https://buuoj.cn/challenges#[%E5%AE%89%E6%B4%B5%E6%9D%AF%202019]easy%20misc![BUUCTF:[安洵杯 2019]easy misc_SPA](https://s2.51cto.com/images/blog/202306/19154631_649007d75eff672319.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
decode.zip
![BUUCTF:[安洵杯 2019]easy misc_SPA_02](https://s2.51cto.com/images/blog/202306/19154631_649007d77625156580.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
掩码爆破:???????NNULLULL,
![BUUCTF:[安洵杯 2019]easy misc_ci_03](https://s2.51cto.com/images/blog/202306/19154631_649007d78b92d24876.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
decode.zip解压密码为:2019456NNULLULL,,解压得到decode.txt,内容如下:
a = dIW
b = sSD
c = adE
d = jVf
e = QW8
f = SA=
g = jBt
h = 5RE
i = tRQ
j = SPA
k = 8DS
l = XiE
m = S8S
n = MkF
o = T9p
p = PS5
q = E/S
r = -sd
s = SQW
t = obW
u = /WS
v = SD9
w = cw=
x = ASD
y = FTa
z = AE7小姐姐.png
![BUUCTF:[安洵杯 2019]easy misc_bc_04](https://s2.51cto.com/images/blog/202306/19154631_649007d7af43224275.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![BUUCTF:[安洵杯 2019]easy misc_ci_05](https://s2.51cto.com/images/blog/202306/19154631_649007d7cabaf99586.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
盲水印
PS D:\Tools\Misc\BlindWaterMark> python2 .\bwm.py decode .\1.png .\2.png res.png
image<.\1.png> + image(encoded)<.\2.png> -> watermark<res.png>![BUUCTF:[安洵杯 2019]easy misc_SPA_06](https://s2.51cto.com/images/blog/202306/19154631_649007d7e0cd712314.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
得到提示:in 11.txt
再看到read文件夹
![BUUCTF:[安洵杯 2019]easy misc_ci_07](https://s2.51cto.com/images/blog/202306/19154632_649007d804da969179.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
hint.txt打开时乱码,使用notepad++打开,编码->使用ANSI编码
![BUUCTF:[安洵杯 2019]easy misc_ci_08](https://s2.51cto.com/images/blog/202306/19154632_649007d81e11895246.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![BUUCTF:[安洵杯 2019]easy misc_ci_09](https://s2.51cto.com/images/blog/202306/19154632_649007d863e7066288.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
字频统计
# -*- coding:utf-8 -*-
# Author: MoChu7
alphabet = b"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()\_+-/={}[] "#所有正常打印字符
strings = open('./11.txt','rb').read()#读取需要统计频数的文本
result = {}
for i in alphabet:
counts = strings.count(i)
i = '{0}'.format(i)
result[i] = counts
res = sorted(result.items(), key=lambda item: item[1], reverse=True)
num = 0
for data in res:
num += 1
print('频数第{0}: {1}'.format(num, data))
print('\n---------------以下是频数从多到少的字符,按照从前到后排序---------------')
for i in res:
flag = str(i[0])
print(flag[0], end="")![BUUCTF:[安洵杯 2019]easy misc_bc_10](https://s2.51cto.com/images/blog/202306/19154632_649007d886d3f67872.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
ascii_list = [32,101,116,97,111,110,114,104,105,115,100,108,117,121,103,119]
for i in ascii_list:
print(chr(i),end="")etaonrhisdluygw因为第一位是空格,所以只有15个字符,然后按照decode.txt进行对照
code_str = 'etaonrhisdluygw'
code_dict = {'a':'dIW','b':'sSD','c':'adE ','d':'jVf','e':'QW8','f':'SA=','g':'jBt','h':'5RE','i':'tRQ','j':'SPA','k':'8DS','l':'XiE','m':'S8S','n':'MkF','o':'T9p','p':'PS5','q':'E/S','r':'-sd','s':'SQW','t':'obW','u':'/WS','v':'SD9','w':'cw=','x':'ASD','y':'FTa','z':'AE7'}
base_str=''
for i in code_str:
i = code_dict[i]
base_str += i
print(base_str)运行结果是这个
QW8obWdIWT9pMkF-sd5REtRQSQWjVfXiE/WSFTajBtcw=然后到这里就迷了,有无效字符-,就算去掉,也解不对,看了下官方的wp,说对照出来的最后结果是
![BUUCTF:[安洵杯 2019]easy misc_SPA_11](https://s2.51cto.com/images/blog/202306/19154632_649007d89e84261189.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
QW8obWdIWT9pMkFSQWtRQjVfXiE/WSFTajBtcw==????这就迷了,不知道他们官方是怎么的出来的,base64解码得到
Ao(mgHY?i2ARAkQB5_^!?Y!Sj0msbase85
![BUUCTF:[安洵杯 2019]easy misc_ci_12](https://s2.51cto.com/images/blog/202306/19154632_649007d8b3e794880.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
flag{have_a_good_day1}
