Lacrimosa

统计加载中...

Announcement

网站正在架设中.......

Learn More

标签

507 字

3 分钟

HGAME 2025 WP

2025-05-07

CTF

Web

统计加载中...

W3ight#00005f-WEEK1-WP#

MISC#

Hakuya Want A Girl Friend#

观察.txt文件,发现打头为 50 4B 03 04 ,直接写脚本提取zip

1
def hex_to_zip(input_file, output_file):
2
    with open(input_file, 'r') as infile:
3
        hex_data = infile.read().replace('\n', '').replace(' ', '')
4
    binary_data = bytes.fromhex(hex_data)
5

6
    with open(output_file, 'wb') as outfile:
7
        outfile.write(binary_data)
8

9
input_file = 'hky.txt'
10
output_file = 'output.zip'
11
hex_to_zip(input_file, output_file)

压缩包内得到一加密txt文件

简单尝试爆破密码无果,回到hky.txt寻找线索

在文件最后发现 47 4E 50 89 ,判断应该讲PNG文件藏入并进行倒置

ctrl+f 查找倒置文件尾 82 60 42 AE

提取PNG文件部分,使用脚本倒置并生成PNG文件

1
def reverse_numbers_from_file(input_file, output_file):
2
    with open(input_file, 'r') as infile:
3
        lines = infile.readlines()
4
    reversed_lines = []
5
    for line in lines:
6
        reversed_line = ' '.join(line.split()[::-1])
7
        reversed_lines.append(reversed_line)
8

9
    with open(output_file, 'w') as outfile:
10
        for reversed_line in reversed_lines:
11
            outfile.write(reversed_line + '\n')
12

13

14
input_file = 'hky.txt'
15
output_file = 'output.txt'
16
reverse_numbers_from_file(input_file, output_file)
17
def hex_to_png(input_file, output_file):
18
    with open(input_file, 'r') as infile:
19
        hex_data = infile.read().replace('\n', '')
20

21
    binary_data = bytes.fromhex(hex_data)
22

23
    with open(output_file, 'wb') as outfile:
24
        outfile.write(binary_data)
25

26
input_file = 'output.txt'
27
output_file = 'output.png'
28
hex_to_png(input_file, output_file)

同时进行宽高检测,最终得到图片

得到解压密码

flag:

Web#

Level 24 Pacman#

进入环境,吃豆人游戏

查看源码,在index.js 开头发现了类似Base64加密的密文

解密,得 haepaiemkspretgm{rtc_ae_efc}

猜测还有一层加密,多次尝试后发现为篱笆密码

解密,得

输入flag后发现不对,再次查看源码

又发现一串Base64密文

同上进行解密,得到flag: hgame{u_4re_pacman_m4ster}

Re#

Compress dot new#

打开附件,源码如下:

分析后发现程序对明文使用霍夫曼编码表对进行了编码

根据附件给出的enc和程序,解析霍夫曼树

“

1
import json
2

3
def parse_huffman_tree(data):
4
    if 's' in data:
5
        return {'s': data['s']}
6
    elif 'a' in data and 'b' in data:
7
        return {'a': parse_huffman_tree(data['a']), 'b': parse_huffman_tree(data['b'])}
8
    else:
9
        raise ValueError("Invalid Huffman tree structure")
10

11
def decode_huffman(binary_str, huffman_tree):
12
    decoded_data = []
13
    current_node = huffman_tree
14
    for bit in binary_str:
15
        if bit == '0':
16
            current_node = current_node['a']
17
        elif bit == '1':
18
            current_node = current_node['b']
19
        else:
20
            raise ValueError("Invalid bit in binary string")
21

22
        if 's' in current_node:
23
            decoded_data.append(current_node['s'])
24
            current_node = huffman_tree
25
    return decoded_data
26

27
with open('enc.txt', 'r') as file:
28
    lines = file.readlines()
29
    huffman_tree_json = lines[0].strip()
30
    binary_data = lines[1].strip()
31

32
huffman_tree = parse_huffman_tree(json.loads(huffman_tree_json))
33

34
decoded_bytes = decode_huffman(binary_data, huffman_tree)
35

36
flag = ''.join(chr(byte) for byte in decoded_bytes)
37
print("Flag:", flag)