# BCTF2024-MISC
# ezkeyboard
题目
如题
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/a.pcap
答案
flag{1a2a3a4a5a6a7a8a9aaabacadaeafa0a}
题解
使用 wireshark 打开
ls /Applications/Wireshark.app/Contents/MacOS/tshark | |
sudo ln -s /Applications/Wireshark.app/Contents/MacOS/tshark /usr/local/bin/tshark |
提取出 usbhid.data
tshark -r a.pcap -T fields -e usb.capdata > result.txt |
keycode_map = { | |
0x04: 'a', 0x05: 'b', 0x06: 'c', 0x07: 'd', 0x08: 'e', | |
0x09: 'f', 0x0A: 'g', 0x0B: 'h', 0x0C: 'i', 0x0D: 'j', | |
0x0E: 'k', 0x0F: 'l', 0x10: 'm', 0x11: 'n', 0x12: 'o', | |
0x13: 'p', 0x14: 'q', 0x15: 'r', 0x16: 's', 0x17: 't', | |
0x18: 'u', 0x19: 'v', 0x1A: 'w', 0x1B: 'x', 0x1C: 'y', | |
0x1D: 'z', 0x1E: '1', 0x1F: '2', 0x20: '3', 0x21: '4', | |
0x22: '5', 0x23: '6', 0x24: '7', 0x25: '8', 0x26: '9', | |
0x27: '0', 0x28: 'Enter', 0x29: 'Esc', 0x2A: 'Backspace', 0x2B: 'Tab', | |
0x2C: 'Space', 0x2D: '-', 0x2E: '=', 0x2F: '[', 0x30: ']', | |
0x31: '\\', 0x32: '#', 0x33: ';', 0x34: '\'', 0x35: '`', | |
0x36: ',', 0x37: '.', 0x38: '/', 0x39: 'CapsLock' | |
} | |
shifted_keycode_map = { | |
0x04: 'A', 0x05: 'B', 0x06: 'C', 0x07: 'D', 0x08: 'E', | |
0x09: 'F', 0x0A: 'G', 0x0B: 'H', 0x0C: 'I', 0x0D: 'J', | |
0x0E: 'K', 0x0F: 'L', 0x10: 'M', 0x11: 'N', 0x12: 'O', | |
0x13: 'P', 0x14: 'Q', 0x15: 'R', 0x16: 'S', 0x17: 'T', | |
0x18: 'U', 0x19: 'V', 0x1A: 'W', 0x1B: 'X', 0x1C: 'Y', | |
0x1D: 'Z', 0x1E: '!', 0x1F: '@', 0x20: '#', 0x21: '$', | |
0x22: '%', 0x23: '^', 0x24: '&', 0x25: '*', 0x26: '(', | |
0x27: ')', 0x2D: '_', 0x2E: '+', 0x2F: '{', 0x30: '}', | |
0x31: '|', 0x32: '~', 0x33: ':', 0x34: '"', 0x35: '~', | |
0x36: '<', 0x37: '>', 0x38: '?' | |
} | |
def parse_hid_report(report): | |
# 拆分报告为字节 | |
bytes_data = report.split(':') | |
# 解析修饰键 | |
modifier = int(bytes_data[0], 16) | |
# 解析按键代码 | |
key_codes = [int(byte, 16) for byte in bytes_data[2:]] | |
# 检查是否按下 Shift 键 | |
shift_pressed = (modifier & 0x02) != 0 or (modifier & 0x20) != 0 | |
# 映射按键代码到字符 | |
keys = [] | |
for code in key_codes: | |
if code == 0: | |
continue | |
if shift_pressed: | |
keys.append(shifted_keycode_map.get(code, '')) | |
else: | |
keys.append(keycode_map.get(code, '')) | |
if len(keys) == 0 : | |
return "" | |
print(''.join(keys) + "\t:"+ report) | |
return ''.join(keys) | |
# 示例数据 | |
reports = [ | |
"01:00:00:09:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", | |
# ... 太长了不写 | |
] | |
for report in reports: | |
parse_hid_report(report) |
# 太感人了
题目
太感人了
答案
flag{7c3e0313aa944890177797bfbfa4d189}
题解
brew install pngcheck | |
pngcheck -v mm.png | |
strings mm.png |
# 密码压缩包
题目
密码压缩包
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/flag2.zip
答案
flag{dab06be7a415c57b3199686e4949505a}
题解
读取二进制文件 | |
`...../.----/..-./.-../.-/--./--/../--/.-` | |
51FLAGMIMA |
# ftp 协议不安全
题目
来看看 FTP 的协议
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/ftp.pcapng
答案
flag{1qazxsw2098}
题解
wireShark 打开 pcapng
command+f flag{
# 黑客拿走了什么
题目
服务被 SQL 注入攻击了,黑客拿走了什么
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/sqlinject.pcapng
答案
flag{2508944f919f9608df64353f28dcb7a0}
题解
qxbpqflag{2508944f919f9608df64353f28dcb7a0}qkvqq</br></br>select id from record where id=2 UNION ALL SELECT CONCAT(0x7178627071,IFNULL(CAST(domain AS CHAR),0x20),0x716b767171) FROM record WHERE domain like 0x25666c616725-- -
# 这图片很可疑
题目
这图片很可疑
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/2.jfif
答案
flag{6c4e0311aa944890177717bfbfa4d189}
题解
brew install binwalk
binwalk 2.jfif
# ezlsb
题目
ezlsb
https://twelveeee-note.oss-cn-beijing.aliyuncs.com/file/bctf2024/lsb.zip
答案
flag{74b2ecfa346acfcde3741da73cd4c55d}
题解
用 stegsolve 打开
extract by column
bit order lsb
bit plan 都是 0
mac 有 bug,看不到剩下的
