zjwriteup

小伙伴把非web题拿出来,云做题参与了一把。

misc

misc1

直接cat

1
cat badimages | grep -i flag
1
flag{03325d76-f73d-48b0-a075-6f8062ad2d62}

misc2

修改为zip文件,在[Content_Types].xml中找到flag的前半部分,16进制转ASCII

1
666c61677b32366166623764372d366438302d343762342d
1
flag{26afb7d7-6d80-47b4-

sharedStrings.xml中找到flag的后半部分8e07-83402c675d18}

1
flag{26afb7d7-6d80-47b4-8e07-83402c675d18}

misc3

追踪tcp流,发现一个docx文件和另一个base64加密的未知文件

1
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAFDH06gAAAAAAAAAAOAADwMLAQI4AAIAAAAOAAAAAAAAABAAAAAQAAAAIAAAAABAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAABAAAAAAgAARjoAAAIAAAAAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAAAwAABkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAKAAAAAAQAAAAAgAAAAIAAAAAAAAAAAAAAAAAACAAMGAuZGF0YQAAAJAKAAAAIAAAAAwAAAAEAAAAAAAAAAAAAAAAAAAgADDgLmlkYXRhAABkAAAAADAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAwwAAAAAAAAAAAAAAAAAAAAAC4ACBAAP/gkP8lODBAAJCQAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL0+J/rl28bZdCT0WynJZrkEAjFrFQNrFYPDOsUP1IJh+AdCcpzYchbVB6s9fp4/5nUQbVQCYlj9ZvVqdQ76Af/ziVMIh/B7g6E0NIu4t5Oqk8fCzZhUICoU4RS5fsIcvJSZlqbjxAbWGBtykVXo8SCEIPoSmL+o0dg0txgXubZdQzaDHbCfhjwzhUy+r1wHzGQqTdF7x/rt8BYUZEI9+BaIjwjw2nntiyERY8WrDikyLDEyPdqLyHmjyzIO2/CWowuGKbwzHpBLpE12bHXmtV5bktHr0D9TJMxIz2D4wQk+A4TRNjl3YuAcNSh2fOICkSIVXZ61htk5ZjF43QODEmypcJFf6v8JhAaJUqwg9MwNJTPddYNTKLeNkzqaMuTYjNU3Ki5+WmCJU/Kwj4Y20Hj0BEXvPlrn3Fbn3kHBf0bqbOe3O+ark5F+0uo30kZd6iy4bMqDxtvCNpzux6Q4nFnDVdwwv00M9dpSJR4NhN+igBO8XEX+CrA0wCWMuk/qguUlf+Tn6RZGptNm9sLuv63MclQeXRZJDzaGoRB3k/eOxgcXNw0ew2GvbBEg+2jcPHXSmmkaqa8AG/PhufI1Dq0se9ud8KNADurRE2m8zx/hCB9Uo6w000U6Xz+xhtbV72RcnjycloKUDbiOkkxuiNjTfUMRQ5LZzcGIbZAGBR65aKg487lLXYpNBTGeF3+Cg4YrTFrTFf82KFKzSjjhsbOBFOAi6LzJt/PECjtKeGUrecUAnoSlzUiwwxahnVZRiOyB8PcuaaTi0jIZ8jNIjURP8KIkwi5fl5pSNtYUVF/ehfG5/BJ1LviCcPv1vdRei7yni53R2BR1L1v+DWfvxQg/60Ii3fymHHei31iSsxaMZTdao2RsSOmEUqKf0xFgJkCOUj+Lrk+Aw0deX3MbWT+k4pqyc/Iiqw2BlbbHJwpPFq4iBKe4Tek3M+a6afbkXmpkXqd94POFA8E+WUa6bJsIpiW/5vwqYxbneHK3cz22glpkKYxOeNZIjBEoM86xEfuvctC0wVLiCSyDHU/i6AlMyx1BSVIbnO1NPIdNEOnVn6hs0nZdAWqZUG7HqwWKuRAV5HGy1q5Twa/KU/rKVpgQzvVMQK8TtCQu67CO8y9grg/6bN1pNeV5g8vxvaSRBHrJBo94+zdEO0cPFmP1ZSqpDJPnCOXYYGnxLea7wf0r58X2Iyb8tNHVI4mZLDVzEoFXaNoIzFfLyXtfYWPoNGgP0YUGHHQ7Jdp0Q+/BvmsOv1sNNELFmXVEP+PMkkcU//Q6M2Om7oa1l4N/c2O392GdUI4ZwgPH2UNLGn58FutZY2qjkQ2T68+iH5JJ/N2GdFfx1a+CTNQn/xKP8W/L3MLe6KFBkxBf9JHx3/poUInxiN1yuoeYFlbTDaXo6tXwc6Ky5zuPr9jegyygC7647rdFDIy/8y9GL6NKMtyVKrCLQG/WkFD8SkXk1NTDS0n33CwyqJ0lsm9Qj4mg/GcX9i0MPoywcLYgE6LMIETpaR50SaO+SeDjDxpSrZwvGgRv6lvVGUyu/gpMk3V1D6x1eArLHlF3lRSKbBz2LuAr1hZEa+VBvo22a8HT9gjd1PXHNL+lEcn1rljlT3OKpVs3WBrckNm1HgyjV9WpFN6ihvTVF1OYqEfbfVrnaltmAztHk5HJsGkbu2jX35NYxEBH1o5zaoKZR5NtP32vZwC98d2XZP53Yg4w7phN146dOMZrgdyjbjyuQHRBSvgu6neVPTd4dd20FO8l0Mfh7JB+lTjzaStTc/rleO7F18KQtTcks2yva5XW7B0SytRd+UJzcrMy4k5Ey6zLrbOnet/KUZjmNzxtT7y/KaxUZ0E7v2TlLa+H+tLD8lQcxa5Ke/C3DamWwCzGVlsYPk1pg0WMzHYunQf7MagOUf/3uhcBv1xacL1DmRxIzELl+t/CEU8suKdCATpEX9fuJHbF9axN4EZJsrhGlBWr7ISMjPsWrQWpIlTtnSaeWyc7FWPuxYzGvwAU+PowKI7eOpBz4/6ME/CoD3EN9OzT7UNhyhoIw1mHZ8I33MKv7G4WmJbeNzW3s7B0TGWuNsYBKJF73m2SCqr7/GB27tGwKrZaw1aG42PwEDhx5M7EO7J5TlPsQmQCabQTrfOlqqf7mXXX3fUSWwRfVXzsGpCJNO5NEq/FurhHUqKcRTWcd6P3p1HonfzKrhEPmN/LRPqAD3TUAuOgqkUSHA3aC/YX7qX9yPSjlCt+efQgLBwKqUbxNh5Ep/gxxB4xVKpjfPlCyKuMlRIvuAvC0SR/az1bJJ5msuGfEX80aw4+nKykzB5YFGPtw/LEghxrU3rQjkoscmXg2ICTdQdwUZ0mliRAbbMKhzUJGf/yo5dke+aQq5LpfYVJ6hVsEzq+k9IM0JU7R/lVo0Upa7FoM0CSeq8xd3jpsF7Y0IeX5ih9xaEfZ+SYs3Vh/Bi0kaO9EGyyir5i3gr25YUSJVTcN8v1LDecmNtYT7esyHjcJ6kZjTC2mQolQTz+FRxOXKNcXD8xwo0zAdyrWz+MtN9UV8t+LcJd+ru3mXieRTdVzIW+F+6o4cB3YJTV6zGpJ4AfNmweedJLIcUYtYHkKY/jXANeUiiBKzHnsqZmqppwvBdmkJ1SyYKS5MN8Zjy9uob4jZxr/PEb1CaPFBUSCQMEHvLqqmGueNuMS39NcQDUaQHnalaw9WfXSwZRIAblw92nVcYGc73LZGej5D4QyQgSK9j7oQw+8sudiNlaBJCtllYEKG4+9yyLu10CxnGEtZWSPP6h8svh1x5ncgpj5qaJO1+rSFSRo9ibIaoPxgzKsW2RtjBSWBhbjlKLO9cg1hlUa+RzDzbItEfUBfoz2iUKzIo8NkfUH+pSLGv3JlqY61iZBoFfxdSVA8VB8Fokv2HLkkv7L55mqJbVd0gvAyu4kovLPZKrs5jPuTk7Z6IvVn1CYX1U/E5dKXNe+0Lyj4w4eRKIdWEpGV01KqR6SUe9CsYChWv4sV2izHEH/subzwicaviYoR9I+fWlL8qyc0C+ff4mGc/44X9VNKLnhF1STnnsviJo3VC8PsbpXTvURTnRH8d3bPPHjQRGAULEJxk5fmfBChM7OVG19TxsIVTAv3gtw8V5eG6Fb876wiIgti+PMB0yLIueABwXU05dMYm1LZTUu8mYN3PNvGpUQdMxpcnS44qaCimX6/UnFWjuk69nxplToTISzjik5kKwIaGsp71pJd2VByLHFdLFtfk/S9qSJrk1aGaO5Y/BMA+STgE6rfH8x0YZ/C60qR88dqPTuRdcdd1hAtHcrdqra8AawoN2wxbld4zBOGqtbnRhKjkYtVtAgOEfgQW/WCcaSgoJnwKsr8fUdWOg0+MxCsj1/J+Ski/hpnZuVYu+p40O3WD/YhbbLG7JPype5WUZ+JYMhhdmZ6lnw+3BZjmKy38o2HaIgwbt5ZtyyJ3EF0m32cdlZY16QtOJVlzXsfPcdyNCraZC0fuu/7dMgi+JyQPYjDAegEicIPrZgOGwVbOO40OeCCephoh7dZ9WgpntV55MSfMxazUd0MVhwV87GdNAZiTbnuuZFAVmdfP5RDaVcXeSfJ87iIrX/yrGa7UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwwAAAAAAAAAAAAAFQwAAA4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDAAAAAAAAAAAAAAQDAAAAAAAACcAEV4aXRQcm9jZXNzAAAAADAAAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASTpyvIeBj7fD+igiBwIEW487LVKlpLrvkq2N6/Qz91nb5ytOcATs0NkvpHf8E2CV0aZqFGMG

exp

1
2
3
4
5
6
import base64
f = open("flag.txt",'r')
data = f.read()
tmp = base64.b64decode(data)
f2 = open("flag",'wb')
f2.write(tmp)

010editor发现是exe文件,运行得flag

1
flag{9cf83b37-2e4f-4b29-a36c-c0b51f051866}

crypto

crypto1

1
----- .---- .---- ----- ----- .---- .---- ----- ----- .---- .---- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- ----- ----- .---- ----- .---- .---- ----- ----- .---- .---- .---- ----- .---- .---- .---- .---- ----- .---- .---- ----- ----- .---- .---- ----- .---- .---- .---- ----- ----- .---- .---- .---- ----- ----- .---- ----- .---- .---- ----- ----- ----- ----- .---- ----- ----- .---- .---- ----- ----- ----- .---- ----- ----- .---- .---- ----- .---- ----- .---- ----- ----- .---- .---- ----- .---- .---- ----- ----- .---- .---- ----- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- ----- .---- ----- ----- .---- ----- .---- .---- ----- .---- ----- ----- .---- .---- ----- ----- .---- .---- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- .---- .---- .---- ----- ----- ----- ----- .---- .---- ----- ----- .---- ----- ----- ----- ----- .---- ----- .---- .---- ----- .---- ----- ----- .---- .---- ----- .---- ----- ----- ----- .---- .---- ----- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- ----- ----- ----- .---- .---- ----- ----- .---- .---- ----- ----- ----- .---- ----- .---- .---- ----- .---- ----- ----- .---- .---- .---- ----- ----- .---- ----- .---- .---- ----- ----- .---- ----- .---- ----- ----- .---- .---- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- ----- ----- ----- ----- .---- ----- .---- .---- ----- .---- ----- ----- .---- .---- .---- ----- ----- ----- ----- ----- .---- .---- ----- ----- ----- ----- ----- ----- .---- .---- ----- .---- ----- ----- ----- .---- .---- ----- ----- ----- ----- .---- ----- ----- .---- .---- ----- ----- ----- ----- ----- .---- .---- ----- ----- ----- .---- .---- ----- .---- .---- ----- ----- .---- ----- ----- ----- .---- .---- ----- ----- ----- .---- ----- ----- ----- .---- .---- ----- ----- ----- ----- ----- ----- .---- .---- ----- .---- ----- ----- ----- ----- .---- .---- ----- .---- .---- ----- ----- ----- .---- .---- ----- ----- ----- .---- ----- .---- .---- .---- .---- .---- ----- .----

摩斯密码

1
011001100110110001100001011001110111101100110111001110010110000100110001001101010011011001100110001100010010110100110011011000110011100001100100001011010011010001100110001100000110011000101101001110010110010100110110001100000010110100111000001100000011010001100001001100000110001101100100011000100011000000110100001101100011000101111101

二进制

1
flag{79a156f1-3c8d-4f0f-9e60-804a0cdb0461}

app

app1

直接strings

1
flag{25af9d8d-9359-4320-bc93-a1a6c171b380}

app2

一堆字符与0x12异或

1
2
3
4
5
6
7
8
#!/usr/bin/python

a=[0x0A,0x74,0x7E,0x73,0x75,0x69,0x20,0x74,0x25,0x70,0x23,0x24,0x70,0x22,0x3F,0x22,0x20,0x20,0x27,0x3F,0x26,0x26,0x70,0x27,0x3F,0x2A,0x25,0x2B,0x3F,0x25,0x27,0x74,0x77,0x71,0x21,0x27,0x24,0x24,0x24,0x77,0x2A,0x6F]
b=[0x12]
c=""
for i in range(0,len(a)):
c += chr(b[0]^a[i])
print c
1
flag{2f7b16b0-0225-44b5-879-75fec35666e8}