BUUCTF:https://buuoj.cn/challenges
题目描述:
得到的 flag 请包上 flag{} 提交。
密文:
下载附件,解压得到.zip文件,再次解压得到两个文件。
解题思路:
1、打开ComeOn!.txt文件,发现一大串经过Base64加密的密文,如下图。
STJsdVkyeDFaR1U4YVc5emRISmxZVzArQ2c9PQ1= STJsdVkyeDFaR1U4YzNSeWFXNW5QZ289DQ== STJsdVkyeDFaR1U4WTNOMGNtbHVaejRLDV== STJsdVkyeDFaR1U4WTNOMFpHbHZQZ289DQ== STJSbFptbHVaU0J0WVhodUlEazVPUW89Dd== Q2c9PQ1= ZFhOcGJtY2dibUZ1WlhOd1lXTmxJSE4wWkRzSw1= Q2c9PQ0= WTJoaGNpUmpZVnR0WVhodVhTd2dZMkpiYldGNGJsMDdDZz09DU== Q2c9PQ1= YVc1MElHTnRjQ2h6ZEhKcGJtY2dZU3dnYzNSeWFXNW5JR2lwQ2c9PQ2= ZXdvPQ1= SUNBZ3lHbG1LR3V1YzJsNlpTZ3BJRDRnWWk1emFYcGxLQ2twQ2c9PQ3= SUNBZ0lDbWdJb0J5WlhSMWNtNGdNVHNLDb== SUNBZ0lHVnNjMlVnYVdZb1lTNXphWHBsS0NrZ1BDQmlMbk5wZW1Vb0tTa0sN SUNBZ0lDQWdJQ0J5WlhSMWNtNGdMVEU3Q2c9PQ0= SUNBZ0lHVnNjMlVLDd== SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JtYjNJb2FXNTBJR2tnUFNBd095QnBJRHdnWVM1emFYcGxLQ2s3SUdrckt5a0sN SUNBZ2lDQWdJQ2I3Q2c9PQ2= SUNBZ1lDQWdJQ1FnSUNBZ2FXWW9ZVnRwWFNBOElHSmJhVjBwQ2c9PQ1= SUNBZ0lDYWdJY0FnSUNBZ0lDYWdJSEpsZEhWeWJpYXRNVHNLDY== SUNBZ1lDQWdJQ1FnSUNBZ2FXWW9ZVnRwWFNBK1lHSmJhVjBwQ2c9PQ1= SUNBZ0lDXWdJX0FnSUNBZ0lDXWdJSEpsZEhWeWJpXXhPd289DX== SUNBZ0lDQWdJQ0I5Q2c9PQ0= SUNBZ0lDdWdJd0J5WlhSMWNtNGdNRHNLDd== SUNBZ0lIMEsN ZlFvPQ2= Q2c9PQ1= ZG05cFpDQnlaWE5sZEdFb2MzUnlhVzVuSUdFcENnPT0N ZXdvPQ1= SUNBZ1lHMWxiWE5sZENoallTd3dMSE5wZW1WdlppaGpZU2twT3dvPQ1= SUNBZ2lHWnZjaWhwYm5RZ2FTQTlJREE3SUdrZ1BDQmhMbk5wZW1Vb2tUc2dhU3NyS1FvPQ2= SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JqWVZ0cFhTQTlJR0ZiWVM1emFYcGxLQ2t0TVMxcFhTQXRJQ2N3SnpzSw0= SUNBZ0lIMEsN ZlFvPQ2= Q2c9PQ0= ZG05cFpDQnlaWE5sZEdJb2MzUnlhVzVuSUdJcENnPT0N ZXdvPQ3= SUNBZ1lHMWxiWE5sZENoallpd3dMSE5wZW1WdlppaGpZaWtwT3dvPQ1= SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJREE3SUdrZ1BDQmlMbk5wZW1Vb0tUc2dhU3NyS1FvPQ0= SUNBZ0lIc0sN SUNBZ1lDQWdJQ1JqWWx1cFhTQTlJR1piWWk1emFYcGxLQ2t1TVMxcFhTQXRJQ2N3SnpzSw1= SUNBZ1lDQWdJQ1F2TDNCeWFXNTBaaWdpSldRaUxHTmlXMmxkS1RzSw1= SUNBZ0lIMEsN ZlFvPQ3= Q2c9PQ3= YzNSeWFXNW5JR1ZrWkNoemRISnBibWNnWVN3Z2MzUnlhVzVuSUdJcEx5L2xpcURtczVVSw1= ZXdvPQ2= SUNBZ0lISmxjMlYwWVNoaEtUc3ZMK2FLaXVhdmorUzRnT1M5amVXdG1PZWFoT1d0bCtlc3B1V1BtT2FJa09hVnNPV3RseXpsdWJia3VKVG1pb3JtbGJEbnU0VGxqNDNvdjRmbW5hWGt2ci9rdW83bGtJN3BuYUxrdUkzbGtJemt2WTNtbGJEbm03amxpcUFLDW== SUNBZ0lISmxjMlYwWWloaUtUc0sN SUNBZ0lHWnZjaWhwYm5RZ2FTTTlJREE3SUdrZ1BDTnRZWGh1T3lCcEt5c3BDZz09DT== SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JqWVZ0cFhTQTlJR05oVzJsZElDc2dZMkpiYVYwN0NnPT0N SUNBZ0lDQWdJQ0JwWmloallWdHBYU0ErUFNBeUtYc0sN SUNBZ0lDTWdJT0FnSUNBZ1kyRmJhU3N4WFNBclBTTXhPd289DT== SUNBZ0lDQWdJQ0FnSUNBZ1kyRmJhVjBnTFQwZ01qc0sN SUNBZ0lDQWdJQ0I5Q2c9PQ0= SUNBZ0lIMEsN SUNBZ0lHSnZiMndnWm14aFp5QTlJSFJ5ZFdVN0NnPT0N SUNBZ3lITjBjbWx1WnlCaklEMGdJaUk3Q2c9PQ3= SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJRzFoZUc0Z0xTQXhPeUJwSUQ0OUlEQTdJR2t0TFNrSw0= SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JwWmlobWJHRm5JQ1ltSUdOaFcybGRJRDA5SURBcENnPT0N SUNBZ0lDQWdJQ0FnSUNBZ1kyOXVkR2x1ZFdVN0NnPT0N SUNBZ0lDQWdJQ0JwWmloallWdHBYU0FoUFNBd0tRbz0N SUNBZ0lDcWdJc0FnSUNBZ1pteGhaeUE5SUdaaGJITmxPd289Dc== SUNBZ2lDQWdJQ2JqSUNzOUlDaGpZVnRwWFNBcklDY3dKeWs3Q2c9PQ2= SUNBZ0lDQWdJQ0F2TDNCeWFXNTBaaWdpSldRaUxHTmhXMmxkS1RzSw0= SUNBZ0lIMEsN SUNBZ0lHbG1LR1pzWVdjcENnPT0N SUNBZ1lDQWdJQ1J5WlhSMWNtNGdJakFpT3dvPQ1= SUNBZ0lHVnNjMlVLDX== SUNBZ0lDdWdJd0J5WlhSMWNtNGdZenNLDd== ZlFvPQ0= Q2c9PQ0= YzNSeWFXNW5JRzFwYm5Vb2MzUnlhVzVuSUdFc0lITjBjbWx1WnlCaUtTOHY1WWVQNXJPVkNnPT0N ZXdvPQ0= SUNBZ0lHbHVkQ0J6YVdkdUlEMGdNRHNLDQ== SUNBZ0lHbG1LR050Y0NoaExDQmlLU0E5UFNBdE1Ta3ZMMkhrdUszbHVwVG9yNlhsclpqb3ZvUGxwS2ZubW9UcGdxUGt1S3JtbGJBSw0= SUNBZ0lIc0sN SUNBZ0lDQWdJQ0J6YVdkdUlEMGdNVHNLDQ== SUNBZ0lDQWdJQ0J6ZEhKcGJtY2dkR1Z0Y0NBOUlHRTdDZz09DQ== SUNBZ0lDQWdJQ0JoSUQwZ1lqc0sN SUNBZ0lDQWdJQ0JpSUQwZ2RHVnRjRHNLDQ== SUNBZ0lIMEsN SUNBZ0lISmxjMlYwWVNoaEtUc0sN SUNBZ0lISmxjMlYwWWloaUtUc0sN SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJREE3SUdrZ1BDQnRZWGh1T3lCcEt5c3BDZz09DQ== SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JwWmloallWdHBYU0E4SUdOaVcybGRLWHNLDQ== SUNBZ0lDQWdJQ0FnSUNBZ1kyRmJhU3N4WFNBdFBTQXhPd289DQ== SUNBZ0lDQWdJQ0FnSUNBZ1kyRmJhVjBnS3owZ01qc0sN SUNBZ0lDQWdJQ0I5Q2c9PQ0= SUNBZ0lDQWdJQ0JqWVZ0cFhTQTlJR05oVzJsZElDMGdZMkpiYVYwN0NnPT0N SUNBZ0lIMEsN SUNBZ0lHSnZiMndnWm14aFp5QTlJSFJ5ZFdVN0NnPT0N SUNBZ0lITjBjbWx1WnlCa0lEMGdJaUk3Q2c9PQ0= SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJRzFoZUc0Z0xTQXhPeUJwSUQ0OUlEQTdJR2t0TFNrSw0= SUNBZ0lIc0sN SUNBZ0lDQWdJQ0JwWmlobWJHRm5JQ1ltSUdOaFcybGRJRDA5SURBcENnPT0N SUNBZ0lDQWdJQ0FnSUNBZ1kyOXVkR2x1ZFdVN0NnPT0N SUNBZ0lDQWdJQ0JwWmloallWdHBYU0FoUFNBd0tRbz0N SUNBZ0lDQWdJQ0FnSUNBZ1pteGhaeUE5SUdaaGJITmxPd289DQ== SUNBZ0lDQWdJQ0JrSUNzOUlDaGpZVnRwWFNBcklDY3dKeWs3Q2c9PQ0= SUNBZ0lDQWdJQ0F2TDNCeWFXNTBaaWdpSldRaUxHTmhXMmxkS1RzSw0= SUNBZ0lIMEsN SUNBZ0lHbG1LR1pzWVdjcENnPT0N SUNBZ0lDQWdJQ0J5WlhSMWNtNGdJakFpT3dvPQ0= SUNBZ0lHVnNjMlVLDQ== SUNBZ0lDQWdJQ0J5WlhSMWNtNGdaRHNLDQ== ZlFvPQ0= Q2c9PQ0= YzNSeWFXNW5JRzExYkNoemRISnBibWNnZUN3Z2MzUnlhVzVuSUhrcEx5OXo1TGk2NTZ5bTVZKzM1TDJOQ2c9PQ0= ZXdvPQ0= SUNBZ0lHbHVkQ0JzWlc1NElEMGdlQzV6YVhwbEtDazdDZz09DQ== SUNBZ0lHbHVkQ0JzWlc1NUlEMGdlUzV6YVhwbEtDazdDZz09DQ== SUNBZ0lHbG1LR3hsYm5nZ1BUMGdNU2tLDQ== SUNBZ0lIc0sN SUNBZ0lDQWdJQ0F2TDJOdmRYUThQSGc4UENJZ0lDQWlQRHg1UER4bGJtUnNPd289DQ== SUNBZ0lDQWdJQ0JwWmloNElEMDlJQ0l4SWlBbUppQjVJRDA5SUNJeElpa0sN SUNBZ0lDQWdJQ0FnSUNBZ2NtVjBkWEp1SUNJeElqc0sN SUNBZ0lDQWdJQ0JsYkhObENnPT0N SUNBZ0lDQWdJQ0FnSUNBZ2NtVjBkWEp1SUNJd0lpQTdDZz09DQ== SUNBZ0lIMEsN Q2c9PQ0= SUNBZ0lDOHZjSEpwYm5SbUtDSWxaQzB0SldSY2JpSXNiR1Z1ZUN4c1pXNTVLVHNLDQ== Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCaExDQmlMQ0JqTEdRN0NnPT0N SUNBZ0lHRWdQU0I0TG5OMVluTjBjaWd3TENCc1pXNTRMeklwT3dvPQ0= SUNBZ0lHSWdQU0I0TG5OMVluTjBjaWhzWlc1NEx6SXNJR3hsYm5ndk1pazdDZz09DQ== SUNBZ0lHTWdQU0I1TG5OMVluTjBjaWd3TENCc1pXNTVMeklwT3dvPQ0= SUNBZ0lHUWdQU0I1TG5OMVluTjBjaWhzWlc1NUx6SXNJR3hsYm5rdk1pazdDZz09DQ== SUNBZ0lIQnlhVzUwWmlnaUpXUXRMU1ZrTFMwbFpDMHRKV1F0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMUzB0TFMwdExTMHRMU1ZrTFNWa1hHNGlMR0V1YzJsNlpTZ3BMQ0JpTG5OcGVtVW9LU3dnWXk1emFYcGxLQ2tzSUdRdWMybDZaU2dwTENCNExuTnBlbVVvS1N3Z2VTNXphWHBsS0NrcE93bz0N SUNBZ0lDOHZZMjkxZER3OGVEdzhJam9pUER4aFBEd2lJQ0k4UEdJOFBDSWdJanc4WXp3OElpQWlQRHhrUER4bGJtUnNPd289DQ== SUNBZ0lITjBjbWx1WnlCaFl5QTlJRzExYkNoaExDQmpLVHNLDQ== SUNBZ0lITjBjbWx1WnlCaVpDQTlJRzExYkNoaUxDQmtLVHNLDQ== SUNBZ0lDOHZZMjkxZER3OGVEdzhJam9pUER4aFl6dzhJaUFpUER4aVpEdzhaVzVrYkRzSw0= Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCaFlpQTlJRzFwYm5Vb1lTd2dZaWs3THk5aExXSUsN SUNBZ0lITjBjbWx1WnlCalpDQTlJRzFwYm5Vb1pDd2dZeWs3Q2c9PQ0= SUNBZ0lDOHZZMjkxZER3OGVEdzhJam9pUER4aFlqdzhJaUFpUER4alpEdzhaVzVrYkRzSw0= Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCaFltTmtJRDBnYlhWc0tHRmlMQ0JqWkNrN0NnPT0N SUNBZ0lDOHZZMjkxZER3OGVEdzhJam9pUER4aFltTmtQRHhsYm1Sc093bz0N Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCbWFYSnpkQ0E5SUdGak93bz0N SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJREE3SUdrZ1BDQW9iR1Z1ZUNrN0lHa3JLeWtLDQ== SUNBZ0lDQWdJQ0JtYVhKemRDQXJQU0FpTUNJN0NnPT0N SUNBZ0lDOHZZMjkxZER3OFlXTThQQ0lnTFMwdExTMWhZeTB0TFMwZ0lqdzhabWx5YzNROFBHVnVaR3c3Q2c9PQ0= Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCelpXTnZibVFnUFNCaFpHUW9ZV0pqWkN3Z1lXTXBPd289DQ== SUNBZ0lITmxZMjl1WkNBOUlHRmtaQ2h6WldOdmJtUXNJR0prS1RzSw0= SUNBZ0lHWnZjaWhwYm5RZ2FTQTlJREE3SUdrZ1BDQW9iR1Z1ZUM4eUtUc2dhU3NyS1FvPQ0= SUNBZ0lDQWdJQ0J6WldOdmJtUWdLejBnSWpBaU93bz0N Q2c9PQ0= SUNBZ0lITjBjbWx1WnlCbWFXNGdQU0JoWkdRb1ptbHljM1FzSUhObFkyOXVaQ2s3Q2c9PQ0= SUNBZ0lISmxkSFZ5YmlCaFpHUW9abWx1TENCaVpDazdDZz09DQ== Q2c9PQ0= ZlFvPQ0= Q2c9PQ0= YVc1MElHMWhhVzRvZG05cFpDa0sN ZXdvPQ0= SUNBZ0lITjBjbWx1WnlCNExDQjVPd289DQ== SUNBZ0lIQnlhVzUwWmlnaTZLKzM2TDZUNVlXbDVMaWs1TGlxNUxxTTZMK2I1WWkyNXBXdzVhMlhPaUFpS1RzSw0= SUNBZ0lHTnBiajQrZUQ0K2VUc0sN SUNBZ0lITjBjbWx1WnlCaGJuTWdQU0J0ZFd3b2VDd2dlU2s3Q2c9PQ0= SUNBZ0lHTnZkWFE4UEdGdWN6c0sN ZlFvPQ0=
2、结合题目提示和密文特征,猜测为Base64隐写,使用如下Python脚本进行解密。
base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" binstr="" strings = open('./base64.txt').read() e = strings.splitlines() for i in e: if i.find("==") > 0: temp = bin((base64.find(i[-3]) & 15))[2:] # 取倒数第3个字符,在base64找到对应的索引数(就是编码数),取低4位,再转换为二进制字符 binstr = binstr + "0" * (4 - len(temp)) + temp # 二进制字符补高位0后,连接字符到binstr elif i.find("=") > 0: temp = bin((base64.find(i[-2]) & 3))[2:] # 取倒数第2个字符,在base64找到对应的索引数(就是编码数),取低2位,再转换为二进制字符 binstr = binstr + "0" * (2 - len(temp)) + temp # 二进制字符补高位0后,连接字符到binstr str = "" for i in range(0, len(binstr), 8): str = str + chr(int(binstr[i:i + 8], 2)) # 从左到右,每取8位转换为ascii字符,连接字符到字符串 print(str)
运行脚本,得到flag。
flag:
flag{6aseb4_f33!}
![BUUCTF [SWPU2019]我有一只马里奥 1](https://ucc.alicdn.com/pic/developer-ecology/tycxnpqmgloi4_2fcff14df403426e9172d8c4553f958d.png?x-oss-process=image/resize,h_160,m_lfit)