ctf 常用python脚本及在线网站

Posted z.volcano

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ctf 常用python脚本及在线网站相关的知识,希望对你有一定的参考价值。

ctf

脚本

图片爆破宽高等脚本在ctf misc 图片题知识点

二进制转二维码

运行之前先改好图片边长,即MAX的值,例如二进制字符串长度为625(25*25),这里就改成25

import PIL
from PIL import Image
MAX = 25  #图片边长
img = Image.new("RGB",(MAX,MAX))
str='1111111001110010001111111100000100001111010100000110111010011100010010111011011101010111100001011101101110101010101000101110110000010011000101010000011111111010101010101111111000000000100000110000000011000111011101101000110000001000010110010010010100010011110100001110111001100111101001010110010010011000001001100001001101000111100011111101110010100010110111110011011111101111000110110010010101101100100011110011111111111011100000000101100011000101001111111010010100101010001100000101010101010001100110111010001001111111100101011101000011001011110111101110100100110010010000110000010110000110110110011111111011010000101110101'
i = 0
for y in range (0,MAX):
    for x in range (0,MAX):
        if(str[i] == '1'):
            img.putpixel([x,y],(0, 0, 0))
        else:
            img.putpixel([x,y],(255,255,255))
        i = i+1
img.show()
img.save("flag.png")

base64

base64异或

import base64

s='TkVLTFdUQVpvUlNda1ZXRUpAZVldTltgJCQhLCAgGSknPjc='
s=base64.b64decode(s)
for i in range(256):
	flag=""
	k=0
	for j in s:
		res=j^(k+i)
		flag+=chr(res)
		k+=1
	print(i,flag)

base64隐写加密(py2)

# -*- coding: cp936 -*-
import base64

flag = 'Tr0yBase64isF4n'  # flag
bin_str = ''.join([bin(ord(c)).replace('0b', '').zfill(8) for c in flag])

base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

with open('0.txt', 'rb') as f0, open('1.txt', 'wb') as f1:  # '0.txt'是明文, '1.txt'用于存放隐写后的base64
    for line in f0.readlines():
        rowstr = base64.b64encode(line.replace('\\n', ''))
        equalnum = rowstr.count('=')

        if equalnum and len(bin_str):
            offset = int('0b' + bin_str[:equalnum * 2], 2)
            char = rowstr[len(rowstr) - equalnum - 1]
            rowstr = rowstr.replace(char, base64chars[base64chars.index(char) + offset])
            bin_str = bin_str[equalnum * 2:]

        f1.write(rowstr + '\\n')

base64隐写解密(py2)

# -*- coding: cp936 -*-
b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
#https://tr0y.wang/2017/06/14/Base64steg/
with open('1.txt', 'rb') as f:
    bin_str = ''
    for line in f.readlines():
        stegb64 = ''.join(line.split())
        rowb64 = ''.join(stegb64.decode('base64').encode('base64').split())

        offset = abs(b64chars.index(stegb64.replace('=', '')[-1]) - b64chars.index(rowb64.replace('=', '')[-1]))
        equalnum = stegb64.count('=')  # no equalnum no offset

        if equalnum:
            bin_str += bin(offset)[2:].zfill(equalnum * 2)

        print ''.join([chr(int(bin_str[i:i + 8], 2)) for i in xrange(0, len(bin_str), 8)])  # 8位一组

1-5位的crc32碰撞

6位的碰撞已经有现成的工具了

# coding:utf-8

"""
Author:spaceman
"""

import binascii
import string 
from time import sleep

def is_number(s):
    try:
        float(s)
        return True
    except ValueError:
        pass

    try:
        import unicodedata
        unicodedata.numeric(s)
        return True
    except (TypeError, ValueError):
        pass
 
    return False

# 进度条
def progress(percent=0, width=40):
    left = width * percent // 95
    right = width - left
    print ('\\r[', '#' * left, ' ' * right, ']',f' percent:.0f%',sep='', end='', flush=True)

# 一位字节
def crc1(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        s = i
        if hex(binascii.crc32(s.encode())) == strs:
            rs += s
            print (strs+'  : '+s)
    return rs

# 两位字节
def crc2(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        for j in dic:
            s = i + j
            if hex(binascii.crc32(s.encode())) == strs:
                rs += s
                print (strs+'  : '+s)
    return rs

# 三位字节
def crc3(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        for j in dic:
            for k in dic:
                s = i+j+k
                if hex(binascii.crc32(s.encode())) == strs:
                    rs += s
                    print (strs+'  : '+s)
    return rs

# 四位字节
def crc4(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    it = 1
    for i in dic:
        for j in dic:
            for k in dic:
                for m in dic:
                    s = i+j+k+m
                    if hex(binascii.crc32(s.encode())) == strs:
                        rs += s
                        print ()
                        print (strs+'  : '+s)
                        print ('\\n')
        progress(it)
        sleep(0.1)
        it += 1
    return rs
    

# 五位字节
def crc5(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    it = 1
    for i in dic:
        progress(it)
        for j in dic:
            for k in dic:
                for m in dic:
                    for n in dic:
                        s = i+j+k+m+n
                        if hex(binascii.crc32(s.encode())) == strs:
                            rs += s
                            print ()
                            print (strs+'  : '+s)
                            print ('\\n')
        sleep(0.1)
        it += 1
    return rs

# 计算碰撞 crc 
def CrackCrc(crclist,length):
    print ()
    print ("正在计算...")
    print ()
    dic = ''' !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz|~''' # 碰撞需要的字符字典
    dic = dic[::-1]
    text = ''
    for i in crclist:
        if length == '1':
            text += crc1(i,dic)
        if length == '2':
            text += crc2(i,dic)
        if length == '3':
            text += crc3(i,dic)
        if length == '4':
            text += crc4(i,dic)
        if length == '5':
            text += crc5(i,dic)
    print ('\\n')
    if text == '':
        print ("碰撞失败,无结果")
        exit()
    print ("字符顺序组合:",end=' ')
    print ()
    print (text)
    print ()
    input("回车确认结束程序...")

# 主函数
print ('''
##############################

###### Author:spaceman ######

### Thank you for your use ###

##############################
''')
listcrc = [] # 用于存储crc值
length = (input("请输入文本字节大小(1-5):")) # 即文本内容大小,如文本内容为flag,大小即为4
if is_number(length) == False or length not in ("1,2,3,4,5"):
    exit("非指定数字,退出")
print ()
while 1:
    crc = input('请输入crc值(例如:d1f4eb9a,输入n完成输入):')
    if crc == 'n':
        break
    crc = '0x'+crc
    if len(crc) != 10:
        print ("rcr长度不对,请重新输入")
        continue
    listcrc.append(crc)

CrackCrc(listcrc,length)

将十进制数写入文件中

x=[55,122,188,175,175]

f=b''
for i in x:
    f += i.to_bytes(1,'big')

out=open("1.7z","wb")
out.write(f)

usb流量

键盘流量

先tshark导出数据

┌──(volcano㉿kali)-[~/桌面]
└─$ tshark -r whereiskey.pcapng -T fields -e usb.capdata | sed ‘/^\\s*$/d’ > out.txt

然后每两个数字之间加一个冒号

f=open('1.txt','r')
fi=open('out.txt','w')
while 1:
    a=f.readline().strip()
    if a:
        if len(a)==16: # 鼠标流量的话len改为8
            out=''
            for i in range(0,len(a),2):
                if i+2 != len(a):
                    out+=a[i]+a[i+1]+":"
                else:
                    out+=a[i]+a[i+1]
            fi.write(out)
            fi.write('\\n')
    else:
        break

fi.close()

再跑脚本

normalKeys = "04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"
shiftKeys = "04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17"以上是关于ctf 常用python脚本及在线网站的主要内容,如果未能解决你的问题,请参考以下文章

实验吧CTF密码学Writeup-奇妙的音乐Writeup

常用CTF工具

Web安全之CTF测试赛

ctf中常见注入题源码及脚本分析

CTF密码学密文脚本解密及WP(凯撒解密)

[CTF Web]用django快速搭建一个网站