chaye的博客

MISC

MISC1

HeiMDall5的附件.zip

程序员小明制作了一个加密程序 并把自己想隐藏的东西写进了程序里 只需要输入正确的密码就可以提取隐藏的东西 聪明的小明就用来隐藏自己的东西，

有一天在小明的电脑里发现了一个神秘的压缩包 但貌似与小明隐藏的东西有关

但是小明犯糊涂忘记了自己的密码，他还记得一点点密码的信息。你能就此帮他找回密码吗？

密码：_???k?ng_Ctfer

MD5前6位：1adc88（后面的爷咋可能记住）

另外小明还说了密码只有大小写的字母 没有数字

你能帮助小明破解密码 并获取压缩包的秘密吗？

import hashlib
import itertools
import string


def generate_passwords():
    # 密码模板：_???k?ng_Ctfer
    # 问号位置需要填充大小写字母
    template = "_???k?ng_Ctfer"
    question_indices = [1, 2, 3, 5]  # 问号的位置索引

    # 生成所有可能的大小写字母组合
    for letters in itertools.product(string.ascii_letters, repeat=4):
        password = list(template)
        # 填充问号位置
        for i, char in zip(question_indices, letters):
            password[i] = char
        yield ''.join(password)


def check_password(password):
    # 计算MD5哈希
    md5_hash = hashlib.md5(password.encode()).hexdigest()
    # 检查前6位是否为1adc88
    return md5_hash.startswith("1adc88")


def main():
    print("开始爆破密码...")
    for password in generate_passwords():
        if check_password(password):
            print(f"找到匹配的密码: {password}")
            return

    print("没有找到匹配的密码")


if __name__ == "__main__":
    main()

_HaCking_Ctfer

输入给exe自行解密，

只得到rookie.jpg 压缩后明文攻击

Unkn0wn

MISC2

catfeatherrain的附件.zip

*ERROR: CRC Mismatch @ chunk[1]; in data: 504b0304; expected: 182333b3
*ERROR: CRC Mismatch @ chunk[2]; in data: 14000100; expected: 54323b8e
*ERROR: CRC Mismatch @ chunk[3]; in data: 00006c6a; expected: 9a48185c
*ERROR: CRC Mismatch @ chunk[4]; in data: 76541cc6; expected: e2108601
*ERROR: CRC Mismatch @ chunk[5]; in data: 17760f00; expected: 5ebf4f0c
*ERROR: CRC Mismatch @ chunk[6]; in data: 00000300; expected: e585836d
*ERROR: CRC Mismatch @ chunk[7]; in data: 00000500; expected: fe602c12
*ERROR: CRC Mismatch @ chunk[8]; in data: 0000322e; expected: 4d23b4f8
*ERROR: CRC Mismatch @ chunk[9]; in data: 7478740a; expected: 9e5f8aa3
*ERROR: CRC Mismatch @ chunk[10]; in data: 41d206ee; expected: ea3f2a43
*ERROR: CRC Mismatch @ chunk[11]; in data: 2fa7f7c7; expected: 7cbc770d
*ERROR: CRC Mismatch @ chunk[12]; in data: 40246d00; expected: 3c9489fc
*ERROR: CRC Mismatch @ chunk[13]; in data: 8fbf504b; expected: 6f3affda
*ERROR: CRC Mismatch @ chunk[14]; in data: 03041400; expected: 0e0f5830
*ERROR: CRC Mismatch @ chunk[15]; in data: 01000000; expected: d6bcde35
*ERROR: CRC Mismatch @ chunk[16]; in data: 6e6a7654; expected: e175c6c3
*ERROR: CRC Mismatch @ chunk[17]; in data: 9af52d57; expected: b75575b3
*ERROR: CRC Mismatch @ chunk[18]; in data: 0f000000; expected: 07d6c4e5
*ERROR: CRC Mismatch @ chunk[19]; in data: 03000000; expected: 0a7f97a2
*ERROR: CRC Mismatch @ chunk[20]; in data: 05000000; expected: 2cef414b
*ERROR: CRC Mismatch @ chunk[21]; in data: 332e7478; expected: 46aa8c29
*ERROR: CRC Mismatch @ chunk[22]; in data: 74b7f9d5; expected: 36a2bb7a
*ERROR: CRC Mismatch @ chunk[23]; in data: d53f2bc8; expected: a999f563
*ERROR: CRC Mismatch @ chunk[24]; in data: 2da5b6e4; expected: b9d49991
*ERROR: CRC Mismatch @ chunk[25]; in data: f37b61c1; expected: 5e89138f
*ERROR: CRC Mismatch @ chunk[26]; in data: 504b0304; expected: 4ec6885a
*ERROR: CRC Mismatch @ chunk[27]; in data: 14000100; expected: 711d9282
*ERROR: CRC Mismatch @ chunk[28]; in data: 00002d63; expected: 3d006cf5
*ERROR: CRC Mismatch @ chunk[29]; in data: 76543e4b; expected: 4d8c1683
*ERROR: CRC Mismatch @ chunk[30]; in data: 656b3400; expected: 0a71b96b
*ERROR: CRC Mismatch @ chunk[31]; in data: 00002800; expected: e75a8b15
*ERROR: CRC Mismatch @ chunk[32]; in data: 00000800; expected: 9fd04697
*ERROR: CRC Mismatch @ chunk[33]; in data: 0000666c; expected: 10022ee2
*ERROR: CRC Mismatch @ chunk[34]; in data: 61672e74; expected: 8527a2dc
*ERROR: CRC Mismatch @ chunk[35]; in data: 7874d632; expected: cb7ec921
*ERROR: CRC Mismatch @ chunk[36]; in data: c8514cd0; expected: ce735342
*ERROR: CRC Mismatch @ chunk[37]; in data: 3fe7ae86; expected: 45e81567
*ERROR: CRC Mismatch @ chunk[38]; in data: 9f38e086; expected: ee362a10
*ERROR: CRC Mismatch @ chunk[39]; in data: 4aaa47b4; expected: 40d20ce5
*ERROR: CRC Mismatch @ chunk[40]; in data: a81dcd54; expected: b0766fb1
*ERROR: CRC Mismatch @ chunk[41]; in data: 5d74d925; expected: eef1e93c
*ERROR: CRC Mismatch @ chunk[42]; in data: f9b7a9bb; expected: ac965653
*ERROR: CRC Mismatch @ chunk[43]; in data: 39e3e188; expected: c618afbf
*ERROR: CRC Mismatch @ chunk[44]; in data: cbfeb011; expected: 8fe18995
*ERROR: CRC Mismatch @ chunk[45]; in data: 75f4482e; expected: c0a47c47
*ERROR: CRC Mismatch @ chunk[46]; in data: cea99cd1; expected: b093a149
*ERROR: CRC Mismatch @ chunk[47]; in data: 131784ea; expected: 4f4b95e3
*ERROR: CRC Mismatch @ chunk[48]; in data: c06a504b; expected: dc96075d
*ERROR: CRC Mismatch @ chunk[49]; in data: 03041400; expected: 8092ca00
*ERROR: CRC Mismatch @ chunk[50]; in data: 01000000; expected: 438e39a1
*ERROR: CRC Mismatch @ chunk[51]; in data: 696a7654; expected: 7b9d8049
*ERROR: CRC Mismatch @ chunk[52]; in data: 88330f3d; expected: 4b62f442
*ERROR: CRC Mismatch @ chunk[53]; in data: 0f000000; expected: b333a865
*ERROR: CRC Mismatch @ chunk[54]; in data: 03000000; expected: 961a542b
*ERROR: CRC Mismatch @ chunk[55]; in data: 05000000; expected: 7c422845
*ERROR: CRC Mismatch @ chunk[56]; in data: 312e7478; expected: d8416283
*ERROR: CRC Mismatch @ chunk[57]; in data: 746d6727; expected: 0de04578
*ERROR: CRC Mismatch @ chunk[58]; in data: aa4946a7; expected: 52f3774b
*ERROR: CRC Mismatch @ chunk[59]; in data: fcdda920; expected: 82e8ff62
*ERROR: CRC Mismatch @ chunk[60]; in data: cb725a99; expected: 87e44c40
*ERROR: CRC Mismatch @ chunk[61]; in data: 504b0102; expected: f27b2b0c
*ERROR: CRC Mismatch @ chunk[62]; in data: 3f001400; expected: a63ec761
*ERROR: CRC Mismatch @ chunk[63]; in data: 01000000; expected: 10340dfb
*ERROR: CRC Mismatch @ chunk[64]; in data: 6c6a7654; expected: 80af1be3
*ERROR: CRC Mismatch @ chunk[65]; in data: 1cc61776; expected: aa413dae
*ERROR: CRC Mismatch @ chunk[66]; in data: 0f000000; expected: 0f2502dc
*ERROR: CRC Mismatch @ chunk[67]; in data: 03000000; expected: 8ae553f9
*ERROR: CRC Mismatch @ chunk[68]; in data: 05002400; expected: 97f54c8c
*ERROR: CRC Mismatch @ chunk[69]; in data: 00000000; expected: 6687cf5b
*ERROR: CRC Mismatch @ chunk[70]; in data: 00002000; expected: b58a4216
*ERROR: CRC Mismatch @ chunk[71]; in data: 00000000; expected: 1afa9b4f
*ERROR: CRC Mismatch @ chunk[72]; in data: 0000322e; expected: 475ebeb3
*ERROR: CRC Mismatch @ chunk[73]; in data: 7478740a; expected: 8485b4ef
*ERROR: CRC Mismatch @ chunk[74]; in data: 00200000; expected: 70b56e3f
*ERROR: CRC Mismatch @ chunk[75]; in data: 00000001; expected: 3e22c5dd
*ERROR: CRC Mismatch @ chunk[76]; in data: 00180075; expected: 005e58c2
*ERROR: CRC Mismatch @ chunk[77]; in data: 537e63ac; expected: 37d59674
*ERROR: CRC Mismatch @ chunk[78]; in data: 3dd80175; expected: f8654d4a
*ERROR: CRC Mismatch @ chunk[79]; in data: 537e63ac; expected: be91f6c3
*ERROR: CRC Mismatch @ chunk[80]; in data: 3dd80175; expected: 23a77712
*ERROR: CRC Mismatch @ chunk[81]; in data: d27b4bac; expected: 2f231b39
*ERROR: CRC Mismatch @ chunk[82]; in data: 3dd80150; expected: 872d6745
*ERROR: CRC Mismatch @ chunk[83]; in data: 4b01023f; expected: fb6afe46

提取一下

import re

def extract_and_concatenate_data(file_path):
    result = ""
    with open(file_path, 'r') as file:
        for line in file:
        # 使用正则表达式匹配 "in data: xxxx" 部分
            match = re.search(r'in data: ([0-9a-fA-F]+)', line)
            if match:
                hex_data = match.group(1)
                result += hex_data
    return result

# 使用示例
file_path = 'data.txt' # 替换为你的文件路径
extracted_data = extract_and_concatenate_data(file_path)
print("提取并拼接的结果:", extracted_data)

3字节使用crc爆破

import string
import binascii

dic = string.printable
def CrackCrc(crc):
    for i in dic:
        for j in dic:
            for p in dic:
                s = i + j + p
                if crc == binascii.crc32(s.encode()):
                    print("Found:", s)
                    return s


crc_to_crack = int("3d0f3388", 16)
a=CrackCrc(crc_to_crack)
crc_to_crack = int("7617c61c", 16)
b=CrackCrc(crc_to_crack)
crc_to_crack = int("572df59a", 16)
c=CrackCrc(crc_to_crack)
print(a+b+c)

MISC3

crc爆破

from binascii import crc32
import string
import zipfile

dic = string.printable


def CrackCrc(crc):
    for i in dic:
        # print (i)
        for j in dic:
            for p in dic:
                for q in dic:
                    s = i + j + p + q
                    # print (crc32(bytes(s,'ascii')) & 0xffffffff)
                    if crc == (crc32(bytes(s, "ascii")) & 0xFFFFFFFF):
                        print(s)
                        return


def getcrc32(fname):
    l = []
    file = fname
    f = zipfile.ZipFile(file, "r")
    global fileList
    fileList = f.namelist()
    print(fileList)
    # print (type(fileList))
    for filename in fileList:
        Fileinfo = f.getinfo(filename)
        # print(Fileinfo)
        crc = Fileinfo.CRC
        # print ('crc',crc)
        l.append(crc)
    return l


def main(filename=None):
    l = getcrc32(filename)
    # print(l)
    for i in range(len(l)):
        print(fileList[i], end="的内容是:")
        CrackCrc(l[i])


if __name__ == "__main__":
    main("a.zip")

This_1s_PwD!

拿到压缩包修改文件头后解密

分析流量 追踪http流

welcome.png

查找password关键词：caibudaodemima

成功解压拿到flag

更新: 2025-08-26 19:37:44
原文: https://www.yuque.com/chaye-apqbl/vsc85q/mxfburlydf4u5ygl