当前位置:网站首页>Misc Basic test method and knowledge points of CTF
Misc Basic test method and knowledge points of CTF
2022-07-05 15:10:00 【Golden silk】
One 、 Simple test method
1、 Attribute hiding flag Or some important information , Such as unpacking password
2、 Hexadecimal data of the file ( middle \ ending ) Hide character segments , Those hidden character segments are generally regular , It may take some decoding to arrive flag, Example :Bugku And telnet_l2872253606 The blog of -CSDN Blog
3、 Add file suffix zip unpack , In the unzipped file flag
4、 Complete the file header
5、 Common file types
6、kali Next file Command to view file types
command :file file name
Two 、zip
1、 File format
• Head sign 50 4B 03 04
• Version number , The last four digits of the head logo
• Encryption , The last two digits of the version number ,00 Is unencrypted , The rest are usually encrypted
2、 Pseudo encryption , There was no encryption zip file , In artificial modification 16 Base case ( After the version number 00 Get rid of ), I mistakenly thought it was encrypted when decompressing
3、 Code explosion , Using tools ARCHPR Blasting
3、 ... and 、PNG
1、 File format
• Head logo ,89 50 4E 47 0D 0A 1A 0A
• Width bit 0x10-0x13, Don't change it at will , According to CRC Value modification
• Height bit 0x14-0x17, You can change it at will
•CRC Check bit 0x1D-0x20,CRC It is the verification of file data blocks , Modifying the data block will cause the verification to fail , The file cannot be displayed normally
2、 The height display is incomplete , Example :Bugku Steganography _l2872253606 The blog of -CSDN Blog
3、 The width display is incomplete , According to the... Of blasting documents CRC Value changes the width , Otherwise, it will fail to open the file
4、LSB Steganography , Using tools stegsolve Or is it kali see ,kali Watch it all ,
Example :Bugku Cyberpunk _l2872253606 The blog of -CSDN Blog
• use stegsolve see
For documents stegsolve open ,Analyse,Date Extract
Check the last three 0, The mode is generally RGB, If you don't find it , You can try another mode
Point again Preview, Drag the data to the top
Find out flag
• use kali see
You have to download zsteg Tools , Specific method Baidu , Drag the file into kali
Enter the command zsteg file name
You can view the hidden content
Four 、JPG
1、 File format
• Head logo ,FF D8
• Tail marker ,FF D9
2、 Modification of width and height
3、base64 Source code to picture
5、 ... and 、GIF
1、 File format
• Head sign ,47 49 46 38(GIF8)
2、flag Hidden in a frame , use stegsolve see
6、 ... and 、 File separation
Sometimes a file may hide many files , At this time, we have to use tools to separate
1、 Automatically analyze files and automatically separate files
use kali System
• Analyze documents binwalk file name
• Separate files binwalk -e file name
• Separate files foremost file name -o Directory name
2、 Manual file separation
Automatic separation is used when it doesn't work , Specific operation Baidu
3、 Example :Bugku And easy_nbt_l2872253606 The blog of -CSDN Blog
边栏推荐
- TS所有dom元素的类型声明
- MySQL之CRUD
- 想问下大家伙,有无是从腾讯云MYSQL同步到其他地方的呀?腾讯云MySQL存到COS上的binlog
- 手写promise与async await
- [detailed explanation of Huawei machine test] happy weekend
- Go learning ----- relevant knowledge of JWT
- easyOCR 字符識別
- How can I quickly check whether there is an error after FreeSurfer runs Recon all—— Core command tail redirection
- Redis' transaction mechanism
- 【华为机试真题详解】字符统计及重排
猜你喜欢
729. My schedule I: "simulation" & "line segment tree (dynamic open point) &" block + bit operation (bucket Division) "
CPU design related notes
面试突击62:group by 有哪些注意事项?
Run faster with go: use golang to serve machine learning
Mongdb learning notes
Redis' transaction mechanism
美团优选管理层变动:老将刘薇调岗,前阿里高管加盟
How to paste the contents copied by the computer into mobaxterm? How to copy and paste
[detailed explanation of Huawei machine test] character statistics and rearrangement
P1451 求细胞数量/1329:【例8.2】细胞
随机推荐
Huawei Hubble incarnation hard technology IPO harvester
Two Bi development, more than 3000 reports? How to do it?
Cartoon: what are the attributes of a good programmer?
MongDB学习笔记
两个BI开发,3000多张报表?如何做的到?
The elimination strategy of redis
Bugku's steganography
Can I pass the PMP Exam in 20 days?
【数组和进阶指针经典笔试题12道】这些题,满足你对数组和指针的所有幻想,come on !
漫画:优秀的程序员具备哪些属性?
CPU设计实战-第四章实践任务三用前递技术解决相关引发的冲突
[recruitment position] Software Engineer (full stack) - public safety direction
Mysql---- function
长列表优化虚拟滚动
maxcompute有没有能查询 表当前存储容量的大小(kb) 的sql?
Visual task scheduling & drag and drop | scalph data integration based on Apache seatunnel
Creation and use of thymeleaf template
Can gbase 8A view the location of SQL statement history?
Photoshop plug-in - action related concepts - actions in non loaded execution action files - PS plug-in development
TS所有dom元素的类型声明