首先下载文件,发现是一个数据包,打开,看到很多的TCP包和HTTP包,然后用文本编辑器打开,看到类似下面这样子的请求:

西普CTF-啦啦啦-以夕阳落款

可以看到,这里面有传输数据,把所有传输数据的地方找出来,会发现有两次,一开始找一下比较大的那个包,用wireshark还原,然后发现是一个docx文档,大致意思是flag不在这里巴拉巴拉的,好吧,被骗了,再找一下小的那个,是个压缩包:

我是压缩包,点我下载

然后发现是4个txt文本,格式类似这样子:

89504E470D0A1A0A0000000D49484452000000A5000000880802000000097BBC65000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000053C49444154785EED9D4172E3300C04FDFF4F67378ECB874496D8E480A6ACDE330882D31850922BB5B72FFF5D4981DB950EEB59BFE47DAD2690B7BCAFA5C0B54EABBFE57D2D05AE75DA97FEBE9DE41FC5953AD6AB7D697E5AFF60BCBC29A047BCBC3B851B5C46FB7D70BBE77279A7946479E48D14709EB3F6D2DF9D7AA596A1EEFE1F5CBD2FCD4FEB1F8CD7DF1490CF6B9D8A6596D17ECFEC7A8BF984D63F188FEB1EDCAF7BF92B4E3461751EDA4FB4FEC178791FCCE7D47B57AACFE4CD1448E94E7D9CDA979DF64FB4FED6DFF7A658A41F9F0D9AAAA73A0FF5FDA05FE972FDADBFF577836BA88F5373A5A1B4BD10FDADBFBBFC5DDDEFD41FA97AAAF7A5EF7BABF83BA56FEAFCA97AE4BD4D24A5AFBC7F14A07DD6E8FBD8FD2DEF7D4E941F8D9777AA03B7F3D03944F9D17879CB7BA3079CE79D6DA1BF3B85FBB58CEA48E33355D6FFFEED3CAFBD47691F34DE97876193F7759E53C13BBFC7A5E6D06103ED07C85BDE5DEFFB9DB2FD59467D40E3ABEBA4FEA3F5D0FCBFE2F53715DC79BE3B0FA89CD4AF349ED653F49CFC2C9BD6A3BF6BBFE7CBBB565FEA571A4FFD24EF73F04EF501CD43E369FF39CF9902297DA9EFE9BE347FA30A1FFB7C9EF219CD43E3691F34727D5906AD8FC6A7CE93EAF777D543F74D9DF72AEFDFA9BEA479683CED03FDCD1448E94BFD47F7A5F91B55F0FE3E0041FD4AE3691F3472F5FE7E2890D297FA8FEE4BF337F641CCDF8DFB7587A5CE4F75A77E4DC5770BB5BF50DE6F9EE7455CCBE77975DDFA3BA2B0FED6DFF7464AF929D295C17ABCBFB789C8FB4781D4F3D7227AC6CE93F2714A5F9A87F2A88E2FD253DEDEDFBBF737BDFFAAE3A98F3F35BE711E607F57F3A3F93F951FBD2FE4BDADD8A7F687BCE5BDD103CEF383DF51CE320FF4B7FED6DFEFFB7E429FBF68BCFED6DFC4DF8DFD72BAB0EAF73D9ABFC8C7F8F7D0D3816C2C98F2A0CF6B34BFBC1BC17586511EF2EE147A9165F25E04C4A432E43D49E845B691F72220269521EF49422FB28DBC6B41BC4BDFDA53F1FF9792D653F49EF6F2F7125A5FEABDA53ACF6AE7A2E71DAC5FDE9D02A6E696BCB715A8D69762AFAEC779CE14A6FC683CABE6F5EF72FA5B7F7F2BA0BF99A3A85F693CAB467FD3FEADD657DE6CAEA6EE21DA07A97D29EF93C6E3F731CAA33A5EDEA8F3E48DE43A7DB0BC4F8F101D40DE48AED307CBFBF408D101E48DE43A7DB0BC4F8F101D00FFFD187DFFA1EF63343F8D3F4B3DA93A7FE923EF87B0C8251DDFB7E9F741796F2BA0BF51A7EA6FFD7D6F183A4FE8BC425D79C17AA8FE8D7AEA6FFDADBF1BCC42FD47E71FCDDF50F27D6CD3E71D1A9FAA9BE6A1FA36EAF50CABAE87E66FAC1F7F6F69CC7B1856CDE3B080C680EA3AABF3B7BE7F37CAD11D36F99CCBD6395907FD7DD009D53CAAF3EB6F66F56A1ED5F9E52D6FA640267A725F77175D5D67757EFDCDD057F3A8CE2F6F791305683FD2EF0634FFBBBEFFACB66F2343FC3E4679C87B5FB1464EA9307977FE5EA2BF99F3ABF562D5F0BFE7ABAE3F65E8D1E735AAA3F3DC79FEAD40B53F685FA6FCF4AE7D1BEBF7FEF6FEDE6D15DABFCEF3CF9CE78DF3645AD8BBFA921E90FA81E6AF7A5E1BAC23BE5CDE9B92C6EEEF38B0C184F296774F0FD0F708DAA6CE73AAD8767C0FDBAD35F2DE563243299745DECEF39E1ED0DFFAFBBB0752F76E2A4FE364C4CFE7D5FD5E9D9FEA4BE369FD74E634727D59C6E0FAE7F2942E542F5A3FAD93C6D3FAE5CD9EB7E58D14709E1FFC5EA2BF6BFD47E721EAEE8EE72C79CB7BEFF77BDAAFDEDFB5FD44FD4AE3E54D27AEBCF73C3FA866EC796DB00E97CF5140DE73745E651779AF42624E1DF29EA3F32ABBC87B151273EA90F71C9D57D945DEAB90985387BCE7E8BCCA2EF25E85C49C3AFE01B0D798A19EEC75CC0000000049454E44AE426082

这不就是png头吗,所以这是四张png图片,恢复一张看看:

西普CTF-啦啦啦-以夕阳落款

二维码的左上角,ok,就是4张二维码的切图拼接成一个二维码,拼接好之后就可以看到二维码然后扫一扫了

拼接完的图:

点我下载

Flag:

温馨提示: 此处内容需要评论本文后刷新才能查看,支付2元即可直接查看所有Flag。

小广告:关于获取西普实验吧所有Flag请点击这里查看索引

查看所有Flag文章需要输入密码,需要获取文章密码的童鞋请扫描下面微信或支付宝二维码捐助至少2元(老哥,捐多捐少是个缘分)之后发送支付凭证号联系我获取,Flag大全地址:Flag大全

新功能:捐款的小伙伴请联系我把自己的注册邮箱加入网站白名单,可以免回复看到本站所有Flag

PS:本站不是实验吧的官方站点,纯粹是个人博客,收取Flag费用仅是维持服务器费用,做站不易,且行窃珍惜!

微信二维码:
支付宝二维码: