{"id":325,"date":"2022-01-04T22:31:16","date_gmt":"2022-01-04T14:31:16","guid":{"rendered":"http:\/\/101.34.19.194\/?p=325"},"modified":"2022-01-04T22:31:17","modified_gmt":"2022-01-04T14:31:17","slug":"bjdctf2020-misc","status":"publish","type":"post","link":"http:\/\/101.34.19.194\/?p=325","title":{"rendered":"BJDCTF2020-Misc"},"content":{"rendered":"\n

\u8ba4\u771f\u4f60\u5c31\u8f93\u4e86<\/h2>\n\n\n\n

\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n

\u89e3\u538b\u5f97\u5230\u4e00\u4e2a\u540e\u7f00\u540d\u4e3axls\u7684\u6587\u4ef6\uff0c\u7528office\u6253\u5f00\u63d0\u793a\u6587\u4ef6\u5df2\u635f\u574f<\/p>\n\n\n\n

\"image-20211221105533730\"\/<\/div><\/figure>\n\n\n\n

\u7528binwalk\u5de5\u5177\u5bf9\u5176\u5206\u6790\uff0c\u53d1\u73b0\u5b58\u5728\u8bb8\u591aZip archive data<\/code>\u6570\u636e\u6587\u4ef6\uff0c\u7528foremost\u5de5\u5177\u5bf9\u5176\u5206\u79bb<\/p>\n\n\n\n

\u5206\u79bb\u5f97\u5230\u4e00\u4e2a\u538b\u7f29\u5305\u6587\u4ef6\uff0c\u89e3\u538b\uff0c\u91cc\u9762\u4e3axls\u6587\u4ef6\u7684\u683c\u5f0f<\/p>\n\n\n\n

\"image-20211221110115696\"\/<\/div><\/figure>\n\n\n\n

\u904d\u5386\u6587\u4ef6\u76ee\u5f55\uff0c\u5728\\xl\\charts<\/code>\u6587\u4ef6\u5939\u4e0b\u5f97\u5230flag<\/p>\n\n\n\n

\"image-20211221110223149\"\/<\/div><\/figure>\n\n\n\n

\u85cf\u85cf\u85cf<\/h2>\n\n\n\n

\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n

\u4e0b\u8f7d\u9644\u4ef6\u5f97\u5230\u4e00\u4e2a\u538b\u7f29\u5305\uff0c\u538b\u7f29\u5305\u5185\u6709\u4e00\u5f20\u56fe\u7247\u548c\u4e00\u4e2a\u6587\u672c\uff0c\u5176\u4e2d\u56fe\u7247\u540d\u4e3a\u201c\u85cf\u85cf\u85cf\u201d\uff0c\u6587\u672c\u5185\u5bb9\u4e3aflag\u683c\u5f0f\uff0c\u6839\u636e\u601d\u8def\u662f\u5bf9\u56fe\u7247\u8fdb\u884c\u5206\u6790<\/p>\n\n\n\n

\u5728kali\u91cc\u5bf9\u56fe\u7247\u8fdb\u884cbinwalk\u5206\u6790\uff0c\u5f97\u5230zip\u538b\u7f29\u5305\u7ed3\u5c3e\u7b26\uff0c\u8fdb\u884cforemost\u5206\u79bb<\/p>\n\n\n\n

\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ binwalk \/home\/kali\/Desktop\/\u85cf\u85cf\u85cf.jpg
\u200b
DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
63967         0xF9DF          End of Zip archive, footer length: 22
\u200b
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ foremost \/home\/kali\/Desktop\/\u85cf\u85cf\u85cf.jpg     
Processing: \/home\/kali\/Desktop\/\u85cf\u85cf\u85cf.jpg
|foundat=\u798f\u5229.docx\ufffd\ufffdT\\\ufffd\ufffd(\ufffd8'\ufffd\ufffd\ufffd\ufffd\ufffdCpww\u2592
                                      \ufffd\u2592\ufffd       .\ufffd\u075d\ufffd\ufffd\u0703\ufffd$\ufffd\ufffd\ufffd\ufffd&\ufffd\ufffd]\ufffdz\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd]\ufffdv\ufffdV\ufffd\ufffd\ufffd
\ufffd\ufffd\ufffd\ufffd\ufffdv\ufffd\ufffd\ufffd;83(\ufffd\ufffd\ufffd\ufffdu@\ufffd    \ufffdrG\u0566
\u200b
*|<\/code><\/pre>\n\n\n\n
\u53ef\u4ee5\u770b\u5230\u5206\u79bb\u51fa\u7684\u538b\u7f29\u5305\u91cc\u6709\u798f\u5229.docx<\/code>\u6587\u4ef6\uff0c\u89e3\u538b\u6253\u5f00\u5f97\u5230\u4e00\u5f20\u4e8c\u7ef4\u7801\uff0c\u626b\u63cf\u5f97\u5230flag<\/p>\n\n\n\n
\"image-20211221152136103\"\/<\/div><\/figure>\n\n\n\n
\u4f60\u731c\u6211\u662f\u4e2a\u5565<\/h2>\n\n\n\n
\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n
\u4e0b\u8f7d\u662f\u4e2a\u538b\u7f29\u5305\uff0c\u6253\u5f00\u63d0\u793a\u538b\u7f29\u5305\u635f\u574f\uff0c\u660e\u663e\u88ab\u6539\u8fc7\u540e\u7f00\u540d<\/p>\n\n\n\n
\u5728kali\u91cc\u7528file\u547d\u4ee4\u5206\u6790\u5f97\u5230\u662f\u4e2aPNG\u56fe\u7247\uff0c\u6539\u540e\u7f00\u6253\u5f00\u662f\u4e00\u4e2a\u4e8c\u7ef4\u7801\uff0c\u626b\u63cf\u63d0\u793a”flag\u4e0d\u5728\u8fd9”<\/p>\n\n\n\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ file attachment.zip                   
attachment.zip: PNG image data, 245 x 256, 8-bit\/color RGBA, non-interlaced<\/code><\/pre>\n\n\n\n
\"image-20211221152703400\"\/<\/div><\/figure>\n\n\n\n
\u90a3\u4e48\u601d\u8def\u65b9\u5411\u80af\u5b9a\u662fpng\u9690\u5199\uff0c\u7528binwalk\u53d1\u73b0\u6ca1\u6709\u9690\u85cf\u6587\u4ef6\uff0c\u7528zsteg\u5206\u6790\u662f\u5426\u662fLSB\u9690\u5199\u53d1\u73b0flag<\/p>\n\n\n\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ binwalk attachment.png               
\u200b
DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 245 x 256, 8-bit\/color RGBA, non-interlaced
41            0x29            Zlib compressed data, default compression
\u200b
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ zsteg attachment.png               
[?] 24 bytes of extra data after image end (IEND), offset = 0x4b5
extradata:0         .. text: \"\\r\\n%00xaflag{i_am_fl@g}\\r\\n\"<\/code><\/pre>\n\n\n\n
just_a_rar<\/h2>\n\n\n\n
\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n
\u4e0b\u8f7d\u662f\u4e00\u4e2arar\u538b\u7f29\u5305\u6587\u4ef6\uff0crar\u538b\u7f29\u5305\u91cc\u4e5f\u6709\u4e00\u4e2a\u540d\u4e3a”\u56db\u4f4d\u6570”\u7684rar\u538b\u7f29\u5305\u6587\u4ef6\uff0c\u5c06\u5176\u89e3\u538b<\/p>\n\n\n\n
\u7528archpr<\/code>\u7206\u7834\u56db\u4f4d\u6570\u53e3\u4ee4\uff0c\u5f97\u5230\u538b\u7f29\u5305\u5bc6\u78012016<\/code><\/p>\n\n\n\n
\"image-20211221153440647\"\/<\/div><\/figure>\n\n\n\n
\u91cc\u9762\u662f\u4e00\u5f20jpg\u56fe\u7247\uff0c\u5728kali\u91cc\u5206\u6790EXIF\u4fe1\u606f\u65f6\u5f97\u5230flag<\/p>\n\n\n\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]
\u2514\u2500$ exiftool flag.jpg                                                                                     1 \u2a2f
ExifTool Version Number         : 12.32
File Name                       : flag.jpg
Directory                       : .
File Size                       : 102 KiB
File Modification Date\/Time     : 2016:07:26 21:40:10-04:00
File Access Date\/Time           : 2021:12:21 02:31:56-05:00
File Inode Change Date\/Time     : 2021:12:21 02:31:56-05:00
File Permissions                : -rwxrw-rw-
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image\/jpeg
JFIF Version                    : 1.01
Resolution Unit                 : inches
X Resolution                    : 1
Y Resolution                    : 1
Exif Byte Order                 : Big-endian (Motorola, MM)
XP Comment                      : flag{Wadf_123}
Padding                         : (Binary data 2060 bytes, use -b option to extract)
Image Width                     : 580
Image Height                    : 868
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)
Image Size                      : 580x868
Megapixels                      : 0.503<\/code><\/pre>\n\n\n\n
\u4e00\u53f6\u969c\u76ee<\/h2>\n\n\n\n
\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n
\u538b\u7f29\u5305\u91cc\u89e3\u538b\u5f97\u5230\u4e00\u5f20png\u56fe\u7247\uff0c\u6a21\u7cca\u4e0d\u6e05\uff0c\u51ed\u76f4\u63a5\u662f\u4fee\u590dpng\u7684\u5bbd\u9ad8<\/p>\n\n\n\n
\u7528\u811a\u672c\u8ba1\u7b97\u5e76\u4fee\u590d\u5f97\u5230flag<\/p>\n\n\n\n
\"image-20211221154151893\"\/<\/div><\/figure>\n\n\n\n
\u9e21\u4f60\u592a\u7f8e<\/h2>\n\n\n\n
\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n
\u538b\u7f29\u5305\u91cc\u6709\u4e24\u4e2aGIF\u6587\u4ef6\uff0c\u4e00\u4e2a”\u7bee\u7403.gif”\uff0c\u4e00\u4e2a”\u7bee\u7403\u526f\u672c.gif”\uff0c\u4f46”\u7bee\u7403\u526f\u672c.gif”\u6587\u4ef6\u663e\u793a\u4e0d\u4e86\uff0c\u6587\u4ef6\u5927\u5c0f\u6bd4\u201d\u7bee\u7403\u201c\u5927\uff0c\u660e\u663e\u4fe1\u606f\u9690\u85cf\u5728\u8fd9\u4e2a\u6587\u4ef6\u91cc<\/p>\n\n\n\n
\u7528010editor<\/code>\u6253\u5f00\uff0c\u5bf9\u6bd4\u4e24\u4e2a\u6587\u4ef6\uff0c\u53d1\u73b0”\u7bee\u7403\u526f\u672c.gif”\u6587\u4ef6\u5934\u5c11\u4e86\u56db\u4e2a\u5b57\u8282\uff0c\u63d2\u5165\u586b\u4e0aGIF8<\/code>\u5b57\u8282\uff0c\u6253\u5f00\u53d1\u73b0flag<\/p>\n\n\n\n
\"image-20211221155056009\"\/<\/div><\/figure>\n\n\n\n
\"image-20211221155107764\"\/<\/div><\/figure>\n\n\n\n
\u7eb3\u5c3c<\/h2>\n\n\n\n
\u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn)<\/a><\/p>\n\n\n\n
\u538b\u7f29\u5305\u91cc\u6709\u4e24\u4e2a\u6587\u4ef6\uff0c\u4e00\u4e2a6.gif<\/code>\u6587\u4ef6\uff0c\u6253\u4e0d\u5f00\uff0c\u4e00\u4e2a\u9898\u76ee.txt<\/code>\u6587\u4ef6\uff0c\u5185\u5bb9\u4e3a\u54a6\uff01\u8fd9\u4e2a\u6587\u4ef6\u600e\u4e48\u6253\u4e0d\u5f00\uff1f<\/code><\/p>\n\n\n\n
\u601d\u8def\u4e3a\u6587\u4ef6\u4fee\u590d\u6216\u4fee\u6539\u6587\u4ef6\u540e\u7f00\u540d\uff0c\u62c9\u8fdb010editor<\/code>\uff0c\u53d1\u73b0\u719f\u6089\u7684\u5c11\u4e86\u56db\u4e2a\u5b57\u8282\u7684GIF\u6587\u4ef6\u5934\uff0c\u8865\u5145\u4e0a\u53bb\u6253\u5f00gif\u6587\u4ef6\uff0c\u53d1\u73b0\u6709\u51e0\u6bb5\u5e27\uff0c\u6bcf\u6bb5\u5e27\u6709\u51e0\u4e2a\u5b57\u6bcd\uff0c\u53d1\u73b0\u6700\u540e\u4e00\u6bb5\u5b57\u6bcd\u6700\u540e\u6709=<\/code>\uff0c\u53ef\u80fd\u4e3abase64\u52a0\u5bc6<\/p>\n\n\n\n
\"image-20211221155803774\"\/<\/div><\/figure>\n\n\n\n
\u7528GIFFrame<\/code>\u5c06\u6240\u6709\u5e27\u4fdd\u5b58\u5230\u4e00\u4e2a\u6587\u4ef6\u5939\u91cc\uff0c\u6309\u6bcf\u5e27\u987a\u5e8f\u8bb0\u4e0b\u5b57\u6bcd\uff0c\u6700\u540ebase64\u89e3\u5bc6\uff0c\u5c06\u5f00\u5934CTF<\/code>\u66ff\u6362\u6210flag<\/code>\u5f97\u5230flag<\/p>\n\n\n\n
Q1RGe3dhbmdfYmFvX3FpYW5nX2lzX3NhZH0=
\u200b
CTF{wang_bao_qiang_is_sad}
\u200b
flag{wang_bao_qiang_is_sad}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u8ba4\u771f\u4f60\u5c31\u8f93\u4e86 \u9898\u76ee\u94fe\u63a5\uff1aBUUCTF\u5728\u7ebf\u8bc4\u6d4b (buuoj.cn) \u89e3\u538b\u5f97\u5230\u4e00\u4e2a\u540e\u7f00\u540d\u4e3axls\u7684\u6587\u4ef6\uff0c\u7528off […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17],"tags":[],"_links":{"self":[{"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/posts\/325"}],"collection":[{"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/101.34.19.194\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=325"}],"version-history":[{"count":1,"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/posts\/325\/revisions"}],"predecessor-version":[{"id":326,"href":"http:\/\/101.34.19.194\/index.php?rest_route=\/wp\/v2\/posts\/325\/revisions\/326"}],"wp:attachment":[{"href":"http:\/\/101.34.19.194\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/101.34.19.194\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=325"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/101.34.19.194\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}