文件打開有一個未知名的文件,用記事本打開也沒什么,接着用Hex打開,發現稍微 后面一點有其他文件,試着binwalk分離文件:
def get_base64_diff_value(s1, s2): base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' res = 0 for i in xrange(len(s2)): if s1[i] != s2[i]: return abs(base64chars.index(s1[i]) - base64chars.index(s2[i])) return res def solve_stego(): with open('ComeOn!.txt', 'rb') as f: file_lines = f.readlines() bin_str = '' for line in file_lines: steg_line = line.replace('\n', '') norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '') diff = get_base64_diff_value(steg_line, norm_line) print diff pads_num = steg_line.count('=') if diff: bin_str += bin(diff)[2:].zfill(pads_num * 2) else: bin_str += '0' * pads_num * 2 print goflag(bin_str) def goflag(bin_str): res_str = '' for i in xrange(0, len(bin_str), 8): res_str += chr(int(bin_str[i:i + 8], 2)) return res_str if __name__ == '__main__': solve_stego()
周賽base64隱寫腳本:
import base64 b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' with open('1.txt', 'rb') as f: flag = '' bin_str = '' for line in f.readlines(): stegb64 = str(line, "utf-8").strip("\n") rowb64 = str(base64.b64encode(base64.b64decode(stegb64)), "utf-8").strip("\n") offset = abs(b64chars.index(stegb64.replace('=', '')[-1]) - b64chars.index(rowb64.replace('=', '')[-1])) equalnum = stegb64.count('=') # no equalnum no offset if equalnum: bin_str += bin(offset)[2:].zfill(equalnum * 2) # flag += chr(int(bin(offset)[2:].zfill(equalnum * 2), 2)) # print(flag) 這樣寫得不出正確結果 print([chr(int(bin_str[i:i + 8], 2)) for i in range(0, len(bin_str), 8)])
得到一串base64字符,題目是base64隱寫,直接上腳本解;
解出來;就是flag:flag{6aseb4_f33!}