实验吧wp(持续更新)

writeup ctf

 2018/05/30   Share

密码学

疑惑的汉字

题目：现有一段经过加密的密文，内容如下：
王夫井工夫口由中人井中夫夫由中大。
请找出这段密文隐藏的消息明文。

格式：CTF{ }

解题链接： http://ctf5.shiyanbar.com/423/crypto/1.html

当铺密码:

就是一种将中文和数字进行转化的密码，算法相当简单:当前汉字有多少笔画出头，就是转化成数字几
1 2 3 4 5 6 7 8 9
由中人工大王夫井羊
所以王夫井工夫口由中人井中夫夫由中大：67 84 70 123 82 77 125
CTF{RM}

凯撒和某某加密

题目：aZZg/x\ZbavpZiEZp+n)o+

writeup：

这是整个ascii表的凯撒移动，我参照网上提供一个py代码：

#coding:utf-8
import string
def foo():
    s="aZZg/x\ZbavpZiEZp+n)o+"
    #ascii码表中可打印的字符
    a=string.maketrans('', '')[33:127]
    for n in xrange(0,26):
        b=a[n:]+a[:n]
        table=string.maketrans(a,b)
        print string.translate(s,table)
    pass
if __name__ == '__main__':
    foo()
    print 'ok'

aZZg/x\ZbavpZiEZp+n)o+
b[[h0y][cbwq[jF[q,op,
c\i1z^\dcxr\kG\r-p+q-
d]]j2{_]edys]lH]s.q,r.
e^^k3|^fezt^mI^t/r-s/ f__l4}a_gf{u_nJ_u0s.t0 g`m5~bhg|voK`v1t/u1
haan6!caih}wapLaw2u0v2
ibbo7”dbji~xbqMbx3v1w3
jccp8#eckj!ycrNcy4w2x4
kddq9$fdlk”zdsOdz5x3y5
leer:%geml#{etPe{6y4z6
mffs;&hfnm$|fuQf|7z5{7
nggt<’igon%}gvRg}8{6|8
ohhu=(jhpo&~hwSh~9|7}9
piiv>)kiqp’!ixTi!:}8~:
qjjw?ljrq(“jyUj”;~9!;
rkkx@+mksr)#kzVk#<!:”<
sllyA,nlts$l{Wl$=”;#=
tmmzB-omut+%m|Xm%>#<$>
unn{C.pnvu,&n}Yn&?$=%?
voo|D/qowv-‘o~Zo‘@%>&@
wpp}E0rpxw.(p![p(A&?’A
xqq~F1sqyx/)q”\q)B‘@(B
yrr!G2trzy0r#]rC(A)C
zss”H3us{z1+s$^s+D)BD
ok

注意这一行：f__l4}a_gf{u_nJ_u0s.t0
栅栏密码特点就是隔几个字母能读顺成一个单词，一般译为分2个一组
具体情况具体分析，就像此题一处特殊单独三个一组。观察敏感得知，
反正有奇葩字符肯定不是，看有没有{，}，CTF,flag这种字符得知：
f__l4}a_gf{u_nJ_u0s.t0进行解密：

f__ =>f _ _
l4} =>l 4 }
a_ =>a _
gf =>g f
{u =>{ u
n => n
J_ =>J _
u0 =>u 0
s. =>s .
t0 =>t 0

结果就是flag{_Just_4_fun_0.0_}

keyboard

题目：提示：和键盘有关
解题链接： http://ctf5.shiyanbar.com/360/keyboard.html

writeup：

打开网页后看到：BHUK,LP TGBNHGYT BHUK,LP UYGBN TGBNHGYT BHUK,LP BHUK,LP TGBNHGYT BHUK,LP TGBNHGYT UYGBN
根据题目提示，我发现这些在键盘上排列出一个英文字母..（这些明显是密室逃脱的套路）
BHUK,LP对应N，TGBNHGYT对应B，UYGBN对应C

flag:NBNCBNNBNBC

密文 rot13

57R9S980RNOS49973S757PQO9S80Q36P （md5不解密）
解密网站
flag:57E9F980EABF49973F757CDB9F80D36C

他的情书

从前从前,有个人爱你很久很久
格式：ctf{}
解题链接： http://ctf5.shiyanbar.com/crypto/4
f12查看源码

`[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+([][[]]+[])[+[]]+([][[]]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(+(!+[]+!+[]+[+!+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(+![]+([]+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(+![]+[![]]+([]+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]](!+[]+!+[]+!+[]+[+!+[]])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]])()([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(+(!+[]+!+[]+[+!+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(+![]+([]+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(+![]+[![]]+([]+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]](!+[]+!+[]+!+[]+[+!+[]])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]])()(([]+[])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+[]])[+[]]+(!+[]+!+[]+!+[]+!+[]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]])+[])+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(![]+[+![]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]]+[+[]]+(![]+[+![]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])()[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()+[])[!+[]+!+[]+!+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()`

控制台解码提示Hint:urlenode
再仔细查看源码发现

var Words ="%3Ccenter%3E%0A%0A%3Cp%3E%u4E0D%u96BE%u7684%uFF0C%u8F93%u5165%u5BC6%u7801%u8FA3%21%3C%2fp%3E%0A%0A%3Cscript%20language%3D%22JScript.Encode%22%3E%23@%7E%5EEwAAAA%3D%3DC%5E%2b.D%60rt%2b%5EVKE%23p@%23@%26EwUAAA%3D%3D%5E%23%7E@%0A%0A%3C%21--%0A%09%2f%2f%2a%2a%2a%28%u3065%uFFE3%203%uFFE3%29%u3065%u6211%u8981%u62B1%u62B1%21%21%21%2a%2a%2a%0Aeval%28function%28p%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction%28c%29%7Breturn%28c%3Ca%3F%22%22%3Ae%28parseInt%28c%2fa%29%29%29%2b%28%28c%3Dc%25a%29%3E35%3FString.fromCharCode%28c%2b29%29%3Ac.toString%2836%29%29%7D%3Bif%28%21%27%27.replace%28%2f%5E%2f%2CString%29%29%7Bwhile%28c--%29d%5Be%28c%29%5D%3Dk%5Bc%5D%7C%7Ce%28c%29%3Bk%3D%5Bfunction%28e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction%28%29%7Breturn%27%5C%5Cw%2b%27%7D%3Bc%3D1%3B%7D%3Bwhile%28c--%29if%28k%5Bc%5D%29p%3Dp.replace%28new%20RegExp%28%27%5C%5Cb%27%2be%28c%29%2b%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%3B%7D%28%27%3C%21--v%20p%28%29%7B6%208%3Dh.o.e.n%3B6%202%3D%22q%3D%3D%22%3B6%20a%3D%5C%27t.s%3Fe%3D%5C%27%3B6%20d%3Dj.r%3B6%20k%3D%5C%27%5C%27%3B6%20g%3D2.9%28m%2C4%2a4%29%2b2.9%28l%2C5%2a5%29%2b2.9%280%2C1%29%2b2.b%287%2C1%29%2b2.b%28z%2C1%29%2b2.b%28B%2C1%29%2b2.9%283%2b3%2C7%29%3B8%3Dd.b%28d.f%28%5C%27%3F%5C%27%29%2b1%29%3Ba%3Da.9%280%2Ca.f%28%5C%27%3F%5C%27%29%2b1%29%2b%5C%27A%3D%5C%27%3Bw%28i%3D0%3Bi%3C8.y%3Bi%2b%2b%29%7Bx%288.c%28i%29%3D%3Dg.c%28i%29%29%7Bh.u%288.c%28i%29%29%7D%7Dj%3Da%2b8%7D--%3E%27%2C38%2C38%2C%27%7C%7Ccry%7C%7C%7C%7Cvar%7C%7Cpass%7Csubstring%7Caddr%7Csubstr%7CcharAt%7Clocatie%7Cpasswd%7CindexOf%7Cpass2%7Cdocument%7C%7Clocation%7Cout%7C24%7C15%7Cvalue%7Cform%7Czhegejiamiyidiandoubuku%7CRm9yM0re354v5E4FUg5FasDboooo%7Chref%7Cphp%7Csoroki%7Cwrite%7Cfunction%7Cfor%7Cif%7CLen%7C11%7Cl0vau%7C13%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%0A--%3E%0A%3C%2fscript%3E%0A%0A%3Cform%20name%3D%22form%22%3E%0APassword%3A%20%3Cinput%20type%3D%22password%22%20name%3D%22passwd%22%3E%20%3Cinput%20type%3D%22button%22%20value%3D%22boom%21%21%21%21%22%20onClick%3D%22zhegejiamiyidiandoubuku%28%29%22%3E%0A%3C%2fform%3E%0A%0A%3C%2fcenter%3E";

urldecode得到

<center>
<p>不难的，输入密码辣!</p>
<script language="JScript.Encode">#@~^EwAAAA==C^+.D`rt+^VKE#p@#@&EwUAAA==^#~@
<!--
    //***(づ￣ 3￣)づ我要抱抱!!!***
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('<!--v p(){6 8=h.o.e.n;6 2="q==";6 a=\'t.s?e=\';6 d=j.r;6 k=\'\';6 g=2.9(m,4*4)+2.9(l,5*5)+2.9(0,1)+2.b(7,1)+2.b(z,1)+2.b(B,1)+2.9(3+3,7);8=d.b(d.f(\'?\')+1);a=a.9(0,a.f(\'?\')+1)+\'A=\';w(i=0;i<8.y;i++){x(8.c(i)==g.c(i)){h.u(8.c(i))}}j=a+8}-->',38,38,'||cry||||var||pass|substring|addr|substr|charAt|locatie|passwd|indexOf|pass2|document||location|out|24|15|value|form|zhegejiamiyidiandoubuku|Rm9yM0re354v5E4FUg5FasDboooo|href|php|soroki|write|function|for|if|Len|11|l0vau|13'.split('|'),0,{}))
-->
</script>
<form name="form">
Password: <input type="password" name="passwd"> <input type="button" value="boom!!!!" onClick="zhegejiamiyidiandoubuku()">
</form>
</center>

经过网站解密:https://www.sojson.com/jsjiemi.html

<!--function zhegejiamiyidiandoubuku(){
    var pass=document.form.passwd.value;
    var cry="Rm9yM0re354v5E4FUg5FasDboooo==";
    var addr='soroki.php?passwd=';
    var locatie=location.href;
    var out='';
    var pass2=cry.substring(15,4*4)+cry.substring(24,5*5)+cry.substring(0,1)+cry.substr(7,1)+cry.substr(11,1)+cry.substr(13,1)+cry.substring(3+3,7);
    pass=locatie.substr(locatie.indexOf('?')+1);addr=addr.substring(0,addr.indexOf('?')+1)+'l0vau=';
    for(i=0;i<pass.Len;i++){
            if(pass.charAt(i)==pass2.charAt(i))
            {
                document.write(pass.charAt(i))
            }
        }location=addr+pass
    }-->
``` 
将以下代码放置控制台运行
```javascript
     var cry="Rm9yM0re354v5E4FUg5FasDboooo==";
        var addr='soroki.php?passwd=';
        var locatie=location.href;
        var out='';
        var pass2=cry.substring(15,4*4)+cry.substring(24,5*5)+cry.substring(0,1)+cry.substr(7,1)+cry.substr(11,1)+cry.substr(13,1)+cry.substring(3+3,7);
        pass=locatie.substr(locatie.indexOf('?')+1);addr=addr.substring(0,addr.indexOf('?')+1)+'l0vau=';
    "soroki.php?l0vau="

得到soroki.php?l0vau=

编写python代码

 #-*- coding:utf-8 -*-
import requests
cry="Rm9yM0re354v5E4FUg5FasDboooo=="
addr='soroki.php?passwd='
locatie="http://ctf5.shiyanbar.com/crypto/4/"
pass2=cry[15:16]+cry[24:25]+cry[0:1]+cry[7:8]+cry[11:12]+cry[13:14]+cry[6:7]
addr=addr[:addr.index('?')+1]+'l0vau='
location=locatie+addr+pass2
print location
html=requests.get(location)

得到http://ctf5.shiyanbar.com/crypto/4/soroki.php?l0vau=FoRevEr
得到aW4yIHNheTpJIGxvdmUgeW91IEZvcmV2ZXIhVGhlIEdpcmwgc2F5OiB6cWN7ZmtxdGxfZnBfeWZkX3B5fQ==
解密in2 say:I love you Forever!The Girl say: zqc{fkqtl_fp_yfd_py}
flag:ctf{intwo_is_big_sb}

js

小明某天在看js的时候，突然看到了这么一段代码，发现怎么也理不出代码逻辑，你能帮帮他吗？
格式：SimCTF{}
解题链接： http://ctf5.shiyanbar.com/crypto/2.html

一定要在查看源码中复制代码,把下面eval转换为console.log再放到控制台中运行

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('<1 8="7/a">9(\'\\6\\3\\2\\5\\4\\b\\i\\h\\k\\j\\0\\g\\d\\c\\f\\0\\e\')</1>',21,21,'u0065|script|u006d|u0069|u0054|u0043|u0053|text|type|alert|javascript|u0046|u006f|u0063|u007d|u0064|u006e|u006a|u007b|u005f|u0073'.split('|'),0,{}))

得到

<script type="text/javascript">alert('\u0053\u0069\u006d\u0043\u0054\u0046\u007b\u006a\u0073\u005f\u0065\u006e\u0063\u006f\u0064\u0065\u007d')</script>

解密：http://tool.chinaz.com/tools/unicode.aspx

原文作者: threst

原文链接: https://threst.github.io/2018/05/30/实验吧wp/

发表日期: May 30th 2018, 10:13:14

Next Post

如何在MIMIKATZ添加模块
Previous Post

kali下安装docker

CATALOG

1. 密码学
1. 1.1. 疑惑的汉字
  1. 1.1.0.1. 当铺密码:
1.2. 凯撒和某某加密
1. 1.2.1. writeup：
1.3. keyboard
1. 1.3.1. writeup：
1.4. 密文 rot13
1.5. 他的情书
1.6. js



缺失模块。
1、请确保node版本大于6.2
2、在博客根目录（注意不是archer根目录）执行以下命令：
npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置：

jsonContent:
  meta: false
  pages: false
  posts:
    title: true
    date: true
    path: true
    text: false
    raw: false
    content: false
    slug: false
    updated: false
    comments: false
    link: false
    permalink: false
    excerpt: false
    categories: true
    tags: true