2024春秋杯冬季赛Day1

1 Misc 简单镜像提取

Data.pcapng,http提出压缩包

Rstdio直接出

img

flag{E7A10C15E26AA5750070EF756AAA1F7C}

2 Misc 简单算术

Xor brute

img

flag{x0r_Brute_is_easy!}

3 Misc See anything in these pics?

Aztec扫描出密码5FIVE

img

解出YVL.jpg,发现后面跟了png,提出来发现是纯黑图,看了一下hex去爆破宽高出flag

img img

flag{opium_00pium}

4 Misc 压力大,写个脚本吧

批量解压,文件append,得到二维🐎扫描出flag

img

img

img

import base64 import time import zipfile import os import sys def try_password(z, password):

flag值:

flag{PASSWORDs_is_fl@g!}

5 Web easy_flask

操作内容:

Ssti fenjing一把梭

img 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
mport base64
import time
import zipfile
import os
import sys


def try_password(z, password):
    """尝试使用单个密码解压"""
    try:
        # 将密码转换为bytes
        pwd = password.encode('utf-8') if isinstance(password, str) else password
        z.extractall(pwd=pwd)
        print(f"成功使用密码: {password}")
        return True
    except Exception as e:
        print(f"密码 {password} 尝试失败")
        return False


def chengeChar(path):
    '''处理乱码'''
    if not os.path.exists(path):
        return path
    path = path.rstrip('/').rstrip('\\')
    file_name = os.path.split(path)[-1]
    file_path = os.path.split(path)[0]
    try:
        new_name = file_name.encode('cp437').decode('gbk')
    except:
        new_name = file_name.encode('utf-8').decode('utf-8')
    path2 = os.path.join(file_path, new_name)
    try:
        os.renames(path, path2)
    except:
        print('renames error!!')
    return path2


def del_zip(path):
    '''删除解压出来的zip包'''
    path = chengeChar(path)
    if path.endswith('.zip'):
        os.remove(path)
    elif os.path.isdir(path):
        for i in os.listdir(path):
            del_zip(os.path.join(path, i))


def unzip_file(z, zip_path, password):
    '''解压zip包'''
    # 创建与压缩包同名的目录
    unzip_path = os.path.splitext(zip_path)[0]
    if not os.path.exists(unzip_path):
        os.makedirs(unzip_path)

    try:
        if password:
            # 有密码时直接使用密码解压
            if not try_password(z, password):
                print(f"使用密码 {password} 解压失败")
                return
        else:
            # 无密码时尝试直接解压
            z.extractall(path=unzip_path)
    except Exception as e:
        print(f"解压出错: {e}")
        return

    # 解压成功后处理文件
    zip_list = z.namelist()
    z.close()
    for zip_file in zip_list:
        path = os.path.join(unzip_path, zip_file)
        if os.path.exists(path):
            main(path, password)




def get_password(index):
    """获取指定序号的密码"""
    try:
        password_file = f"./password_{index}.txt"
        with open(password_file) as f:
            return base64.b64decode(f.read().strip()).decode()
    except Exception as e:
        print(f"读取密码文件失败: {e}")
        return None


def main(path, password=None):
    '''主逻辑函数'''
    path = chengeChar(path)
    if not os.path.exists(path):
        print(f'路径不存在: {path}')
        return

    if path.endswith('.zip') and zipfile.is_zipfile(path):
        with zipfile.ZipFile(path, 'r') as z:
            unzip_file(z, path, password)  # 传入完整的zip文件路径
    elif os.path.isdir(path):
        for file_name in os.listdir(path):
            main(os.path.join(path, file_name), password)
    else:
        print(f"处理文件: {path}")



if __name__ == '__main__':
    # 从99到3逆序处理
    for i in range(98, -1, -1):
        # 复制文件
        os.popen(f"copy ")
        time.sleep(0.5)  # 等待文件复制完成

        zip_path = f'zip_{i}.zip'
        password = get_password(i)

        if password:
            print(f"处理 zip_{i}.zip, 密码: {password}")
            if os.path.isdir(zip_path):
                for file_name in os.listdir(zip_path):
                    main(os.path.join(zip_path, file_name), password)
            else:
                main(zip_path, password)

            # 清理解压后的文件
            if zipfile.is_zipfile(zip_path):
                del_zip(os.path.splitext(zip_path)[0])
        else:
            print(f"无法获取 zip_{i}.zip 的密码")
        # time.sleep(0.5)
1
2
3
4
5
6
import base64

for i in range(0,100):
    f=open(f"password_{i}.txt").read()
    open("flag.txt","a").write(base64.b64decode(f.strip()).decode()

flag{PASSWORDs_is_fl@g!}

5 Web easy_flask

Ssti fenjing一把梭

img

6 Crypto 通往哈希的旅程

Sha1爆破,先是试了md5和sha256,不对,改sha1出了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import hashlib
import time
from multiprocessing import Pool

def hash_encrypt(text):
    sha256 = hashlib.sha1()
    sha256.update(text.encode('utf-8'))
    return sha256.hexdigest()

def crack_range(start, end):
    """处理特定范围的号码"""
    target = "ca12fd8250972ec363a16593356abb1f3cf3a16d"
    prefix = "188"
    print(f"处理范围: {prefix}{start:08d}{prefix}{end:08d}")

    for i in range(start, end):
        phone = f"{prefix}{i:08d}"
        if hash_encrypt(phone) == target:
            print(f"找到匹配! 手机号: {phone}")
            return phone
        # 每处理100万个打印一次进度
        if i % 1000000 == 0:
            print(f"当前进度: {prefix}{i:08d}")
    return None

if __name__ == "__main__":
    start_time = time.time()

    # 计算每个线程处理的范围
    total_numbers = 100000000  # 总共需要处理的数字数量
    chunk_size = total_numbers // 16  # 将范围分成16份
    ranges = [(i * chunk_size, (i + 1) * chunk_size) for i in range(16)]

    # 使用进程池
    with Pool(16) as p:
        results = p.starmap(crack_range, ranges)

    # 处理结果
    result = next((r for r in results if r), None)

    end_time = time.time()

    if result:
        print(f"成功找到手机号: {result}")
        print(f"flag{{{result}}}")
    else:
        print("未找到匹配的手机号")

    print(f"总用时: {end_time - start_time:.2f}秒")

img

flag{18876011645}

7 Crypto 你是小哈斯?

还是爆破sha1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
import hashlib
import itertools
import string

# 哈希值列表
e_ = [
    "356a192b7913b04c54574d18c28d46e6395428ab",
    "da4b9237bacccdf19c0760cab7aec4a8359010b0",
    "77de68daecd823babbb58edb1c8e14d7106e83bb",
    "1b6453892473a467d07372d45eb05abc2031647a",
    "ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4",
    "c1dfd96eea8cc2b62785275bca38ac261256e278",
    "902ba3cda1883801594b6e1b452790cc53948fda",
    "fe5dbbcea5ce7e2988b8c69bcfdfde8904aabc1f",
    "0ade7c2cf97f75d009975f4d720d1fa6c19f4897",
    "b6589fc6ab0dc82cf12099d1c2d40ab994e8410c",
    "3bc15c8aae3e4124dd409035f32ea2fd6835efc9",
    "21606782c65e44cac7afbb90977d8b6f82140e76",
    "22ea1c649c82946aa6e479e1ffd321e4a318b1b0",
    "aff024fe4ab0fece4091de044c58c9ae4233383a",
    "58e6b3a414a1e090dfc6029add0f3555ccba127f",
    "4dc7c9ec434ed06502767136789763ec11d2c4b7",
    "8efd86fb78a56a5145ed7739dcb00c78581c5375",
    "95cb0bfd2977c761298d9624e4b4d4c72a39974a",
    "51e69892ab49df85c6230ccc57f8e1d1606caccc",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "7a81af3e591ac713f81ea1efe93dcf36157d8376",
    "516b9783fca517eecbd1d064da2d165310b19759",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "60ba4b2daa4ed4d070fec06687e249e0e6f9ee45",
    "d1854cae891ec7b29161ccaf79a24b00c274bdaa",
    "7a81af3e591ac713f81ea1efe93dcf36157d8376",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "c2b7df6201fdd3362399091f0a29550df3505b6a",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "3c363836cf4e16666669a25da280a1865c2d2874",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "27d5482eebd075de44389774fce28c69f45c8a75",
    "5c2dd944dde9e08881bef0894fe7b22a5c9c4b06",
    "13fbd79c3d390e5d6585a21e11ff5ec1970cff0c",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "395df8f7c51f007019cb30201c49e884b46b92fa",
    "11f6ad8ec52a2984abaafd7c3b516503785c2072",
    "84a516841ba77a5b4648de2cd0dfcb30ea46dbb4",
    "7a38d8cbd20d9932ba948efaa364bb62651d5ad4",
    "e9d71f5ee7c92d6dc9e92ffdad17b8bd49418f98",
    "d1854cae891ec7b29161ccaf79a24b00c274bdaa",
    "6b0d31c0d563223024da45691584643ac78c96e8",
    "5c10b5b2cd673a0616d529aa5234b12ee7153808",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "60ba4b2daa4ed4d070fec06687e249e0e6f9ee45",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "6b0d31c0d563223024da45691584643ac78c96e8",
    "58e6b3a414a1e090dfc6029add0f3555ccba127f",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "84a516841ba77a5b4648de2cd0dfcb30ea46dbb4",
    "22ea1c649c82946aa6e479e1ffd321e4a318b1b0",
    "e9d71f5ee7c92d6dc9e92ffdad17b8bd49418f98",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "84a516841ba77a5b4648de2cd0dfcb30ea46dbb4",
    "11f6ad8ec52a2984abaafd7c3b516503785c2072",
    "95cb0bfd2977c761298d9624e4b4d4c72a39974a",
    "395df8f7c51f007019cb30201c49e884b46b92fa",
    "c2b7df6201fdd3362399091f0a29550df3505b6a",
    "3a52ce780950d4d969792a2559cd519d7ee8c727",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "3c363836cf4e16666669a25da280a1865c2d2874",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "27d5482eebd075de44389774fce28c69f45c8a75",
    "5c2dd944dde9e08881bef0894fe7b22a5c9c4b06",
    "13fbd79c3d390e5d6585a21e11ff5ec1970cff0c",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "395df8f7c51f007019cb30201c49e884b46b92fa",
    "11f6ad8ec52a2984abaafd7c3b516503785c2072",
    "84a516841ba77a5b4648de2cd0dfcb30ea46dbb4",
    "7a38d8cbd20d9932ba948efaa364bb62651d5ad4",
    "e9d71f5ee7c92d6dc9e92ffdad17b8bd49418f98",
    "d1854cae891ec7b29161ccaf79a24b00c274bdaa",
    "6b0d31c0d563223024da45691584643ac78c96e8",
    "5c10b5b2cd673a0616d529aa5234b12ee7153808",
    "3a52ce780950d4d969792a2559cd519d7ee8c727",
    "22ea1c649c82946aa6e479e1ffd321e4a318b1b0",
    "aff024fe4ab0fece4091de044c58c9ae4233383a",
    "58e6b3a414a1e090dfc6029add0f3555ccba127f",
    "4dc7c9ec434ed06502767136789763ec11d2c4b7",
    "8efd86fb78a56a5145ed7739dcb00c78581c5375",
    "95cb0bfd2977c761298d9624e4b4d4c72a39974a",
    "51e69892ab49df85c6230ccc57f8e1d1606caccc",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "7a81af3e591ac713f81ea1efe93dcf36157d8376",
    "516b9783fca517eecbd1d064da2d165310b19759",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "60ba4b2daa4ed4d070fec06687e249e0e6f9ee45",
    "d1854cae891ec7b29161ccaf79a24b00c274bdaa",
    "7a81af3e591ac713f81ea1efe93dcf36157d8376",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "042dc4512fa3d391c5170cf3aa61e6a638f84342",
    "a0f1490a20d0211c997b44bc357e1972deab8ae3",
    "53a0acfad59379b3e050338bf9f23cfc172ee787",
    "4a0a19218e082a343a1b17e5333409af9d98f0f5",
    "07c342be6e560e7f43842e2e21b774e61d85f047",
    "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
    "54fd1711209fb1c0781092374132c66e79e2241b",
    "c2b7df6201fdd3362399091f0a29550df3505b6a",
    "356a192b7913b04c54574d18c28d46e6395428ab",
    "da4b9237bacccdf19c0760cab7aec4a8359010b0",
    "77de68daecd823babbb58edb1c8e14d7106e83bb",
    "1b6453892473a467d07372d45eb05abc2031647a",
    "ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4",
    "c1dfd96eea8cc2b62785275bca38ac261256e278",
    "902ba3cda1883801594b6e1b452790cc53948fda",
    "fe5dbbcea5ce7e2988b8c69bcfdfde8904aabc1f",
    "0ade7c2cf97f75d009975f4d720d1fa6c19f4897",
    "b6589fc6ab0dc82cf12099d1c2d40ab994e8410c",
    "3bc15c8aae3e4124dd409035f32ea2fd6835efc9",
    "21606782c65e44cac7afbb90977d8b6f82140e76",
]


def crack_hashes():
    # 字符集
    charset = string.ascii_letters + string.digits + "{}_"

    # 预先计算所有可能的单字符哈希值
    hash_dict = {}
    for char in charset:
        hash_value = hashlib.sha1(char.encode()).hexdigest()
        hash_dict[hash_value] = char

    # 解密并拼接flag
    flag = ""
    for hash_value in e_:
        if hash_value in hash_dict:
            flag += hash_dict[hash_value]
        else:
            print(f"未找到匹配的字符: {hash_value}")

    return flag


if __name__ == "__main__":
    flag = crack_hashes()
    print(f"Flag: {flag}")

flag{game_cqb_isis_cxyz}

#CTF #Misc #Web #Crypto
2024春秋杯冬季赛Day1
https://more678.github.io/2025/01/18/2024春秋杯冬季赛Day1/
作者
tenstrings
发布于
2025年1月18日
许可协议