MISC

You this flag Is it cooked ？

Open and find two pictures. One is a compressed package , After looking at the two pictures, I found that there is additional compressed packet data , extracted .

And unpack it , You'll get one xls Documents and a txt file , according to txt File to draw this curve and find it a bit like Hilbert curve , So the relevant characters are extracted according to the meaning of the curve .

import numpy as np
from PIL import Image
from hilbertcurve.hilbertcurve import HilbertCurve
import pandas as pd
arr = pd.read_excel('./password.xls',header=None)
hilbert_curve = HilbertCurve(17, 2)
s = ''
for i in range(np.size(arr)):
 [x,y] = hilbert_curve.point_from_distance(i)
 s += str(arr[y][x])
#print(s) # written words 

with open('flag.txt','w') as f:
    f.write(s)
with open("flag.txt",'r') as f:
 a = f.read()
import base64
while True:
 a = base64.b64decode(a)
 print(a)

Write the document and continue to base64 decode .
Finally get ：

And then to flag.rar Enter our password and unzip successfully , Find out flag.php It's in the file brainfuck character , After input, it is found that it can't run , It's embarrassing . After debugging under the guidance of the eight gods, I saw a wave of files that were really output errpr, But here we need to look at the variables in the middle .

8 god ： If it counts for half a day but doesn't . Then the result will stay in cell in , You can't see it.
Just look for a decent interpreter bf The real-time memory in the code running is OK
Is equivalent to print Delete everything , The contents of the operation are kept in temporary variables

---

Decrypt online .

Xiao Ming's computer

A memory forensics problem , The first is given fl4g The file is not only in reverse order, but also two bytes are in reverse order with each other , Then you need to use script to restore .

import binascii
from heapq import _heapify_max
hexdata_all=''

with open('fl4g','rb') as f:	# The file directory can be changed 
        hexdata_all=f.read().hex()

hexdata_all = hexdata_all[::-1]
hexdata_all = list(hexdata_all)
print(type(hexdata_all))
for num in range(0,len(hexdata_all),2):
        hexdata_all[num],hexdata_all[num+1] = hexdata_all[num+1],hexdata_all[num]
        
hexdata_all = ''.join(hexdata_all)
with open('fl4ggg.zip','wb') as f:	# The file directory can be changed 
        f.write(binascii.unhexlify(hexdata_all))

Then there are all kinds of decoding , To get to the last level, you need a password , At this time, let's see what's on the mirror .

View basic information ：

Check some information ：

Just put this png To take out ： （ After you take it out, you need to .dat Change the document to png file ）

Put it in Zsteg Direct violence in search of , Find the account password .

---

WEB