极客大挑战

ez_jpg

base64解密,发现16进制逆序

image-20241123160643614

jpg宽高修改,这里修改宽将02 80 02 20 改为02 80 02 80即可

image-20241123161029393

download

舔狗的觉醒

8位数字爆破

image-20241123161641715

相邻的字节反转

with open("byte-revenge.txt", "r") as f:
    data = f.read().split()

result =""
for i in data:
    res = i[::-1]
    result += res
print(result)
swapped_data = [byte[::-1] for byte in data]

with open("1.txt", "w") as f:
    f.write("".join(result))

保存为1.zip,打开之后有一个pdf文件,pdf转ppt移动图片即可

image-20241123163112890

Sercet Of Starven

NTLM协议

NTML 全称 New Technology LAN Manager,是微软提供的一组安全协议,用来认证用户身份。它是一个基于 质询响应 的协议,在验证用户的过程中不需要传输用户的明文密码

认证过程基于 质询/响应 challenge/response

解题思路:

过滤smb2,长度为401的包找到Challenge

image-20241123202144603

Challenge:9a35e37a04717230

image-20241123202412107

在长度为705的包中有response:189bf0b02d2f766af2242dc455ad4fe10101000000000000ca1f069a8a09db01980131a514a3d32d0000000002001e004400450053004b0054004f0050002d00510032004200390044004900410001001e004400450053004b0054004f0050002d00510032004200390044004900410004001e004400450053004b0054004f0050002d00510032004200390044004900410003001e004400450053004b0054004f0050002d00510032004200390044004900410007000800ca1f069a8a09db010600040002000000080030003000000000000000010000000020000044063d2e3ec53e332816d81a43ec5914e72ef2dc0599bfa08788e043eb523af80a001000000000000000000000000000000000000900240063006900660073002f003100390032002e003100360038002e00310031002e00320030000000000000000000

Username:Starven

Domain name:192.168.11.20

拼接NTML格式:(注意数据顺序和去掉重复顺序)

Starven::192.168.11.20:9a35e37a04717230:189bf0b02d2f766af2242dc455ad4fe1:0101000000000000ca1f069a8a09db01980131a514a3d32d0000000002001e004400450053004b0054004f0050002d00510032004200390044004900410001001e004400450053004b0054004f0050002d00510032004200390044004900410004001e004400450053004b0054004f0050002d00510032004200390044004900410003001e004400450053004b0054004f0050002d00510032004200390044004900410007000800ca1f069a8a09db010600040002000000080030003000000000000000010000000020000044063d2e3ec53e332816d81a43ec5914e72ef2dc0599bfa08788e043eb523af80a001000000000000000000000000000000000000900240063006900660073002f003100390032002e003100360038002e00310031002e00320030000000000000000000

hashcat -O -a 0 -m 5600 starven.txt /usr/share/wordlists/rockyou.txt

image-20241123211919342

压缩包密码:spellorstarve

SYC{D0n7_spre0d_St@rven’s_s3crEt}