建设网站的公司济南兴田德润o简介图片,网站快速备案,网站开发路线,网站建设需要云主机吗高手进阶区#xff08;1#xff09;
接下来就是攻防世界的高手进阶区了#xff0c;这里的题目讲道理对于我这样的新手还是挺难的#xff0c;尽力而为吧~#xff08;tcl#xff09;
题目1#xff1a;你猜猜 题目来源#xff1a; ISCC-2017 题目描述#xff1a;我们刚…高手进阶区1
接下来就是攻防世界的高手进阶区了这里的题目讲道理对于我这样的新手还是挺难的尽力而为吧~tcl
题目1你猜猜 题目来源 ISCC-2017 题目描述我们刚刚拦截了敌军的文件传输获取一份机密文件请君速速破解。 题目附件 504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000
解题 题目中的提示性语句就是“一份机密文件”可以想到也许可以从文件的格式入手。504B0304是zip文件的文件头因此我们可以使用winhex将其以zip文件的格式保存。 保存后解压时会有一个密码试一下123456成功了得到结果daczcasdqwdcsdzasd ———————————————————————————————————— 题目2enc 题目来源 暂无 题目描述Fady不是很理解加密与编码的区别 所以他使用编码而不是加密给他的朋友传了一些秘密的消息。 题目附件 ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ZERO ZERO ZERO ONE ZERO ONE ONE ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ONE ZERO ONE ZERO ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ONE ZERO ONE ZERO ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ZERO ZERO ONE ONE ZERO ZERO ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ZERO ZERO ZERO ONE ZERO ONE ZERO ZERO ZERO ONE ZERO ZERO ONE ONE ONE ONE ZERO ONE ZERO ZERO ONE ONE ONE ONE ZERO ONE 解题 整个文件里只有zero和one显然是01编码不禁感叹他的这位盆友为什么要用这么**的方法将他们替换成英文。将其替换成01编码后我们可以想到常用的编码方法就是8位二进制编码可以共同编码一个字符因此我们将它们8位分为一组找到对应的字符结果如下 Li0gLi0uLiAuIC0uLi0gLS4tLiAtIC4uLS4gLSAuLi4uIC4tLS0tIC4uLi4uIC0tLSAuLS0tLSAuLi4gLS0tIC4uLi4uIC4uLSAuLS0uIC4uLi0tIC4tLiAtLS0gLi4uLi4gLiAtLi0uIC4tLiAuLi4tLSAtIC0tLSAtIC0uLi0gLQ 好明显的base64编码~结果为 .- .-… . -…- -.-. - …-. - … .---- … — .---- … — … …- .–. …-- .-. — … . -.-. .-. …-- - — - -…- - 又又又是莫斯密码解码后就可以得到结果了ALEXCTFTH15O1SO5UP3RO5ECR3TOTXT
import base64
#import morse_talk as mtalk
with open(zero_one, r) as f:data f.read()
data data.replace(ZERO,0).replace(ONE,1).replace( ,).replace(\n,)
word
for i in range(0, len(data), 8):word(chr(int(data[i:i8], 2)))
wordbase64.b64decode(word).decode(encodingUTF-8)
s word.split( )
print(s)
dict {.-: A,-...: B,-.-.: C,-..:D,.:E,..-.:F,--.: G,....: H,..: I,.---:J,-.-: K,.-..: L,--: M,-.: N,---: O,.--.: P,--.-: Q,.-.: R,...: S,-: T,..-: U,...-: V,.--: W,-..-: X,-.--: Y,--..: Z,.----: 1,..---: 2,...--: 3,....-: 4,.....: 5,-....: 6,--...: 7,---..: 8,----.: 9,-----: 0,..--..: ?,-..-.: /,-.--.-: (),-....-: -,.-.-.-: .}
for item in s:print (dict[item],end)————————————————————————————————————
题目3告诉你个秘密 题目来源 ISCC-2017 题目描述暂无 题目附件 636A56355279427363446C4A49454A7154534230526D6843 56445A31614342354E326C4B4946467A5769426961453067
解题 给出的题目是两行16位数所以就试着用ASCII码转换了一下得到了cjV5RyBscDlJIEJqTSB0RmhCVDZ1aCB5N2lKIFFzWiBiaE0g 然后用base64解码得到了r5yG lp9I BjM tFhB T6uh y7iJ QsZ bhM 这神奇的密码想了我好久最后竟然是键盘 每4个键包围了一个字符最终结果是TONGYUAN ———————————————————————————————————— 题目4Easy-one 题目来源 Hack-you-2014 题目描述破解密文解密msg002.enc文件 题目附件 encryptor.c
#include stdlib.h
#include stdio.h
#include string.hint main(int argc, char **argv) {if (argc ! 3) {printf(USAGE: %s INPUT OUTPUT\n, argv[0]);return 0;}FILE* input fopen(argv[1], rb);FILE* output fopen(argv[2], wb);if (!input || !output) {printf(Error\n);return 0;}char k[] CENSORED;char c, p, t 0;int i 0;while ((p fgetc(input)) ! EOF) {c (p (k[i % strlen(k)] ^ t) i*i) 0xff;t p;i;fputc(c, output);}return 0;
}msg001 Hi! This is only test messagemsg001.enc
灄佇紦矘缑N1i_5徙?辏犆?Rmsg002.enc
獨僂鐙摪陦(?p\}㈩欸1^シ廛T偾?咘芩鬯?h?}荊tKk蝌)??侂?w壙7㎜Z縌*猙灗襤侊鎟2$萇?旞噓T?场S?碡涉翾汉€enN疓璃暇侁鴊D諞褲^街?[}qh9吽頵槃
N?z?B??P内?暣?0;}瞌宏-儝錻2奌兜)豿?l飢?鸦硌??锑B璦!a珉腷鈻紭%粵f.厂嚘嶑??鯠z姄{D?RO?M梮饂柫鹥務Ns潮瞤?務?r弞?桞y*???~m鴵桘bd嬣桖裪(椋31?|脮Q
藟/6,覘I?!?魘蓪湹V?╟uc壂毈汾臔i1?}斚R]??解题 显然encryptor.c中是一段加密的密码而msg001中是一段明文文字 msg001.enc中是其加密后的文字我们要找的flag应该是msg002.enc对应的解密后的明文。 这道题看上去就是一道写逆代码的题目但是里面有一个坑我们尝试后发现msg001加密后并非是msg001.enc中的内容这是因为它的加密代码中key是错误的所以我们需要找出正确的key。 找出key的代码如下
#include stdlib.h
#include stdio.h
#include string.hint main(int argc, char **argv) {FILE* input fopen(msg001.enc, rb);if (!input ) {//如果有一个文件无法打开 printf(Error\n);return 0;}char c, p, t 0;int i0;char w[] Hi! This is only test message\n; //原来input中的值unsigned int j 0;while ((p fgetc(input)) ! EOF) {for (j31;j125;j) {//在找k的真正值只有当能够逆向回w时真正找到k c (p - (j ^ t) - i*i) 0xff;if (c w[i]) {printf(%c,j);t c;i;break;}}}return 0;
}得到密钥为VeryLongKeyYouWillNeverGuess 然后使用密钥去得到解密代码如下
#include stdlib.h#include stdio.h#include string.hint main(int argc, char **argv) {FILE* input fopen(msg002.enc, rb);FILE* output fopen(msg002.txt, wb);if (!input || !output) {printf(Error\n);return 0;}char c, p, t 0;int i 0;char k[] VeryLongKeyYouWillNeverGuess;i 0;c, p, t 0;int g 0;while ((p fgetc(input)) ! EOF) {//printf(%c,p);c (p - (k[i % strlen(k)] ^ t) - i*i) 0xff;printf(Decrypting %x i%d t%d k%d - %d\n,p,i,t,(k[i % strlen(k)] ^ t),c);t c;//c是改变之前的c i;printf(%c,c);fputc(c, output);g;if (g450) {break;}}return 0;}得到的结果为 The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has samples of both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books. The term “crib” originated at Bletchley Park, the British World War II decryption operation. The flag is CTF{6d5eba48508efb13dc87220879306619}
