0%

[NSSCTF 2nd]gift_in_qrcode(revenge) ctfman233的WriteUp

2023-08-28 17:15By
ctfman233
二维码脚本编写

连接

利用下面的方式使用nc进行连接

nc <url,纯域名或者端口> <端口>

获取图像

从上面能得到类似于下面这种base64编码的图片字符串,尝试使用脚本获取图像:

from PIL import Image
import qrcode

def decode_base64_to_png(base64_string, output_file):
    image_data = base64.b64decode(base64_string)
    image = Image.open(BytesIO(image_data))
    image.save(output_file, 'PNG')


# 测试示例
def x():
    base_img = "iVBORw0KGgoAAAANSUhEUgAAAEwAAABMCAIAAABI9cZ8AAAZbUlEQVR4nEVcW5IbNxADQM6Fktz/YkMC+UCP1qmUK/ZKGpHsbrwY/vfPvxGZADQBBwJN0iBtSjFIZH4GIBCEZBABMCAgCgImEONEJEIgVhQ5FpGIjBkADBJSQIIAZBBGoEMSZGyCv88LLPD7UQdCIiQkkoACgkBijChMAgLbiF8HocLABI+AEEAY+b6SEAOCJMEAQ91zkuB5yABAYh9T8BEQmIxJOtoMSIIJ3YVBwoBK3ntIkUmSgGZ/X88m+F5D2ItxQDogAOK+hgzHQCQgMl5CSe4FZjsCbC11yfpvAIT8WxrHhAAEiuMuIxIFCQHSDkgECgIhIiwAyWyXwsgMYsEKwKQ7EgiQCNvstiU0Z1tBQoFBU5RIMD11IQES3y8T3eX+kbrwVgx6A3IuybUWHEh0zGipp08g5PteUAZA9DkFmwilxKQQrQ0wzEMeXMDPoudYp4t7YoEiI+S9b/JoATt2wM3tBz7oFwG514rw3gNg6YEEQEZgA2ttEkYkGSCsPh0M4JwYJqgA+N4TBBKTRP8zZLonPfFMumoAQhEQ4R5+gwRokaaJJLQhAQEcOKQQuvtotBLdXgDQsPoFEERWDxwJUQgkE0YCwZACIAbZJUy+OrRDpN8XADaTOX9YDG4uzCsLF0YgPQIQkbONOede6HkELHfzkQh2AJ4cgtJ6wHOvr/deBJkYXmsBZkRAexu5xyLWVkS/N8xeK1lQaLz3kNB61lKLtv+IQNtT/N4LkgDBOCGkbSYnlFpJ/VH1KPu3o1MxUEBHCWxGCNE+ZsSgSHytmQJII7/DQUOYEyIpEqPAROCe5O+wkOlGsZ3MmXbVXWaCUCIAEonnKEicRp5Md+oWkmBgKhtsK3Uifr2LhkHSwLSYoN+3fbFtoc8eAPccCdIO2Dp5z2EuCCKIDeW+oPIa5BZB3XMR69n4Wsl6lqMkQl5b9l4L4vtacETeLD3tXCIBwUjSOUMyMAj3qUOGWZI6jESKBugZiAATJQEokO3uSOvDXQ+BCRm1uScMgnSqsQ2PmvWhOrUYgvGMRykk1DUHKDqBmenkbbgdz4ZnUkYBYsOROxMcJkxg6jtABgBj98QFCQwQncVSKweYTpM50t05TEHEJOIZq+81ciVcS0CoTVp47+VVEBFcC9A9b5j9LDjXr6G1BOe9BkyQhJa0dO6Lq7UWhc4dIyzwABYIEwhTcAFQba+BAEN/fcsABUEstmiR9CB0Q0KFtop92oBMzkZl1gHT82D3vSQGiuL2YAoSimj685wZ7wE5EKGeJzpOFHUXxcyAbRcIECECYsaBoLY3gOwZRJBko8gDP0yz+/EiKRtCjBAxAbjDOCoQCO+9CPbe4BwFZmWJgeF7zrfXLMSbFdIC6QTB0gZ9/DLUI0HnfUU6x9bSguB7nHuLLbQxqIntJGttCAthRCXtIWpvEkGFEOIECpwwEqdheBYkgIhvFbvQbaYBQ7nHo29oFc+G00JmgHJKUwE17S6zO5r6lRk7lKfVBWztAVNWEvIVVV8IMWr1zpSDg4QOTUTYBAwRuPfAJPMWMmG+NyXEoTCjY2C6AjMKP5Aa+wRc2oDvCYm9lkUdW9baTN5zJCwK0bGRrEeYscJ2OVyAkRbAe1+Ca28h5x4iwJPAIJN7T0yB4B1Q3P7iDB4mYSt2bMTpas9JpkmwZdo/NwVYM3vIJCwStQejmwUr7uDJYJPENOlZKof+Wp++c9yB2aOtYh9QH6ju2WD6CrOAM+I88uBkJ56+WMBPwCS3ICyBJoQETCcCsYoejSgQO0y73hcBkpvCuoH0bbogmKy1CNz7UtTeRM4JGQtIRIUE3oA+NiEC0DmHrbsevvAhQL73KpA2FVuUVxYkwGtYniP2ECPEAmWFDA0rtBCBoYnWhkGGNuNYRsgYLv3KLL1BMkWaxKBMooVdvgCIdkSEZUGFUR2oVns7g47wgOqZjdVpG0AQ5zQP0yw8GjTmlCRBaWMFBGqaY2hFO8Q9N+Jay0iOUYiTDmYbTAhDMinJ2gsQAlM+l85FKVyJbnyvCBd4U+c9UPsk2+fue5GsvW1otS0PKzAhmMJ5Xxpr774R7VfA9bMXoetT0JLILcKEoi8Eavfrt9tFNIGouHH+rBCwwIezaLSnXjmVhihk0ur9eHa/bBzAnKJEOX4SE7b7YQiCnu5WcvuvEsxEdmtW7hPJAJQoHIyKsOBNIACbVCcV2036vBvkfrbddp2LIIRYdQEpJc7aS+Gx723zTVHSXs+iW4mnM3Mt0wpBnGPA+1lG7psIeAFmSwF9jklxS4kF4ObmOoGgtRTq3uPw2c9KnCzh3IubZy2HIheRIKEokrb5KHaKRtqgALsF0Y7QhcWvicgdlBDStQoCWrYCum3bU5TDCq15EeAA7kqbLrpN1Ik0OBYVceDBE5FT9PoVfD4NxxCsgTUqWWnt84dYQEAU2vRFbVA575XkO00FUQhE3HySYzB531d6nuXo+jAALSv3fSEG8UXY0/3x4Rnb5xqOng0A1wnvey+w1wPh+sSAGGPvjTDLyO5ZvIHiewBhZRGOHhLnPRS/c7dCnHuA7L1pp6LPPQn22kpGU3MZNjP4k4ls/ziJNEUEfg22dJtDusTfCRimP/JZm28HnZxuefU/0qimUkLs+bDvIBXldM3iQlfM/qXlDZcUD9hBtRBiRoVI7h4rgktf600346m2YCbUXgvBvS8SLVE874kg9/ModfqpXUeISd+I3JIp9eQW0CWQrq/dKRHt3V7J4L2H0dqrmmIkxjbka7aC+YjWkCeHpCV2v2z4GtdaD3cfZhh0yqTKWcLWYDW8crUCC5nQ0OnZtQKBOCQFA2Xf1Iii/YQCYYkVUghAzieKVZdKRPcphLCqIkcGFFCFSG3IJZVGd8ayk1TwReSQpJ1I3gjW1grveRFpKch9Ix4thSWOOL4EtEXCsECZDtZaIBFHzwfbCFWkpi/gXJwqwgZGYCUJr7VMaMldUUwDep4N5L0vrL2IBUGBfPo+sJA30KEV+uSAsxo3znUJ+vFNCPah2yep0clAoZxIn+QB2hm4wemZBJnReEi5QlCRLtPT2Wqd5aaCDljSgVwyAreEOi+7iAZVyv7RTJQF8dNiFadAAN+BQxGTBwKNtE5gh/G5AfZaFTOUZD8Bzjn9ClbWfoq19ZN7QkT3fS0sPSDve4hoA5ZACnxW9cJBMjQNYudeCHKpMKzce78nfQFFZ2kvuUgtNKC9i/cccqnqlMmySCSheN6XlXqYrQ31CzsoXVQQyqPEq40ykCKrmAMzYyq2lnBUgJhpQbJAGMzsOVJhflgfyeGrNqWv3Gcetiy/JtFDNRx4SIs/Nlr1cMR2DHMNqYyET/QZmS0RWENYEMe5CSzp0QJ4EgrvtapPVcdXFtaYP5wOUKPDfusWIYdkcOE5HiHutRjupbo+6DSLhAD7EcLrg9EdS2h53it4aX0gBce3FFaVbBBeBtFe26Fo0/cg4X7kkBqK3XUrieyOmuCYNG2J/qys4kxQAWlBmC5bG6EF7IR1QTBNmOhgrN9jdz7O4OPUrGlXdRjBrSqi2+/DGEq+9mDYNO3pK1EVIQ/cszdiH2Pg3n32TuALzTe09lqOV2TdGMZeK8B7XkFrb03rhi2qTDIXU05gtp4M8qe0IZxzAu3dPqZ2BNLvacOSaGaF8QnuASLBN3DWI5gFpXs/GTgB2EGcXQEtJui2MrXQXOHFpQ4x4rg4oMow3UUrRTZ74EdopyiQlFufrqdWTJkZkz/NEB/IQuq6Wf3U9AlExXU1WN1hwHYGY3NavgCYJqWqM2ERgWBXqm1f3oj2llM+FSAFY6DOfT91YTrHwwXy2jjv2BEGwOPbV5vhyJgbQu61vh5oULznhNDahO816b2e8SaCRxuAmUc49zLhsx4gVpafTz4G2lr03hDBBZC9JOmeg1ztB8GiKwjV+knhG/jNna/5VQwvb0o6/difh2mMd9IhgTEfWMRST5IRQNd7GBZTf0rIx6wHYBnjkqo9t4fBZjDsDRj5Vf44Bx2ZyvictUISEhShSN5VNyqPG44Te61N6d5LQmuFWemoBRCt7cB4aQaOMu/a6ROEuQ5wata995Yb32AtQaxlr9Xv8NK4gsxcRhFcQ1aqvTuTKgGVqjDrIb3LHKpFZrzzCyn2haWHSkJV72ISV9GAkbFEyhPBusGwbQO1/wwgo8VhPOKK6fC8rErPIKMMSSBlccadCNfIazkHbQT109CGWR/N6lQnSWrKlKTGY83owHXZK5zSNkDuAOea1SqA51mBzjlqtYH2gXOgMM9aY9i0sZtrsT9japNYSkB6L3rMoWrTNiHovcdj8jgnkTtZuJ+FiAngIwYcje8OCje1bCFn1N2A9mHYTMLxUfI8TzoKgNdWW3qREsh+UbcKK6YWiVS75HA+0xh/t9hV7G9Vbg3FoBxJg6HEwgHF6AlAxrqBmQgpbv6pTMN3Kly0qofMRoBCUAbHd66owLoANqtX9PGNUDtsqyuviu0bM+V/jXFEIrlEnXNw0b/bz4PqbjPjoevDu/aCLbJSqAGfC1jrIbGfHX/4hiLw3hC454ZcWgT4gFmNwOy9HPpcEPdeMnvvBZz3knfv7WGR/Mw3IbnnEhr/Imzmhq0ujGsjikbEtjuk2ukU2igsqcCmmgwVHH7MHZ0bU4Y9k/K8nb4NaNuAmf6NK2NPmMJg4FBMaogPIPrE8U6rPnUrOvlUgi9IAgDa0HA5xxfc3JV0N1IOGRD0e0+LfdhihVlm6QkMPEw6QJA+8jRaGDFD+t5qHybWEiL7ON7rGX8pvO99kb13EN8TcWFVSbGyn40vd1OqcO5LkoDD53mQvPcyXM9ixqmfQ5/YFVuLtslZ1BSbeDwLdVb2uI2B7YCjzfU1I+nU3Zi2O1NVYEzKkYV8Dg9TbpBMAGhAqZTxLTg16BQXFeRxDLihRcHnytN1ZRjICrNp2Rc4pS/X90LPkoG1FsDrC2BLHQADBYR7T8+D483VwA9UYT59IIh01pKg41sGGOrm2HnWw+XzesJr7nzguZeFk+DFVaClTByoXYDcT/FFp/QkDci9Gex7Dw1puXzS8JhBoz532BXlzK8ilhZZHf6K0Y6VREoYWXTaMYfkCeVs4ueWFCJnxFRWMLI8SHi2Fl2LJpO6Q9XAaNJUAfJIdqjJgOEJJShmMRxtEJtjCELaYHwtwPd1uPZisLig5feaxtr45OClLcb3TBrAuPeG1FqE773AHZ60FzBnfwR3Ymnd+yZ3lCftVatJrlG6OdbKYA9Cq2QunX7h0OtrJ2+lmWct03sR0rkvQXpV14TAKCHFZiraaDMMrg7jSKwBIn0Jka+dDvOnVXtzWskA1PY7jv+fxjFt/H5JFky5UqxSB5D5S43xk3j4iT1fw7Y1Bk5cHQ9wki/zuR1Wva5wRD7r8T2JYeX6Xc9Wgr2ILjKQHGA9QLD2plFqzBFqAWFpQ3lMLzT9Rl6bx7fH8YWftSOee2Ge1wD0bCL7eUraAS8RXLarh5jYWwDec6mIDwDtRdDXMKGGLvDTkyt7V/lsbKLqGTy2hCnIRb4qqm0yru/TyvIYHd2PHqL2NdTdi0R+cS56XJegmQkGULvoJ+W2TzKCqOLdKgJVujB6fuMZ7b99nTxSVc3RoS3Yw3ISm8Rdz64uC0RcBMcGvMfGXqJwjwEuUOF7X5FeS+CLW5EqYN57lEB8Adwg+1lZVapmiCfdBiPLKwTufd1UCQLhjZ+9m6oC9L5XwtKXZAzs016Vy+fZAXxfHNwQylrLGLmmI0oZVvEFq/6cCFbspghJERuXCpuJ/BhvsWkqoA/uRgKHri5QB2xMJTbihQQuByQcqk6/Uo/DdjjG2qRyKIwnOcYSwMiZ8ydTVvU21TrdCBvB1nog9wtTWqVo05Sy1xoPAVB9ok4QJMYjgFj7cXB96XFV6pQ8azl5fVjog6y9kFz7JktC6HMb9ptyMtaWIZ/TEwVo7SeEzzXxrA3Smnxao0Ah9rOZXH/iyfgR6DChZLnJY0iNlE5UsIZH1FZefjD+QS1kT0Zz+Dx++e5JE0cNB4kqJutcrt3RzxpHqu5ykT3VINho1RXzGjf4/K9UXiTJVC395PpKZ42ebIEW7azFELlvKNzEFUdnsJ9zWDmr7/Dlsp71QHjPO0ocXRl47ydB45rvG+g8a9vgWqAr76im9HWM/SzAaBgni9R5TxSuTfOea4ZOiGcviO+94F38gqaA9Cgo1Fr7iXOuYaxHatvhhMlLw+xaEqLiL5jB2aIarYnKBoqpClmL2k3MrkwQRKPkNKLuqj1xRz8/Bjlhx+7PJMSCpmvqrfSApORgaAcmDTqAEag/7SpHEaNkl9GMhj3iEZtKPucQaDR9bTZgEAeLD3zfhLjHDauE9rGhZy8HEy9MmoZ0VJHS70AACcfmHcz7+iKd1eAKiM3lNRLkWrKbXdK9p+AfhnEmEFfs47v2/hYHABMjk50XJ3DRVf00AibD6KjfDYGPFuGXap+G33batoy5pAEEGnSLJpT69zKoXwplXCGi1BETyFDr10MfA4zNC9CiggbGJs+gkXjnuA1jhbCnhzKQK5UN5AWetSLeeztkOE03o3FJQLY2gzeXobZE3tv0Xx9TNIxjpOggqsJPNC8hi7tD4ffJthFc3ZjrEUP72hBwyCHOnFs6qFJOPEvBOu9LSQsxt5YVGxI7ogZrKJRHamlsqb7M7D6/BBQmaT5L5EJFpeNqsO+kuONerOm70t08Q2oSpikThK56mApBRcFjaQ9RLRUeyFSfEROV/TgSXVhcNhpI2EnpBwDZ5hatH6smnN0OPV8N4D0G8+xl8JyDYD0P7Q8yhlDZ4NpDrEwSlleZ1sFhovUw9s3lncsVvlbxb9aWss91fNdaS/K9RXp4SKDEjr3807yzzaU9qlgGuYFzeaLShVhI1SA4Bwk1fcuq0cUNBibN1CgzPotxpFo6oOR8Aoiar1QEZ+5qlSHOT6hwSRNl79N5QNVISIkbrmPMyeuS4uSDYpejeNp8w8+JN8P3DN+tA+RcfjgcvLl16g4q8hCLD5j4vm0vpO8Fmr/A2hvAg5i4r0PsPRY3CL83wt4LUVHI2pvOzZWxnseTrvM9Bq/Ww/xk4tHoRb1+cVnHcmKrk6zpPSciuccmtSoA1JyfShu9tW2rVnWviwyfa6KgiuPMu1kPI7UN0Uh4vlhcvvxVu5GLsJOGnNsOQncopzJtK+hHudj1LcbEWCwY+V91jYe1Znpzoy0mseeuSvFk06gIuEhxriE5IXzS2JRpO7mT+wD70a4pWNvghdbkQCzL9wU2N4m91XENIr7nlIt+VNiqzKJQaxJeRI6NmwGqDM0tQsNFYmVuomTvDUqM+zHsAMN3k2bmB8Xy/FrNdSPqIiXuBPgaIhpZV369RsRE9Zr0naVXDYf2sibPh+AYVWdiwV+XyIgTUE/FN/wLq1R8/cX3C5IKQOXpllCiei3ArgYbcyUBfc9AW9aFB9fCLxk80sqlqrhxbSi513HWXjLfRlDu2xwXkR7Bug/nfVEQfLC1oGcVq1ZfiTNhJJ57hbuWIsV3SJpz9eKQpGPdyXEXdYqI7WTvyizX0QqUWkSts4zd2KBs5HBoZ1qA00LVla7EaHy7knhwRGoXVg9huSE/AAJrAskK4wHCTcDUHSRkdvt6R2t4jj5RgZ9HIoTfTQyCGWcPKjQGIGKXGhneo/diFHjg82EySA+g11RFEwrkHcVayzPl91KCrSA8PrrXoXwvIWut7xAVllY4ZbOyJHFGZITWFnOuEerp1UwhlETneLKcNULIlIrtR3Myv3BM2X6hbSMyzRhIjBSxu6QOsQqf6tKbDuLa0wOGMPpYL91g0rRts1Hz7n3RTOZMoKA4jolnPLfd0Cbb7LvCo7AONP1ZGJQ5oQb0GlqlYnU6UBtkPfdP8EBvVVS/lYLxWAfTtVFL0FoB/NqJ34uKVQL1oHkARXweFgd0/Cu+TkN6szLvewmurZDbhHJx5rYNo72S5N6bOiKXl0m0Hw5AXoV/+jLaDM4NeNukUnoXVn7TmDNohqSX3WjlZxd/lzLi705QfS611UqT5JrCGu9XbkJuIkH8bJRqfZ2RqVZbjGsNHZuR3dg5WolzY73d+Gu7nF2auymYlM8oZpulmnG0EKylsHkRRU3aIZL9MuqhXvsBcs8Ns/fjJBVY1AO1LDx7TacZbwN7EfV6hZuDkxCyep2j6mBJ4kgZSwlzb24jP7y5SZ5HwH7PEbG4konVD51dYvjsldANaUJq26Mmu1+YkEmYDbPr9ShWxapuPVGPz94tPzdMsveSU9OxoNYzlOQ65vQnATWZPjeJjFrSI1AUpLUxfzo9J3LSJPDowXTsAoyyKre4RobinqEAnHsoAuZVWj69MErdE6WqFEGcUw2Opny6I+ilrhE454mFGMLmSn3iXgMLtTbEFSC1lIdMB4i9lwIVDy89RO65hp/9BLnnDFYp5vP8DwV6rfDcXpYbCI8Y20oQy42T+ANc3yXfUQemURKePZicfsWXMsp545lB+El2aVZLI6NxxNeyj/Dr4xkp9otxVxBoP0iTWsjnffbK4+AnzE2SAeAevyIa66bzjE/HITk36X7e81yWnP+jwS6Uxto7nfwAV68cmKNJCeAP2NXKtA3g2TKwGoTK4II27I6gT+qW6CC9/VooL+2FDsZGHFilMQNgi5unMfZ706IAO+L/4SwZHFlla9MAAAAASUVORK5CYII="
    output_file = "output.png"
    decode_base64_to_png(base_img, output_file)
    print("成功将 base64 编码的字符串解码并保存为 PNG 文件。")

x()

得到图像后,图像是小并且黑的。这时候需要将图像在PS中放大,调整曝光到能被扫描识别的那种。
这时候的扫描识别,你会扫出一个数组。

[97,45,232,198,115,215,226,198,32,189,8,210,84,11,150,134,221,207,167,176]

编写脚本,得到指定数字,拿下flag

从官方附件中的py脚本不难看出,这是指定seed后,运行的第二十一次生成数字。
并且设置的seed值是一个 限定了范围的随机数 ,脚本就好写了。
只要我的脚本获取的数组是相等的,第二十一个值直接输出就是我们的flag了。

from random import randrange, getrandbits, seed

def poc():
    for i in range(1,1000):
        secret_seed = i
        seed(secret_seed)
        a = [97,45,232,198,115,215,226,198,32,189,8,210,84,11,150,134,221,207,167,176]
        reveal = []
        for i in range(20):
            reveal.append(getrandbits(8))
        if reveal == a:
            flag = getrandbits(8)
            return flag
    return False
print(poc())

得到具体数字,输入就拿下了flag。

还没有人赞赏,快来当第一个赞赏的人吧!
  
© 著作权归作者所有
加载失败
广告
×
评论区
添加新评论
文章信息
板块MISC
作者
ctfman233
目录导航
暂无数据