The 6th Qiangwang Cup Youth Special Competition Writeup

11/09/2022 /

Original link: https://5ime.cn/qwbqsn-2022.html

This time I lost a big strategy, and the web pulled my crotch

Crypto

crypto1

Without rules, how to analyze it?

Downloaded a bunch of AB strings, tried bacon, didn’t work, then tried Morse code, got a bunch of English

image-20220911160447948

Let’s run quipqiup directly to get the flag

image-20220911160631121

Misc

misc1

Do you know what a universal chord is?

There is a png image in the download attachment, but when I open it, the file is damaged. I use Notepad to open it and find that it is a base64 image.

image-20220911154039792

Use CyberChef decode it and find that the order of the hexadecimal data is reversed. The normal data header should be 89 50 4e 47 , that is, the odd and even bits are exchanged

image-20220911154338758

Convert a script

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 
 import base64
 import binascii

 listData = []
 newData = ''

 with open ( 'chuyinweilai.png' , 'rb' ) as f:
 data = str (binascii.hexlify(base64.b64decode(f.read())), encoding= 'utf-8' )
 for i in range ( 0 , len (data), 2 ):
 listData.append(data[i:i+ 2 ])
 for j in range ( 0 , len (listData), 2 ):
 newData += str (listData[j+ 1 ] + listData[j])

 with open ( 'flag.png' , 'wb' ) as f:
 f.write(binascii.unhexlify(newData))

get picture

image-20220911160102407

You can directly decrypt the lsb , and the password can be found by Baidu search universal and spin according to the title description and get 4536251

 1
 
 python2 lsb .py extract flag .png flag .txt 4536251

misc3

Steganography is a skill and science about information hiding. Steganographic information looks like some other thing. Steganography is different from encryption. understand something. Now, here is some information hidden in the simplest way of steganography, can you find it?

Download the attachment, find a password 7his_1s_p4s5w0rd at the end of the data, unzip the file to get FindHideMsg.png

image-20220911153817949

After separating FindHideMsg.png file, a new image secret.png is obtained and a part is added (the place I circled)

image-20220911153524761

Since it is lsb steganography, we decrypt it directly with the script

 1
 
 python2 lsb .py extract secret .png flag .txt 7 his_1s_p4s5w0rd

Web

Web1

CVE-2021-41773 exists, can you get the flag?

Nothing to say, sign in question

 1
 
 /icons/.% %32 %65 /.% %32 %65 /.% %32 %65 /.% %32 %65 /.% %32 %65 /.% %32 %65 /.% %32 %65 /flag

This article is reprinted from: https://5ime.cn/qwbqsn-2022.html
This site is for inclusion only, and the copyright belongs to the original author.