base64解码得到hint:\'slienteye\' is watching you~
根据hint提示在slienteye中拿base64隐写得到的key解密,得到Flag:
mssctf{Av1cii_F0rev3r!!}
到底说了什么
内存取证题目,先用cmdscan查看命令行记录,发现一段对话,提到忘记了电脑密码
直接用volatility的mimikatz插件就可以得到密码:w3lc0mE_7o-MSSCTF
用filescan扫描一下发现有个key.txt和flag.txt:
flag.txt是假的,然后打开看key.txt里面的内容如下,得到Key1(暂时不知道有什么用):
搜Users目录下的文件,发现f_l_a_g文件:
下载下来发现是504B开头,用16进制解压出来得到压缩包,压缩包的密码就是前面用mimikatz跑出来的密码。
解压得到1.eml文件,里面是各种emoji,emoji-aes加密,在https://aghorler.github.io/emoji-aes/解密即可:
先用之前得到的key1(key.txt里面的)解密消息,得到hello!
然后拿hello!继续解密倒数第二条消息得到hi!
依次套娃解密下来,最终得到Flag:okhereyouare_mssctf{Y0u_@rE_5o_C1eveR!!!}
Cryptoeasy_stream
55555555,人生中第一次做出来密码学的题,i了i了,感动完了
跟着加密流程一步一步逆,exp如下:
flag = "" enc1 = [129, 118, 155, 13, 25, 216, 245, 11, 116, 213, 71, 73, 44, 121, 94, 200, 196, 213, 150, 108, 9, 121, 102, 215, 69, 191, 6, 27, 136, 219, 39, 152, 7, 8, 216, 149, 43, 8, 213, 166, 230, 51, 73, 133, 52, 245, 47, 139, 134, 211, 51, 82, 39, 157, 137, 137, 113, 154, 19, 49, 93, 108, 69, 102, 144, 98, 66, 140, 136, 1, 108, 55, 147, 88, 124, 124, 244, 62, 93, 53, 132, 68, 101] enc2 = [187, 96, 132, 13, 2, 211, 253, 88, 115, 217, 19, 119, 40, 110, 68, 202, 222, 147, 174, 113, 19, 108, 119, 195, 91, 165, 1, 1, 210, 245, 43, 157, 17, 75, 205, 211, 33, 20, 201, 161, 178, 33, 77, 155, 34, 183, 15, 133, 142, 128, 38, 93, 50, 156, 196, 147, 113, 217, 10, 36, 67, 124, 66, 99, 159, 83, 74, 206, 152, 82, 117, 52, 161, 127, 63, 64, 205, 11, 99, 37, 131, 65, 108] msg = \'mssctf\' msg *= len(enc1) // len(msg) + 1 #print(msg) for i in range(len(enc1)): enc1[i] ^= ord(msg[i]) for i in range(len(enc2)): enc2[i] ^= enc1[i] for i in range(len(enc2)): flag += chr(enc2[i]) print(flag)点击即送屠龙宝刀:
Welcome to Xidian University.Have a good time!The flag is mssctf{We1c0me_T0_MSSctf}