我们得到压缩包发现要密码,看了既不是伪加密也没有提示信息,我们打开压缩包发现五个文件并且crc都比较短,那么这应该是一道crc32爆破题。
image.png
那么我们使用脚本爆破。脚本下载地址:https://github.com/theonlypwner/crc32
使用方法:
python crc.py reverse 0x+你的CRC密文得到如下:
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0x19BA5849
4 bytes: {0xad, 0x91, 0x46, 0x6f}
verification checksum: 0x19ba5849 (OK)
alternative: 37mCIb (OK)
alternative: 3GQ2L2 (OK)
alternative: 7CL3MQ (OK)
alternative: BFpJos (OK)
alternative: E_wtEX (OK)
alternative: KPhDyV (OK)
alternative: N8GYgh (OK)
alternative: OTuEx5 (OK)
alternative: QK_w1l (OK)
alternative: SwZihq (OK)
alternative: bICsTv (OK)
alternative: o75QGt (OK)
alternative: sxiPSt (OK)
alternative: tanny_ (OK) \\ tanny_
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0x45D8E1CA
4 bytes: {0xc8, 0x94, 0x8f, 0x4e}
verification checksum: 0x45d8e1ca (OK)
alternative: 3jAkZV (OK)
alternative: 5oH8jp (OK)
alternative: Aj5pSK (OK)
alternative: U30NJw (OK)
alternative: U_CcN3 (OK)
alternative: XMFlYu (OK)
alternative: daZyr4 (OK)
alternative: is_ver (OK) \\ is_ver
alternative: njXHOY (OK)
alternative: pHc6nX (OK)
alternative: uPpZu6 (OK)
alternative: vl4u72 (OK)
alternative: xBuUbp (OK)
alternative: yB4dyi (OK)
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0xA4164CA6
4 bytes: {0x47, 0xf9, 0x91, 0x31}
verification checksum: 0xa4164ca6 (OK)
alternative: 5nQesx (OK)
alternative: 6sKZX0 (OK)
alternative: AwcqKW (OK)
alternative: DRaQ8a (OK)
alternative: LXw24I (OK)
alternative: PFIRLU (OK)
alternative: TBTSM6 (OK)
alternative: ZMKcq8 (OK)
alternative: axPHpR (OK)
alternative: faWvZy (OK)
alternative: hnHFfw (OK)
alternative: pIzkwP (OK)
alternative: pU57vD (OK)
alternative: r8RHCE (OK)
alternative: tMgjv3 (OK)
alternative: vLs8Gv (OK)
alternative: y_beau (OK) \\ y_beau
PS D:\CTF\Crypto\crc32-master> python crc32.py reverse 0xC4ADB2FB
4 bytes: {0x97, 0x02, 0xd5, 0x61}
verification checksum: 0xc4adb2fb (OK)
alternative: 3rHelj (OK)
alternative: GkzqTE (OK)
alternative: IdeAhK (OK)
alternative: QCWlyl (OK)
alternative: VZPRSG (OK)
alternative: XUOboI (OK)
alternative: ikVxSN (OK)
alternative: nrQFye (OK)
alternative: pPj8Xd (OK)
alternative: qLdUBi (OK)
alternative: rM16h5 (OK)
alternative: tifu1_ (OK) \\ tifu1_
alternative: vUckhB (OK)
alternative: yFr6NA (OK)
得到密码:tanny_is_very_beautifu1_
打开flag.pdf,这是flag中的字符,不过顺序是未知的。但是flag的sha1为:e6079c5ce56e781a50f4bf853cdb5302e0d8f054
image.png
其中 flag , { , } 是知道顺序的
那么还剩下:
1!
2@
seghcn
需要我们去排列组合,其结果的sha1要为:e6079c5ce56e781a50f4bf853cdb5302e0d8f054
脚本如下:
import hashlib
import itertools
a1 = "1!"
a2 = "2@"
a3 = "eshcn"
for j in itertools.combinations(a1,1):
for k in itertools.combinations(a2,1):
str = j[0]+k[0]+'sechn'
for i in itertools.permutations(str):
i=''.join(i)
t = 'flag{'+i+'}'
sha1 = hashlib.sha1()
sha1.update(t.encode("utf8"))
tmp = sha1.hexdigest()
if tmp == 'e6079c5ce56e781a50f4bf853cdb5302e0d8f054':
print(t)
break
image.png
