{"id":60,"date":"2023-11-05T10:13:59","date_gmt":"2023-11-05T02:13:59","guid":{"rendered":"http:\/\/www.s1mh0.xyz\/blog\/?p=60"},"modified":"2024-04-18T21:35:47","modified_gmt":"2024-04-18T13:35:47","slug":"pcb2023_wp","status":"publish","type":"post","link":"https:\/\/www.s1mh0.cn\/blog\/index.php\/2023\/11\/05\/pcb2023_wp\/","title":{"rendered":"\u7b2c\u4e09\u5c4a\u9e4f\u57ce\u676f\u521d\u8d5bMISC\u65b9\u5411wp"},"content":{"rendered":"

Misc<\/h2>\n

\u6211\u7684\u58c1\u7eb8<\/h3>\n

bg.jpg\u7528binwalk\u5206\u79bb\u5f97\u5230\u538b\u7f29\u5305\uff0c\u91cc\u9762\u6709\u4e09\u4e2a\u6587\u4ef6\uff0c\u5e76\u63d0\u793asnow\u5bc6\u7801\u4e3asnowday<\/code><\/p>\n

\"\"<\/p>\n

\u80af\u5b9a\u5c31\u662fsnow\u52a0\u5bc6\u54af\uff0c\u5e76\u4e14flag.txt\u6709\u7a7a\u767d\u5b57\u7b26\uff0c\u5c06\u5176snow\u89e3\u5bc6\u5f97\u5230flag\u7b2c\u4e09\u90e8\u5206f86361842eb8}<\/code><\/p>\n

\"\"<\/p>\n

flag.wav\u4e00\u542c\u5c31\u662f\u7ecf\u5178\u7684SSTV\u52a0\u5bc6\uff0c\u53ef\u4ee5\u76f4\u63a5\u8fdb\u884csstv\u8f6cpng\u5f97\u5230\u4e8c\u7ef4\u7801\uff0c\u626b\u63cf\u5f97\u5230flag\u7b2c\u4e8c\u90e8\u5206eaa2-4d62-ace6-<\/code><\/p>\n

\"\"<\/p>\n

\u8fd8\u5269\u4e00\u4e2ayoushouldknowme.jpg\uff0c\u7528exiftool\u6216\u8005\u76f4\u63a5\u67e5\u770b\u5c5e\u6027\u53ef\u4ee5\u770b\u5230passwd_is_7hR@1nB0w$&8<\/code>\uff0c\u7528steghide\u5f97\u5230flag\u7b2c\u4e00\u90e8\u5206flag{b921323f-<\/code><\/p>\n

\"\"<\/p>\n

\u62fc\u63a5\u5f97\u5230 flag{b921323f-eaa2-4d62-ace6-f86361842eb8}<\/p>\n

\u6d41\u91cf\u6df1\u5904<\/h3>\n

\u67e5\u770b\u6d41\u91cf\u5305\u53d1\u73b0\u7b2c\u4e8c\u4e2aUDP\u6d41\u5c3e\u90e8\u6709zip\u7ed3\u5c3e\u6807\u5fd7\u4ee5\u53ca\u4e00\u4e2akey\uff0c\u4f46\u662f\u627e\u4e0d\u5230zip\u5934
\n\"\"<\/p>\n

\u7ffb\u7b2c\u4e00\u4e2aUDP\u6d41\u65f6\u7a81\u7136\u770b\u5230\u4e86KP\uff0c\u5e76\u4e14\u901a\u8fc7\u5341\u516d\u8fdb\u5236\u641c\u7d22\u5230\u4e8604 03 4b 50\uff0c\u731c\u6d4b\u7b2c\u4e00\u4e2aUDP\u6d41\u8981\u8fdb\u884c\u6570\u636e\u53cd\u8f6c<\/p>\n

\u6839\u636e\u65f6\u95f4\u6233\u987a\u5e8f\uff0c\u4e24\u4e2aUDP\u6d41\u662f\u4ea4\u53c9\u4f20\u8f93\u7684\uff0c\u6240\u4ee5\u6839\u636e\u76ee\u7684\u7aef\u53e3\u53f7\u8bc6\u522b\uff0c\u7aef\u53e3\u53f7\u662f12345\u7684\u662f\u53cd\u5411\u6570\u636e\uff0c12346\u7684\u662f\u6b63\u5411\u6570\u636e\uff0c\u5199\u811a\u672c\u62fc\u63a5\uff08\u81ea\u5df1\u5199\u7684\u6bd4\u8f83\u70c2\uff0c\u8fd9\u91cc\u501f\u9274\u5e76\u5b66\u4e60\u4ed6\u4eba\u811a\u672c\uff09<\/p>\n

from scapy.all import *\n\ndef extract_udp_data(pcap_file, output_file):\n    udp_data = []\n    packets = rdpcap(pcap_file)  # \u8bfb\u5165\u6d41\u91cf\u5305\u6587\u4ef6\n# print(packets)\n# # <secret.pcapng: TCP:30 UDP:7884 ICMP:100 Other:0>\n\n    for packet in packets:\n        print(packet.data)\n        if UDP in packet:\n            udp_payload = packet[UDP].payload\n            timestamp = packet.time\n            udp_data.append((timestamp, bytes(udp_payload), packet[UDP].dport))\n# \u76f8\u5173\u5c5e\u6027\u53ef\u4ee5\u4eceLib\\site-packages\\scapy\\packet.py \u6216\u8005 Lib\\site-packages\\scapy\\layers\\tls\\session.py\u4e2d\u770b\n\n    # Sort the data by timestamp\n    udp_data.sort(key=lambda x: x[0])\n\n    with open(output_file, 'wb') as file:\n        for timestamp, data, port in udp_data:\n            if port == 12345:\n                # Reverse the data for port 12345\n                data = data[::-1]\n            file.write(data)\n\nif __name__ == "__main__":\n    pcap_file = "secret.pcapng"\n    output_file = "combined_data"\n\n    extract_udp_data(pcap_file, output_file)<\/code><\/pre>\n
\u538b\u7f29\u5305\u89e3\u538b\u5f97\u5230secret.wav\uff0c\u7ed3\u5408\u6587\u4ef6\u7ed3\u5c3e\u7684key\uff0cdeepsound\u89e3\u5bc6
\n\"\"
\n\u5f97\u5230\u9f20\u6807\u5750\u6807\u6587\u4ef6
\n\"\"<\/p>\n
\u5229\u7528Macro Recorder\u5728\u753b\u56fe\u5de5\u5177\u4e0a\u7ed8\u5236\u5f97\u5230flag<\/p>\n
\"\"<\/p>\n
<\/div>","protected":false},"excerpt":{"rendered":"
Misc \u6211\u7684\u58c1\u7eb8 bg.jpg\u7528binwalk\u5206\u79bb\u5f97\u5230\u538b\u7f29\u5305\uff0c\u91cc\u9762\u6709\u4e09\u4e2a\u6587\u4ef6\uff0c\u5e76\u63d0\u793asnow\u5bc6\u7801\u4e3asnowd […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,6],"tags":[],"class_list":["post-60","post","type-post","status-publish","format-standard","hentry","category-misc","category-wp"],"views":1668,"_links":{"self":[{"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/posts\/60","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=60"}],"version-history":[{"count":11,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions"}],"predecessor-version":[{"id":324,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions\/324"}],"wp:attachment":[{"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=60"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=60"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.s1mh0.cn\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=60"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}