攻防世界--misc--新手区

CTF CTF writeup
发布时间 :
阅读 :
  1. 攻防世界--misc--新手区
    1. 1 this_is_flag
    2. 2 ext3
    3. 3 give_you_flag
    4. 4 pdf
    5. 5 坚持60s
    6. 6 如来十三掌
    7. 7 gif
    8. 8 SimpleRAR
    9. 9 stegano
    10. 10 掀桌子
    11. 11 功夫再高也怕菜刀
    12. 12 base64stego
  • 今天在攻防世界上看见了一道关于base64隐写的题目,题目链接如下: 题目链接 打开压缩包提示需要输入密码,就打开压缩包的详细信息,但是什么都没有,然后就打开binwalk,查看发现没有隐藏文件。 然后想到可能是zip伪加密: zip文件有三个部分组成:压缩源文件数据区(第一个50 4B)+压缩源文件目录区(第二个50 4B)+压缩源文件目录结束标志(第三个50 4B) 伪加密一般存在于压缩源文件目录区,也就是第二个50 4B之后。 压缩源文件目录区:50 4B 01 02:目录中文件文件头标记 3F 03:压缩使用的 pkware版本 14 03:解压文件所需 pkware 版本 09 00:全局方式位标记(有无加密,这个更改这里进行伪加密,改为00 08打开就会提示有密码了) 使用winhex(或者C32ASM)打开文件后,找到第二个50 4B,往后数第七个和第八个,正常情况下应该是00 08,但这里是09 00; 修改完之后就可以正常解压了 ,打开txt之后,发现内容是base64加密过的 U3RlZ2Fub2dyYXBoeSBpcyB0aGUgYXJ0IGFuZCBzY2llbmNlIG9m IHdyaXRpbmcgaGlkZGVuIG1lc3NhZ2VzIGluIHN1Y2ggYSB3YXkgdGhhdCBubyBvbmV= LCBhcGFydCBmcm9tIHRoZSBzZW5kZXIgYW5kIGludGVuZGVkIHJlY2lwaWVudCwgc3VzcGU= Y3RzIHRoZSBleGlzdGVuY2Ugb2YgdGhlIG1lc3M= YWdlLCBhIGZvcm0gb2Ygc2VjdXJpdHkgdGhyb3VnaCBvYnNjdXJpdHkuIFS= aGUgd29yZCBzdGVnYW5vZ3JhcGh5IGlzIG9mIEdyZWVrIG9yaWdpbiBhbmQgbWVhbnMgImNvbmNlYW== bGVkIHdyaXRpbmciIGZyb20gdGhlIEdyZWVrIHdvcmRzIHN0ZWdhbm9zIG1lYW5pbmcgImNv dmVyZWQgb3IgcHJvdGVjdGVkIiwgYW5kIGdyYXBoZWluIG1lYW5pbmcgInRvIHc= cml0ZSIuIFRoZSBmaXJzdCByZWNvcmRlZCB1c2Ugb2YgdGhlIHRlcm0gd2FzIGluIDE0OTkgYnkgSm9o YW5uZXMgVHJpdGhlbWl1cyBpbiBoaXMgU3RlZ2Fub2dyYXBoaWEsIGEgdHJlYV== dGlzZSBvbiBjcnlwdG9ncmFwaHkgYW5kIHN0ZWdhbm9ncmFwaHkgZGlzZ8== dWlzZWQgYXMgYSBib29rIG9uIG1hZ2ljLiBHZW5lcmFsbHksIG1lc3P= YWdlcyB3aWxsIGFwcGVhciB0byBiZSBzb21ldGhpbmcgZWxzZTogaW1hZ2VzLCBhcnRp Y2xlcywgc2hvcHBpbmcgbGlzdHMsIG9yIHNvbWUgb3R= aGVyIGNvdmVydGV4dCBhbmQsIGNsYXNzaWNhbGx5LCB0aGUgaGlkZGVuIG1lc3NhZ2UgbWF5IGJlIGluIGludmm= c2libGUgaW5rIGJldHdlZW4gdGhlIHZpc2libGUgbGluZXMgb2YgYSBwcml2YXRlIGxldHRlci4NCg0KVGhl IGFkdmFudGFnZSBvZiBzdGVnYW5vZ3JhcGh5LCBvdmVyIGNy eXB0b2dyYXBoeSBhbG9uZSwgaXMgdGhhdCBtZXNzYWdlcyBkbyBub3QgYXR0cmFjdCBhdHRlbnRpb25= IHRvIHRoZW1zZWx2ZXMuIFBsYWlubHkgdmlzaWJsZSBlbmNyeXB0ZWQgbWVzc2FnZXOXbm8gbWF0dGVyIF== aG93IHVuYnJlYWthYmxll3dpbGwgYXJvdXNlIHN= dXNwaWNpb24sIGFuZCBtYXkgaW4gdGhlbXNlbHZlcyBiZSBpbmNyaW1pbmF0aW5nIP== aW4gY291bnRyaWVzIHdoZXJlIGVuY3J5cHRpb24gaXMgaWxsZWdhbC4gVGhlcmVmb3JlLH== IHdoZXJlYXMgY3J5cHRvZ3JhcGh5IHByb3RlY3RzIHRoZSBjb250ZW50cyBvZj== IGEgbWVzc2FnZSwgc3RlZ2Fub2dyYXBoeSBjYW4gYmUgc2FpZCB0byBwcm90ZWN0IGJ= b3RoIG1lc3NhZ2VzIGFuZCBjb21tdW5pY2F0aW5nIHBhcnRpZXMuDQoNClN0ZWdhbm9ncmFwaHkgaW5jbHW= ZGVzIHRoZSBjb25jZWFsbWVudCBvZiBpbmZvcm1hdGlvbiB3aXRoaW4gY29t cHV0ZXIgZmlsZXMuIEluIGRpZ2l0YWwgc3RlZ2Fub2dyYXBoeSwgZWxlY3Ryb25pYyBjb21tdW5pY2F0aW9u cyBtYXkgaW5jbHVkZSBzdGVnYW5vZ3JhcGhpYyBjb2RpbmcgaW5zaZ== ZGUgb2YgYSB0cmFuc3BvcnQgbGF5ZXIsIHN1Y2ggYXMgYSBkb2N1bWVudCBmaWxlLCBpbWFnZSBmaWx= ZSwgcHJvZ3JhbSBvciBwcm90b2NvbC4gTWVkaWEg ZmlsZXMgYXJlIGlkZWFsIGZvciBzdGVnYW5vZ3JhcGhpYyB0cmFuc21pc3Npb+== biBiZWNhdXNlIG9mIHRoZWlyIGxhcmdlIHNpemUuIEFzIB== YSBzaW1wbGUgZXhhbXBsZSwgYSBzZW5kZXIgbWlnaHQgc3RhcnQgd2l0aCBh biBpbm5vY3VvdXMgaW1hZ2UgZmlsZSBhbmQgYWRqdXN0IHRoZSBjb2xvciBvZiBldmVyeSAxMDB0aCBwaXhlbCD= dG8gY29ycmVzcG9uZCB0byBhIGxldHRlciBpbiB0aGUgYWxwaGFiZXQsIGF= IGNoYW5nZSBzbyBzdWJ0bGUgdGhhdCBzb21lb25lIG5vdCBzcGVjaWZpY2FsbHkgbG9va2luZyBm b3IgaXQgaXMgdW5saWtlbHkgdG8gbm90aWNlIGl0Lg0KDQpUaGU= IGZpcnN0IHJlY29yZGVkIHVzZXMgb2Ygc3RlZ2Fub2dyYXBoeSBjYW4gYmUgdHJ= YWNlZCBiYWNrIHRvIDQ0MCBCQyB3aGVuIEhlcm9kb3R1cyBtZW50aW9ucyB0d28gZXhhbXBsZXMgb+== ZiBzdGVnYW5vZ3JhcGh5IGluIFRoZSBIaXN0b3JpZXMgb2Yg SGVyb2RvdHVzLiBEZW1hcmF0dXMgc2VudCBhIHdhcm5pbmcgYWJvdXQgYSB= Zm9ydGhjb21pbmcgYXR0YWNrIHRvIEdyZWVjZSBieSB3 cml0aW5nIGl0IGRpcmVjdGx5IG9uIHRoZSB3b29kZW4gYmFja2luZyBvZiBhIHdheCB0YWJsZXQgYmVm b3JlIGFwcGx5aW5nIGl0cyBiZWVzd2F4IHN1cmZhY2UuIFdheCB0YWJsZXRzIHdlcmUgaW4gY29tbW9uIHVzZV== IHRoZW4gYXMgcmV1c2FibGUgd3JpdGluZyBzdXJmYWNlcywgc29tZXRpbWX= cyB1c2VkIGZvciBzaG9ydGhhbmQuIEFub3RoZXIgYW5jaWVudCBleGFtcGxlIGlzIHRoYXQgb9== ZiBIaXN0aWFldXMsIHdobyBzaGF2ZWQgdGhlIGhlYWQgb2YgaGlzIG1vc3QgdHJ1c3RlZCBz bGF2ZSBhbmQgdGF0dG9vZWQgYSBtZXNzYWdlIG9uIGl0LiBBZnRlciBoaXMgaGFpciBoYWQgZ5== cm93biB0aGUgbWVzc2FnZSB3YXMgaGlkZGVuLiBUaGUgcHVycG9zZSB3YXMgdG+= IGluc3RpZ2F0ZSBhIHJldm9sdCBhZ2FpbnN0IHRoZSBQZXJzaWFucy4NCg0KU3RlZ2Fub2dyYXBoeSBoYXMgYm== ZWVuIHdpZGVseSB1c2VkLCBpbmNsdWRpbmcgaW4gcmVjZW50IGhpc3RvcmljYWwgdGltZXMgYW5kIHT= aGUgcHJlc2VudCBkYXkuIFBvc3NpYmxlIHBlcm11dGF0aW9ucyBhcmUgZW5kbGVzcyBhbmT= IGtub3duIGV4YW1wbGVzIGluY2x1ZGU6DQoqIEhpZGRlbiBtZXNzYWdlcyB3aXRoaW4gd2F4IHRh YmxldHM6IGluIGFuY2llbnQgR3JlZWNlLCBwZW9wbGUgd3JvdGUgbWV= c3NhZ2VzIG9uIHRoZSB3b29kLCB0aGVuIGNvdmVyZWQgaXQgd2l0aCB3YXggdXBvbiB3aGljaCBhbiBpbm5vY2Vu dCBjb3ZlcmluZyBtZXNzYWdlIHdhcyB3cml0dGVu Lg0KKiBIaWRkZW4gbWVzc2FnZXMgb24gbWVzc2VuZ2VyJ3MgYm9keTogYWxzbyB1c2VkIGluIGFuY2llbt== dCBHcmVlY2UuIEhlcm9kb3R1cyB0ZWxscyB0aGUgc3Rvcnkgb1== ZiBhIG1lc3NhZ2UgdGF0dG9vZWQgb24gYSBzbGF2ZSdzIHNoYXZlZCBoZWFkLCBoaWRkZW4gYnkgdGhl IGdyb3d0aCBvZiBoaXMgaGFpciwgYW5kIGV4cG9zZWQgYnkgc2hhdmluZyBoaXMgaGVhZM== IGFnYWluLiBUaGUgbWVzc2FnZSBhbGxlZ2VkbHkgY2FycmllZCBhIHdhcm5pbmcgdG8gR3JlZWNlIGFib5== dXQgUGVyc2lhbiBpbnZhc2lvbiBwbGFucy4gVGh= aXMgbWV0aG9kIGhhcyBvYnZpb3VzIGRyYXdiYWNrcyz= IHN1Y2ggYXMgZGVsYXllZCB0cmFuc21pc3Npb24gd2hpbGUgd2FpdGluZyBmb3IgdGhlIHP= bGF2ZSdzIGhhaXIgdG8gZ3JvdywgYW5kIHRoZSByZXN0cmljdGlvbnMgb3== biB0aGUgbnVtYmVyIGFuZCBzaXplIG9mIG1lc3M= YWdlcyB0aGF0IGNhbiBiZSBlbmNvZGVkIG9uIG9uZSBwZXJzb24= J3Mgc2NhbHAuDQoqIEluIFdXSUksIHRoZSBGcmVuY2ggUmVzaXN0YW5jZSBzZW50IHNvbWUgbWVzc2FnZXMgd2== cml0dGVuIG9uIHRoZSBiYWNrcyBvZiBjb3VyaWVycyD= dXNpbmcgaW52aXNpYmxlIGluay4NCiogSGlkZGVuIG1lc3NhZ2VzIG9uIHBhcGVyIHdy aXR0ZW4gaW4gc2VjcmV0IGlua3MsIHVuZGVyIG90aGVyIG1lc3NhZ2Vz IG9yIG9uIHRoZSBibGFuayBwYXJ0cyBvZiBvdGhlct== IG1lc3NhZ2VzLg0KKiBNZXNzYWdlcyB3cml0dGVuIGluIE1vcnNlIGNvZGUgb24ga25pdHRpbmcgeWFybiBhbmQg dGhlbiBrbml0dGVkIGludG8gYSBwaWVjZSBvZiBjbG90aGluZyB3b3K= biBieSBhIGNvdXJpZXIuDQoqIE1lc3NhZ2VzIHdyaXR0ZW4gb24gdGhlIGJhY2sgb5== ZiBwb3N0YWdlIHN0YW1wcy4NCiogRHVyaW5nIGFuZCBhZnRlcm== IFdvcmxkIFdhciBJSSwgZXNwaW9uYWdlIGFnZW50cyB1c2VkIHBob3RvZ3JhcGhpY2FsbHkgcO== cm9kdWNlZCBtaWNyb2RvdHMgdG8gc2VuZCBpbmZvcm1hdGlvbiBiYWNrIGFuZH== IGZvcnRoLiBNaWNyb2RvdHMgd2VyZSB0eXBpY2FsbHkg bWludXRlLCBhcHByb3hpbWF0ZWx5IGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgcGVyaW9kIHByb2R= dWNlZCBieSBhIHR5cGV3cml0ZXIuIFdXSUkgbWljcm9kb3RzIG5lZWRlZCB0byBiZSBlbWJlZGRlZB== IGluIHRoZSBwYXBlciBhbmQgY292ZXJlZCB3aXRoIGFuIGFkaGVzaXZlIChzdWNoIGFzIGNvbGxvZGlvbikuIFR= aGlzIHdhcyByZWZsZWN0aXZlIGFuZCB0aHVzIGRldGVjdGFibGUg Ynkgdmlld2luZyBhZ2FpbnN0IGdsYW5jaW5nIGxpZ2h0LiBBbHRlcm5hdGl2ZSB0ZWNobmlxdWVzIGluY2x1ZGVk IGluc2VydGluZyBtaWNyb2RvdHMgaW50byBzbGl0cyBjdXQgaW50byB0aGUgZWRnZSBvZv== IHBvc3QgY2FyZHMuDQoqIER1cmluZyBXb3JsZCBXYXIgSUksIGEgc3B5IGZvciB= SmFwYW4gaW4gTmV3IFlvcmsgQ2l0eSwgVmVsdmFsZWW= IERpY2tpbnNvbiwgc2VudCBpbmZvcm1hdGlvbiB0byBhY2NvbW1vZGF0aW9= biBhZGRyZXNzZXMgaW4gbmV1dHJhbCBTb3V0aCBBbWVyaWO= YS4gU2hlIHdhcyBhIGRlYWxlciBpbiBkb2xscywgYW5kIG== aGVyIGxldHRlcnMgZGlzY3Vzc2VkIGhvdyBtYW55IG9mIHRoaXMgb3IgdGhhdCBkb2xs IHRvIHNoaXAuIFRoZSBzdGVnb3RleHQgd2FzIHRoZSBkb2xsIG9yZGVycywgd2hpbGUgdGhl IGNvbmNlYWxlZCAicGxhaW50ZXh0IiB3YXMgaXRzZWxmIGVuY2+= ZGVkIGFuZCBnYXZlIGluZm9ybWF0aW9uIGFib3V0IHNoaXAgbW92ZW1lbnRzLF== IGV0Yy4gSGVyIGNhc2UgYmVjYW1lIHNvbWV3aGF0IGZh bW91cyBhbmQgc2hlIGJlY2FtZSBrbm93biBhcyB0aGX= IERvbGwgV29tYW4uDQoqIENvbGQgV2FyIGNvdW50 ZXItcHJvcGFnYW5kYS4gSW4gMTk2OCwgY3JldyBtZW1iZW== cnMgb2YgdGhlIFVTUyBQdWVibG8gKEFHRVItMikgaW50ZWxsaWdlbmNlIHNoaXAgaGVsZCBhcyBwcm== aXNvbmVycyBieSBOb3J0aCBLb3JlYSwgY29tbXVuaWNhdGVkIGluIHNpZ25= IGxhbmd1YWdlIGR1cmluZyBzdGFnZWQgcGhvdG8gb3Bwb3J0 dW5pdGllcywgaW5mb3JtaW5nIHRoZSBVbml0ZWQgU3RhdGVzIHRoZXkg d2VyZSBub3QgZGVmZWN0b3JzIGJ1dCByYXRoZXIgd2VyZSBiZWluZyBoZWxkIGNh cHRpdmUgYnkgdGhlIE5vcnRoIEtvcmVhbnMuIEluIG90aGVyIHBob3Rv cyBwcmVzZW50ZWQgdG8gdGhlIFVTLCBjcmV3IG1lbWJlcnMgZ2F2ZSAidGhlIGZpbmdlciIgdG8g dGhlIHVuc3VzcGVjdGluZyBOb3J0aCBLb3JlYW5zLCBpbiBhbiBhdHRlbXB0IHRvIE== ZGlzY3JlZGl0IHBob3RvcyB0aGF0IHNob3dlZCB0aGVtIHNtaQ== bGluZyBhbmQgY29tZm9ydGFibGUuDQoNCi0tDQpodHRwOi8vZW4ud2lraXBlZGlhLm9yZw== L3dpa2kvU3RlZ2Fub2dyYXBoeQ0K 解密之后发现是一篇关于介绍隐写术的文章: Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspeage, a form of security through obscurity. The word steganography is of Greek origin and means “concealed writing” from the Greek words steganos meaning “covered or protected”, and graphein meaning “to write”. The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages no matter how unbreakable will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image filn because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in The Histories of Herodotus. Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include: Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written Hidden messages on messenger’s body: also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave’s shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece abois method has obvious drawbacks, such as delayed transmission while waiting for the sn the number and size of messages that can be encoded on one person’s scalp. In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink. Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. Messages written on the back of postage stamps. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, approximately less than the size of the period produced by a typewriter. WWII microdots needed to be embedded in the paper and covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, while the concealed “plaintext” was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman. Cold War counter-propaganda. In 1968, crew members of the USS Pueblo (AGER-2) intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors but rather were being held captive by the North Koreans. In other photos presented to the US, crew members gave “the finger” to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable. http://en.wikipedia.org/wiki/Steganography 在线翻译了一下: 隐写术是一门艺术和科学,它以一种除了发送者和预期接收者之外,任何人都无法通过隐藏的方式来书写隐藏的信息。“隐写术”一词源于希腊语,意为“隐藏的写作”, 源于希腊语单词steganos,意为“覆盖或保护”,而graphein意为“写作”。1499年,约翰内斯·特里特米乌斯(Johannes Trithemius)在他的《隐写术》(Steganographia)一书中首次使用了这个词。 一般情况下,信息会以其他形式出现:图像、文章、购物清单或其他一些隐藏文本,通常,隐藏的信息可能是私人信件可见行之间的隐形墨水。 与密码学相比,隐写术的优势在于,消息本身不会引起注意。显而易见的加密信息,无论多么牢不可破,都会引起怀疑,而且在加密非法的国家,这些信息本身就可能构成犯罪。 因此,虽然密码学保护消息的内容,但是隐写术可以同时保护消息和通信方。 隐写术包括在计算机文件中隐藏信息。在数字隐写术中,由于传输层(如文档文件、图像文件)的大尺寸,电子通信可能包括传输层内部的隐写编码。举个简单的例子, 发送者可能从一个无害的图像文件开始,每100个像素调整一次颜色,使之与字母表中的一个字母相对应,这种变化如此细微,以至于没有专门查找它的人不太可能注意到它。 有记录的第一次使用隐写术可以追溯到公元前440年,希罗多德在他的历史中提到了两个隐写术的例子。德玛拉图斯在涂上蜂蜡表面之前,直接把它写在一块蜡板的木制底座上, 警告希腊即将受到攻击。蜡片当时普遍用作可重复使用的书写表面,有时也用于速记。另一个古老的例子是希斯提厄斯,他剃光了他最信任的奴隶的头,并在上面纹了一条信息。 他的头发长了以后,这条信息就被藏了起来。目的是煽动对波斯人的起义。 隐写术已被广泛应用,包括在最近的历史时期和今天。可能的排列是无穷无尽的,已知的例子包括: *蜡版内的隐藏信息:在古希腊,人们把信息写在木头上,然后用蜡把木头盖上,在上面写上一个无辜的信息 *信使身体上的隐藏信息:也用于古希腊。希罗多德讲了一个故事,一个奴隶剃光了头,上面纹着一条信息,隐藏在他的头发后面,再剃一次头就露出来了。 据称,这条信息带有向希腊发出警告的信息,abois方法有明显的缺陷,比如在等待sn时传输延迟。sn是可以在一个人的头皮上编码的信息的数量和大小。 *二战期间,法国抵抗运动用隐形墨水在信使的背上写了一些信息。 *用秘密墨水写在纸上的隐藏信息,在其他信息下面或其他信息的空白部分。 *用莫尔斯电码写在针织纱线上的信息,然后编织成快递员穿的衣服。 写在邮票背面的信息。 *在第二次世界大战期间和之后,间谍人员使用照相制作的微粒来来回传送信息。微粒通常是微小的,大约比打字机产生的周期的大小还要小。第二次世界大战的微粒需要嵌入在纸上, 并覆盖上粘合剂(如胶棉)。这是反射的,因此可以通过对光的观察来检测。其他的技术包括将微粒插入明信片边缘的缝隙中。 *第二次世界大战期间,驻纽约的日本间谍维瓦利·迪金森(Velvalee Dickinson)将信息发送到中立的南美的住宿地址。她是一个玩偶经销商,她在信中讨论了要运送多少个这样或那样的玩偶。 隐写文本是娃娃的命令,而隐藏的“明文”本身是编码的,并提供有关船只移动等信息。她的情况变得有点出名,她成为众所周知的娃娃女人。 *冷战反宣传。1968年,被朝鲜扣押的美国普韦布洛号(USS Pueblo, AGER-2)号情报舰的船员在拍照时用手语交流,告知美国他们不是叛逃者,而是被朝鲜扣押的。在提交给美国的其他照片中, 机组人员向毫无戒心的朝鲜人竖起了“手指”,试图抹掉他们微笑和舒适的照片。 – http://en.wikipedia.org/wiki/Steganography 之后就没有思路了,然后看了wp,发现需要写一个base64解密的脚本,我晕,解密工具果然还是有不足之处的。 下面就是关于base64隐写的介绍了: 大家可以从上面的图片看到一个字母A对应的ascll值有八位,而base64的一个字母只占6位(原因如下:大家可以看到base64的所有加密后的内容也就这63个字符,也就是说用二进制的话6位就足够了!!) 所以一一对应过去我们发现每一个字母都多出来了两个空位,又因为3*8=4*6,所以一班base64都是用四个一组表示三个字母,如果字母不足三个,比如上上图的BC我们用base64表示就是QkM=,就是因为空出来的地方用‘=’表示了。在知道了这些之后呢我们就进入了正题。   在这里如果我们想隐藏一些内容需要怎么办呢?大家应该知道,base64在解码的时候是根据等号的个数进行的。也就是说我有一个等号,我就会去掉八个0-------------例如:上图的A对应的二进制位为01000001,补全之后为01000001    0000,对应的base64的编码为QQ(010000     010000),所以之后有两个‘=’。在解码的时候我就要在去掉=对应的6个零的同时在去掉4个0,也就是解码的时候会解析01000001而不是010000010000。这时候我们会发现了,我们去掉的这四个0是不是可以用来隐藏信息???反正解码的时候会被裁剪掉,那我干脆就在后面做一些手脚,用base64来混淆视听。   hhhh讲到这里大家是不是有所领悟呢?也就是说我前面放的txt内容其实都是被混淆过的!!所以想得到真正的base64就应该把题目中的密文解密然后在加密。对比后就得到了隐藏内容。   下面放上py脚本 def get_base64_diff_value(s1, s2): base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' res = 0 for i in xrange(len(s1)): if s1[i] != s2[i]: return abs(base64chars.index(s1[i]) - base64chars.index(s2[i])) return res def solve_stego(): with open("D:/CTF Practice/stego.txt", "rb") as f: file_lines = f.readlines() bin_str = '' for line in file_lines: steg_line = line.replace('\n', '') norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '') diff = get_base64_diff_value(steg_line, norm_line) pads_num = steg_line.count('=') if diff: bin_str += bin(diff)[2:].zfill(pads_num * 2) else: bin_str += '0' * pads_num * 2 res_str = '' for i in xrange(0, len(bin_str), 8): res_str += chr(int(bin_str[i:i+8], 2)) print res_str solve_stego() 这个脚本也是git上的,不是我原创的哈(声明下)。 我在这里解释下这个脚本。 steg_line = line.replace('\n', '') norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '') 这个是我们应该第一个注意的地方,第二个norm_line为何先decode又encode??这就是我刚才提到的解密后去掉多余0,然后加密后真正的base64就还原了。之后才可以对比    def get_base64_diff_value(s1, s2): 这个函数就是用来比较差异然后得出来差异的位数的。比如加密之后的最后一位是g,原密码为m,这个函数就得出来m与g相差6,也就是110.之后在主函数里在110前面补上一个0,补的原理是把=个数乘2,得到位数。例如:2*2=4,那么110前面就要补一个0编程0110   嗯。。。。这里就讲完了这次比赛的一道题。我是有所收获的,希望带给大家一些灵感。谢谢~~                            Made By  Pinging!!!~~ BXS Come On~~~!!!!  

    • 攻防世界--misc--新手区


    1 this_is_flag

    Most flags are in the form flag{xxx}, for example:flag{th1s_!s_a_d4m0_4la9}

    flag{th1s_!s_a_d4m0_4la9}

    2 ext3

    今天是菜狗的生日,他收到了一个linux系统光盘

    将linux系统光盘放在linux下,在linux光盘目录下使用strings linux|grep flag,查找与flag相关的文件;root模式下使用mount linux /mnt命令将linux光盘挂载在mnt目录下,切换到mnt目录,使用cat O7avZhikgKgbF/flag.txt命令即可对flag内容进行读取,发现是一个base64编码,解密后得到flag.

    flag{sajbcibzskjjcnbhsbvcjbjszcszbkzj}

    3 give_you_flag

    菜狗找到了文件中的彩蛋很开心,给菜猫发了个表情包

    一个.gif图片,用stegsolve的查看帧的功能模块查看,发现一个缺少三个定位部分的二维码,将其补全,扫一扫即可。

    flag{e7d478cf6b915f50ab1277f78502a2c5}

    https://cli.im/news/help/10601
    https://blog.csdn.net/hk_5788/article/details/50839790
    https://zhuanlan.zhihu.com/p/21463650
    https://www.jianshu.com/p/8208aad537bb

    4 pdf

    菜猫给了菜狗一张图,说图下面什么都没有

    将文件打开,删除掉最外面的图片,flag便显示出来了

    flag{security_through_obscurity}

    5 坚持60s

    菜狗发现最近菜猫不爱理他,反而迷上了菜鸡

    下载发现是一个.jar的游戏,使用java反编译工具,查看源码,得到flag.

    flag{RGFqaURhbGlfSmlud2FuQ2hpamk=}

    6 如来十三掌

    菜狗为了打败菜猫,学了一套如来十三掌。

    在“与佛论禅”解密,得到一段疑似base64的编码,如来十三掌,rot13一下,再base64解密即可得到flag.

    flag{bdscjhbkzmnfrdhbvckijndskvbkjdsab}

    7 gif

    菜狗截获了一张菜鸡发给菜猫的动态图,却发现另有玄机

    打开压缩包发现许多张黑白颜色的图片,将黑白图片分别记为1,0,得到01100110011011000110000101100111011110110100011001110101010011100101111101100111011010010100011001111101,转化为字符串形式即可。

    #gif 二进制转字符串
    import re
        a = ‘01100110011011000110000101100111011110110100011001110101010011100101111101100111011010010100011001111101’
        b = re.findall(r’.{8}’,a)
        flag = ‘’
        for i in b:
            flag += chr(int(i,2))
        print(flag)

    flag{FuN_giF}

    8 SimpleRAR

    菜狗最近学会了拼图,这是他刚拼好的,可是却搞错了一块(ps:双图层)

    将压缩包直接解压,发现压缩包损坏,但得到了一个flag.txt,根据提示flag应该在剩余的文件中,将压缩包放在winhex下,根据flag.txt的内容,补齐图片格式再次解压得到一个空白图片,放在winhex下,发现是一个.gif图片,使用stegsolve帧功能模块,得到两张不同的帧图片,调节颜色,得到两张残缺的二维码图片,合并补齐后,扫一扫即可。

    flag{yanji4n_bu_we1shi}

    9 stegano

    菜狗收到了图后很开心,玩起了pdf(flag格式为大写)

    用google浏览器中打开pdf文件,然后Ctrl+A选中所有文字,在Ctrl+C复制,接着粘贴到一个txt文本中,得到一串AB编码而成的字符串,将A变为 . ,B变为 - ,摩斯解密为CONGRATULATIONSnullFLAGnull1NV151BL3M3554G3,即flag为1NV151BL3M3554G3

    flag{1NV151BL3M3554G3}

    10 掀桌子

    菜狗截获了一份报文如下c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2,生气地掀翻了桌子(╯°□°)╯︵ ┻━┻

    通过观察,试着将16进制字符转为字符串,发现不能直接转化,试着将ascii码值减去128再转化,得到flag.

    #
#掀桌子脚本,十六进制转字符串
import re
a = ‘c8e9aca0c6f2e5f3e8c4efe7a1a0d4e8e5a0e6ece1e7a0e9f3baa0e8eafae3f9e4eafae2eae4e3eaebfaebe3f5e7e9f3e4e3e8eaf9eaf3e2e4e6f2’
b = re.findall(r’.{2}’,a)
flag = ‘’
for i in b:
flag += chr(int(int(i,16)-128))
print(flag)





    flag{hjzcydjzbjdcjkzkcugisdchjyjsbdfr}

    11 功夫再高也怕菜刀

    菜狗决定用菜刀和菜鸡决一死战

    foremost分离文件,得到一个加密的压缩包,点进去查看发现一个flag.txt文件,wireshark下查找flag.txt字符串,追踪TCP流,最终在第1150个包发现一段图片的16进制编码,将其用winhex另存为一个图片,得到压缩包的密码,解压得到flag.

    flag{3OpWdJ-JP6FzK-koCMAK-VkfWBq-75Un2z}

    12 base64stego

    今天在攻防世界上看见了一道关于base64隐写的题目,题目链接如下:

    题目链接

    打开压缩包提示需要输入密码,就打开压缩包的详细信息,但是什么都没有,然后就打开binwalk,查看发现没有隐藏文件。

    然后想到可能是zip伪加密:

          zip文件有三个部分组成:压缩源文件数据区(第一个50 4B)+压缩源文件目录区(第二个50 4B)+压缩源文件目录结束标志(第三个50 4B)

      伪加密一般存在于压缩源文件目录区,也就是第二个50 4B之后。

      压缩源文件目录区:50 4B 01 02:目录中文件文件头标记

                                        3F 03:压缩使用的 pkware版本

                                        14 03:解压文件所需 pkware 版本

                                        09 00:全局方式位标记(有无加密,这个更改这里进行伪加密,改为00 08打开就会提示有密码了)

      使用winhex(或者C32ASM)打开文件后,找到第二个50 4B,往后数第七个和第八个,正常情况下应该是00 08,但这里是09 00;
    修改完之后就可以正常解压了 ,打开txt之后,发现内容是base64加密过的

    U3RlZ2Fub2dyYXBoeSBpcyB0aGUgYXJ0IGFuZCBzY2llbmNlIG9m
    IHdyaXRpbmcgaGlkZGVuIG1lc3NhZ2VzIGluIHN1Y2ggYSB3YXkgdGhhdCBubyBvbmV=
    LCBhcGFydCBmcm9tIHRoZSBzZW5kZXIgYW5kIGludGVuZGVkIHJlY2lwaWVudCwgc3VzcGU=
    Y3RzIHRoZSBleGlzdGVuY2Ugb2YgdGhlIG1lc3M=
    YWdlLCBhIGZvcm0gb2Ygc2VjdXJpdHkgdGhyb3VnaCBvYnNjdXJpdHkuIFS=
    aGUgd29yZCBzdGVnYW5vZ3JhcGh5IGlzIG9mIEdyZWVrIG9yaWdpbiBhbmQgbWVhbnMgImNvbmNlYW==
    bGVkIHdyaXRpbmciIGZyb20gdGhlIEdyZWVrIHdvcmRzIHN0ZWdhbm9zIG1lYW5pbmcgImNv
    dmVyZWQgb3IgcHJvdGVjdGVkIiwgYW5kIGdyYXBoZWluIG1lYW5pbmcgInRvIHc=
    cml0ZSIuIFRoZSBmaXJzdCByZWNvcmRlZCB1c2Ugb2YgdGhlIHRlcm0gd2FzIGluIDE0OTkgYnkgSm9o
    YW5uZXMgVHJpdGhlbWl1cyBpbiBoaXMgU3RlZ2Fub2dyYXBoaWEsIGEgdHJlYV==
    dGlzZSBvbiBjcnlwdG9ncmFwaHkgYW5kIHN0ZWdhbm9ncmFwaHkgZGlzZ8==
    dWlzZWQgYXMgYSBib29rIG9uIG1hZ2ljLiBHZW5lcmFsbHksIG1lc3P=
    YWdlcyB3aWxsIGFwcGVhciB0byBiZSBzb21ldGhpbmcgZWxzZTogaW1hZ2VzLCBhcnRp
    Y2xlcywgc2hvcHBpbmcgbGlzdHMsIG9yIHNvbWUgb3R=
    aGVyIGNvdmVydGV4dCBhbmQsIGNsYXNzaWNhbGx5LCB0aGUgaGlkZGVuIG1lc3NhZ2UgbWF5IGJlIGluIGludmm=
    c2libGUgaW5rIGJldHdlZW4gdGhlIHZpc2libGUgbGluZXMgb2YgYSBwcml2YXRlIGxldHRlci4NCg0KVGhl
    IGFkdmFudGFnZSBvZiBzdGVnYW5vZ3JhcGh5LCBvdmVyIGNy
    eXB0b2dyYXBoeSBhbG9uZSwgaXMgdGhhdCBtZXNzYWdlcyBkbyBub3QgYXR0cmFjdCBhdHRlbnRpb25=
    IHRvIHRoZW1zZWx2ZXMuIFBsYWlubHkgdmlzaWJsZSBlbmNyeXB0ZWQgbWVzc2FnZXOXbm8gbWF0dGVyIF==
    aG93IHVuYnJlYWthYmxll3dpbGwgYXJvdXNlIHN=
    dXNwaWNpb24sIGFuZCBtYXkgaW4gdGhlbXNlbHZlcyBiZSBpbmNyaW1pbmF0aW5nIP==
    aW4gY291bnRyaWVzIHdoZXJlIGVuY3J5cHRpb24gaXMgaWxsZWdhbC4gVGhlcmVmb3JlLH==
    IHdoZXJlYXMgY3J5cHRvZ3JhcGh5IHByb3RlY3RzIHRoZSBjb250ZW50cyBvZj==
    IGEgbWVzc2FnZSwgc3RlZ2Fub2dyYXBoeSBjYW4gYmUgc2FpZCB0byBwcm90ZWN0IGJ=
    b3RoIG1lc3NhZ2VzIGFuZCBjb21tdW5pY2F0aW5nIHBhcnRpZXMuDQoNClN0ZWdhbm9ncmFwaHkgaW5jbHW=
    ZGVzIHRoZSBjb25jZWFsbWVudCBvZiBpbmZvcm1hdGlvbiB3aXRoaW4gY29t
    cHV0ZXIgZmlsZXMuIEluIGRpZ2l0YWwgc3RlZ2Fub2dyYXBoeSwgZWxlY3Ryb25pYyBjb21tdW5pY2F0aW9u
    cyBtYXkgaW5jbHVkZSBzdGVnYW5vZ3JhcGhpYyBjb2RpbmcgaW5zaZ==
    ZGUgb2YgYSB0cmFuc3BvcnQgbGF5ZXIsIHN1Y2ggYXMgYSBkb2N1bWVudCBmaWxlLCBpbWFnZSBmaWx=
    ZSwgcHJvZ3JhbSBvciBwcm90b2NvbC4gTWVkaWEg
    ZmlsZXMgYXJlIGlkZWFsIGZvciBzdGVnYW5vZ3JhcGhpYyB0cmFuc21pc3Npb+==
    biBiZWNhdXNlIG9mIHRoZWlyIGxhcmdlIHNpemUuIEFzIB==
    YSBzaW1wbGUgZXhhbXBsZSwgYSBzZW5kZXIgbWlnaHQgc3RhcnQgd2l0aCBh
    biBpbm5vY3VvdXMgaW1hZ2UgZmlsZSBhbmQgYWRqdXN0IHRoZSBjb2xvciBvZiBldmVyeSAxMDB0aCBwaXhlbCD=
    dG8gY29ycmVzcG9uZCB0byBhIGxldHRlciBpbiB0aGUgYWxwaGFiZXQsIGF=
    IGNoYW5nZSBzbyBzdWJ0bGUgdGhhdCBzb21lb25lIG5vdCBzcGVjaWZpY2FsbHkgbG9va2luZyBm
    b3IgaXQgaXMgdW5saWtlbHkgdG8gbm90aWNlIGl0Lg0KDQpUaGU=
    IGZpcnN0IHJlY29yZGVkIHVzZXMgb2Ygc3RlZ2Fub2dyYXBoeSBjYW4gYmUgdHJ=
    YWNlZCBiYWNrIHRvIDQ0MCBCQyB3aGVuIEhlcm9kb3R1cyBtZW50aW9ucyB0d28gZXhhbXBsZXMgb+==
    ZiBzdGVnYW5vZ3JhcGh5IGluIFRoZSBIaXN0b3JpZXMgb2Yg
    SGVyb2RvdHVzLiBEZW1hcmF0dXMgc2VudCBhIHdhcm5pbmcgYWJvdXQgYSB=
    Zm9ydGhjb21pbmcgYXR0YWNrIHRvIEdyZWVjZSBieSB3
    cml0aW5nIGl0IGRpcmVjdGx5IG9uIHRoZSB3b29kZW4gYmFja2luZyBvZiBhIHdheCB0YWJsZXQgYmVm
    b3JlIGFwcGx5aW5nIGl0cyBiZWVzd2F4IHN1cmZhY2UuIFdheCB0YWJsZXRzIHdlcmUgaW4gY29tbW9uIHVzZV==
    IHRoZW4gYXMgcmV1c2FibGUgd3JpdGluZyBzdXJmYWNlcywgc29tZXRpbWX=
    cyB1c2VkIGZvciBzaG9ydGhhbmQuIEFub3RoZXIgYW5jaWVudCBleGFtcGxlIGlzIHRoYXQgb9==
    ZiBIaXN0aWFldXMsIHdobyBzaGF2ZWQgdGhlIGhlYWQgb2YgaGlzIG1vc3QgdHJ1c3RlZCBz
    bGF2ZSBhbmQgdGF0dG9vZWQgYSBtZXNzYWdlIG9uIGl0LiBBZnRlciBoaXMgaGFpciBoYWQgZ5==
    cm93biB0aGUgbWVzc2FnZSB3YXMgaGlkZGVuLiBUaGUgcHVycG9zZSB3YXMgdG+=
    IGluc3RpZ2F0ZSBhIHJldm9sdCBhZ2FpbnN0IHRoZSBQZXJzaWFucy4NCg0KU3RlZ2Fub2dyYXBoeSBoYXMgYm==
    ZWVuIHdpZGVseSB1c2VkLCBpbmNsdWRpbmcgaW4gcmVjZW50IGhpc3RvcmljYWwgdGltZXMgYW5kIHT=
    aGUgcHJlc2VudCBkYXkuIFBvc3NpYmxlIHBlcm11dGF0aW9ucyBhcmUgZW5kbGVzcyBhbmT=
    IGtub3duIGV4YW1wbGVzIGluY2x1ZGU6DQoqIEhpZGRlbiBtZXNzYWdlcyB3aXRoaW4gd2F4IHRh
    YmxldHM6IGluIGFuY2llbnQgR3JlZWNlLCBwZW9wbGUgd3JvdGUgbWV=
    c3NhZ2VzIG9uIHRoZSB3b29kLCB0aGVuIGNvdmVyZWQgaXQgd2l0aCB3YXggdXBvbiB3aGljaCBhbiBpbm5vY2Vu
    dCBjb3ZlcmluZyBtZXNzYWdlIHdhcyB3cml0dGVu
    Lg0KKiBIaWRkZW4gbWVzc2FnZXMgb24gbWVzc2VuZ2VyJ3MgYm9keTogYWxzbyB1c2VkIGluIGFuY2llbt==
    dCBHcmVlY2UuIEhlcm9kb3R1cyB0ZWxscyB0aGUgc3Rvcnkgb1==
    ZiBhIG1lc3NhZ2UgdGF0dG9vZWQgb24gYSBzbGF2ZSdzIHNoYXZlZCBoZWFkLCBoaWRkZW4gYnkgdGhl
    IGdyb3d0aCBvZiBoaXMgaGFpciwgYW5kIGV4cG9zZWQgYnkgc2hhdmluZyBoaXMgaGVhZM==
    IGFnYWluLiBUaGUgbWVzc2FnZSBhbGxlZ2VkbHkgY2FycmllZCBhIHdhcm5pbmcgdG8gR3JlZWNlIGFib5==
    dXQgUGVyc2lhbiBpbnZhc2lvbiBwbGFucy4gVGh=
    aXMgbWV0aG9kIGhhcyBvYnZpb3VzIGRyYXdiYWNrcyz=
    IHN1Y2ggYXMgZGVsYXllZCB0cmFuc21pc3Npb24gd2hpbGUgd2FpdGluZyBmb3IgdGhlIHP=
    bGF2ZSdzIGhhaXIgdG8gZ3JvdywgYW5kIHRoZSByZXN0cmljdGlvbnMgb3==
    biB0aGUgbnVtYmVyIGFuZCBzaXplIG9mIG1lc3M=
    YWdlcyB0aGF0IGNhbiBiZSBlbmNvZGVkIG9uIG9uZSBwZXJzb24=
    J3Mgc2NhbHAuDQoqIEluIFdXSUksIHRoZSBGcmVuY2ggUmVzaXN0YW5jZSBzZW50IHNvbWUgbWVzc2FnZXMgd2==
    cml0dGVuIG9uIHRoZSBiYWNrcyBvZiBjb3VyaWVycyD=
    dXNpbmcgaW52aXNpYmxlIGluay4NCiogSGlkZGVuIG1lc3NhZ2VzIG9uIHBhcGVyIHdy
    aXR0ZW4gaW4gc2VjcmV0IGlua3MsIHVuZGVyIG90aGVyIG1lc3NhZ2Vz
    IG9yIG9uIHRoZSBibGFuayBwYXJ0cyBvZiBvdGhlct==
    IG1lc3NhZ2VzLg0KKiBNZXNzYWdlcyB3cml0dGVuIGluIE1vcnNlIGNvZGUgb24ga25pdHRpbmcgeWFybiBhbmQg
    dGhlbiBrbml0dGVkIGludG8gYSBwaWVjZSBvZiBjbG90aGluZyB3b3K=
    biBieSBhIGNvdXJpZXIuDQoqIE1lc3NhZ2VzIHdyaXR0ZW4gb24gdGhlIGJhY2sgb5==
    ZiBwb3N0YWdlIHN0YW1wcy4NCiogRHVyaW5nIGFuZCBhZnRlcm==
    IFdvcmxkIFdhciBJSSwgZXNwaW9uYWdlIGFnZW50cyB1c2VkIHBob3RvZ3JhcGhpY2FsbHkgcO==
    cm9kdWNlZCBtaWNyb2RvdHMgdG8gc2VuZCBpbmZvcm1hdGlvbiBiYWNrIGFuZH==
    IGZvcnRoLiBNaWNyb2RvdHMgd2VyZSB0eXBpY2FsbHkg
    bWludXRlLCBhcHByb3hpbWF0ZWx5IGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgcGVyaW9kIHByb2R=
    dWNlZCBieSBhIHR5cGV3cml0ZXIuIFdXSUkgbWljcm9kb3RzIG5lZWRlZCB0byBiZSBlbWJlZGRlZB==
    IGluIHRoZSBwYXBlciBhbmQgY292ZXJlZCB3aXRoIGFuIGFkaGVzaXZlIChzdWNoIGFzIGNvbGxvZGlvbikuIFR=
    aGlzIHdhcyByZWZsZWN0aXZlIGFuZCB0aHVzIGRldGVjdGFibGUg
    Ynkgdmlld2luZyBhZ2FpbnN0IGdsYW5jaW5nIGxpZ2h0LiBBbHRlcm5hdGl2ZSB0ZWNobmlxdWVzIGluY2x1ZGVk
    IGluc2VydGluZyBtaWNyb2RvdHMgaW50byBzbGl0cyBjdXQgaW50byB0aGUgZWRnZSBvZv==
    IHBvc3QgY2FyZHMuDQoqIER1cmluZyBXb3JsZCBXYXIgSUksIGEgc3B5IGZvciB=
    SmFwYW4gaW4gTmV3IFlvcmsgQ2l0eSwgVmVsdmFsZWW=
    IERpY2tpbnNvbiwgc2VudCBpbmZvcm1hdGlvbiB0byBhY2NvbW1vZGF0aW9=
    biBhZGRyZXNzZXMgaW4gbmV1dHJhbCBTb3V0aCBBbWVyaWO=
    YS4gU2hlIHdhcyBhIGRlYWxlciBpbiBkb2xscywgYW5kIG==
    aGVyIGxldHRlcnMgZGlzY3Vzc2VkIGhvdyBtYW55IG9mIHRoaXMgb3IgdGhhdCBkb2xs
    IHRvIHNoaXAuIFRoZSBzdGVnb3RleHQgd2FzIHRoZSBkb2xsIG9yZGVycywgd2hpbGUgdGhl
    IGNvbmNlYWxlZCAicGxhaW50ZXh0IiB3YXMgaXRzZWxmIGVuY2+=
    ZGVkIGFuZCBnYXZlIGluZm9ybWF0aW9uIGFib3V0IHNoaXAgbW92ZW1lbnRzLF==
    IGV0Yy4gSGVyIGNhc2UgYmVjYW1lIHNvbWV3aGF0IGZh
    bW91cyBhbmQgc2hlIGJlY2FtZSBrbm93biBhcyB0aGX=
    IERvbGwgV29tYW4uDQoqIENvbGQgV2FyIGNvdW50
    ZXItcHJvcGFnYW5kYS4gSW4gMTk2OCwgY3JldyBtZW1iZW==
    cnMgb2YgdGhlIFVTUyBQdWVibG8gKEFHRVItMikgaW50ZWxsaWdlbmNlIHNoaXAgaGVsZCBhcyBwcm==
    aXNvbmVycyBieSBOb3J0aCBLb3JlYSwgY29tbXVuaWNhdGVkIGluIHNpZ25=
    IGxhbmd1YWdlIGR1cmluZyBzdGFnZWQgcGhvdG8gb3Bwb3J0
    dW5pdGllcywgaW5mb3JtaW5nIHRoZSBVbml0ZWQgU3RhdGVzIHRoZXkg
    d2VyZSBub3QgZGVmZWN0b3JzIGJ1dCByYXRoZXIgd2VyZSBiZWluZyBoZWxkIGNh
    cHRpdmUgYnkgdGhlIE5vcnRoIEtvcmVhbnMuIEluIG90aGVyIHBob3Rv
    cyBwcmVzZW50ZWQgdG8gdGhlIFVTLCBjcmV3IG1lbWJlcnMgZ2F2ZSAidGhlIGZpbmdlciIgdG8g
    dGhlIHVuc3VzcGVjdGluZyBOb3J0aCBLb3JlYW5zLCBpbiBhbiBhdHRlbXB0IHRvIE==
    ZGlzY3JlZGl0IHBob3RvcyB0aGF0IHNob3dlZCB0aGVtIHNtaQ==
    bGluZyBhbmQgY29tZm9ydGFibGUuDQoNCi0tDQpodHRwOi8vZW4ud2lraXBlZGlhLm9yZw==
    L3dpa2kvU3RlZ2Fub2dyYXBoeQ0K

    解密之后发现是一篇关于介绍隐写术的文章:

    Steganography is the art and science of writing hidden messages in
    such a way that no one, apart from the sender and intended recipient,
    suspeage,
    a form of security through obscurity. The word
    steganography is of Greek origin and means “concealed writing” from
    the Greek words steganos meaning
    “covered or protected”, and
    graphein meaning “to write”. The first recorded use of the term was in
    1499 by Johannes Trithemius in his Steganographia,
    a treatise on
    cryptography and steganography disguised as a book on magic.
    Generally, messages will appear to be something else: images,
    articles,
    shopping lists, or some other covertext and,
    classically, the hidden message may be in invisible ink between the
    visible lines of a private letter. The advantage of steganography,
    over cryptography alone, is that messages do not attract attention to
    themselves. Plainly visible encrypted messages
    no matter how
    unbreakable will arouse suspicion, and may in themselves be
    incriminating in countries where encryption is illegal. Therefore,
    whereas
    cryptography protects the contents of a message,
    steganography can be said to protect both messages and communicating
    parties. Steganography includes the concealment of information within
    computer files. In digital steganography, electronic communications
    may include steganographic
    coding inside of a transport layer,
    such as a document file, image filn because of their large size. As a
    simple example, a sender might start with
    an innocuous image file
    and adjust the color of every 100th pixel to correspond to a letter in
    the alphabet, a change so subtle that someone not
    specifically
    looking for it is unlikely to notice it. The first recorded uses of
    steganography can be traced back to 440 BC when Herodotus mentions two
    examples of steganography in The Histories
    of Herodotus. Demaratus
    sent a warning about a forthcoming attack to Greece by writing it
    directly on the wooden backing of a wax tablet before
    applying its
    beeswax surface. Wax tablets were in common use then as reusable
    writing surfaces, sometimes used for shorthand. Another ancient

    example is that of Histiaeus, who shaved the head of his most
    trusted slave and tattooed a message on it. After his hair had grown
    the message
    was hidden. The purpose was to instigate a revolt
    against the Persians. Steganography has been widely used, including in
    recent historical times and the present day. Possible permutations are
    endless and known examples include:

    • Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an
      innocent
      covering message was written
    • Hidden messages on messenger’s body: also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave’s shaved
      head,
      hidden by the growth of his hair, and exposed by shaving his
      head again. The message allegedly carried a warning to Greece abois
      method has
      obvious drawbacks, such as delayed transmission while
      waiting for the sn the number and size of messages that can be encoded
      on one person’s scalp.
    • In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink.
    • Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages.
    • Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier.
    • Messages written on the back of postage stamps.
    • During and after World War II, espionage agents used photographically produced microdots to send information back and
      forth. Microdots
      were typically minute, approximately less than
      the size of the period produced by a typewriter. WWII microdots needed
      to be embedded in
      the paper and covered with an adhesive (such as
      collodion). This was reflective and thus detectable by viewing against
      glancing light.
      Alternative techniques included inserting
      microdots into slits cut into the edge of post cards.
    • During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral
      South America.
      She was a dealer in dolls, and her letters
      discussed how many of this or that doll to ship. The stegotext was the
      doll orders, while the
      concealed “plaintext” was itself encoded
      and gave information about ship movements, etc. Her case became
      somewhat famous and she became
      known as the Doll Woman.
    • Cold War counter-propaganda. In 1968, crew members of the USS Pueblo (AGER-2) intelligence ship held as prisoners by North Korea,

      communicated in sign language during staged photo opportunities,
      informing the United States they were not defectors but rather
      were
      being held captive by the North Koreans. In other photos
      presented to the US, crew members gave “the finger” to the
      unsuspecting
      North Koreans, in an attempt to discredit photos that
      showed them smiling and comfortable.

    http://en.wikipedia.org/wiki/Steganography
    在线翻译了一下:

    隐写术是一门艺术和科学,它以一种除了发送者和预期接收者之外,任何人都无法通过隐藏的方式来书写隐藏的信息。“隐写术”一词源于希腊语,意为“隐藏的写作”,
    源于希腊语单词steganos,意为“覆盖或保护”,而graphein意为“写作”。1499年,约翰内斯·特里特米乌斯(Johannes
    Trithemius)在他的《隐写术》(Steganographia)一书中首次使用了这个词。
    一般情况下,信息会以其他形式出现:图像、文章、购物清单或其他一些隐藏文本,通常,隐藏的信息可能是私人信件可见行之间的隐形墨水。
    与密码学相比,隐写术的优势在于,消息本身不会引起注意。显而易见的加密信息,无论多么牢不可破,都会引起怀疑,而且在加密非法的国家,这些信息本身就可能构成犯罪。
    因此,虽然密码学保护消息的内容,但是隐写术可以同时保护消息和通信方。
    隐写术包括在计算机文件中隐藏信息。在数字隐写术中,由于传输层(如文档文件、图像文件)的大尺寸,电子通信可能包括传输层内部的隐写编码。举个简单的例子,
    发送者可能从一个无害的图像文件开始,每100个像素调整一次颜色,使之与字母表中的一个字母相对应,这种变化如此细微,以至于没有专门查找它的人不太可能注意到它。
    有记录的第一次使用隐写术可以追溯到公元前440年,希罗多德在他的历史中提到了两个隐写术的例子。德玛拉图斯在涂上蜂蜡表面之前,直接把它写在一块蜡板的木制底座上,
    警告希腊即将受到攻击。蜡片当时普遍用作可重复使用的书写表面,有时也用于速记。另一个古老的例子是希斯提厄斯,他剃光了他最信任的奴隶的头,并在上面纹了一条信息。
    他的头发长了以后,这条信息就被藏了起来。目的是煽动对波斯人的起义。
    隐写术已被广泛应用,包括在最近的历史时期和今天。可能的排列是无穷无尽的,已知的例子包括:
    *蜡版内的隐藏信息:在古希腊,人们把信息写在木头上,然后用蜡把木头盖上,在上面写上一个无辜的信息
    *信使身体上的隐藏信息:也用于古希腊。希罗多德讲了一个故事,一个奴隶剃光了头,上面纹着一条信息,隐藏在他的头发后面,再剃一次头就露出来了。
    据称,这条信息带有向希腊发出警告的信息,abois方法有明显的缺陷,比如在等待sn时传输延迟。sn是可以在一个人的头皮上编码的信息的数量和大小。
    *二战期间,法国抵抗运动用隐形墨水在信使的背上写了一些信息。
    *用秘密墨水写在纸上的隐藏信息,在其他信息下面或其他信息的空白部分。
    *用莫尔斯电码写在针织纱线上的信息,然后编织成快递员穿的衣服。 写在邮票背面的信息。
    *在第二次世界大战期间和之后,间谍人员使用照相制作的微粒来来回传送信息。微粒通常是微小的,大约比打字机产生的周期的大小还要小。第二次世界大战的微粒需要嵌入在纸上,
    并覆盖上粘合剂(如胶棉)。这是反射的,因此可以通过对光的观察来检测。其他的技术包括将微粒插入明信片边缘的缝隙中。
    *第二次世界大战期间,驻纽约的日本间谍维瓦利·迪金森(Velvalee Dickinson)将信息发送到中立的南美的住宿地址。她是一个玩偶经销商,她在信中讨论了要运送多少个这样或那样的玩偶。
    隐写文本是娃娃的命令,而隐藏的“明文”本身是编码的,并提供有关船只移动等信息。她的情况变得有点出名,她成为众所周知的娃娃女人。
    *冷战反宣传。1968年,被朝鲜扣押的美国普韦布洛号(USS Pueblo, AGER-2)号情报舰的船员在拍照时用手语交流,告知美国他们不是叛逃者,而是被朝鲜扣押的。在提交给美国的其他照片中,
    机组人员向毫无戒心的朝鲜人竖起了“手指”,试图抹掉他们微笑和舒适的照片。


    http://en.wikipedia.org/wiki/Steganography
    之后就没有思路了,然后看了wp,发现需要写一个base64解密的脚本,我晕,解密工具果然还是有不足之处的。

    下面就是关于base64隐写的介绍了:

    大家可以从上面的图片看到一个字母A对应的ascll值有八位,而base64的一个字母只占6位(原因如下:大家可以看到base64的所有加密后的内容也就这63个字符,也就是说用二进制的话6位就足够了!!)

    所以一一对应过去我们发现每一个字母都多出来了两个空位,又因为3*8=4*6,所以一班base64都是用四个一组表示三个字母,如果字母不足三个,比如上上图的BC我们用base64表示就是QkM=,就是因为空出来的地方用‘=’表示了。在知道了这些之后呢我们就进入了正题。

     

    在这里如果我们想隐藏一些内容需要怎么办呢?大家应该知道,base64在解码的时候是根据等号的个数进行的。也就是说我有一个等号,我就会去掉八个0-------------例如:上图的A对应的二进制位为01000001,补全之后为01000001    0000,对应的base64的编码为QQ(010000     010000),所以之后有两个‘=’。在解码的时候我就要在去掉=对应的6个零的同时在去掉4个0,也就是解码的时候会解析01000001而不是010000010000。这时候我们会发现了,我们去掉的这四个0是不是可以用来隐藏信息???反正解码的时候会被裁剪掉,那我干脆就在后面做一些手脚,用base64来混淆视听。

     

    hhhh讲到这里大家是不是有所领悟呢?也就是说我前面放的txt内容其实都是被混淆过的!!所以想得到真正的base64就应该把题目中的密文解密然后在加密。对比后就得到了隐藏内容。

     

    下面放上py脚本

    def get_base64_diff_value(s1, s2):
    base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    res = 0
    for i in xrange(len(s1)):
        if s1[i] != s2[i]:
            return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
    return res

def solve_stego():

    with open("D:/CTF Practice/stego.txt", "rb") as f:
        file_lines = f.readlines()

    bin_str = ''
    for line in file_lines:
        steg_line = line.replace('\n', '')
        norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')
        diff = get_base64_diff_value(steg_line, norm_line)

        pads_num = steg_line.count('=')
        if diff:
            bin_str += bin(diff)[2:].zfill(pads_num * 2)

        else:
            bin_str += '0' * pads_num * 2

    res_str = ''

    for i in xrange(0, len(bin_str), 8):

        res_str += chr(int(bin_str[i:i+8], 2))
    print res_str

solve_stego()

    这个脚本也是git上的,不是我原创的哈(声明下)。

    我在这里解释下这个脚本。

    steg_line = line.replace('\n', '')

    norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')

    这个是我们应该第一个注意的地方,第二个norm_line为何先decode又encode??这就是我刚才提到的解密后去掉多余0,然后加密后真正的base64就还原了。之后才可以对比

     

     def get_base64_diff_value(s1, s2):

    这个函数就是用来比较差异然后得出来差异的位数的。比如加密之后的最后一位是g,原密码为m,这个函数就得出来m与g相差6,也就是110.之后在主函数里在110前面补上一个0,补的原理是把=个数乘2,得到位数。例如:2*2=4,那么110前面就要补一个0编程0110

     

    嗯。。。。这里就讲完了这次比赛的一道题。我是有所收获的,希望带给大家一些灵感。谢谢~~

     

     

                           Made By  Pinging!!!~~

    BXS Come On~~~!!!!

     

    因为菜,所以仍在努力。
    转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达,可以邮件至 xingshuaikun@163.com。

    ©2016-2020 Yelog

    Built with Hexo and 3-hexo theme

    ×

    喜欢就点赞,疼爱就打赏