Ashing's Blog

想学的太多 懂得的太少

0%

JarvisOJ-Basic-WriteUp

发表于 更新于 分类于

0x01 base64?

base家族,py脚本decode: 

1
2
3
4
5
6
7
8
9
import base64 
str1 ='GUYDIMZVGQ2DMN3CGRQTONJXGM3TINLGG42DGMZXGM3TINLGGY4DGNBXGYZTGNLGGY3DGNBWMU3WI===' 
try: 
	print base64.b64decode(str1) 
except: 
	try: 
		print base64.b32decode(str1) 
	except: 
		print base64.b16decode(str1)

0x02 USS Lab

百度谷歌一把梭

0x03 veryeasy

linux 命令:strings veayeasy的flag

0x04 段子

对于不懂的,google百度一把梭。发现棍斤拷的十六进制码的flag.

棍斤拷乱码: 源于GBK字符集和Unicode字符集之间的转换问题。Unicode和老编码体系的转化过程中,肯定有一些字,用Unicode是没法表示的,Unicode官方用了一个占位符来表示这些文字,这就是:U+FFFD REPLACEMENT CHARACTER。那么U+FFFD的UTF-8编码出来,恰好是 ‘\xef\xbf\xbd’。如果这个’\xef\xbf\xbd’,重复多次。例如: ‘\xef\xbf\xbd\xef\xbf\xbd’,然后放到GBK/CP936/GB2312/GB18030的环境中显示的话,一个汉字2个字节,最终的结果就是:锟斤拷——锟(0xEFBF),斤(0xBDEF),拷(0xBFBD)。

烫烫烫乱码: 在windows平台下,ms的编译器(也就是vc带的那个)在 Debug 模式下,会把未初始化的栈内存全部填成 0xcc,用字符串来看就是”烫烫烫烫烫烫烫”,未初始化的堆内存全部填成0xcd,字符串看就是“屯屯屯屯屯屯屯屯”。也就是说出现了烫烫烫,赶紧检查初始化吧。

0x05 手贱

仔细看MD5码。发现多了一个I,删除破解 MD5 得 flag

StegSolve 一把梭得 flag

0x07 veryeasyRSA

RSAtool 一把梭得 flag

0x08 神秘文件

磁盘文件Linux挂载,写py脚本跑: 

1
2
3
4
5
6
flag = '' 
for i in range(1,254): 
  f = open(str(i)) 
  flag +=f.read() 
  f.close() 
print flag

0x09 公倍数

python脚本一把梭

1
2
3
4
5
6
7
8
9
flag = 0 
for i in xrange(3,1000000000,3): 
	flag +=i 
	for i in xrange(5,1000000000,5): 
		flag +=i 
			for i in xrange(15,1000000000,15): 
				flag -+i 

print flag

0x10 Easy Crackme

好吧,不会Reverse

0x11 Swcret

burp抓包http头中发现Secret的flag

0x12 爱吃培根的出题人

培根密码加密,培根加密本质是替换密码。以ab(01)替换,所以本质上所有正反两性都可以培根加解密,比如文字的正体与斜体。

注意:有两个密码表。表中一个字母替换成5个字母。 所以把密文标点符号去除,每五个字母分一组。然后替换成ab:(小写字母替换成a,大写字母替换成b) bacoN isone ofaMe rICaS sWEet hEart SitsA dARli nGSuC CulEn tfOoD tHAtP aIRsF lawLE aaaab aaaaa aaaba abbab abbaa abaaa baaab abbaa abbab baaba aabab abbab abbab aaabb 对应密码表②得flag。

0x13 Easy RSA

RSA tools 一把梭

0x14 ROPGadget

不会PWN

0x15 取证

取证神器 Volatility

0x16 Baby’s Crack

不会逆向

0x12 Help!!

zip 伪加密,然后word.xdoc里面一张图片常规操作后无果。然后把后缀也改成zip发现一张图片的flag

0x13 Shellcode

shellcode 不就是非法数据当做代码执行吗! 

1
2
3
4
5
6
7
#include<stdio.h> 
char shellcode[] = "PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIYIhkmKzyCDq4l4FQyBlrRWEahI1tLKT16Pnk1ftLnkPvwlnkW6fhNkan5pNkgF6XPOR8T5HsCivaN19okQSPlKRLvD6DNk3uelNkpTthRXuQ9znk2jEHLK1Ja0FaXkhcTtBink4tlKUQhnvQYotqo0ylnLMTO0SDEWZahOtMwqhG8kXteksLwTdh1e8aLKsja4uQ8kavLKdLrklK0ZeL7qjKLKUTLKuQM8k9bdvDeL1qiSnR5XVIXTOyjENikrphNnrnVnhlBrzHooKOYoyok93u7tOKCNyHzBBSnguLgTcbyxlNKOYoYoMYaUTHphRL2LupQQ0htsFRTn541x3E2Se5T26PyKK8QLTddJlIZFBvyoSeUTLIkrv0oKy8ORpMmlk7Gl6DBrm8SoyoioyoaxrOqh0XwP1xu1Qw1upBbHrmrED3T34qiKOxQLTdEZOyZCaxQmRxgPUp0hpnPn4srRe8BDSo2PT7axqOCWROpophSYpnSo04u83K72Peu70hBpCsqDpF4qHIMXpLQ429k98aEaJr1BF3Ca3bIozp01IPf0Yof5GxAA" 

int main() { 
  int (*ret)()=(int(*)())shellcode; ret(); 
  return 0; 
}

0x14 Piece Of Cake

字符频率统计解密脚本网站一把梭,找到flag is …..

0x15 -.-字符串

最简单的摩斯电码

0x16 德军的密码

二进制密码,py脚本跑:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#encoding:utf-8

table = {'A':'1000001','N':'1001110', 'B':'1000010','O':'1001111', 'C':'1000011','P':'1010000', 'D':'1000100','Q':'1010001', 'E':'1000101','R':'1010010', 'F':'1000110','S':'1010011', 'G':'1000111','T':'1010100', 'H':'1001000','U':'1010101', 'I':'1001001','V':'1010110', 'J':'1001010','W':'1010111', 'K':'1001011','X':'1011000', 'L':'1001100','Y':'1011001', 'M':'1001101','Z':'1011010'} 
key_list=[] 
value_list=[] 
for key,value in table.items(): 
	key_list.append(key) 
	valuelist.append(value) 
	#print keylist, value_list 

def get_key_of_value(value): 
	if value in valuelist: 
		getvalueindex = valuelist.index(value) 
		#print type(keylist[getvalueindex]) 
		return keylist[get_value_index] 
	else: 
		print "你要查询的值%s不存在" %get_value 

def how_to(a,b): 
		if a in ['0','1'] and b in ['0','1']: 
		if a == '1' and b == '1': 
			return '0' 
		elif a == '0' and b == '0': 
			return '0' 
		else: 
			return '1' 
		else: 
			return 0 

def binturn(arg): 
	binstring = '' 
	for i in arg: 
		binstring += table[i] 
		return binstring 

def encrypt(plain,key): 
	binkey = binturn(key) 
	binplain = bin_turn(plain) chiper = '' 
	if len(binplain)==len(binkey): 
		for i in range(0,len(binplain)): 
			chiper += how_to(binkey[i],binplain[i]) 
			#print return chiper 
	else: 
		return 0 

def decrypt(chiper,key): 
	binkey = bin_turn(key) 
	plain = '' 
	if len(chiper)==len(binkey): 
		for i in range(0,len(chiper)): 
			plain += how_to(binkey[i],chiper[i]) 
			#print binkey[i] 
			print plain 
			return plain 
	else: 
		return 0 

key = 'WELCOMETOCFF' 
chiper = '000000000000000000000000000000000000000000000000000101110000110001000000101000000001' 
binplain = decrypt(chiper,key) 
print type(binplain) 
plain = '' 
	for i in xrange(0,len(binplain),7): 
		plain += str(get_key_of_value(binplain[i:i+7])) 
print plain

0x17 握手包

kali linux 强大的 wifi 破解工具:Aircrack 破解前下解压 kali 自带的字典:

1
2
gzip -d /usr/share/wordlists/rockyou.txt.gz
aircrack-ng -a2 -w /usr/share/wordlists/rockyou.txt ./wifi.cap