一共68个压缩包,emmmmmmm,crc32碰撞
#coding:utf-8import zipfileimport stringimport binascii
def CrackCrc(crc):
for i in dic:
for j in dic:
for p in dic:
for q in dic:
s = i + j + p + q
if crc == (binascii.crc32(s) & 0xffffffff):
#print s
f.write(s)
return
def CrackZip():
for I in range(68):
file = 'out' + str(I) + '.zip'
f = zipfile.ZipFile(file, 'r')
GetCrc = f.getinfo('data.txt')
crc = GetCrc.CRC
#以上3行为获取压缩包CRC32值的步骤
#print hex(crc)
CrackCrc(crc)
dic = string.ascii_letters + string.digits + '+/='
于是可以得到一段base64,用python解码,不要用在线工具解码= =
# coding=utf-8
import base64
f1 = open('out.txt','r')text = f1.read()
str1 = base64.b64decode(text)
f2 = open('flag.txt','w')f2.write(str1)
f1.close()f2.close()
用16进制打开,由于是rar文件结尾,再给flag.txt文件加上rar文件头52 61 72 21 1A 07 00
发现zip.rar中还有一个名为CMT的文件,然后把该文件的压缩文件头AA 3E 7A....修改为AA 3E 74...后保存,再次打开即可获得包含flag的文件CMT。CMT即为comment,即为注释
