{"id":282,"date":"2023-10-22T15:18:44","date_gmt":"2023-10-22T07:18:44","guid":{"rendered":"https:\/\/zysgmzb.club\/?p=282"},"modified":"2023-10-22T15:18:44","modified_gmt":"2023-10-22T07:18:44","slug":"dasctf-x-cbctf-2023-misc-wp","status":"publish","type":"post","link":"https:\/\/zysgmzb.club\/index.php\/archives\/282","title":{"rendered":"DASCTF X CBCTF 2023 Misc WP"},"content":{"rendered":"<h2>justpaint<\/h2>\n<p>gpt\u5c31\u662f\u725b\u903c<\/p>\n<p>\u5148\u7206\u7834\u4e94\u4f4d\u6570\u5bc6\u7801\u5f97\u523011452<\/p>\n<p>\u7136\u540e\u8ba9ai\u505aai<\/p>\n<p>exp powered by chatgpt:<\/p>\n<pre class=\"prettyprint linenums\" ><code>import torch\nimport torch.nn as nn\nimport numpy as np\nimport matplotlib.pyplot as plt\nfrom PIL import Image\nimport cv2\n\nclass JBN(nn.Module):\n    def __init__(self):\n        super(JBN, self).__init__()\n        self.main = nn.Sequential(\n            nn.Linear(100, 256),\n            nn.ReLU(),\n            nn.Linear(256, 512),\n            nn.ReLU(),\n            nn.Linear(512, 452 * 280),\n            nn.Tanh()\n        )\n\n    def forward(self, x):\n        img = self.main(x)\n        img = img.view(-1, 452, 280)\n        return img\n\njbn = JBN()\njbn.load_state_dict(torch.load(&#039;jbn.pth&#039;))\n\nrandom_noise = torch.randn(1, 100)\njbn_img = jbn(random_noise)\njbn_img = jbn_img.squeeze().detach().numpy()\njbn_img = (jbn_img + 1) \/ 2  # \u5c06\u56fe\u50cf\u50cf\u7d20\u503c\u8303\u56f4\u4ece[-1, 1]\u8f6c\u6362\u4e3a[0, 1]\njbn_img = (jbn_img * 255).astype(np.uint8)  # \u5c06\u56fe\u50cf\u50cf\u7d20\u503c\u8f6c\u6362\u4e3a[0, 255]\u7684\u6574\u6570\njbn_img = cv2.resize(jbn_img, (280, 452))  # \u8c03\u6574\u56fe\u50cf\u5927\u5c0f\u4e3a452x280\nflag_image = Image.fromarray(jbn_img)\nflag_image.save(&#039;flag_restored.png&#039;)<\/code><\/pre>\n<p>\u7ed3\u679c:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338960c458853aefa9222e.png\" alt=\"\" \/><\/p>\n<h2>SecretZip<\/h2>\n<p>purezip.zip\u91cc\u9762\u662fZipCrypto Deflate\u7684\u7b97\u6cd5\uff0c\u518d\u52a0\u4e0a\u9898\u76ee\u63cf\u8ff0\uff0c\u5bb9\u6613\u60f3\u5230\u660e\u6587\u653b\u51fb\uff0c\u5e76\u4e14\u5c1d\u8bd5\u540e\u53d1\u73b0\u6240\u7ed9\u7684key\u6587\u4ef6\u5c31\u662f\u7ecf\u8fc7\u538b\u7f29\u7684secret key.zip\u7684\u524d\u534a\u6bb5\uff0c\u4e8e\u662f\u76f4\u63a5\u62ff\u6765\u660e\u6587\u653b\u51fb<\/p>\n<pre class=\"prettyprint linenums\" ><code>.\\bkcrack -C purezip.zip -c &quot;secret key.zip&quot; -p key -o 0 &gt;1.log<\/code><\/pre>\n<p>\u7531\u4e8e\u7ed9\u7684\u591f\u591a\u6240\u4ee5\u8dd1\u7684\u5f88\u5feb\uff0c\u5bc6\u94a5\u4e3ae63af7cc 55ef839d dc10b922\uff0c\u76f4\u63a5\u89e3\u538b<\/p>\n<pre class=\"prettyprint linenums\" ><code>.\\bkcrack -C purezip.zip -c &quot;secret key.zip&quot; -k e63af7cc 55ef839d dc10b922 -d 1.zip<\/code><\/pre>\n<p>\u6b64\u65f6\u7684zip\u662f\u538b\u7f29\u4e4b\u540e\u7684\uff0c\u5f97\u89e3\u538b\uff0c\u76f4\u63a5cyberchef\u91cc\u9762raw inflate<\/p>\n<p>\u6253\u5f00\u538b\u7f29\u5305\u6ce8\u91ca\u63d0\u793apassword is two bytes<\/p>\n<p>\u76f4\u63a5zip2john\u63a5hashcat\u5f00\u7206\uff0c\u5f97\u5230\u5bc6\u7801\u4e3a$HEX[9c07]<\/p>\n<p>\u968f\u4fbf\u5199\u4e2a\u811a\u672c\u5c31\u7ed9\u89e3\u538b\u4e86\uff0c\u7136\u540e\u91cc\u9762\u7ed9\u4e86\u4e00\u4e32\u5bc6\u94a5\uff0c\u7ed3\u5408zpaq\u6587\u4ef6\u5c3e\u7684\u63d0\u793a\uff0c\u4e00\u773c\u4e01\u771f\u76f4\u63a5\u7206<\/p>\n<pre class=\"prettyprint linenums\" ><code>bkcrack -k e48d3828 5b7223cc 71851fb0 -r 3 ?b<\/code><\/pre>\n<p>\u5f97\u5230\u5bc6\u7801<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338bc1c458853aefb14fb3.jpg\" alt=\"\" \/><\/p>\n<p>\u76f4\u63a5MD5\u518d\u7528bandizip\u89e3\u5f00zpaq\u538b\u7f29\u5305\u5c31\u53ef\u4ee5\u4e86<\/p>\n<p>\u6700\u5957\u7684\u4e00\u96c6<\/p>\n<h2>NoPasswd<\/h2>\n<p>\u62ff\u5230\u6587\u6863\u53d1\u73b0\u662f\u52a0\u5bc6\u7684\uff0c\u5e76\u4e14office2john\u52a0hashcat\u52a0rockyou\u8fd8\u7206\u4e0d\u5f00<\/p>\n<p>\u4e8e\u662f\u7784\u4e00\u773chex\uff0c\u53d1\u73b0\u4e86\u4e00\u4e9b\u7c7b\u4f3c\u4e8e\u5b8f\u7684\u75d5\u8ff9<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338c78c458853aefb3c120.jpg\" alt=\"\" \/><\/p>\n<p>\u76f4\u63a5\u5c31\u662f\u4e00\u624boletools\u63d0\u53d6\u51favba\u811a\u672c<\/p>\n<pre class=\"prettyprint linenums\" ><code>olevba attachment.doc<\/code><\/pre>\n<p>\u5f97\u5230:<\/p>\n<pre class=\"prettyprint linenums\" ><code>Sub XOREncryptFile()\n    Dim numbers(8) As Integer\n\n    numbers(0) = 19\n    numbers(1) = 71\n    numbers(2) = 122\n    numbers(3) = 99\n    numbers(4) = 65\n    numbers(5) = 111\n    numbers(6) = 43\n    numbers(7) = 67\n\n    Dim CurrentDirectory As String\n    CurrentDirectory = &quot;.\\&quot;\n\n    If Dir(CurrentDirectory &amp; &quot;abc&quot;) = &quot;&quot; Then\n        Exit Sub\n    End If\n\n    Dim FileNumber As Integer\n    FileNumber = FreeFile\n    Open CurrentDirectory &amp; &quot;abc&quot; For Binary Access Read Write As #FileNumber\n\n    Dim FileContent As String\n    FileContent = Input$(LOF(FileNumber), #FileNumber)\n\n    Close #FileNumber\n\n    Dim EncryptedContent As String\n\n    For i = 1 To Len(FileContent)\n        EncryptedContent = EncryptedContent &amp; Chr(Asc(Mid(FileContent, i, 1)) Xor numbers((i - 1) Mod 8))\n    Next i\n\n    FileNumber = FreeFile\n    Open CurrentDirectory &amp; &quot;enc&quot; For Binary Access Write As #FileNumber\n\n    Put #FileNumber, , EncryptedContent\n\n    Close #FileNumber\n\nEnd Sub<\/code><\/pre>\n<p>\u7b80\u5355\u770b\u770b\u5c31\u77e5\u9053\u662fxor\uff0c\u88abxor\u7684\u5b57\u7b26\u4e32\u5219\u731c\u6d4b\u662f\u6587\u6863\u6700\u4e0b\u9762\u591a\u51fa\u6765\u7684\u4e00\u4e32<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338ceec458853aefb54037.jpg\" alt=\"\" \/><\/p>\n<p>\u4e8e\u662f\u76f4\u63a5\u62ff\u5230\u5bc6\u7801<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338d33c458853aefb623cd.jpg\" alt=\"\" \/><\/p>\n<p>\u6253\u5f00\u6587\u6863\u9664\u4e86\u4e00\u4e2azip\u7684base64\u4ee5\u5916\u5c31\u6ca1\u4e86<\/p>\n<p>\u76f4\u63a5\u590d\u5236\u4e0b\u6765\u8f6c\u6210zip\uff0c\u4f46\u662f\u600e\u4e48\u90fd\u89e3\u538b\u4e0d\u4e86<\/p>\n<p>\u518d\u4ed4\u7ec6\u770b\u770b\u5c31\u77e5\u9053\u5f00\u5934\u6587\u4ef6\u540d\u7684\u957f\u5ea6\u6709\u95ee\u9898\uff0c\u6539\u56de08\u4e4b\u540e\u89e3\u4f2a\u52a0\u5bc6\u5373\u53ef<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338ddfc458853aefb85145.jpg\" alt=\"\" \/><\/p>\n<h2>justlisten<\/h2>\n<p>hint.png\u6c49\u4fe1\u7801\u626b\u51fa\u6765\u5f97\u5230oursecret\u7684\u5bc6\u7801\u4e3a0urS3cret<\/p>\n<p>\u89e3\u5f00\u5f97\u5230\u4e00\u4e32\u5b57\u7b26\uff0c\u731c\u6d4b\u662f\u67d0\u79cd\u8868<\/p>\n<pre class=\"prettyprint linenums\" ><code>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_}{-?!<\/code><\/pre>\n<p>\u97f3\u9891\u7b80\u5355\u542c\u4e00\u4e0b\u540e\u7528Sonic Visualiser\u6253\u5f00\u4e00\u773c\u5c31\u662f\u5341\u8fdb\u5236<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338e9ec458853aefbad1aa.jpg\" alt=\"\" \/><\/p>\n<p>\u61d2\u5f97\u5199\u97f3\u9891\u76f8\u5173\u7684\u811a\u672c\u4e86\uff0c\u76f4\u63a5\u5de6\u4e0a\u89d2\u5bfc\u51fa\u56fe\u7247\u7136\u540e\u8bfb\u50cf\u7d20<\/p>\n<pre class=\"prettyprint linenums\" ><code>from PIL import Image\n\nimg = Image.open(&#039;1.png&#039;)\nflag = []\nfor x in range(58,6561,17):\n    for y in range(868):\n        col = img.getpixel((x,y))[0]\n        if(col &gt;= 210):\n            flag.append(y)\n            break\nflgg = []\nfor i in flag:\n    if(i &lt; 250):\n        print(0,end=&#039;&#039;)\n    elif(i &lt; 280):\n        print(1,end=&#039;&#039;)\n    elif(i &lt; 320):\n        print(2,end=&#039;&#039;)\n    elif(i &lt; 350):\n        print(3,end=&#039;&#039;)\n    elif(i &lt; 390):\n        print(4,end=&#039;&#039;)\n    elif(i &lt; 430):\n        print(5,end=&#039;&#039;)\n    elif(i &lt; 470):\n        print(6,end=&#039;&#039;)\n    elif(i &lt; 520):\n        print(7,end=&#039;&#039;)\n    elif(i &lt; 580):\n        print(8,end=&#039;&#039;)\n    else:\n        print(9,end=&#039;&#039;)<\/code><\/pre>\n<p>\u5f97\u5230\u4e86\u5b8c\u6574\u7684\u5341\u8fdb\u5236\u6570\u636e<\/p>\n<pre class=\"prettyprint linenums\" ><code>0900030907000309100003100007100307100022277031005192203203432284426284735274836292742424842463147282734424837362942334460720080624061811100213180401000920140308111000181321001411220513021020010006211814083733362813100301092108201804080511070022131021010910032111041881000051310002215140514150005142926442845316448075218191108130662196162281413321042462081305141712001952141367676763<\/code><\/pre>\n<p>\u7136\u540e\u8111\u6d1e\u4e00\u4e0b\uff0c\u731c\u6d4b\u662f\u6bcf\u4e24\u4f4dint\u4e00\u4e0b\u518d\u53bbtable\u91cc\u627e\u76f8\u5e94\u7684\uff0c\u8d85\u51fa\u8303\u56f4\u7684\u5c31\u820d\u53bb<\/p>\n<pre class=\"prettyprint linenums\" ><code>table = &quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_}{-?!&quot;\n\na = &quot;0900030907000309100003100007100307100022277031005192203203432284426284735274836292742424842463147282734424837362942334460720080624061811100213180401000920140308111000181321001411220513021020010006211814083733362813100301092108201804080511070022131021010910032111041881000051310002215140514150005142926442845316448075218191108130662196162281413321042462081305141712001952141367676763&quot;\nfor i in range(len(a)\/\/2):\n    try:\n        ii = a[2*i:2*i+2]\n        print(table[int(ii)],end=&#039;&#039;)\n    except:\n        continue<\/code><\/pre>\n<p>\u4e8e\u662f\u5f97\u5230\u4e86\u534a\u8fb9flag<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338f81c458853aefbd9e97.jpg\" alt=\"\" \/><\/p>\n<p>\u518d\u8111\u6d1e\u4e00\u4e0b\uff0c\u5220\u6389\u7b2c\u4e00\u4e2a\u5b57\u7b26\u518d\u8f6c\u4e00\u4e0b\uff0c\u5f97\u5230\u4e86\u53e6\u4e00\u534aflag<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/pic.imgdb.cn\/item\/65338fa5c458853aefbe1360.jpg\" alt=\"\" \/><\/p>\n<p>\u6700\u540e\u6839\u636e\u8bed\u4e49\u62fc\u63a5\u5f97\u5230\u5b8c\u6574flag<\/p>\n<pre class=\"prettyprint linenums\" ><code>DASCTF{Wh1stling_t0_Convey_informat1on!!!}<\/code><\/pre>\n<p>(\u611f\u89c9\u50cf\u975e\u9884\u671f\uff1f<\/p>\n","protected":false},"excerpt":{"rendered":"<p>justpaint gpt\u5c31\u662f\u725b\u903c \u5148\u7206\u7834\u4e94\u4f4d\u6570\u5bc6\u7801\u5f97\u523011452 \u7136\u540e\u8ba9ai\u505aai exp powered by chatgpt: import torch import torch.nn as nn import numpy as np import matplotlib.pyplot as plt from PIL import Image import cv2 class JBN(nn.M [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-282","post","type-post","status-publish","format-standard","hentry","category-wp"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=282"}],"version-history":[{"count":1,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/282\/revisions"}],"predecessor-version":[{"id":283,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/282\/revisions\/283"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}