hahaha----2019.02安恒

我們得到壓縮包發(fā)現(xiàn)要密碼,看了既不是偽加密也沒(méi)有提示信息,我們打開(kāi)壓縮包發(fā)現(xiàn)五個(gè)文件并且crc都比較短,那么這應(yīng)該是一道crc32爆破題。

image.png

那么我們使用腳本爆破。腳本下載地址:https://github.com/theonlypwner/crc32
使用方法:
python crc.py reverse 0x+你的CRC密文
得到如下:

PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0x19BA5849
4 bytes: {0xad, 0x91, 0x46, 0x6f}
verification checksum: 0x19ba5849 (OK)
alternative: 37mCIb (OK)
alternative: 3GQ2L2 (OK)
alternative: 7CL3MQ (OK)
alternative: BFpJos (OK)
alternative: E_wtEX (OK)
alternative: KPhDyV (OK)
alternative: N8GYgh (OK)
alternative: OTuEx5 (OK)
alternative: QK_w1l (OK)
alternative: SwZihq (OK)
alternative: bICsTv (OK)
alternative: o75QGt (OK)
alternative: sxiPSt (OK)
alternative: tanny_ (OK)        \\ tanny_
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0x45D8E1CA
4 bytes: {0xc8, 0x94, 0x8f, 0x4e}
verification checksum: 0x45d8e1ca (OK)
alternative: 3jAkZV (OK)
alternative: 5oH8jp (OK)
alternative: Aj5pSK (OK)
alternative: U30NJw (OK)
alternative: U_CcN3 (OK)
alternative: XMFlYu (OK)
alternative: daZyr4 (OK)
alternative: is_ver (OK)       \\ is_ver
alternative: njXHOY (OK)
alternative: pHc6nX (OK)
alternative: uPpZu6 (OK)
alternative: vl4u72 (OK)
alternative: xBuUbp (OK)
alternative: yB4dyi (OK)
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0xA4164CA6
4 bytes: {0x47, 0xf9, 0x91, 0x31}
verification checksum: 0xa4164ca6 (OK)
alternative: 5nQesx (OK)
alternative: 6sKZX0 (OK)
alternative: AwcqKW (OK)
alternative: DRaQ8a (OK)
alternative: LXw24I (OK)
alternative: PFIRLU (OK)
alternative: TBTSM6 (OK)
alternative: ZMKcq8 (OK)
alternative: axPHpR (OK)
alternative: faWvZy (OK)
alternative: hnHFfw (OK)
alternative: pIzkwP (OK)
alternative: pU57vD (OK)
alternative: r8RHCE (OK)
alternative: tMgjv3 (OK)
alternative: vLs8Gv (OK)
alternative: y_beau (OK)      \\ y_beau
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0xC4ADB2FB
4 bytes: {0x97, 0x02, 0xd5, 0x61}
verification checksum: 0xc4adb2fb (OK)
alternative: 3rHelj (OK)
alternative: GkzqTE (OK)
alternative: IdeAhK (OK)
alternative: QCWlyl (OK)
alternative: VZPRSG (OK)
alternative: XUOboI (OK)
alternative: ikVxSN (OK)
alternative: nrQFye (OK)
alternative: pPj8Xd (OK)
alternative: qLdUBi (OK)
alternative: rM16h5 (OK)
alternative: tifu1_ (OK)       \\ tifu1_
alternative: vUckhB (OK)
alternative: yFr6NA (OK)

得到密碼:tanny_is_very_beautifu1_
打開(kāi)flag.pdf,這是flag中的字符,不過(guò)順序是未知的。但是flag的sha1為:e6079c5ce56e781a50f4bf853cdb5302e0d8f054

image.png

其中 flag , { , } 是知道順序的
那么還剩下:
1!
2@
seghcn
需要我們?nèi)ヅ帕薪M合,其結(jié)果的sha1要為:e6079c5ce56e781a50f4bf853cdb5302e0d8f054
腳本如下:

import hashlib
import itertools
a1 = "1!"
a2 = "2@"
a3 = "eshcn"

for j in itertools.combinations(a1,1):
    for k in itertools.combinations(a2,1):
        str = j[0]+k[0]+'sechn'
        for i in itertools.permutations(str):
            i=''.join(i)
            t = 'flag{'+i+'}'
            sha1 = hashlib.sha1()
            sha1.update(t.encode("utf8"))
            tmp = sha1.hexdigest()
            if tmp == 'e6079c5ce56e781a50f4bf853cdb5302e0d8f054':
                print(t)
                break
image.png
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容