在线网站编辑,网站快照,wordpress 百度云网盘,wordpress中文前端转载或摘抄时请标明出处 MISC01 wdbflag{22226aba1d98c4302a6f508cad7da5d8}
MISC02 一把梭工具没有任何结果#xff0c;估计缺少符号表#xff0c;直接strings flag out.txt导出后慢慢找线索 在桌面上发现了png和txt文件#xff0c;用文件名做一次筛选 第一行发现bas…转载或摘抄时请标明出处 MISC01 wdbflag{22226aba1d98c4302a6f508cad7da5d8}
MISC02 一把梭工具没有任何结果估计缺少符号表直接strings flag out.txt导出后慢慢找线索 在桌面上发现了png和txt文件用文件名做一次筛选 第一行发现base64 GI5FWb.png GI5FWb.txt大致猜测png图片转Base64输出到txt文件修改关键词重新筛选 筛选结果验证了猜想png图片头部Base64是iVBORw继续筛选 排序去重发现共有6行不同的字符串其中第5行完全包含第1-4行再去除前4行仅有2组数据 第一组数据是完整的Base64编码转png没发现任何线索第二组数据不完整提取出尾部OMEs9efbg放进010查找其余部分找到的数据块尾部为CPzV/3a3mE 同理继续用 CPzV/3a3mE 找下一段即以每一块的尾部数据为线索一块一块找出来一直到Base64编码特征字符出现。 iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAABG2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIi8CiA8L3JkZjpSREYCjwveDp4bXBtZXRhPgo8P3hwYWNrZXQgZW5kPSJyIj8l1vpCgAAI7JJREFUeJztXU2SVTey1rVfmHgRJp6fCc88Kg/eFuwleA1sjolwBJgE1U9gBFQQLgYAB30eQOjal2VfvI/UfeL6Kj8a1zpFRKypPKPx3vf17O2wpbemQUkopHVJK27alQzoc0iFtadsO2GwHdKW0nZI27dfDykd0iFtW0opbSkdDiltKaXDdvf74ZCm/3/GGWf44btDOqR0OKTD3/XDimlf/zz3eHwTSB8kwP5qb837d//vvvh5QO354fBMKfeUUvrHP2O/rv/1PE5fWNNwlocGj2GuzVx9cuXgxZuPd/24Nt3rR8fXzwiNXZ95ndluSgS2ZStRaQFzemyoGc0jmh5fPALPhST/PUn8z4hyLxq8ez3X35MKcHWXuuZGZ/v9blN8Pz17ewRMJ5cvRVra2UaKKDQvcpYZ3SWf8eOKT/Ci84oPBmKgAwePryvWRzZhgxTlIAroIeP55cvTXdSCM6Rr/Vf8JgWhzW9JH2UuUuSELAMnNPpvQ1XD11yfU89gF3fuN058nPOmJzguMdkTBYdvtuN74fL6hnwmPuOMEs9efbg799hXVmMoWkErInwBMQYgqWROibMeWzmPeghkfJefGe4xIcWkqjn8bGkeITtB3KGNA0zlQEKRUpSjuj97F/k1YfsQYr7DHMQt3VsgN5ndejHRGkkMelfgSQUmNm7ZTqX8b17ed08fABu28uWrSdccYIFur/5fXN/Agwehnyez0Iqho1Y0a5wXIf9eav7YKbvnz15G/tlIKrgWqGPkxj54xB/MADkeztY7JQag2cdIPdgTuGPKqi21nVo11jjKRJi3rKpTjwLWrmQJnpU0Y9vDeIw05neZI0CNF283kVNrYRo1mnK8STK0QoCLL9n/Njbce7uCNAK4y2hpbpTIb35ZOXQskPKE8ljy4pHavVraPTDHnzWx1dOP1g199sc2M3P5dH2jx2jwM4Aw5J7UFaE4G2Vz5nqcVF07w80OIB2Qg4g1QijdWXeQVILmCPzV/3a3mE03wyDL7KlNjQLTRmiOUAMAcEzjnpLKd8qxJDcTRRqRJloRmwIo0ZrRKCpvZeMu/e/EGvCap1sOZtRYbDyBURx1BAu5FCBj0RrvnviYYTUmTj9cL1QPotmAK2CPCxgCTHQh9FlqVGXuB/IbtX0suJGGHh8bevzAcpLMwEASe30YiIU3Jx87cwuKVA2g6Q/WzrsNwpfpZE3OWffuGkA1rnlZb9UaAWpRBd8PWjmZcyet1w7WvNjMYZZenEq/7DqQtSE5iRpJUjt9YtXY6VxetI6nClbetLOI1wU8qLJywzdUwEwxW4/eecwnsQePYtoEG4AVIKScoWoxbqUzZ3gWSFPbOJ0kBMOMVKg5Aw9898plifaitPT/5//phHWgUZgUuZrBH/6DBFiMUZ8sioOw8WoX608i2a2oKSEiSKZpTO8IH09f33rZtiswXHP9d7RHhf0mBBxvWmDOk7IeyAB0GO6hL/YEr1FdupBM5ob/OnL90sdwyRA5WW5Pq3WjrgNIPKirwWApnFKqm6ABiQ0hFUMe5Dx9HgeRXBp7inxgiCYhbFaHIBkG9wW/UDOXRZWp613lkZWuOdzetRHAAFUpV2sNDAklL/yhFUTXatY6lj2JrmWEFGsXqAXDzrVfM17aqjLMib1ZCaZFfhc9ia8JS2uSvNtff33u1b7WFUsa0n2FL4YXPHmzZ8DqQCIwrwodOwJq/IUYxCdfUywPIhgZFSrCNRCFPXq5xN/z8vrGJejEqix2a26tg3Io75d010Fe9ZjqIjezEvgzkIUF21JhegGq21bxw3VgnUWHeS96Jb6VTWM6EgUNcQya1DKPiCFVXL6zzij5SquEaoqsGW9eet7BWb9rZQPMALUOm19t8De6vljMFp7oQTA6ji769bCakKBur567z179QFeFbhnTOoZt6zu3YsCThl07dLnmZ9SpdopfVPeub79rFpiu978nvcItsZW01NvYui66QmNd12t4NaOX2mMUBUOIQIrhsIsPa9nG2tcAxSoK7pwE8e/UBdaMv5utSStxaemGk0zylfRDVDyIWrWSqugB66MPpT8PDQiLch9Ab5SejWtke7onAP789SeUfzP/7d2Xr0MiUjoeUH2/HGZCMcYjjGCxXiCjK9Yp6ihH3dbso4UerzWPf6sJ8dHGfXzx6I5X1HEdXQ/Oye3Pv2mF3a4KyPEjOjwq10YFJvZklTgV17Lg1sDGL3BzAmbvjwSmBH96i3CVxZmBDcldBVLxNJC10uvLzA2o7SJbzY9O4Yem24rql/dwfa7mbo1Ebz3PZrkA2gx4fPFI9OrsESTcdhRaR5t/RvPMvtHb/LN28zigZ/ce7zA8lcrlkLY3jHgsYZRoPfePIvoIMaYqTwzFVf6GFdqEKrtiHmfUiYaWREDme3pIF9BKCE1FqH4VJQ0ghR4SJEldV0RlI9oYh2lFuRhxiw7wWgbOTff/lRRJ3RjKArx7VKnAD3XgUJYFyprShSaZq560yCnpEqn//di3iE0k8ep6kewkRkVUoDFGu9FX3at9d41ai0hvdVdV0BoFUGabUJGiHiZarRXGRWxUZ7zz59R5km8nPtOa03gtRypNJPDvNBYiYaPTtwpafKw1EO3aDKPnRxtzpTwErRgMakGXIwEwIi5/WfZ2ccQI5aLzvkg95KwroHywKrEK1N8kgSHUMbQGvQEdVeDVgIsFKdpKjuPRo9L/mw/sLNfr/66xN680b/eEnS524EXFGyYtKJz/5yXjuaNg3vS1YyT6Q1TQzuCQBI/DqHSGsjlefGw4zV23iHPeJZoXeXRO9ZCv3evPcEgiQ0VJDvBYPVj1cBV4XlJzhB45Nh6JlkaoCS1h3r/76ZH7Win62k8CpM81YHkkoFSl0kBazag3o9fSogx5LtrGmvm5IaCOUysHA/oMVdWHfpVX20v33IAcRDHWRNtwq8B68UoaR63nXPqKMCwk208eGZUNmm0M7xldRNvsqN19qEVkKs7nuV9dw6Aru7AUeoGQuJTHty9dZFG9nT2Zvi5oQ8qwlJOrDGby1Y8DK0AJhhNhlSkxVlkdfQDs3dA3oaCUaoUfrjQEKLgr7rKgCspHbGSDOAqo8SCydS8VRqNhrlWY6RNKoHR6Kuo6fA6QoAaYZz1XKM4QXalxTjZ2c4pc3IjSFiGUw0ZOrt92xQOgo1PSRwANeBpFIX1nTUVK1ZQUXmdBpw/O/JOMgKccJikF75hzC1UU0kZ0ARHNazPqX8rI6IBWC6wSNAM/LEImjmFciIakPAQnrOSAIAmpiBxWqRVCNgJPVIy7JKS7YG5Pgh0QflbxLPl/MmWcV59g5WYx8KAC/13yNkdK/QDMzRhDa9VMEagY9Y2kfxNORswBm0hUc0bWF1FdOD/qj2Je4G0wLWwg/5OtmoFEpYqky2b0oNdYad42WKqUaLcqm8IZrR43NOAvekIck39bJyQOSl5MStz/uzVB5Py6y/efDziV28cNS2z8aIuBpG4JKFsI8KlC7078TRpizDuM9aG1BrqagAtyYGVLi2UbTyeJRevPlIbmsGyBfj4uGDOxpKYJh7eX3TbKNHC/YPQ4wfWhetLIq6nnFrFdNfop9QKBnByqevnzPOq9HSS6hPLO6XSCDOgfR7DQ9UPIFeufxCEZCDEhGQO1BRjUOURCpDrxkf9qbO7fPvZvgjDGmRkDIUUAaLeMQ5H41KUi2RzWutWgo1VHIHJQGLIxRDTLnUCPsCCM5/Zr/p1tJ8IopUEk6Qr5ckZUsaOFk3rM6Sqq/wjWV8zPoNXfORkICK0wU26k4J6gVb9BGpElBlYm0TmNSoO4Pr2853ahrkGGtNjZZ1XdNjgPU/pzRX80fWYIhnxfvqcUlj9rKsRQaV3pLjiHCMaTeF3/hPquH63ZiWkTyR1iFtsI0tGaPkxTr8a0IgvPyMepOYZHQlIMQpKf7FH/f3vg/9C95nbu779fCcZIcan8rd3X76C9P0/1OTr13IkUy9rACjRRojKs5z1RpApUwlGe4kDQOrvJ19C5VbQVKht9exq6B3RoBPW7O3ba1FlvEDRONf9HoqYG5KKc1lqYAoA4aEkkV0XVnjagpuhw7xp4CdiBrVMrmg6ktiX2uRG9MagVBLBDR3xzFGAgB9pow7SIaVm3tCZQ9QC4KGlFlnAET332GHTjzoiH4uYJ71XU19QLU/v6WTzuCX7QHCG3cMONRTISnlRqSjVbSjs1e4Te1/OCmadRGPIsK7OHP3/96Y4Xl9c3qDDplOz3AGRdlc90bJtupVcV64SywE3eUayXHcEQC4gaZ1TqefiFcOtqSXYoXY1sBGQShSlrZbqRWVE1DpyGVD6oKWfKEeySIJDkxaJtq145Rm8FepqsNWAZJJts9539JIfTl/DxCRbViXv9er6fYaoBQEEJKPJeSJkGqIZkpqP5Cbw9BS0YOUpKnmo6c7LkPrIuGkAUlGDezsrrwTs/Kw8F1brzEJDK/tQEQArT/QIXsLGi5/Qfq2qA5Xw0lik2/BshYBqyBIrTpG3fhUK2n0uAdJqzkF0nyQOop4netXhEggEBcWk0VRraQviKCM8nL99336r9pFV/dy2aCrAGJYp8RhWsPotmAUHhYya1zEHJ/FK2KupFXrL7cAcs7D0W7/4xGGoAKyXulIsfowJ6nOtHbUbMb6BAahwtXmlvMI8vaB2N6AkNM6a0YERviuMRwtS3qQaz1/fhuKr1sf4KBcAGrdufYOMdJy1xA1HKenyAVNOfMQf6tg0aj5KoXXLUol6Xijrh1rOncI3yDr6/ZcfddablCTxTIPVMrpc/fUp1FfAEhKBVqfKOwtI7TdwTcCZ9LGsXFtX8J190alfwYuHD9SzvKjZa1zMst3yuPMXjcKHPwBfUelsyRk/vfgdFUe3A1vdWruX23H3Mo4zThdHGoDVYpY6g1vC44o0LkZ3HZyBQ3knxgyjegI13DWS8kyxJ8tzdPpK9JJIJDLpIrsVvcunSfAmekrzDPeMgBaGr2gGJWwWF7Q9LURJN9Zsd9SGhOCQzFqM8rGhjKnrBZg1FvnLEgmW6aicv3Ph/TVfAdA5kAhHhuK72rrfs6zXkLgeuodsedbwe3LOZpSz9OtP/yK9h31nNl8YewWm7/wsxgukEWOgYeeAnM8xdhZIzEJKfV5i5hDM41Ia5K/VSNL01E9ttZ6i9kbP5jsDB4l589ZUJDVCCX6oFwThqDMr5SJsm//i4oJyzqXMUbR5hWxKTuFNyN8ofW0bbs2V7WZawPUA9vDVtBjDaDFFW/hcRF0TEutYwwbmza9W/7u9GzACIBPOdfX1CrJoZzF6eTpmmXoeng2q5mftQmz9dhQJCIVFBNz17WcxQ6MWvdh26ehBtcVIM3j3vyfoy9lMcwF6FnhLSYAu/lHFtvHF4/QN71A0OID5DaccuP//MP33echNxSNrOMAJytCSwtzzvzGSWK9MWbjJ9u2RgqukgRtA6V2sY9LzPgGfQYKmqSxhbIfaJphFQAxrXKO8dpxxkBXFFawLb72iuZm2N9oZpTUAtaHgVVvPta4cX782zYI1I64YiTKAf2N779wTA3jemJD2Wfn8JjwL3PYty2ytV1KVApJYar9iRwBvVY0reLQCkjB8keSh9iaNvLn2DI0gom0DagCnfCbVRiRjI/RWYk9YV2ke/d2bF1i0hMORG7Dn9tNM/Dl1vPvyFfTcs1cfpskpdVxBqzRab96vusklFERFGjZtd7vGJeXtqtv5sLsuWq94xFGPGzt5avGb6BAoFZQxh4CMjTGgG3z2asPavUUL69v0m8PH9xN/M8/fH8kcH74fvups/PRptjyQCxHvawtltojeu78o89tBgYlDkktIcQMYVbeH8/suP6fHFo/T44lH689ef7v6d/zujLmNVaybSX2FMea0Ss80vQad0UFMUtDSZOwHQGzSlZpnWF01CbZzVlB9W28YCcyOALkfTG0ECm2lYLAApB9IJKQHtHl0eX1zt8o46tleatDRCzKKeJC33JTSMmFI30miNmfNLgu3ovFX0jDnXTPQgv/gewEkUEvO2X9D2khawzYMyOlusuKVYN7yPzSOmtTKz1Rq5QITFDj0WxndTAcAFVh2mHkUok0ad6FZ2YInSsipBs94qCm8Lh4IB9TSkSwNWFKgkU6xtxBXcdQREu9OofG3ofURZejHHPqcY7ar8a73JiMaNWuIRATAJYD8WYaBVyaZfBWWJJ632rTWs1XxLCf4VQZ8nl9AAvL/qVoY6LVCMplHHMoN3aDr09yhwtwFAznHlVc3Yc5FX3j23IiGiwuXQqdMv5cjKPH65ZruPdsq3/MszPM3tG8wn3mUtYOKJJY26SSYJaQZCKmrb1clPrizcd0dfuZfC9ANE/GjF/QSMG9RvthwdYAvOO0Ibi8vknPXn1ABZM3HzaY5Zs//dffgRd010jj7/82kewYktdWLPy5h9pwbM5uue1gJ4Vop9laqxizPEItsln/Py/2oCYbS5YI6FmWfnV1p8nMLxqCoBVNk8UrG4k3Lb7QmFUV0C6aAwHFmXARx4NCo8iXSBzJwD2XkSC8/Vq3ahiDetKORqeAG9vzl6BnafyakGYD1p2jX0LMGZGC3UX/YIfMJCak1GdHdyL4rBQjwOIJqUrxc8lT6M2uaxqCxsCaVtwDvyD6J6z8rGQfryEOL1GtVcT1MBEE1C9uB9rvLoX8voZjXnGkLjVEraSfGuGwfw4s3HowAcLiwquVgg4jik54oCrl9dszISFpw5hvIhwpylNIgDmBGHregiuWk40V1cX7bEOKT86bmdCAuJ61fX3vwYnuc5hr5Txkr0FD77r3m7N7eEdEjBOB51FjlmKMF7Th2D/7uaU5bY5E6coYPBV4VWcWTUm25NxFjUNK8Wsis9RFtNf7UAIUCQ0pAe4eJzvqn1DbkIKt4UqotdvP/9q3oxos3H9FHppJmTL8SPOauo96twlpYcfMfFYAV0SOIYrahaGjfpaqWkUZuxYgLjVsW6PfIkUbSvZFKVCi6cUIYwPoYUWXlGab22br1sL2ZeUO7fE202vtll31A6AWCKQZKIKB1cam5gOMApNWECDRArgaAkIDaOnJK811oOrBqAdkrqC9Xn2JZNGr7nL98f/a33BR2Nr6Q5SvDNql9mDbTmtJkMFIFpGumjEbP2JPvCfI17/Up0bXPyJrtjrIhZ1G2D8t1ALgydXbtgZgpdZFZVQP1hl5kdqPNFeYTRcxIavuy1NbuucGvLyQUcpUV03HD81FlgXVcv12aJXsYcBdJuqcxrSlUhLWDGiL3nj8o/zj0HrqHlPcmwqnEnY9Uv7Qirz4kXOF9YTZ5rzfI0Jn7do8DgBTbkKquwvUtjwxoVEQ6J2sDeq7mAJPjL2n1nwmZqHMWPg6gBcmCEBj0audlaG1m7Vh9LrTcXhRI5/dz9Nn4t7AuDJ1f0ikVaQYgZFQOxVvfZcYD2eQtbXk6u3bnOCFWLemxiKVgxKMxegF79ONfYdxR4PUF6AyYkJp6RaQt7RynfQvORS0iiIHXPp5D8iMcXj0jzmNcaJy8Ba5TDGhqpkF5/V7efU5I8B1mrqpZlqFaR8qcIb1989LXRi87dtuoIIHmWi84UbczUXO8jR/QQVW5/VP7ODL51u97ziMEwEnBvkKqXR90op5ZVaJFfEJk3kWkbzc2RDQB7xhg9j7kQE/OuBDDn4vI8iKGLWgdgxfzylO6fmzVsOBF507tKDvpuj0Se6CemyP7yEhyRJZq26ZXZZTT0Ab0eekRHRaW5pG9DoE0q7mJY4APRUG4rLUNBRGXArYqSuepdHyHaWoAaRk1rAkYq/bw31LkKq9eqwyDaWGfrHErv6Llc9o1dXbiWDBJSNoqk1swaOxV4R/bV6GlhFvOHKeYi2Q/0b5T2wxwBuG6b/O9bGQtQQUVztE2fg9R5xtDl0QdB2qbIAHQ6pRayirqhNWgVMSxhIY9gmMAswqfjeJ3j7IOuEDbAKKdtzwRlRdR6aKCOx7puwI0Os1Z6B7AUqMiOT4LiX9oVZ3FDyeDSMaWjR0Yv7z89i8gJ648QsJM08hBEwc4QZT2sMJsfmrMy6o8CyBjLuZKK2Tk8uXq7rWQ9lpTm0ceqjevbzn1p3J31Mn7e3BtHf2NOEg5gaMspmi0AHBs1cf0rsvX/cfvkct3izVa3dQlJtnz2gDxGr13RX2See8YByUIHWLfgqgaWPE7PSylW5R0V0cYrmV1rgTBuQCwomyxaNZhThEetRo95kuxTwyWb6VMTAFGCgTKg9HjXBeCWsa7dZJ7zwHH11ReVaOBU8jjC5QJIJlzM/OGcApFRviZeaAkXS4EieQzFtrVKIBQXKgIg0iaJKHUt27BsP1qYtbawirDOuQFh4gIAIjk1pSs3lXf2flleyXMBeHhvAvHYnlvdeVZhEjFmSAu1w7JDch1tVHf5xRfoPRD6SuqG7Km6xRdhbO5iTp3mpgKgFNkChZaPIrAeykapMNxS0TgExTRaJ2GAlsRu2LJ7QxsqCp0rBwtqeyjdc8hFJkG7vxobH5JjVBi/ZWltnrlvriaszh6ZwaO9dwCmDMo9ourKFFumxTiUjuVUlasBmn3jYQLCLYBlpAGQEjW6W51tAIFt0WotKlCU46uUeRjpUxtAHs2VBkeRbTPPecbrIa5izvoY2gNbm555DrFJ1Zxht/pHdgGJTgE4OlTfXt5/Ztg7JeeGkyEZZH1bgjDev4dn6GvVx2LZt87RMavYNbfucQhobluuT01c0Cz8E36WkVQDAirDelZ8ndo29Kbn3OJ6orA0A3RDur2LDcVpy/NDxnn2eFv2/YfirTl9NrataF3tI9yXZhjSo3gNtYxp1HWnwWPqiFw6NGl4czlxNvQDR4ruxiEhnPWFRaIxChyZWHKNm6XNUIBA1RDa/l9W/nkpDMWTN1KNoZzKuZ2V07z3XECjJK2itROtjD3SMJV11gI81Ms0qa1lcpCgDq5ApSfE92yVANRKY7X6cpX99GoLaBRjif5ljk4fFWgBEC0CayYQMBMnMTaPhSJxqcroN0tYrS/vcWoDOj4xDSAaQ6PREwk1b6iGKUjBjZ7xUTM0tjceqHDRvtgmUljwPQHQGmDJUKoKDsXz17fqcfFSsfpe2lDu17rGocTC5RxpJI9g3NBxyXY0PlZQr89QA9ir64yLPY5JEtjEHqkeuj1Lenyk14TkILRJ/sIwB2YmdfbcykRNiIml9h76o7Gu1QBIFEvIj2lznCWqQglBcgEhOp6qaUKolBbXQtrZf/fWpXXSDODZS2ZnxkgItoS5nhCCQAOpM500nRIvRd9UWPtISuWK/cG1UYzMtYeCQCoZFVgSPUC3K2QCGqrDWfrI2C0tBaa3tcrxBAxq2qAUQKedU810qFymGHgtr95Z33oBHe5j23QWAFrxcLRE2WQs9bSVSTBrcIUR5n1JdzBXs4TEZpRAlQX3yneW6pdTjlxj3Ne3n9PzNx/D5SvsAStUYSrXlUb1rXz79HB9UaQMBdGntHo0UAeI0YTkHC5YdGjr2cT0C5GGgESdEH4lFZRE/fmCtKA5ZgjfiC857wnnCB0WUeVZpqWtAGsBmvfrkb73PZKHoxiLGbxF/nvvQ0jES7sLUhqGqjeEbYRMMpXV8JHjjWOeCAqXSUienIkQ3q1MPrCe9JGuhvQGnso2pmLdawDg2sVEyTesdiNAP0Hd3WEsdbEmvAw3Bm1Q9HJmjkaJ7oRAkjbLHIQUKbGmBW6vLLBtMENIGkhikF5DwZFCZBsANEHDqEvykKkIBL/n1y9DVW8QgO1cZIDKK88U6NrLGEDaIF6NvK87myls64UWmNeIUhnbyjnofx3syow92KL3vujirZYUDeS1uaHjA1D86zC7yqXiLTGjN38rbFyrh/j9l0CUomZMleX1zci6V1hfrRnEirFHsEhBeqvKMvuyCWkmdHxkAVz7ilaAayRTx0legJUW0gwSab8z9IJTogvaWXQa1UrvFSCAScyT0NASY2tHhdYAFBLOdWEewsPaet3Ho3KzC6MGlh1XHndR2J59R1vctQ4ChfAg606w5wgdVoIm2WGlEiXj0QQgCMvqLSG3C1GPyo8NDkoLyVdO1pIQpd5gJA24BjEfOvHakVgW6J9yBoCfiVjHxeG5lzyUn5m6gAiHZtGOWcJjWhFgsD8hWutTmK8NR2vQyvCLwhtt9MaZIAyQ3EQSRjMrWNK4Aj4kHRfQSGZiu2R1q0NsgbgPXBpweU9HklwVX1vT8226SQCSRwteryJwLNtw/MtTCjwqim/EqHFmjUHzyG3fP7uiY81L5qhwNgGJQDZ/JTQSO2QWczm79GilR9QL1rL8OFIocpc/mpufms1by4EwBUQiDMhbRdP9OK9Z5ttsvrm3vtSG0uidjzGS3UmHGp/iX79aoe7Q0IDeWHzDs5LMwRYASMCieh7j3/NkF1O9hjilQVmFE7I5r2pLqeoYMwAqC1yOvFfYrptFaA8tbzboiUZL6Y5/sYCujYItsWSGlLwqx5NLtWwbJcC3bETwrUvyKsnZngT3YQDi3UGAtBvRG8UfUKP1MLHvlAjF/Bx3EUfYiJKwGMK6ccUvhwdAVZWsa1px/a3Mm8hyOOzGufeWmFIzegJEOfvfpg6razXgyQ/krPAZaGR80LN4jT8doLsvNyJ0H6LjK8lbUNiTooL4XwWORUjq2AUjGamPVXO2qO7N3pZN29qZ2Z2iPSzOfxCMUmdPX7JgpsV9DewEs35dqL7nVXyUolV5FUHVgNY8R1t/mL5GYjRdfc7RFpAjSAa8dCnnMWlOca98c/rck2t57XbyQCFAr/78hUkmSy/NKdgAKJqIJS2R9BKt9qAHNO5gY8Yc/k2LmRWq/S656dC9CDlJEDO2DJ0uOWkCpz3eMXJ3TXI0lLUqWGrMWsQluj7NNF0EqrF16qTrRiJBHAMWxCj311HxLzEPF4AqXJ8hgsgaEAsCiv5Q3JIA9vHnH7f/761n0MNaQ21EqFPy2jU48EgGXEGXaQ1EpCXCHmtRAiuaygiEhTdJQCzoN/Ym7AnHkGObtpF/84R4mtAYzb6gwaZvwUMwJmKwfAEAtlEJG6XXg5f1eyVwDGetedIyxo3apPQXxdjMrcswFADYsMbL65tl8s9bdNaXm1pav7mLXiMkVnrTQCGtAYygj0tpETWJS/Y13ekpeZlnS0UuhHH6578zY6H8zCdDXOLFbBL6W9I0pBxxLRwlJL1PyilF/XRjR6tMAdZ4I2wl0kWujRFWmDR1mM2UXnFWEYhQ8c9NZSFoLPX98ukz68bd8EgPcGmWE1TYPav1UBDu7YPRe4dtKYFGY8osZLSK9bdkEQbWZ7b1RNaGhes/c1A6b2eHHGSqDMbZhswDN0EaVQx6xQKYbOVeSSIk2H5QM0xmPwG7AMAUMOmi5ZbSKRVBR911aayWsxKOxWfnWZ/3Um78eN6bMfF7YEkU4rN16lBLxo83fWztzX80VoiaYFmDTTofQSqcOaKlGwOpWogWiHyUiEKHFNSyAbGQKinVa7fN1YTO3hg5ARar1x1F0XtBNRLz78hVEPxQ9HmHXQMQoxXIMJO3WWwLtAZ6ZYiNolGWr4XHlt6S2CKFlpUSiGjPDoJoRUMpAs7KhJyq0ypWlZHuLk1WbUdGLYvzt4QP4/HqngEr33cqushxfPr9a166n/N0aXBuMVtunDNIR4BSZvcqYJQqpRA5DjhAUloX8ShF/GfV8J8wgoi4MzPktkZecVF5QDMiMOqewGJG2/PXt9t3ueAnxA8N9dFeXt/csK2fkvp7/Po6Frv1t8wdNV/0yy0iX22hbO9429IXD9OtXPUF9LW/x5l482guZawz1/dfu57AaiSTeMCjhmk24wi1b1j2qXzFaLwNSNSHUkP3jy5ejv3AnCsqtmCr2WZjWDxlaIhwlioyNdtp/SfL2KOcmxpNLOrvsv2Whbt1hdYg3zsOWMSJ4qLB/OuQBn3MNsg2r28cvP6bnbz6SLl6NfkFsDaiASaktZKju3LLf/wcOsj2d8Pa/YQAAAABJRU5ErkJggg
把找到的数据块合并起来Base64转图片 获得带有掩码密码Y3p_Ke9_1s_?????估计有文件需要爆破从flag镜像文件的尾部往上找发现7z文件特征直接导出发现解压需要密码直接爆破。
另外还有一个可以取巧的办法
#还有一个取巧的办法用已获取的部分png图片Base64编码值去匹配
#iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAABG2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIi8CiA8L3JkZjpSREYCjwveDp4bXBtZXRhPgo8P3hwYWNrZXQgZW5kPSJyIj8l1vpCgAAI7JJREFUeJztXU2SVTey1rVfmHgRJp6fCc88Kg/eFuwleA1sjolwBJgE1U9gBFQQLgYAB30eQOjal2VfvI/UfeL6Kj8a1zpFRKypPKPx3vf17O2wpbemQUkopHVJK27alQzoc0iFtadsO2GwHdKW0nZI27dfDykd0iFtW0opbSkdDiltKaXDdvf74ZCm/3/GGWf44btDOqR0OKTD3/XDimlf/zz3eHwTSB8kwP5qb837d//vvvh5QO354fBMKfeUUvrHP2O/rv/1PE5fWNNwlocGj2GuzVx9cuXgxZuPd/24Nt3rR8fXzwiNXZ95ndluSgS2ZStRaQFzemyoGc0jmh5fPALPhST/PUn8z4hyLxq8ez3X35MKcHWXuuZGZ/v9blN8Pz17ewRMJ5cvRVra2UaKKDQvcpYZ3SWf8eOKT/Ci84oPBmKgAwePryvWRzZhgxTlIAroIeP55cvTXdSCM6Rr/Vf8JgWhzW9JH2UuUuSELAMnNPpvQ1XD11yfU89gF3fuN058nPOmJzguMdkTBYdvtuN74fL6hnwmPuOMEs9efbgimport base64
from difflib import SequenceMatcher
head b\x89PNG
tail bIEND\xaeB\x82
key iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAABG2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIi8CiA8L3JkZjpSREYCjwveDp4bXBtZXRhPgo8P3hwYWNrZXQgZW5kPSJyIj8l1vpCgAAI7JJREFUeJztXU2SVTey1rVfmHgRJp6fCc88Kg/eFuwleA1sjolwBJgE1U9gBFQQLgYAB30eQOjal2VfvI/UfeL6Kj8a1zpFRKypPKPx3vf17O2wpbemQUkopHVJK27alQzoc0iFtadsO2GwHdKW0nZI27dfDykd0iFtW0opbSkdDiltKaXDdvf74ZCm/3/GGWf44btDOqR0OKTD3/XDimlf/zz3eHwTSB8kwP5qb837d//vvvh5QO354fBMKfeUUvrHP2O/rv/1PE5fWNNwlocGj2GuzVx9cuXgxZuPd/24Nt3rR8fXzwiNXZ95ndluSgS2ZStRaQFzemyoGc0jmh5fPALPhST/PUn8z4hyLxq8ez3X35MKcHWXuuZGZ/v9blN8Pz17ewRMJ5cvRVra2UaKKDQvcpYZ3SWf8eOKT/Ci84oPBmKgAwePryvWRzZhgxTlIAroIeP55cvTXdSCM6Rr/Vf8JgWhzW9JH2UuUuSELAMnNPpvQ1XD11yfU89gF3fuN058nPOmJzguMdkTBYdvtuN74fL6hnwmPuOMEs9efbg
key key[0:80]
n len(key)
f open(flag,rb)
all_byte f.read()
f.close()
m 0
all_list all_byte.split(head)
for i in all_list:res head iout base64.b64encode(res)if len(out) n:out out[0:n].decode()s(SequenceMatcher(None, out, key).ratio())if s 0.65:print(s)f open(f{m}.png,wb)f.write(res)f.close()m m 1
#共获取出4个文件虽然没办法正常打开但是zsteg -a 也能获取带有掩码的密码 也可以拿到密码算是非预期吧。 爆破得到解压缩密码Y3p_Ke9_1s_23333解压缩后得到python字节码扔进AI转python
31 226 PUSH_NULL228 LOAD_NAME 8 (key_encode)230 LOAD_NAME 7 (key)232 PRECALL 1236 CALL 1246 STORE_NAME 7 (key)32 248 PUSH_NULL250 LOAD_NAME 10 (len)252 LOAD_NAME 7 (key)254 PRECALL 1258 CALL 1268 LOAD_CONST 7 (16)270 COMPARE_OP 2 ()276 POP_JUMP_FORWARD_IF_FALSE 43 (to 364)33 278 PUSH_NULL280 LOAD_NAME 9 (sm4_encode)282 LOAD_NAME 7 (key)284 LOAD_NAME 5 (flag)286 PRECALL 2290 CALL 2300 LOAD_METHOD 11 (hex)322 PRECALL 0326 CALL 0336 STORE_NAME 12 (encrypted_data)34 338 PUSH_NULL340 LOAD_NAME 6 (print)342 LOAD_NAME 12 (encrypted_data)344 PRECALL 1348 CALL 1358 POP_TOP360 LOAD_CONST 2 (None)362 RETURN_VALUE32 364 LOAD_CONST 2 (None)366 RETURN_VALUEDisassembly of code object key_encode at 0x14e048a00, file make.py, line 10:10 0 RESUME 011 2 LOAD_GLOBAL 1 (NULL list)14 LOAD_FAST 0 (key)16 PRECALL 120 CALL 130 STORE_FAST 1 (magic_key)12 32 LOAD_GLOBAL 3 (NULL range)44 LOAD_CONST 1 (1)46 LOAD_GLOBAL 5 (NULL len)58 LOAD_FAST 1 (magic_key)60 PRECALL 164 CALL 174 PRECALL 278 CALL 288 GET_ITER 90 FOR_ITER 105 (to 302)92 STORE_FAST 2 (i)13 94 LOAD_GLOBAL 7 (NULL str)106 LOAD_GLOBAL 9 (NULL hex)118 LOAD_GLOBAL 11 (NULL int)130 LOAD_CONST 2 (0x)132 LOAD_FAST 1 (magic_key)134 LOAD_FAST 2 (i)136 BINARY_SUBSCR146 BINARY_OP 0 ()150 LOAD_CONST 3 (16)152 PRECALL 2156 CALL 2166 LOAD_GLOBAL 11 (NULL int)178 LOAD_CONST 2 (0x)180 LOAD_FAST 1 (magic_key)182 LOAD_FAST 2 (i)184 LOAD_CONST 1 (1)186 BINARY_OP 10 (-)190 BINARY_SUBSCR200 BINARY_OP 0 ()204 LOAD_CONST 3 (16)206 PRECALL 2210 CALL 2220 BINARY_OP 12 (^)224 PRECALL 1228 CALL 1238 PRECALL 1242 CALL 1252 LOAD_METHOD 6 (replace)274 LOAD_CONST 2 (0x)276 LOAD_CONST 4 ()278 PRECALL 2282 CALL 2292 LOAD_FAST 1 (magic_key)294 LOAD_FAST 2 (i)296 STORE_SUBSCR300 JUMP_BACKWARD 106 (to 90)15 302 LOAD_GLOBAL 3 (NULL range)314 LOAD_CONST 5 (0)316 LOAD_GLOBAL 5 (NULL len)328 LOAD_FAST 0 (key)330 PRECALL 1334 CALL 1344 LOAD_CONST 6 (2)346 PRECALL 3350 CALL 3360 GET_ITER 362 FOR_ITER 105 (to 574)364 STORE_FAST 2 (i)16 366 LOAD_GLOBAL 7 (NULL str)378 LOAD_GLOBAL 9 (NULL hex)390 LOAD_GLOBAL 11 (NULL int)402 LOAD_CONST 2 (0x)404 LOAD_FAST 1 (magic_key)406 LOAD_FAST 2 (i)408 BINARY_SUBSCR418 BINARY_OP 0 ()422 LOAD_CONST 3 (16)424 PRECALL 2428 CALL 2438 LOAD_GLOBAL 11 (NULL int)450 LOAD_CONST 2 (0x)452 LOAD_FAST 1 (magic_key)454 LOAD_FAST 2 (i)456 LOAD_CONST 1 (1)458 BINARY_OP 0 ()462 BINARY_SUBSCR472 BINARY_OP 0 ()476 LOAD_CONST 3 (16)478 PRECALL 2482 CALL 2492 BINARY_OP 12 (^)496 PRECALL 1500 CALL 1510 PRECALL 1514 CALL 1524 LOAD_METHOD 6 (replace)546 LOAD_CONST 2 (0x)548 LOAD_CONST 4 ()550 PRECALL 2554 CALL 2564 LOAD_FAST 1 (magic_key)566 LOAD_FAST 2 (i)568 STORE_SUBSCR572 JUMP_BACKWARD 106 (to 362)18 574 LOAD_CONST 4 ()576 LOAD_METHOD 7 (join)598 LOAD_FAST 1 (magic_key)600 PRECALL 1604 CALL 1614 STORE_FAST 1 (magic_key)19 616 LOAD_GLOBAL 17 (NULL print)628 LOAD_FAST 1 (magic_key)630 PRECALL 1634 CALL 1644 POP_TOP20 646 LOAD_GLOBAL 7 (NULL str)658 LOAD_GLOBAL 9 (NULL hex)670 LOAD_GLOBAL 11 (NULL int)682 LOAD_CONST 2 (0x)684 LOAD_FAST 1 (magic_key)686 BINARY_OP 0 ()690 LOAD_CONST 3 (16)692 PRECALL 2696 CALL 2706 LOAD_GLOBAL 11 (NULL int)718 LOAD_CONST 2 (0x)720 LOAD_FAST 0 (key)722 BINARY_OP 0 ()726 LOAD_CONST 3 (16)728 PRECALL 2732 CALL 2742 BINARY_OP 12 (^)746 PRECALL 1750 CALL 1760 PRECALL 1764 CALL 1774 LOAD_METHOD 6 (replace)796 LOAD_CONST 2 (0x)798 LOAD_CONST 4 ()800 PRECALL 2804 CALL 2814 STORE_FAST 3 (wdb_key)21 816 LOAD_GLOBAL 17 (NULL print)828 LOAD_FAST 3 (wdb_key)830 PRECALL 1834 CALL 1844 POP_TOP22 846 LOAD_FAST 3 (wdb_key)848 RETURN_VALUEmagic_key:3a1d0865888a66d1
encrypted_data:7f343d7a2f3cb8fbbea045cdfb768f1091f24fb4a1c9a3db562bef5986725f096c1b1205abcfbdfd6b3b424b91214b44
def key_encode(key):magic_key list(key) # 将输入的key转换为列表形式for i in range(1, len(magic_key)):magic_key[i] str(hex(int(magic_key[i], 16) ^ int(magic_key[i - 1], 16))).replace(0x, )for i in range(0, len(key), 2):magic_key[i] str(hex(int(magic_key[i], 16) ^ int(magic_key[i 1], 16))).replace(0x, )magic_key .join(magic_key) # 将列表转换为字符串print(magic_key)wdb_key str(hex(int(magic_key, 16) ^ int(key, 16))).replace(0x, )print(wdb_key)return wdb_key
def main():key your_initial_key # 这里需要替换为您实际使用的密钥flag your_flag_here # 如果有特定的标志这里也需要替换key key_encode(key)if len(key) 16:encrypted_data sm4_encode(key, flag).hex() # 假设sm4_encode是一个加密函数返回的是字节对象print(encrypted_data)
if __name__ __main__:main()
逆向还原magic_key至key再将key转为wdb_key即SM4密钥
def key_decode(encoded_key):# 第一步逆向第二次异或操作magic_key_list list(encoded_key)for i in range(0, len(encoded_key) - 1, 2):magic_key_list[i] str(hex(int(magic_key_list[i], 16) ^ int(magic_key_list[i 1], 16))).replace(0x, )# 第二步逆向第一次异或操作for i in range(len(magic_key_list) - 1, 0, -1):magic_key_list[i] str(hex(int(magic_key_list[i], 16) ^ int(magic_key_list[i - 1], 16))).replace(0x, )# 将列表转换回字符串decoded_key .join(magic_key_list)return decoded_keymagic_key 3a1d0865888a66d1 # 假设这是经过编码后的 magic_key
decoded_key key_decode(magic_key)
print(decoded_key) # 输出原始 keydef key_encode(key):magic_key list(key) # 将输入的key转换为列表形式for i in range(1, len(magic_key)):magic_key[i] str(hex(int(magic_key[i], 16) ^ int(magic_key[i - 1], 16))).replace(0x, )for i in range(0, len(key), 2):magic_key[i] str(hex(int(magic_key[i], 16) ^ int(magic_key[i 1], 16))).replace(0x, )magic_key .join(magic_key) # 将列表转换为字符串print(magic_key)wdb_key str(hex(int(magic_key, 16) ^ int(key, 16))).replace(0x, )print(wdb_key)return wdb_key
print(key_encode(decoded_key))
#936150b658a8a6ad
#3a1d0865888a66d1
#a97c58d3d022c07c
#a97c58d3d022c07c wdgflag{f16c4e17b6a4b6084466707cd90b755f}
MISC03 wdbflag{39.168.5.60}
MISC04 皮亚诺曲线直接工具还原或者用https://almostgph.github.io/2024/01/08/IrisCTF2024/#czech-where脚本 wdflag{92c12032-cee2-4d2d-be99-a61547cf8022}
