CTF-Misc基础 – Harveysn0w·北极熊

一、文件操作与隐写

1.1 文件类型识别

1.2 文件分离操作

1.3 文件合并操作

1.4 文件内容隐写

二、图片隐写术

2.1 图片文件隐写

LSB.py 
#coding:utf-8 
importPIL.Image 
deffoo():
  im = PIL.Image.open('01.bmp') 
  im2 =im.copy()
  pix = im2.load() 
  width,height=im2.size

  for x inxrange(0,width):
    for y inxrange(0,height): 
      if pix[x,y]&amp;0x1 ==0:
        pix[x,y]=0 
     else:
        pix[x,y]=255
   im2.show() 
   pass
ifname == 'main': 
  foo()
  print'ok.' 
pass

#coding:utf-8 
import binascii 
import struct
crcbp = open("xxx.png","rb").read()#此处填上文件名
for i inrange(1024):
for j inrange(1024):
data = crcbp[12:16] + struct.pack('>i',i) + struct.pack('>i',j) + crcbp[24:29] crc32 = binascii.crc32(data) &amp;0xffffffff
if crc32==0x08ec7edb:#此处填上CRC值
printi,j
print"hex",hex(i),hex(j)

三、压缩文件处理

3.1 压缩文件分析

四、流量取证技术

4.1 流量包文件分析

4.2 无线流量包跑密码

4.3 USB流量包文件分析

# a keyboardmaping
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D",0x08:"E",
0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J",0x0E:"K",
0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P",0x14:"Q",
0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V",0x1A:"W",
0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2",0x20:"3",
0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8",0x26:"9",
0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:"\t", 0x2C:" ",0x2D:"-
", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~",0x33:";",
0x34:"'", 0x36:",", 0x37:".",0x82:"CaspsLock"}
nums =[]
keys =open('usbdata.txt') data=''
for line in keys: line =line.strip()
if line[0]!='0' or line[1]!='0' or line[3]!='0'or
line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0'or
line[13]!='0' or line[15]!='0' or line[16]!='0' orline[18]!='0'
or line[19]!='0' or line[21]!='0' or line[22]!='0': continue
strs =str(line.split(":")[2]) id ="0x"+strs
if int(id,16) in mappings: data+=mappings[int(id,16)]
print data keys.close()

# a keyboardmaping
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D",0x08:"E",
0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J",0x0E:"K",
0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P",0x14:"Q",
0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V",0x1A:"W",
0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2",0x20:"3",
0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8",0x26:"9",
0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:"\t", 0x2C:" ",0x2D:"-
", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~",0x33:";",
0x34:"'", 0x36:",", 0x37:".",0x82:"CaspsLock"}
nums=[]
keys =open('usbdata.txt') data=''
for line in keys: line =line.strip()
if line[0]!='0' or line[1]!='0' or line[3]!='0'or
line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0'or
line[13]!='0' or line[15]!='0' or line[16]!='0' orline[18]!='0'
or line[19]!='0' or line[21]!='0' or line[22]!='0': continue
strs =str(line.split(":")[2]) id ="0x"+strs
if int(id,16) in mappings: data+=mappings[int(id,16)]
print data keys.close()

nums =[]
keys = open('usbdata.txt','r') posx =0
posy =0
for line inkeys:
if len(line) != 12: continue
x=int(line[3:5],16)y=int(line[6:8],16)ifx>127:
x-=256 if y>127: y -=256
posx +=x posy +=y
btn_flag = int(line[0: 2], 16)# 1 for left, 2 for right, 0 for nothing printbtn_flag
if btn_flag == 1: print posx,posy
keys.close()

ifbtn_flag需要自行调整0,1,2。