毫无头绪,然后看到了提示:NTFS数据流,百度一下,就开始做吧

起先用360压缩解压的,用lads.exe /S 扫描,发现根本没有任何有用信息,结果看到题目里面有winrar,果断用winrar解压,再一扫描,得到

Scanning directory C:\Users\以夕阳落款\Desktop\1\ with subdirectories

      size  ADS in file
----------  ---------------------------------
       531  C:\Users\以夕阳落款\Desktop\1\2.jpg:flag

果然里面有东西,360坑爹啊,使用下面的工具导出(这个工具可能会篡改浏览器主页):

ntfsstreamseditor

得到一个文件,内容是这样的:

1.<ZWAXJGDLUBVIQHKYPNTCRMOSFE <
2.<KPBELNACZDTRXMJQOYHGVSFUWI <
3.<BDMAIZVRNSJUWFHTEQGYXPLOCK <
4.<RPLNDVHGFCUKTEBSXQYIZMJWAO <
5.<IHFRLABEUOTSGJVDKCPMNZQWXY <
6.<AMKGHIWPNYCJBFZDRUSLOQXVET <
7.<GWTHSPYBXIZULVKMRAFDCEONJQ <
8.<NOZUTWDCVRJLXKISEFAPMYGHBQ <
9.<QWATDSRFHENYVUBMCOIKZGJXPL <
10.<WABMCXPLTDSRJQZGOIKFHENYVU <
11.<XPLTDAOIKFZGHENYSRUBMCQWVJ <
12.<TDSWAYXPLVUBOIKZGJRFHENMCQ <
13.<BMCSRFHLTDENQWAOXPYVUIKZGJ <
14.<XPHKZGJTDSENYVUBMLAOIRFCQW <

密钥:1,2,5,7,9,11,14,3,4,6,8,10,12,13

密文:BQKUTPVDKYUQVU

经提示,是杰弗逊转轮加密,写个脚本:

using System;

namespace test
{
	class Program
	{
		private static char[] key = "BQKUTPVDKYUQVU".ToCharArray();
		private static int[] num = {1, 2, 5, 7, 9, 11, 14, 3, 4, 6, 8, 10, 12, 13};
			
		private static string[] code = {"", "ZWAXJGDLUBVIQHKYPNTCRMOSFE" ,"KPBELNACZDTRXMJQOYHGVSFUWI" ,"BDMAIZVRNSJUWFHTEQGYXPLOCK" ,"RPLNDVHGFCUKTEBSXQYIZMJWAO" ,"IHFRLABEUOTSGJVDKCPMNZQWXY" ,"AMKGHIWPNYCJBFZDRUSLOQXVET" ,"GWTHSPYBXIZULVKMRAFDCEONJQ" ,"NOZUTWDCVRJLXKISEFAPMYGHBQ" ,"QWATDSRFHENYVUBMCOIKZGJXPL" ,"WABMCXPLTDSRJQZGOIKFHENYVU" ,"XPLTDAOIKFZGHENYSRUBMCQWVJ" ,"TDSWAYXPLVUBOIKZGJRFHENMCQ" ,"BMCSRFHLTDENQWAOXPYVUIKZGJ" ,"XPHKZGJTDSENYVUBMLAOIRFCQW"};
		
		public static void Main(string[] args)
		{
			for(int i = 0; i < key.Length; i++){
				code[num[i]] = decode(key[i], code[num[i]]);
			}
			
			for(int i = 0; i < key.Length; i++){
				Console.WriteLine(code[num[i]]);
			}
			
			Console.ReadLine();
		}
		
		private static string decode(char A, string B)
		{
			int k = B.IndexOf(A);
			string t = B.Substring(k, B.Length - k) + B.Substring(0, k);
			return t;
		}
	}
}

 

解密得到Flag:

西普CTF-你知道他是谁吗?-以夕阳落款

Flag:

温馨提示: 此处内容需要评论本文后刷新才能查看,支付2元即可直接查看所有Flag。

小广告:关于获取西普实验吧所有Flag请点击这里查看索引

查看所有Flag文章需要输入密码,需要获取文章密码的童鞋请扫描下面微信或支付宝二维码捐助至少2元(老哥,捐多捐少是个缘分)之后发送支付凭证号联系我获取,Flag大全地址:Flag大全

新功能:捐款的小伙伴请联系我把自己的注册邮箱加入网站白名单,可以免回复看到本站所有Flag

PS:本站不是实验吧的官方站点,纯粹是个人博客,收取Flag费用仅是维持服务器费用,做站不易,且行窃珍惜!

微信二维码:
支付宝二维码: