攻防世界你猜猜 - 走看看

zoukankan html css js c++ java

攻防世界你猜猜
题目

题目给了一个txt,内容如下

504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000

分析
1. 看到开头的504B0304,显然这是一个zip文件的16进制形式数据,将其恢复成原格式(注意write只能写入bytes类型数据)
```
from Crypto.Util.number import *

f = open("guess.zip","wb")
s = 0x504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000
f.write(long_to_bytes(s))
f.close()
```
1. 得到zip文件后解压发现需要密码,从16进制中也没看到伪加密的痕迹
2. 利用Ziperello爆破得到密码123456
3. 解压并打开flag.txt,结果为
daczcasdqwdcsdzasd
查看全文

相关阅读:
Ribbon 和 Eureka 积分
 zabbix 实现curl 显示器
 《算法入门经典大赛——培训指南》第二章考试
 今天你还抽象？
Big Data Security Part One: Introducing PacketPig
Big Data Analytics for Security（Big Data Analytics for Security Intelligence）
CA
通过Shell和Redis来实现集群业务中日志的实时收集分析
 用Maven编译Apache flume-ng 1.5.0源码及问题解决
 java8-concurrency-tutorial-thread-executor-examples

原文地址：https://www.cnblogs.com/vict0r/p/13550033.html

Copyright © 2011-2022 走看看