记录一下第一次独立在大型比赛中AK Misc~
BrickGame
玩游戏签到
漏洞探踪,流量解密
第一阶段找一个IP地址,确定ip地址是192.168.30.xxx ,实在太多了找不到,写个脚本开爆
1 2 3 4 5 6 7 8 9 10 11 output_file = 'ip_addresses.txt' with open (output_file, 'w' ) as file: for i in range (1 , 256 ): ip_address = f'192.168.30.{i} ' file.write(ip_address + '\n' ) print (f'IP 地址列表已生成并保存到 {output_file} ' )
生成字典后爆破
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 import py7zrimport concurrent.futuresarchive_path = 'C:/Users/67300/Desktop/1/1.7z' dictionary_path = 'C:/Users/67300/Desktop/1/ip_addresses.txt' max_threads = 10 def extract_with_password (archive_path, password ): try : with py7zr.SevenZipFile(archive_path, mode='r' , password=password) as archive: archive.extractall(path='./extracted' ) print (f"Password found: {password} " ) return True except py7zr.exceptions.Bad7zFile: print ("Bad 7z file" ) return False except py7zr.exceptions.PasswordRequired: return False except Exception as e: print (f"Error: {e} " ) return False return False def attempt_password (password ): password = password.strip() if extract_with_password(archive_path, password): return password return None def brute_force_password (dictionary_path ): with open (dictionary_path, 'r' ) as file: passwords = file.readlines() with concurrent.futures.ThreadPoolExecutor(max_workers=max_threads) as executor: futures = {executor.submit(attempt_password, password): password for password in passwords} for future in concurrent.futures.as_completed(futures): result = future.result() if result: print (f"Success: The password is {result} " ) executor.shutdown(wait=False ) return result print ("Password not found" ) return None brute_force_password(dictionary_path)
获得密钥:192.168.30.254
进入第二阶段
在流92中获得密钥
在95流中获得加密方式RC4
在95流中获得加密方式RC4
解密rc4后hex即可
最安全的加密方式
流13内找到一个$pass='25ming@',目测是哥斯拉流量但是没啥用
流15找到一个RAR压缩包,另存为下来CyberChef手提一个压缩包,用之前的pass为解压密码成功解压,获得一个flag.txt
看到这样的形式很像32位md5,联想到UNCTF 2022的那道题,写出hash爆破脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 from hashlib import md5c = '''8fa14cdd754f91cc6554c9e71929cce7 2db95e8e1a9267b7a1188556b2013b33 0cc175b9c0f1b6a831c399e269772661 b2f5ff47436671b6e533d8dc3614845d f95b70fdc3088560732a5ac135644506 b9ece18c950afbfa6b0fdbfa4ff731d3 2510c39011c5be704182423e3a695e91 e1671797c52e15f763380b45e841ec32 b14a7b8059d9c055954c92674ce60032 6f8f57715090da2632453988d9a1501b cfcd208495d565ef66e7dff9f98764da 03c7c0ace395d80182db07ae2c30f034 e358efa489f58062f10dd7316b65649e b14a7b8059d9c055954c92674ce60032 c81e728d9d4c2f636f067f89cc14862c e1671797c52e15f763380b45e841ec32 4a8a08f09d37b73795649038408b5f33 4c614360da93c0a041b22e537de151eb 4b43b0aee35624cd95b910189b3dc231 e1671797c52e15f763380b45e841ec32 b14a7b8059d9c055954c92674ce60032 e1671797c52e15f763380b45e841ec32 8d9c307cb7f3c4a32822a51922d1ceaa 4a8a08f09d37b73795649038408b5f33 4b43b0aee35624cd95b910189b3dc231 57cec4137b614c87cb4e24a3d003a3e0 83878c91171338902e0fe0fb97a8c47a e358efa489f58062f10dd7316b65649e 865c0c0b4ab0e063e5caa3387c1a8741 d95679752134a2d9eb61dbd7b91c4bcc 7b8b965ad4bca0e41ab51de7b31363a1 9033e0e305f247c0c3c80d0c7848c8b3 9033e0e305f247c0c3c80d0c7848c8b3 9033e0e305f247c0c3c80d0c7848c8b3 cbb184dd8e05c9709e5dcaedaa0495cf''' .split('\n' )s = list (range (32 ,127 )) t = {} for k in s: t[md5(chr (k).encode()).hexdigest()] = chr (k) flag='' for k in c: flag += t[k] print (flag)
