观安杯题目是中途发来了 ,三道做了2道
1、office
尝试binwalk foremost无果,直接查看属性:
base解码:
打开xlsm,输入该字符串:
其中参考了:https://www.52pojie.cn/thread-1634125-1-1.html
清除密码后,保存新文件,再进行操作,否则没啥用;
最终获取到:
Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Function Check(user_enc)
Encrypted = "184,116,232,38,216,127,29,89,225,84,108,82,8,0,161,49,232,127,45,252,147,140,185,210,26,107,123,2,82,189,0,167,205,130,94,54,94,242,138,139,102,79,250,139,9,142,17,42,198,113,246,6,142,31,"
If (user_enc <> Encrypted) Then
Check = False
Else
Check = True
End If
End Function
Private Sub Worksheet_Change(ByVal Target As Range)
If Not Intersect(Target, Me.Range("B2")) Is Nothing Then
If Check(crypto(Target.Value)) Then
Me.Range("C2").Value = "success"
Me.Range("C2").Interior.Color = RGB(232, 245, 233)
Else
Me.Range("C2").Value = "fail"
Me.Range("C2").Interior.Color = RGB(251, 233, 231)
End If
End If
End Sub
Function crypto(sMessage)
Dim kLen, x, y, i, j, temp
Dim s(256)
For i = 0 To 255
s(i) = i
Next
j = 0
For i = 0 To 255
j = (j + s(i)) Mod 256
temp = s(i)
s(i) = s(j)
s(j) = temp
Next
x = 0
y = 0
For i = 1 To Len(sMessage)
x = (x + 1) Mod 256
y = (y + s(x)) Mod 256
temp = s(x)
s(x) = s(y)
s(y) = temp
crypto = crypto & (s((s(x) + s(y)) Mod 256) Xor Asc(Mid(sMessage, i, 1))) & ","
Next
End Function也可以直接在bin文件中搜索:
2、see it
使用binwalk提取到文件:
用steghide可以分离一张图片:
最后用stegsolve提取lsb即可:
刚开始以为跟音频有关,各种尝试无效,。。。。
![[记录] 2024羊城杯部分writeup-微慑信息网-VulSee.com](https://vulsee.com/wp-content/uploads/2024/11/98ebf8e67dea769bcb61e207876ee591.png)
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
