河南省第二届“金盾信安杯”网络安全大赛 WriteUp Crypto+Misc

2020年 河南省第二届“金盾信安杯”网络安全大赛 Write UP Crypto+Misc

作者:ch4nge
时间:2020.12.20

题目资源下载

https://download.csdn.net/download/qq_25094483/13743845

前言


今天的比赛,趁着热乎,写一篇writeup记录一下做出来的题目,比赛是针对萌新的,很友好,我只做了Crypto和Misc部分,幸运的是把这两类题目做完了,在这里分享一下思路,希望可以帮助CTF入门的小伙伴~

注意:一些编解码网站直接在超链接里面,蓝色字体就是。

比赛体验感一般,上午9点刚开始比赛,平台的比赛入口就没了~最后离结束十几分钟的时候排名也是疯狂掉哇QAQ

文章目录


Crypto

base

题目类型:编码
解题步骤:

1、下载文件,解压得到base文件,打开发现是Data URI scheme数据,也就是一个png图片的base64格式
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAYAAAB5fY51AAASbUlEQVR4nO2bQbJrOxIC3/433T1x/Dt1KYxISmSEpjICDjP/+18ppYTwzy2glFK+pYNVSomhg1VKiaGDVUqJoYNVSomhg1VKiaGDVUqJoYNVSomhg1VKieHrwfr371/P4RkFIrybAOF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqcBuF9pPx6Zj53sCBBnPqswO2X2mdSfj0zn2WDtRlS4QnvS/MiUXMiHSwI2wvfweJpTqSDBWF74TtYPM2JdLAgbC98B4unOZEOFoTthe9g8TQn0sGCsL3wHSye5kQ6WBC2F76DxdOcSAcLwvbCd7B4mhPpYEHYXvgOFk9zIh0sCNsL38HiaU5k5WApPw6K5gmJ76N44b6XpHlrfh2s8MKrdCR64b6XpJnQIcXdHazwwqt0JHrhvpekmdAhxd0drPDCq3QkeuG+l6SZ0CHF3R2s8MKrdCR64b6XpJnQIcXdHazwwqt0JHrhvpekmdAhxd0drPDCq3QkeuG+l6SZ0CHF3R2s8MKrdCR64b6XpJnQIcXdHazwwqt0JHrhvpekmdAhxd0drPDCq3QkeuG+l6SZ0CHF3R2s8MKrdCR64b6XpJnQIcXdHazwwqt0JHrhvpekmdAhxd0drPDCp3mReJT5pfns9qKDdUHzBLcHyfm5vVB2w+0BxYsO1gXNE9weJOfn9kLZDbcHFC86WBc0T3B7kJyf2wtlN9weULzoYF3QPMHtQXJ+bi+U3XB7QPGig3VB8wS3B8n5ub1QdsPtAcWLDtYFzRPcHiTn5/ZC2Q23BxQvOlgXNE9we5Ccn9sLZTfcHlC86GBd0DzB7UFyfm4vlN1we0DxooN1QfMEtwfJ+bm9UHbD7QHFiw7WBc0T3B4k5+f2QtkNtwcULzpYFzRPcHuQnJ/bC2U33B5QvOhgXdCsItELgndKDak+p3jRwbqgWUWiFwTvlBpSfU7xooN1QbOKRC8I3ik1pPqc4kUH64JmFYleELxTakj1OcWLDtYFzSoSvSB4p9SQ6nOKFx2sC5pVJHpB8E6pIdXnFC86WBc0q0j0guCdUkOqzyledLAuaFaR6AXBO6WGVJ9TvOhgXdCsItELgndKDak+p3jRwbqgWUWiFwTvlBpSfU7xooN1QfMEtwe0/BSQ8lPdS8hDcbd9sBIhhUwoZhqk/DbTwYJAKnwHaw4pv810sCCQCt/BmkPKbzMdLAikwnew5pDy20wHCwKp8B2sOaT8NtPBgkAqfAdrDim/zXSwIJAK38GaQ8pvMx0sCKTCd7DmkPLbTAcLAqnwHaw5pPw208GCQCp8B2sOKb/NRA1Wz53CuzWTvHDfe3J3z8znDhYkiFOft977iuaemc8dLEgQpz5vvfcVzT0znztYkCBOfd567yuae2Y+d7AgQZz6vPXeVzT3zHzuYEGCOPV5672vaO6Z+dzBggRx6vPWe1/R3DPzuYMFCeLU5633vqK5Z+ZzBwsSxKnPW+99RXPPzOcOFiSIU5+33vuK5p6Zzx0sSBCnPm+99xXNPTOfO1iQIE59Tssv0Qul5p6Zz7v/fVn+w100Etvft5mm8QgdrD+2v28zTeMROlh/bH/fZprGI3Sw/tj+vs00jUfoYP2x/X2baRqP0MH6Y/v7NtM0HqGD9cf2922maTxCB+uP7e/bTNN4hA7WH9vft5mm8QgdrD+2v28zTeMROlh/bH/fZhD/JZQ9TqiZ8L4JKs0U7wgapiR64fa5gwUJQk3qx0HQoSLRC7fPHSxIEGpSPw6CDhWJXrh97mBBglCT+nEQdKhI9MLtcwcLEoSa1I+DoENFohdunztYkCDUpH4cBB0qEr1w+9zBggShJvXjIOhQkeiF2+cOFiQINakfB0GHikQv3D53sCBBqEn9OAg6VCR64fa5gwUJQk3qx0HQoSLRC7fPHSxIEGpSPw6CDhWJXrh9RgzW9kNApZninTvjk6zdWmnnK89qrs7ccg93H9S9SNXxa80dLFgxyxnuPtCGgqLj15o7WLBiljPcfaANBUXHrzV3sGDFLGe4+0AbCoqOX2vuYMGKWc5w94E2FBQdv9bcwYIVs5zh7gNtKCg6fq25gwUrZjnD3QfaUFB0/FpzBwtWzHKGuw+0oaDo+LXmDhasmOUMdx9oQ0HR8WvNHSxYMcsZ7j7QhoKi49eaO1iwk1SeE9z+vnIS8/vq91VCVRB0uEOj6aBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkl0sC5oUOml6KBoVrzPrfNGJkmsH6y0Q/GCoKHv4x1lP7+60/njagjBpRViCkHDCzqUXU7qZwdLHFxaIaYQNLygQ9nlpH52sMTBpRViCkHDCzqUXU7qZwdLHFxaIaYQNLygQ9nlpH52sMTBpRViCkHDCzqUXU7qZwdLHFxaIaYQNLygQ9nlpH52sMTBpRViCkHDCzqUXU7qZwdLHFxaIaYQNLygQ9nlpH52sMTBpRViCkHDCzqUXU7qZwdLHFxaIaYQNLygQ9nlpH7KBiuxPNsPwbdmzctElZ/ibkmDKCVW4S6N2rs0vVPcmb2Sn+LuDtYB7pK/UngV7sxeyU9xdwfrAHfJXym8Cndmr+SnuLuDdYC75K8UXoU7s1fyU9zdwTrAXfJXCq/Cndkr+Snu7mAd4C75K4VX4c7slfwUd3ewDnCX/JXCq3Bn9kp+irs7WAe4S/5K4VW4M3slP8XdHawD3CV/pfAq3Jm9kp/i7g7WAe6Sv1J4Fe7MXslPcXcH6wB3yV8pvAp3Zq/kp7gb8V9CgsGUeyk6KO8jaCbg9pbiRQfr8H0U37a/j6CZgNtbihcdrMP3UXzb/j6CZgJubyledLAO30fxbfv7CJoJuL2leNHBOnwfxbft7yNoJuD2luJFB+vwfRTftr+PoJmA21uKFx2sw/dRfNv+PoJmAm5vKV50sA7fR/Ft+/sImgm4vaV40cE6fB/Ft+3vI2gm4PaW4kUH6/B9FN+2v4+gmYDbW4oXHazD91F82/4+gmYCbm8pXnSw+r6eH3msxO0BxTtGGmG4QzshqZTJmlW4h4fic15yANyhnZBUymTNKtzDQ/E5LzkA7tBOSCplsmYV7uGh+JyXHAB3aCcklTJZswr38FB8zksOgDu0E5JKmaxZhXt4KD7nJQfAHdoJSaVM1qzCPTwUn/OSA+AO7YSkUiZrVuEeHorPeckBcId2QlIpkzWrcA8Pxee85AC4QzshqZTJmlW4h4fic15yANyhnZBUymTNKtzDQ/E5Ljm3YWoN7oKRCkzQQfHDnRulGx0sGO5CUDSc6FBA+EiVuEdq6oXfsSFphZjiLgRFw4kOBYSPVIl7pKZe+B0bklaIKe5CUDSc6FBA+EiVuEdq6oXfsSFphZjiLgRFw4kOBYSPVIl7pKZe+B0bklaIKe5CUDSc6FBA+EiVuEdq6oXfsSFphZjiLgRFw4kOBYSPVIl7pKZe+B0bklaIKe5CUDSc6FBA+EiVuEdq6oXfsSFphZjiLgRFw4kOBYSPVIl7pKZe+B0bklaIKe5CUDSc6FBA+EiVuEdq6oXfsSFphZjiLgRFw4kOBYSPVIl7pKZefO2YWyhJhzvYnua38XyVHSFkFSod7mBvaKZ4ocCdGe1QvPvq91OEnqDS4S7YDc0ULxS4M6Mdindf/X6K0BNUOtwFu6GZ4oUCd2a0Q/Huq99PEXqCSoe7YDc0U7xQ4M6MdijeffX7KUJPUOlwF+yGZooXCtyZ0Q7Fu69+P0XoCSod7oLd0EzxQoE7M9qhePfV76cIPUGlw12wG5opXihwZ0Y7FO+++v0UoSeodLgLdkMzxQsF7sxoh+LdV7+fIvQElQ53wW5opnihwJ0Z7VC8++r3U4SeoNLhLtgNzRQvFLgzox2Kd1/9forQE1Q63AUjlfgVHT3681XOXzeiXMFdmkl5SGz3QqVZ6UUH6wHcQ0X6SCds96KD9blzpKDIcQ8V6SOdsN2LDtbnzpGCIsc9VKSPdMJ2LzpYnztHCooc91CRPtIJ273oYH3uHCkoctxDRfpIJ2z3ooP1uXOkoMhxDxXpI52w3YsO1ufOkYIixz1UpI90wnYvOlifO0cKihz3UJE+0gnbvehgfe4cKShy3ENF+kgnbPeig/W5c6SgyHEPFekjnbDdiw7W507Vj/foC/9Cibe/b+u9KjpYF44svMASE3wmvW/rvSo6WBeOLLzAEhN8Jr1v670qOlgXjiy8wBITfCa9b+u9KjpYF44svMASE3wmvW/rvSo6WBeOLLzAEhN8Jr1v670qOlgXjiy8wBITfCa9b+u9KjpYF44svMASE3wmvW/rvSo6WBeOLLzAEhN8Jr1v670qOlgXjiy8wBITfCa9b+u9KjpYF44svMASE3wmvW/rvSo6WBfOKBCA3tT3qTQo35d2rzs/2WBthlR4Z3lSSfSig/XR6zYskQ5WNoledLA+et2GJdLByibRiw7WR6/bsEQ6WNkketHB+uh1G5ZIByubRC86WB+9bsMS6WBlk+hFB+uj121YIh2sbBK96GB99LoNS6SDlU2iFx2sj163YYl0sLJJ9KKD9dHrNiyRDlY2iV50sD56a5he8wS3BxSPlT67Peg5z6+DdUHzBOXdKg1pXrh7RjtJdLAuaJ5AKBvBY6UX7p7RThIdrAuaJxDKRvBY6YW7Z7STRAfrguYJhLIRPFZ64e4Z7STRwbqgeQKhbASPlV64e0Y7SXSwLmieQCgbwWOlF+6e0U4SHawLmicQykbwWOmFu2e0k0QH64LmCYSyETxWeuHuGe0k0cG6oHkCoWwEj5VeuHtGO0l0sC5onkAoG8FjpRfuntFOEh2sC5onUDT3vHOU/fy1jg7WBc0E3N4mn0SfVbg1d7AuaCbg9jb5JPqswq25g3VBMwG3t8kn0WcVbs0drAuaCbi9TT6JPqtwa+5gXdBMwO1t8kn0WYVbcwfrgmYCbm+TT6LPKtyaO1gXNBNwe5t8En1W4dbcwbqgmYDb2+ST6LMKt+YO1gXNBNzeJp9En1W4NXewLmgm4PY2+ST6rMKtuYN1QbMKt189Ow6lc1/9vkoowQCKZhVuvxILT/KN8j5lfr+mgwUrxAS3XzcKT8iPclTvU+b3azpYsEJMcPt1o/CE/ChH9T5lfr+mgwUrxAS3XzcKT8iPclTvU+b3azpYsEJMcPt1o/CE/ChH9T5lfr+mgwUrxAS3XzcKT8iPclTvU+b3azpYsEJMcPt1o/CE/ChH9T5lfr+mgwUrxAS3XzcKT8iPclTvU+b3azpYsEJMcPt1o/CE/ChH9T5lfr+mgwUrxAS3XzcKT8iPclTvU+b3azpYsEJMcPt1o/CE/ChH9T5lfr/GPliJkArRjyNbs/ubovToa72qh20mtfDbP373vSd3u78pSo++1qt62GZSC7/943ffe3K3+5ui9OhrvaqHbSa18Ns/fve9J3e7vylKj77Wq3rYZlILv/3jd997crf7m6L06Gu9qodtJrXw2z9+970nd7u/KUqPvtarethmUgu//eN333tyt/ubovToa72qh20mtfDbP373vSd3u78pSo++1qt62GZSC7/943ffe3K3+5ui9OhrvaqHbSa18Ns/fve9J3e7vylKj77Wq3rYZlILv/3jd997crf7m6L06Gu9lIdtPqNAAHrrxTua3TqnmjtYkCBu+JykYQpFh4rErBWaO1iQIG74nKRhCkWHisSsFZo7WJAgbvicpGEKRYeKxKwVmjtYkCBu+JykYQpFh4rErBWaO1iQIG74nKRhCkWHisSsFZo7WJAgbvicpGEKRYeKxKwVmjtYkCBu+JykYQpFh4rErBWaO1iQIG74nKRhCkWHisSsFZo7WJAgbvicpGEKRYeKxKwVmjtYkCBu+JykYQpFh4rErBWaO1iQIG74nKRhCkWHisSsFZrzkiulPEsHq5QSQwerlBJDB6uUEkMHq5QSQwerlBJDB6uUEkMHq5QSQwerlBLD/wFfXgShUHPDXQAAAABJRU5ErkJggg==
2、将数据复制到浏览器打开,保存图片

河南省第二届“金盾信安杯”网络安全大赛 WriteUp Crypto+Misc

3、图片是个二维码,在线解码一下

得到F#S<YReBy{f.WwU{CSv^e^'n*D

4、根据题目名字base,这个编码应该是base类型的编码结果,使用basecrack(base全家桶解密)工具

命令:

python basecrack.py -b "F#S<YReBy{f.WwU{CSv^e^'n*D"

###记得加双引号

河南省第二届“金盾信安杯”网络安全大赛 WriteUp Crypto+Misc

5、得到答案

Decoding as Base92: flag{you_very_good!!}
编码方式 Base92


6、附:basecrack使用方法
$ git clone https://github.com/mufeedvh/basecrack.git
$ cd basecrack
$ pip install -r requirements.txt
$ python basecrack.py -h
$ python basecrack.py -b "F#S<YReBy{f.WwU{CSv^e^'n*D"

不一样的凯撒

题目类型:编码
解题步骤:

1、下载文件,打开是一串字符
bhag{asb_zsz_vtsz_aszw}
2、题目提示凯撒,按照凯撒密码的原理,对其进行解密

得到一串接近答案的字符串
flek{ewf_dwd_zxwd_ewda},但是显然这不是正确答案,与密文字符串对比发现此字符前两个与密文字符串第3 4位字符加一起是flag
bhag{asb_zsz_vtsz_aszw}
flek{ewf_dwd_zxwd_ewda}

3、对字符移动位数查找规律

发现在密文字符的十进制为偶数的时候才进行移4位操作,奇数的时候不变
河南省第二届“金盾信安杯”网络安全大赛 WriteUp Crypto+Misc
bh分别为98 104,加4之后是102 108,ag是奇数 103 123,不变,结果是flag

>>> chr(102)
'f'
>>> chr(108)
'l'
4、使用python3编写脚本进行解密.

两个if判断用来区分大小写操作

# -*- coding: utf-8 -*-
c = 'bhag{asb_zsz_vtsz_aszw}'
yy = 4#移位4
d=''

for i in range(len(c)):
    if c[i]>='a' and c[i]<='z' and ord(c[i])%2 == 0:
        d=d+chr((ord(c[i])+yy-97)%26+97)
    elif c[i]>='A' and c[i]<='Z' and ord(c[i])%2 == 0:
        d=d+chr((ord(c[i])+yy-65)%26+65)
    else:
        d=d+c[i]
print(d)
d=''
5、运行得到答案
flag{asf_dsd_zxsd_asdw}

第一次看到这么不可读的flag,你敢信这是答案

上一篇:“干掉”HackTheBox里面的Writeup


下一篇:BugkuCTF writeup-速度要快(100)