BUUCTF-zip(CRC碰撞脚本、RAR文件尾)
这道题打开是68个加密的压缩文件,寻找规律发现每个压缩包里面的内容都是4个字节,首要考虑就是CRC爆破。
以下是菜狗我吭吃瘪肚写出来的脚本:
import zipfile import string from binascii import crc32 stR = string.printable for i in range(0,68): #直接从zip中读取CRC32 zip_name = "out"+str(i)+".zip" if zip_name.lower().endswith(('.zip')): z = zipfile.ZipFile(zip_name, "r") for info in z.infolist(): crc = format(info.CRC & 0xFFFFFFFF, '08x') #75f90d3a for c in stR: for j in stR: for k in stR: for q in stR: s = c+j+k+q if crc32(s.encode())==int(crc,16): print("out"+str(i)+': '+s)
结果是一串base64:
z5BzAAANAAAAAAAAAKo+egCAIwBJAAAAVAAAAAKGNKv+a2MdSR0zAwABAAAAQ01UCRUUy91BT5UkSNPoj5hFEVFBRvefHSBCfG0ruGnKnygsMyj8SBaZHxsYHY84LEZ24cXtZ01y3k1K1YJ0vpK9HwqUzb6u9z8igEr3dCCQLQAdAAAAHQAAAAJi0efVT2MdSR0wCAAgAAAAZmxhZy50eHQAsDRpZmZpeCB0aGUgZmlsZSBhbmQgZ2V0IHRoZSBmbGFnxD17AEAHAA==
RAR格式的文件尾是3D 7B 00 40 07 00