Chybeta

ISG2017-赛前练手题—writeup

发表于 | 分类于 | 阅读次数

ISG2017-赛前练手题—writeup

秘密文件

1
2
在某个员工的电脑上发现了一份奇怪的文件,你能找到什么东西吗?
奇怪的文件(https://play.chinaisg.org/attachment/download/secret.backup)

下载下来后打开,看起来是流量包。尾部发现一些base64串。解一下:

1
2
3
4
5
6
7
8
9
import base64
pngdata = "iVBORw0KGgoAAAANSUhEUgAAARgAAAEYCAIAAAAI7H7bAAAG7ElEQVR4nO3dUY7bOgwF0OSh+9/ydAFPASTwknKm53wWqa2JcyGAkqn3z8/PC6j57/YA4DcQJAgQJAgQJAgQJAgQJAj4s/zX9/s9PI4d+5X6+viX99q/7KehFq9QH8DS8rLFAZyOoXivMZ/+KDMSBAgSBAgSBAgSBAgSBAgSBKzL30uT+8SLpc+j0u3+h/c/eXSvpaYB7I+qqSa+f9mlx/4IzUgQIEgQIEgQIEgQIEgQIEgQcFD+XmraZ90xgKMd2c+sCBdrx5+uMDmADtd/hC8zEkQIEgQIEgQIEgQIEgQIEgRUy9/PVC9JFy9bb35S/ORRPbep1n+9LD7JjAQBggQBggQBggQBggQBggQBX1/+bmpRPdak++gK9e7nxdE+sx/3E5iRIECQIECQIECQIECQIECQIECQIKC6jvRPbZXfV/9aiotLTS2T6jp+ME/4EZqRIECQIECQIECQIECQIECQIOCg/P3MLfST9dymLkIdTXyaKsLXz5B95o/wZUaCCEGCAEGCAEGCAEGCAEGCgPcTds7e1VFAb/pWmxrbN7VM+qd+WmYkCBAkCBAkCBAkCBAkCBAkCGhpon+9h/2RyR72YwOY/FqOTO5Vn/wVmZEgQJAgQJAgQJAgQJAgQJAgoFr+bqpmdhSajxqSNN2reNlJk11lJg/MPbrC/jXNSBAgSBAgSBAgSBAgSBAgSBCwLn9/UZeP4jWPLlsvlHd8Xdf3U9fXFYoDeAIzEgQIEgQIEgQIEgQIEgQIEgQIEgRUm+hPrjg1LZgUlybqbxZ0PIKm9zh+QV/8jsf9MiNBhCBBgCBBgCBBgCBBgCBBwLr83XSo6Be53i+/eM1Pvv39lCO6CMGXESQIECQIECQIECQIECQIWHcR2q/SNvWwn9xlXPy7liaPEZg0+bAmG/bvD+ATMxIECBIECBIECBIECBIECBIEHDQ/mTxUdN/1Qvkz1Rvb7z/ZyXvt//dPij9ju7+hkSBBgCBBgCBBgCBBgCBBQLX83eSZo9pX3+p+vf/ME06h3fzvk5S/oZEgQYAgQYAgQYAgQYAgQYAgQcC6i9C+phNUO5YLJtsYHfWVv760MvkuzORrL2PnI7/MSBAhSBAgSBAgSBAgSBAgSBBwUP6ebGo+2VZm6fo7I8+sPh8NtVjrry9LTD5EMxIECBIECBIECBIECBIECBIEtDTRr5usdO8P4Bc0u5nc6n7dZP3djAQBggQBggQBggQBggQBggQBB+Xv6p1ud0SpH3W6f9nJDdFHJgdw/XzhpaYXC8xIECBIECBIECBIECBIECBIEFDt/V2vGy6v8MxNyt/VU6VDvffIMw/M3b/XJ2YkCBAkCBAkCBAkCBAkCBAkCFjv/r6+IXrpmbu/J+9V79HxzNbbTb+ByQ7yZiQIECQIECQIECQIECQIECQIECQIOFhHaqrKN60OFTU10f8Fb4L83/V3Q5oWzY7uZUaCAEGCAEGCAEGCAEGCAEGCgPtN9McKspNF0rrrZf3619Lxdkb9ye7zGgVMEyQIECQIECQIECQIECQIWDfRv76f93qVdt/Y+sErsUl58gzZph30Rft/19H4zUgQIEgQIEgQIEgQIEgQIEgQcHCG7OQW3etNQppqr2Nl/aNa/2Rbm/2/63qh/IgZCQIECQIECQIECQIECQIECQIOyt+Tm3k7auKT7UTq9kfb1Kdlsv3LZP26aau7GQkCBAkCBAkCBAkCBAkCBAkCBAkCqq9RXG/iU7/m9bbu9RcWOnQs5Q1rej1kyYwEAYIEAYIEAYIEAYIEAYIEAeszZJ/Z/nypPv5nVp+XmobadNbq9eY+HW+CaKIPjQQJAgQJAgQJAgQJAgQJAta7v5/Zr2epaZPy9dY8Hd3uj+416fqZCUt2f8M0QYIAQYIAQYIAQYIAQYKAdfn7+r7dpevbzzt2yp9+OP7fX0993JMLG/UBmJEgQJAgQJAgQJAgQJAgQJAgoNr7u0mxy0dT5XTysvuaOq1fb7Qy+bzqT9aMBAGCBAGCBAGCBAGCBAGCBAEH5e+lpn4gxQFcr3QfVZ8nK/hLHYsNTQOoa6qJm5EgQJAgQJAgQJAgQJAgQJAgQJAgoLqO9ExH6xKTC1nXz6udXJ66/spG8V5HzEgQIEgQIEgQIEgQIEgQIEgQ8PXl76ZjVYuf/GTssNTJF0mOav37A6s/2clTF8xIECBIECBIECBIECBIECBIEFAtf0921t/X1Oxm31EXoWKhuV7rPypqF01uP59kRoIAQYIAQYIAQYIAQYIAQYKAg/L3ZPn4uusF9CaTG6KLA5i8Zv1xm5EgQJAgQJAgQJAgQJAgQJAg4P0LNt7CdWYkCBAkCBAkCBAkCBAkCBAkCBAkCPgLVlXCW8nFW3sAAAAASUVORK5CYII="
f = open("flag.png","wb")
f.write(base64.b64decode(pngdata))
f.close()

得到一张二维码,扫后得到flag:

1
ISG{5a9f1ce5c7359a1b1076b5143b946a3b}

简单的apk

1
2
3
能够通过APK认证的字符串即为本题flag
下载APK(https://play.chinaisg.org/attachment/download/simple-code.apk)

其实这是mobile,干脆写在这里不另开了。用jeb打开,然后发现是kotlin,先果断放弃哈哈哈。

微信扫码加入知识星球【漏洞百出】
chybeta WeChat Pay

点击图片放大,扫码知识星球【漏洞百出】

本文标题:ISG2017-赛前练手题—writeup

文章作者:chybeta

发布时间:2017年08月28日 - 19:08

最后更新:2017年08月29日 - 07:08

原始链接:http://chybeta.github.io/2017/08/28/ISG2017-赛前练手题—writeup/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。