CTFSHOW Vegetable Dog Cup MISC Partial Reappearance

I didn’t play at that time, but after replaying the game, the topic was not difficult this time, it is indeed a vegetable cup, suitable for a vegetable dog like me.

misc sign in

Sanha's question

direct strings

flag is

ctfshow{a62b0b55682d81f7f652b26147c49040}

corrupt archive

file and found that it is not a damaged compressed package

So modify the file extension to .png

Mystery Fence

010 compare files found

cfhwfaab2cb4af5a5820}

tso{06071f997b5bdd1a

can you count

When the strings came out, it was found to be a bunch of strings. According to the prompt, it was found to be frequency statistics

# -*- coding:utf-8 -*-
import re
from collections import Counter
#Define a function to count the number of letters
def analyze_letter_count(text):
     # Extract all letters from text
    letters = re.findall(r'\S', text)
     # Count the number of all letters
    counter = Counter(letters)
    return counter
 # store text in variable
 # Call the function to analyze the number of letters
def re_letter(s):
     regex = r'\'(.*?)\''
     new_string = re.findall(regex,s)
     return new_string
text=input("enter text:")
letter_count = analyze_letter_count(text)
strings=str(letter_count)
#print(letter_count)
print(''.join(re_letter(strings)))

ctfshow{a1b2d3e4g56i7j8k9l0}

do you xor

Read file hexadecimal and XOR 0x50

path = 'misc5.png'

# new file path
new_path = 'new.png'

# XOR operation
def xor(file_path):
    # read image in binary
    with open(file_path, 'rb') as f:
        data = f.read()
    # Hex XOR
    data = bytes([c ^ 0x50 for c in data])
    # write new picture
    with open(new_path, 'wb') as f:
        f.write(data)

# transfer
xor(path)

Generate an image as

flag divided into two

waterMark blind watermark tool extraction

ctfshow{FirstP@RT

Modify picture length, width and height

Width on the left, height on the right

modify height

SecondP@rTMikumiku~}

put together

ctfshow{FirstP@RTSecondP@rTMikumiku~}

who I am?

The official WP script is directly attached here

import requests
from lxml import html
import cv2
import numpy as np
import json


url="http://xxxxxxxxxxxxxxxxxxxx.challenge.ctf.show"

sess=requests.session()

all_girl=sess.get(url+'/static/all_girl.png').content

with open('all_girl.png','wb')as f:
        f.write(all_girl)

big_pic=cv2.imdecode(np.fromfile('all_girl.png', dtype=np.uint8), cv2.IMREAD_UNCHANGED)
big_pic=big_pic[50:,50:,:]
image_alpha = big_pic[:, :, 3]
mask_img=np.zeros((big_pic.shape[0],big_pic.shape[1]), np.uint8)
mask_img[np.where(image_alpha == 0)] = 255

cv2.imwrite('big.png',mask_img)



def answer_one(sess):
        #get video file
        response=sess.get(url+'/check')
        if 'ctfshow{' in response.text:
                print(response.text)
                exit(0)
        tree=html.fromstring(response.text)
        element=tree.xpath('//source[@id="vsource"]')
        video_path=element[0].get('src')
        video_bin=sess.get(url+video_path).content
        with open('Question.mp4','wb')as f:
                f.write(video_bin)
        #Get a valid frame
        video = cv2.VideoCapture('Question.mp4')
        frame=0
        while frame<=55:
                res, image = video.read()
                frame+=1
        #cv2.imwrite('temp.png',image)
        video.release()
        #get silhouette
        image=image[100:400,250:500]
        gray_image=cv2.cvtColor(image,cv2.COLOR_BGR2GRAY)
        #cv2.imwrite('gray_image.png',gray_image)
        temp = np.zeros((300, 250), np.uint8)
        temp[np.where(gray_image>=128)]=255
        #go white edge
        temp = temp[[not np.all(temp[i] == 255) for i in range(temp.shape[0])], :]
        temp = temp[:, [not np.all(temp[:, i] == 255) for i in range(temp.shape[1])]]
        #Zoom to the appropriate size, the naked eye roughly judges that it is 1.2 times, not necessarily accurate
        temp = cv2.resize(temp,None,fx=1.2,fy=1.2)
        #find location
        res =cv2.matchTemplate( mask_img,temp,cv2.TM_CCOEFF_NORMED)
        min_val, max_val, min_loc, max_loc = cv2.minMaxLoc(res)
        x,y=int(max_loc[0]/192),int(max_loc[1]/288)#Why 192 and 288, because the big picture is 1920*2880 without the title bar
        guess='ABCDEFGHIJ'[y]+'0123456789'[x]
        print(f'guess:{guess}')
        #pass the answer
        response=sess.get(url+'/submit?guess='+guess)
        r=json.loads(response.text)
        if r['result']:
                print('guess right!')
                return True
        else:
                print('guess wrong!')
                return False

i=1

while i<=31:
        print(f'Round:{i}')
        if answer_one(sess):
                i+=1
        else:
                i=1

You and me

Two pictures are the same to guess the blind watermark

It doesn't show up with python2, use python3

ctfshow{CDEASEFFR8846}

What else is black and white?

White wire is . Black wire is - Transition is space

.-- ....- -. - - ----- -... ...-- -- --- .-. . -.-. ..- - .

i vomit you at will

0 wide steganography

http://330k.github.io/misc_tools/unicode_steganography.html

What kind of document is this?

010 checked and found that it is pseudo-encryption

0900->0000

Successfully decompressed

pyc decompile https://tool.lu/pyc

Run it to output the flag

ctfshow{cdjnjd_565f_GCDH_kcrim}

abstract painting

Three basecrack s

https://github.com/mufeedvh/basecrack

89504e47 hexadecimal format of the png image

Write file using winhex clipboard data

The npiet feature document is a pixel image

https://www.bertnase.de/npiet/npiet-execute.php online URL

or use tools

Quick response

modify file name

I found that the scan code was wrong.

Refer to the official WP

https://merricx.github.io/qrazybox/

After uploading an image

whitewash

ctfshow{11451419-1981-landexiangle}

i didn't lie to you

The compressed package exploded

55813329

Open SilentEye

ctfshow{aha_cdsc_jejcfe5rj_cjfr24J}

you were tricked

MP3Stegp

Decode.exe -X -P nibeipianle nibeipianle.mp3

ctfshow{chdv_1dcs_cjksnjn_NJDSjdcdjn}

twinkle Twinkle Little Star

The picture can be opened directly

https://tuzim.net/hxdecode/ decoding

CDBHSBHSxskv6

try to unzip the password

listen to this voice

SSTV, Slow-scan television (Slow-scan television) is a primary picture transmission method for amateur radio operators....

Use RX-SSTV

ctfshow{NNICCETOMMETYOU}

Peel off my skin layer by layer ♥

Change to WORD document

binwalk analyzes the original compressed package

010 Separation

rar file starts with

52617221

binwalk -e direct separation

There is a password, the password is the short notation of the lyrics of the previous little star

11556654433221

There is also a jpg in the picture

winkwink~

This is actually a rar file with a rar file header added to its head

winkwink~ is the password of the compressed package

ctfshow{Wa0_wa_Congr@tulations~}

Can't open the picture

Added a file header directly and found that it is not correct

And looking at this it's not missing file headers

The end of png is usually

00 00 00 00 49 45 4E 44 AE 42 60 82

And change the end of the file

XOR with reference to the previous picture

This discovery is 7E+82=100, A0+60=100,

png file header

89 50 4E 47 0D 0A 1A 0A

Agree to header information

77+89=100,B0+50=100

So write the script and run

path = 'misc55.png'
new_path = 'new1.png'

def jian(file_path):
    # read image in binary
    with open(file_path, 'rb') as f:
        data = f.read()
        a=[]
        for i in data:
            if i ==0:
                a.append(i)
            else:
                a.append(0x100 - i)
    with open(new_path, 'wb') as f:
        f.write(bytes(a))
# transfer
jian (path)

refer to https://ctf-show.feishu.cn/docx/UpC6dtDqgo7VuoxXlcvcLwzKnqh

Tags: Python Cyber Security

Posted by kelseyirene on Thu, 05 Jan 2023 00:07:47 +0530

Hot Tags

©2023 Programs Team