Misc

ez_QR

image-20250327170322802.png

一共有50个二维码,每个二维码对应一个字符,豆包写个python脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import os
import cv2

# 初始化空字符串用于存储拼接结果
result_string = ""

# 遍历 1 到 51 的图片
for i in range(1, 51):
    # 构造图片文件名
    image_name = f"{i}.png"  # 假设图片格式为 PNG,可根据实际情况修改
    # 检查图片文件是否存在
    if os.path.exists(image_name):
        try:
            # 使用 OpenCV 读取图片
            image = cv2.imread(image_name)
            # 创建 QRCodeDetector 对象
            qr_detector = cv2.QRCodeDetector()
            # 解码二维码
            retval, decoded_info, points, straight_qrcode = qr_detector.detectAndDecodeMulti(image)
            if retval:
                for data in decoded_info:
                    # 拼接结果
                    result_string += data
        except Exception as e:
            print(f"处理图片 {image_name} 时出错: {e}")
    else:
        print(f"图片 {image_name} 不存在。")

# 输出最终拼接结果
print("拼接后的字符串:", result_string)

image-20250327170041263.png

flag:QLNU{ZHe_sh1_y1_ge_Er_w31_m4_666_oovo_qaqqlnuyyds_ha_ha_ha!!!#1}

baby_MISC

image-20250327170631166.png

斯国一怎么就是四个1了,怎么读都不像呀,感觉是四多1

.\Decode.exe -X -P 1111 特别的人.mp3

  • -X是提取隐藏文件

  • -P是密码

  • 111为文件隐藏时的密码

  • 特别的人.mp3是要提取的文件

image-20250327173256608.png

我想要把16进制的上面这堆放在010那个区域的左边,但不管怎么能都是在右边

image-20250403232643338.png

怎么办???????

生日的祝福

image-20250402162103471.png

里面有段这个

1
dGFibGUxPSAnzrEnCnRhYmxlMj0gJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nCgpkZWYgZW5jcnlwdCh0ZXh0LCBzaGlmdCk6CiAgICBlbmNyeXB0ZWRfdGV4dCA9ICIiCiAgICBmb3IgY2hhciBpbiB0ZXh0OgogICAgICAgIGlmIGNoYXIuaXNhbHBoYSgpOgogICAgICAgICAgICBzaGlmdGVkID0gb3JkKGNoYXIpICsgc2hpZnQKICAgICAgICAgICAgaWYgY2hhci5pc2xvd2VyKCk6CiAgICAgICAgICAgICAgICBpZiBzaGlmdGVkID4gb3JkKCd6Jyk6CiAgICAgICAgICAgICAgICAgICAgc2hpZnRlZCAtPSAyNgogICAgICAgICAgICAgICAgZWxpZiBzaGlmdGVkIDwgb3JkKCdhJyk6CiAgICAgICAgICAgICAgICAgICAgc2hpZnRlZCArPSAyNgogICAgICAgICAgICBlbGlmIGNoYXIuaXN1cHBlcigpOgogICAgICAgICAgICAgICAgaWYgc2hpZnRlZCA+IG9yZCgnWicpOgogICAgICAgICAgICAgICAgICAgIHNoaWZ0ZWQgLT0gMjYKICAgICAgICAgICAgICAgIGVsaWYgc2hpZnRlZCA8IG9yZCgnQScpOgogICAgICAgICAgICAgICAgICAgIHNoaWZ0ZWQgKz0gMjYKICAgICAgICAgICAgZW5jcnlwdGVkX3RleHQgKz0gY2hyKHNoaWZ0ZWQpCiAgICAgICAgZWxzZToKICAgICAgICAgICAgZW5jcnlwdGVkX3RleHQgKz0gY2hhcgogICAgcmV0dXJuIGVuY3J5cHRlZF90ZXh0CgplbmNyeXB0ZWRfdGFibGUxID0gZW5jcnlwdCh0YWJsZTEszrIpCgojIGVuY3J5cHRlZF90YWJsZTE9ICdRUlNUVVZXcXJzdHV2d3h5emFiY2RlZmdoaWprbG1ub3BYWVpBQkNERUZHSElKMDEyMzQ1Njc4OSsvS0xNTk9QJwoKZmxhZyA9ICIiCgpmb3IgXyBpbiByYW5nZSg/KToKICAgIHRleHQxID0gYmFzZTY0LmI2NGVuY29kZShmbGFnLmVuY29kZSgpLCBhbHRjaGFycz10YWJsZTEuZW5jb2RlKCkpLmRlY29kZSgpCgpmb3IgXyBpbiByYW5nZSjOsik6CiAgICBlbl9mbGFnID0gYmFzZTY0LmI2NGVuY29kZSh0ZXh0MS5lbmNvZGUoKSwgYWx0Y2hhcnM9dGFibGUyLmVuY29kZSgpKS5kZWNvZGUoKQpwcmludChlbl9mbGFnKQ==

Base64解码得到

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
table1= 'α'
table2= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

def encrypt(text, shift):
 encrypted_text = ""
 for char in text:
     if char.isalpha():
         shifted = ord(char) + shift
         if char.islower():
             if shifted  ord('z'):
                 shifted -= 26
             elif shifted < ord('a'):
                 shifted += 26
         elif char.isupper():
             if shifted  ord('Z'):
                 shifted -= 26
             elif shifted < ord('A'):
                 shifted += 26
         encrypted_text += chr(shifted)
     else:
         encrypted_text += char
 return encrypted_text

encrypted_table1 = encrypt(table1,β)

# encrypted_table1= 'QRSTUVWqrstuvwxyzabcdefghijklmnopXYZABCDEFGHIJ0123456789+/KLMNOP'

flag = ""

for _ in range(?):
 text1 = base64.b64encode(flag.encode(), altchars=table1.encode()).decode()

for _ in range(β):
 en_flag = base64.b64encode(text1.encode(), altchars=table2.encode()).decode()
print(en_flag)<

将生日祝福以压缩包形式打开,需要密码,使用ARCHPR破解一下

image-20250403205440546.png

打开后是

1
Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSWFJteFZVMjA1VjAxV2JETlhhMk0xVmpKS1IySkVUbGhoTVhCUVZteFZlRll5VGtsalJtaG9UV3N3ZUZadGNFZFpWMDE1VTJ0V1ZXSkhhRzlVVmxaM1ZsWmFkR05GU214U2JHdzFWVEowVjFaWFNraGhSemxWVm14YU0xWnNXbUZrUjA1R1drWndWMDFWY0VwV2JURXdWakZXZEZOc1dsaGlSMmhZV1d4b2IyVnNVbFZTYlVaclVqQTFSMXBGV2xOVWJGcFZWbXR3VjJKVVJYZFdha1pYWkVaT2MxZHNhR2xTYTNCWlYxWmtNR1F5VW5OalJtUllZbFZhY2xWc1VrZFdiRnBZWlVoa1YwMUVSa1pWYkZKSFZqSkZlVlZZWkZwbGEzQklXWHBHVDJSV1ZuUmhSazVzWWxob1dGWnRNWGRVTVZGM1RVaG9hbEpzY0ZsWmJGWmhZMnhXYzFWclpGZGlSbkJaV2xWYVQxWlhTbFpYVkVwV1lrWktTRlpxU2tabFZsWlpXa1p3YkdFelFrbFhXSEJIVkRKU1YxWnVUbGhpVjNoVVZGY3hiMWRHV25STlZFSlhUV3hHTlZaWE5VOWhiRXAwVld4c1dtSkhhRlJXTUZwVFZqRndSVkZyT1dsU00yaFlWbXBLTkZReFdsaFRhMlJxVW14d1dGbHNhRzlsYkZweFVtMUdUMkpGV2xwWlZWcHJWVEZLV1ZGcmJGZGlXRUpJVmtSS1UxWXhaSFZVYkZKcFZqSm9lbGRYZUc5aU1XUkhWMjVTVGxaRlNsaFVWbFY0VGtaYVdHUkhkRmROYTNCNVZHeGFjMWR0U2toaFJsSlhUVVp3VkZacVJtdGtSa3AwWlVaa2FWSnNhM2hXYTFwaFZURlZlRmR1U2s1WFJYQnhWV3hrTkdGR1ZYZGhSVTVUVW14d2VGVnRNVWRWTWtwV1ZtcGFXbFpXY0doWlZXUkdaVWRPU0U5V1pHaGhNSEJ2Vm10U1MxUXlVa2RUYmtwaFVtMW9jRlpxVG05a2JGcEhWbTA1VWsxWFVucFdNalZMVjBkS1NGVnRPVlZXYkhCWVZHeGFZVmRIVmtoa1IyaHBVbGhCZDFkV1ZtOVVNVnAwVW01S1QxWnNTbGhVVmxwM1YwWnJlRmRyZEdwaVZrcElWbGQ0YTJGV1NuUlBWRTVYVFc1b1dGbFhjekZYUmtweVdrWm9hV0Y2Vm5oV1ZFSnJUa1prUjFWc1pGaGhNMUpVVlcxNGQyVkdWWGxrUjNSb1lsVndWMVp0Y0dGWGJGcFhZMGRvV2xaWFVrZGFWV1JQVTBVNVYxcEhhR2hOU0VKMlZtMTBVMU14VVhsVmEyUlVZbXR3YjFWcVNtOVdSbXhaWTBaa2JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa2Q0VDFOSFJrZFJiRnBwVmtWVmQxWnRjRWRWTVZwMFVtdG9VRlp0YUZSVVZWcGFUVlphYzFwRVVtcE5WMUl3VlRKMGExZEhTbGhoUjBaVlZteHdNMXBYZUhKbFZURldXa1pPYVZKcmNEWldiR040WXpGVmQwMUlhRk5oYkhCWVdWZDBkbVF4V2xWU2ExcHNVbTFTZWxsVldsTmhWa3AxVVc1b1YxWXphSEpaYWtaelZqRldjMWRzYUdsV1ZuQlFWa1phWVdReVZrZFdXR3hyVWpCYWNGVnRlSGRsYkZsNVpVaGtXRkl3VmpSWk1GSlBWakpHY2xkcmVGZGhhM0JRVldwS1MxSXlSa2hoUlRWWFltdEtNbFp0TVRCVk1VMTRWVmhzVlZkSGVGWlpWRVozWWpGV2NWUnJUbGRTYlhoYVdUQmFhMkV3TVZkalJFSmFUVVpaZDFsV1ZYaFhSbFp5WVVaa1RtRnNXbFZXYTJRMFdWWktjMVJ1VG1oU2JGcFlXV3RhV2sxR1draGtSMFphVm0xU1NWWlhkRzloTVVwMFZXNUNWMkpIYUVSVWJYaGhWbFpPVlZKc1ZrNVdia0YzVmxjd01WTXhVWGhYYms1VVlsVmFWbFp0ZUhkTk1WcHlWMjFHYWxack5YbFhhMXBQWVZaS2NtTkVXbGRpUjA0MFdYcEdWbVF3TVVsaFJrNW9Za2hDV1ZkWGVGTlNhekZIVjJ4V1UySklRbk5WYlRGVFYyeGtjbFpVUmxoU2EzQmFWVmMxYjFZeFdqWlJhbEphWVd0YVlWcFZXbGRqTWtaR1QxWmtiR0pZYURaV01XUXdXVmRSZVZaclpGZFhSM2h5Vld0V1MxZEdWblJrU0dSc1lrWldOVnBWYUd0WFIwcEhZMFpvV2sxSGFFeFdha3BIWTJ4a2NtVkdaR2hoTTBKUlZsZHdTMU14U1hoalJXUmhVbFJXVDFWc2FFTlRNVnB4VW0xR1ZrMVZiRFZWYkdodldWWktXRlZzV2xwaVdGSXpXV3BHVjJOV1RuUlBWbVJUWWxob1lWZFVRbUZoTWtwSVUydG9WbUpIZUdoV2JHUk9UVlpzVjFaWWFHcE5WVFV4V1RCYWExUnRSbk5YYkZaWFlUSlJNRmxVUms5U01WcDFWR3hvYVZKc2NGbFdSbEpIVXpBMWMxZHJhR3hTTUZwWVZGZDRTMU5XV2xoa1J6bG9UVlZzTlZsVmFFTldiVXBJWVVWU1ZXSllhSEpXYkZwSFpFWktkR05GTlZkTlZXd3pWbXhTUzAxSFJYaGFSV2hVWWtkb2IxVnFRbUZXYkZwMFpVaGtUazFZUWxsYVZXaExZa1paZUZkcmJHRlNWMUYzVm1wS1MyTnNUbkpoUm1SVFRUSm9iMVpyVWt0U01XUkhVMnhzWVZJelFsUldhazV2VjFaa1YxcEVRbXRpVmtZMFdXdG9SMVV5U2taalNFNVdZbFJHVkZwWGVITldiR1J6Vkcxb1YyRXpRWGhXVm1NeFlqRlplRmRZY0doVFJYQllWbXRXWVdOc1ZuRlNiR1JxVFZoQ1NGbFZaRzlVYXpGV1kwWmFWMkpIVGpSVWEyUlNaVlphY2xwR1pGaFNNMmg1Vmxkd1QxVXlTWGhpU0U1WFltMVNXRlJXWkRSbFZscFlUVlZrV0ZKcmJETldiWEJUVjJzeFNHRkhhRmRoYTNCSVdUSXhUMUp0VmtkWGF6VlhZbXRLU2xZeGFIZFNNVmw1VkZoc1UyRXlhSEJWYlhNeFkwWlZkMVpyZEU1aVJuQjRWVzB4UjFack1WWk5WRkpYVm0xb2VsWnNXbXRUUjBaSlVteGFhVkl4UlhkV2JURTBZekpPYzFwSVZtRlNNMEpVV1d0b1EwNUdXbkpaTTJSUFZteHNORll5TlU5aGJFcEdVMjFvVjJKSFVrOVVWbHBoVjBkTmVtRkhjR2xXV0VKSFZteGtOR0V4VW5OWFdHeG9Va1Z3V0ZsWGRFdGpiRlkyVW10MGFtRjZWbGhYYTFwaFlWWktjMk5HYkZkU2JFcE1XV3BHVDFZeFpISmhSM1JUVFVad2FGWnRNSGhWTVU1WFYyeG9hMUo2Ykc5VVZsWnpUbFpzVm1GRlRsZGlWWEJKV1ZWV1UxWXdNVmRqU0VwWFlrWndTRnBGV2t0a1IwNUdUbFprVGxaWGQzcFdiWGhUVXpBMVNGUllhRmhpUjFKb1ZXeGtiMkl4Vm5GUmJVWlhZa1p3TUZwVmFHdFVhekZYWTBoc1YwMXFSa2haVjNoaFkyMU9SVkZ0UmxOV01VWXpWbTF3UzFNeVRuTlVia3BwVW0xb1dGbHJXbmRsVm1SWlkwVmtWMkpXUmpOVVZscHJWMGRLV0dWSVRscFdSVm96VmpGYWExZEhWa2RVYkU1b1pXdGFTVlpxU2pSV01WVjVVbGh3VW1Kck5WZFpiRkpIVmtad1dHVklUbGRpUjFKNlZrY3hiMVV4V2taWFdHUllWbXhhYUZscVJtdFNNV1IxVkd4U2FFMHlhRmxXYlhSWFdWWnNWMk5HV2xoaVIxSnhWRmQwWVZOV2EzZFhhemxYVFVSR1Yxa3dXbXRXTWtwSVZHcFNWV0V5VWxOYVZscGhZMnh3UjFwR2FGTk5NbWcxVm14a01GWXhUWGhhUldSV1lrZFNXVmx0TVZOak1WcDBUVlJDVGsxWGVGZFhXSEJYVmpBeFJWSnJXbFppVkZaMlZtMHhTMWRXVm5WWGJHUm9ZVE5DU1ZkVVNqUmhNbEpJVW10b1UySkZOWEJWTUZaTFUyeFplV1JIUm1oTlZURTBWVEZvYzFVeVJYbGhSemxXWWtaS1dGWXdXbk5rUjFKR1pFVTFhVkp1UVhkWFZFSlhZVEZrYzFkWVpGZGhiRXBZV1d0a2IyUnNXWGRYYlhSVVVqQmFTRmxyV25kaFZtUklZVWM1VjJKWVFraFpla3BPWlZaS2NtRkdRbGRpVmtwVlYxZDRiMkl3TlZkWGJsSk9Va1ZhYjFSV1duTk9SbGw1VGxaT1YySlZjRWxhVldSdlZtMUtTRlZyT1ZWV2JIQm9WakJrVG1WdFJraGpSMnhYVjBWS1NGWnRlR3RPUjBWNFZXNU9XRmRIZUc5VmExWjNWMFpTVjFkdVpHaFNiRmt5VlcxMGQySkdTbk5UYWtaWFlsaG9URmxXV2t0ak1rNUhZa1pvVjAweFNqSldWbEpIWVRGWmVGcElTbWhTTTJoVVZGVmFkMkZHV25STlNHaFdUVlZzTkZaWE5VOVhSMHBXVjJ4a1ZtSllhRE5VVlZwelZteGtjMVJzWkZkaVNFSlpWMVJDYTFJeFdsZFhiazVxVTBWd1dGbFhkR0ZoUm13MlVtMTBhbUY2YkZoWGEyUnpWVEF3ZVZScVVsZGlXR2hVVlhwQk1WTkdVbGxoUm1ocFVqRktiMVpYZUd0aU1rbDRWbTVTVGxaNmJGaFphMXAzVFVad1ZtRkhkRlZoZWtaWldsVmFhMVl3TVhGV2JrcFhWa1Z3VEZVeFdrZGpiVVpIV2taT1RrMXRhRlpXYlRGM1V6Rk5lVlJ1VGxWaWEzQnhWVzB4YjJOR1ZuUmxTR1JwVFZkU1dGWlhkREJWTURGWFlrUlNWMVo2Vmt4V01HUkxVakZPZEU5V1ZsZFNWbkJOVm1wR1lXRXhXWGhXYmtwaFVqTlNUMWxVUm5kVFZtUllaRWM1VTAxV1ZqVlZNblJoWVd4T1JrNVdaRnBpUmtwSVZtdGFXbVZYVmtoa1IzQnBVbTVDVjFaWE1UUmhNVkp6VjI1V1VtRnNjRmxXYTFaTFlVWmFjVkp0ZEZOTlYxSmFXVEJhWVdGWFJYcFJiR3hYWWxoU1dGZFdaRTlqTVZwMVVteFNhRTB4U2xaV2JURjZUVlV4UjFadVVteFNWR3h3VldwQ2QxZHNiRlpWYkU1WFRVUkdXVlpXYUd0WFJscDBWV3hPWVZac2NHaFpNbmgzVWpGd1IyRkdUazVOYldjeFZtMTRhMlF4VVhoV1dHeFVWMGRvY0ZVd1ZURlhSbXgwVFZaT1YxSnNTbGhXTW5Rd1lrZEtTR1ZHWkZwV1YxRjNWakJhU21ReVRrWmhSbkJPVW01Q01sWnFTbnBsUms1SVVtdGFiRkp0VW05WlZFNURVMVprVlZOcVVtaE5helV3Vm0xMGExbFdTbFZXYkdoYVlsaFNURlV5ZUZwbFIwWkpXa1pPVGxadGR6RldhMXB2WXpGVmVWSlliR2hUUlVwWFdXeG9UbVZHYTNkWGJGcHJUVlp3ZVZwRlZURmhWa3AxVVZoa1YxSnNjRlJWVkVaaFkyc3hWMWRyTlZkU2EzQlpWbTB3ZUdJeVZuTlhibEpPVmxad2MxWnRlR0ZsYkZsNVpVaGthRlp0VWtoVk1XaDNWMFphYzFkdGFGZGhhM0JVVlcxemVGWXhjRWRXYld4WVVsVndWbFl4WkRCaU1VVjNUbFZrV0dKcmNHRlVWRXBUVlVaYWRHVklUazlTYkd3MVZHeGFUMVl5U2xaalJXeGFWbFp3ZGxacVNrZGphelZXVDFaV1YySklRbTlXYWtKclZHMVdkRkpyWkZWaVIxSnZWRlpvUWsxR1duUmxSM1JQVWpCV05GWlhOVk5WTWtweVRsWnNXbUV4V21oV01GcFRWakZrZFZwSGFGTmlSbXQ1VmxjeE1FMUhSbkpOVm1SVVlXdGFXRlpxVG05VlJteFhWMnR3YkZKck5URlhhMXByWVZaa1IxTnNiRmRpVkVJMFZsY3hWMUl4Y0VsV2JFNXBVbFJXZDFadGVHRmtNa1pIVjI1U1RsTkhhRmRVVmxVeFYwWlplVTVXVG1oTlZXOHlXV3RqTlZaV1duTlhhazVWVmxad2VsWnRlR3RqTVZKeldrWmthVk5GU21GV01WcFhWakZWZUZkdVNrNVdiVkp4VldwS2IxbFdVbGRYYm1SV1VtMTBORll5ZUd0aGF6RnlUbFZvV0dFeVVucFdha3BHWlZkUmVtTkdaR2xYUjJoVlZsaHdRbVZHVGtkVWJHeHBVbXMxYjFSWGVFdFdiR1JZVFZod1RsWnNjRmhaYTJoUFZqSktWbGR0T1ZaaVdHZ3pXbFZhWVZOSFZrWlBWMmhUWVROQ05sZFhkRk5VTVZsM1RWaEdWMkpyY0ZoV2ExWjNWRVpWZUZkclpHcGlWVnBJVjJ0YVQxUnJNWFJoUmxwWFlsUkdNMVY2Ums1bFZsSjFWR3hXYVdFelFuaFdWekI0WWpKT1IxWnVVbXhUUjFKd1ZGWmtVMWRHV2xoa1JFSldUVVJHV0ZsclVsTlhSMFY1WVVab1YyRXlVa3hXTUdSWFUxWlNjMk5HWkZOV2JUazJWbTF3UjFsV2JGZFRXR2hoVTBaS1ZGbHNhRk5VTVZweFVtdDBWRlpzYkRWYVJXUkhZVVV4V0ZWcmJGWk5ibEpvV1ZkNFQxSnJOVmRhUm5CcFVtdHdTVlp0ZEdGWGJWWllWbXRzVldKSFVuQlZha1pLWkRGYVJWSnRkR2xOVm13elZGWldjMVZ0UlhsaFJteFhZVEZhVEZsVlduTmpWa3AwWkVaT1RsWXhTWGhXYTJRMFZUSkdSazFJYkdoU2JYaFlXV3hvVTFkR1pGZGFSbVJxVFZkU01WVnRlRk5oUlRCNFUyeFdWMUpzY0doYVJFcFhZekZrY21GRk5WZGxiWGhYVjFab2QxSXhXWGhoTTJSWVlsUnNXRlJYZEhkVFZscElZMFpPVjFZd1ZqVldWM00xV1ZaS1JsSllhRmRoYTFvelZUQmtTMUl4VW5OVWJXeG9UVWhDV2xadGNFZGhNRFZIVmxoc1ZWZEhlRlZXTUdSdlZqRnNjbHBHVGxoV2JYZ3dWRlphVDJGck1WZGpSRUpoVmxkb1VGWkVSbUZrUjFKRlZHeGthVlpGVmpOV2JYQkNaVVpLVjFOdVNsaGlSbkJ3Vm10YVlVMXNXblJOU0doVVRWZFNXRlp0TlZkWFIwcElWVzA1V2xaRldqTlpha1poVjBVeFZWVnNVazVoZWxaWlZteGpNVlV4VlhsVGEyaFdZbXRLV0Zsc2FGTk5NVlY1WlVkR2FrMVlRa3BYYTFwVFZHeGFXR1I2UWxkV1JWcDJXWHBHVm1WV1NsbGlSMmhVVWxWd1dGZFhlRzlVYlZaSFlUTmtXR0pyTlZoV2JYUmhUVlpaZVdONlJsZE5hM0JLVlZab2ExZEhTa2RYYmtaVllrZFNSMXBFUVhoV01XUnpZVWRzYVZkSGFGaFdiVEI0VGtkUmVWVnVUbGhpYXpWWldXeG9VMVpXVm5GUmJVWlVVbTE0VjFZeU5XdGhSbHAwVld0c1dsWlhUVEZXYWtwTFYxWkdjbUZHY0d4aE0wSlFWMnhhWVZNeVRuUlNhMlJTWWtkU2NGWnRkSGRXYkZsNFdrUkNWMDFzUmpSWGEyaFBWMGRGZVZWc2JGcGlSMmhFVmxWYVlXTldSbk5hUlRWT1ZtdHdXVlpxU1hoTlIwWklVMnRhYWxKWFVsZFVWM0JIVTBaYWMxZHRSbGROYXpWSlZXMHhSMVV4U2xkalJ6bFlZVEZhVjFwVldtRmpNazVHVjJ4Q1YwMXVhRlZXYWtKWFUyc3hWMWRZYUZoaVIxSmhWbXBDVjA1R1dsaE9WazVXVFd0d2VWUnNXbk5YYlVWNFYyMW9WMDFHY0ZSV2FrWnJaRlp3U0dGR1RtbFNiWFExVm14amVFMUhVWGxUYTJSVVltczFWVmxYZEdGWFJscHhWRzA1VmxKdGVGaFdNblIzWWtaS2NrNVVSbGhoTVhCeVdWVmtSbVF5VGtoUFZtUllVMFZLVFZaVVNYaFdNVWw1Vkd0YWFWSnNXbkJWYWtwdlpERmFkR1ZIUm10TlYxSklWakowYTFkSFNsWlhia1pWVmxaS1dGVXdXbXRqYlVaR1pFZG9VMkV6UWpWV1IzaGhZVEZhZEZOc2JHaFNSVFZXVm14YWQyRkdXWGRXVkVaWFlrWktlbGRyVlRGaFJUQjNVMnQwVjAxV2NGaFdha1pXWlVaa2MyRkdVbWxTTTJoMlZsZHdTMkl4YkZkVmJHUllZbTFTVjFWdGVIZGxiRmw1WkVSQ2FHRjZSbGRVYkdoelZsZEtSMk5JU2xkU00wNDBXa1ZrUjFOR1NuTmFSMnhYVWxac05sWnNhSGRUTVZaMFZtdG9WR0V5VW1oVmJURlRWMVpXY1ZOdE9WaGlSMUpZVmxkMGEyRXdNVmRqUm1oYVlUSm9URmRXV2t0T2JVcEhZa1phYVZaRlZYZFdha1poWTIxV2RGUnJXbUZTTW1oUFdWUk9RMU5zWkhOV2JVWm9UVlpzTTFSV2FFZFZNa1Y1WVVkR1YyRnJOWFpaVlZweVpWVXhWazlXVWxkTlJGWkpWMVpXYTJJeFVuTmFSVnBVVjBkNFdGbHNVa2ROTVZZMlVtczFiRlpzU2pGV1IzaFhZVmRGZWxGdVpGZFdla0kwVmxSR2ExSXlTa2xVYkdob1RWaENlVlpHV21Gak1EVkhWMWhzVGxaWFVsbFZha0ozVjBaWmVXUkhPVmROVlc4eVZtMTBORll3TVVoVmEzaFdZbGhOZUZacVNrZFNNV1IwWWtaT2FXRXdjRnBXYlhSclRrWktjazlXWkZKaVJYQlNWbXRTUWs5UlBUMD0=

frombase64的魔法棒一直点

image-20250403210318172.png

1
w8+8nMw3t8F2kGv3vNB9s9shjNcLhpTNt6TfmM7euLc9gnHMuqBmd8XDpDsSl5gSwqFGmMr/r8oSj7z8uEP5vz==

image-20250403210828381.png

image-20250403211454767.png

flag:QLNU{Y0u_@r4_gO0d_Ctfer!}

你是mvp还是躺赢狗?

image-20250403211619199.png

使用zip方式打开,是一张图

image-20250403211819348.png

注:IHDR 数据块,其标识为 “49 48 44 52”

有个问题,为啥会变成这样,就是把宽改了下

image-20250403212807765.png

image-20250403212833630.png

image-20250403212947992.png

image-20250403212901425.png

flag:QLNU{l00k_1n_My_3ye5_!}

奇怪的动图

image-20250403214737042.png

明文攻击

image-20250403215504225.png

拿到其中的文件

image-20250403221811148.png

image-20250403221835035.png

记事本替换一下

image-20250403222005629.png

使用python脚本转换为utf-8

1
2
3
4
5
6
7
8
9
10
11
12
13
14
binary_str = '0100000000110001010001100101111101101001001101010101111101100001011011010100000001111010001100010110111000111001'
# 按 8 位一组分割二进制字符串
bytes_list = [binary_str[i:i + 8] for i in range(0, len(binary_str), 8)]
# 转换为十进制整数列表
int_list = [int(byte, 2) for byte in bytes_list]
# 转换为字节对象
byte_obj = bytes(int_list)
try:
    # 尝试以 UTF - 8 解码
    utf8_text = byte_obj.decode('utf-8')
    print("转换后的 UTF - 8 符号:", utf8_text)
except UnicodeDecodeError:
    print("无法使用 UTF - 8 解码此二进制数据。")

image-20250403222312078.png

flag:QLNU{@1F_i5_am@z1n9}

NetTraffic

image-20250403225203779.png

分析TCP流

image-20250403225941709.png

密码:e45e329feb5d925b

image-20250403225832264.png

冰蝎的数据是ACE加密的

image-20250403231323628.png

image-20250403231339675.png

接着找

image-20250403231437288.png

flag:QLNU{b3h1NdEr_WebShEll_A_L1ttle_hArd}

Web

myjwt

image-20250330093508386.png

获得的令牌是eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZ3Vlc3QiLCJleHAiOjE3NDMzMDA4ODR9.ftDljpYTxsWKpL0S15_BZvNTsDfqPqKGek7NRbxtdnY

解码

image-20250330101525071.png

接着使用jwt_tool爆破得到秘钥,秘钥是12345678

image-20250330101404096.png

将guest改为admin,并重新生成jwt,使用bp加上Authorization头重新提交

image-20250330102048515.png

image-20250330102440409.png

flag:flag{1ef47ba1-9d70-4f0d-8330-59ba14e7b7a5}

泄露

dirsearch扫描

image-20250330104724844.png

git目录还原

image-20250330104816575.png

image-20250330104938735.png

image-20250330105214827.png

flag:QLNU{S1mpl3_g1t_AnD_sWp}

pppppyyyyyyyyyyyyyyyy

image-20250403222636026.png

image-20250403223805123.png

bp爆破一下

image-20250403223748726.png

image-20250403223936659.png

image-20250403223956979.png

问的豆包

image-20250403225038973.png

image-20250403224621970.png

image-20250403224652440.png

flag:QLNU{8beb2640-cf69-4a92-ac81-185d769d6205}

Crypto

ez_rsa

image-20250330102609565.png

这题是存AI呀,没学过算法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# 扩展欧几里得算法,用于计算模逆元
def extended_gcd(a, b):
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = extended_gcd(b % a, a)
        return (g, x - (b // a) * y, y)

# 计算模逆元
def mod_inverse(a, m):
    g, x, y = extended_gcd(a, m)
    if g != 1:
        raise Exception('Modular inverse does not exist')
    else:
        return x % m

# 定义给定的参数
p = 90387314829577654422580031074599849052489238017386590909427609518517830566632094153174983956061626373542148240632197282485834233498500360232839084537084441830816514377758069170092001168381491479309335271918675512196998198539464292877701133358699988066055212018603381917137199082127062670061784408062745010247
q = 131956964140437962238499019120856300797119073778027003002410884250396411838742340328080251408907361408806296819791922928892510090479973276769850659868697243411701946298190698869130430898400373194761890908225250866477990376871572627474128475108692336502916114993456438619932236295206409818033775388146000072237
e = 65537
c = 10410921907308276410589892193503777002613206525409600556582550130141239927384225094961244567250536114378262855720197279202379339896438970790676722385500897567129069224577416685817545829358494364962182199000462733858163411476930100883908770692701838181723658773973906387237278170734899690708594256204971349985771317564511229193597685929139414357691595246148020635838183673924739613551091535814336813669476452556824499750065035663728996877554070485866597029563465929590470889674480345186537435258607153437323899798451617074637518593529083308029187565110013064533249964278447406229869537622883525179107457102587647233026

# 计算 n 和 phi(n)
n = p * q
phi_n = (p - 1) * (q - 1)

# 计算私钥 d
d = mod_inverse(e, phi_n)

# 计算明文 m
m = pow(c, d, n)

# 将大整数转换为十六进制字符串
hex_str = hex(m)[2:]

# 确保十六进制字符串长度为偶数
if len(hex_str) % 2 != 0:
    hex_str = '0' + hex_str

# 转换为字节数组并解码为UTF-8字符串
try:
    byte_array = bytes.fromhex(hex_str)
    plaintext = byte_array.decode('utf-8')
    print("转换后的文本:", plaintext)
except UnicodeDecodeError:
    print("无法解码为UTF-8文本")

image-20250330103911349.png

flag:QLNU{9f873f1c0315202caf47572a0bc24715}

许可协议

本文采用 署名-非商业性使用-相同方式共享 4.0 国际 许可协议,转载请注明出处。