https://buuoj.cn/challenges#%E8%9C%98%E8%9B%9B%E4%BE%A0%E5%91%80
out.pcap
所有的icmp
包后面都跟了一串数据,使用tshark
把这些全部提取出来
tshark -r out.pcap -T fields -e data > data.txt
有重复,Python去重
with open('data.txt', 'r') as file:
res_list = []
lines = file.readlines()
print('[+]去重之前一共{0}行'.format(len(lines)))
print('[+]开始去重,请稍等.....')
for i in lines:
if i not in res_list:
res_list.append(i)
print('[+]去重后一共{0}行'.format(len(res_list)))
print(res_list)
with open('data1.txt', 'w') as new_file:
for j in res_list:
new_file.write(j)
将十六进制数据转为字符
import binascii
with open('data1.txt','r') as file:
with open('data2.txt','wb') as data:
for i in file.readlines():
data.write(binascii.unhexlify(i[:-1]))
去掉首尾两行,再去掉$$START$$
和换行,Python将base64解码以字节流形式写成zip
import base64
with open('data3.txt','rb') as file:
with open('res.zip','wb') as new_file:
new_file.write(base64.b64decode(file.read()))
flag.gif
时间隐写
,真是我见过最骚的隐写,Ubuntu
下使用identify
identify -format "%T" flag.gif
2050502050502050205020202050202020205050205020502050205050505050202050502020205020505050205020206666
20
替换为0
50
替换为1
011011010100010000110101010111110011000101110100
>>>int('011011010100010000110101010111110011000101110100',2)
120139720634740
>>> hex(120139720634740)
'0x6d44355f3174'
>>> binascii.unhexlify('6d44355f3174')
b'mD5_1t'
>>> hashlib.md5('mD5_1t'.encode('utf-8')).hexdigest()
'f0f1003afe4ae8ce4aa8e8487a8ab3b6'
flag{f0f1003afe4ae8ce4aa8e8487a8ab3b6}