NSSCTF之Misc篇刷题记录⑩
[CISCN 2022 初赛]ez_usb[SWPUCTF 2021 新生赛]你喜欢osu吗?[SWPUCTF 2021 新生赛]Bill[SWPUCTF 2021 新生赛]二维码不止有二维码[HGAME 2022 week1]好康的流量[红明谷CTF 2022]MissingFile[广东省大学生攻防大赛 2021]这是道签到题[羊城杯 2022]签个到
NSSCTF之Misc篇刷题记录⑩
NSSCTF平台:https://www.nssctf.cn/
PS:记得所有的flag都改为NSSCTF
[CISCN 2022 初赛]ez_usb
考点:USB协议隐写
USB协议数据部分在Leftover Capture Data域中数据长度为8个字节 为键盘流量,4个为鼠标流量
这里在第3个字节是键盘流量usb.data_len == 8 过滤一下 发现有两种流量 这里分别导出。
tshark -r ez_usb.pcapng -T fields -e usbhid.data -Y "usb.device_address == 8" | sed '/^\s*$/d'> 281.txt
tshark -r ez_usb.pcapng -T fields -e usbhid.data -Y "usb.device_address == 10" | sed '/^\s*$/d' > 2101.txt
import os
# os.system("tshark -r test.pcapng -T fields -e usb.capdata > usbdata.txt")
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
nums = []
keys = open('281.txt')
for line in keys:
if len(line)!=17: #首先过滤掉鼠标等其他设备的USB流量
continue
nums.append(line[0:2]+line[4:6]) #取一、三字节
keys.close()
output = ""
for n in nums:
if n[2:4] == "00" :
continue
if n[2:4] in normalKeys:
if n[0:2]=="02": #表示按下了shift
output += shiftKeys [n[2:4]]
else :
output += normalKeys [n[2:4]]
else:
output += '[unknown]'
print('output :n' + output)
这里解密出来发现526172这个是RAR的文件头复制另存为 可想而知那个就是密码了。
NSSCTF{20de17cc-d2c1-4b61-bebd-41159ed7172d}
[SWPUCTF 2021 新生赛]你喜欢osu吗?
使用套神脚本:
f = open('Richard Schrieber - Miracle of Life (WDLJT) [Easy].osu','r').readlines()
flag = ''
for i in f:
tmp = i.split(',')
if(tmp[4] == '0'):
flag += '0'
else:
flag += '1'
print(flag)
s = ''
rflag = ''
for i in flag:
s+=i
if len(s)==8:
rflag += chr(int(s,2))
s=''
print(rflag)
print(rflag[::-1])
NSSCTF{i_know_you_like_osu!}
[SWPUCTF 2021 新生赛]Bill
看提示应该是个excel表格
后缀改为.xlsx 但是有密码
说不要被表象迷惑 猜测可能是有隐写或者伪加密
foremost分离得到压缩包
后缀名再改xlsx打开文件
然后修改一下excel表格 把所有的都换成中文大写数字之后 把脚本拿出来
import openpyxl
import re
def trad_to_int(money):
# 转换字典
trad_dict = {
'零':0,
'壹':1,
'贰':2,
'叁':3,
'肆':4,
'伍':5,
'陆':6,
'柒':7,
'捌':8,
'玖':9,
'拾':10,
'佰':100,
'仟':1000,
'万':10000,
'亿':100000000,
'角':0.1,
'分':0.01
}
trad = re.search(r"[零壹贰叁肆伍陆柒捌玖拾佰仟亿角分]+", money)
if trad is not None:
num = 0
add = 0
sum = 0
for i in money:
if i in ['零','壹','贰','叁','肆','伍','陆','柒','捌','玖']:
add = trad_dict[i]
sum = sum + add
elif i in ['拾','佰','仟','亿','角','分']:
num = add * trad_dict[i]
sum = sum - add
sum = sum + num
add = num
elif i == '万' or i == '亿':
sum = sum * trad_dict[i]
return float(sum)
else:
return money
def main():
submoneyCN = ["", "拾", "佰", "仟"]
numsCN = {"零": 0, "壹": 1, "贰": 2, "叁": 3, "肆": 4, "伍": 5, "陆": 6, "柒": 7, "捌": 8, "玖": 9}
w = openpyxl.open("00000025.xlsx")
ws = w.active
# 获取第一列 即单件商品金额
t = ws['A']
t1=[]
for x in range(1,len(t)):
t1.append(trad_to_int(t[x].value))
print(t1)
# 获取第二列并处理
t = ws['B']
t2=[]
for x in range(1,len(t)):
t2.append(trad_to_int(t[x].value))
print(t2)
r=0
for index in range(0,len(t2)):
r+=float(t1[index])*float(t2[index])
print(r)
if __name__ == '__main__':
main()
NSSCTF{5030782.26}
[SWPUCTF 2021 新生赛]二维码不止有二维码
套神博客参考链接:https://blog.csdn.net/qq_42880719/article/details/120582014
这个题,,,就是很多二维码套起来的。目的是为了拓展眼见,具体哪些扫了哪些码我也忘了,还有印象的应该是code128、QR code、Maxicode、Aztec code、PDF417、汉信码等。总之,用中国编码和https://demo.dynamsoft.com/barcode-reader/轮着试就行。
然后code128部分,扫出来是https://wdljt-img.oss-cn-shanghai.aliyuncs.com/NSSCTF/Barcode/dcbeba58-b686-4878-87b8-f4fa46640a34.png
NSSCTF{87b87009-8f12-415b-95ee-375b28c522b7}
[HGAME 2022 week1]好康的流量
[红明谷CTF 2022]MissingFile
直接使用strings 过滤 flag即可。
NSSCTF{Hide_Behind_Windows}
[广东省大学生攻防大赛 2021]这是道签到题
gif格式后缀文件加载不出来 放入010Editor 发现PK头修改一下解压得到一张图
查看图片在尾部看到一个密码:iamakeys 查看图片属性得到Base64编码 哇擦,,,解不出来 后来才知道是DES编码(真的像)
TxnaVrv9nTiXlFaED3K34oYrCryk4sGK9/3oqaDZ/CRnzKxnA5JdgQ==
**
DES在线解密:https://www.mklab.cn/utils/des
flag{ab096922210dfd2ca59025513f0eef1c}
[羊城杯 2022]签个到
先使用ROT13解码 然后在使用Base32解码可以得到flag。
Base32解码:http://www.hiencode.com/base64.html
ROT13解密:https://www.jisuan.mobi/WKE.html
flag{68bedd7e6ab3ba1fe965b54d9c7c3d94}
[闽盾杯 2021]日志分析
是一个日志文件access.log 是sqlmap得流量,先放入Notepad++中使用插件进行url解码password每一位,判断其ascii码值的大小关系,判断正确返回的长度为675错误返回长度678这样我们就可以根据每一位的返回结果判断具体的ascii值通过搜索password分析
第一位:110 第二位:103 第三位:106 以此类推得到:110,103,106,102,100,115,85,98,100,75 将ascii转换为字符即可。
NSSCTF{ngjfdsUbdK}
[安洵杯 2019]Attack
考点:提取dmp文件 mimikatz工具使用
下载是个数据包 先使用foremost 进行分离得到压缩包 进行解压发现有加密得flag.txt文件 尝试爆破了发现不行 先放着!
然后接着分析数据包导出HTTP数据流 发现了lsass.dmp 文件进行导出。
dmp文件是windows系统中的错误转储文件,当Windows发生错误蓝屏的时候,系统将当前内存【含虚拟内存】中的数据直接写到文件中去,方便定位故障原因(里面存放着密码信息)
使用工具:mimikatz (64位管理员cmd运行) 得到密码:W3lc0meToD0g3解压flag.txt得到flag。
privilege::debug #提升权限
sekurlsa::minidump lsass.dmp #载入dmp文件
sekurlsa::logonpasswords full #读取登陆密码
NSSCTF{3466b11de8894198af3636c5bd1efce2}
🆗至此又是美好的一天结束,我们下一篇再见感谢大家支持,希望对学MISC方向的小伙伴有所帮助!!
欢迎加入我们的广州开发者社区,与优秀的开发者共同成长!
更多推荐
2
0- 0
已为社区贡献1条内容
所有评论(0)