1.base64stego
打开压缩包提示需要输入密码,就打开压缩包的详细信息,但是什么都没有,然后就打开binwalk,查看发现没有隐藏文件。
然后想到可能是zip伪加密:
zip文件有三个部分组成:压缩源文件数据区(第一个50 4B)+压缩源文件目录区(第二个50 4B)+压缩源文件目录结束标志(第三个50 4B)
伪加密一般存在于压缩源文件目录区,也就是第二个50 4B之后。
压缩源文件目录区:50 4B 01 02:目录中文件文件头标记
3F 03:压缩使用的 pkware版本
14 03:解压文件所需 pkware 版本
09 00:全局方式位标记(有无加密,这个更改这里进行伪加密,改为00 08打开就会提示有密码了)
使用winhex打开文件后,找到第二个50 4B,往后数第七个和第八个,正常情况下应该是00 08,但这里是09 00;
修改完之后就可以正常解压了 ,打开txt之后,发现内容是base64加密过的,解密之后发现是一篇关于介绍隐写术的文章:
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspeage,
a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning
"covered or protected", and graphein meaning "to write". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia,
a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles,
shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages
no matter how unbreakable will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas
cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic
coding inside of a transport layer, such as a document file, image filn because of their large size. As a simple example, a sender might start with
an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not
specifically looking for it is unlikely to notice it. The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in The Histories
of Herodotus. Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before
applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand. Another ancient
example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message
was hidden. The purpose was to instigate a revolt against the Persians. Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include: * Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent
covering message was written * Hidden messages on messenger's body: also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head,
hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece abois method has
obvious drawbacks, such as delayed transmission while waiting for the sn the number and size of messages that can be encoded on one person's scalp. * In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink. * Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. * Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. * Messages written on the back of postage stamps. * During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots
were typically minute, approximately less than the size of the period produced by a typewriter. WWII microdots needed to be embedded in
the paper and covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing against glancing light.
Alternative techniques included inserting microdots into slits cut into the edge of post cards. * During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America.
She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, while the
concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became
known as the Doll Woman. * Cold War counter-propaganda. In 1968, crew members of the USS Pueblo (AGER-2) intelligence ship held as prisoners by North Korea,
communicated in sign language during staged photo opportunities, informing the United States they were not defectors but rather were
being held captive by the North Koreans. In other photos presented to the US, crew members gave "the finger" to the unsuspecting
North Koreans, in an attempt to discredit photos that showed them smiling and comfortable. -- http://en.wikipedia.org/wiki/Steganography
在线翻译了一下:
隐写术是一门艺术和科学,它以一种除了发送者和预期接收者之外,任何人都无法通过隐藏的方式来书写隐藏的信息。“隐写术”一词源于希腊语,意为“隐藏的写作”,
源于希腊语单词steganos,意为“覆盖或保护”,而graphein意为“写作”。1499年,约翰内斯·特里特米乌斯(Johannes Trithemius)在他的《隐写术》(Steganographia)一书中首次使用了这个词。
一般情况下,信息会以其他形式出现:图像、文章、购物清单或其他一些隐藏文本,通常,隐藏的信息可能是私人信件可见行之间的隐形墨水。 与密码学相比,隐写术的优势在于,消息本身不会引起注意。显而易见的加密信息,无论多么牢不可破,都会引起怀疑,而且在加密非法的国家,这些信息本身就可能构成犯罪。
因此,虽然密码学保护消息的内容,但是隐写术可以同时保护消息和通信方。 隐写术包括在计算机文件中隐藏信息。在数字隐写术中,由于传输层(如文档文件、图像文件)的大尺寸,电子通信可能包括传输层内部的隐写编码。举个简单的例子,
发送者可能从一个无害的图像文件开始,每100个像素调整一次颜色,使之与字母表中的一个字母相对应,这种变化如此细微,以至于没有专门查找它的人不太可能注意到它。 有记录的第一次使用隐写术可以追溯到公元前440年,希罗多德在他的历史中提到了两个隐写术的例子。德玛拉图斯在涂上蜂蜡表面之前,直接把它写在一块蜡板的木制底座上,
警告希腊即将受到攻击。蜡片当时普遍用作可重复使用的书写表面,有时也用于速记。另一个古老的例子是希斯提厄斯,他剃光了他最信任的奴隶的头,并在上面纹了一条信息。
他的头发长了以后,这条信息就被藏了起来。目的是煽动对波斯人的起义。 隐写术已被广泛应用,包括在最近的历史时期和今天。可能的排列是无穷无尽的,已知的例子包括: *蜡版内的隐藏信息:在古希腊,人们把信息写在木头上,然后用蜡把木头盖上,在上面写上一个无辜的信息 *信使身体上的隐藏信息:也用于古希腊。希罗多德讲了一个故事,一个奴隶剃光了头,上面纹着一条信息,隐藏在他的头发后面,再剃一次头就露出来了。
据称,这条信息带有向希腊发出警告的信息,abois方法有明显的缺陷,比如在等待sn时传输延迟。sn是可以在一个人的头皮上编码的信息的数量和大小。 *二战期间,法国抵抗运动用隐形墨水在信使的背上写了一些信息。 *用秘密墨水写在纸上的隐藏信息,在其他信息下面或其他信息的空白部分。 *用莫尔斯电码写在针织纱线上的信息,然后编织成快递员穿的衣服。 写在邮票背面的信息。 *在第二次世界大战期间和之后,间谍人员使用照相制作的微粒来来回传送信息。微粒通常是微小的,大约比打字机产生的周期的大小还要小。第二次世界大战的微粒需要嵌入在纸上,
并覆盖上粘合剂(如胶棉)。这是反射的,因此可以通过对光的观察来检测。其他的技术包括将微粒插入明信片边缘的缝隙中。 *第二次世界大战期间,驻纽约的日本间谍维瓦利·迪金森(Velvalee Dickinson)将信息发送到中立的南美的住宿地址。她是一个玩偶经销商,她在信中讨论了要运送多少个这样或那样的玩偶。
隐写文本是娃娃的命令,而隐藏的“明文”本身是编码的,并提供有关船只移动等信息。她的情况变得有点出名,她成为众所周知的娃娃女人。 *冷战反宣传。1968年,被朝鲜扣押的美国普韦布洛号(USS Pueblo, AGER-2)号情报舰的船员在拍照时用手语交流,告知美国他们不是叛逃者,而是被朝鲜扣押的。在提交给美国的其他照片中,
机组人员向毫无戒心的朝鲜人竖起了“手指”,试图抹掉他们微笑和舒适的照片。 -- http://en.wikipedia.org/wiki/Steganography
之后就没有思路了,然后看了wp,发现需要写一个base64解密的脚本,我晕,解密工具果然还是有不足之处的
flag:Base_sixty_four_point_five
附上代码:
# -*- coding: UTF-8 -*-
def get_base64_diff_value(s1, s2):
base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
res = 0
for i in xrange(len(s1)):
if s1[i] != s2[i]:
return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
return res
def solve_stego():
with open('C:\\Users\\Desktop\\stego.txt', 'rb') as f:
file_lines = f.readlines()
bin_str = ''
for line in file_lines:
steg_line = line.replace('\n', '')
norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')
diff = get_base64_diff_value(steg_line, norm_line)
pads_num = steg_line.count('=')
if diff:
bin_str += bin(diff)[2:].zfill(pads_num * 2)
else:
bin_str += '0' * pads_num * 2
res_str = ''
for i in xrange(0, len(bin_str), 8):
res_str += chr(int(bin_str[i:i+8], 2))
print res_str
solve_stego()
不过奇怪的是,我运行之后,什么都没输出。。。。。。。
自闭中...................................
2.签到题
刚打开题目感觉很简单的样子 (*^▽^*)
base64解密,提交,金币到手(滑稽~)
but,嗯???竟然不对 Σ(⊙▽⊙"a
果然还是我想的太简单了,,,,仔细看了看,排除工具出了问题,这串字符看起来像是被栅栏加密过的
然后栅栏解密
对比一下,感觉第二栏更有可能与flag有关
前五个字符应该是猜测是ssctf,但是好像还是被加密了,然后就尝试了几种加密方式,最后觉得还是rot13更接近
然后发现解密的结果似乎和凯撒更接近,然后凯撒解密
成功发现flag
总结:密码学大杂烩,6星的题果然没那么简单,,,,,,
3.Avatar
这道题看起来就是一个简单的隐写题
然后Stegsolve分析图层,没什么发现;然后分析数据,还是什么都没有;下一步winhex,似乎也没有什么;在下一步biwalk,只有一张图片;最后一步,改后缀名,这次绝望了,还是什么都没有 o(╥﹏╥)o。。。。。。。
然后就是一通乱分析(更改大小,内容搜索,解码。。。),还是没效果 T_T
突然感觉这道题好像无解,,,,
最后看别人做题的时候突然想起来了一个神奇的工具----outguess
果然,这道题还是要用outguess解开
成功获得flag
这是我见过最独特的flag,,,,
4.眼见非实
打开压缩包之后,就看到了一个word文件,打开文件看到一堆乱码,但是第一页的开头是‘PK’,对应的应该是一个zip文件;然后修改后缀名,解压得到一个文件夹,打开文件夹,发现许多xml文件
推测flag应该是在word文件夹中,打开word文件夹,
推测flag是在document.xml文件中,打开文件
发现flag
5.What-is-this
解压发现两张图片,感觉两张图片有点像二维码,但是一直没找到什么线索;
然后想到可能需要将两张图片合并,打开StegSolve,选择Image Combiner,将两张图片合并,发现flag
感觉7分的题也没那么难 ^_^
6.Training-Stegano-1
这个大概是我见过的,最简单的,图片隐写题,没有之一
直接右键记事本打开就找到flag了,果然很基础
好简单,,,
7.easycap
打开数据包,没发现什么线索,然后试着跟踪了一下数据流,然后,,,就没有然后了,因为找到了flag
果然很easy,哈哈哈。。。。
8.Test-flag-please-ignore
这个就比较简单了,下载,解压
感觉有点像md5或hex,然后先去尝试了hex,然后获得flag
感觉还行
9.4-2
下载,解压,发现一段毫无规律的英文片段
然后栅栏了一下,没有用,接着尝试了一下词频分析,成功解出
唯一比较坑的是出题人没有说明flag格式。。。
flag格式为flag{}
10.glance-50
点击下载,竟然被我的谷歌拦截了,然后用了火狐,才下载成功,打开是一张gif图,然后就能看到flag,只是看的眼睛有些难受
11.隐藏在黑夜里的秘密
下载,解压时发现有密码,然后首先想到了伪加密,解密
解压文件,然后使用Stegsolve查看图片,发现flag
结束......
12.Get-the-key.txt
下载,解压,发现什么都没有
用file指令查看,发现了:/forensic100: Linux rev 1.0 ext2 filesystem data, UUID=0b92a753-7ec9-4b20-8c0b-79c1fa140869
感觉应该是挂载,然后就尝试了挂载
根据题目中的提示找key.txt
进入mnt目录,执行命令:for file in *;do echo $file&&strings $file ;done
发现了好多和key相关的txt,最后发现第一个就是
然后就解压,获得flag
提交,结束...
13.Cephalopod
下载,打开数据包,开始阅读数据,突然发现一个flag.png
flag可能与png有关,再往下,找到了一个png文件
然后保存数据,删除多余的内容
接着,保存,重命名,发现flag
实在懒得打字了,就截图识别了
14.embarrass
下载,解压,打开,然后一脸绝望,,,,这内容也太多了!!!
然后查看了一下http协议,也没发现啥
绝望,接着就分离了一下文件,分离出来一堆文件,但是都看了一遍啥都没看到
将要放弃的时候
大佬提示用strings
然后我差点砍了这道题[○・`Д´・ ○]
话说回来,ctf本来就是考验脑洞的,还是佛系一点比较好.........
15.pure_color
下载完直接放到Stegsolve里,就可以看到flag了
16.misc1
打开是一串16进制字符,直接解密就好了
# 将一串十六进制编码变为ascii # # a=raw_input("请输入一串十六进制编码:") # b=len(a) # for i in range(0,b,2): # if ord('a')<=ord(str(a[i]))<=ord('z'): # c=ord(str(a[i]))-ord('a') # c+=10 # else: # c=ord(str(a[i]))-ord('0') # if ord('a')<=ord(str(a[i+1]))<=ord('z'): # d=ord(str(a[i+1]))-ord('a') # d+=10 # else: # d=ord(str(a[i+1]))-ord('0') # e=c*16+d # e%=128 # sys.stdout.write("{}".format(chr(e)))
17.hit-the-core
下载,解压,发现是一个core文件,然后用strings查看,发现一串很像flag的字符串
还发现了两个大括号,提交了一下,错了,继续向下看
根据这道题是alexctf-2017的题,仔细观察,发现“cvqAeqacLtqazEigwiXobxrCrtuiTzahfFreqc”中包含的大写字母正是“ALEXCTF”,然后根据规律,写程序
#include<iostream> #include<conio.h> #include<stdio.h> #include<string.h> #include<math.h> #include<algorithm> using namespace std; int main() { char a[1000]; scanf("%s",a); int l=strlen(a); for(int i=0;i<l;i+=5) { printf("%c",a[i]); } printf("\n"); }
输入:AeqacLtqazEigwiXobxrCrtuiTzahfFreqc{bnjrKwgk83kgd43j85ePgb_e_rwqr7fvbmHjklo3tews_hmkogooyf0vbnk0ii87Drfgh_n1kiwutfb0ghk9ro987k5tfb_hjiouo087ptfcv}
解出flag
18.肥宅快乐题
下载,打开,是一个小游戏,然后反编译,发现内容似乎有点多
然后看提示,需要通关!!!!
然后发现可以用PotPlayer拖动进度条,直接拖到了最后
发现了疑似base64加密的内容
然后解密,发现flag
19.can_has_stdio?
下载的时候发现没办法下载,然后就去求助于大佬,然后大佬给了一个题目下载链接
下载完之后,直接用Brainfuck 解码就好了
20.神奇的Modbus
下载,打开,看到好多数据,然后筛选modbus,跟踪tcp流,就可以看到flag
但是提交之后错了,仔细看过之后发现flag中少了个 ‘ o ’,不晓得是不是出题人的失误.....
21.2-1
下载完之后直接扔进010里,修复文件头,发现还是无法打开,分析了一下发现是IHDR的CRC值出错了
然后在网上找到了一个爆破CRC的脚本
import os
import binascii
import struct
misc = open("misc4.png","rb").read()
for i in range(1024):
data = misc[12:16] + struct.pack('>i',i)+ misc[20:29]
crc32 = binascii.crc32(data) & 0xffffffff
if crc32 == 0x932f8a6b:
print i
获得flag
