word_sercet
文档被加密
查看图片的属性 在备注可以看到解压密码
解密成功
在选项里面把隐藏的文本显示出来
可以看到ffag
easy_encode
得到一个bmp二维码
使用qr research
得到的密文直接放瑞士军刀
base32解码+base64解码+hex解码
dir_pcap
直接搜索flag
发现flag.zip,zip_pass.txt
像是密码
从流量包下载 zip_pass.txt
导出分组字节流
flag.zip被加密了
用密码3.6*3.6进入得到flag
ezsm
# -*- coding: utf-8 -*-
import binascii
from gmssl import sm4
from secret import flagdef encode(key, data):sm4_a = sm4.CryptSM4()sm4_a.set_key(key.encode(), sm4.SM4_ENCRYPT)ciphertext = sm4_a.crypt_ecb(str(data).encode()).hex()return ciphertextif __name__ == '__main__':key = '4765?df?0170?44?'ciphertext = encode(key,flag)print("密文:",ciphertext)#c49f4552b22f27969c07d9371d1aa093b54f97ccd44261a5fc92cd3461a38d68d20218a51686a3f9d0cc50679e36cd4f
key中存在4个不确定位,通过代码尝试所有字符,暴力检索flag关键字即可
from gmssl import sm4
from Crypto.Util.number import *def encode(key, data):sm4_a = sm4.CryptSM4()sm4_a.set_key(key.encode(), sm4.SM4_ENCRYPT)ciphertext = sm4_a.crypt_ecb(str(data).encode()).hex()return ciphertextdef decode(key, data):sm4_a = sm4.CryptSM4()sm4_a.set_key(key.encode(), sm4.SM4_DECRYPT)text = sm4_a.crypt_ecb(long_to_bytes(data))return textif __name__ == '__main__':l = [0,1,2,3,4,5,6,7,8,9,'a','b','c','d','f']for i in l:for n in l:for m in l:for j in l:key = f'4765{i}df{n}0170{m}44{j}'ciphertext = 0xc49f4552b22f27969c07d9371d1aa093b54f97ccd44261a5fc92cd3461a38d68d20218a51686a3f9d0cc50679e36cd4ftext = decode(key,ciphertext)if b'flag{' in text:print(text)