下载附件得到一个mp4,文件,打开发现:
    image.png
    看了一遍,发现没有什么异常。就拖进虚拟机先binwalk一下:
    image.png
    好像东西挺过,一直在跑,那就去010Editor中再看看:
    image.png
    里面发现不少东西,尝试修改下文件后缀为zip.
    解压出来6573个图片,虚拟机跑的看着和这差不多。
    image.png
    只不过还有原来的没解压缩的压缩包。
    在这么多图片中发现一个异常的,在上图中也可以看到65.jpg,显然不是个图片。
    image.png
    文件头被修改了,应该是rar。
    正常的为:image.png
    就0-3的部分修改下就行。
    image.png
    发现被加密了,试了试伪加密和简单的爆破发现没用。题目别的地方也没有发现压缩包密码的提示。
    然后看师傅们的题解,说是有hint,应该是题目下放的hint.
    ##压缩包密码(6位):GWxxxx
    ##后面可能会用到的哦
    image.png我file完文件没出现是RAR5.
    好像是ARCHPR无法爆破RAR5的密码。
    这里用john下面的一个工具:rar2john
    来提取hash。
    rar2john 65.rar 65.rar:$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f
    开始安装好了,后来出了问题,这里后续补上图。
    然后就是用hashcat爆破hash

    1. D:\Tools\Misc\hashcat-6.2.2> .\hashcat.exe -m 13000 -a 3 '$rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005ea8f91bf0356c8dddcfa41ac4cb$8$62293dc5e26e9e7f' GW?a?a?a?a
    2. hashcat (v6.2.2) starting...
    3. Successfully initialized NVIDIA CUDA library.
    4. Failed to initialize NVIDIA RTC library.
    5. * Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
    6. CUDA SDK Toolkit required for proper device support and utilization.
    7. Falling back to OpenCL runtime.
    8. * Device #2: Unstable OpenCL driver detected!
    9. This OpenCL driver may fail kernel compilation or produce false negatives.
    10. You can use --force to override, but do not report related errors.
    11. nvmlDeviceGetFanSpeed(): Not Supported
    12. OpenCL API (OpenCL 1.2 CUDA 11.1.114) - Platform #1 [NVIDIA Corporation]
    13. ========================================================================
    14. * Device #1: GeForce GTX 1050, 3328/4096 MB (1024 MB allocatable), 5MCU
    15. OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
    16. =============================================================
    17. * Device #2: Intel(R) UHD Graphics 630, skipped
    18. Minimum password length supported by kernel: 0
    19. Maximum password length supported by kernel: 256
    20. Hashes: 1 digests; 1 unique digests, 1 unique salts
    21. Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
    22. Optimizers applied:
    23. * Zero-Byte
    24. * Single-Hash
    25. * Single-Salt
    26. * Brute-Force
    27. * Slow-Hash-SIMD-LOOP
    28. Watchdog: Temperature abort trigger set to 90c
    29. Host memory required for this attack: 87 MB
    30. [s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>
    31. Session..........: hashcat
    32. Status...........: Quit
    33. Hash.Name........: RAR5
    34. Hash.Target......: $rar5$16$a2dce3925af59efb2df9851dbfc24fb1$15$bb005e...6e9e7f
    35. Time.Started.....: Fri Jul 02 21:04:28 2021 (2 secs)
    36. Time.Estimated...: Fri Jul 02 23:44:57 2021 (2 hours, 40 mins)
    37. Kernel.Feature...: Pure Kernel
    38. Guess.Mask.......: GW?a?a?a?a [6]
    39. Guess.Queue......: 1/1 (100.00%)
    40. Speed.#1.........: 8460 H/s (9.29ms) @ Accel:4 Loops:128 Thr:1024 Vec:1
    41. Recovered........: 0/1 (0.00%) Digests
    42. Progress.........: 0/81450625 (0.00%)
    43. Rejected.........: 0/0 (0.00%)
    44. Restore.Point....: 0/81450625 (0.00%)
    45. Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:25472-25600
    46. Candidate.Engine.: Device Generator
    47. Candidates.#1....: GWEERA -> GW#cke
    48. Hardware.Mon.#1..: Temp: 60c Util: 99% Core:1683MHz Mem:3504MHz Bus:8

    这里用到的参数:
    -m指定爆破文档类型:

    1. - [ Hash modes ] -
    2. # | Name | Category
    3. ======+=====================================================+======================================
    4. 13000 | RAR5 | Archives

    -a指定爆破模式:

    1. - [ Attack Modes ] -
    2. # | Mode
    3. ===+======
    4. 0 | Straight
    5. 1 | Combination
    6. 3 | Brute-force
    7. 6 | Hybrid Wordlist + Mask
    8. 7 | Hybrid Mask + Wordlist
    9. 9 | Association
    • GW?a?a?a?a,?a包含大小写字母、数字及特殊字符

    最后爆破出来密码:GW5!3#
    解压:
    image.png
    文件无后缀,加上得到:
    image.png