CTF的两道比较不错的流量分析题

  • CTF的两道比较不错的流量分析题已关闭评论
  • 25 views
  • A+
所属分类:CTF专场

前言

前段时间,在一个群里面有两个人同时把两道流量分析题发出来,我做了一下感觉这两道题的质量很不错,所以就分享一下wp给大家,希望对大家有帮助。

题目附件我分享一下

链接:https://pan.baidu.com/s/1n_Q4pRgt0_GF-8n5Nop9fA 密码:5p76

Traffic.pcapng——一个10M的大小流量包

直接过滤http协议,可以看出这个流量包捕捉的是数据库注入流量

CTF的两道比较不错的流量分析题
直接去分析一波,发现是用盲注的方式注入,由于本人盲注的技术太菜了,是菜鸡,所以请了一位大佬9u4ck给我一番的教程指导我才明白,大佬yyds

直接把http协议里面的所有包都全复制到txt文件里面
CTF的两道比较不错的流量分析题
然后我们过滤掉一下无用的,提取关键的语句即可(写的垃圾脚本)
CTF的两道比较不错的流量分析题
CTF的两道比较不错的流量分析题
但是这个url编码还是存在,于是url解码(http://www.jsons.cn/urlencode/)

CTF的两道比较不错的流量分析题
然后将解码后的字符复制过来

CTF的两道比较不错的流量分析题
从测试的语句中就可以看出,使用的是sqlmap测试的,于是我们直接看关键的,直接跳过数据库表名等,直接看看flag

如图,我们简单的判断
CTF的两道比较不错的流量分析题
再继续细化,以免看的太乱
CTF的两道比较不错的流量分析题CTF的两道比较不错的流量分析题
再简单的分析,简单的说,各函数的意思不细讲

第一个语句:判断lag表的第一个字符是否大于64,显然是大于64,因为第二条语句就判断是否大于96,如果是小于64的话就不会去判断是否大于96了,接着第三条语句判断了是否大于112,显然我们可以从第二第三条语句知道,flag的第一个字符的 ascii码是大于96的,从第四条语句中又可以判断出第一个字符是小于112的,因为大于112不成立所以才需要往更小的值判断,同理通过第五条语句可判断出第一个字符是小于104的,因为第五条语句是跟100比较,只有比104小才需要去跟100比较,同理第六条语句可同理判断出flag的的第一个字符是大于100的,接着第七条语句判断 是否大于101,显然是大于101的,因为小于了102不成立后才去验证是否大于101, 验证完了,即下一步,那就说明flag的第一个字符一定大于101,但是大于102不成立,因为倒数一句不成立才进行最后一句,简单的说就是慢慢的缩小范围,就类似于二分法,所以就可以从这两个语句判断出,flag的第一个字符就是 102 ,对应的字符就是 f

接着运用同样的分析方式去分析第二个字符
CTF的两道比较不错的流量分析题
同样为了方便看清楚,只提取了重要的内容
CTF的两道比较不错的流量分析题
利用以上的分析方法,再简单的叙述,第二个字符大于96,因为如果不大于就不会 再去是否大于112,而是应该去判断是否大于64之类的,同理可判断这个字符(第二 个字符)是小于112的,接着这个字符应该是大于104的,继续判断,这个字符大于 108是不满足的,大于106的满足,最后大于107是满足呢还不是不满足,这都可以 说的通,于是就产生分歧了,因为这个字符是107满足我们分析,但是这个字符是 108也会满足我们的分析,这里最后选择108,因为108对应的是字母 l ,结合第一个 字母 f,连接起来就是 fl ,也就是flag的前两个字母

紧接着继续分析第三个字符

CTF的两道比较不错的流量分析题
直接看出来,大于96,小于112,小于104,小于100,小于98,最后可以确定等于 97,因为大于96,小于98,利用以上的猜测,结果就是 97 ,即字母 a ,也就是前 三个字符是 fla ,不用看,直接猜测下一个字符就是g

CTF的两道比较不错的流量分析题
同理,第四个字符,大于96,小于112,小于104,大于100,大于102,所以就是 103,即 g
CTF的两道比较不错的流量分析题
第五个字符,不再过多的叙述,就是 123 ,即 { ,所以得出flag前五个字符就是 flag{
CTF的两道比较不错的流量分析题
第六个字符为:101或者102,这里选102,即 f , flag{f

CTF的两道比较不错的流量分析题
第七个字符:97 即 a , flag{fa

CTF的两道比较不错的流量分析题
第八个字符:107即 kflag{fak ,flag有k这个字符吗,显然应该是不对的,flag 内容一般是[0-9a-f ]和-
CTF的两道比较不错的流量分析题
第九个字符:101即 eflag{fake
CTF的两道比较不错的流量分析题
第十个字符:101或者102,这里选择102即 fflag{fakef

CTF的两道比较不错的流量分析题
第十一个字符:108即 lflag{fakefl

以下不再截图,因为都一样,直接上最后的flag

flag{fakeflag2333333333333}
  • 1

你可能会问为什么没有第28个字符,从最后的判断就知道不存在第28个字符
CTF的两道比较不错的流量分析题
其实有一些是最后得出flag才去做出更好的选择的,比如fakeflag,因为一开始我得到的是flag{fakeekag2333333333333},最后回头慢慢更改,个人能力问题吧,判断存在误差也是可以理解的

可惜得出的flag是一个假flag,接着继续往下解
在第18918个包用追踪http流查看到里面有一个flag.txt和一个pk,大概是一个压缩包里面有一个txt文本吧,但是后面又有一句话,不知道是什么意思

hint:I love six GOD.
  • 1

CTF的两道比较不错的流量分析题

CTF的两道比较不错的流量分析题
然后保存文件选择显示分组字节流和点击save as,必须用这个操作才能不会出现文件十六进制那些可见字符被更改为2E
CTF的两道比较不错的流量分析题
并且把红色框圈住的都直接删了并补上zip的头
CTF的两道比较不错的流量分析题
就是这样,然后改后缀名为zip解压发现有密码,经过测试不是伪加密,是真的加密了,拿出我最喜欢的爆破ZIP工具PRTK

CTF的两道比较不错的流量分析题

CTF的两道比较不错的流量分析题
直接秒破,密码为123456
CTF的两道比较不错的流量分析题
CTF的两道比较不错的流量分析题
好家伙,这又是一个假flag,一道题目两个假flag,这人有点。。。。。。,但是它提示了Do U know bingxie???难道就是传说中的冰蝎流量解密?

然后在第19219个包并追踪HTTP流里面发现了有一大串base64编码CTF的两道比较不错的流量分析题

CTF的两道比较不错的流量分析题
base64编码如下:

VUBCXEJGSQYQUg5MW1hAXQIHbl1VUVoHAxtFIGhJX1taeUdaXAtMOT5xFAdXa0NaWVBedHNZAic3Qw0+bn9YYmx6XnMAfEMBCGEOBldoR258X0ZjZF1SByFlVgB6AFxccwJCdklwXwIhdRsHC28DaGJlZGtZAgEpH1hVIGhWfXtZaQBbXXwFAjEKFy1+XV9ccn1ZY11kYQcueg0ucXcDW11fBn1hXVIqJXIFLnF0S3FwA1ZYZ3xDAQhqDS4KbwNiXQMFc0lFWzlUeRAoQAB5agQGYWxbZ1svJWEYAHFwQ3dDA3pwc3NSKiVhGCl6eApxc19bWwIHByglVww9VEpddHdXAF13a0EsJQsUN2xdfGwFeXdzSUVeABx2EitOCXhxd3JWcHdeWCglYRgpengKaGdyWloDYEwoPkAsJ1B4VHF3clZwc3NSAAtlUgBhc0Zxd2FLdHRBeyAPcgUtensKYmNLS2NoQXsgD3IFLXp4VHF3clZaXWQFBz55Fy1+VVlaBgYDcnNWWzoLQAwoel0CXHNqRXZzCkMwM1ctMAhzdXJNRFpaA2BMKDJALCdQeFRxd3EIfWFCDCc3Qw8AbgxZXHNfR1tZcFs5PmEMPVRNZ1x8el5zeHwFAA9fVSBoVlRxd3JWc3h/QioiAwUFbndFWlpqXnMCVlwCH1ARLgpvA2JdAwV1SQt/MVYGMjFSbF10d2FLdGNZAic3XAUtenhUcnx+SXB0AlICMX0UBldgXHIHZQFjWQIBKR9EDD4Lc0F0TQp7awAHZTYNZgwoemtJXHx6QXZHAn4qJXIFLX5VXnN3YUt0Y3MMMzVyCQcKa0pzbEB/ellzUiolcgUtenhUW1llAV1oeEAqJWEYKW1KfXtdclZwc3AMOTFLGD5hSn17XXJWcHNzUiolcgUHVG8DXGx5RHB3Xl8BVAZQL3pdAlxzakV2c1FGKVRXCwVAAUVrYVd+bQF4cykfRAkHCmtKc2BAf3pZc1IqJXFbIGhJCnxlQ1xdZwdfByFfFAZQe1hiY0t0WGh7WikhYRIHUFJ9e1pAf3pZc1IqJXIJPlRVQGJsflZpY3BdAAh5CgFvAFhZY2lccnh8XzoxBgkFYXBccnNhQVpZWUYqIXUbB1R/BnN1A3pwc3NSKiVyBS16eF10XVBCfWFdUiolcgUtenhUcXdQRHVZUXsgD3IFLXp4Q3NgQH96WXNSKiVxDwYKc19hY31ecHNVXjkLXxE+YXRUYWx+VnN3aEUBIWYSLXFKfXtdclZwc3NSKiVyBS9+VUlgBmFBWllVXCkhYRIHUAFYYllfQmNje0UoNXJNLX5rX1pyYUhjZ2daKg9hCQVhcEVyc2lBW3dnXCg1clQtcW9GWnNfRFhJVVwpIWESB1ABWGJZX0JjY3tFLBEDKS16eFRxfAN/ellzUiolcRs+YWsCW1kHVlpdA14CPnoNLn5rQ1tdWAZ9YUIMJzdcLCdUYwJaWX0BWGcLQCohAgoFbg1ccnMCR2N3Z0YqJWEVPWFrXHFwA1ZwWQZcLyVyCT0LAEZcc2VEXXNzDColegsoenhYYQZbWVpefFkHJXJbLXpwWnNlA3pcRwJ+IDVhFT1ha1xoY1ddXXdWXAJXfVIHUF5YW3N1AVhzWQInN1wFLXp4VHJ8eV1aA2RGByVyWy1+f0pbWXUEcnNZAic3XAUtenhUWWNqVnJzYEI6PmENLX0JCnF3ekRwWVl7IA9yBS16eFRxd3JWc3hwXQchVAU0antdYmxhW10CY1ooMkAsJ1B4VHF3cUtdAl4FOlRUBS96a0daBmFdcmNwAic3XAUtenhUcXdyVnB3fF0AVGYFLVRBQ1sHYlh2VwJ+KiVyBS16eFRxd3JWcHNzUikhdREGfGNDWnNlS3B0AlIAVH0KBlRrQ1tdVFpad3QFAiVYVSBoVlRxd3JWcHNzUiolcgUtenhYWgZ5QGhoeEwqIgMFPWFzSmFsWF5yZEF7IA9yBS16eFRxd3JWcHNzUiohaRQHVG9bYQZUVnJzYF0BIUslBW5BX1tNcVlaSXNeOQtfET5sDFtaY2ZBcHhBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WGJaZUJbdnBdByFUBTRqeFhbc3UBWHNzQColYQ8FbkFfbFl1RWNkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e0NiXXJecGdoBAELfVIFbgBGYAZlBVhofAUAH1QLBm5zVWEGCkRdXWRMByAKDgZUd0Vic19EY0l7RSg3AyktenhUcXdyVnBzc1IqJXIFLXp4VHF8QH96WXNSKiVyBS16eFRxd3JWcHNzUiolcgUtemteWWNLXW1ddEE5MgIMPmFrZ2FjaV1sA2BMKCVhDwVuQV9sWXVFY2NZAic3XAUtenhUcXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWcHNzUiohZREHC2x9e11yVnBzc1IqJXIFLXp4VHF3clZwc3ACJzdcBS16eFRxd3JWcHNzUiolcgUtenhUe2dhXFhnSlk3C3UWPm0IR2FYCltbAgcHOT55UjwLb0ZhBgpaWGcHWyglYQ8FbkFfbFl1RWNjRVIpV2U3NlAJB3JNRFZbZ3hTOSFlUj5udwNgBmVEYAILXgIxBgwvemteWWNLXW1ddEE5NUQFLVVvZmpdAwV1dVZ2MB96Ei9tSn17XXJWcHNzUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVyBS16eFRycwpYWFlzDCohdRsHVH8Gc3UDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFpaWXVFY2N7UjMyBwU9VH9JYmBqAWECZEA6VAoJPmpeWGJZX0JjZQddATFmEih4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXILBwtVBWJnelZpZAZSOgt1GD5tYANgBmVEYAILXjk1Ww8FbkFfWwZfB2NjVV45CGURBn97W1xzVEFyY0V7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBdSl0AVWEsBgtrQ2JZX11jc3tSMzIHBT1Uf0liYGoBYQJkQDpUCgk+alFYYWxhXXJzeG8vMQMWPnp7endZWAdaSXtGKiFpEgZ+b0dcc19FY2NVXjkIZREGf3tbXHNUQXJjWXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eEN3QwN6cHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFacV1aXQJcOzVyWy1+VUlgB3ldYGdgXToLSw4vemteXGNLQmx3dAUCJVgFKFB4WnR3elZ1WXBFAFcKUQdUVQNhY3lCY2NVXjkIZREGf3tbXHNUQXBzBlIqD0QLLXoNVFlsfVdjaFpZOlVlUj1uc0BiZ1RaY15kRgEgcQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiFfDy16UUNbBQpcWGdKWSglYQ8AbkFAbXN1AVhzWUUqLkAsJ1B4VHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUikhCgsFVUpaXHxfRmNjeFEqIgMFPVR/SWJgagFhAmRAOlQKCT5qXlpiWV9CY2N7RSwRAyktenhUcXdyVnBzc1IqJXIFLXp4VHF8A1ZjZ0pPOTVxVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFaYQRad2dcOzVyWy1+c1tbBmYDd3YLWQELfRQ+fmxccVlhQVpdZF8HIQobAWpwQ3dDA3pwc3NSKiVyBS16eFRxd3JWcHNzUiouAywnUHhUcXdyVnBzc1IqJXIFLXp4VHF3cVlaXnhdBjAKFQBhd1xzd2FHYF1CdwAIehEtemtFYVlcQXZHAn4qJXIFLXp4VHF3clZwc3NSBTcDKS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyCQdUb0lcY0sBbkl4QQBUUAs8angKcXN5WVoCZwctIAoOBlR3RWJzZl5YXnxDAQoKDgZUd0Vic2Zec3cLXAINdRsHUFJDd0MDenBzc1IqJXIFLXp4VHF3clZjZ3xaAR9xDgZUd0pdbHEBcndCTwFUBgQ+bgxZWgZhXXJzYEw5Pn1TBnFoQ3R3clphAXxzNld9KDAJDFFyBkBfYWNZAic3XAUtenhUcXdyVnBzc1IqJXELB1RvW1lOQH96WXNSKiVyBS16eFRhBnVLY2NzXABUWxQAQHAFfGVcVnBzc1IqJXIFLXp4VHF3clpgAgtAByFlFwBxdFRoZ3FcWGdKWTtUVw4AfwBZWgYGAWNnBwUAH1QJB35/A1l3WAZwc3NSKiVyBS16eFRxd3JWcHNzUic3XAUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiohXw8telFeXGMGW113XkMBCgoOAX5VSVx8fl5wXQNcO1R9FAZXY19bWmFXY2cHXwFUYRIGVFpac2dYf3pZc1IqJXIFLXp4VHF3clZweEF7IA9yBS16eFRxd3JWcHNzUiolcgUtentDYl1yXnN3fFo6PnkYPmFoCmhnelhyYQJ+KiVyBS16eFRxd3JWcHNzUiolcgUtcUp9e11yVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS5+d1xhbHlLY2hjUjM1cRY9VQBYYmxhXWADYFM5MQYIBgtrQ1pZUF5zd3xDAQhhDgZXa0l0d3FZWl54XQY1VCwnUHhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16XXtpXnpLdGR7Wy8nAyktenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS4JXXBrTVBCfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NbNTBhJShtfAFyTUR/ellzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc1ZjMld+FilQWkB8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3cl9vZmByLzJUDCh4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHIEeXtrSmdbLycDKS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLgl/Z2kEX3tzRwJ+KiVyBS16eFRxd3JWcHNzUiolcgUtenhUcXdyQXJkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16ewp8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IpLnkOBwpvQFxyQFhbaHxbKgoDBTRqe1phbH1dd1pgUzkxBggGC2tfc3MCWGECfEMBCGkOB1drVWJjBltbAmBFAQtQDS5+d0VaWmFdW15gTy8lcgsyb2t0dGBUWHVzc146VFsKB1d3X1x3WEF2RwJ+KiVyBS16eFRxd3JWcHNzUgU3AyktenhUcXdyVnBzc1IqJXIFPm5BSWJlA3pwc3NSKiVyBS16eFRxd3JWXEcCfiolcgUtenhUcXdyVnBzc1IqJXIFLX5VXnF3VFpgAlpdAAh9DgB9CQpxXXpBfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFAU4JeHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgkHVG9JXGNLAW5JeEEAVFALPGp4CnFzeVlaAmcHLSAKDgZUd0Vic2ZeYwJkBTZUdQ8+b3cDW11UWmACC0AHIWUXAHF0Q3NgQH96WXNSKiVyBS16eFRxd3JWcHNzUiolcVsgaFZUcXdyVnBzc1IqJXIFLXp4VHF3clZjZ0pPOTcDKS16eFRxd3JWcHNzUiolcgUtenhUcXxAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCFfCAYLDAFzd2FbWHd0TABUZVIoenhdXGxhXHVkVUMvVl8qMFIAYGpnUEJwc2BfAVQGUj5uDANbTVhBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXEJfXtdclZwc3NSKiVyBS16eFRxd3JWcHNzeyAPcgUtenhUcXdyVnBzc1IqLgMsJ1B4VHF3clZwc3NSKiVyBS16a0pibH0AW3hjUjM1cQ4GVHdKXWxxAXJ3Qk8BVAYEPm4MWVoGYV1yc2BMOT59UwZxaEN0d2FXbABkYTZWXzIwVUpdWU1XVXJkQXsgD3IFLXp4VHF3clZwc3NSKiFlCAV+AVRyfHldWgNkRgciQCwnUHhUcXdyVnBzc1IqJXIFLX5zSmJjdUN2RwJ+KiVyBS16eFRxd3FbYGh8WSoleQkGCl1GWnMKWWNzewMnN1wFLXp4VHF3clZwc3NSKiVxEj5QeFxxZ3FcWGdKWTtUZVYFYXcDW01UWlp3dAUCJVgSLXFKfXtdclZwc3NSKiVyBS16eFRxd3JWcHNwWjkxdQk+YXBccgRbZG92c0MuNQcaLX1oRHZ3cX5tAWNSMQ0KNDBSaF1zYEB/ellzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUikhaRIGfmxUaGdxXFsDcFkBD1QJB35/A1l3RFZwXnhcKg9YVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVmNnfFoBH3EPB1RvW2J3VFpjXV5GOTVEBT5UVUBibH1BXF1nWikucQoAfl5Dc2BAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVxDz0LQUVbBmZec3doRQEhZhIrTgl4cXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWYF54WToxQFUgaFZUcXdyVnBzc1IqIX0KBwtsVHFZYV1bd2QFOTV6VCBoVlRxd3JWcHNzUiolcgUtentDYl1yXlhofFM5C18RPmpeWFtzdQFYc1lFKi5ALCdQeFRxd3JWcHNzUiolcgUtenhUcXdxQWNZc1oHMQYRBW4MQXN3YUZgaGBaKDVYBQFOCXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnN4eFkAVWURAH9KWlpsfV9wXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4vemtEYWxhXnBzBlIqE2QrC3ZUaUh7UnhSf2V+DR96EitOCXhxd3JWcHNzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgUtemtKYmx9AFt4YFcqCH1SPWFrAltNeVVwdAJSOgt1GD5tYANgBmVEYAILXjk1VAs+VH9DWnd6QXZHAn4qJXIFLXp4VHF3clZwc3NSKiVyBS16eFRxd3JaWl1kTwcxS1IzQHNHWwZQWGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS5xe1tcc1RWdVlzXFY/WgVSY1RYDVVgSQ98YVkqD1hVIGhWVHF3clZwc3NSKiVyBS16eFRxd3JWX2ECfiolcgUtenhUcXdyVnBzc1IFNwMpLXp4VHF3clZwc3NSKiVyBQVuYFRzc19LYQJgRQAPVAkHfn8DWXdYQXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e1hiY0t0WGh7WikucQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVhGz5hdwJafGFTcF58BTo+YVMHQHNXcXADVmBddE85MmpSPAtvRmEGClpjY1VcAFVlCD0Lb0lbTXpBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXprSmJsfQBbeGBXKgsCGD5Ac1dxcANWYF10TzkyalI8C29GYQYKWmNjVV4AIXVSBXoNWg1tWlYPal9eVglaM1FgSFVxXVgGfWFdUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVxDj0LUUVxc2VEYAN4AAAuYg0FV3dFWlgKXVtdfEM5IWYNLnFzX1sHZUJdc1lGKSAKNjZvd2drYQp+bklWRylXAxIrTgl4cXdyVnBzc1IqJXIFLXp4VGFaeV1gZ0ECJzdcBS16eFRxd3JWcHd8XQBUZgUtVHdKYmN1AWNjewMnN1wFLXp4VHF3clZwc3NSKiVyCT5UVUBiZ3IIcHdoQwAhZRcvemtEYWxhXnVzc1wHH3oSK04JeHF3clZwc3NSKiVyBS16eFRyc31HW15gWQEIYgU0antaYWx9XXdaYFM5IWUIBgtrX3N3YVtbAgcFOTEGUi9tSn17XXJWcHNzUiolcgUtenhUcXNpAlpdXgU5NVQJPlRVQGJnRFZzd3xDAQhhDgZXaEN3QwN6cHNzUiolcgUtenhUcXdyVmNdaEYHPn0NL3prXlljS11yZEF7IA9yBS16eFRxd3JWcHNzUiohaQgGfgBJYmdUWmNdXkY5NVhVIGhWVHF3clZwc3NSKiVyBS16e0NiXXJeY11eRjkwCg4BflVJXHx+XnN4cF0HIVQSLXpgXnFzaUFbd2RPAj5DDi96a0RhbGFecmNzDDM1cRgAcXNAYmMHXnN3fEMBCGEOBldoQ3NncQZ9YV1SKiVyBS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCVhFT1ha1xxdwdWcEVhAQoTYFoLdm5GUntSeFJ/GQ0JKVpNCnZcXFEfUmZRG2ECFxNkCRQSbkRoTlxYcHMGUikucQoAfl5UdF1xXFhnSlkAVF9UPmpeWFtzdQFYc1lFLBEDKS16eFRxd3JWcHNzUiolcgUCantfWnx9XXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRgAfn8DXGx+WGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS1UY1tZY0RYcmRBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WFtZZUtdZ0oFNB95FgcLWlpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1opLnEKAH5eVHRdclgMfFt+VipKBVFYaksOeGBdcFlZAic3XAUtenhUcXdyVnBzc1IqJXFbIGhWVHF3clZwc3NSKiVyBS16e19hBltHcHdkQDpVeVcHcWhcWVp9R1tcC1kBC30UPn5sXHJ8eV1aA2RGByVYES16a1VtBGVlbABeZTcKQAwFQF1Xc2BAf3pZc1IqJXIFLXp4VHF3clZwd3hMOTF1ECtOCXhxd3JWcHNzUiolcQg9YXdfcXd5WVp4cFkBC2ILK14JeHF3clZwc3NSKiVyBS16eFRyc2lBW3dnUjM1cQ8GCntfWl1UWlp3dAUCJUQFLVR8QXFdWAZ9YV1SKiVyBS16eFRxd3JWcHNzXjpUChcAfm9GXHdyCHB3eF0AVGZQKn8AWGJjfUdjd2daKSF9FAZXa19aWmJBdkcCfiolcgUtenhUcXdyVnBzc1I5CFcbBWFrX3N3YVxYZ0pZLyVyCT0LAEZcc2VEXXNZAic3XAUtenhUcXdyVnBzc1IqJXEPPQtBRVsGZl5zd2hFASFmEitOCXhxd3JWcHNzUiolcgUtenhUcnx5XVoDZEYHIEALBwprW1x8ZUtwXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4venNJXGN9W2NofE8qD1hVIGhWVHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRYHC1paYGdyCHB3eF0AVGZQKn8AX1pZfUdjd2daKS5xCgB+XlR0XXJYD3wZDFY/QgVRWA9+DVtaYA4HS3hVKhgBUQ9Qfw1EUnkMfEcHVgdgDFFbeBx3XXpWdVlzXgAhdVIFenhGcXNpQVt3ZE8CPkMOL3prRGFsYV5yY1kCJzdcBS16eFRxd3JWcHNzUiolcQ49C1FFcXNlRGADeAAALmINBVd3RVpYCl1bXXxDOSFmDS5xc19bB2VCXXNZRikgCjY2b3dna2EKfm5JVkcpVwMSK04JeHF3clZwc3NSKiVyBS16eFRhWnldYGdBAic3XAUtenhUcXdyVnB3YFk5C3VTBnFoBXxlXFZwc3NSKiVyBS16eFRxd3FYWl1kXQIcQCwnUHhUcXdxCH1hQgwnN1wsJ1RjAlpZfQFYZwtAKiFlFz0KcwZbfGJec3dgXQchdhEufk1fXWdYf3peQXsgAV8SPlBeW2JsWwFjZwdPAjEKFzwLQUVhY2FdY3NVWwFVcQ4GV3dJWndQQXJhAn4qJXIFLXhVBHxlXFZwc3NSIDdfDwYKcFxyc1gIdHRBXgIySxgAcXNAYmMHXnN3YF0HIXYSK0BrQ3NNQEFweEF7IA9yBS16eHl7ZVhWc3dgXQchdQAuflVXcXADVnN3YF0HIXUALn5VV2BdYUNjaF5XKSFYEClqYEt2YgMGcHECfiolcgUteFJ5e2wDf3pXWX8gPnkOAHFvSlpdclpjd3QFOjJALCdQeFRxd3J7X2ECfiolcgUtfm9AWwZmf3pZc1IqJXIoAU4JeHF3clZwcVl/AAtlUgBhc0ZxcwpGY2cHTwBUSwQ+bgxZW1pfRl1zVV45IXVSPWpOVHFfdXdsSndMLCV6ES16a0FibFhBdkcCfiolcgUteFUKfGVDCHN3A0M5IWZbLVR3SmJjdQFjY3sCKS5xCgB+XgpxX34HdQNWBgcfChs+bn9YWmNmRHcDXVwsH2EIBgsMA2JjBgFpY3h6LlV2VgdXVVlhBHVzbGZeby0waRUxVX9xaWF1c2hldHcyM3kKNWx/cWlhdXNoZXR3MlRlNTVTd3VpX3V3aFxwXQY+VwwyVXdwWmN1aXdnRn8wIHkUM1V3cFpjeXlrXQdlORxxLjNUCAdZclxLXXhkVDUhYTsyfX94bHJUS2xeXm81V0MWMQhdfGJZdWRvXWhdNRxmFTBtd3ldWX5IW3hkVC4yW1YwUmt9XV8CQGpoQlg2M3UhNVJ/aWlhdWNbdWh3MjF9LzVvf3FpX19la2V4dzI+WyE1bH9dawR1WHRmdFkuMlsgNWx/ZWlfV2NdAHR3MjN1IDVsf3FpYXVzaGV0dzIzdTE2VX9wXWF1eW9ldG82M3kQNWxaRGliQ2NoaGR3MRxxIDNSf3FpYXVybGVGdzYzeQgwVXNKXHFXa2NcaHc2CmUqNW9/cWIEdXNoZXR3MjN2Wy1TSn17WQJZWGcGWikhAhQ+fmxAcnxxWV13VUYpIX0UBldrX1paYkF2Rw8IRE8aWQ==
  • 1

但这里有一个注意,这些是冰蝎加密的流量,不能直接用普通的base64解码来解,要先用解密流量脚本去跑一下再解码base64

然后这里发现有两个GET请求,我们来分析一下
CTF的两道比较不错的流量分析题
CTF的两道比较不错的流量分析题
然后看一下流量包,首先产生了两次密钥 ,通过查询这两个密钥得知是当客户端以GET发起请求并设置了参数pass时,服务端会产生一个16位的随机密钥并写入Session。解密方式是,如果服务端不存在openssl,就用先base64解码,然后使用key进行循环异或加密。

然后开始POST进行攻击 - -
CTF的两道比较不错的流量分析题
然后就是需要解密一下攻击者POST的内容了。我先试了试使用key进行异或解密:

<?php
    {   
        $key = '84319025cf3bd993';
        $post = 'VUBCXEJGSQYQUg5MW1hAXQIHbl1VUVoHAxtFIGhJX1taeUdaXAtMOT5xFAdXa0NaWVBedHNZAic3Qw0+bn9YYmx6XnMAfEMBCGEOBldoR258X0ZjZF1SByFlVgB6AFxccwJCdklwXwIhdRsHC28DaGJlZGtZAgEpH1hVIGhWfXtZaQBbXXwFAjEKFy1+XV9ccn1ZY11kYQcueg0ucXcDW11fBn1hXVIqJXIFLnF0S3FwA1ZYZ3xDAQhqDS4KbwNiXQMFc0lFWzlUeRAoQAB5agQGYWxbZ1svJWEYAHFwQ3dDA3pwc3NSKiVhGCl6eApxc19bWwIHByglVww9VEpddHdXAF13a0EsJQsUN2xdfGwFeXdzSUVeABx2EitOCXhxd3JWcHdeWCglYRgpengKaGdyWloDYEwoPkAsJ1B4VHF3clZwc3NSAAtlUgBhc0Zxd2FLdHRBeyAPcgUtensKYmNLS2NoQXsgD3IFLXp4VHF3clZaXWQFBz55Fy1+VVlaBgYDcnNWWzoLQAwoel0CXHNqRXZzCkMwM1ctMAhzdXJNRFpaA2BMKDJALCdQeFRxd3EIfWFCDCc3Qw8AbgxZXHNfR1tZcFs5PmEMPVRNZ1x8el5zeHwFAA9fVSBoVlRxd3JWc3h/QioiAwUFbndFWlpqXnMCVlwCH1ARLgpvA2JdAwV1SQt/MVYGMjFSbF10d2FLdGNZAic3XAUtenhUcnx+SXB0AlICMX0UBldgXHIHZQFjWQIBKR9EDD4Lc0F0TQp7awAHZTYNZgwoemtJXHx6QXZHAn4qJXIFLX5VXnN3YUt0Y3MMMzVyCQcKa0pzbEB/ellzUiolcgUtenhUW1llAV1oeEAqJWEYKW1KfXtdclZwc3AMOTFLGD5hSn17XXJWcHNzUiolcgUHVG8DXGx5RHB3Xl8BVAZQL3pdAlxzakV2c1FGKVRXCwVAAUVrYVd+bQF4cykfRAkHCmtKc2BAf3pZc1IqJXFbIGhJCnxlQ1xdZwdfByFfFAZQe1hiY0t0WGh7WikhYRIHUFJ9e1pAf3pZc1IqJXIJPlRVQGJsflZpY3BdAAh5CgFvAFhZY2lccnh8XzoxBgkFYXBccnNhQVpZWUYqIXUbB1R/BnN1A3pwc3NSKiVyBS16eF10XVBCfWFdUiolcgUtenhUcXdQRHVZUXsgD3IFLXp4Q3NgQH96WXNSKiVxDwYKc19hY31ecHNVXjkLXxE+YXRUYWx+VnN3aEUBIWYSLXFKfXtdclZwc3NSKiVyBS9+VUlgBmFBWllVXCkhYRIHUAFYYllfQmNje0UoNXJNLX5rX1pyYUhjZ2daKg9hCQVhcEVyc2lBW3dnXCg1clQtcW9GWnNfRFhJVVwpIWESB1ABWGJZX0JjY3tFLBEDKS16eFRxfAN/ellzUiolcRs+YWsCW1kHVlpdA14CPnoNLn5rQ1tdWAZ9YUIMJzdcLCdUYwJaWX0BWGcLQCohAgoFbg1ccnMCR2N3Z0YqJWEVPWFrXHFwA1ZwWQZcLyVyCT0LAEZcc2VEXXNzDColegsoenhYYQZbWVpefFkHJXJbLXpwWnNlA3pcRwJ+IDVhFT1ha1xoY1ddXXdWXAJXfVIHUF5YW3N1AVhzWQInN1wFLXp4VHJ8eV1aA2RGByVyWy1+f0pbWXUEcnNZAic3XAUtenhUWWNqVnJzYEI6PmENLX0JCnF3ekRwWVl7IA9yBS16eFRxd3JWc3hwXQchVAU0antdYmxhW10CY1ooMkAsJ1B4VHF3cUtdAl4FOlRUBS96a0daBmFdcmNwAic3XAUtenhUcXdyVnB3fF0AVGYFLVRBQ1sHYlh2VwJ+KiVyBS16eFRxd3JWcHNzUikhdREGfGNDWnNlS3B0AlIAVH0KBlRrQ1tdVFpad3QFAiVYVSBoVlRxd3JWcHNzUiolcgUtenhYWgZ5QGhoeEwqIgMFPWFzSmFsWF5yZEF7IA9yBS16eFRxd3JWcHNzUiohaRQHVG9bYQZUVnJzYF0BIUslBW5BX1tNcVlaSXNeOQtfET5sDFtaY2ZBcHhBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WGJaZUJbdnBdByFUBTRqeFhbc3UBWHNzQColYQ8FbkFfbFl1RWNkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e0NiXXJecGdoBAELfVIFbgBGYAZlBVhofAUAH1QLBm5zVWEGCkRdXWRMByAKDgZUd0Vic19EY0l7RSg3AyktenhUcXdyVnBzc1IqJXIFLXp4VHF8QH96WXNSKiVyBS16eFRxd3JWcHNzUiolcgUtemteWWNLXW1ddEE5MgIMPmFrZ2FjaV1sA2BMKCVhDwVuQV9sWXVFY2NZAic3XAUtenhUcXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWcHNzUiohZREHC2x9e11yVnBzc1IqJXIFLXp4VHF3clZwc3ACJzdcBS16eFRxd3JWcHNzUiolcgUtenhUe2dhXFhnSlk3C3UWPm0IR2FYCltbAgcHOT55UjwLb0ZhBgpaWGcHWyglYQ8FbkFfbFl1RWNjRVIpV2U3NlAJB3JNRFZbZ3hTOSFlUj5udwNgBmVEYAILXgIxBgwvemteWWNLXW1ddEE5NUQFLVVvZmpdAwV1dVZ2MB96Ei9tSn17XXJWcHNzUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVyBS16eFRycwpYWFlzDCohdRsHVH8Gc3UDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFpaWXVFY2N7UjMyBwU9VH9JYmBqAWECZEA6VAoJPmpeWGJZX0JjZQddATFmEih4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXILBwtVBWJnelZpZAZSOgt1GD5tYANgBmVEYAILXjk1Ww8FbkFfWwZfB2NjVV45CGURBn97W1xzVEFyY0V7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBdSl0AVWEsBgtrQ2JZX11jc3tSMzIHBT1Uf0liYGoBYQJkQDpUCgk+alFYYWxhXXJzeG8vMQMWPnp7endZWAdaSXtGKiFpEgZ+b0dcc19FY2NVXjkIZREGf3tbXHNUQXJjWXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eEN3QwN6cHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFacV1aXQJcOzVyWy1+VUlgB3ldYGdgXToLSw4vemteXGNLQmx3dAUCJVgFKFB4WnR3elZ1WXBFAFcKUQdUVQNhY3lCY2NVXjkIZREGf3tbXHNUQXBzBlIqD0QLLXoNVFlsfVdjaFpZOlVlUj1uc0BiZ1RaY15kRgEgcQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiFfDy16UUNbBQpcWGdKWSglYQ8AbkFAbXN1AVhzWUUqLkAsJ1B4VHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUikhCgsFVUpaXHxfRmNjeFEqIgMFPVR/SWJgagFhAmRAOlQKCT5qXlpiWV9CY2N7RSwRAyktenhUcXdyVnBzc1IqJXIFLXp4VHF8A1ZjZ0pPOTVxVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFaYQRad2dcOzVyWy1+c1tbBmYDd3YLWQELfRQ+fmxccVlhQVpdZF8HIQobAWpwQ3dDA3pwc3NSKiVyBS16eFRxd3JWcHNzUiouAywnUHhUcXdyVnBzc1IqJXIFLXp4VHF3cVlaXnhdBjAKFQBhd1xzd2FHYF1CdwAIehEtemtFYVlcQXZHAn4qJXIFLXp4VHF3clZwc3NSBTcDKS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyCQdUb0lcY0sBbkl4QQBUUAs8angKcXN5WVoCZwctIAoOBlR3RWJzZl5YXnxDAQoKDgZUd0Vic2Zec3cLXAINdRsHUFJDd0MDenBzc1IqJXIFLXp4VHF3clZjZ3xaAR9xDgZUd0pdbHEBcndCTwFUBgQ+bgxZWgZhXXJzYEw5Pn1TBnFoQ3R3clphAXxzNld9KDAJDFFyBkBfYWNZAic3XAUtenhUcXdyVnBzc1IqJXELB1RvW1lOQH96WXNSKiVyBS16eFRhBnVLY2NzXABUWxQAQHAFfGVcVnBzc1IqJXIFLXp4VHF3clpgAgtAByFlFwBxdFRoZ3FcWGdKWTtUVw4AfwBZWgYGAWNnBwUAH1QJB35/A1l3WAZwc3NSKiVyBS16eFRxd3JWcHNzUic3XAUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiohXw8telFeXGMGW113XkMBCgoOAX5VSVx8fl5wXQNcO1R9FAZXY19bWmFXY2cHXwFUYRIGVFpac2dYf3pZc1IqJXIFLXp4VHF3clZweEF7IA9yBS16eFRxd3JWcHNzUiolcgUtentDYl1yXnN3fFo6PnkYPmFoCmhnelhyYQJ+KiVyBS16eFRxd3JWcHNzUiolcgUtcUp9e11yVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS5+d1xhbHlLY2hjUjM1cRY9VQBYYmxhXWADYFM5MQYIBgtrQ1pZUF5zd3xDAQhhDgZXa0l0d3FZWl54XQY1VCwnUHhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16XXtpXnpLdGR7Wy8nAyktenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS4JXXBrTVBCfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NbNTBhJShtfAFyTUR/ellzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc1ZjMld+FilQWkB8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3cl9vZmByLzJUDCh4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHIEeXtrSmdbLycDKS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLgl/Z2kEX3tzRwJ+KiVyBS16eFRxd3JWcHNzUiolcgUtenhUcXdyQXJkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16ewp8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IpLnkOBwpvQFxyQFhbaHxbKgoDBTRqe1phbH1dd1pgUzkxBggGC2tfc3MCWGECfEMBCGkOB1drVWJjBltbAmBFAQtQDS5+d0VaWmFdW15gTy8lcgsyb2t0dGBUWHVzc146VFsKB1d3X1x3WEF2RwJ+KiVyBS16eFRxd3JWcHNzUgU3AyktenhUcXdyVnBzc1IqJXIFPm5BSWJlA3pwc3NSKiVyBS16eFRxd3JWXEcCfiolcgUtenhUcXdyVnBzc1IqJXIFLX5VXnF3VFpgAlpdAAh9DgB9CQpxXXpBfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFAU4JeHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgkHVG9JXGNLAW5JeEEAVFALPGp4CnFzeVlaAmcHLSAKDgZUd0Vic2ZeYwJkBTZUdQ8+b3cDW11UWmACC0AHIWUXAHF0Q3NgQH96WXNSKiVyBS16eFRxd3JWcHNzUiolcVsgaFZUcXdyVnBzc1IqJXIFLXp4VHF3clZjZ0pPOTcDKS16eFRxd3JWcHNzUiolcgUtenhUcXxAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCFfCAYLDAFzd2FbWHd0TABUZVIoenhdXGxhXHVkVUMvVl8qMFIAYGpnUEJwc2BfAVQGUj5uDANbTVhBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXEJfXtdclZwc3NSKiVyBS16eFRxd3JWcHNzeyAPcgUtenhUcXdyVnBzc1IqLgMsJ1B4VHF3clZwc3NSKiVyBS16a0pibH0AW3hjUjM1cQ4GVHdKXWxxAXJ3Qk8BVAYEPm4MWVoGYV1yc2BMOT59UwZxaEN0d2FXbABkYTZWXzIwVUpdWU1XVXJkQXsgD3IFLXp4VHF3clZwc3NSKiFlCAV+AVRyfHldWgNkRgciQCwnUHhUcXdyVnBzc1IqJXIFLX5zSmJjdUN2RwJ+KiVyBS16eFRxd3FbYGh8WSoleQkGCl1GWnMKWWNzewMnN1wFLXp4VHF3clZwc3NSKiVxEj5QeFxxZ3FcWGdKWTtUZVYFYXcDW01UWlp3dAUCJVgSLXFKfXtdclZwc3NSKiVyBS16eFRxd3JWcHNwWjkxdQk+YXBccgRbZG92c0MuNQcaLX1oRHZ3cX5tAWNSMQ0KNDBSaF1zYEB/ellzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUikhaRIGfmxUaGdxXFsDcFkBD1QJB35/A1l3RFZwXnhcKg9YVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVmNnfFoBH3EPB1RvW2J3VFpjXV5GOTVEBT5UVUBibH1BXF1nWikucQoAfl5Dc2BAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVxDz0LQUVbBmZec3doRQEhZhIrTgl4cXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWYF54WToxQFUgaFZUcXdyVnBzc1IqIX0KBwtsVHFZYV1bd2QFOTV6VCBoVlRxd3JWcHNzUiolcgUtentDYl1yXlhofFM5C18RPmpeWFtzdQFYc1lFKi5ALCdQeFRxd3JWcHNzUiolcgUtenhUcXdxQWNZc1oHMQYRBW4MQXN3YUZgaGBaKDVYBQFOCXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnN4eFkAVWURAH9KWlpsfV9wXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4vemtEYWxhXnBzBlIqE2QrC3ZUaUh7UnhSf2V+DR96EitOCXhxd3JWcHNzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgUtemtKYmx9AFt4YFcqCH1SPWFrAltNeVVwdAJSOgt1GD5tYANgBmVEYAILXjk1VAs+VH9DWnd6QXZHAn4qJXIFLXp4VHF3clZwc3NSKiVyBS16eFRxd3JaWl1kTwcxS1IzQHNHWwZQWGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS5xe1tcc1RWdVlzXFY/WgVSY1RYDVVgSQ98YVkqD1hVIGhWVHF3clZwc3NSKiVyBS16eFRxd3JWX2ECfiolcgUtenhUcXdyVnBzc1IFNwMpLXp4VHF3clZwc3NSKiVyBQVuYFRzc19LYQJgRQAPVAkHfn8DWXdYQXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e1hiY0t0WGh7WikucQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVhGz5hdwJafGFTcF58BTo+YVMHQHNXcXADVmBddE85MmpSPAtvRmEGClpjY1VcAFVlCD0Lb0lbTXpBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXprSmJsfQBbeGBXKgsCGD5Ac1dxcANWYF10TzkyalI8C29GYQYKWmNjVV4AIXVSBXoNWg1tWlYPal9eVglaM1FgSFVxXVgGfWFdUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVxDj0LUUVxc2VEYAN4AAAuYg0FV3dFWlgKXVtdfEM5IWYNLnFzX1sHZUJdc1lGKSAKNjZvd2drYQp+bklWRylXAxIrTgl4cXdyVnBzc1IqJXIFLXp4VGFaeV1gZ0ECJzdcBS16eFRxd3JWcHd8XQBUZgUtVHdKYmN1AWNjewMnN1wFLXp4VHF3clZwc3NSKiVyCT5UVUBiZ3IIcHdoQwAhZRcvemtEYWxhXnVzc1wHH3oSK04JeHF3clZwc3NSKiVyBS16eFRyc31HW15gWQEIYgU0antaYWx9XXdaYFM5IWUIBgtrX3N3YVtbAgcFOTEGUi9tSn17XXJWcHNzUiolcgUtenhUcXNpAlpdXgU5NVQJPlRVQGJnRFZzd3xDAQhhDgZXaEN3QwN6cHNzUiolcgUtenhUcXdyVmNdaEYHPn0NL3prXlljS11yZEF7IA9yBS16eFRxd3JWcHNzUiohaQgGfgBJYmdUWmNdXkY5NVhVIGhWVHF3clZwc3NSKiVyBS16e0NiXXJeY11eRjkwCg4BflVJXHx+XnN4cF0HIVQSLXpgXnFzaUFbd2RPAj5DDi96a0RhbGFecmNzDDM1cRgAcXNAYmMHXnN3fEMBCGEOBldoQ3NncQZ9YV1SKiVyBS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCVhFT1ha1xxdwdWcEVhAQoTYFoLdm5GUntSeFJ/GQ0JKVpNCnZcXFEfUmZRG2ECFxNkCRQSbkRoTlxYcHMGUikucQoAfl5UdF1xXFhnSlkAVF9UPmpeWFtzdQFYc1lFLBEDKS16eFRxd3JWcHNzUiolcgUCantfWnx9XXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRgAfn8DXGx+WGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS1UY1tZY0RYcmRBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WFtZZUtdZ0oFNB95FgcLWlpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1opLnEKAH5eVHRdclgMfFt+VipKBVFYaksOeGBdcFlZAic3XAUtenhUcXdyVnBzc1IqJXFbIGhWVHF3clZwc3NSKiVyBS16e19hBltHcHdkQDpVeVcHcWhcWVp9R1tcC1kBC30UPn5sXHJ8eV1aA2RGByVYES16a1VtBGVlbABeZTcKQAwFQF1Xc2BAf3pZc1IqJXIFLXp4VHF3clZwd3hMOTF1ECtOCXhxd3JWcHNzUiolcQg9YXdfcXd5WVp4cFkBC2ILK14JeHF3clZwc3NSKiVyBS16eFRyc2lBW3dnUjM1cQ8GCntfWl1UWlp3dAUCJUQFLVR8QXFdWAZ9YV1SKiVyBS16eFRxd3JWcHNzXjpUChcAfm9GXHdyCHB3eF0AVGZQKn8AWGJjfUdjd2daKSF9FAZXa19aWmJBdkcCfiolcgUtenhUcXdyVnBzc1I5CFcbBWFrX3N3YVxYZ0pZLyVyCT0LAEZcc2VEXXNZAic3XAUtenhUcXdyVnBzc1IqJXEPPQtBRVsGZl5zd2hFASFmEitOCXhxd3JWcHNzUiolcgUtenhUcnx5XVoDZEYHIEALBwprW1x8ZUtwXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4venNJXGN9W2NofE8qD1hVIGhWVHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRYHC1paYGdyCHB3eF0AVGZQKn8AX1pZfUdjd2daKS5xCgB+XlR0XXJYD3wZDFY/QgVRWA9+DVtaYA4HS3hVKhgBUQ9Qfw1EUnkMfEcHVgdgDFFbeBx3XXpWdVlzXgAhdVIFenhGcXNpQVt3ZE8CPkMOL3prRGFsYV5yY1kCJzdcBS16eFRxd3JWcHNzUiolcQ49C1FFcXNlRGADeAAALmINBVd3RVpYCl1bXXxDOSFmDS5xc19bB2VCXXNZRikgCjY2b3dna2EKfm5JVkcpVwMSK04JeHF3clZwc3NSKiVyBS16eFRhWnldYGdBAic3XAUtenhUcXdyVnB3YFk5C3VTBnFoBXxlXFZwc3NSKiVyBS16eFRxd3FYWl1kXQIcQCwnUHhUcXdxCH1hQgwnN1wsJ1RjAlpZfQFYZwtAKiFlFz0KcwZbfGJec3dgXQchdhEufk1fXWdYf3peQXsgAV8SPlBeW2JsWwFjZwdPAjEKFzwLQUVhY2FdY3NVWwFVcQ4GV3dJWndQQXJhAn4qJXIFLXhVBHxlXFZwc3NSIDdfDwYKcFxyc1gIdHRBXgIySxgAcXNAYmMHXnN3YF0HIXYSK0BrQ3NNQEFweEF7IA9yBS16eHl7ZVhWc3dgXQchdQAuflVXcXADVnN3YF0HIXUALn5VV2BdYUNjaF5XKSFYEClqYEt2YgMGcHECfiolcgUteFJ5e2wDf3pXWX8gPnkOAHFvSlpdclpjd3QFOjJALCdQeFRxd3J7X2ECfiolcgUtfm9AWwZmf3pZc1IqJXIoAU4JeHF3clZwcVl/AAtlUgBhc0ZxcwpGY2cHTwBUSwQ+bgxZW1pfRl1zVV45IXVSPWpOVHFfdXdsSndMLCV6ES16a0FibFhBdkcCfiolcgUteFUKfGVDCHN3A0M5IWZbLVR3SmJjdQFjY3sCKS5xCgB+XgpxX34HdQNWBgcfChs+bn9YWmNmRHcDXVwsH2EIBgsMA2JjBgFpY3h6LlV2VgdXVVlhBHVzbGZeby0waRUxVX9xaWF1c2hldHcyM3kKNWx/cWlhdXNoZXR3MlRlNTVTd3VpX3V3aFxwXQY+VwwyVXdwWmN1aXdnRn8wIHkUM1V3cFpjeXlrXQdlORxxLjNUCAdZclxLXXhkVDUhYTsyfX94bHJUS2xeXm81V0MWMQhdfGJZdWRvXWhdNRxmFTBtd3ldWX5IW3hkVC4yW1YwUmt9XV8CQGpoQlg2M3UhNVJ/aWlhdWNbdWh3MjF9LzVvf3FpX19la2V4dzI+WyE1bH9dawR1WHRmdFkuMlsgNWx/ZWlfV2NdAHR3MjN1IDVsf3FpYXVzaGV0dzIzdTE2VX9wXWF1eW9ldG82M3kQNWxaRGliQ2NoaGR3MRxxIDNSf3FpYXVybGVGdzYzeQgwVXNKXHFXa2NcaHc2CmUqNW9/cWIEdXNoZXR3MjN2Wy1TSn17WQJZWGcGWikhAhQ+fmxAcnxxWV13VUYpIX0UBldrX1paYkF2Rw8IRE8aWQ==';
        $t="base64_"."decode";
        $post=$t($post."");

        for($i=0;$i<strlen($post);$i++) {
                $post[$i] = $post[$i]^$key[$i+1&15]; }
                print $post;
    }

?>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

懒狗没在电脑安装php环境,就直接在kali跑

CTF的两道比较不错的流量分析题
解密结果如下:

assert|eval(base64_decode('DQplcnJvcl9yZXBvcnRpbmcoMCk7DQpoZWFkZXIoJ0NvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04Jyk7DQoNCmZ1bmN0aW9uIGdldFNhZmVTdHIoJHN0cil7DQogICAgJHMxID0gaWNvbnYoJ3V0Zi04JywnZ2JrLy9JR05PUkUnLCRzdHIpOw0KICAgICRzMCA9IGljb252KCdnYmsnLCd1dGYtOC8vSUdOT1JFJywkczEpOw0KICAgIGlmKCRzMCA9PSAkc3RyKXsNCiAgICAgICAgcmV0dXJuICRzMDsNCiAgICB9ZWxzZXsNCiAgICAgICAgcmV0dXJuIGljb252KCdnYmsnLCd1dGYtOC8vSUdOT1JFJywkc3RyKTsNCiAgICB9DQp9DQpmdW5jdGlvbiBnZXRnYmtTdHIoJHN0cil7DQogICAgJHMwID0gaWNvbnYoJ2diaycsJ3V0Zi04Ly9JR05PUkUnLCRzMSk7DQogICAgJHMxID0gaWNvbnYoJ3V0Zi04JywnZ2JrLy9JR05PUkUnLCRzdHIpOw0KICAgIGlmKCRzMSA9PSAkc3RyKXsNCiAgICAgICAgcmV0dXJuICRzMTsNCiAgICB9ZWxzZXsNCiAgICAgICAgcmV0dXJuIGljb252KCd1dGYtOCcsJ2diay8vSUdOT1JFJywkc3RyKTsNCiAgICB9DQp9DQpmdW5jdGlvbiBkZWxEaXIoJGRpcikNCnsNCiAgICAkZmlsZXMgPSBhcnJheV9kaWZmKHNjYW5kaXIoJGRpciksIGFycmF5KA0KICAgICAgICAnLicsDQogICAgICAgICcuLicNCiAgICApKTsNCiAgICBmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpIHsNCiAgICAgICAgKGlzX2RpcigiJGRpci8kZmlsZSIpKSA/IGRlbFRyZWUoIiRkaXIvJGZpbGUiKSA6IHVubGluaygiJGRpci8kZmlsZSIpOw0KICAgIH0NCiAgICByZXR1cm4gcm1kaXIoJGRpcik7DQp9DQoNCmZ1bmN0aW9uIG1haW4oJG1vZGUsICRwYXRoID0gIi4iLCAkY29udGVudCA9ICIiLCAkY2hhcnNldCA9ICIiKQ0Kew0KCSRwYXRoPWdldGdia1N0cigkcGF0aCk7DQogICAgJHJlc3VsdCA9IGFycmF5KCk7DQogICAgaWYgKCRwYXRoID09ICIuIikNCiAgICAgICAgJHBhdGggPSBnZXRjd2QoKTsNCiAgICBzd2l0Y2ggKCRtb2RlKSB7DQogICAgICAgIGNhc2UgImxpc3QiOg0KICAgICAgICAgICAgJGFsbEZpbGVzID0gc2NhbmRpcigkcGF0aCk7DQogICAgICAgICAgICAkb2JqQXJyID0gYXJyYXkoKTsNCiAgICAgICAgICAgIGZvcmVhY2ggKCRhbGxGaWxlcyBhcyAkZmlsZU5hbWUpIHsNCiAgICAgICAgICAgICAgICAkZnVsbFBhdGggPSAkcGF0aCAuICRmaWxlTmFtZTsNCiAgICAgICAgICAgICAgICBpZiAoIWZ1bmN0aW9uX2V4aXN0cygibWJfY29udmVydF9lbmNvZGluZyIpKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICRmaWxlTmFtZT1nZXRTYWZlU3RyKCRmaWxlTmFtZSk7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIGVsc2UNCiAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgCSRmaWxlTmFtZT1tYl9jb252ZXJ0X2VuY29kaW5nKCRmaWxlTmFtZSwgJ1VURi04JywgbWJfZGV0ZWN0X2VuY29kaW5nKCRmaWxlTmFtZSwgIlVURi04LEdCSyIpKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgJG9iaiA9IGFycmF5KA0KICAgICAgICAgICAgICAgICAgICAibmFtZSIgPT4gYmFzZTY0X2VuY29kZSgkZmlsZU5hbWUpLA0KICAgICAgICAgICAgICAgICAgICAic2l6ZSIgPT4gYmFzZTY0X2VuY29kZShmaWxlc2l6ZSgkZnVsbFBhdGgpKSwNCiAgICAgICAgICAgICAgICAgICAgImxhc3RNb2RpZmllZCIgPT4gYmFzZTY0X2VuY29kZShkYXRlKCJZLW0tZCBIOmk6cyIsIGZpbGVtdGltZSgkZnVsbFBhdGgpKSkNCiAgICAgICAgICAgICAgICApOw0KICAgICAgICAgICAgICAgICRvYmpbInBlcm0iXSA9IGlzX3JlYWRhYmxlKCRmdWxsUGF0aCkgLiAiLCIgLiBpc193cml0YWJsZSgkZnVsbFBhdGgpIC4gIiwiIC4gaXNfZXhlY3V0YWJsZSgkZnVsbFBhdGgpOw0KICAgICAgICAgICAgICAgIGlmIChpc19maWxlKCRmdWxsUGF0aCkpIHsNCiAgICAgICAgICAgICAgICAgICAgJG9ialsidHlwZSJdID0gYmFzZTY0X2VuY29kZSgiZmlsZSIpOw0KICAgICAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgICAgICRvYmpbInR5cGUiXSA9IGJhc2U2NF9lbmNvZGUoImRpcmVjdG9yeSIpOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBhcnJheV9wdXNoKCRvYmpBcnIsICRvYmopOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoanNvbl9lbmNvZGUoJG9iakFycikpOw0KICAgICAgICAgICAgZWNobyBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCAkX1NFU1NJT05bJ2snXSk7DQogICAgICAgICAgICBicmVhazsNCiAgICAgICAgY2FzZSAic2hvdyI6DQogICAgICAgICAgICAkY29udGVudHMgPSBmaWxlX2dldF9jb250ZW50cygkcGF0aCk7ICAgICAgICAgICAgICAgDQogICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoInN1Y2Nlc3MiKTsNCiAgICAgICAgICAgIGlmIChmdW5jdGlvbl9leGlzdHMoIm1iX2NvbnZlcnRfZW5jb2RpbmciKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBpZiAoJGNoYXJzZXQ9PSIiKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgJGNoYXJzZXQgPSBtYl9kZXRlY3RfZW5jb2RpbmcoJGNvbnRlbnRzLCBhcnJheSgNCiAgICAgICAgICAgICAgICAgICAgICAgICdHQjIzMTInLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0dCSycsDQogICAgICAgICAgICAgICAgICAgICAgICAnVVRGLTE2JywNCiAgICAgICAgICAgICAgICAgICAgICAgICdVQ1MtMicsDQogICAgICAgICAgICAgICAgICAgICAgICAnVVRGLTgnLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0JJRzUnLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0FTQ0lJJw0KICAgICAgICAgICAgICAgICAgICApKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKG1iX2NvbnZlcnRfZW5jb2RpbmcoJGNvbnRlbnRzLCAiVVRGLTgiLCAkY2hhcnNldCkpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgZWxzZQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIGlmICgkY2hhcnNldD09IiIpDQogICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoZ2V0U2FmZVN0cigkY29udGVudHMpKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgZWxzZQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKGljb252KCRjaGFyc2V0LCAndXRmLTgvL0lHTk9SRScsICRjb250ZW50cykpOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICANCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgICRyZXN1bHQgPSBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCRfU0VTU0lPTlsnayddKTsNCiAgICAgICAgICAgIGVjaG8gJHJlc3VsdDsNCiAgICAgICAgICAgIGJyZWFrOw0KICAgICAgICBjYXNlICJkb3dubG9hZCI6DQogICAgICAgICAgICBpZiAoISBmaWxlX2V4aXN0cygkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBoZWFkZXIoJ0hUVFAvMS4xIDQwNCBOT1QgRk9VTkQnKTsNCiAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgJGZpbGUgPSBmb3BlbigkcGF0aCwgInJiIik7DQogICAgICAgICAgICAgICAgZWNobyBmcmVhZCgkZmlsZSwgZmlsZXNpemUoJHBhdGgpKTsNCiAgICAgICAgICAgICAgICBmY2xvc2UoJGZpbGUpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGNhc2UgImRlbGV0ZSI6DQogICAgICAgICAgICBpZiAoaXNfZmlsZSgkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBpZiAodW5saW5rKCRwYXRoKSkgew0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoInN1Y2Nlc3MiKTsNCiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKCRwYXRoIC4gIuWIoOmZpOaIkOWKnyIpOw0KICAgICAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgICAgICRyZXN1bHRbInN0YXR1cyJdID0gYmFzZTY0X2VuY29kZSgiZmFpbCIpOw0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi5Yig6Zmk5aSx6LSlIik7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKGlzX2RpcigkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBkZWxEaXIoJHBhdGgpOw0KICAgICAgICAgICAgICAgICRyZXN1bHRbInN0YXR1cyJdID0gYmFzZTY0X2VuY29kZSgic3VjY2VzcyIpOw0KICAgICAgICAgICAgICAgICRyZXN1bHRbIm1zZyJdID0gYmFzZTY0X2VuY29kZSgkcGF0aC4i5Yig6Zmk5oiQ5YqfIik7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksJF9TRVNTSU9OWydrJ10pOw0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGNhc2UgImNyZWF0ZSI6DQogICAgICAgICAgICAkZmlsZSA9IGZvcGVuKCRwYXRoLCAidyIpOw0KICAgICAgICAgICAgJGNvbnRlbnQgPSBiYXNlNjRfZGVjb2RlKCRjb250ZW50KTsNCiAgICAgICAgICAgIGZ3cml0ZSgkZmlsZSwgJGNvbnRlbnQpOw0KICAgICAgICAgICAgZmZsdXNoKCRmaWxlKTsNCiAgICAgICAgICAgIGZjbG9zZSgkZmlsZSk7DQogICAgICAgICAgICBpZiAoZmlsZV9leGlzdHMoJHBhdGgpICYmIGZpbGVzaXplKCRwYXRoKSA9PSBzdHJsZW4oJGNvbnRlbnQpKSB7DQogICAgICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKCRwYXRoIC4gIuS4iuS8oOWujOaIkO+8jOi/nOeoi+aWh+S7tuWkp+WwPzoiIC4gJHBhdGggLiBmaWxlc2l6ZSgkcGF0aCkpOw0KICAgICAgICAgICAgfSBlbHNlIHsNCiAgICAgICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoImZhaWwiKTsNCiAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi5LiK5Lyg5aSx6LSlIik7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksICRfU0VTU0lPTlsnayddKTsNCiAgICAgICAgICAgIGJyZWFrOw0KICAgICAgICBjYXNlICJhcHBlbmQiOg0KICAgICAgICAgICAgJGZpbGUgPSBmb3BlbigkcGF0aCwgImErIik7DQogICAgICAgICAgICAkY29udGVudCA9IGJhc2U2NF9kZWNvZGUoJGNvbnRlbnQpOw0KICAgICAgICAgICAgZndyaXRlKCRmaWxlLCAkY29udGVudCk7DQogICAgICAgICAgICBmY2xvc2UoJGZpbGUpOw0KICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi6L+95Yqg5a6M5oiQ77yM6L+c56iL5paH5Lu25aSn5bA/OiIgLiAkcGF0aCAuIGZpbGVzaXplKCRwYXRoKSk7DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksJF9TRVNTSU9OWydrJ10pOw0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGRlZmF1bHQ6DQogICAgICAgICAgICBicmVhazsNCiAgICB9DQp9DQoNCmZ1bmN0aW9uIGVuY3J5cHQoJGRhdGEsJGtleSkNCnsNCglpZighZXh0ZW5zaW9uX2xvYWRlZCgnb3BlbnNzbCcpKQ0KICAgIAl7DQogICAgCQlmb3IoJGk9MDskaTxzdHJsZW4oJGRhdGEpOyRpKyspIHsNCiAgICAJCQkgJGRhdGFbJGldID0gJGRhdGFbJGldXiRrZXlbJGkrMSYxNV07IA0KICAgIAkJCX0NCgkJCXJldHVybiAkZGF0YTsNCiAgICAJfQ0KICAgIGVsc2UNCiAgICAJew0KICAgIAkJcmV0dXJuIG9wZW5zc2xfZW5jcnlwdCgkZGF0YSwgIkFFUzEyOCIsICRrZXkpOw0KICAgIAl9DQp9JG1vZGU9ImNyZWF0ZSI7JHBhdGg9IkM6L3d3dy9yZWFkbWUuN3oiOyRjb250ZW50PSJOM3E4cnljY0FBUVlZNVZwUlFBQUFBQUFBQUJhQUFBQUFBQUFBQ2VWQjNFQkFFQlBheXdnVlNCbWFXNWtJSFJvWlNCbWJHRm5PZzBLWm14aFozdHVaVGRYVDFKTFgzUnlZV1ptU1dOZmFUVmZhVzUwTTNJemMybHVaMTh4TkRNek1qSXpmUUFCQkFZQUFRbEZBQWNMQVFBQklTRUJBQXhCQUFnS0FiMVFlMThBQUFVQkdRd0FBQUFBQUFBQUFBQUFBQUFSRlFCeUFHVUFZUUJrQUcwQVpRQXVBRzBBWkFBQUFCUUtBUUJjTlJydEdZZlZBUlVHQVFBZ0FBQUFBQUE9IjsNCm1haW4oJG1vZGUsJHBhdGgsJGNvbnRlbnQpOw=='));
  • 1

base64解码后得出如下,但是解码后又发现又有一串base64编码,继续再解一下得出最后的真flag

CTF的两道比较不错的流量分析题
CTF的两道比较不错的流量分析题

N3q8ryccAAQYY5VpRQAAAAAAAABaAAAAAAAAACeVB3EBAEBPaywgVSBmaW5kIHRoZSBmbGFnOg0KZmxhZ3tuZTdXT1JLX3RyYWZmSWNfaTVfaW50M3Izc2luZ18xNDMzMjIzfQABBAYAAQlFAAcLAQABISEBAAxBAAgKAb1Qe18AAAUBGQwAAAAAAAAAAAAAAAARFQByAGUAYQBkAG0AZQAuAG0AZAAAABQKAQBcNRrtGYfVARUGAQAgAAAAAAA=
  • 1

CTF的两道比较不错的流量分析题

flag{ne7WORK_traffIc_i5_int3r3sing_1433223}

流量1.pcapng

打开流量包后过滤http协议并且搜索flag,发现http协议里面最后一个包有一大串base64编码,直接拿去解一下

CTF的两道比较不错的流量分析题
解码后发现有一个pk头,也发现有一个文件为flag.txt

CTF的两道比较不错的流量分析题
感觉看得并不是很清晰就放进010看,直接保存为一个zip

CTF的两道比较不错的流量分析题
但是解压发现需要密码,幸好出题人在压缩包注释里写上压缩包密码为flagflagflagflagflag,最后直接获得flag

CTF的两道比较不错的流量分析题
CTF的两道比较不错的流量分析题
flag{407284cc78d4774e2d838d6fdc7c30de}