BUU|BUU [GKCTF 2021]签到

BUU [GKCTF 2021]签到 1.题目概述
BUU|BUU [GKCTF 2021]签到
文章图片

BUU|BUU [GKCTF 2021]签到
文章图片

2.解题过程
追踪HTTP流 BUU|BUU [GKCTF 2021]签到
文章图片

在下面发现了一串可疑字符
Base16转base64 放到010里看看
BUU|BUU [GKCTF 2021]签到
文章图片

复制下来,去转字符
BUU|BUU [GKCTF 2021]签到
文章图片

好像不是,再回去找找其他的
BUU|BUU [GKCTF 2021]签到
文章图片

BUU|BUU [GKCTF 2021]签到
文章图片

又发现了这个
BUU|BUU [GKCTF 2021]签到
文章图片

看来flag与Base64编码有关,那么怎么才能得到呢?
可以利用base16转成base64,然后base64又可以转成字符,就这么干
又找出来2个base16字符串
BUU|BUU [GKCTF 2021]签到
文章图片

BUU|BUU [GKCTF 2021]签到
文章图片

复制到010
BUU|BUU [GKCTF 2021]签到
文章图片

BUU|BUU [GKCTF 2021]签到
文章图片

【BUU|BUU [GKCTF 2021]签到】但是第一个解出来啥都没有
BUU|BUU [GKCTF 2021]签到
文章图片

再解解第二个
BUU|BUU [GKCTF 2021]签到
文章图片

看来有戏,但是解了一下没出来什么东西,还提示编码有误
BUU|BUU [GKCTF 2021]签到
文章图片

看了看才发现,他这个地方有点问题
BUU|BUU [GKCTF 2021]签到
文章图片

正常的==应该在最后,把他逆序一下

wIDIgACIgACIgAyIK0wIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMiCNoQD jMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjoQDjACIgACIgACIggDM6EDM6AjMgAzMtMDMtEjM t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0iCNMyIjMyIjMyIjMyI 6AjMgAzMtMDMtEjMwIjO0eZ62ep5K0wKrQWYwVGdv5EItAiM1Aydl5mK6M6jlfpqnrQDt0SLt0SL t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLK0AIdZavo75mlvlCNMTM6EDM z0yMw0SMyAjM6Q7lpb7lmrQDrsCZhBXZ09mTg0CIyUDI3VmbqozoPW+lqeuCN0SLt0SLt0SLt0SL sxWZld1V913e7d2ZhFGbsZmZg0lp9iunbW+Wg0lp9iunbW+Wg0lp9iunbW+WK0wMxoTMwoDMyACM DN0QDN0QDlWazNXMx0Wbf9lRGRDNDN0ard0Rf9VZl1WbwADIdRampDKilvFIdRampDKilvVKpM2Y ==QIhM0QDN0Q #正常情况应该是XXX==这种,所以逆序一下试试,注意是每行逆序才能得到标准的XXX==

然后建一个脚本:
每行逆序
a='wIDIgACIgACIgAyIK0wIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMiCNoQD' b='jMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjMyIjoQDjACIgACIgACIggDM6EDM6AjMgAzMtMDMtEjM' c='t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0iCNMyIjMyIjMyIjMyI' d='6AjMgAzMtMDMtEjMwIjO0eZ62ep5K0wKrQWYwVGdv5EItAiM1Aydl5mK6M6jlfpqnrQDt0SLt0SL' e='t0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLt0SLK0AIdZavo75mlvlCNMTM6EDM' f='z0yMw0SMyAjM6Q7lpb7lmrQDrsCZhBXZ09mTg0CIyUDI3VmbqozoPW+lqeuCN0SLt0SLt0SLt0SL' g='sxWZld1V913e7d2ZhFGbsZmZg0lp9iunbW+Wg0lp9iunbW+Wg0lp9iunbW+WK0wMxoTMwoDMyACM' h='DN0QDN0QDlWazNXMx0Wbf9lRGRDNDN0ard0Rf9VZl1WbwADIdRampDKilvFIdRampDKilvVKpM2Y' i='==QIhM0QDN0Q' print(a[::-1]) print(b[::-1]) print(c[::-1]) print(d[::-1]) print(e[::-1]) print(f[::-1]) print(g[::-1]) print(h[::-1]) print(i[::-1]) #耐心一点,正确分行

BUU|BUU [GKCTF 2021]签到
文章图片

BUU|BUU [GKCTF 2021]签到
文章图片

逆序后再转一下看看
base64转字符 BUU|BUU [GKCTF 2021]签到
文章图片

哇,终于出来了,去重一下
flag{Welc0me_GkC4F_m1siC!}
或者利用栅栏密码网站,调整一下{}的位置就好了
BUU|BUU [GKCTF 2021]签到
文章图片
(注意,下划线_不要漏了)
这道签到题好难啊!!!
3.flag
flag{Welc0me_GkC4F_m1siC!}

    推荐阅读