2019-安恒2月赛部分writeup

Crypto

hahaha

打开压缩包应该是CRC32爆破

密码是:

tanny_is_very_beautifu1_

打开压缩包里的PDF文件

很简单的一个排列组合问题,除去了flag{}这几个字符,组成flag的字符有以下几种情况

1@eshlcn

12eshlcn

!2eshlcn

!@eshlcn

写出脚本跑一下发现是1@eshlcn

脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import hashlib

def hash_encode(test):
sha1 = hashlib.sha1()
sha1.update(test.encode('utf-8'))
res = sha1.hexdigest()
return res
def str_sort(s):
if len(s) <= 1:
return [s]
str_list = []
for i in range(len(s)):
for j in str_sort(s[0:i] + s[i + 1:]):
str_list.append(s[i] + j)
return str_list

s = '1@eshcn'
str_list = str_sort(s)
print(len(str_list), str_list)
for test in str_list:
test = "flag{"+test+"}"
result = hash_encode(test)
if result == "e6079c5ce56e781a50f4bf853cdb5302e0d8f054":
print("flag:"+test)
break

flag为:

flag{sh@1enc}

Misc

来玩个游戏吧

题目如图

第一关的字符串明显是盲文,在线解密一下

https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=mangwen

得到了??41402abc4b2a76b9719d911017c592,这应该是一串MD5 ,百度一下应该是hello的

第二关要求两个文件不相同但是MD5要一样,网上有这样一篇文章

https://blog.csdn.net/sysprogram/article/details/73753354

用命令

fastcoll_v1.0.0.5.exe -p C:\windows\notepad.exe -o D:\notepad1.exe D:\notepad2.exe

生成两个文件,成功得到邮件

送你一封包含flag的邮件:
Dear Professional ; Especially for you - this cutting-edge 
intelligence ! If you no longer wish to receive our 
publications simply reply with a Subject: of "REMOVE" 
and you will immediately be removed from our club . 
This mail is being sent in compliance with Senate bill 
2216 , Title 9 ; Section 306 ! THIS IS NOT MULTI-LEVEL 
MARKETING . Why work for somebody else when you can 
become rich as few as 35 weeks . Have you ever noticed 
more people than ever are surfing the web and people 
will do almost anything to avoid mailing their bills 
. Well, now is your chance to capitalize on this ! 
WE will help YOU decrease perceived waiting time by 
120% & decrease perceived waiting time by 140% . You 
can begin at absolutely no cost to you . But don't 
believe us ! Mrs Jones of Minnesota tried us and says 
"I was skeptical but it worked for me" . We assure 
you that we operate within all applicable laws . Because 
the Internet operates on "Internet time" you must act 
now ! Sign up a friend and your friend will be rich 
too . Warmest regards . Dear Cybercitizen , We know 
you are interested in receiving red-hot announcement 
! We will comply with all removal requests ! This mail 
is being sent in compliance with Senate bill 1619 ; 
Title 2 ; Section 301 . This is NOT unsolicited bulk 
mail ! Why work for somebody else when you can become 
rich within 53 MONTHS ! Have you ever noticed more 
people than ever are surfing the web and more people 
than ever are surfing the web . Well, now is your chance 
to capitalize on this . We will help you use credit 
cards on your website plus decrease perceived waiting 
time by 150% . The best thing about our system is that 
it is absolutely risk free for you ! But don't believe 
us ! Mrs Simpson of Washington tried us and says "Now 
I'm rich, Rich, RICH" . We assure you that we operate 
within all applicable laws ! We beseech you - act now 
! Sign up a friend and your friend will be rich too 
. Thank-you for your serious consideration of our offer 
! Dear Friend ; This letter was specially selected 
to be sent to you ! If you no longer wish to receive 
our publications simply reply with a Subject: of "REMOVE" 
and you will immediately be removed from our mailing 
list . This mail is being sent in compliance with Senate 
bill 2716 , Title 2 ; Section 306 ! This is a ligitimate 
business proposal . Why work for somebody else when 
you can become rich inside 33 weeks . Have you ever 
noticed more people than ever are surfing the web plus 
more people than ever are surfing the web . Well, now 
is your chance to capitalize on this ! WE will help 
YOU SELL MORE and process your orders within seconds 
. You can begin at absolutely no cost to you . But 
don't believe us ! Mrs Jones of Kentucky tried us and 
says "I was skeptical but it worked for me" ! This 
offer is 100% legal ! We implore you - act now . Sign 
up a friend and you'll get a discount of 50% . God 
Bless . 

正好以前遇到过这种邮件的解密站点http://www.spammimic.com/decode.shtml

flag{a0dd1e2e6b87fe47e5ad0184dc291e04}
坚持原创技术分享,您的支持将鼓励我继续创作!