拿到题目之后,是个压缩包,并且是有密码的,首先去kali里面测试一下是不是伪密码,这里我测试过了,不是伪密码。 那就只能弱密码爆破了,这里我使用ARCH工具进行穷举爆破 把口令长度设置一下,先试试纯数字爆破 用时8秒,口令就爆破出来了 如果有字典,也可以用python进行穷举,只要字典合适恰当,也是能跑出来的 脚本代码如下:
# -*- coding:utf-8 -*-
import zipfile
zfile = zipfile.ZipFile('123.zip','r')
passFile=open('xuenixiang.txt')
for line in passFile.readlines():
try:
password = line.strip('\n')
print(password)
zfile.extractall(path='C:\\Users\\Gu-f\\Desktop', pwd=str.encode(password)
print("密码正确")
break
except:print("密码错误")
运行结果: 压缩包解压出来是一张图片 拥 010deitor打开,发现里面有data url隐写 复制出来,写个html让浏览器加载 代码如下: <!DOCTYPE html><html><div><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAYAAAB5fY51AAAcQUlEQVR4Xu2c0XIbyQ5D4///6L2lrfgmWdsRDnsw0yOffV02Gg2CEKVK8vbPP//888P/VEAFVOAGCrwZWDfokhRVQAX+VcDA0ggqoAK3UcDAuk2rJKoCKmBg6QEVUIHbKGBg3aZVElUBFTCw9IAKqMBtFDCwbtMqiaqAChhYekAFVOA2ChhYt2mVRFVABeLAent7U62hAuQvE1CdCXZKn3JIcR91hC/lQbAJZ1JLORPsV69N+mdgneCCpBHvNKjhCXb6VMohxTWwiFLfrzbxsoF1gi+SRhhYHxtBg5Po3Go75dzicUfcpH8G1gmdTRphYBlYJ1hx6yuSOTGwTmhh0ggDy8A6wYpbX5HMiYF1QguTRhhYBtYJVtz6imRODKwTWpg0wsAysE6w4tZXJHNiYJ3QwqQRBpaBdYIVt74imRMD64QWJo0wsAysE6y49RXJnBhYJ7QwaYSBZWCdYMWtr0jmxMA6oYVJIwwsA+sEK259RTInBtYJLUwaMQ2sE+jf5opUZ/qHO1Pch1AU+zbinkA00bkWWMnlJ2hQuYKasqUF5UHE2IVzgwfVjXBoYpP+7VDb0MLAGnS20YgBjeqnORlSwn0H7ZocmthE5x1qG1oYWIPONhoxoGFgTUQbfG0j4b2LN4bSHHqsoYWBNWhRoxEDGgbWRDQDa6gaP9aYEwOL9wEHBfmEJnSoIQj2LpwbPKhuhEMTm/Rvh9qGFgbWoLONRgxo4OAkd5AhJbg7aNfk0MQmOu9Q29DCwBp0ttGIAQ0DayKaXwmHqvFjjTkxsHgfcFDssq2Qp+7CucGjMUjv2jaxSf92qG1oYWANOttoxIAGDk5yRyMoHvfvoF2TQxOb9G+H2oYWBtags41GDGjg4Sd3GFi/1CJa7OIN0utWbUOLywOLPqol7gM3NSblnOLSt1EeBD/l3ORAekLeRjmnWjQ3SMqZ6EFqr9bCwPqtW2kzqHlSXGIcWtviTHEp74Z2lDPh0MKmuFTntP5qLQwsA+tTr6bGbA9SyiMduOYW1MRu65zqR/pBOSfYBpaBZWA9mdZkkN4hGkM6CcI0gGjd1VoYWAaWgWVgxbllYL29xWK1C9NmtD5Fm+9rcaa49I1pTwgu5Uw4tLApLtGD1F6thRuWG5YblhtWnFkGlhtWbJaVQvoJnRqT4tI3pDwILuVMOLSwKS7Rg9RerYUblhuWG5YbVpxZBpYbVmyWlUL6CZ0ak+LSN6Q8CC7lTDi0sCku0YPUXq2FG5YblhuWG1acWQaWG1ZslpVC+gmdGpPi0jekPAgu5Uw4tLApLtGD1F6thRvWN9mwiClJbXuQ0gFp8kg5PHSjPFJsikt6SGpTvi0tDCwDi/j1Q217kNIBafJIObSGdIK71NS/HL5aCwPLwFrydjMoHsTSAWnySDlMgiXFbr6PGCDl29LCwDKwiF/dsJ6oRYMlDQCKu9RUN6yvFdilEc1P89SULZM1cdv9S7Vr8kg5tLaKCW6r51dr4YblhrXk7WZQND9EyKOvHlID61e3DCwDi8yuXwn9Shj7hX6YJR8MBpaBFRvws0JqSnpZYuL2BpJymPBIsds6p31J+ba0MLAMrNSrn9a1BykdkCaPlENrSCe4S039y+GrtTCwDKwlbzeDwt+wfvvtZpO/EWJgbdKI5nCQJi+lxwWHDaw/Rad6pN6guC0rpHwnW2GC7YZ14w2LmjgxxMRoreFofogQzqluE+1SbNpr8j5Sm/JtaWFgGVgf/EqH42oTk4FrDdI7h5Z2FJdqktZf3WsDy8AysJ5M69VDOgnZNIBo3dVaGFgGloFlYMW5ZWD5o3tslv8W0q8JqdlauJNNIeVMRLzj+yhnogepJf2gnBNsNyw3LDcsN6w4s5JQaf6eZ2AZWAaWgWVgpUlM18ZY2UFhi3OKSylT7VIeLVy/En7scKsn1Etpfcq31Ws3LDcsNyw3rDSv4n9Q0cCKJZ0Xpp8ezQ2EsG/xaOG2TEw0a3NoaUdxqSZpfTojLZ3dsNyw3LDcsNK8csPa5ZPj0bH004NyTnFj1/wspDwo/t3qU52pbilua6uY4LZ6d7UWl29YLWGbuE3Dt3i3OLdwJ0OaDtMdObd80cRt6GxgDTrWaMSABjrS4tzCNbBQe7csbnjDwBq0utGIAQ10pMW5hWtgofZuWdzwhoE1aHWjEQMa6EiLcwvXwELt3bK44Q0Da9DqRiMGNNCRFucWroGF2rtlccMbBtag1Y1GDGigIy3OLVwDC7V3y+KGNwysQasbjRjQQEdanFu4BhZq75bFDW8YWINWNxoxoIGOtDi3cA0s1N4tixveMLAGrW40YkADHWlxbuEaWKi9WxY3vGFgDVrdaMSABjrS4tzCNbBQe7csbnijFlhbKngRqfRPYN9xSBumfG9TC7uFO+nfRZbc8tpkTgysE1qXNOKuQ7rT8Kc678T5BPvd5oqkfwbWCe1MGmFgfWxEK1hauG5Ya8OUzImBtaZxdDpphIFlYEVmeuGiZE4MrBMMkDTCwDKwTrDi1lckc2JgndDCpBEGloF1ghW3viKZEwPrhBYmjTCwDKwTrLj1FcmcGFgntDBphIFlYJ1gxa2vSObEwDqhhUkjDCwD6wQrbn1FMicG1gktTBphYBlYJ1hx6yuSOTGwTmhh0ggDy8A6wYpbX5HMiYF1QguTRuwWWCfIcpsrmv27jQgnEE10jgPrBL5e8ePHj9afwqa4pBmJ0XYLZMKZaGFtVwEDq6svRqfBkg4exSXEUw4PTMojxW7hEh2s7StgYPU1Rje0Bo/iEtJpqBhYRFVrP1PAwNrMFzRY0rCguESWlIOBRVS11sC6gQdosKRhQXGJVCkHA4uoaq2BdQMP0GBJw4LiEqlSDgYWUdVaA+sGHqDBkoYFxSVSpRwMLKKqtQbWDTxAgyUNC4pLpEo5GFhEVWsNrBt4gAZLGhYUl0iVcjCwiKrWGlg38AANljQsKC6RKuVgYBFVrTWwbuABGixpWFBcIlXKwcAiqlq7FFh3NTxpezp4VIsUl3CdDD/FT+vJ+3bQrsmhiZ32Y5e6hhbxHxyllxPRmoZv8KBakPcRvpQHwSa15H2UM8FOOTc5NLHT9+1S19DCwPqtu+lwNBoxMRnlMbkjOZPqNtkKCXbCtc2B9qTxvlSHdl1DCwPLwFr2LRm6honpA5ocmtj0nVfXN7QwsAysZV8bWL8kbAzpcoMuAmhoYWAZWMt2NrAMrM9MZGAN/j0lMo3p4DUaQXi+11IekzuSM6lu7d+PEq5tDrQnRLv0fbvUNbRww3LDWvY3GbqGiekDmhya2PSdV9c3tDCwDKxlXxtYfiX0K+EXY0RTm0xjOniUQ4pLuE6+2lD8tJ68bwftmhya2Gk/dqlraOGG5Ya17G8Dyw3rW21YyxMjgAoUFdghkBvbymRLv1qLLTYs4rWmYA0e1GiEA60l2qXYO70v5fyoa2hB7qe1VOf0fS1c+r603sBKlfpPXcsQQzrRsZRzBPaziBqeYDdrG1o0+VKd0/e1cFtaGFhDZVuGGNKJjqWcIzADi8i0XNsKlhbu8oO/ADCwhsqmw08NMaQTHUs5R2AGFpFpuZb6KO11C3f5wQbWsRK2DHEsyz/RUs6EAzU8wW7WNrRo8qU6p+9r4ba0cMMaKtsyxJBOdCzlHIG5YRGZlmtbwdLCXX6wG9axEqbDTw1xLEs3rK/0TPvX7AfBpj5K39fCJW8jtW5YRK3faluGGNKJjqWcIzA3LCLTcm0rWFq4yw92wzpWwnT4qSGOZemG5Yb1d0dRf6a+b/nYDWuobNo4aoghnehYyjkCc8MiMi3XUh+lvW7hLj/YDaslobh3VCAdaPq2VgDcDfehW4NzbcNKDdF4FDXZRFxyR6oFwaS1VGeCT95HeaTYLVyiw8RH6fsojx3qGz0xsE74arODKal5iOHJ+yiPFLuFS3QwsP5Uq9ETA8vAojP5oT4NleZAN4ZjIswuPCbcjz7T0MLAMrCWfWpg/ZKwMaTLDboIoKGFgWVgLdvZwDKwPjORgVX8d4youGTKyUATXFK7y/soj1S7Fi7RuPmVl/LYob7REzcsN6xlb6eh0hzoxnBMhNmFx4T70WcaWhhYBtayTw0svxL6lfCLMSLDQSaRfhoQ7BZnwmGX91EeqXYtXKJxc4OkPHaob/TEDcsNa9nbaag0B7oxHBNhduEx4X70mYYWLx1YVLCjGzbBaw7/hM/VZ1I9mr1OOUwCmeib8mhqQfjS2uR9BhZV9Wd9Iu7EwCnuBHv41EuPET1SonSgCQeKnXJ+1KU8mhwIX1qbvM/AoqoaWEPFZscSE1NkOtCEA8Um3FMeTQ6EL61N3mdgUVUNrKFis2OJiSkyHWjCgWIT7imPJgfCl9Ym7zOwqKoG1lCx2bHExBSZDjThQLEJ95RHkwPhS2uT9xlYVFUDa6jY7FhiYopMB5pwoNiEe8qjyYHwpbXJ+wwsqqqBNVRsdiwxMUWmA004UGzCPeXR5ED40trkfQYWVdXAGio2O5aYmCLTgSYcKDbhnvJociB8aW3yPgOLqmpgDRWbHUtMTJHpQBMOFJtwT3k0ORC+tDZ5n4FFVTWwhorNjiUmpsh0oAkHik24pzyaHAhfWpu8z8CiqhpYQ8VmxxITU2Q60IQDxSbcUx5NDoQvrU3ed7vAoiJYf28FEhPTF9KBJhwoNuGe8mhyIHxpbfK+OLDo5a36OzYjacS7Xs33pTyaHKgvUs4El76PcKDYhHfKg3JIcQnXVq2B1VL2N1xiCGo2Qj/l0eRA+D5qU84El76PcKDYhHfKg3JIcQnXVq2B1VLWwDpE2cYwNQeaYhORUi0ohxSXcG3VGlgtZQ2sQ5RtDFNzoCk2ESnVgnJIcQnXVq2B1VLWwDpE2cYwNQeaYhORUi0ohxSXcG3VGlgtZQ2sQ5RtDFNzoCk2ESnVgnJIcQnXVq2B1VLWwDpE2cYwNQeaYhORUi0ohxSXcG3VGlgtZQ2sQ5RtDFNzoCk2ESnVgnJIcQnXVq2B1VLWwDpE2cYwNQeaYhORUi0ohxSXcG3VGlgtZQ2sQ5RtDFNzoCk2ESnVgnJIcQnXVq2B1VLWwDpE2cYwNQeaYhORUi0ohxSXcG3VxoHVEqGFSwVr8WjhPt7XxKb6pfWUc4p717o0LJq6pRx20NjA+tkFaoi0yS1cA2uH8Vnn0PIRYZZyIJitWgPLwGp561NcGuCnkrvgsjQsmrqlHC6Q58OVBpaBdaoPm4N36kMOuiwNi6ZuKYeDnrwEY2AZWEsGooebg0e57FCfhkVTt5TDDnoZWAbWqT5sDt6pDznosjQsmrqlHA568hKMgWVgLRmIHm4OHuWyQ30aFk3dUg476GVgGVin+rA5eKc+5KDL0rBo6pZyOOjJSzAGloG1ZCB6uDl4lMsO9WlYNHVLOeygl4FlYJ3qw+bgnfqQgy5Lw6KpW8rhoCcvwRhYBtaSgejh5uBRLjvUp2HR1C3lsINetcDa4XEPDmkzmobYRQt5qMBnCqQz8jjbnJOEh4E18HCzaQM6L30kMfFkkK7GbXJuGqLp/aQnBtagu82mDei89JHExM3hp71O+TY5Nw1B9SBcEu0MLKLo8PeuwRUe+alAYuLm8NMBTfk2OTfNQ/UgXBLtDCyiqIE1UGvtSGLi5vDTAU35NjmvKf7301QPwiXRzsAiihpYA7XWjiQmbg4/HdCUb5PzmuIGVlO/p9jEQE/BDKxUosPq0v61gqWFa2B9tEjSazeswWhREw+u8MhPBRITN4ef9jrl2+TcNA/Vg3BJtDOwiKJuWAO11o4kJm4OPx3QlG+T85rifiVs6vcUmxjoKZiBlUp0WF3av1awtHANLL8SfjokqeHJhFETE2xr/1Qg7R/tydW4BpaBtTzrLRMvE/vGAK2eXI07CaxXt0HSk9pvWMnlk6aluG3sHcxDt4oWZ9KTFgeqxR05t7QjuFfrZmD91q2rm0GMMwlkip/W76CbgZV2a63u6l4bWAbWmoPBv4ixfNFfAAysprq/sA2stzekNBHsjiYmYtD3EWxSS3pCcEkt1eKOnIkerdqrdXPDcsNa9vbVJp58Pb4j5+VGHQBwtW4GloG1bOOrTWxgLbcwBri61waWgRWb9avCq01sYC23MAa4utcGloEVm9XAWpbqDwD6u9uxt8/QDCx/dJ85p/zvaxNSV5vYDYt0a6326l67YblhrTnYP9Yw1s8Ni0tnYHHNPPEfBVqfuncc6Fc3B+k17V+CbWC9usOG70vMM4SOj1HDx8DfoDDtH9U4xW19TTewvoF5J08kxpzgJ2foMCWY36Um7R/VOMU1sH46rSnYdzFz8k6ic4I3qaHDNLnjVc+k/aMap7gGloF16mwRY7aI0WFq8bgjbto/qnGKa2AZWKfODTFmixgdphaPO+Km/aMap7gGloF16twQY7aI0WFq8bgjbto/qnGKa2AZWKfODTFmixgdphaPO+Km/aMap7gGloF16twQY7aI0WFq8bgjbto/qnGKa2AZWKfODTFmixgdphaPO+Km/aMap7gGloF16twQY7aI0WFq8bgjbto/qnGKa2AZWHecGzlfpEAaLDSwms9JOMd/0r1JVOxfCuxkoLv1JTF865O/rRX1RaoF5X01DwOLdqxcTw1RpnMr+HRIqcYpblOsXThfzcPAarpsgE0NMbjiZY+kwUI1TnGbwu7C+WoeBlbTZQNsaojBFS97JA0WqnGK2xR2F85X8zCwmi4bYFNDDK542SNpsFCNU9ymsLtwvpqHgdV02QCbGmJwxcseSYOFapziNoXdhfPVPAyspssG2NQQgyte9kgaLFTjFLcp7C6cr+ZhYDVdNsCmhhhc8bJH0mChGqe4TWF34Xw1DwOr6bIBNjXE4IqXPZIGC9U4xW0Kuwvnq3kYWE2XDbCpIQZXvOyRNFioxiluU9hdOF/Nw8BqumyATQ0xuOJlj6TBQjVOcZvC7sL5ah5xYFGizebdDXsHwxPNaK993y91W9q1cIkvaG2Ds4FFuzCod6AHohWPNAbpnW4Lu4VblPlHg7OB1ezYT2wD6wSRwRWNQTKwPjagobOBBYw+LTWwpsp1zjUGycAysDpuvQDVwLpA9L9caWCd04+Gzm5YJ/TOwDpBZHBFY5DcsNywgAX3LjWw9uqPgXVOPxo6u2Gd0DsD6wSRwRWNQXLDcsMCFty71MDaqz8G1jn9aOjshnVC7wysE0QGVzQGyQ3LDQtYcO9SA2uv/hhY5/SjobMb1gm9awUWNcQJT316BdFil/c1OafYTS1SDo/mXs2jFlhEhKcu36yANq2lBeVBZEw5Uw4pbns4GloQTFpLdSb4zZ4Q7ISzgZWo9J8aap6jmzb9vYQ8NeXc1IJik/eR2lQLgklrm1qQ91EeBDvRxMBKVDKwvlSpaWCKPWhldOTooYsuXfQcuYO8j/aEYCecDaxEpUXzHN00N6xB0xaOtPpHKNGgINjkfZQHwU44G1iJSgaWG9bAJ0ceoUFB7iahQnkQ7ISzgZWoZGAZWAOfHHmEBgW5m4QK5UGwE84GVqKSgWVgDXxy5BEaFORuEiqUB8FOOBtYiUoGloE18MmRR2hQkLtJqFAeBDvhbGAlKhlYBtbAJ0ceoUFB7iahQnkQ7ISzgZWoZGAZWAOfHHmEBgW5m4QK5UGwE86XBxYVIHnUtCYVl3JOcR+8Kfb0rc/OpZx34fvsPf7/rxVIe932Z8LDwPqtj4lgk6aluBNsMoiER4prYKVK7VvX8MXEywkPA8vAWpokA2tJvi0OJ0ExIUq9kfAwsAysiRf/f4aacukyD1cUSIJicjH1RsLDwDKwJl40sJZU2+twEhQTxgbWRDVwJm1coxHvNCk2eN6P9H0Es8mX8LB2rkDDF/6GNe9HfDJtHB3SFHfS5PhxP34YWESsb1RL/ElkacyJXwn9Skg8+KGWmnLpMg9XFDCwwKf5ToZPG0c5p7huWJV5FPSJAsSfRMzGnLhhuWERD7phLam152EDyw3rD2cSQ9BPJTIChEeK2+SbcrBuTYGGLybfFhIebljfaMMitk7MMzEl4WDt91Ig8ZyBZWB9OhWJedrjRLc3OfOOUI35DfmJpH8GloFlYOUz9bSSBkAypE8vXSigfBeueno00cLAMrAMrKejlBfQAEiGNL+dV1K+/Ib8RKKFgWVgGVj5TD2tpAGQDOnTSxcKKN+Fq54eTbQwsAwsA+vpKOUFNACSIc1v55WUL78hP5FoYWAZWAZWPlNPK2kAJEP69NKFAsp34aqnRxMtDCwDy8B6Okp5AQ2AZEjz23kl5ctvyE8kWhhYBpaBlc/U00oaAMmQPr10oYDyXbjq6dFECwPLwDKwno5SXkADIBnS/HZeSfnyG/ITiRYGloFlYOUz9bSSBkAypE8vXSigfBeueno00cLAMrCWAosaPjHlOyGK/XQivlFBqvNOGiecDazNAqs1U9SYiXkeXFu4E+yWdgQ31a39PsKDvI/2m2AnnA0sA8sNi0zVk9pk6M7YIAkP8nwD6+2N6FWtTZtMm5biNh/X4tzCbW8gLa1Jr6l2hDPhQXCv5uyG5YblhkUm1g3rQLX+hEpC1sAysAysA0cwGTq/En4ueKKdgWVgGVgGVqyAXwn9DSs2y0ohNVryaTf5nSnFnWCv6HPU2V3eR3iQt1MfEeyEsxuWG5YbFpkqf8M6UC1/w1oSM0n4ySd/irtE/slh+smYcm7hTnRu6pdip7q130d4pG/bgbMblhuWGxaZWDesA9Vyw1oSM/1Uam4VSw/4y+EW5xZu+9O8pXPqofb7CA+iBe03wU44X75hkQftUkubljTi/W0t7BZusyffgXNTv7thJ3NiYA262hykFnYLdyBffOQ7cI7F+AaFBlapyc1BamG3cEsS/wv7HTg39bsbtoFV6lhzkFrYLdySxAZWU9hNsQ2sUmOaw9/CbuGWJDawmsJuim1glRrTHP4Wdgu3JLGB1RR2U2wDq9SY5vC3sFu4JYkNrKawm2IbWKXGNIe/hd3CLUlsYDWF3RTbwCo1pjn8LewWbkliA6sp7KbYBlapMc3hb2G3cEsSG1hNYTfFNrBKjWkOfwu7hVuS2MBqCrsp9qWBtakml9BKGvFOrBUsLVwqKOVB8a2/rwLJnNT+as59ZTueedKIdmAd/6oZ4qsHVrPXRHHCg+CSWtrrhLOBRTowrE0aYWANxd3sWLPX5KmEB8EltQYWUWujWmKeRpM3kgL//cCduCdcmr1O7n+vITwILqlteNkNi3RgWEvM02jykHblGH1fhUQRtNlrQpvwILiklvY64WxgkQ4Ma5NG+JVwKO5mx5q9Jk8lPAguqTWwiFob1RLzNJq8kRR+JfytGbTXpI/EcwSX1NL3JZzdsEgHhrVJI9ywhuJudqzZa/JUwoPgkloDi6i1US0xT6PJG0nhhuWG9aUdkzlxwzphmpNGuGGd0IgTrmj2mtAnPAguqW18+BpYpAPDWmKeRpOHtCvH6PsqJIqgzV4T2oQHwSW1tNcJZwOLdGBYmzTCDWso7mbHmr0mTyU8CC6pvTSwCFFrVUAFVKChQLxhNS4XUwVUQAWIAgYWUctaFVCBSxUwsC6V38tVQAWIAgYWUctaFVCBSxUwsC6V38tVQAWIAgYWUctaFVCBSxUwsC6V38tVQAWIAgYWUctaFVCBSxX4HzkLiQNzAGSsAAAAAElFTkSuQmCC"></div>></html>>]
用浏览器加载,这样base64能自动解密,还可以解析出图片 发现是个二维码,用QR扫描一下,即可解出flag
题目所用到的工具和解题过程打包如下:
|