感谢Byxs20师傅的博客指导：https://byxs20.github.io/posts/21790.html

[HDCTF2023]ExtremeMisc

放进010editor里，发现有zip压缩包，foremost提取出来

打开压缩包里面的文件需要密码

直接爆破出来密码是haida

得到一个Reserve.piz，放进010editor中，发现是个zip文件，但是每两位的hex值逆置了

用脚本逆转过来，保存为zip文件

input_str = input()

output_str = ""
for i in range(0, len(input_str), 2):
    if i + 1 < len(input_str):
        output_str += input_str[i+1]
        output_str += input_str[i]
    else:
        output_str += input_str[i]
        
print(output_str)

打开压缩包，Plain.zip里的文件可以直接解压出来，secret.zip解压需要密码

比较Plain.zip里的secret.txt，和secret中的secret.txt是一样的

将secret.txt解压出来，用同种的压缩方式Store压缩

然后明文攻击

得到压缩包的密码，打开secret.zip，得到flag

NSSCTF{u_a_a_master_@_c0mpRe553d_PaCKe1s}

[HDCTF2023]MasterMisc

得到七个文件，放进010editor中发现是将一个zip分解成了7份，合并成一个zip，导出

打开需要密码

直接爆破出来密码是5483

解压出来，放进010里

在这张png后面又有一张新png，导出来另存为flag.png

图片很小，可能是改变了宽高，用脚本爆破出图片的宽高

# -*- coding:utf-8 -*-

import struct
import zlib

def hexStr2bytes(s):
    b = b""
    for i in range(0,len(s),2):
        temp = s[i:i+2]
        b +=struct.pack("B",int(temp,16))
    return b

str1="49484452"  # 数据表示快，第一行的最后四位

str2="0802000000"   # CRC前五位

bytes1=hexStr2bytes(str1)
bytes2=hexStr2bytes(str2)
wid,hei = 350,43     #0x0141,0x014C

crc32 = "0x41DFCF32"

for w in range(wid,wid+2000):
    for h in range(hei,hei+2000):
        width = hex(w)[2:].rjust(8,'0')
        height = hex(h)[2:].rjust(8,'0')
        bytes_temp=hexStr2bytes(width+height)
        if eval(hex(zlib.crc32(bytes1+bytes_temp+bytes2))) == eval(crc32):
            print(hex(w),hex(h))

运行结果：0x15e 0x64

修改图片的宽高后得到了一段密文

-7536-4433-bff

在010editor中的最后部分，也有一段密文

f-96759901c405}

最后这段hex导出来，发现文件头是wav文件

放进audacity，分析频谱图，得到第一部分的flag

[HDCTF2023]SuperMisc

得到一张图片和一个.git文件

放进010里面，发现有很多的01，按照00和11导出来这些数据

写成一个二维码

扫描可以得到

11000#11111#10000#01111#11000#00011#11000#00011#00011#100#00011#01111#10000#00011#00011#00001#10000#00111#00011#00001#10000#00001#00011#11111#00011#11111#00111#100#00011#11000#00011#00001#10000#00001#10000#10000#00111#100#00011#00001#00011#00001#00011#11110#00011#00111#00111#100#10000#00111#00011#11111#00011#00001#00011#11110#00111#100#00011#00000#00011#11100#00011#00111#10000#00000#10000#00000#00011#11100#00011#00011#00011#11111#00011#11110#10000#00000#00011#10000#00011#00000

由0，1，#三个字符组成的有序字符串，morse密码

把01#分别替换为. - /

解码可以得到

706173733D31633462346430302D373464662D343439322D623034392D353832656538333039653635

form hex 可以得到

pass=1c4b4d00-74df-4492-b049-582ee8309e65

将得到的.git文件放进kali中

分别用命令

git log
git reset --hard e9286.....

Snipaste_2023-04-23_23-38-34

得到一个zip包，打开需要密码

密码就是刚刚得到的

查看文件发现是VMDK文件

发现了加密后的flag

看文件提示应该是维吉尼亚密码，明文是HDCTF

得到密钥，在线解密

[HDCTF2023]BabyMisc

打开得到一个文件和一个包

包里放着很多文件，一直嵌套，到很久才能得到一个txt文件

脚本提取出来

import os

def get_files(folder_path):
    files = []
    for filename in os.listdir(folder_path):
        full_path = os.path.join(folder_path, filename)
        if os.path.isdir(full_path):
            # 如果是文件夹，则递归获取其中的文件
            files.extend(get_files(full_path))
        else:
            # 如果是文件，则添加到文件列表中
            files.append(full_path)
    return files

folder_path = 'E:\Desktop\Script' # 替换为实际的文件夹路径

files = get_files(folder_path)

text = list(1000 * " ")
for file_path in files:
    count = int(file_path.split("\\")[-1][1:])
    with open(file_path, 'r') as f:
        text[count-1] = chr(int(f.read(), 16))
print(''.join(filter(lambda x: x != " ", text)))

得到

#!/bin/sh
inf1=$1;inf2=$2;ouf=$3;flag=$(wc-c${inf1}|cut-d''-f1);if[$(wc-c${inf2}|cut-d''-f1)-ge$flag];thenflag=$(wc-c${inf2}|cut-d''-f1);fi;sum_flag=0;flag1_flag=0;flag2_flag=0;FLAG=0;foriin$(seq0$(($flag+$flag)));doif[$FLAG-eq0];thenFLAG=1;ddif=$inf1of=$oufbs=1count=1seek=$sum_flagskip=$flag1_flagstatus=none;sum_flag=$(($sum_flag+1));flag1_flag=$(($flag1_flag+1));elseFLAG=0;ddif=$inf2of=$oufbs=1count=1seek=$sum_flagskip=$flag2_flagstatus=none;sum_flag=$(($sum_flag+1));flag2_flag=$(($flag2_flag+1));fidone

问ChatGPT说这是一个依次交换的脚本

用脚本提取

with open("Encrypted.file", "rb") as f:
	data = f.read()

with open("1.7z", "wb") as f:
	f.write(data[1::2])

with open("base.txt", "wb") as f:
	f.write(data[::2])

得到一个7z和一个base

将base32解码和rot47解码

ca5l3B9zcaQ6gOHou1EJR460hNZ6HW0YSCxFziho9N1CvAeiSUulbva9GrgPohUq%AhUhSfeKUsNzp7GQhY4qa19oDnhS3F#LtDkTcHKfa#Fi1D70U8ezyOfZm0LJBYYu%6zrXs5WKTEGUzG#NU6NCG34hvrmsH3qEsiuDlhng37Y0KbWmrhnajaoM7gLrQfdt%2vdH#8#nGM2Xu8ujtFgiF3lPk5LJlDM9d7QzKLGZ2C4ekwOhIZiBNluF4FlQAXQ5%C29yTHn2WAIuxqAb4yKd6rkIh8ZBhdalazmABUhRRGZLTT5jb6f6kI4xub8o5lwY%1TtwUBbAcSS9LBowu5UcHgrab91TOufdMtzcf1UA9s3tSDnasI3##v7RpOuaTUj4%NNrDSkMEqiS5DPXqv9JeREZeAl2LuAq5nktmHfKQvBuUralaursnhP9MUJJL9NqW%Y9nYLrW61RF5xJMljRLGpHVJS5KNWSDkuebp77bxM4FN87ItNeU6OGimT8O4nds3%0YUF0OwgEk3aLshyLGOhU3NouMERMa9#IVXm3ecW#JZiT#isU3tRuEbNuiNJrT3j%TbPugYdArqOfzbbPyj#qlixvDSszS95uIpyidauRFYQYYboYSCf4xmgfRF379rVJ%haTDj40uWaUPUyVVrc8Ud5jP0XWzpI65H5N22aWwPPTz1JpA1AZ#FY7o5edOR8#v%bSnc4l4yL9sikSGTnYesAmuAJDT8WwAfbny0RwuUjWohxMX0Ljdu55UgX176fvRg%NI92ySegnpP5MgzaWf0QZGLe3kXnkZ2JzvxiS6YDKMHNM5FHDBY3S3vRSVnggvDq%5YlE5Lyi#1yX9LAEhozeOLFfbiShTFRGOxLXsfLJt5f6zizdJe2rYvoOBuSh4E6w%00wSe8bu7HcUY158KtL#T7dIwhrGEQzNatfo19mgxNr0sMnyjufkxbY5xCICV9Oc%Vbl6f11oRZvXQGqCzyJXzHwZkJhYJo6DEfD63JzTERDKb0iidCrA6y1z0kcWDeeW%jgbqnuqx2XRM1BjrzDJh#h0Qm4qtMlNIZhXcOUSMQgFwz5m09JT4O5FkRdhHETie%zUVofza5SkFDpHEgeAxrMuCgfJikN7utaTf9PeaFvbwcwkhYKy#iMvjFIl0m4ji2%twx06dkrjFxMgC9waB9h799w0GpJfZ194ZjST5t0cvWzsDX83pyQyeAUniKb7rqx%FckV2aAJtes4UvUDEhiwTIMQjToxlj0STZvu4TxZpA5yEVaHQ41M#2eWv5eCYs2X%gqSKTp3iaIDXmb0KsLQR2d0cntRkNEG0bwwfqGRRa5JxoJLXCwRchSjD2MFfgsNe%2zt7HGspfGLve9tVS5Y8AopZ6FPpmDPAT5IBsBOhE7zJeoRF2QHwDkr#Gsp5OaTW%UqH0Hhko4qSbDv37hH590VQcHVq#Q4JaMKGNm7gGiSsY44lSO2WNYYcZ7pU0kWGG%jlqE#2ztTvOmk8aRsx2A900mIpMuAA5HiaUv1uYITqNmOlDOjATchbQzmL1CuQG2%uaLxC1iROJAv5yJNmO#e9gk5osRdhdNCx4isrzoTD991zrryibCzv8vK5J#ADRj8%VzwpeYhJU1MLD2lpsIE6Bd61nGEofHH#HXQ4MKTphF0sTNdoIafVbXrQOxbqpNbo%x5iIUteK9QsHHW5SVJisISE2ACWBZqaWkrncHIhIBQweuGB2FdGbvACdS5Qp3n1i%dY4dG52Unxo1eGio9PyXv6870I6O#LMKsh4uP5daqCAIt1V6ybqxHD#cttcGcHo0%8D02C81NpdXMDguAtnO7oiVTNZp9NsNJaSz3oVzLHdO0a1#lsnaEugeGPc5r8rI3%mDci3#Q6nFytKkUmrZdbJ#KHzHHA6uHfnlJNQI234QSbavnn#angJ4WagQf#VKAg%z3j#nl9BMDyTWv6T2DB5kRDpapeqENLsM7HhJOsyE0CNEpYaiMiODhMtxmdIaGKA%#Qxccm3clROkSyipv5A0CGScfO5hQgRXQJdUBakg5LWNoDUqppii5doib7snq6l0%MugRo04B35Y8z#750Vazz44EXGS4NcuXBX0wX9tqhDlu0#J5xLe0zLzu33LZ3L52%69m7kpPIY0zPIAIrzVu7ocgGKAVGiDO8YR36864YAThsOLxXZj805u7r56ZKwiWo%uSf8dLb9o53GH32XA1urNw7Sa6vEhfTEXvqW1Idd8p4wgToLLS2K5T1MPw6r7Vbz%HGwoI3#l9kzdiy1TOtgOENitqhlqhHT5FUzLVuZ2KNPIZKLlZn6rl5yHSZbiGxxp%yE24h#XZA4mShxLLhTGmoxqfKBGCxLY5t4zyHk3R2ifd5e64YjBiXNIiMKG79qaD%kPAnGJl7SCPNPW3Rz5HLmiMgLi7DGNTCkLrWWt7stMKD52To0cDgKpOsm6Rv43Gs%2UA5o3LqznHgyH5kWHwHrkMwfnIJ55X5ThrHX1GaddrgqVaXFZYHOyLtDn4m5835%3wGAXVZh0aAb0dbMgsONEVGxeUZUAuH6Qt1SWxei16q3ChF2dhPE8U#068m3u8oX%75Q0y4HpiFYyWgHeaQsc4SJ#HvpAW7iAVcfwwRwbEGNmIkRdIHTo5zEsdnkxAR7X%T4vST5GBUp#7Bpi3BcRqDJPgn4mNmAqOWvqqdOjpbD9PhEaJ7xkgLxqMIwNT9F59%ajH8CLE7vI2EeNA1BHTJWVPYl8k8uvl3ls7ckAhIe8Ot009D5JtZaAArGk4E4EaK%7BXVeUerVPmKSPmXfAryX6ojhgIu2sdANzY5Hr5GDD7LSbGDbOS1ElNjKef7kJHy%3PoWruqOKoysQ3JYEEsDVYXP5a#Ut6mSeBQgR8kU#A7pUZZWKrmUQp1gLTxlH9QJ%smhiMUGdoeQCnoBYqXxYV5u5Uqfg8zYugjy9pD36LVx1Tv1jOc5nuk3XpX5xKd3l%ImS0gXyS4XUKoHIVrdWGi5RfD6jfBSCxgdsQDKM8bNY8MqLLCqOe8OQ1Wx6Pqee4%a55t6VxMHU#xpKCJcYflCVmKB6aziEW#5G0DDuXnwSRVhR33u4sRWkf9u5e2bfja%z5F6URgrYakMJBs5#lE5lZCcwZskS49RT2Xi1ofyoFjKPGjuEYf5Fr2Pvc#LCpOd%tYoS9MtW#HwKNnKgxbOhd6kDWUoJ4vOsfi2OmOxGHdzFqocYv5O#9B9gEr8k2hOA%tjYDs1bs#NS#jjQ7Xbnj7RvUzLg1csAnvVsZj2uXwhYTKZdGiBiisku55eKWeVPg%yVVcNVBMqIO7a5bCBtktHvVx3GrOnV1e5iVSYvC8#i#WlRBuvVln0wi9mY3MIv8R%xMGcEvfSt7LFLtCuLH7jjHR5Ot41Kcguyur6KP7NltZFsLXwLxBagf3R1vXnEeze%yMnFrX2aWETgPCz4Wmh5Fsegfbts2L0409YngviFOqpF7N2vG#AWfy7a4Vmi4GpU%oFNDRmid5EyXsAdr3jEkaUfclxkGmQyENQhVHhsjiKaWqdCcu29K25eaCHieylfI%bRW15bkBeaucQXOT5CpRWVaSTV2Rr1M2FnsfdhhuOm6kozAUU0V7HydbIIxYoLVd%DrmasK#rW4OC85gCoJEU2J1Iz83dhi7nHPQiIMSpE8hrXbhwFjhykRAne5zdVW7R%38lc##ol1NoYJ5GRp4FMC70PpQCj56#MIHbcPWclLBhwg58D4rZ6N4gNLsWHXTJH%ShnxfDxvU1rUaV0RxFxQFFxfLuIPXCRFR5IDbH87jYH26BEiTkW72MHKnRrWZp5B%dyZynn4XE51nhUbtvyGj05RUnJKrb#aayhqL8JzlxfZsh49MMhFTj5zlG3Lqp514%p7ZbFZVRFWu0ntZmsB76HQdU54TRmJ20ICgzBr4pk#ISRlCITH35ufxStztq3iyY%6Q8BQrgK6VoYpIpt9muRE3goUrqSd3nckBB5e9pPwnUnR#BP6Nbz4jRAiCUUR0aM%LvKx3A92GZpIKeYiGpBC1jsUUSrWLnghUTK9ubCfjEd2C1eKZvdyf88W#LD#O3Xg%7IZH5GbaNE#asoyptlZrQU3iWEJvZs8f4m9AuHgmlRf1JNhvWccIoi2eEJLYIAOk%o21bMHrLKsiQ3CjyuDOSYnuVCIV57yRe04gJPx19RzGcD2xsiDooBjzaGLy5qlWu%xSI1RiNaEOJtJbrbux##Tq5ZggAgzzOscg76pWrlxVmHZ61u51aJrXwfgev5#vPn%VpqqKDA4HqW52IAwBPPDZ0EoeTGjS0vaCLMqDR7qobhzNm2asU8q457oC2iBs85Z%mMSMiHuP1lNDe07E9Djrgl172JdV1AarwX9p7uqAGc##WETUSn5C9ZQuRGrOyiNu%EqT2biHsN1psZKfirTXFeWRg53RLz0gG5dR6LmXHJyg56iRVGMqbveE4IPrkCRU0%AWbbQQ35KDjh115UV3UGtf8iahMn4DugpTayhT6#1ZcM1yBPIDW2u0JevVPVyC8f%hdy9OyFgcaLEhfCXVSa6klvm1txe85ck8Czx3HLLqyTyZzHjt1fPXNNgEZazG5Fh%jhTEBxSrQiFFyDnHIjSYDKNqD2nzrlR79vNJQj03mCj9GN9pACGhcffLkDQOT3KN%qPIrs#TfCu8GCqYCmAXNnyGsYAVFoNefylJbKEAj4vH4onx0GkckoU#nyXXt3yFS%C5uijU4ohMpqUJvMAbkuXNyTPpWrk2dzmLJ#wjuByXDLTdIofxQuzoQ7oba19TaM%1b0gZALzV#fUPP7Qfmhn57V600gW0pOfujiJntHYQTJapo7qmN4L2YVgtSWrrfxz%RoARfzspS#EVLEQqYuwUckAvArLLgCuSypMXqPyCUWOP7Gbb3Xou00WyLKjcXLOh%jiq5c5m0Y2yytyb9Bi3OOLfSZ8l5LsH8tCBAbEZZdVZCZeaNMCCCnwQsdcwfnuw1%rpZdth4kPAjpYvo7ynkGNMP2aByvVHNIUFbFFbxHiqeK8nNNNG1U5esrOeJUar5s%D931GvUULYlsfTAuci00LeZzXy0wVs1lFE683TAnyxN5tHOTIIrxJDwpjH#RSQ2S%vUh0TU45e4QhE2Zq6cs9Yt5QST2nodEmJI4kxNcBv6757vsv6qGfP516CPtH250f%DeM3dSpfS51e09nWbrfO6DKlil0dy9aSOARMOZOZ1E1tnMyAswMekqDFp8KNi3QQ%oZyChf4UKfQAp701fkPj7Ps66xzrwIRMNKzTNeLAG5Qjupef2X2HCcHviQDQsdOk%Dx00RcyLVhQCMyrx1wcuqs#25sy7LxT2LAUNOaQ1JM1HFg7M9sp1aTVXtv1YfLnO%KFeCHt6cHZxtDqXWAJnf7tVnyJJJrXzE#PepXAQNOdu2vIYKr29SBUo3WV2aXyFB%W88BZxagH8klUR9O4fs6gHawEn0SNKsV1hNXoH2AZXxLTvUlFPmXYYZHM3lAJrnw%QGIqn9gn6XlLwipDacJEWCMjy8Q0Xl45vFin2jU5iv2gEFmL7MB#ApjqO5faAoVU%DQVAMPFcBi0bOfQh38AWBw2k1ANovnHLiiukjbHjd8xhOHl2ezijCqnyErK2xSy9%bxRIKlj8i4sFdqARGSYWkKwfdlK9x4HTeAjMeszDT6CEnx9auVQOFPsg2Pa6jAJ2%Ym0iR7WKnIx9oye8o057coGxqp6pFQs3UhoItucBbzig9BmauwQ8#FqeEo78ko9y%aJ1Ss0SOBg5rR5VNc4s9ZTH6mW0FnmlqRn07Y6ABAZHRkPWMdoYSSi6O3Rq#aasd%DesuotzsbmmWr5mnDrTpD334WlxH8IpGIR1Xe3#5rIYLtEuzvnt4SdnH2rhC9gys%Y2p85w2GhJFTURMi5yvu1O5ArtbDDS8ZHKMPY53deSDKM3Rm0siGwNzxZJnkHe33%gMWz2EymZloETqCEAtTUjPKy7qZSWaNK1HMWz8bLY6c4PfEavkIx96#4RW8KTlAp%N5yAt1ZMFXp9agj#3h3gLWNu9oeb7HfsfKQKn5mL5q07JkYJ4mJd42a7z5hBpnEu%MYCq2HegilbE5dRqgPfE#KdwgWvW9JgNjAgLqGvN5T5CtGYTlX#A6yxfc5C#DmRR%ZisuIlC855Xw9BWom5qoAQ6MoT#0aMxU5B86jiBFCV4Vq5tYIFshecfeYdlPAqy6%0VlphxulMc#MIcsCTWPfDF1QLpnEVl32HH3L5GQ5doGIoxkDovyD9XPVZ8u22MHv%#mYirPRBESVTTxKwlc1PEAP7ZXCla12nzbm10DbtY#kcElDHwrYyrBUyI7L1q5v3%rxUHtfWHPyyDWVC7tDJGSUUUGvXvN488WFtXLgnVi60nd02inQ2mVZYSCGDd3nAK%3mmlJ0QlSd643m0wJvNmm04mGf8CuBdDe2HuAN9EJPqD5V1kE5HV6MMm5T2s4M2U%UC0##8qk7Udku8wNPJM7VbI#vfNAtDVlMwRX7a7iKRFbxnWcmIC5#8UJQs8y4NPv%wPxSdqlTLrEIlIYpJb6A578phJ0R2JQcmL0GKgaOvd#l2UKkxqjFJT#KmNIaUkEe%uSqR80I7uqMSCPXwSCgroogtt2DYTDxYEGnLgXf2R5MdXTG##BZZvPrJMGzqStlS%TPT5zAl0OcWA2nv56Pq95dlhI15alwWbKzrhOMWoo5mEJyt5TREBaT9O39pet1w6%1f3spcWZztFgP587z1m9oirjwjoaRHGRX#j9HqELnylW3B5fwAwTWSgfyawivK45%dNspaDn4z1LhU7MYwqmZXMraNfdPM0h0M85Iwj856ivmqZeQtocYmuT7cZor225K%Ze04KfOHOM3LERAtjCw5QADP5H57E7tEIKRBmqKSxFAUdBMhtuikhzCNqpbljWxh%LaLI1nI8q32hRn0ZdwzLJ5kV9zQZ0Cu8aBaS#MK19kM3iVMYV0YrfBrtLvKEd7il%kmUQegpRZYZpjxxpeFa54EfzDp9IxPTwvhGT6RFMzzRifY0DSsQS2VL#3zbCrLmU%aJewvZQsnPnuukP5GqfenowRr6cYKxoXzr6bMeR5zj3Fn5r9mVnzvloGwWiPQGPd%URQG7PACwdf#y50frgLOY9n4bug9M8FzgkTiO84qCzQGErWgt99J5EQc9MirtJkb%mheRAFFKNkTDWz5RFdbCMip5KByX8zdisMskBFMREqx856Z0#K#DtSYPuaRVomga%OjuYL4mRBmmi5Esf3t6IIH7tCyDiFeXs7OrVduze13KfoDy4SVQgNay5ZkvlfHHb%V6nGabo3dbCRt5DwRRChugkLaRmS5qWLzD5h3fNA9xPFW70Tr6ayjTAqRv06IG0k%DnNf0RrGpMkgB1uluhifhwSvLpIyj9HC5UEXM#C1wG3CoVaayRL1L5sdWAkFx6HA%IAfDd1D9lB155DllM2PKmusv2nZvOrn2sx5gcWHQFYklP9UDcR5#b5B5ft7tEeZT%WpUdHktGcby4NesACI9aWhEKtnnrVaaKK4jGVtbPimnIBjPwm1dEVZnCRG0v74O3%QJ2frLFUz2Ii6pkDJFGm2n0EIylNLcjiY#NGH2PF1p5GFoGpXj2tjuUz8wjA9tpx%BEla8NHGg2GcU0Nsart7f6bQx1#QzA#ln9JXLlEIBsUAb5hzxUFLOzeFqjTD55I#%kr1D9#S#x5X6N3qTXrUzA05Bb4Dib8I7xJ5vI3qjWD5vZhNIshitQtL3zsVpZs2Q%MbMu0OIPZ5#DJsrJzw5oM2325RPsl6vneEVdP##macF2vh6ROdLE4j7jd189d159%lvh6cOKuTpslIwx5wL0A4XntzC492DQeCwAtv2pG1FeygWghovJQJv0XGz0Dlkma%BDwzRZmMv99Jt8IqC5#V1jR9QayCdshJccP4pK4Bctb53sqfHqtZ47xX5SideoHE%d2I7Aqr0oF5c#Zf5ou8d6OU8slxCfFIA7Pf8R8EwoJjaLVWohQ6fjXZt0BdAoYRi%YHcpdXLCIZ9yjuqvdtKZhYltcbq9SHJybxkdirOZG#QNpnOzMcPyWKoQDpLTVkkr%m3jWQP#j59vbk3qO5O5r2UIATzukIZDGST3L2vLejq6FBEBLNvEqn04qIVsEXmJg%YlIjDZDPr9375eTji5U3SVp2XpyVkOQK36EYsuNhuamwUrKZcuOatMLydrfMP0jh%a57Xa5IrxwdFJNQ9sNkjd2mv2yGeeBUf6Fqm5fqTjI5iQ3t5LefVKB3gDtwHX1y#%uUyNn5cRNF7Z5EcPtgUcrIqzWD0xHaI4onRJRt75Y2nvZO7SoQycjlveBpXZQDSU%n2mlENJhBN4WC5xPuYs6AR1IqjL5l6aIhQDQodgk2uCYTPuRjiPttc0mr4xH3tVs%QXhk3rV2oQ0B5ImSyYsjji1NZNuSArvp551xLev5590Sy5fEtuy82jXholZpL1iP%jwmdGd91bGdeW3vb6DmN7r3SbC0eL7eN5AYsqg1NbyGogpbrtKR7Uu5r4eNthFQo%8a0J65OAynDyOw0uJnWTYlB9NXdYyRKBTNlqZLT6fyYZ3ULD54r8CRbk4VFNrMK3%67UDTm6dLM0z1bAbOdJ242YE1RfvH0V6y3X8#ITXt5HRvKJ9sskmOsLOerCE6CZM%7Fj7K0UiAdT5qy7ebe8XAINgAySY9TVQWDaZvHSb0ZQVQcsR157LzDNV#tK0tT5v%8b1pOdGmGDDKqJhdsjDwH2HbUQAkGgEEmQnh##GlNCXMveNp0W6qB3990ZrnOeuK%CPswYU5cdNSXsPfS07k6t25GfXTnUW78zygMxCxZi4MzwNdrrRLxEso87wO3C5l5%0zWGCRwseHaiYTjOfH3m5AsH1sWXy#KfLAJpfdyrBoIkwsRXtgWwd#MMpfu51984%QxdEPLRZtvn4RM5TMHqvL9fTmFeycugkuz9MufX37iJ8S8xvL3#5YhEL#p4WqqNv%P8xS#QYNvEzT3Avq3PFi4p5YCG1ux635uP9bLXQDCaJyNFaWan3vr8WuWHI3kmqO%I3TEDZIZO6AkAVfZrS5o#BIdR8RrmB1xAmUsAw5OGZZFRUJFkMdRyb0#VXHXlwnG%5HIKqkoTwqnwWvbvz6yz0Mk5EUIKbNQQqhIvzyfwy#uRfQf5fqlJs5lgoLmyiY1Y%Mm6RDRURgH7O#5m2jTDLrqcz7#iFcR4k5SMyFaJilcJ9nlUjGZrAt23RNHyG76rk%XgqruNK5EiPjcE6tzuC3#UI75SgXY7mOZgR7D4uV4sTI7CqG0USRDyO9j28VFuB9%l8yYCSboLpD8AqtW5fpCzPoHVmu4jaX5XiLMPPB4m7H4wNbsQZaoKq9#9LFWxA55%ZdMLLBqCjiQDA8hqjL1P8QzMDqQfjGLzcC#KsFBMGhssh6lgHiNwI5x3udyDp6fe%Pr41N5YLIPPXQKxGHTD2yQAKju4E9fUTJ#eC62ABH8YZnelvjZ1gk9hkCY3BsFqR%KRqqgCrk4MJxcapkS6C8lfp0scp3w8JM1PguwOb4zPK1u2IitI6KStLneTOvpj3c%TDZD2UbrgXdZz5rWqXDgzADalALMO56V5agoMyHlLZ3Yh0unhOrI7MMo20#L8iwn%HGvVifk1mcC9Qi5EVU#2b5r26SHSulfSHkNjq#dyE97ttagpCEDsQLG2K9FEQyO4%5n05z7ivuoDCLBeQQ54g7SMPWAxjJzPTQnZ43U3bBKCRIDnYQXMox1Lm20uqBBHd%EpOcWH21ue5lyU#xcm5sXvSKwF25soep0OMwFDyIzMFkyQnI#EoOVdzamOCyzRgC%UAq5vAYICpRl3tztcBp5MXTtswUbkMwI84BBO2eN5Om7m7Sb1ABIIr2EVKpE#6sk%Z2brhVLAgocw5RxNXMqcUSDjDUNlI5kcs1A7k9WsN9gYP5#tWz3vu#Dgp#hDyUMu%RNG7onzs0XJwg2vZpnVm0rJljeYpQzJkgGC5Fp2HzUKr0kl67tMN#fPos5IvPDjH%B5vLy4WZXKIqIH7QU8YfLDLzew8G1DSt36Nvr2Kc#TqJVd29m60yMNTOJm0lH5jI%icrWQ4Yydn8gwb5J4UlNxL1Kp5C6inm2N1TYYTBEnQkwjHZd527rzuyYqXZgH#8v%OTht50v42r3WWHNd2dDxW9Mova4FYc9Ogix9emkShvHoCsWTPx9hTpXgltzsXeMe%tcehgu9iixLePsHgg#UorxGN7zYkSvYrg1or5dO3xEQzoLzFAsSKNN2Yfl5xsjtE%Dui7oUz#x5ik4Q2P1jc5Xm6f7x2pW9l7##qxKU#83#To4ibapnz6g6ILqBNGVlKa%2G6nlzqAbuF7y9ije5e56VaLUOZeLo1KjmpXfDrKeG9iv5BC5HygfaI2qc7G9dtj%RveWLKhVQyIJ35ifUwGD#JEm5W#WGgpn85xB6Wir13Kyte#Th9RHbH#G2XwbB1mC%7tswHpya3M8535KhRjzLNPpcaUMB6SaZSl8UoinCpJvriiukUCAlHtc5nlupa67b%Z#AnjAo1CHuNaVz3J#lWxBV3L462CDic39T8u500IALwSa9rJE5CvY8eQhYpqsCX%vbOz7#ebB0R1KajkEqPwWaBpkyZ78fo8m0n#HejcWUGOHVQ5#mrZ2HsjkOVu8pUJ%VCuOhJZtTyWIumzji#IbCeJJtL2rxW0K6h5FEtlqqI6jhB2VkAJu##5VbFQtShR2%fUVBeQSsO9vDb4nuVs#Oahdp6GYS5d4Iu98sIBB1uEE

解压得到了一个pmf的命名的文件，这个pmf文件是 DiskGenius 备份后的一种文件格式，改一下名字为 1.pmf，拖到 DG 里面就好了

得到三个zip和一个图片，看名字也是lsb

将得到的txt中多余的部分删除

但是这里保存的txt是unix，要在window下重新保存

名字为key.txt

打开第三个压缩包，一看就是明文攻击

而且这里必须用7z压缩

不多说，明文攻击，根据新教程，也可以判断这个是7z压缩的，链接：https://byxs20.github.io/posts/30731.html

misc-wp hdctf 2023 misc

newstarctf misc-wp week1 2023

526互联

HDCTF2023-Misc-wp

[HDCTF2023]ExtremeMisc

[HDCTF2023]MasterMisc

[HDCTF2023]SuperMisc

[HDCTF2023]BabyMisc