2024数据安全产业人才积分争夺赛初赛wp

数据安全

签到

Strangesystem（复现）

题目内容：你是一名安全防护人员，你发现有人成功入侵了公司的服务器，你查找有关的流量设备，发现了一个流量包文件，你认为它可能包含了一些重要的信息。但是当你打开它时，你发现它被加密了：你觉得这个文件可能被某种奇怪的系统加密过，你想要找出加密算法并解密出文件内容。
http就两条

有个png，dump下来

https://ctf.mzy0.com/CyberChef3/#recipe=From_Hexdump%EF%BC%88%E6%9D%A5%E8%87%AA16%E8%BF%9B%E5%88%B6%E8%BD%AC%E5%AD%98%EF%BC%89()&input=CiAgICAwMDAwMDBCQiAgODkgNTAgNGUgNDcgMGQgMGEgMWEgMGEgIDAwIDAwIDAwIDBkIDQ5IDQ4IDQ0IDUyICAgLlBORy4uLi4gLi4uLklIRFIKICAgIDAwMDAwMENCICAwMCAwMCAwMCA4MiAwMCAwMCAwMCA4MiAgMDggMDMgMDAgMDAgMDAgYmQgZGQgZTAgICAuLi4uLi4uLiAuLi4uLi4uLgogICAgMDAwMDAwREIgIGNmIDAwIDAwIDAwIDkzIDUwIDRjIDU0ICA0NSBmZiBmZiBmZiAyNiA0NiA1YiAzOCAgIC4uLi4uUExUIEUuLi4mRls4CiAgICAwMDAwMDBFQiAgYzIgZTQgMjMgNDQgNWEgZmIgZmMgZmMgIGQ2IGRhIGRkIDAwIDJkIDQ4IGY2IGY3ICAgLi4jRFouLi4gLi4uLi1ILi4KICAgIDAwMDAwMEZCICBmOCAxYyA0MCA1NiBjZiBkNCBkOCAyMCAgNDMgNTggMDAgMWQgM2UgZGQgZTAgZTMgICAuLkBWLi4uICBDWC4uPi4uLgogICAgMDAwMDAxMEIgIDZlIDdlIDhhIDAwIDMxIDRiIGU3IGVhICBlYiBjOCBjZCBkMSA1NSA2OCA3NyAwMyAgIG5%2BLi4xSy4uIC4uLi5VaHcuCiAgICAwMDAwMDExQiAgMzYgNGUgYTUgYWUgYjUgMzAgNGEgNWUgIDI1IDNmIDU0IDdhIDg2IDkxIDE0IDNjICAgNk4uLi4wSl4gJT9Uei4uLjwKICAgIDAwMDAwMTJCICA1MyA5NiBhMSBhYSA0ZSA2MyA3MyBiNiAgYmUgYzMgMzggY2EgZWQgNWEgNmQgN2MgICBTLi4uTmNzLiAuLjguLlptfAogICAgMDAwMDAxM0IgIDkwIDliIGE0IDJkIDVhIDcwIDI2IDM0ICA0OCAzMiA2YSA4MSAzMiA3NyA5MCAzYiAgIC4uLi1acCY0IEgyai4ydy47CiAgICAwMDAwMDE0QiAgOWQgYjkgMmEgNTIgNjggMDAgMjcgNDQgIDNhIDU1IDY3IDNjIGE5IGM3IDgxIDhmICAgLi4qUmguJ0QgOlVnPC4uLi4KICAgIDAwMDAwMTVCICA5OSAzNiA4MCA5OSAwMCAyMiA0MSA2MSAgNzQgODEgM2MgYjggZDggYWUgYjYgYmQgICAuNi4uLiJBYSB0LjwuLi4uLgogICAgMDAwMDAxNkIgIDNiIDkxIGFhIDE3IDM2IDRkIDMzIDcxICA4NyAwMCAxNSAzNSAxMyA0MCBjZCA3YyAgIDsuLi42TTNxIC4uLjUuQC58CiAgICAwMDAwMDE3QiAgMDAgMDAgMDMgZDkgNDkgNDQgNDEgNTQgIDc4IDljIGVkIDk4IDBkIDczIGFhIDM4ICAgLi4uLklEQVQgeC4uLi5zLjgKICAgIDAwMDAwMThCICAxNCA4NiAwOSBjMSAxMCA1MSAwMSAwMyAgMjEgYTIgNjAgYWQgOGEgNWEgYjQgYjUgICAuLi4uLlEuLiAhLmAuLlouLgogICAgMDAwMDAxOUIgIGZmIGZmIGQ3IGVkIDA5IDFmIDAxIGRhICBkZSBkZSBiOSBiYiA1YiA5YyBkOSAzZCAgIC4uLi4uLi4uIC4uLi5bLi49CiAgICAwMDAwMDFBQiAgY2YgOGMgMzMgODUgOTAgZjAgZjYgZTQgIDdjIDA1IGNiIDQyIDEwIDA0IDQxIDEwICAgLi4zLi4uLi4gfC4uQi4uQS4KICAgIDAwMDAwMUJCICAwNCA0MSAxMCAwNCA0MSAxMCAwNCA0MSAgMTAgMDQgNDEgOTAgZmYgMWIgNDEgZjAgICAuQS4uQS4uQSAuLkEuLi5BLgogICAgMDAwMDAxQ0IgIDYwIDAxIDYxIDE2IGM3IGM5IGZjIDgxICAwMiA4MiA4NSBjZiAyOSA1NSBmZSBjYSAgIGAuYS4uLi4uIC4uLi4pVS4uCiAgICAwMDAwMDFEQiAgNzkgOTAgMDAgMzcgNjcgOWMgNTQgMDggIDcyIDdiIDg4IDgyIDViIGFjIDQ4IDBiICAgeS4uN2cuVC4gcnsuLlsuSC4KICAgIDAwMDAwMUVCICAxNSBlOSA2NCA3NCAwMSA5MyBhNSA0ZiAgNDkgMGYgYWUgY2UgZTMgZmEgYTUgOWIgICAuLmR0Li4uTyBJLi4uLi4uLgogICAgMDAwMDAxRkIgIGY4IDljIDBjIGExIDRhIDQ1IDIzIDBhICA1OCBjZCBjYyAxZSA0OCAyOSA4ZCAzNSAgIC4uLi5KRSMuIFguLi5IKS41CiAgICAwMDAwMDIwQiAgMDQgNWYgOGYgYTQgMjAgMDQgZjcgMzMgIDAyIGVlIGQ3IGQzIDU2IGI2IDk3IDllICAgLl8uLiAuLjMgLi4uLlYuLi4KICAgIDAwMDAwMjFCICBjYSBjNiAwOSA1MCAzNyAyMiBiNSAxMSAgYTggZGMgOWUgMzYgYjYgNmQgZWYgYTkgICAuLi5QNyIuLiAuLi42Lm0uLgogICAgMDAwMDAyMkIgIGIxIDg0IDUyIGI5IGZiIGQzIGVmIGNmICA5NyBjOSBkNCA3MiBjZiBjYyAwMyAxMyAgIC4uUi4uLi4uIC4uLnIuLi4uCiAgICAwMDAwMDIzQiAgYzQgN2IgMmQgYzAgYjYgMzcgZjYgZTUgIDQ5IDc2IGJiIGYxIGQzIDAxIGVhIDllICAgLnstLi43Li4gSXYuLi4uLi4KICAgIDAwMDAwMjRCICA1ZiA4ZSBlNSBkYyA5YSAxNyA1MiA1ZSAgNmMgYzMgZTYgN2EgN2YgNmEgMGQgNDEgICBfLi4uLi5SXiBsLi56LmouQQogICAgMDAwMDAyNUIgIDQ1IDExIDBlIGE3IGU0IDg0IDdhIDE1ICBiYyA5YyA3NiBiNyA0MyBlNiA3OSBhNCAgIEUuLi4uLnouIC4udi5DLnkuCiAgICAwMDAwMDI2QiAgZDkgYjcgODUgZjIgNzggZDYgZGMgOWYgIDMyIDRhIDY2IDRlIDZmIGI2IGE3IDVhICAgLi4uLnguLi4gMkpmTm8uLloKICAgIDAwMDAwMjdCICA2MCBiMCA0YyA5MyBjMCA5YSA5NCAzZSAgY2YgNGIgYjkgYmIgNmUgZWMgM2UgM2QgICBgLkwuLi4uPiAuSy4ubi4%2BPQogICAgMDAwMDAyOEIgIDk3IGUwIDZhIGQxIDA1IGE4IGIzIDhlICAwNSA2ZCA1MSBiYyAxYiAwOSAxOSBhMSAgIC4uai4uLi4uIC5tUS4uLi4uCiAgICAwMDAwMDI5QiAgZDQgNDggYTAgNmEgNjkgMjQgOTAgNGUgIDgyIGIzIDJlIDg0IDY3IGEyIGNlIDlhICAgLkguamkkLk4gLi4uLmcuLi4KICAgIDAwMDAwMkFCICAwOCBlNSAyOSBiYSA4MiBhNCAyNCBkZSAgMGUgYTcgYTEgMDAgYmQgMWIgYWYgZDIgICAuLikuLi4kLiAuLi4uLi4uLgogICAgMDAwMDAyQkIgIDg4IDUwIGI0IGY1IDA4IDI3IDYxIGRkICAxMiA3YSA0NCBjYyAzYiAwOSBjNCA1OCAgIC5QLi4uJ2EuIC56RC47Li5YCiAgICAwMDAwMDJDQiAgODEgMTMgZmUgYTUgODQgMDUgZWIgNjcgIDFmIDZiIGM5IGViIDY0IGJjIDkyIGYyICAgLi4uLi4uLmcgLmsuLmQuLi4KICAgIDAwMDAwMkRCICA3NSA2MyBkZSBmYiA2NCBkNCBmNCA1ZCAgNDIgYWMgOWEgMzUgODIgZWEgOGEgMzUgICB1Yy4uZC4uXSBCLi41Li4uNQogICAgMDAwMDAyRUIgIGU4IGJmIGEzIDNmIDkwIGUwIDEwIDUwICBhMCBmYyAxNiBhYiBkMSAyMyA5NSA3MSAgIC4uLj8uLi5QIC4uLi4uIy5xCiAgICAwMDAwMDJGQiAgODIgY2QgZmUgYzAgMjggZWQgZjYgNjQgIDczIGRkIDM1IDJlIGMxIDkzIDU2IDQyICAgLi4uLiguLmQgcy41Li4uVkIKICAgIDAwMDAwMzBCICA0YyA4OSA4YSBkYyBhMCBjMiAxNSA3ZiAgMmEgNDEgY2YgY2UgMWQgYjcgYzEgNmEgICBMLi4uLi4uLiAqQS4uLi4uagogICAgMDAwMDAzMUIgIDYyIGJmIGY3IGMyIGJiIGNjIGEyIDQyICAxMCA0OSAyZSBmNiBjNiA4OCBhMiA5ZiAgIGIuLi4uLi5CIC5JLi4uLi4uCiAgICAwMDAwMDMyQiAgMjQgMDggOTMgYjEgZmMgYmYgMjEgYzEgIDE4IDE0IGE4IDZkIGIwIDMzIDRlIDcwICAgJC4uLi4uIS4gLi4ubS4zTnAKICAgIDAwMDAwMzNCICA3OSA3YiA4MyA3NCBlOCBlNCBiZSAyMiAgZjIgYjAgMzcgYmEgMGUgM2YgMmUgZTEgICB5ey50Li4uIiAuLjcuLj8uLgogICAgMDAwMDAzNEIgIGI5IGM5IDA1IDdiIDI5IDU3IDJiIGZmICAyNSA5ZCA1YiA0MSBmMiBjMiBlOSBkMyAgIC4uLnspVysuICUuW0EuLi4uCiAgICAwMDAwMDM1QiAgYjYgNzUgODkgY2EgMGMgMjMgNDggODAgIDEwIGU0IDk5IDdlIDNiIDEzIDUwIDIxICAgLnUuLi4jSC4gLi4ufjsuUCEKICAgIDAwMDAwMzZCICBhNyAxOSBjNCAxZCBlNCA2YSAzZCA3MiAgMWQgNGIgYzIgZmUgMjAgMjEgZmMgNzMgICAuLi4uLmo9ciAuSy4uICEucwogICAgMDAwMDAzN0IgIGM3IDBhIDhiIDYzIDBjIDhiIGRlIDIwICAwZSBiNyBlMyA0YSBkMCBkMSAyOCBlYiAgIC4uLmMuLi4gIC4uLkouLiguCiAgICAwMDAwMDM4QiAgNjQgMWMgODkgMTkgYTQgNDMgYzggZDkgIGY1IDU2IDhjIDIwIDYxIDY3IGIyIGMwICAgZC4uLi5DLi4gLlYuIGFnLi4KICAgIDAwMDAwMzlCICBiMyBhNCA1NCBjNCA1MyA3MCA0OCBmNiAgYTIgMzcgNjUgZjEgMGUgMjIgYmUgNzIgICAuLlQuU3BILiAuN2UuLiIucgogICAgMDAwMDAzQUIgIDQ3IDE1IDRkIDZhIGU2IDlmIDgyIDcyICA1ZCBkZiAyZiA0MSA0MiBmNiAwYiAwOSAgIEcuTWouLi5yIF0uL0FCLi4uCiAgICAwMDAwMDNCQiAgZWEgM2MgNmYgYTYgNGYgOWEgYTAgMjQgIDc3IDkzIDk5IDRmIDNiIDQ5IDNkIGI1ICAgLjxvLk8uLiQgdy4uTztJPS4KICAgIDAwMDAwM0NCICA4MCA4YSA1MSAzMiAwMSAxNSAzMiAyYyAgZmMgY2IgNjkgZmIgMjEgMjggNzUgNzIgICAuLlEyLi4yLCAuLmkuISh1cgogICAgMDAwMDAzREIgIDY5IDRhIDg0IGU3IDBkIDUyIGQzIDkxICBiNCAyMyA1NCAyNyBhMCBhZiAyNCA1OCAgIGlKLi4uUi4uIC4jVCcuLiRYCiAgICAwMDAwMDNFQiAgNTIgNGYgMzEgYjMgNGQgNmEgMjIgYmQgIGQ0IDE0IDRiIGEyIDY0IDBlIGViIGM1ICAgUk8xLk1qIi4gLi5LLmQuLi4KICAgIDAwMDAwM0ZCICBjNyBlMiA2NiAzOSBkMSAxYiBmYiA5MCAgOWEgOWMgODUgM2YgNDggZDAgNDQgOTkgICAuLmY5Li4uLiAuLi4/SC5ELgogICAgMDAwMDA0MEIgIGJjIDU5IDg4IGRlIDZkIGVlIDQ3IDVmICA0OSAzOCBmNyBiYSAzMyAxYSA1YiA1OSAgIC5ZLi5tLkdfIEk4Li4zLltZCiAgICAwMDAwMDQxQiAgN2IgNjUgYWEgNzQgOWQgYTAgOWYgOTkgIDg0IGNkIDhlIGZjIDE5IGI0IGIwIDZlICAge2UudC4uLi4gLi4uLi4uLm4KICAgIDAwMDAwNDJCICA3MiBlNCA4MyAwNCA2ZCA1OSA2YiAyZSAgN2EgNDYgMDAgMGQgZTcgYTYgN2UgMzggICByLi4ubVlrLiB6Ri4uLi5%2BOAogICAgMDAwMDA0M0IgIGFiIGEzIDZhIDA2IGY4IDMxIDMzIGVkICBlZiBmNCA0OCBlOSBiYiBhOSA5NCA2MCAgIC4uai4uMTMuIC4uSC4uLi5gCiAgICAwMDAwMDQ0QiAgNTkgZGUgM2UgYTQgY2IgNTQgYWIgYTEgIGVkIDU1IGFhIDA4IDgwIGRmIDlkIDE1ICAgWS4%2BLi5ULi4gLlUuLi4uLi4KICAgIDAwMDAwNDVCICA1NSAxMyBjMSBhMCAwZSBjMiBhNiA3MCAgZGEgOTUgYTkgZWEgNTUgNTkgNWEgNTMgICBVLi4uLi4ucCAuLi4uVVlaUwogICAgMDAwMDA0NkIgIDJmIGEwIGNjIDNmIDFjIGU0IGNiIDdhICBhMCBlYyA3NSA3YyA5MyAyMiA0ZCBlMyAgIC8uLj8uLi56IC4udXwuIk0uCiAgICAwMDAwMDQ3QiAgZGUgYzEgZTQgNTYgMzYgYjMgNTMgNzAgIGQ4IDMwIDM1IGE2IGEzIGYyIGI5IDU3ICAgLi4uVjYuU3AgLjA1Li4uLlcKICAgIDAwMDAwNDhCICBhYyAzNyBhNyBhZCBkMiA2NSA3YyBjOSAgNzggZTQgNWEgZWIgYjQgNDggODYgZGQgICAuNy4uLmV8LiB4LlouLkguLgogICAgMDAwMDA0OUIgIDc0IDliIGU0IGE3IGE5IGYyIDA4IDE3ICA2OSBkNyAzNSAzNCAwMyBjZSBjNyA4NyAgIHQuLi4uLi4uIGkuNTQuLi4uCiAgICAwMDAwMDRBQiAgMDcgZDMgNWQgNTMgMjMgNjAgMzQgMTIgIDVkIGRmIDRhIDVlIGZiIDk1IGZhIDIwICAgLi5dUyNgNC4gXS5KXi4uLiAKICAgIDAwMDAwNEJCICAzYyBiMCBmZCA5YSBjYyA4YSA2ZiA1YiAgZDggNWIgY2MgYmUgN2YgZTAgZjcgODAgICA8Li4uLi5vWyAuWy4uLi4uLgogICAgMDAwMDA0Q0IgIGI1IDhkIDdmIDc0IDJlIDAxIGFkIDAyICBkNSA2NSAxYyBiYSBhNSBhOCA0YyBjMyAgIC4uLnQuLi4uIC5lLi4uLkwuCiAgICAwMDAwMDREQiAgZWYgNTcgZjggNjcgMDIgMzQgZjMgZDIgIGI4IDM4IDk0IGU5IGNhIDI1IDRlIDcxICAgLlcuZy40Li4gLjguLi4lTnEKICAgIDAwMDAwNEVCICBkZCAyNiA1MCA5MSA0ZCA3ZiBiZiBjMCAgYmYgYzEgYmEgOGIgMjYgMWQgYTAgM2EgICAuJlAuTS4uLiAuLi4uJi4uOgogICAgMDAwMDA0RkIgIDNiIGI0IDlhIGZjIGU1IDhmIGY3IGNmICAzNSBlZSBlYSBiZCA3MyA4OSA1OCBmNiAgIDsuLi4uLi4uIDUuLi5zLlguCiAgICAwMDAwMDUwQiAgOWEgZTcgYjEgOGUgMzIgZDYgMmYgMGUgIDc0IDYyIGM0IDAzIDlkIGU2IGYzIGIxICAgLi4uLjIuLy4gdGIuLi4uLi4KICAgIDAwMDAwNTFCICAzNiAxOSBmZCA3MyA4YiA3MyAyMyA4MyAgYzMgZmQgNDggOGUgMzggYzQgY2QgOGYgICA2Li5zLnMjLiAuLkguOC4uLgogICAgMDAwMDA1MkIgIDBmIGZlIGM0IDAxIDA0IDcwIGFhIDIxICA4ZiBmYyBkMCBhMyAwOSA5NyAyNCA1ZSAgIC4uLi4ucC4hIC4uLi4uLiReCiAgICAwMDAwMDUzQiAgM2MgZjIgNzMgOTcgNjYgZmUgZTggOGYgIDdlIDA4IDgyIDIwIDA4IDgyIDIwIDA4ICAgPC5zLmYuLi4gfi4uIC4uIC4KICAgIDAwMDAwNTRCICA4MiAyMCAwOCA4MiAyMCAwOCA4MiAyMCAgMDggZjIgZGYgZTAgMmYgNzUgYmUgNTYgICAuIC4uIC4uICAuLi4uL3UuVgogICAgMDAwMDA1NUIgIDhiIGIxIDBlIDY4IDI3IDAwIDAwIDAwICAwMCA0OSA0NSA0ZSA0NCBhZSA0MiA2MCAgIC4uLmgnLi4uIC5JRU5ELkJgCiAgICAwMDAwMDU2QiAgODIgNTAgNGIgMDMgMDQgMGEgMDAgMDkgIDAwIDAwIDAwIGFjIDU4IDVjIDU2IDkwICAgLlBLLi4uLi4gLi4uLlhcVi4KICAgIDAwMDAwNTdCICBjMiBhNyBjZCAzNyAwMCAwMCAwMCAyYiAgMDAgMDAgMDAgMDggMDAgMWMgMDAgNjYgICAuLi43Li4uKyAuLi4uLi4uZgogICAgMDAwMDA1OEIgIDZjIDYxIDY3IDJlIDc0IDc4IDc0IDU1ICA1NCAwOSAwMCAwMyA3MyA2ZiBmZCA2MyAgIGxhZy50eHRVIFQuLi5zby5jCiAgICAwMDAwMDU5QiAgZmQgZGYgMDEgNjQgNzUgNzggMGIgMDAgIDAxIDA0IGY1IDAxIDAwIDAwIDA0IDE0ICAgLi4uZHV4Li4gLi4uLi4uLi4KICAgIDAwMDAwNUFCICAwMCAwMCAwMCBkMSBmYiAxMiA0OCA0NSAgNTYgYzAgMWYgZWQgM2EgM2EgYWEgZGUgICAuLi4uLi5IRSBWLi4uOjouLgogICAgMDAwMDA1QkIgIGVkIDM4IGU3IDM1IDM5IDNmIDJhIDMxICBlOSBjOCAyNiBiMyA3ZiAxOCBjMSAyZCAgIC44LjU5PyoxIC4uJi4uLi4tCiAgICAwMDAwMDVDQiAgZDggOWMgZTkgOWYgMWEgNWQgMGEgNWUgIGUwIDRlIDk5IGQ4IGM3IDIxIDdiIGEwICAgLi4uLi5dLl4gLk4uLi4hey4KICAgIDAwMDAwNURCICBmYyBkNiA2ZSA5YiAwZiBlNyAxOSA4ZCAgNTggMWEgNTAgNGIgMDcgMDggOTAgYzIgICAuLm4uLi4uLiBYLlBLLi4uLgogICAgMDAwMDA1RUIgIGE3IGNkIDM3IDAwIDAwIDAwIDJiIDAwICAwMCAwMCA1MCA0YiAwMSAwMiAxZSAwMyAgIC4uNy4uLisuIC4uUEsuLi4uCiAgICAwMDAwMDVGQiAgMGEgMDAgMDkgMDAgMDAgMDAgYWMgNTggIDVjIDU2IDkwIGMyIGE3IGNkIDM3IDAwICAgLi4uLi4uLlggXFYuLi4uNy4KICAgIDAwMDAwNjBCICAwMCAwMCAyYiAwMCAwMCAwMCAwOCAwMCAgMTggMDAgMDAgMDAgMDAgMDAgMDEgMDAgICAuLisuLi4uLiAuLi4uLi4uLgogICAgMDAwMDA2MUIgIDAwIDAwIGE0IDgxIDAwIDAwIDAwIDAwICA2NiA2YyA2MSA2NyAyZSA3NCA3OCA3NCAgIC4uLi4uLi4uIGZsYWcudHh0CiAgICAwMDAwMDYyQiAgNTUgNTQgMDUgMDAgMDMgNzMgNmYgZmQgIDYzIDc1IDc4IDBiIDAwIDAxIDA0IGY1ICAgVVQuLi5zby4gY3V4Li4uLi4KICAgIDAwMDAwNjNCICAwMSAwMCAwMCAwNCAxNCAwMCAwMCAwMCAgNTAgNGIgMDUgMDYgMDAgMDAgMDAgMDAgICAuLi4uLi4uLiBQSy4uLi4uLgogICAgMDAwMDA2NEIgIDAxIDAwIDAxIDAwIDRlIDAwIDAwIDAwICA4OSAwMCAwMCAwMCAwMCAwMCA1MyA0NSAgIC4uLi5OLi4uIC4uLi4uLlNFCiAgICAwMDAwMDY1QiAgNTIgNTYgNDUgNTIgNWYgNDggNDEgNGUgIDQ0IDUzIDQ4IDQxIDRiIDQ1IDVmIDU0ICAgUlZFUl9IQU4gRFNIQUtFX1QKICAgIDAwMDAwNjZCICA1MiA0MSA0NiA0NiA0OSA0MyA1ZiA1MyAgNDUgNDMgNTIgNDUgNTQgMjAgNjUgMzggICBSQUZGSUNfUyBFQ1JFVCBlOAogICAgMDAwMDA2N0IgIDY1IDY2IDM3IDMzIDYyIDM5IDMxIDYyICAzNCA2MyAzOSA2NCAzNiA2NSAzMyAzNyAgIGVmNzNiOTFiIDRjOWQ2ZTM3CiAgICAwMDAwMDY4QiAgMzEgMzEgMzMgNjIgNjMgNjMgMzggMzggIDM0IDM2IDM1IDYxIDM3IDY2IDM2IDMxICAgMTEzYmNjODggNDY1YTdmNjEKICAgIDAwMDAwNjlCICA2MiA2MSA2NCA2MiAzNSA2NiA2NCAzOCAgMzcgMzEgMzcgMzcgNjMgNjEgMzUgMzEgICBiYWRiNWZkOCA3MTc3Y2E1MQogICAgMDAwMDA2QUIgIDYzIDMyIDM0IDYzIDY1IDYxIDYyIDM5ICAzNCAzNCA2MiAzMyAzNCA2MSAyMCAzOCAgIGMyNGNlYWI5IDQ0YjM0YSA4CiAgICAwMDAwMDZCQiAgMzIgNjUgNjMgMzMgNjUgNjIgNjYgMzMgIDMxIDMzIDMxIDYyIDMyIDM0IDM0IDMyICAgMmVjM2ViZjMgMTMxYjI0NDIKICAgIDAwMDAwNkNCICA2NCAzMSAzNiAzNSA2MiA2MiAzMCAzMCAgNjQgNjQgMzYgNjIgMzggNjQgMzEgNjEgICBkMTY1YmIwMCBkZDZiOGQxYQogICAgMDAwMDA2REIgIDM2IDYyIDM0IDYzIDM4IDM2IDM2IDY0ICA2MSA2NiAzMyA2NiA2NCAzMyAzNyAzMyAgIDZiNGM4NjZkIGFmM2ZkMzczCiAgICAwMDAwMDZFQiAgNjMgMzIgMzIgNjQgMzMgMzMgMzggMzggIDM2IDMyIDM5IDMwIDY1IDY0IDMyIDM4ICAgYzIyZDMzODggNjI5MGVkMjgKICAgIDAwMDAwNkZCICAzNiAzOCA2MSAzNyAzMyAzOSAzNSA2NSAgMzYgMzkgMzEgMzkgMzggMzAgNjIgMzkgICA2OGE3Mzk1ZSA2OTE5ODBiOQogICAgMDAwMDA3MEIgIDM5IDMwIDY0IDY1IDM0IDM2IDYyIDM3ICAzNiA2MSAzNSAzNCA2NiAzOSA2NSAwYSAgIDkwZGU0NmI3IDZhNTRmOWUuCiAgICAwMDAwMDcxQiAgNDMgNGMgNDkgNDUgNGUgNTQgNWYgNDggIDQxIDRlIDQ0IDUzIDQ4IDQxIDRiIDQ1ICAgQ0xJRU5UX0ggQU5EU0hBS0UKICAgIDAwMDAwNzJCICA1ZiA1NCA1MiA0MSA0NiA0NiA0OSA0MyAgNWYgNTMgNDUgNDMgNTIgNDUgNTQgMjAgICBfVFJBRkZJQyBfU0VDUkVUIAogICAgMDAwMDA3M0IgIDY1IDM4IDY1IDY2IDM3IDMzIDYyIDM5ICAzMSA2MiAzNCA2MyAzOSA2NCAzNiA2NSAgIGU4ZWY3M2I5IDFiNGM5ZDZlCiAgICAwMDAwMDc0QiAgMzMgMzcgMzEgMzEgMzMgNjIgNjMgNjMgIDM4IDM4IDM0IDM2IDM1IDYxIDM3IDY2ICAgMzcxMTNiY2MgODg0NjVhN2YKICAgIDAwMDAwNzVCICAzNiAzMSA2MiA2MSA2NCA2MiAzNSA2NiAgNjQgMzggMzcgMzEgMzcgMzcgNjMgNjEgICA2MWJhZGI1ZiBkODcxNzdjYQogICAgMDAwMDA3NkIgIDM1IDMxIDYzIDMyIDM0IDYzIDY1IDYxICA2MiAzOSAzNCAzNCA2MiAzMyAzNCA2MSAgIDUxYzI0Y2VhIGI5NDRiMzRhCiAgICAwMDAwMDc3QiAgMjAgMzEgMzAgMzkgMzYgMzUgNjQgNjYgIDM0IDMyIDM2IDMyIDM1IDM3IDYxIDMyICAgIDEwOTY1ZGYgNDI2MjU3YTIKICAgIDAwMDAwNzhCICAzOCAzNSA2MyAzNiA2NSAzOCAzMSAzMiAgNjUgNjQgMzUgMzQgMzQgMzYgMzggNjMgICA4NWM2ZTgxMiBlZDU0NDY4YwogICAgMDAwMDA3OUIgIDM1IDM5IDM0IDMzIDM3IDY1IDM3IDM3ICA2MiA2MyA2NSA2NiA2NiAzMiA2MyAzMyAgIDU5NDM3ZTc3IGJjZWZmMmMzCiAgICAwMDAwMDdBQiAgNjEgMzYgNjQgMzYgMzMgMzMgNjQgNjEgIDYzIDY1IDY2IDYxIDY0IDY2IDM4IDMxICAgYTZkNjMzZGEgY2VmYWRmODEKICAgIDAwMDAwN0JCICAzOCAzOCA2NSAzOSAzNyA2MyAzNCAzOSAgMzMgMzUgNjQgNjYgMzYgMzggMzEgMzUgICA4OGU5N2M0OSAzNWRmNjgxNQogICAgMDAwMDA3Q0IgIDY1IDM1IDMzIDM5IDM4IDYyIDMyIDM0ICAzMiAzNyAzMyA2MSA2NCA2NCA2MyAzNyAgIGU1Mzk4YjI0IDI3M2FkZGM3CiAgICAwMDAwMDdEQiAgMzkgMGEgNTMgNDUgNTIgNTYgNDUgNTIgIDVmIDU0IDUyIDQxIDQ2IDQ2IDQ5IDQzICAgOS5TRVJWRVIgX1RSQUZGSUMKICAgIDAwMDAwN0VCICA1ZiA1MyA0NSA0MyA1MiA0NSA1NCA1ZiAgMzAgMjAgNjUgMzggNjUgNjYgMzcgMzMgICBfU0VDUkVUXyAwIGU4ZWY3MwogICAgMDAwMDA3RkIgIDYyIDM5IDMxIDYyIDM0IDYzIDM5IDY0ICAzNiA2NSAzMyAzNyAzMSAzMSAzMyA2MiAgIGI5MWI0YzlkIDZlMzcxMTNiCiAgICAwMDAwMDgwQiAgNjMgNjMgMzggMzggMzQgMzYgMzUgNjEgIDM3IDY2IDM2IDMxIDYyIDYxIDY0IDYyICAgY2M4ODQ2NWEgN2Y2MWJhZGIKICAgIDAwMDAwODFCICAzNSA2NiA2NCAzOCAzNyAzMSAzNyAzNyAgNjMgNjEgMzUgMzEgNjMgMzIgMzQgNjMgICA1ZmQ4NzE3NyBjYTUxYzI0YwogICAgMDAwMDA4MkIgIDY1IDYxIDYyIDM5IDM0IDM0IDYyIDMzICAzNCA2MSAyMCA2MyA2NCA2MiA2NiAzNyAgIGVhYjk0NGIzIDRhIGNkYmY3CiAgICAwMDAwMDgzQiAgNjMgMzcgNjEgMzEgMzYgMzEgNjEgNjYgIDM3IDYxIDYxIDM4IDMyIDM5IDYyIDMxICAgYzdhMTYxYWYgN2FhODI5YjEKICAgIDAwMDAwODRCICAzNCA2MiA2NSA2MyA2MSA2MSAzMiA2MyAgMzAgMzAgMzAgNjIgMzggMzEgMzggMzMgICA0YmVjYWEyYyAwMDBiODE4MwogICAgMDAwMDA4NUIgIDMwIDMwIDMwIDM5IDM4IDMzIDY1IDMwICAzNiAzNSAzOCAzOSA2NiA2NSA2NiAzMCAgIDAwMDk4M2UwIDY1ODlmZWYwCiAgICAwMDAwMDg2QiAgNjMgMzUgMzAgNjUgMzkgMzQgMzYgMzIgIDYzIDY2IDM3IDMxIDYxIDY1IDYyIDM0ICAgYzUwZTk0NjIgY2Y3MWFlYjQKICAgIDAwMDAwODdCICAzOCAzNyA2NSAzMSA2MyA2MiAzMSA2NCAgNjUgNjYgNjEgNjUgNjYgMzAgMzYgNjEgICA4N2UxY2IxZCBlZmFlZjA2YQogICAgMDAwMDA4OEIgIDM5IDM0IDMxIDMyIDMzIDM0IDY1IDYxICAzNyA2MSAzMiAwYSA0MyA0YyA0OSA0NSAgIDk0MTIzNGVhIDdhMi5DTElFCiAgICAwMDAwMDg5QiAgNGUgNTQgNWYgNTQgNTIgNDEgNDYgNDYgIDQ5IDQzIDVmIDUzIDQ1IDQzIDUyIDQ1ICAgTlRfVFJBRkYgSUNfU0VDUkUKICAgIDAwMDAwOEFCICA1NCA1ZiAzMCAyMCA2NSAzOCA2NSA2NiAgMzcgMzMgNjIgMzkgMzEgNjIgMzQgNjMgICBUXzAgZThlZiA3M2I5MWI0YwogICAgMDAwMDA4QkIgIDM5IDY0IDM2IDY1IDMzIDM3IDMxIDMxICAzMyA2MiA2MyA2MyAzOCAzOCAzNCAzNiAgIDlkNmUzNzExIDNiY2M4ODQ2CiAgICAwMDAwMDhDQiAgMzUgNjEgMzcgNjYgMzYgMzEgNjIgNjEgIDY0IDYyIDM1IDY2IDY0IDM4IDM3IDMxICAgNWE3ZjYxYmEgZGI1ZmQ4NzEKICAgIDAwMDAwOERCICAzNyAzNyA2MyA2MSAzNSAzMSA2MyAzMiAgMzQgNjMgNjUgNjEgNjIgMzkgMzQgMzQgICA3N2NhNTFjMiA0Y2VhYjk0NAogICAgMDAwMDA4RUIgIDYyIDMzIDM0IDYxIDIwIDY1IDM1IDM4ICA2NSAzNCAzMCAzOCAzOCA2MSAzNyAzOCAgIGIzNGEgZTU4IGU0MDg4YTc4CiAgICAwMDAwMDhGQiAgMzQgMzAgNjQgMzMgMzkgMzkgMzEgNjEgIDYzIDMyIDMzIDMzIDM2IDYzIDM1IDM4ICAgNDBkMzk5MWEgYzIzMzZjNTgKICAgIDAwMDAwOTBCICAzMSA2NCAzMiA2MSAzMyAzNSA2NSA2NCAgNjIgNjUgNjIgNjYgNjQgMzEgMzQgMzQgICAxZDJhMzVlZCBiZWJmZDE0NAogICAgMDAwMDA5MUIgIDMyIDMwIDYxIDMyIDM5IDYzIDMyIDM4ICAzNyAzNCAzNCAzNCA2MyAzMyAzNiAzMyAgIDIwYTI5YzI4IDc0NDRjMzYzCiAgICAwMDAwMDkyQiAgMzEgNjQgNjMgMzkgMzggMzAgMzMgMzggIDYyIDM3IDMxIDY2IDMxIDY0IDMxIDM1ICAgMWRjOTgwMzggYjcxZjFkMTUKICAgIDAwMDAwOTNCICAzMyA2MyA2NCAzMyAzNyA2MiA2MSAzNCAgMzYgMzEgMzYgMzQgMzEgMzQgMzUgNjEgICAzY2QzN2JhNCA2MTY0MTQ1YQogICAgMDAwMDA5NEIgIDMwIDMyIDM4IDY2IDY0IDBhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDAyOGZkLgo

foremost分出来一个flag.txt的压缩包，有密码

搜一下这个发现这是tls密钥

SERVER_HANDSHAKE_TRAFFIC_SECRET e8ef73b91b4c9d6e37113bcc88465a7f61badb5fd87177ca51c24ceab944b34a 82ec3ebf3131b2442d165bb00dd6b8d1a6b4c866daf3fd373c22d33886290ed2868a7395e691980b990de46b76a54f9e
CLIENT_HANDSHAKE_TRAFFIC_SECRET e8ef73b91b4c9d6e37113bcc88465a7f61badb5fd87177ca51c24ceab944b34a 10965df426257a285c6e812ed54468c59437e77bceff2c3a6d633dacefadf8188e97c4935df6815e5398b24273addc79
SERVER_TRAFFIC_SECRET_0 e8ef73b91b4c9d6e37113bcc88465a7f61badb5fd87177ca51c24ceab944b34a cdbf7c7a161af7aa829b14becaa2c000b8183000983e06589fef0c50e9462cf71aeb487e1cb1defaef06a941234ea7a2
CLIENT_TRAFFIC_SECRET_0 e8ef73b91b4c9d6e37113bcc88465a7f61badb5fd87177ca51c24ceab944b34a e58e4088a7840d3991ac2336c581d2a35edbebfd14420a29c287444c3631dc98038b71f1d153cd37ba46164145a028fd

保存为tls.keylog
在wireshark的编辑->首选项->protocols->tls


然后就会出现http3的流
追踪quic

.#....P......	..L.._P...........T.42..*username=admin&password=QUICAUTH-CCC123!@#.'.....P......	..L.Q.a	.AW"._P................_M...........V..a...*h....e@..!......T......C.<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <title>quic-AUTH</title>
    <link rel="stylesheet" href="/style.css"/>
  </head>
  <body>
    <h1>Secret</h1>

    <p>
      Congratulations, you loaded this page using HTTP/3!
      Your files have been encrypted and saved,Enjoy it!
      Pass is :
      admin::SecretServer:d158262017948de9:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:010100000000000058b2da67cbe0d001c575cfa48d38bec50000000002001600450047004900540049004d002d00500043003100340001001600450047004900540049004d002d00500043003100340004001600650067006900740069006d002d00500043003100340003001600650067006900740069006d002d0050004300310034000700080058b2da67cbe0d0010600040002000000080030003000000000000000000000000030000065d85a4000a167cdbbf6eff657941f52bc9ee2745e11f10c61bb24db541165800a001000000000000000000000000000000000000900240063006900660073002f003100390032002e003100360038002e0031002e00310030003700000000000000000000000000
    </p>

  </body>
</html>

根据https://stackoverflow.com/questions/32272615/is-it-possible-to-convert-netmtlmv2-hash-to-ntlm-hash
netmtlmv2解密
构造

import hashlib
import binascii
import hmac 
_ntlm = hashlib.new("md4", "QUICAUTH-CCC123!@#".encode("utf-16-le")).digest() 
ntlm = binascii.hexlify(_ntlm).decode("utf-8") 
s = "adminSecretServer".upper().encode("utf-16-le").hex() 
firstHMAC = hmac.new(bytes.fromhex(ntlm), bytes.fromhex(s),hashlib.md5).hexdigest() 
type2Challange = "d158262017948de9010100000000000058b2da67cbe0d001c575cfa48d38bec50000000002001600450047004900540049004d002d00500043003100340001001600450047004900540049004d002d00500043003100340004001600650067006900740069006d002d00500043003100340003001600650067006900740069006d002d0050004300310034000700080058b2da67cbe0d0010600040002000000080030003000000000000000000000000030000065d85a4000a167cdbbf6eff657941f52bc9ee2745e11f10c61bb24db541165800a001000000000000000000000000000000000000900240063006900660073002f003100390032002e003100360038002e0031002e00310030003700000000000000000000000000" 
ntlmv2 = hmac.new(bytes.fromhex(firstHMAC), bytes.fromhex(type2Challange),hashlib.md5).hexdigest() 
print(ntlmv2)
#efa243f442b9d683eb1b00a2b1a0c9fc

efa243f442b9d683eb1b00a2b1a0c9fc
flag{8af4d019-98ae-4b4f-a4e9-97076d205fd2}

hash_append（复现）

sm3的哈希长度扩展攻击
不会密码，留个脚本备用
参考https://mp.weixin.qq.com/s/oE8M9x7cRsjbXY50v8jTwQ
使用以下项目修改：
https://github.com/LJY-21/Length_Extension_Attack_for_SM3.py/blob/master/extension_sm3.py

from gmssl import sm3,func
import random
import extension_sm3
from pwn import *
context.log_level = 'debug'
p = remote("123.56.51.164", 23433)
p.recvuntil(b"MySecretInfo Hash: ")
target_hash = p.recv(64).decode("utf-8")

# secret = str(random.random())   #生成随机浮点数作为保密消息，且该消息的长度已知
secret = 'a' * 64
# secret_hash = sm3.sm3_hash(func.bytes_to_list(bytes(secret, encoding='utf-8')))
# secret_hash = '8fab83a3a3070b88483c3053c6399d93386dec09e1fc64ba76f86a143b30525b'
secret_hash = target_hash

secret_len = len(secret)
# extend_msg = "61" * 64         #指定的附加消息
extend_msg = ''
print("生成的随机保密消息为：%s，指定的附加消息为：%s"% (secret,extend_msg))

def padding(msg):
    len1 = len(msg)
    reserve1 = len1 % 64
    msg.append(0x80)
    reserve1 = reserve1 + 1
    range_end = 56
    if reserve1 > range_end:
        range_end = range_end + 64
    for i in range(reserve1, range_end):
        msg.append(0x00)
    bit_length = len1 * 8
    bit_length_str = [bit_length % 0x100]
    for i in range(7):
        bit_length = int(bit_length / 0x100)
        bit_length_str.append(bit_length % 0x100)
    for i in range(8):
        msg.append(bit_length_str[7 - i])
    return msg

def get_guess_hash(secret_hash, secret_len, extend_msg):
    #通过secret_hash获得当前8个向量值
    vectors = []
    for i in range(8):
        vectors.append(int(secret_hash[i * 8:(i + 1) * 8], 16))
    #以等长的任意字符串代替secret，在填充后级联extend_msg
    message = [65 for i in range(secret_len)]
    message = padding(message)
    old_len = len(message)
    message.extend(func.bytes_to_list(bytes(extend_msg, encoding='utf-8')))
    ret = extension_sm3.extension_sm3_hash(message, vectors, old_len)
    return ret


#验证get_guess_hash的结果是否正确
message = func.bytes_to_list(bytes(secret, encoding='utf-8'))
message = padding(message)
message.extend(func.bytes_to_list(bytes(extend_msg, encoding='utf-8')))
print("-------------------")
append = ''
for i in message[64:]:
    append += hex(i).replace("0x", "").rjust(2, "0")
print(append)
p.sendlineafter(b"Input AppendData: ", append)
print("-------------------")
m = ''
for i in message:
    m += hex(i).replace("0x", "").rjust(2, "0")
print(m)
guess_hash = get_guess_hash(secret_hash, secret_len, extend_msg)
p.sendlineafter(b"Input NewSecretInfo Hash: ", guess_hash)
p.interactive()

数据分析

Wireshark2.1

题目内容：
存在漏洞的PHP页面名称是？（比如：a.php）

theanswerishere.php

Wireshark2.2

题目内容：当前表的列数共有几列？（比如：1

联合查询3个列
回显位在第三个
3

Wireshark2.3

题目内容：注入目标的列名是？

th1sfI4g

Wireshark2.4

题目内容：攻击者试图最终试图获取的数据是？

flag{th1s_ls_tHe_sQI1_anSwer}

WeirdUSB.1

题目内容：嫌疑人从Dropbox下载了什么文件？
010检索dropbox 得到下载链接

在浏览器下载的文件后缀.crdownload
往上翻一下，翻到个有download字眼的

212633.crdownload

WeirdUSB.2

题目内容：给出USB中被彻底删除的两个文件名。(按照删除的顺序用-连接，比如1.txt-2.txt)
结合$LogFile分析，这里面没有2_2_5_a.txt-2_2_5_b.txt两个文件

而在r-studio有

2_2_5_a.txt-2_2_5_b.txt