GoogleHacking 发表于 2024-1-22 14:45

一个CTF图片隐写术的题目,求解

本帖最后由 GoogleHacking 于 2024-1-22 17:18 编辑


图片链接:https://wwxp.lanzn.com/iUenJ1lx0trc

就是这个图片,求flag和解题思路

Light紫星 发表于 2024-1-22 17:45

本帖最后由 Light紫星 于 2024-1-22 17:56 编辑

python -m binwalk .\misc.png
有一个zip,有密码,可能是伪密码,用win自带的工具能解压
解压后的内容如下:

flM{Sg_i_igl1S_ll__SfM_FF_1ilfM{Sa11gagc1lSSMgfnafg_fMa1n5iaF_c1lSFiSaf_1f{S_l_FalS5_faSl_fgl5M1_{ll!{i5c}if1__fg5{__M{ngU{1l1gff1f1iS__Mf5iFMlciSgaU{glgUF5M_1aa_f_i5{nflllla1S1FS!cSg{fUfFcS1{{ag1lU51acfUSffMcMSgfSfalFg_g_gfgfiSfla1i{{{n{_lg_}{ggi{gglg{{flnliF{M5faF1ig_agal{_{{aMMilfUSa{a5ggiiigfSSg{M_Mng{a}fcMf1_Fl{cM{1fiflMSSM{_l!Scf5FFcn{g{SFnMlf{l__aScMl{{c_lS1Sic1!l5ga1_gfggllcllccaagMU1iala55FSfia5lScMMFiMaFff{{g{fcicM!l_{iffcg{UlcMa{{5f5Mc{McfagcM_Ma1Slcf{cSg_SflM5U11_5i_fcc{FagglaMUfS1g_{lSc5f_lag5Sg_ccclca___ala1g1aSMfa_fcaFnSSi{a1a{gUif_FgaS{lacSgfga{F1fgScf1_M__{1ag_5MMSiga11g_aMl5fM15a_gla5f1_UllgcSc{Sagac{accS_i{Mf{Sgccg_ici{fgcl_gaMlffS{{i{nnfaM}aallSSg1ilUif{Mi1SMiMl1aaMUl{alaglM!1lgngScMac1fa1acafS1fgfM__S11_SM{f}la_cM_g{fniifgc1M{_lM!M5}g5_l1USg{cgl{SaccigSU1fMgl5lcaiggMFfcaca1l{Ugf_lalg1_g!{iaala_M5l1Mc11afcgfgl5f1g_c{llaUMf1lM1aF{af1Sl5lf5l1l5a_cc_c_1ff}f_ff}MlU{afM_1fcla{{gM{_Sl_M_{gM_{g5gaMaFU{{!S1ala1lfl1lifl_Mlf5F{l_g{li__aM_gfSU{lM_agM{giff{ii_{ff_naaaif1gf_ag__lnFacgiSlSac_Ma5M{fg{{fac{gllfaa{Mi5MnMff{{gc!fn_iU{ll5i_Saa5M{Mi}{g{Ffl{Ffac!a{afffgl!_gMalF_c{lac_MFMg5acMFcla5cMlU5aSff{l_UFf_Ug1!g1F_c{{aMMg{SlgUa1ca1ff5_c1g5{fligg11_lla_fcf1{Mla1MnglM{5lSl1g__Sll_cUc5MSa{_fiMiiS1c{M1g_SSUifi1!Saa{_glS1aaal{llF1cFgig_Sf{acf{Uf1c1fa!gfFM_aS51lgaMa1aa_gfif_ia{M_a_M1fMSaSSfMSl{1gFcl151l_lFfMilffgf1gSSgcaf_SfMgaf{}ilaUMM_MU5ff551i5SnFgc15nSMa1M{{_fSlMg{{5fcS1g5fSgMMUi{_ig5falf1nfgFaUMlff!g__la_F_c1{i1!{lc{i{1iglM_fUgl___a5fnMaFf{_lfll_igf1lcalniMag_5nFS1MMaiM1ll5SlMiaf_5l{af__MMgac_Mf__fUa1fc{1{_55SF!llfgU1l1U_Mal_l{alglSglcnlfSfaacgSSgSc_Maa{ffg51MaSfca1U_{gfS1ff5l{{f1Ml_gSgc_n5iS1Sg_l__1nnM1lM15MillfaMff1!nl1fFSM5Fflf{acagl{Sf{ggfSi1f!FSagf{{lFf5la5{ff__lM{M_fUlSgi


应该是某种编码格式
可能和flag有关系

百度搜了一下,说可能和词频有关系,参考如下代码

# -*- coding:utf-8 -*-
import operator

str = '''flM{Sg_i_igl1S_ll__SfM_FF_1ilfM{Sa11gagc1lSSMgfnafg_fMa1n5iaF_c1lSFiSaf_1f{S_l_FalS5_faSl_fgl5M1_{ll!{i5c}if1__fg5{__M{ngU{1l1gff1f1iS__Mf5iFMlciSgaU{glgUF5M_1aa_f_i5{nflllla1S1FS!cSg{fUfFcS1{{ag1lU51acfUSffMcMSgfSfalFg_g_gfgfiSfla1i{{{n{_lg_}{ggi{gglg{{flnliF{M5faF1ig_agal{_{{aMMilfUSa{a5ggiiigfSSg{M_Mng{a}fcMf1_Fl{cM{1fiflMSSM{_l!Scf5FFcn{g{SFnMlf{l__aScMl{{c_lS1Sic1!l5ga1_gfggllcllccaagMU1iala55FSfia5lScMMFiMaFff{{g{fcicM!l_{iffcg{UlcMa{{5f5Mc{McfagcM_Ma1Slcf{cSg_SflM5U11_5i_fcc{FagglaMUfS1g_{lSc5f_lag5Sg_ccclca___ala1g1aSMfa_fcaFnSSi{a1a{gUif_FgaS{lacSgfga{F1fgScf1_M__{1ag_5MMSiga11g_aMl5fM15a_gla5f1_UllgcSc{Sagac{accS_i{Mf{Sgccg_ici{fgcl_gaMlffS{{i{nnfaM}aallSSg1ilUif{Mi1SMiMl1aaMUl{alaglM!1lgngScMac1fa1acafS1fgfM__S11_SM{f}la_cM_g{fniifgc1M{_lM!M5}g5_l1USg{cgl{SaccigSU1fMgl5lcaiggMFfcaca1l{Ugf_lalg1_g!{iaala_M5l1Mc11afcgfgl5f1g_c{llaUMf1lM1aF{af1Sl5lf5l1l5a_cc_c_1ff}f_ff}MlU{afM_1fcla{{gM{_Sl_M_{gM_{g5gaMaFU{{!S1ala1lfl1lifl_Mlf5F{l_g{li__aM_gfSU{lM_agM{giff{ii_{ff_naaaif1gf_ag__lnFacgiSlSac_Ma5M{fg{{fac{gllfaa{Mi5MnMff{{gc!fn_iU{ll5i_Saa5M{Mi}{g{Ffl{Ffac!a{afffgl!_gMalF_c{lac_MFMg5acMFcla5cMlU5aSff{l_UFf_Ug1!g1F_c{{aMMg{SlgUa1ca1ff5_c1g5{fligg11_lla_fcf1{Mla1MnglM{5lSl1g__Sll_cUc5MSa{_fiMiiS1c{M1g_SSUifi1!Saa{_glS1aaal{llF1cFgig_Sf{acf{Uf1c1fa!gfFM_aS51lgaMa1aa_gfif_ia{M_a_M1fMSaSSfMSl{1gFcl151l_lFfMilffgf1gSSgcaf_SfMgaf{}ilaUMM_MU5ff551i5SnFgc15nSMa1M{{_fSlMg{{5fcS1g5fSgMMUi{_ig5falf1nfgFaUMlff!g__la_F_c1{i1!{lc{i{1iglM_fUgl___a5fnMaFf{_lfll_igf1lcalniMag_5nFS1MMaiM1ll5SlMiaf_5l{af__MMgac_Mf__fUa1fc{1{_55SF!llfgU1l1U_Mal_l{alglSglcnlfSfaacgSSgSc_Maa{ffg51MaSfca1U_{gfS1ff5l{{f1Ml_gSgc_n5iS1Sg_l__1nnM1lM15MillfaMff1!nl1fFSM5Fflf{acagl{Sf{ggfSi1f!FSagf{{lFf5la5{ff__lM{M_fUlSgi'''


payloads = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!0}{123456789_\n'
#payloads = payloads.upper()
# print payloads
dists = {}
for x in payloads:
    dists = 0
# print x,dists
for s in str:
    dists += 1

ans = ''
res = sorted(dists.items(), key=operator.itemgetter(1), reverse=True)
for r in res:
    ans += r
print (r)
print (ans)


执行结果如下
flag_{M1Sci5FUn!}bdehjkmopqrstuvwxyzABCDEGHIJKLNOPQRTVWXYZ02346789
所以flag应该是flag_{M1Sci5FUn!}

wu_yang007 发表于 2024-1-22 18:13

本帖最后由 wu_yang007 于 2024-1-24 02:24 编辑

楼上厉害 只会一步 pngforemost → 00000020.zip →coco   然后打开就是上面那段不会解在线也没跑出来

因为之前传的png不是原文件   打开png分成了三段   白色背景 部分    第二段第三段   还在想怎么搞

根据楼上解法搜索关键词看到这篇似了下
aHR0cHM6Ly93d3cuamlhbnNodS5jb20vcC8wOWE0MTU2ZWI1ODM=




山顶的一棵草 发表于 2024-1-22 14:53

本帖最后由 山顶的一棵草 于 2024-1-22 14:56 编辑

正常一般都是图片原文件带了东西,你发到论坛会加水印转码了。发下原文件研究研究。

Z16700 发表于 2024-1-22 15:09

三色素跑一下

sai609 发表于 2024-1-22 15:22

图片增加这个文字作为水印?

evill 发表于 2024-1-22 16:05

非原始图片数据可能已经损坏,最好发原始图片

Light紫星 发表于 2024-1-22 17:10

zip压缩上传原图片吧,这张图已经被破坏了

GoogleHacking 发表于 2024-1-22 17:18

山顶的一棵草 发表于 2024-1-22 14:53
正常一般都是图片原文件带了东西,你发到论坛会加水印转码了。发下原文件研究研究。

https://wwxp.lanzn.com/iUenJ1lx0trc

GoogleHacking 发表于 2024-1-22 17:19

Light紫星 发表于 2024-1-22 17:10
zip压缩上传原图片吧,这张图已经被破坏了

https://wwxp.lanzn.com/iUenJ1lx0trc

GoogleHacking 发表于 2024-1-22 17:20

evill 发表于 2024-1-22 16:05
非原始图片数据可能已经损坏,最好发原始图片

https://wwxp.lanzn.com/iUenJ1lx0trc

s1986q 发表于 2024-1-22 17:36

本帖最后由 s1986q 于 2024-1-22 17:39 编辑

用十六进制查看是后面数据是个zip,改后缀zip打开。
有zip密码,用zip暴力破解跑出密码。
里面是一个coco的文件。
页: [1] 2
查看完整版本: 一个CTF图片隐写术的题目,求解