https://buuoj.cn/challenges#[SUCTF%202019]Game

BUUCTF:[SUCTF 2019]Game_Game


index.html中发现一串base32

BUUCTF:[SUCTF 2019]Game_Game_02

>>> import base64
>>> base64.b32decode('ON2WG5DGPNUECSDBNBQV6RTBNMZV6RRRMFTX2===')
b'suctf{hAHaha_Fak3_F1ag}'
>>>

并不是真的flag,但是这个后面有用,看到另外一张图,LSB发现一串base64

BUUCTF:[SUCTF 2019]Game_html_03

U2FsdGVkX1+zHjSBeYPtWQVSwXzcVFZLu6Qm0To/KeuHg8vKAxFrVQ==

这串base64解码后头部是Salted,应该是AES或者3DES

>>> base64.b64decode('U2FsdGVkX1+zHjSBeYPtWQVSwXzcVFZLu6Qm0To/KeuHg8vKAxFrVQ==')
b'Salted__\xb3\x1e4\x81y\x83\xedY\x05R\xc1|\xdcTVK\xbb\xa4&\xd1:?)\xeb\x87\x83\xcb\xca\x03\x11kU'

在线解密网站:https://www.sojson.com/encrypt_triple_des.html

密钥为之前的假flag:suctf{hAHaha_Fak3_F1ag}

BUUCTF:[SUCTF 2019]Game_html_04

flag{U_F0und_1t}