2024年5月训练题

Water

FFT盲水印一把梭

疯狂星期四

密文字符串应该是某种凯撒，一把梭未得到结果，分析字符串。

pqcq对应的应该为flag，偏移量为-10，-5，-2，-10。再往下分析，刚好P对应的K偏移量为-5。所以可以得到偏移规律为将字符串按照-10，-5，-2的规律进行偏移

def decode(n, offset):
    if 'A' <= n <= 'Z':
        new_ord = (ord(n) - ord('A') + offset) % 26 + ord('A')
        result = chr(new_ord)
    elif 'a' <= n <= 'z':
        new_ord = (ord(n) - ord('a') + offset) % 26 + ord('a')
        result = chr(new_ord)
    else:
        result = n
    return result

s = "pqcq{PHM_Htkea_Dmwbxfkd_X_Wj_50}"
offsets = [-10, -5, -2]

flag = ''
offset_index = 0

for n in s:
    offset = offsets[offset_index % len(offsets)]
    flag += decode(n, offset)
    if 'a' <= n <= 'z' or 'A' <= n <= 'Z':
        offset_index += 1

print(flag)

#flag{KFC_Crazy_Thursday_V_Me_50}

8+4的秘密

png文件头攻击

#准备已知明文
echo 89504E470D0A1A0A0000000D49484452 | xxd -r -ps > png_header
#攻击
bkcrack -C x.zip -c x.png -p png_header -o 0
#利用秘钥解密文件
bkcrack -C 1.zip -k 7163444a 203b76b0 17de1387 -U ./new.zip 666

#密码爆破（不推荐）
bkcrack -k 7163444a 203b76b0 17de1387 -r 16 \?a

解压得到flag

flag{cfab77a5-08ab-4ae3-8a5b-7698aa5bfa5e}

2024年4月训练题

韩信吗

打开excel文档，在2A发现异样，更改单元格格式，将1的格子填充，得到汉信码

解码得到flag

flag{9ee0cb62-f443-4a72-e9a3-43c0b910757e}

tiger

题目中有四个附件，我们先看tips

1.These are rot for 47 days
2.Have you heard that lsb steganography also requires a password?

可知可能会与rot47有关

查看png-key的密文，进行rot47解码，得到key

ag2a`f76   ---->rot47
28a217fe

与lsb相关带key的隐写,我们可以想到cloacked-pixel

得到压缩包密钥

71zr9H6jnXRHn64WBxMbCzz16saCZWiw

解压后里面一层为明文攻击

解压后，根据文件头(89 50 4e)可以知道这是png文件，更改后缀得到一张码图

识别后发现存在0宽字符隐写

Owl wvn n xhkm SBWav krttqbu gfq gja jhheu up yljycxjpu, vvtx R jzeh pydv usd zp lalhmk, ic brtkac ya whep{866q3755-t358-5119-txnr-juw666e8099m}, uroa okv!

维吉尼亚解密，得到flag

flag{866d3755-c358-5119-abeb-bda666a8099d}

数字人生

更改后缀后解压，里面的压缩包密码为压缩包文件名，通过脚本解压得到以下信息

将压缩包文件名存储输出，这里说是压缩过程

import zipfile
import re
import os

zip_folder = "C:/Users/Xia/Desktop/数字人生"
text1=''
text2=''

while True:
    files = os.listdir(zip_folder)
    for file in files:
        if file.endswith('.zip'):
            zipname = os.path.join(zip_folder, file)
            ts1 = zipfile.ZipFile(zipname)
            try:
                res = re.search(r'\d+', file)
                if res:
                    passwd = res.group()
                    ts1.extractall(zip_folder, pwd=passwd.encode())
                    print("解压成功:", zipname)
                    text1=passwd + text1
                else:
                    print("无法从文件名中提取密码:", file)
            except Exception as e:
                print("解压失败:", zipname, "错误信息:", e)
            finally:
                ts1.close()
                os.remove(zipname)

    if not any(file.endswith('.zip') for file in os.listdir(zip_folder)):
        print("文件夹无压缩包，结束解压")
        break

def rever(a):
    if a =='':
        return a
    else:
        return rever(a[1:])+a[0]

print("文件名按组从后往前：\n"+ text1)

文件名按组从后往前：
4891185571310208013083131215615971030970123019299132240625215372143330948608932083681675111179074680529007739051991150603508173451817703458093881214618658133560834116466181191207819078071031243012302040911194603806186960738717165027150722002705180721935104087193380463809639096780407112547197461987912182050200589008087043011817008446124810662511552098051756205143130660245215111146191390218786167500487615058018710859504032031670976318408073221150218830070800750819896065720339209564120211484806996083511461006319097540315915958078981461213278180991604713590044880857311794197520995409375062600954703043133511515102102187420101209691173140827618248118230646813798177230379902743036731969801944127941296414042139741