春秋杯(2025)

发表于 更新于 分类于

春秋杯(2025)

msic

简单算术

1.打开附件看到

1
ys~xdg/m@]mjkz@vl@z~lf>b

2.根据题目意思
想想异或
可以想到异或运算(a^b=c,b^c=a,a^c=b)

一般的flag结尾都是},先让b和}异或

1
2
3
4
5
6
7
8
9
10
11
#include <stdio.h>


int main() {
    char a='b';
	char b='}';
	char c;
	c=a^b;
	printf("%d",c);
	return 0;
}

得到31

3.再用31依次和字符串异或

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#include <stdio.h>


int main() {
	
    char a[]="ys~xdg/m@]mjkz@vl@z~lf>b";
    int lenght= strlen(a);
	char b='31';
	char c[lenght];
	int i;
	for(i=0;i<lenght;i++){
		c[i]=a[i]^31;
	}
	printf("%s",c);
	return 0;
}

image-20250117174125235

1
flag{x0r_Brute_is_easy!}

压力大,写个脚本吧

1.发现是一个百层压缩
2.解了几次发现都有密码上脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import zipfile
import os
import base64
import re


def read_password_from_file(file_path):
    """从给定路径的文件中读取Base64编码的密码并解码"""
    try:
        with open(file_path, 'r') as file:
            encoded_password = file.read().strip()
            password = base64.b64decode(encoded_password).decode('utf-8')
            return password
    except Exception as e:
        print(f"Error reading password from {file_path}: {e}")
        raise


def un_zip(path, file_name, password):
    """解压ZIP文件到指定路径,并提供密码"""
    current_file = os.path.join(path, file_name)

    try:
        with zipfile.ZipFile(current_file) as zip_file:
            # 获取第一个非隐藏文件的名字作为新的目录名
            for new_file in zip_file.namelist():
                if not (new_file.startswith('__MACOSX') or new_file.endswith('/')):
                    break

            # 创建一个以解压出来的压缩包为名字的新文件夹
            new_path = os.path.join(path, os.path.splitext(file_name)[0])
            os.makedirs(new_path, exist_ok=True)

            # 解压所有内容到新路径,并提供密码
            zip_file.extractall(path=new_path, pwd=password.encode())

            return new_path, new_file

    except RuntimeError as e:
        print(f"RuntimeError: {e}")
        raise
    except Exception as e:
        print(f"An error occurred while unzipping {file_name}: {e}")
        raise


def find_next_password_file(base_path, last_number):
    """
    根据上次使用的密码文件数字,在解压后的文件夹中查找下一个密码文件。
    """
    next_number = last_number - 1
    next_password_filename = f"password_{next_number:02}.txt"
    next_password_file_path = os.path.join(base_path, next_password_filename)

    if os.path.exists(next_password_file_path):
        return next_password_file_path
    else:
        raise FileNotFoundError(f"Next password file {next_password_filename} not found.")


# 解压缩所需的参数
base_path = r"D:\桌面\zip_100"
initial_file_to_unzip = "zip_99.zip"
initial_password_file = os.path.join(base_path, "password_99.txt")

# 开始解压过程
current_path = base_path
file_to_unzip = initial_file_to_unzip
last_password_number = 99

while True:
    try:
        # 读取当前密码
        password = read_password_from_file(initial_password_file)

        # 解压当前ZIP文件
        current_path, new_file = un_zip(current_path, file_to_unzip, password)
        print(f"Unzipped: {new_file} to {current_path}")

        # 检查是否还有zip文件需要解压
        if new_file.lower().endswith('.zip'):
            # 更新要解压的文件路径
            file_to_unzip = new_file

            # 查找下一个密码文件
            next_password_file = find_next_password_file(current_path, last_password_number)
            last_password_number -= 1
            initial_password_file = next_password_file
        else:
            break

    except Exception as e:
        print(f"Stopped unzipping process due to an error: {e}")
        break

print("End of unzipping process.")

image-20250117174837151

3.发现问题改进下脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import zipfile
import os
import base64


def read_password_from_file(file_path):
    """从给定路径的文件中读取Base64编码的密码并解码"""
    try:
        with open(file_path, 'r') as file:
            encoded_password = file.read().strip()
            password = base64.b64decode(encoded_password).decode('utf-8')
            return password
    except Exception as e:
        print(f"Error reading password from {file_path}: {e}")
        raise


def un_zip(path, file_name, password):
    """解压ZIP文件到指定路径,并提供密码"""
    current_file = os.path.join(path, file_name)

    try:
        with zipfile.ZipFile(current_file) as zip_file:
            # 创建一个以解压出来的压缩包为名字的新文件夹
            new_path = os.path.join(path, os.path.splitext(file_name)[0])
            os.makedirs(new_path, exist_ok=True)

            # 解压所有内容到新路径,并提供密码
            zip_file.extractall(path=new_path, pwd=password.encode())

            return new_path, zip_file.namelist()  # 返回解压的所有文件列表
    except RuntimeError as e:
        print(f"RuntimeError: {e}")
        raise
    except Exception as e:
        print(f"An error occurred while unzipping {file_name}: {e}")
        raise


def find_next_password_file(base_path, last_number):
    """
    根据上次使用的密码文件数字,在解压后的文件夹中查找下一个密码文件。
    支持一位数和两位数的文件名。
    """
    next_number = last_number - 1
    for format_str in ['%d', '%02d']:  # 尝试两种格式
        next_password_filename = f"password_{format_str % next_number}.txt"
        next_password_file_path = os.path.join(base_path, next_password_filename)
        if os.path.exists(next_password_file_path):
            return next_password_file_path

    raise FileNotFoundError(f"Next password file not found for number {next_number}.")


# 解压缩所需的参数
base_path = r"D:\桌面\zip_100"
initial_file_to_unzip = "zip_99.zip"
initial_password_file = os.path.join(base_path, "password_99.txt")

# 开始解压过程
current_path = base_path
file_to_unzip = initial_file_to_unzip
last_password_number = 99

while True:
    try:
        # 读取当前密码
        password = read_password_from_file(initial_password_file)

        # 解压当前ZIP文件
        current_path, extracted_files = un_zip(current_path, file_to_unzip, password)
        print(f"Unzipped: {file_to_unzip} to {current_path}")

        # 检查是否还有zip文件需要解压
        zip_files = [f for f in extracted_files if f.lower().endswith('.zip')]
        if zip_files:
            # 更新要解压的文件路径
            file_to_unzip = zip_files[0]  # 假设只有一个ZIP文件被解压出来

            # 查找下一个密码文件
            next_password_file = find_next_password_file(current_path, last_password_number)
            last_password_number -= 1
            initial_password_file = next_password_file
        else:
            break

    except Exception as e:
        print(f"Stopped unzipping process due to an error: {e}")
        break

print("End of unzipping process.")

image-20250117175112049

完成解压

3.打开最后一个文件

image-20250117175301990

4.可以看到密码加密码和png可以想到把base64都拼在一起可能会得到一个png的图片,拼接后:

image-20250117175558172

5.得到一个二维码:
image-20250117175629639

在线扫描二维码

image-20250117175853810

1
flag{_PASSWORDs_is_fl@g!_}

通往哈希的旅程

1.有题目已知前三位是188,而且是11位

用脚本爆破:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import hashlib

# 给定的哈希值
given_hash = 'ca12fd8250972ec363a16593356abb1f3cf3a16d'

# 检查函数
def check_hash(value):
    # 生成该值的SHA-1哈希
    hash_object = hashlib.sha1(value.encode())
    hex_dig = hash_object.hexdigest()
    return hex_dig == given_hash

# 尝试所有可能的11位数字组合
for i in range(18800000000, 18900000000):  # 从18800000000到18899999999
    if check_hash(str(i)):
        print(f"Found match: {i}")
        break
else:
    print("No match found")

image-20250117182920364

1
flag{18876011645}