題目來源: ISCC-2017
題目描述:我們剛剛攔截了,敵軍的文件傳輸獲取一份機密文件,請君速速破解。
下載附件后,內容如下:
504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000
很明顯,504B0304是zip文件的文件頭。
HxD新建文件,將附件內容copy進去,命名為1.zip。
解壓1.zip,發現需要解壓密碼,直接暴力破解得到密碼為123456。
解壓后得到flag.txt
附:常用文件的文件頭如下(16進制)
JPEG (jpg),文件頭:baiFFD8FFE1
PNG (png),文件頭:89504E47
GIF (gif),文件頭:47494638
TIFF (tif),文件頭:49492A00
Windows Bitmap (bmp),文件頭:424DC001
CAD (dwg),文件頭:41433130
Adobe Photoshop (psd),文件頭:38425053
Rich Text Format (rtf),文件頭:7B5C727466
XML (xml),文件頭:3C3F786D6C
HTML (html),文件頭:68746D6C3E
Email [thorough only] (eml),文件頭:44656C69766572792D646174653A
Outlook Express (dbx),文件頭:CFAD12FEC5FD746F
Outlook (pst),文件頭:2142444E
MS Word/Excel (xls.or.doc),文件頭:D0CF11E0
MS Access (mdb),文件頭:5374616E64617264204A
WordPerfect (wpd),文件頭:FF575043
Adobe Acrobat (pdf),文件頭:255044462D312E
Quicken (qdf),文件頭:AC9EBD8F
Windows Password (pwl),文件頭:E3828596
ZIP Archive (zip),文件頭:504B0304
RAR Archive (rar),文件頭:du7221
Wave (wav),文件頭:57415645
AVI (avi),文件頭:41564920
Real Audio (ram),文件頭:2E7261FD
Real Media (rm),文件頭:2E524D46
MPEG (mpg),文件頭:000001BA
MPEG (mpg),文件頭:000001B3
Quicktime (mov),文件頭:6D6F6F76
Windows Media (asf),文件頭:3026B2758E66CF11
MIDI (mid),文件頭:4D546864
參考:https://www.jianshu.com/p/c3a8e92034ac