1.不知道JPG长宽爆破
import zlib
import struct
import binascii
import os
import re
file = 'flag.jpg'
fr = open(file,'rb').read()
#print(fr)
i= fr.find(b'\xff\xc0')
headdata=fr[0:i+5]
heightdata=fr[i+5:i+7]
widthdata=fr[i+7:i+9]
remaindata=fr[i+9::]
print (headdata)
print (heightdata)
print (widthdata)
#print (remaindata)
path=os.getcwd()
tmppath=path+'\\tmppic'
print(tmppath)
if os.path.exists(tmppath):
os.chdir(tmppath)
else:
os.mkdir(tmppath)
os.chdir(tmppath)
n=2001
h=500
heightdata=h.to_bytes(2, 'big')
for w in range(1,n):
widthdata=w.to_bytes(2, 'big')
newfile=headdata+heightdata+widthdata+remaindata
fw = open(str(w)+'.jpg','wb')
fw.write(newfile)
fw.close
2.鼠标流量
nums = []
keys = open('usbdata.txt','r')
result=open('result.txt','w')
posx = 0
posy = 0
for line in keys:
if len(line) != 12 :#忽略空行
continue
x = int(line[3:5],16)
y = int(line[6:8],16)
if x > 127 :
x -= 256
if y >120 :#这个参数控制单个字符的高度,如果高度过大导致字符过瘦,请调大
y -=256#这个参数控制字符串的倾斜程度,如果向下倾斜就调高,如果向上倾斜就调低
posx += x
posy += y
btn_flag = int(line[0:2],16) # 1 for left , 2 for right , 0 for nothing
if btn_flag == 1 :
result.write(str(posx)+' '+str(-posy)+'\n')
keys.close()
result.close()
3.base换表爆破
import itertools
def My_base64_decode(inputs,s):
bin_str = []
for i in inputs:
if i != '=':
x = str(bin(s.index(i))).replace('0b', '')
bin_str.append('{:0>6}'.format(x))
#print(bin_str)
outputs = ""
nums = inputs.count('=')
while bin_str:
temp_list = bin_str[:4]
temp_str = "".join(temp_list)
#print(temp_str)
if(len(temp_str) % 8 != 0):
temp_str = temp_str[0:-1 * nums * 2]
for i in range(0,int(len(temp_str) / 8)):
outputs += chr(int(temp_str[i*8:(i+1)*8],2))
bin_str = bin_str[4:]
return outputs
h=['j','u','3','4']
h1=list(itertools.permutations(h))
for i in h1:
m="".join(i)
s = "JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs"+m+"kxyz012789+/"
input_str="mtHVnkLnIaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD=="
print(My_base64_decode(input_str,s),i)
#NEWSCTF2021{base64_1s_v3ry_e@sy_and_fuN}
4.BMP-填入正确宽度后可自动爆破高度
from PIL import Image
import os
import matplotlib.pyplot as plt
file = '3.bmp'
fr = open(file,'rb').read()
headdata = bytearray(fr[0:18])
widthdata = bytearray(fr[18:22])
heightdata = bytearray(fr[22:26])
remaindata = bytearray(fr[26::])
#请填入正确的宽度和预估最大高度范围
#############################################################
w = 793
n = 2000
#############################################################
h1=int.from_bytes(heightdata,byteorder='little',signed=True)
print(h1)
if h1<0:
n = -n
path=os.getcwd()
tmppath=path+'\\tmppic'
print(tmppath)
if os.path.exists(tmppath):
os.chdir(tmppath)
else:
os.mkdir(tmppath)
os.chdir(tmppath)
widthdata=w.to_bytes(4, 'little')
for h in range(-1,n,-1):
heightdata=h.to_bytes(4, 'little',signed=True)
# print (widthdata)
newfile=headdata+widthdata+heightdata+remaindata
fw = open(str(h)+'.bmp','wb')
fw.write(newfile)
fw.close
#img=Image.open(str(h)+'.bmp')
try:
img=Image.open(str(h)+'.bmp')
print(h)
plt.figure(figsize=(4, 4))
plt.ion() # 打开交互模式
plt.axis('off') # 不需要坐标轴
plt.imshow(img)
mngr = plt.get_current_fig_manager()
#mngr.window.wm_geometry("+380+310") # 调整窗口在屏幕上弹出的位置
#plt.pause(1) # 该句显示图片1秒
plt.ioff() # 显示完后一定要配合使用plt.ioff()关闭交互模式,否则可能出奇怪的问题
plt.clf() # 清空图片
plt.close() # 清空窗口
#os.remove(str(h)+'.bmp')
except TypeError as e:
print('except:', e)
j=h+1
break
except OSError as e:
print('except:', e)
j=h+1
break
print(j)
else:
#n = 1000
path=os.getcwd()
tmppath=path+'\\tmppic'
print(tmppath)
if os.path.exists(tmppath):
os.chdir(tmppath)
else:
os.mkdir(tmppath)
os.chdir(tmppath)
widthdata=w.to_bytes(4, 'little')
for h in range(1,n):
heightdata=h.to_bytes(4, 'little',signed=True)
# print (widthdata)
newfile=headdata+widthdata+heightdata+remaindata
fw = open(str(h)+'.bmp','wb')
fw.write(newfile)
fw.close
img=Image.open(str(h)+'.bmp')
try:
#print(h)
plt.figure(figsize=(4, 4))
plt.ion() # 打开交互模式
plt.axis('off') # 不需要坐标轴
plt.imshow(img)
mngr = plt.get_current_fig_manager()
#mngr.window.wm_geometry("+380+310") # 调整窗口在屏幕上弹出的位置
#plt.pause(1) # 该句显示图片1秒
plt.ioff() # 显示完后一定要配合使用plt.ioff()关闭交互模式,否则可能出奇怪的问题
plt.clf() # 清空图片
plt.close() # 清空窗口
#os.remove(str(h)+'.bmp')
except TypeError as e:
print('except:', e)
j=h-1
break
except OSError as e:
print('except:', e)
j=h-1
break
print(j)
5.爆破多个压缩包crc
#爆破多个压缩包的crc
#长度为4字节
import zipfile
import string
import binascii
path = 'D:\\IDM_download\\file_17\\out'#输入文件夹目录
crcs = [''] * 68#压缩包总个数
txts = [''] * 68#同上
for i in range(68):
file = path + str(i) + '.zip'
f = zipfile.ZipFile(file, 'r')
crcs[i] = f.getinfo('data.txt').CRC
dic = string.printable[:-6]
num = 0
for i in dic:
for j in dic:
for k in dic:
for l in dic:
s = i + j + k + l
c = binascii.crc32(s.encode('utf-8'))
for n in range(68):
if c == crcs[n]:
txts[n] = s
print('No.%d is %s' %(n, s))
num += 1
if num == 68:
print(txts)
print(''.join(txts))
break
else:
continue
break
else:
continue
break
else:
continue
break
6.棋盘密码替换爆破
import itertools
s0="abcdefghiklmnopqrstuvwxyz"
s1=["11","12","13","14","15","21","22","23","24","25","31","32","33","34","35","41","42","43","44","45","51","52","53","54","55"]
s2=["1","2","3","4","5"]
s4="iftffsissrssirissr"
s3=["f","i","r","s","t"]
s3=list(itertools.permutations(s3))
for k in s3:
S=""
for i in range(0,len(s4),2):
x=""
for j in s4[i:i+2]:
x+=s2[list(k).index(j)]
S+=s0[s1.index(x)]
print(S)
#keyisthis
7.cipin词频统计
做一个词频统计程序,该程序具有以下功能
基本要求:
(1)可导入任意英文文本文件
(2)统计该英文文件中单词数和各单词出现的频率(次数),并能将单词按字典顺序输出。
(3)将单词及频率写入文件。
提高要求:
完成基本要求的基础上,实现下述功能:
1.实现GUI界面。
2.将单词及频率写入数据库。
实现思路:
定义一个单词容器类wordcol,有两个属性,第一个属性为单词本身,第二属性就是出现次数。用一个map来统计,map的key为单词本身,value为wordcol对象。先将一篇文章清洗干净,过滤掉所有的标点符合等,这个用正则表达式即可。然后将大写的字母小写,因为大写和小写不形象单词本身的出现次数,再将单词按照空格分割,分割后得到一个数组就是所有的单词,但是可能包含空格。所以在统计的时候加以判断。
经典分拣思路:
遍历这一堆单词数组,每次取出一个单词,用map的get方法获得value值。如果value为空,则说明,这个单词还没有被统计过,则创建一个新的wordcol,次数为1,然后加入到map中。如果不为空则将获得到的value即wordcol对象中的次数属性加一。加了一个单词首字母排序的功能,即将key进行一个排序,然后按照排序后的key输出,或者直接用treemap。
import re
file = open('flag.txt')
line = file.readlines()
file.seek(0,0)
file.close()
result = {}
for i in range(97,123):
count = 0
for j in line:
find_line = re.findall(chr(i),j)
count += len(find_line)
result[chr(i)] = count
res = sorted(result.items(),key=lambda item:item[1],reverse=True)
num = 1
for x in res:
print('频数第{0}: '.format(num),x)
num += 1
8.LSB按行读取rgb转换0和1
from PIL import Image
im=Image.open('gray.png')
width=im.size[0]
height=im.size[1]
fh=open('1.txt','w')
for h in range(height):
for w in range(width):
color=im.getpixel((w,h))
# print color
colorsum=color[0]+color[1]+color[2]
if(colorsum == 0):
fh.write('1')
else:
fh.write('0')
fh.close()
9.根据RGB数值自动因式分解画图
from PIL import Image
def Crack(n):#yinshufenjie
flag = []
for each in range(2,int(n **0.5)+1):
if(n % each == 0):
print(each,int(n/each))
flag += [(each,int(n/each))]
if len(flag) == 1:return flag[0]
else:
choice = input("Which group to select(0-%s):"%(len(flag)-1))
return flag[int(choice)]
def Paint(X,Y,listrgb):#Draw according to string list
pic = Image.new("RGB",(X, Y))
i=0
for x in range (0,X):
for y in range (0,Y):
temp = listrgb[i].split(',')
pic.putpixel([x,y],(int(temp[0]),int(temp[1]),int(temp[2])))
i = i+1
pic.show()
pic.save(r"/root/flag%s.png"%(X))
listrgb = open(r"/root/1.txt").readlines()
X,Y = Crack(len(listrgb))
Paint(X,Y,listrgb)
Paint(Y,X,listrgb)
10.批量提取文件名
@echo off
for /f "delims=" %%a in ('dir /b/a-d/oN *.*') do echo %%a >>1.txt
11.还原图片
from PIL import Image
x = 320
y = 245
im = Image.new('RGB', (x, y))
with open('hint.txt') as f:
for i in range(x):
for j in range(y):
line = f.readline().replace('\n','')
s = line.split(',')
im.putpixel((i, j), (int(s[0]), int(s[1]), int(s[2])))
im.save('d.png')
12.根据图像点画图
60
,280
,500
,360
,420
,160
,420
,320
,540
,360
,100
,380
,440
,40
,100
,480
,420
,460
,280
,600
,440
,480
,40
,440
,440
,400
,300
,540
,180
,80
,40
,340
,160
,260
,480
,280
,40
,340
,260
,440
,380
,80
,340
,480
,200
,240
,600
,120
,520
,480
,100
,320
,100
,260
,40
,540
,440
,220
,40
,260
,560
,140
,80
,580
,40
,360
,80
,600
,140
,520
,440
,280
,100
,520
,80
,600
,120
,500
,400
,440
,140
,240
,220
,120
,340
,180
,40
,500
,60
,40
,100
,440
,460
,480
,540
,320
,240
,480
,140
,180
,540
,600
,460
,240
,120
,200
,380
,380
,540
,320
,160
,80
,200
,440
,360
,40
,480
,440
,580
,280
,540
,80
,400
,600
,160
,240
,240
,580
,200
,100
,40
,120
,80
,260
,200
,480
,420
,600
,160
,560
,220
,500
,360
,580
,540
,600
,260
,200
,440
,480
,260
,220
,520
,560
,140
,40
,300
,420
,40
,420
,440
,280
,40
,260
,520
,200
,480
,80
,360
,340
,580
,520
,320
,160
,600
,40
,360
,360
,200
,80
,600
,280
,560
,340
,200
,220
,200
,120
,140
,300
,220
,520
,40
,220
,100
,340
,400
,540
,320
,340
,340
,520
,100
,80
,280
,160
,320
,280
,320
,120
,320
,300
,440
,160
,300
,160
,260
,240
,320
,360
,300
,500
,100
,520
,120
,120
,100
,340
,440
,160
,80
,380
,560
,360
,120
,360
,140
,340
,200
,300
,400
,120
,580
,520
,520
,560
,200
,220
,260
,520
,60
,100
,580
,180
,380
,540
,540
,340
,460
,600
,260
,500
,440
,200
,540
,300
,340
,460
,540
,400
,340
,360
,220
,580
,40
,560
,120
,100
,400
,580
,100
,500
,460
,80
,380
,80
,60
,500
,200
,500
,100
,600
,300
,240
,40
,420
,320
,40
,440
,160
,540
,360
,520
,260
,520
,100
,120
,560
,520
,540
,380
,140
,580
,420
,340
,440
,600
,240
,260
,80
,60
,520
,500
,500
,400
,400
,440
,160
,160
,320
,240
,320
,80
,340
,360
,160
,500
,360
,380
,540
,380
,520
,160
,340
,240
,160
,480
,60
,160
,220
,320
,120
,80
,40
,320
,200
,480
,340
,480
,420
,420
,480
,120
,160
,480
,320
,240
,280
,280
,400
,120
,460
,560
,400
,320
,300
,160
,40
,420
,280
,40
,400
,460
,320
,220
,160
,480
,420
,300
,120
,340
,80
,120
,40
,540
,120
,100
,460
,320
,380
,200
,300
,320
,580
,160
,260
,540
,260
,560
,500
,540
,600
,220
,480
,180
,460
,400
,300
,500
,480
,220
,60
,440
,480
,440
,560
]
t=[540
,200
,160
,400
,300
,300
,160
,360
,320
,300
,200
,440
,120
,220
,100
,140
,440
,300
,140
,480
,520
,380
,260
,320
,400
,540
,300
,80
,40
,580
,400
,320
,340
,520
,140
,540
,300
,380
,60
,480
,40
,220
,500
,40
,360
,280
,80
,340
,300
,120
,40
,80
,520
,100
,560
,80
,580
,400
,560
,380
,600
,420
,420
,160
,600
,240
,460
,60
,560
,40
,200
,440
,440
,480
,160
,420
,220
,160
,140
,220
,320
,560
,100
,480
,220
,200
,520
,200
,240
,240
,540
,480
,580
,120
,440
,300
,560
,300
,300
,380
,300
,280
,300
,480
,160
,220
,180
,400
,220
,240
,560
,160
,380
,200
,380
,520
,580
,260
,160
,160
,520
,420
,260
,120
,260
,300
,220
,120
,100
,40
,560
,560
,340
,360
,120
,100
,520
,180
,260
,80
,100
,600
,300
,100
,220
,420
,580
,100
,40
,320
,160
,120
,120
,280
,560
,300
,100
,400
,380
,420
,600
,100
,540
,240
,520
,560
,480
,260
,60
,420
,440
,440
,80
,200
,40
,260
,240
,300
,280
,600
,320
,360
,200
,460
,200
,80
,580
,540
,340
,140
,360
,160
,460
,280
,460
,340
,300
,480
,260
,460
,500
,240
,360
,600
,600
,400
,600
,460
,280
,340
,220
,440
,340
,280
,180
,360
,400
,400
,100
,540
,360
,420
,520
,380
,200
,560
,100
,320
,240
,40
,340
,260
,480
,120
,440
,120
,360
,200
,500
,40
,520
,80
,500
,420
,560
,380
,500
,560
,380
,300
,60
,200
,380
,340
,280
,260
,380
,60
,600
,40
,480
,380
,80
,600
,580
,180
,460
,80
,60
,100
,240
,380
,340
,240
,40
,420
,220
,600
,200
,600
,520
,200
,160
,600
,520
,420
,520
,500
,480
,220
,380
,260
,280
,360
,380
,540
,520
,140
,280
,160
,120
,160
,60
,340
,180
,420
,240
,120
,160
,540
,40
,520
,220
,580
,260
,360
,100
,440
,460
,420
,160
,440
,540
,160
,480
,600
,240
,120
,160
,40
,440
,500
,60
,260
,600
,560
,460
,540
,160
,440
,80
,220
,280
,320
,160
,80
,220
,240
,40
,220
,600
,140
,480
,480
,100
,300
,80
,400
,40
,340
,500
,480
,500
,380
,200
,480
,560
,320
,120
,140
,180
,320
,240
,440
,440
,360
,360
,220
,300
,580
,300
,340
,120
,500
,140
,560
,580
,120
,520
,440
,60
,320
,160
,60
,80
,80
,40
,260
,260
,200
,200
,500
,420
,380
,600
,80
,40
,360
,460
,580
,120
,520
,40
,420
,60
,460
,100
,360
,600
,600
,140
,560
,40
,80
,40
,400
,60
,420
,400]
img0 = Image.new('RGB', (1000, 1000), '#ffffff')
for i in range(len(s)):
for j in range(20):
for n in range(20):
img0.putpixel ((s[i]+j,t[i]+n), (0,0,0))
img0.save("result.png")
本文转载自: https://blog.csdn.net/t235336456/article/details/128109561
版权归原作者 Liyuusuki 所有, 如有侵权,请联系我们删除。
版权归原作者 Liyuusuki 所有, 如有侵权,请联系我们删除。