250C150D050EF400F401E403D404C406B408A40A940C840E7401740364055408440B340D2400240314060409F30CE300E303D307C30AB30EA302A306930A830E73027306630A530F43034308330D23012306130B03000305F20BE200E205D20BC201C206B20CA202A208920E8204820A72017207620D5204520B42014208320F2206220D1204120C0203020AF102F109E101E109D101D109C101C109B101B109A101A10A9102910B8103810C7105710E6107610061095102510C4105410E31083102310B2105210F11091103110D01070101010BF006F000F00BE005E000E00BD005D000D00BC006C001C00CB007B002B00EA009A004A00F900A90059000900B80068001800C70077002700D60086003600E50095004500F400A40054000400B30073002300D20082003200E10091004100F000A0005000000000400000000000006727573602452534000000000276963720000000F8200000000000000000000000000000000000001000000000000000371656D67EF17500000005006590C4000000000002A5958510000000E9C53000B0314000CCDE300041FC0100E2F54100EF4A31000000000077569667000000000000000000000000000000000000000000000000000013E223D2636393136334549402E69602E6F696479646E6F6340276E69677569665025636E6562756665625C2000000000000000000000013E223D2636393136334549402E69602E6F696479646E6F6340276E69677569665025636E6562756665625C20000000000000036375646000000000000000000000000000000000000000000002474253702D2025636160737022757F6C6F636022474250247C657166656440213E223D2636393136302345494E200000000000000000000002474253702D2025636160737022757F6C6F636022474250247C657166656440213E223D2636393136302345494E20000000000000036375646000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008636E2365696E2777777F2F2A307474786023454946100000000000000000000008636E2365696E2777777F2F2A30747478602345494610000000000000036375646FC6B000048F000000A4200000000000002A59585AD810000587B0000992600000000000002A59585093000005F8300002AF600000000000002A595850000000000000000000000000000000002A59585CC61100000001000153F00000000000002A59585000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013E223D26363931363345494022474253721000000000000000000000013E223D263639313633454940224742537210000000000000036375646000097E61607D6F63402462716B6361605D2474756C67756840283939313029236820247867696279707F6340000000047875647C0800000C340000034254526C0800000C340000034254576C0800000C340000034254527C0000000034000008636564742000000C0400000371656D6410000008F30000096D657C6420000004D3000007756966768000000C430000046565767880000004C2000004646D646070000004520000046E6D6464100000004200000A595852641000000C2200000A59585764100000081200000A595852741000000402000004707B626410000000F10000047074777C6000000481000003637564633000000051000004727073611000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002020584D23D0000000010006D6F0000000000000000000000000000247425370234549400000000456435D40737361600001300600090002000EC7002A59585022474252747E6D600000120F6E696C484C0000010100054C49464F42505F534349485C02EFFE7248FCE8990089E402B00F89DC8D14D0100000000005240D49424830000000000004040D49424830003E2330207F68637F647F686058300DEFF00E3F3227722D346E656024756B636160787F3C3020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202E3164756D607D687A387F2C302E3644425A3664627F2C302E3F2229333A31313A38313452323D21313D24313032322D35647164497669646F6D4A307D687022233E2330227F64716D6C65687960522D3C6F6F64527F64716562734A307D6870222F203E213F2071687F2D6F636E25626F64616E237E6F2F2A30747478622D307D687A337E6C6D687022222D34757F62616A366462702E6F6964707962736375644A3664627C302E3223237E6D2871647E69737D2664627D22323F22303F293939313F27627F6E23377E2777777F2F2A30747478622D3664627A337E6C6D68702644425A3664627C302E32203E243E253025627F6340205D48522D3B64707D687A3870222F2164756D6A337E6A35626F6461622D387A337E6C6D68702164756D607D687A387C302E3F322469336B6A73645E4A7355627A7849686563407D403D4537522D346960222FBBBFE22D3E696765626024756B636160787F3C300F203E213F2071687F2D6F636E25626F64616E237E6F2F2A30747478609901EFF00000000A1000000100000004000300A8C000000100000004000200A00001000100000003000100A3000002303A31343A30313022323A30303A31303032364001446F62656020586F647F63786F6070254C656D656E6473710000000840000001000000084000000000000000A0000001000000040009678C80000004100000020002310270000009100000020001310000020001000000030008210A6000000100000005000B11026000000100000005000A110000010001000000030002110700080000000A200D4D40000669687542D001EFF00008400840010101000649464A401000EFF8DFF'

b=a[::-1]

print(b)

复制新得到的数据，winhex剪切板数据—粘贴至新文件—ASCII HEX，然后保存成图片格式就行了，SECCON{6in_tex7}

42、打野

binwalk，winhex都没有发现什么，zsteg隐写发现了，qwxf{you_say_chick_beautiful?}

43、3-11

binwalk发现有Zlib

zsteg隐写发现有压缩包

 zsteg -e b1,rgb,lsb,xy 2.png -> 1.zip ，提取出来，解压，得到一串base64码，转图片 ，FLAG{LSB_i5_SO_EASY}（一直以为那个是R来着）

44、我们的秘密是绿色的

要用到our secret这个软件，密码就是那张图上绿色的数字0405111218192526

得到try.zip，有提示，爆破选纯数字，年月日共8位

密码就是19950822，还需爆破， 这个应该就是明文攻击了

把readme.txt压缩了（不要用bandzip，否则会显示“在选定的档案中没有匹配的文件”，要用winrar） ，先选中那个文件，然后点添加，直接确定就行了

明文攻击，密码是Y29mZmVl

解压得到的zip居然还有密码，爆破不了，扔winhex里发现是伪加密， 01 改成00就行，不是把09改成08

得到qddpqwnpcplen%prqwn_{_zz*d@gq} ，这玩意是栅栏加密，6的时候最像flag

qwlr{ddneq_@dpnwzgpc%nzqqpp_*}，这玩意又是凯撒加密，偏移量是11，出flag{ssctf_@seclover%coffee_*}，这一题一套接一套的，真真麻烦

45、小小的PDF

pdf打开是一张图，拖进kali里binwalk一下，发现有东西，binwalk -e提取不出来，foremost提取出来有图片， flag直接出SYC{so_so_so_easy}

46、倒立屋

把图拖进kali里binwalk一下，zsteg隐写 

发现标红IsCc_2019

直接提交不对，根据题目反转一下，flag{9102_cCsI}（最后那个是大写的i，不是小写的L）

47、Become_a_Rockstar

拖进kali里查询文件类型，是文本，把rock改成txt ，得到一大堆

rockstar是一种语言，找到的脚本，flag就是NCTF{youarnicerockstar} WriteUp-攻防世界-MISC Become_a_Rockstar_一块萌肝的博客-CSDN博客

Leonard_Adleman = "star"
Problem_Makers = 76
Problem_Makers = "NCTF{"
def God(World):
    a_boy = "flag"
    the_boy = 3
def Evil(your_mind):
    a_girl = "no flag"
    the_girl = 5
Truths = 3694
Bob = "ar"
Adi_Shamir = "rock"
def Love(Alice, Bob):
    Mallory = 13
    Mallory = 24
Everything = 114514
Alice = "you"
def Reality(God, Evil):
    God = 26
    Evil = 235
Ron_Rivest = "nice"
def You_Want_To(Alice, Love, Anything):
    You = 5.75428
your_heart = input()
You = 5
your_mind = input()
Nothing = 31
if Truths * Nothing == Everything:
    Rsa = Ron_Rivest + Adi_Shamir + Leonard_Adleman
if Everything / Nothing == Truths:
    Problem_Makers = Problem_Makers + Alice + Bob
print(Problem_Makers)
the_flag = 245
the_confusion = 244
print(Rsa)
Mysterious_One = "}"
print(Mysterious_One)
This = 4
This = 35
This = 7
This = 3
This = 3
This = 37

48、intoU

用Audacity打开，没有发现什么

binwalk发现有东西但提取不出来 

CTF 隐藏的信息 intoU base64÷4 ..._艺博东的博客-CSDN博客

改成频谱图，并把采样率改成900，拉到最右面，出RCTF{bmp_file_in_wav}

49、Cephalopod

把流量包扔进wireshark，搜flag能出来，应该是里面有图片

拖进kali里binwalk一下，果然，binwalk -e、foremost提取不出来，用tcpxtract -f +文件名出来两张图，图片上直接就是flag，HITB{95700d8aefdc1648b90a92f3a8460a2c}

50、Excaliflag

stegslove在蓝色通道里找到了，3DS{Gr4b_Only_th1s_B1ts}