http://bmzclub.cn/challenges#crymisc

BMZCTF:crymisc_github


crymisc.docx打开发现是zip文件,修改后缀为zip解压

BMZCTF:crymisc_github_02


有密码,010 Editor打开查看发现是zip伪加密

BMZCTF:crymisc_github_03


修改标志位

BMZCTF:crymisc_后缀_04


保存,解压得到如下:

BMZCTF:crymisc_后缀_05


binwalk发现3.jpg尾部有zip文件

BMZCTF:crymisc_php_06


BMZCTF:crymisc_php_07

PS C:\Users\Administrator> php -r "echo base64_decode('SSB3YXMgcmVqZWN0ZWQuLi4uLi5USElTIElTIFRIRSBQQVNTV09SRDpJIFdhbm5hIENyeXl5ISEh');"
I was rejected......THIS IS THE PASSWORD:I Wanna Cryyy!!!
PS C:\Users\Administrator>

zip部分提取出来并添加文件头:50 4b

BMZCTF:crymisc_github_08


解压密码是:I Wanna Cryyy!!!

得到crymisc.txt

🔭💙🐰✊🌻🐧💙😘🌻🍶💐🍌🏊🍩🚁🏊👹🐶😀🐶😀😘👹💙🍂💇😀😀😩🌻🍟👂🍶💐🍌🏊🍩👆🏠🙇🍂🍂👼😱🚔🐶👉✊😱🏠🙇🍂🍂👼😱🚊😧💨💙💕
That is what i told her↑↑↑

网上的在线Emoji解码解不出来,得使用这个脚本:
https://github.com/pavelvodrazka/ctf-writeups/tree/master/hackyeaster2018/challenges/egg17/files/cracker

BMZCTF:crymisc_后缀_09

GACTF{H4ppy_Mi5c_H4ppy_L1fe}