challenges-Misc
1. ️005 破解shadow
hashcat破解就行了
$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:reddragon
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: $6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrk...WYQee.
Time.Started.....: Tue Dec 24 22:18:28 2024 (1 sec)
Time.Estimated...: Tue Dec 24 22:18:29 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 53686 H/s (14.63ms) @ Accel:1024 Loops:128 Thr:32 Vec:1
Speed.#2.........: 804 H/s (7.84ms) @ Accel:32 Loops:64 Thr:16 Vec:1
Speed.#*.........: 54490 H/s
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 32768/14344387 (0.23%)
Rejected.........: 0/32768 (0.00%)
Restore.Point....: 0/14344387 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:4992-5000
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:4800-4864
Candidate.Engine.: Device Generator
Candidates.#1....: diego -> keepout1
Candidates.#2....: 123456 -> fuckyou1
Hardware.Mon.#1..: Temp: 51c Util: 99% Core:2535MHz Mem:8000MHz Bus:8
Hardware.Mon.#2..: N/A
HMV{reddragon}
2. 008压缩包爆破
zip2john 008.zip
008.zip/flag.txt:$zip2$*0*3*0*751e06905814ebe63a63c72e8755d887*d807*e*25e3c7613e997071cd21a2163883*ba4cf18e59493b2515da*$/zip2$:flag.txt:008.zip:008.zip
john 008 --wordlist=/usr/share/wordlists/rockyou.txt
survivor (008.zip/flag.txt)
HMV{cromiphi}
3. 011电话按键解密
3-1表示 3号键第一个字母
$$$$$$$$$$
$_________$$
$_$$$$$$$_$$
$_$_____$_$$
$_$_____$_$$
$_$_____$_$$
$_$_____$_$$
$_$$$$$$$_$$
$_________$$
$$$$$$$$$$
$_________$$
$_1__2__3_$$$
$_4__5__6_$$$
$_7__8__9_$$$
$_*__0__#_$$$
$_________$$$
$$$$$$$$$$$
$$$$$$$$$
FLAG:
HMV{?}
?
=
3-1 D
2-1 A
8-1 T
2-1 A
7-4 S
3-2 E
2-3 C
HMV{DATASEC}
4. 016 ANSI 转义序列
echo -e "HMV{\033[31mw\033[31mh\033[31my\033[31m i\033[31mm \033[31mn\033[31mo\033[31mt \033[39m m\033[39ma\033[39my\033[39mb\033[39me \033[39mu\033[39ms\033[39me \033[32m g\033[32mr\033[32me\033[32me\033[32mn\033[32mt\033[32mh\033[32me\033[32mf\033[32ml\033[32ma\033[32mg\033[39m}"
HMV{greentheflag}
5. 031 摩斯密码
HMV{MORSEGIVESYOUTHEFLAG}
6. 032 GIF逐帧隐写
HMV{gifarefun}
7. 033 WEP_KEY
利用 aircrack-ng 爆破即可
┌──(root㉿kali)-[~/Desktop/hmv/MISC]
└─# aircrack-ng 033.pcap
Reading packets, please wait...
Opening 033.pcap
Read 71032 packets.
# BSSID ESSID Encryption
1 00:23:CD:1F:73:B0 WirelessLab WEP (17314 IVs)
Choosing first network as target.
Reading packets, please wait...
Opening 033.pcap
Read 71032 packets.
1 potential targets
Attack will be restarted every 5000 captured ivs.
Aircrack-ng 1.7
[00:00:00] Tested 60016 keys (got 17273 IVs)
KB depth byte(vote)
0 0/ 1 4D(28160) 24(23808) 58(23552) 44(22528) B7(22528) 94(21760) D2(21504) 00(20992)
1 4/ 34 59(21760) E1(21504) 5B(21504) B0(20992) 56(20736) 98(20736) A6(20736) B4(20480)
2 36/ 45 04(19712) 16(19456) 41(19456) 56(19456) 7B(19456) 7C(19456) 81(19456) E6(19456)
3 14/ 40 45(20992) D3(20992) 94(20736) 04(20736) 0F(20480) 58(20480) B2(20480) 00(20480)
4 0/ 1 59(27648) 6F(23040) 25(22016) 20(21760) 38(21760) 30(21504) 53(21504) 67(21504)
KEY FOUND! [ 4D:59:4B:45:59 ] (ASCII: MYKEY )
Decrypted correctly: 100%
HMV{MYKEY}
8. 039 jwt解密
ey开头一眼jwt
HMV{DoNotStoreSensitiveDataHere}
9. 041 keepass爆破
┌──(root㉿kali)-[~/Desktop/hmv/MISC]
└─# bash /root/Desktop/tools/keepass4brute.sh Challenge.kdbx /usr/share/wordlists/rockyou.txt
keepass4brute 1.3 by r3nt0n
https://github.com/r3nt0n/keepass4brute
[+] Words tested: 498/14344392 - Attempts per minute: 1358 - Estimated time remaining: 1 weeks, 0 days
[+] Current attempt: amigos
[*] Password found: amigos
HMV{EasyPeasyMoney}
10. 043excel解密
execel文件的本质就是一个压缩包
我们可以解压后用vscode打开
全局搜索 flag 或者 hmv 没有找到。那多半是藏在二进制文件里面了
strings .\vbaProject.bin
HMV{b63ce4efbf0b4214a470a707d34bc3ba}
11. 053 哈希碰撞
9950b5c66f8518f8b012359dc7390589 c03ec75734f58d87cddff35c57786429 e757e84e31ef68a74d86d6b52478654c HMV{c761d942cf5fe4ba9ece382739afef4e}
利用rockyou爆破出前3个md5
可以发现前三个可以爆破出来,而且是有规律的
直接对第四的一个进行哈希碰撞
4doggy1
3mimis2
2wagon3
1lordp4
HMV{1lordp4}
12. 060 G代码解密
HMV{engraving_a_trophy_for_Kerszi}
13. 083 文件隐写后缀
用010查看发现是png
cybercheaf 解密 用hexdump下来即可
解密后图片上有一个Base64编码的flag
HMV{ancienttimes1880}
14. 088 谐音
HMV{ilikechinese}