全国网络安全行业职业技能大赛WP

word_sercet

文档被加密

查看图片的属性 在备注可以看到解压密码

 

解密成功

  在选项里面把隐藏的文本显示出来

 

可以看到ffag

 

 easy_encode

得到一个bmp二维码

使用qr research

得到的密文直接放瑞士军刀

base32解码+base64解码+hex解码        

 

dir_pcap

直接搜索flag

 

发现flag.zip，zip_pass.txt 

像是密码

从流量包下载 zip_pass.txt

导出分组字节流

flag.zip被加密了

用密码3.6*3.6进入得到flag

ezsm

# -*- coding: utf-8 -*-
import binascii
from gmssl import sm4
from secret import flag

def encode(key, data):
    sm4_a = sm4.CryptSM4()
    sm4_a.set_key(key.encode(), sm4.SM4_ENCRYPT)
    ciphertext = sm4_a.crypt_ecb(str(data).encode()).hex()
    return ciphertext

if __name__ == '__main__':
    key = '4765?df?0170?44?'
    ciphertext = encode(key,flag)
    print("密文:",ciphertext)

#c49f4552b22f27969c07d9371d1aa093b54f97ccd44261a5fc92cd3461a38d68d20218a51686a3f9d0cc50679e36cd4f

 key中存在4个不确定位，通过代码尝试所有字符，暴力检索flag关键字即可

from gmssl import sm4
from Crypto.Util.number import *

def encode(key, data):
    sm4_a = sm4.CryptSM4()
    sm4_a.set_key(key.encode(), sm4.SM4_ENCRYPT)
    ciphertext = sm4_a.crypt_ecb(str(data).encode()).hex()
    return ciphertext

def decode(key, data):
    sm4_a = sm4.CryptSM4()
    sm4_a.set_key(key.encode(), sm4.SM4_DECRYPT)
    text = sm4_a.crypt_ecb(long_to_bytes(data))
    return text

if __name__ == '__main__':
    l = [0,1,2,3,4,5,6,7,8,9,'a','b','c','d','f']
    for i in l:
        for n in l:
            for m in l:
                for j in l:
                    key = f'4765{i}df{n}0170{m}44{j}'
                    ciphertext = 0xc49f4552b22f27969c07d9371d1aa093b54f97ccd44261a5fc92cd3461a38d68d20218a51686a3f9d0cc50679e36cd4f
                    text = decode(key,ciphertext)
                    if b'flag{' in text:
                        print(text)