この大会は2020/10/31 4:00(JST)~2020/11/2 4:00(JST)に開催されました。
今回もチームで参戦。結果は10910点で681チーム中7位でした。
自分で解けた問題をWriteupとして書いておきます。
Trivia 6 (Trivia 100)
仕掛けたマルウェアがすぐには発動せず数か月間休止状態になり、 ある時に発動するようなタイプのマルウェアがあるが、そのマルウェアは何と呼ばれるかを答える。
Logic bomb
shebang0 (Shebang 125)
$ ssh shebang0@cyberyoddha.baycyber.net -p 1337 The authenticity of host '[cyberyoddha.baycyber.net]:1337 ([143.110.135.85]:1337)' can't be established. ECDSA key fingerprint is SHA256:GE5oX2oSR7vHtm8SLjRmE0WIsQQh4SqnJ+/ww9VLnO0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[cyberyoddha.baycyber.net]:1337,[143.110.135.85]:1337' (ECDSA) to the list of known hosts. shebang0@cyberyoddha.baycyber.net's password: $ ls -la total 16 dr-x------ 1 shebang0 root 4096 Oct 31 01:01 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw-r--r-- 1 root root 33 Oct 6 00:26 .flag.txt -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin $ cat .flag.txt CYCTF{w3ll_1_gu3$$_b@sh_1s_e@zy}
CYCTF{w3ll_1_gu3$$_b@sh_1s_e@zy}
shebang1 (Shebang 125)
$ ssh shebang1@cyberyoddha.baycyber.net -p 1337 shebang1@cyberyoddha.baycyber.net's password: $ ls -la total 304 dr-x------ 1 shebang1 root 4096 Oct 31 01:01 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin -rw-r--r-- 1 root root 298902 Oct 6 22:43 flag.txt $ cat flag.txt | grep CYCTF CYCTF{w3ll_1_gu3$$_y0u_kn0w_h0w_t0_gr3p}
CYCTF{w3ll_1_gu3$$_y0u_kn0w_h0w_t0_gr3p}
shebang2 (Shebang 150)
$ ssh shebang2@cyberyoddha.baycyber.net -p 1337 shebang2@cyberyoddha.baycyber.net's password: $ ls -la total 412 dr-x------ 1 shebang2 root 4096 Oct 31 01:01 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin drwxr-xr-x 2 root root 4096 Oct 14 18:37 1 drwxr-xr-x 2 root root 4096 Oct 14 18:37 10 drwxr-xr-x 2 root root 4096 Oct 14 18:37 100 drwxr-xr-x 2 root root 4096 Oct 14 18:37 11 drwxr-xr-x 2 root root 4096 Oct 14 18:37 12 drwxr-xr-x 2 root root 4096 Oct 14 18:37 13 drwxr-xr-x 2 root root 4096 Oct 14 18:37 14 drwxr-xr-x 2 root root 4096 Oct 14 18:37 15 drwxr-xr-x 2 root root 4096 Oct 14 18:37 16 drwxr-xr-x 2 root root 4096 Oct 14 18:37 17 drwxr-xr-x 2 root root 4096 Oct 14 18:37 18 drwxr-xr-x 2 root root 4096 Oct 14 18:37 19 drwxr-xr-x 2 root root 4096 Oct 14 18:37 2 drwxr-xr-x 2 root root 4096 Oct 14 18:37 20 drwxr-xr-x 2 root root 4096 Oct 14 18:37 21 drwxr-xr-x 2 root root 4096 Oct 14 18:37 22 drwxr-xr-x 2 root root 4096 Oct 14 18:37 23 drwxr-xr-x 2 root root 4096 Oct 14 18:37 24 drwxr-xr-x 2 root root 4096 Oct 14 18:37 25 drwxr-xr-x 2 root root 4096 Oct 14 18:37 26 drwxr-xr-x 2 root root 4096 Oct 14 18:37 27 drwxr-xr-x 2 root root 4096 Oct 14 18:37 28 drwxr-xr-x 2 root root 4096 Oct 14 18:37 29 drwxr-xr-x 2 root root 4096 Oct 14 18:37 3 drwxr-xr-x 2 root root 4096 Oct 14 18:37 30 drwxr-xr-x 2 root root 4096 Oct 14 18:37 31 drwxr-xr-x 2 root root 4096 Oct 14 18:37 32 drwxr-xr-x 2 root root 4096 Oct 14 18:37 33 drwxr-xr-x 2 root root 4096 Oct 14 18:37 34 drwxr-xr-x 2 root root 4096 Oct 14 18:37 35 drwxr-xr-x 2 root root 4096 Oct 14 18:37 36 drwxr-xr-x 2 root root 4096 Oct 14 18:37 37 drwxr-xr-x 2 root root 4096 Oct 14 18:37 38 drwxr-xr-x 2 root root 4096 Oct 14 18:37 39 drwxr-xr-x 2 root root 4096 Oct 14 18:37 4 drwxr-xr-x 2 root root 4096 Oct 14 18:37 40 drwxr-xr-x 2 root root 4096 Oct 14 18:37 41 drwxr-xr-x 2 root root 4096 Oct 14 18:37 42 drwxr-xr-x 2 root root 4096 Oct 14 18:37 43 drwxr-xr-x 2 root root 4096 Oct 14 18:37 44 drwxr-xr-x 2 root root 4096 Oct 14 18:37 45 drwxr-xr-x 2 root root 4096 Oct 14 18:37 46 drwxr-xr-x 2 root root 4096 Oct 14 18:37 47 drwxr-xr-x 2 root root 4096 Oct 14 18:37 48 drwxr-xr-x 2 root root 4096 Oct 14 18:37 49 drwxr-xr-x 2 root root 4096 Oct 14 18:37 5 drwxr-xr-x 2 root root 4096 Oct 14 18:37 50 drwxr-xr-x 2 root root 4096 Oct 14 18:37 51 drwxr-xr-x 2 root root 4096 Oct 14 18:37 52 drwxr-xr-x 2 root root 4096 Oct 14 18:37 53 drwxr-xr-x 2 root root 4096 Oct 14 18:37 54 drwxr-xr-x 2 root root 4096 Oct 14 18:37 55 drwxr-xr-x 2 root root 4096 Oct 14 18:37 56 drwxr-xr-x 2 root root 4096 Oct 14 18:37 57 drwxr-xr-x 2 root root 4096 Oct 14 18:37 58 drwxr-xr-x 2 root root 4096 Oct 14 18:37 59 drwxr-xr-x 2 root root 4096 Oct 14 18:37 6 drwxr-xr-x 2 root root 4096 Oct 14 18:37 60 drwxr-xr-x 2 root root 4096 Oct 14 18:37 61 drwxr-xr-x 2 root root 4096 Oct 14 18:37 62 drwxr-xr-x 2 root root 4096 Oct 14 18:37 63 drwxr-xr-x 2 root root 4096 Oct 14 18:37 64 drwxr-xr-x 2 root root 4096 Oct 14 18:37 65 drwxr-xr-x 2 root root 4096 Oct 14 18:37 66 drwxr-xr-x 2 root root 4096 Oct 14 18:37 67 drwxr-xr-x 2 root root 4096 Oct 14 18:37 68 drwxr-xr-x 2 root root 4096 Oct 14 18:37 69 drwxr-xr-x 2 root root 4096 Oct 14 18:37 7 drwxr-xr-x 2 root root 4096 Oct 14 18:37 70 drwxr-xr-x 2 root root 4096 Oct 14 18:37 71 drwxr-xr-x 2 root root 4096 Oct 14 18:37 72 drwxr-xr-x 2 root root 4096 Oct 14 18:37 73 drwxr-xr-x 2 root root 4096 Oct 14 18:37 74 drwxr-xr-x 2 root root 4096 Oct 14 18:37 75 drwxr-xr-x 2 root root 4096 Oct 14 18:37 76 drwxr-xr-x 2 root root 4096 Oct 14 18:37 77 drwxr-xr-x 2 root root 4096 Oct 14 18:37 78 drwxr-xr-x 2 root root 4096 Oct 14 18:37 79 drwxr-xr-x 2 root root 4096 Oct 14 18:37 8 drwxr-xr-x 2 root root 4096 Oct 14 18:37 80 drwxr-xr-x 2 root root 4096 Oct 14 18:37 81 drwxr-xr-x 2 root root 4096 Oct 14 18:37 82 drwxr-xr-x 2 root root 4096 Oct 14 18:37 83 drwxr-xr-x 2 root root 4096 Oct 14 18:37 84 drwxr-xr-x 2 root root 4096 Oct 14 18:37 85 drwxr-xr-x 2 root root 4096 Oct 14 18:37 86 drwxr-xr-x 2 root root 4096 Oct 14 18:37 87 drwxr-xr-x 2 root root 4096 Oct 14 18:37 88 drwxr-xr-x 2 root root 4096 Oct 14 18:37 89 drwxr-xr-x 2 root root 4096 Oct 14 18:37 9 drwxr-xr-x 2 root root 4096 Oct 14 18:37 90 drwxr-xr-x 2 root root 4096 Oct 14 18:37 91 drwxr-xr-x 2 root root 4096 Oct 14 18:37 92 drwxr-xr-x 2 root root 4096 Oct 14 18:37 93 drwxr-xr-x 2 root root 4096 Oct 14 18:37 94 drwxr-xr-x 2 root root 4096 Oct 14 18:37 95 drwxr-xr-x 2 root root 4096 Oct 14 18:37 96 drwxr-xr-x 2 root root 4096 Oct 14 18:37 97 drwxr-xr-x 2 root root 4096 Oct 14 18:37 98 drwxr-xr-x 2 root root 4096 Oct 14 18:37 99 $ grep -r CYCTF . ./86/13:CYCTF{W0w_th@t$_@_l0t_0f_f1l3s}
CYCTF{W0w_th@t$_@_l0t_0f_f1l3s}
shebang3 (Shebang 150)
$ ssh shebang3@cyberyoddha.baycyber.net -p 1337 shebang3@cyberyoddha.baycyber.net's password: $ ls -la total 273320 drwx------ 1 shebang3 root 4096 Oct 31 05:04 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw------- 1 shebang3 shebang3 2832 Oct 31 04:47 .bash_history drwx------ 2 shebang3 shebang3 4096 Oct 31 04:05 .cache drwx------ 3 shebang3 shebang3 4096 Oct 31 05:00 .config -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin -rw-r--r-- 1 root root 139921497 Oct 14 18:58 file.txt -rw-r--r-- 1 root root 139922225 Oct 14 19:11 file2.txt $ cat .bash_history ls -lah ls ls diff file.txt file2.txt grep "cyctf" file.txt grep "cyctf" file2.txt clear ls ls -alh cat wow cat fil cat file.txt clear ls cat file2.txt clear ls pwd ls -alh cat .hushlogin cat .bash_history diff file.txt file2.txt c ls clear ls diff file.txt file2.txt | grep -i cyctf diff file.txt file2.txt | grep -i cyctf cat .bash_history diff file.txt file2.txt c echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" | cut -d " " -f2 echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" | cut -d " " -f2 | paste -s echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" | cut -d " " -f2 | paste -s | tr -d " " echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" | cut -d " " -f2 | paste -s | tr -d \t " echo '''106526a106527 > C 107719a107721 > Y 108477a108480 > C 109644a109648 > T 109873a109878 > F 110293a110299 > { 111434a111441 > S 111715a111723 > P 111969a111978 > O 112285a112295 > T 112548a112559 > _ 113046a113058 > T 113525a113538 > H 114286a114300 > 3 114773a114788 > _ 115594a115610 > D 116750a116767 > 1 117691a117709 > F 118643a118662 > F 121288a121308 > }''' | grep ">" | cut -d " " -f2 | paste -s | tr -d "\t" exit
CYCTF{SPOT_TH3_D1FF}
shebang4 (Shebang 200)
$ ssh shebang4@cyberyoddha.baycyber.net -p 1337 shebang4@cyberyoddha.baycyber.net's password: $ ls -la total 28 dr-x------ 1 shebang4 root 4096 Oct 31 01:01 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin -rw-r--r-- 1 root root 12434 Oct 14 16:36 flag.png $ exit Connection to cyberyoddha.baycyber.net closed.
ローカルで以下を実行し、flag.pngをダウンロードする。
$ scp -P 1337 shebang4@cyberyoddha.baycyber.net:/home/shebang4/flag.png . shebang4@cyberyoddha.baycyber.net's password: flag.png 100% 12KB 54.6KB/s 00:00
flag.pngにフラグが書いてあった。
CYCTF{W3ll_1_gu3$$_th@t_w@s_actually_easy}
shebang5 (Shebang 250)
$ ssh shebang5@cyberyoddha.baycyber.net -p 1337 shebang5@cyberyoddha.baycyber.net's password: $ ls -la total 12 dr-x------ 1 shebang5 root 4096 Oct 31 01:01 . drwxr-xr-x 1 root root 4096 Oct 31 00:49 .. -rw-r--r-- 1 root root 0 Oct 31 01:01 .hushlogin $ find / -perm -4000 -type f -exec ls -la {} \; -rwsr-sr-x 1 shebang5 shebang5 43416 Oct 31 03:59 /var/tmp/cat find: '/var/cache/ldconfig': Permission denied find: '/var/cache/apt/archives/partial': Permission denied find: '/var/cache/private': Permission denied find: '/var/log/private': Permission denied find: '/var/lib/apt/lists/partial': Permission denied find: '/var/lib/private': Permission denied -r-sr-xr-x 1 shebang6 root 16992 Oct 14 20:51 /var/cat find: '/etc/ssl/private': Permission denied : find: '/root': Permission denied
オーナーがshebang6のファイルを検索する。
$ find / -user shebang6 find: '/var/cache/ldconfig': Permission denied find: '/var/cache/apt/archives/partial': Permission denied find: '/var/cache/private': Permission denied find: '/var/log/private': Permission denied find: '/var/lib/apt/lists/partial': Permission denied find: '/var/lib/private': Permission denied /var/cat /etc/passwords/shebang6 find: '/etc/ssl/private': Permission denied : find: '/root': Permission denied
$ /var/cat /etc/passwords/shebang6 CYCTF{W3ll_1_gu3$$_SU1D_1$_e@$y_fl@g$}
CYCTF{W3ll_1_gu3$$_SU1D_1$_e@$y_fl@g$}
secure (i think?) (Password Cracking 150)
CrackStationでクラックする。
securepassword
Crack the Zip! (Password Cracking 200)
$ fcrackzip -u -D -p dict/rockyou.txt flag.zip PASSWORD FOUND!!!!: pw == not2secure $ unzip -P not2secure flag.zip Archive: flag.zip extracting: flag.txt $ cat flag.txt cyctf{y0u_cr@ck3d_th3_z!p...}
cyctf{y0u_cr@ck3d_th3_z!p...}
supa secure (Password Cracking 225)
cyctfで始まる文字列をrockyou.txtのワードでブルートフォースする。
import hashlib h = '19d14c463333a41a1538dbf9eb76aadf' with open('dict/rockyou.txt', 'r') as f: words = [word.rstrip() for word in f.readlines()] for word in words: flag = 'cyctf' + word if hashlib.md5(flag).hexdigest() == h: print flag break
実行結果は以下の通り。
cyctfilovesalt
cyctf{ilovesalt}
Me, Myself, and I (Password Cracking 225)
CrackStationでクラックする。
whoami
CYCTF{whoami}
Password 1 (Reverse Engineering 125)
各文字をチェックしているので、順番を正しく並べてパスワードにする。
111111111122222222223333333333444
0123456789012345678901234567890123456789012
CYCTF{pu771ng_th3_ch@r@ct3r$_t0g3th3r_1337}
CYCTF{pu771ng_th3_ch@r@ct3r$_t0g3th3r_1337}
Password 2 (Reverse Engineering 175)
パスワードの部分文字列を変換してチェックしているので、戻してパスワードにする。
enc = 'CYCTF{ju$@rcs_3l771l_@_t}bd3cfdr0y_u0t__03_0l3m' flag = [''] * 47 for i in range(0, 9): flag[i] = enc[i] for i in range(9, 24): flag[32-i] = enc[i] for i in range(24, 47, 2): flag[70-i] = enc[i] for i in range(45, 23, -2): flag[i] = enc[i] flag = ''.join(flag) print flag
CYCTF{ju$t_@_l177l3_scr@mbl3_f0r_y0u_t0_d3c0d3}
Password 3 (Reverse Engineering 225)
flagの各文字に対して0x55とXORをとって、base64エンコードしているだけなので、元に戻す。
import base64 base64_string = 'FgwWARMuF2UhPQotZScKFTsxCjcVJmYKY2FqCiE9FSEmCjJlMTksKA==' finalPass = base64.b64decode(base64_string) flag = '' for c in finalPass: flag += chr(ord(c) ^ 0x55) print flag
CYCTF{B0th_x0r_@nd_b@s3_64?_th@ts_g0dly}
Look Closely (Web Exploitation 50)
HTMLソースを見ると、コメントにフラグが書いてあった。
<!-- CYCTF{1nSp3t_eL3M3nt?}-->
CYCTF{1nSp3t_eL3M3nt?}
Disallow (Web Exploitation 100)
https://crawlies.cyberyoddha.team/robots.txtにアクセスする。
User-agent: * Disallow: /n0r0b0tsh3r3/flag.html
https://crawlies.cyberyoddha.team/n0r0b0tsh3r3/flag.htmlにアクセスすると、フラグが書いてあった。
CYCTF{d33r0b0t$_r_sUp3r10r}
Data Store 3 (Web Exploitation 300)
問題をよく見ると、デバッグパラメータがあるようだ。
$ curl -k https://cyberyoddha.baycyber.net:33004/ -d "Form_input=ABC&debug=1" <!DOCTYPE html> <html lang=en> <head> <title>Data Center 3</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel= "stylesheet" type= "text/css" href= "/static/css/theme.css"> <link rel="shortcut icon" href="/static/favicon.ico"> </head> <body> <form autocomplete='off' class='form' action="" method="post"> <div class='control'> <h1> Sign In </h1> </div> <div class='control block-cube block-input'> <input name='Form_input' placeholder='password' type='text' value=""> <div class='bg-top'> <div class='bg-inner'></div> </div> <div class='bg-right'> <div class='bg-inner'></div> </div> <div class='bg'> <div class='bg-inner'></div> </div> </div> <button class='btn block-cube block-cube-hover' type='submit' value="Login"> <div class='bg-top'> <div class='bg-inner'></div> </div> <div class='bg-right'> <div class='bg-inner'></div> </div> <div class='bg'> <div class='bg-inner'></div> </div> <div class='text'> Log In </div> </div> </button><p class="error"><strong>Error:</strong> Invalid Credentials. Please try again.</p>ZYX </div> </form> </body> </html>
"ABC"を投入すると、「Please try again.</p>」の後ろに"ZYX"が返ってくる。"qwerty"の場合は"JDVIGB"が返ってくる。どうやら入力したデータにAtbash暗号がかけられるようだ。
' or 1=1 -- を入力したいので、' li 1=1 -- を入力してみると、フラグが表示された。
CYCTF{D0n7_M@k3_D3bug_Publ1c}
Image Viewer (Forensics 125)
$ exiftool shoob_2.jpeg ExifTool Version Number : 10.80 File Name : shoob_2.jpeg Directory : . File Size : 11 kB File Modification Date/Time : 2020:10:31 05:14:26+09:00 File Access Date/Time : 2020:10:31 05:17:06+09:00 File Inode Change Date/Time : 2020:10:31 05:14:26+09:00 File Permissions : rwxrwxrwx File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 X Resolution : 1 Y Resolution : 1 Exif Byte Order : Big-endian (Motorola, MM) Make : Shoob Phone Camera Model Name : Shoob 1 Resolution Unit : None Software : MacOs ofc Artist : Shoobs 4 life Y Cb Cr Positioning : Centered Copyright : 2020 Exif Version : 0231 Date/Time Original : 2020:09:04 17:09:04 Create Date : 2020:09:04 17:08:59 Components Configuration : Y, Cb, Cr, - User Comment : CORONA Flashpix Version : 0100 Owner Name : SHOOB Lens Make : Canon 3 Lens Model : Shoob Lens Serial Number : CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU} Image Width : 180 Image Height : 280 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Image Size : 180x280 Megapixels : 0.050
CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU}
The row beneath (Forensics 150)
$ strings plan.png | grep CYCTF{ CYCTF{L00k_1n_th3_h3x_13h54d56}
CYCTF{L00k_1n_th3_h3x_13h54d56}
What’s the password? (Forensics 175)
$ steghide extract -p sudo -sf sudo.jpg wrote extracted data to "steganopayload457819.txt". $ cat steganopayload457819.txt CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}
CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}
Steg 2 (Forensics 300)
StegSolveで開き、Red plane 1を見ると、フラグが現れた。
CYCTF{l$b_st3g@n0gr@phy_f0r_th3_w1n}
Steg Ultimate (Forensics 450)
$ steghide extract -p "" -sf stegultimate.jpg wrote extracted data to "steg3.jpg". $ steghide extract -p "" -sf steg3.jpg wrote extracted data to "steganopayload473955.txt". $ cat steganopayload473955.txt https://pastebin.com/YnKqT9s3
ここにアクセスすると、base64文字列が貼り付けられていて、デコードするとPNGになりそう。デコードしてPNGとして保存する。
enc = 'iVBORw0KGgoAAAANSUhEUgAAAowAAABYCAYAAAB/A6bGAAABQ2lDQ1BJQ0MgUHJvZmlsZQAAKJFjYGASSSwoyGFhYGDIzSspCnJ3UoiIjFJgf8LAycDCwMcgymCamFxc4BgQ4ANUwgCjUcG3awyMIPqyLsgsr86WlIf+S068PV7M4ypqPQFTPQrgSkktTgbSf4A4NbmgqISBgTEFyFYuLykAsTuAbJEioKOA7DkgdjqEvQHEToKwj4DVhAQ5A9k3gGyB5IxEoBmML4BsnSQk8XQkNtReEOD2cVdwC/XxUfBwIeBaMkBJakUJiHbOL6gsykzPKFFwBIZSqoJnXrKejoKRgZEBAwMozCGqP98AhyWjGAdCrBDoRytPBgamXIRYQgADw44PIK8ixFR1GBh4jjMwHIgtSCxKhDuA8RtLcZqxEYTNvZ2BgXXa//+fwxkY2DUZGP5e////9/b///8uY2BgvgXU+w0AkXpe8KuOF3wAAABWZVhJZk1NACoAAAAIAAGHaQAEAAAAAQAAABoAAAAAAAOShgAHAAAAEgAAAESgAgAEAAAAAQAAAoygAwAEAAAAAQAAAFgAAAAAQVNDSUkAAABTY3JlZW5zaG903I476wAAAdVpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAgICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+NjUyPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjg4PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+Cu7jONQAACngSURBVHgB7Z0HuPVE0ceDYsXesKO+FuzdVyxYsYtdRMVeUREVuxQVewMVu2KvKNhQsaCABWzYu9hFsfeeb375nDjZk+QkOTnl3vOf57k3OcnW/252Z2dnZrfJjTKREBACQkAICAEhIASEgBBoQOBUDc/1WAgIASEgBISAEBACQkAIFAiIYVRHEAJCQAgIASEgBISAEGhFQAxjKzx6KQSEgBAQAkJACAgBISCGUX1ACAgBISAEhIAQEAJCoBUBMYyt8OilEBACQkAICAEhIASEgBhG9QEhIASEgBAQAkJACAiBVgTEMLbCo5dCQAgIASEgBISAEBACYhjVB4SAEBACQkAICAEhIARaERDD2AqPXgoBISAEhIAQEAJCQAiIYVQfEAJCQAgIASEgBISAEGhFQAxjKzx6KQSEgBAQAkJACAgBISCGUX1ACAgBISAEhIAQEAJriMAee+yR8deFxDB2QUlhhIAQEAJCQAgIASGwxgiIYVzjxlfVhYAQEAJCQAgIASHQBQExjF1QUhghIASEgBAQAkJACKwxAmIY17jxVXUhIASEgBAQAkJACHRBQAxjF5QURggIASEgBISAEBACa4yAGMY1bnxVXQgIASEgBISAEBACXRAQw9gFJYURAkJACAgBISAEhMAaIyCGcY0bX1UXAkJACAgBISAEhEAXBMQwdkFJYYSAEBACQkAICAEhsMYIiGFc48bfDFX/7W9/m/3yl7/cDFWZqMMf/vCH7Bvf+EZ28sknT7xb9wf/+c9/si996UvZSSedtO5QqP5CoETglFNOyb7+9a9nv//978tn63jzr3/9K/vCF76Q/fSnP9301f/d736XMQ8ugrZdRCZj5fHDH/4wi3+nPvWpswtf+MLZDjvskF3pSlfKznSmM5VZ/fvf/86e/vSnZ3e4wx2yy1zmMuXzVb3585//nH33u98t6/erX/0q23777Yu6XfziF88udalLVYr+yU9+MvviF7+YPfShD608X5cfhx9+eHbggQcWg8J973vf7FWvelVr1f/2t79l3/72twsGjEHkohe9aNEvtmzZkm277ep8Bnz4r3jFK7LnP//5FUb4zGc+c/bwhz8822effbKznvWslbryTTA4/uAHP8gufelLZ9e5znUq30Il8Ab/8etf/zp74xvfmL3whS/Mvv/972e3vOUts/e9732j1Qr8v/KVr2Tf+c53sr/85S8Fnowf5z//+UfLY7MlxKLm/e9/f3G8GGPWsmgjtN0//vGP7IQTTiiYum222Sa77nWvm+24444zQca8cfDBB2cvfvGLK+lc7GIXy/bdd9/s7ne/+8LGuGX3hZ/97GfZ6173uuwlL3lJ9pOf/CR7wAMekL385S+v4DKvHzCpJ554YrGI/cUvfpH99a9/zW5961sPal/mqDe/+c1FUXfeeeds69atjcV+9atfXcwL9KXb3e522f3vf//5jf/5ipMxUvmhhx6aX+UqV8kNsdY/YxzyY445JjdmMX/HO95RhDXQixoaA5bbpNv5b88992xE5q1vfWundD7zmc80puEvvvzlL+fkNa1uV7jCFXIbEHKTpuX//Oc/c5vE8gte8IKeTHHlfZ86dg1rTGmR/g1veMNR03/3u99dKX+XH7TjXe961wKv61//+vl73/ve3JjBxqj0BWMmi3LXYQwG9C+TWDWmsagXxvTl5znPeYq6US7aOC0z722CKIpkg2NOn0/D8PvmN795zvvNQp/+9Kfze93rXhN1NYZxlCoyzjztaU+bSN+xpe9vJjzHAM0kvPmd73znErPjjjtujGR7p7FR2u7tb397bkxciZf3Lb5pY2p615sIb3jDG8r0mA/483T9aoxEboufQel3jbTMvsDY/dGPfrTSF73uxjB2rcLgcJ/97GeLOYkx2/Plyvj94Q9/uHe6zFm77LJLmdb+++/fmoYxqvnHPvax3IRjRZxLXvKSuS16W+PEl7agyPnrQlmXQMsKUzfR0wiPfvSjc1tBFBP9fvvtl9/pTncqwaWhYsMdcsghRfH//ve/50cccUR+l7vcpRI2NjD3tiLITYKRm7SmsdrG/edvectb8pve9Ka1aRmHn5vUo/UjJY26+DBDTFwMBCZFKZhJmMVYTq8f10hPfvKTK+FinFnumRSgb37zm7lJ9vKHPexho+RDHfvQV7/61ZKhesxjHlMwzm3xGSSZ6LvUnXAmvWpLbq7vqJuXE7xZFEAMOP7crwwM9M84OcA4wvje5z73KcPz3qSqcy33ohJnUnVm2nHgOgbDSD9hUo3p1t3zvX3uc59bVJVXNh8mSJNkTOC1DIZxo7TdU5/61BIvvkvmpWc/+9kVQQhzWZ+F6+tf//oyzRe96EVlf3nKU55SPvd+jDBhHrQKfYE+QD19XvQ6c50nw2i7EPltbnObCtYIfz7xiU/kJkkeDPdBBx1USXMawxgzop29/h/5yEfiq8b7Dc8wmii3aGivONerX/3qxeTZ9EH9/Oc/z5GExTjc86GmBJBpOH4zIZF3V2JSj52U+Eg4p5FtJ09MfjB7JsaujUqdYXZZOaTldsaCiDDS/h4m87DDDsv5oL/2ta/ltlVQ/PkqxMPBbPs7rh/60IfyZzzjGfm1r33tMi2kVSnBzHsafm1iTlgB0T4umfXwL3vZy9JkG39TT/oAca95zWvmpDmNHvGIR0yU0fOuu4LNMoi6UCcvE4uJSC4t9/eXu9zlKswiC4tIH//4x8u06J+m0xRfr/Q9g7BtLU6U0XSyimfvfOc7y7qBx6wMI99W/CaQAMEMeV9zzP3KgnWWyWCiYhvogW3xFZJrxyK9Lpph3ChtF5lF+he7RE6Ma4yvjqXv5vj7pitjhM899Ml0PNxrr73KNEn7sY99bFNSg56vWl8wPb6iHswpjiXXeTGMRx55ZIk/+SBwYOyalZAMxvJzv/8UCWOap+/AwY84LmmY+HtDM4x/+tOfKpMngCH1Y9uhCyGajYA/8pGPrI0WRfkeng+waz4kGhlG4n7ve9+rzSs+hGny/PwKk9aFmKji4EJ8tmidHvSgBxVpMwGCYx2lTDUDSx1RN5fcwjymZHpzE/VoYhhjXAY6l5g+73nPi69a702nr8zvNa95TWtYXh599NFleAZp2vtHP/pR0b4w0SkO3hZd0p6aec8Asax85HWEBMHLeLWrXa28R1WDLYyUIrPM97MRCNUCvqNXvvKVjcWFmXQcuM7KMLIQIx1wR5obF6R8z6g9xPy4H6JK0VihDfQCJoHJ5VCTZLODkuKyaIZxI7QdEumIEyo0KaHqEMN0kWLH3SR2FVKCgfTdNPo2woAxadX6gtcNdZ2I5TwYxmc961mVPJAqMl/OSox/PjfGOvRlGCMP1GUBsqEZRho4gsW2bd/GYNL3NNB7aqKof+Ph6ySSTfFN2bTMh8FrGrGl6/n4FWahD7FiYEXp8V2fjTR8ZYE0r4lSRqmJYSQ+2/jkRSdO6Te/+U1ZBi9LF4aRdNBHIw6DXleKEs8uE7ZjgbSIetTRe97znok6IOlbNEXmri1/FgfU3fHm2qQjk/a1LpPQouud5ueLuDaGEYYu1n8WhpFxBak9C4om/cQ//vGPFWlu336b1nEz/fYFqrfHIhnGjdJ2ccHR9m3vscceZb/ussCLc4AZtjR2Kxb2bNnOm5bZF2LdGCO9P3Idm2FkNyem38ZfxHJ1uUcKHNP2+74MoxnelOmwAJ9GfRjGlXKrg+UrFqKRbD+/t4XXve9978I6inSwnGsi2+/PDNDKa6zKsDqbRrgtePzjH18EM+YkM12G1ihYxxEukg0SmQ0o8dHUeyxkbZVahovuE7i3rbTsvOc9b/l+lpvTnva0RZmNOZxI5nSnO93Es64PbOAsLJRtIOsUxSaHDKtwJ6yC28hW1wVG5GO6phn1qCMbmDP7SCuvzFApo60WSVhNOp3+9Kf324nrOc95zsyY7MpzLKLrCKt6Y/TLV2m88sWK3BhjltnAOLU0WJaORbhj4nsy1Y3sfOc7X22yeF4wneLKO9wdibLC08CycNgIbYfluKmHlBDtuuuu5X16c8c73rF8xPhuC7zyd3qD9S2uc5yaxjfe40XkDGc4gwed2xWvE6tAeE6ZF8GfmIClTN4WmxOW6eXLnjem95iZ5LKIhQeIWSjOj4yrJg2eJblK3JVhGPEldM973rNSOJO8DDJJJxHbii7SshVHJc3449znPndm0oz4qLh/4AMfiDHQxPP44ElPelLh9gSG8wUveEF8VXtv26+F65P4Erc/Q8gkIoULC+KCmxPMQ+zQ/nyW6w1ucIPstre97SxJ1MbFZQA4dyGT/lSCmSSz8jv9gWsDPhQm+mmMLQuElHDXskgyiXCZXVt5WcjgPsfJ9GayNgbzWte6lgctGOi2SagMuIQb21Iv+vOiccdVDsz6la985dZaX/ayl628v+pVr1r5va4/tttuu6VVfSO0nekeV/BpWtwRKO2DZrhSiRt/4Foq0mlOc5r4cyn3y+wLscLzcpFmdgDZ7W9/+5hVZvrU2Rj1RqhlUr4ibdsBzG51q1tV8un7A5dgkcYcV1eGYQR8JvlI+NcbSkhYbDs7w5FpG+22224T0kHTAchsW7sx2qc+9alyZYGU0nREGsPyAokXktJIth2embVcfNTr3vQmivCRYXzc4x5XdrxeibUEhukw/bmWEMNeXfGKV+wsoYCxj5R+EPEd9+CKbyoYqmnEB49UNtIZz3jG+HPu9/GDbhvwjjrqqEpZ8LvVRqbrWHntfr0qD1fgh1mHZrbVvgIlqS8C0iwnvvV04vB363Zt66urgsWy2o5F0Lve9a4KDG0LjQtd6EKV3S6kjE3CjnTHZxUYxlXpC2PuQMTGQ3gVCT+PZnwYHw2+R8iDFBCJpUsZBydmEdMd0mn8SZ+8VsZjcepck0qankafukyExdGxWfxOPE8f0PgwiZFhpYOYgcmEw17Th8vY8oZgSNhWnkakHQcuwpP2LMR2K/m3SaRmSX/suGyXgxUOtvt2YBg44jiGrPbaiC15UwRvC1J5x7aNGcKUz5q2J8sAM978+Mc/ruQXkzvJTi5JJxoct57rXOfKzDIvBp2qenD5y1++Ej4dSHjJxGY+zApVEBzBmwFWhqN4nFfjGB1pLWoTpqM0IQWpJD7gB4s5BkszBKvERv3gHOc4R/mMxV8q5Stfhhv6B068Ta+zkBxe5CIXKRznmh5TNssi4Nhjjy1zMXdOC//mkLCbC5WibiwKXQLBAsIMUDLz5VpIOpBg0Vem7Qh4eqYzmt34xjcunD6j9sFWGNvzEN8q31CbBHus7T8zhMtMl7uQniPxpV/ggJ4/hAb0x6G0rLb7/Oc/X5lP2Ima1gdpO7axndha5LuH+DYZGyAzYCmu/u/444+vjBmnOtWpin4/Vvt4Pm3XRebVVo62d6gHIEjge4HBvd71rpeZbnzxvbSV38eUmHa6Gxrf9bl/29veVhxEQBzGwWl9pEvapr9eCcb8NhpNU4hcxPvog84qxl7w6Mqq0+qB5Z/n7Vd8LKUUXSR0NaOvM67BYncZ1Mfopa18WJM7Tn5tM3qxj7UIjzHGEDKmpZJfm7PuvulHd0XGhPeN3jt86vrB8Wu6YpwDpe9xBNxG9M8Yh3o6YRiFHzh8wsUwOA+vs4A1hr3VQbqn2/VqeoAVtxSxDOk9fj8jxfdu9JK6uYhh6Dt93GXFvPBM4P3DmKhai/QYfqx7LN8xaHJPBV6fl770pYVbHxTV/Vl6xeAr9ZJAergTS9NjjMMoIv2+SJO82gjjpJj3EKMXN3SK6aT3GIU1Ga61lW9ZbUeZolcD6oNh1TQyJqSCJy6knOrmkBSn+HvRPmXH6Ate11mu9PuIA0Yv9G++3fg83uN5BCPOJvLv3+M8+MEPLoNihMdcnrpCKwO03JjgoBwDn/Oc55QhbcepUta+Ri+M1V5W7qdRH6OXlZAwRumOVbQgJGiLJFYMcPhIWJzYJkMPxQbZ4hGcu+u8ITruuvKNis8khLSMLYh1IqQZsxBHP0Yc2ZYZQxKIAUPUibzb3e42SzE7xd1pp50qhhRPfOITy3hsp9uAVP7mhq2POgOhs5/97JVw6Y94VCbvqKcNHpkxmpm53EiDF7+RZNSpgiC9wyCIVfkYhOQKHVMknCjwR11ijJGiOkG6tZ7mz1GBSMSaiH7DLoLrNTeFS5/bZFAcuQVuxpgWaipIb+ZN3/rWt7Jb3OIWxdGHaV60H3001Y+L4VA9QIqNIr1v0SGti/08hkcCG78tf4f0A8nyPIj+zBFmriZBPkhv6f/0M367YQc64khA+6jGLKvtHCvfDfHfXcaqs5zlLB68uEbjBfo3ajwQKixIypyM2c/sZBD/mdFHU2PO8uWa3bAjiESeXb4m+sAHPpAxxqBqlh5tiTQy/W4wUKIv8n1EY0zmdST2jGvsbrQR/ROeg11N2i/d8m6L2/aO8SH2vVTdqi1up3fTuM9FvI8+pazQBXfcxXXK2GXj9AzP36/24RW+Dlmhu2sX3Myweu1CSMI8Lb/WuanpktYYYeYpYUTCYNtJ5R9SLCRW0V3AUAmjnQ9awZH2GINsoizTRdrWxw/nGPmThvcLrk0uNViNxnDc27ZXaxHqpMC0iQ2AOadE2NZ3ucKNadPnn/nMZ074BLPBrTW/oS/pNzF/pBVtFMP6vfvaBCckq/HEG8LQtn3Itu+LtojpI8VcBOE6y5ikwtF9Kt2Iv5EW4lKl7sQoyh0l0JxeheQ4xcXrh+/Wvffeu9IOZpTXWt1ZpEpxTKAOKVF2L5tfOYCgCy2z7bx8xvBWyl+3W+Vh/QoOXleuqWTdwzGmxnD0lWXTLH1hzLKnEkbHiTHNGLQcSV6TtJG5MaW6U3OiBM/Tj1fy8l2hND3/TZsRh7DpbuOsEsY4RhxwwAGeZeO1j4QRicPSiWPNIuDcD9neGKMibMOkZaGjmbuf8rnpjHTOKm180uacyGXRPBnGFLe630MZxrhNOiZ+bGl6OTkZZxnk+XNtYhijby0PT99qI5hqD+vXtO/WHfPovh3ZbmEbk0FzaLu1lc/fzcowsqWUMrNsQ8WBk/qzmGkjtq35zn1h6JjFa9NBAG3pzvKOI0hj/tyz4DR9tkqydSo1MMnpVjwLhjQ9k3CUC2BOm8Khvkn+pqogDGUSOHfYy8Dkm26fUzEW5EymHo4r29dNtGptlx6dyBw3jUwyVamvq1uk8cQwpoj873cdw8iCCv+MkRhP6xi/dJzjW4t9kHu+K/o+jv1ZnDJm1KWFv+E6MqllmWZc1HnYlGfouyXNNryXucuRkH0Yxvnvr1jJp5Fx2BNBzna2s008W8QDtmdS61OTbpV+HREdX+Ma1+hclNQlDBGnbSV2TnyNAkZFb1s1jVJztilcyZxtgVW2fsXSPqVp/YjtmJRSH4Kpz05zRFtsqxCP7cwb3ehGhRoGhierSDagZ/hHS7ff8T1nk3alyHGLr/Livz9wb2GS1co2UxrOThzK2lyepOFn/W0TUSUJY4ILI6V0y4t2S7e1sLxkuy1S6nGAd6ZTm7mlLfmxdb/77rvPzbgnutPCiKfONQnlSdUm7FSjWJXK/aq1Xfq94kN1GhmTXAkSPWBUXuhHZwQY1zFaSfFnez9uJ3uCqK44sW3MlnQk/PYak5jd7373y3Bvh1oaqhXMJbbAiUGzhzzkIYWHlPjQdhxLTyYmiCrV3WKYWe+jb2GzD5k1uUr8lWAY6xyP0ljLIPQ/on5ILAODaV8HyD4Qx3RsJRF/bpp7dD2om/+hd2QrtsyktjPV0aQe5SSNblP0Lzg0YXTn7OztIjofOpOm63sNTXPR8er6ViyDSV3iz+I+XYil316qPzmRwIo9QBe4yVNAqidcpwcaq4OemUkNMvRjsRx3x/wxDPc4GMeydxGUtjFMoVvOpvnvs88+6aMMfchIqTUoupmLXAzwLaOj6JT6H/TnXDnE4ZhjjsnwV4uee5vXjFVsu1gXGIVpZNKxSpDoKaDyQj86I8ACq8nlD8ye7bhV0oqCidTfJQHxkFLnOQAvDngyiGSS4AldY8YOmFCTUhbeCWL4se5hZM2gsUiOeQ2PF2PRSjCMNGpKTT6o0nDz+H2JS1wiw9F2Sgxg6SoiDZP+pvFSOvnkk9NHm/I3HyqTEUxeH4X1CIZtXxUGECgH2/bp4HRimtzzcfNBQ5wGs8hJs8i05786pflUWpgmWccwppNQykCkDEqa5kb6nZ5wUSdxrasPkluMbmBUkCbgzzWl1A1Y+n6s330WMTizTidAyt9GTZNpW5xZ3qUGBNNOCGG3B8Z9muGTl2lV2m6HHXbwIhXXLgKQdEFTJw2uJKofMyOA671IkWGsm6cvcIELxOCVe4xr0h2BeIoXhmXOyGEwwylT8yKEIc997nOL5DHEYQE8BolhbECxzlJ0iKNOpAEpk8kqe91o2tGJKR5YrHPKDNbRTCqI1vETN8YEx4rL/TTipxMpy6pTOhBR3ngsZF350wmIMCnDuAir37qyLeJZKj3tyjDGsiGFwIlyuh3qi40YdhXu03K6pfEqlI0ysOMQKWXq47tZ75fZdiljkTrbrqtbKmEUw1iH0rjP0gULahy+0EZIkVKq+hLfMzeh0hbJfQajMsEhIRDb5IxNnLzV9BfTYNfDwzHudN2hfNSjHlV4fUGaCdOIKt3BBx8ck+59vxIMIx92Sg50+nxRv8ecSFOnw6yy6zrjouq2jHxgeHBPlDIsTWUxY4uMFRmEGxo6/RjEh+uOjTnbO+p7jJH+vNJgMEqZxmk6TukERNnmuaqdV92HpptKT4emg9QVh/ORoiQiPl/2feqkt27RsMwyplvk897aX1bbpQxj3fZm2g7pjkGT6kEaT7+HI8AYke4CmneJIsFUfadLLjCDkdghg+LhHcxruLtp+uMUuEi4DfOwnBbUZ/f1Jje5SXl6DGodnKg3C60sw9jmZ2yWCi8jbsowUoY2v1DLKOO880TPDP9/XVfNTNCsrPDNxrnd6KPVKSn3KTd6RBi2mBVa4beM4x/7bPn1yWseYVGViATz20bgF4lt1o1U31j2Zd+jaxcZ9jEk3fOoU7qw2nHHHeeRzeA0U4miuTIbnFbXiMtou5Rh7CJhTBchW7du7VpFhZsBgZQx9N91DPs0Zg21kEhtEskYbh73SPN33XXXYq7DwAYhHL5ZZ6GVYBix+EuPymMrZZpVY5eKd1E27pLOLGGwokqJba5ZCdF0alk3a5qrFJ+VHw7SjzjiiEIiy9FnH/zgBwcVESOXe9zjHoXUktUax+81GUsMymABkXBoHWmaBVw6AaXfWExL99MRiM7EUZXYCNRmKLKM8m/ZsqWSrfmrq/xu+oEjchZ4Q2nRbcfBE1EVCelO21jNPJXqd4phHNra/eKxDe2EvrIvBrGsjm1ImFSlwuP5NfU64cezjjnXePk8z7orupM464fPOOigg7LXvva1hdHYrAKDlWAYqXCdq4o6w5M6cJqemc+xDOXjdDupKfy8nvPhp5M9ltizrq7Rv0PyBjO0mQn9R9cpRVzfZXsn4oHC+Z577llYrDGB4mpkmSu/WLY+9+YvqxJ8miJzylDiIkc0HIG4dTVEn3l4zv+LOc14It3iXTVjrlT9iImszvXY/2r8/3d2JGt2yCGHpI87/15023EmMFKdSG16r+k577iESnVwY1q6HwcB9BXjySjRpR7b1anufboIT0uBZ5BIvruIQQzzdJe/tC/st99+ZTy+/2nu1Fh84BYLYot8r732ikWa6X5lGEas4NLGwbK27tjALjWmI7D9yBWx7LKpzh3PLA2J1I0j5bCKHEtXa9kYteV/s5vdrHiN7idHL3UlPjAwwsKd7TpzSj3hkytNiyMhmchWjdjmigY6HGPZZsiBorQTngj8aDF/tqrXaUzRssod9e/MufdSitEmpaJAqU/bZTG2TeBExs3DuDWn/06v6IGZo+TiSMT0Xdffy2g7djQiuU52fOb3qc6+G0j4e13ng0DqZzF12ZbyDnFMrSsRkvBI8ShV7CK6/sU0kAp6vC4SQnxJonYFccRolzgxv7b7lWEYKWSdlBGpShQZt1XG3+E0Feew+PvCfD3qHnmYade6iditp6bFrXuPHk2qzIq4GEfAfYlOywqUbY8mX3FNaaZ1SH83xUuf18WbNpmlafT5HZnirvqtMB64TcAPJH0An26pjklaBphFjGI4U3kZNM0YyiWtXramBRUDoQ8ahGVrv86QK7W4q2tXz2te13RAS3UzUyfIsRx9mMu0rjGdafdMBK4wDtMetzinxR3z/TRdOFQtnDAym8YwzqKyk0pT2trJy8T3l7op4qxoHKbXEQww0hloqGP9ZbUdqi9RJYDFahPFMQ1n9JxX3ETpOFtn3NYUd17Ph/SFeZWlT7p2VGAZHGlclDDygnk2uv1D8JCOT2UCdhOlyCwqMTpZNCFMcorzpj+b5bpSDCMfCu5UIqHXgWWQnZsbHzfeo5QKV23HSBV++4bqbdVZoNY9ayxIzQu2xhlEImH6XucRPoaJ9+DjaWA91UWfIcZPJ5xpSrwxbryvw2IasxPj972PK3AWEG0fLWkzeeHiwI5GKrLiJAwUfpEcxj9UA1iRsVjB7UC0oO5bxiHh3SLP48btEX8Wr6g2ROnWgQceWOtmAYetTiwsUum9v0sH+nQ7xMPN85rqCR177LFldiyosHR1a99U/aKNwU0ZmDQs71m0ofqCVX4T80m4eDoJOkHLoje96U0lFmkZmKyibrT7fEvDxd+zLIxSZrNukR3z8vs4SfszFr44jT/qqKOKbxv/kUgeUSnie7ezrrN4us1GabsoPcXQsc5wD119X4yAB/i0TfSpO610THdMF3kd2hfmXca2eYK+77gzBtXNp8yvqWqczylp2en/UeiFytgyKI6fYzrtLupiq+6VI+Piy7MQrZDlPYeGm9Swtrz20eQ2SRbnPBKHM19tUKkN2+WhKViX+XoZzJFvl6itYYxBy23VOZG2bdXkpqOTGyNWG59zKf3QdJOW5ZzH2pdswpw4n9U+lPIc2T7p1Z1dy1mo8yJb6VUwo72byAav3KS5lfDehl2utIUxD03Jj/rcJEIT5eS83zayybQSJz1j16QV5Xv6iilqNyZnroXKsGBjBlqNYef1grZM28UWRbm3OWejOpkxXCWsqRk0fudmYV8Ja2ohnkxxNefblfd8l5ztakx0Gc4Y6MrZ0pyxvEiywb9SRnCyReZEERg3TDpShj3ggAMmwvDAdLDKMI656VLXhp32kHbxNLiapHBalPK9OfOvxI3ppPe0cfq9b4S288rGupq0qnJGty0Yc/q617mubT0dv+69995leOLRb5dNs/SFMctu0tYKNuDDXJD2HxNAVeZCW2i1FsOOsKyka8x/JbwtZAuew9vRDpmovO/zY9azpL0MXftGn7OkkU6sJNlKLOfjipX3eyZBEx/nJjXK7bzR3CQolXAMJkPIti5y8rUVXiU9z5erKV/ntrWZn3TSSUOyKOIwSJj/v8Y8OPCcyZID601CWjLB5M/gYkrinfM2yUzBXMKYpDh5vXbZZZecDwYmFKayiWx7aCo+pi+Y29mdxaHsTekMeR77AkxuE9kqr8DM6zbkOk/Gl3JTRrBmgVBXPtrYDHMKRs+MGGqravpQlbgsJuzEmtyMe8rnfCcwCCmZJDg369SC8ajLn8GONmxavKTpjfG7icGHebcTF3LbacjtTPecbyMtM2MAjBVYweyxuDLJ5EQ44jE2+KKTBWCaFr/pXybFzcnb34Ol6YyOUdVeadQxjJSJse+4447LTT0lt12HylgJQ8GiKZKpKBQL6jr8qKdJ2vMTTzwxRqm9pz8dffTRuSnil9g4RlzNuX7RFiYVrI3vDxkDzXl+bRoxPdqCyT2ljdB2XmbawtQDyroyljHHIJSIfcyOfWxcqJqkrOjXTfMG3z9zF98JYRdBY/WFMcvK958yd/Qn+hHfDOMCV+9jfNeMddMIhjDGI76p+RRjCWO17eCUadKvZxFWzcowmvP+siyUk7K30aZgGKkgzAuTahOj443OlQ6x77775ibeb8Om9V1coce06+750Gcl20LKWX1S9ro84jOYOtOvq0g/uuQPYxDTmXbfNinGlfC0dHg/FvHxxfzoD00EcxHDDrk3/4VNyY/y3HSZOpexra4wnaZLV5sWTANY1BETSxdcjjzyyLroc3kGA8HiKJbLdAXL7zmVhMZwfk+dYRb9d9OV7w1C6lDHQMV4SG+YGJBcLINShpFxgEkultHvqZdtsdUWk3gerunK9z2NuozFpA9j04WadpNIAybolFNOqU1mI7RdLDiMjG1R1o71MJDTJFxNDHpdWzIPLoLG7gtjlhmhSiqJTbFCKtqXuT788MMbvz/akR2KWYnFVixrXwEGC+gYf9rirQ/DuA2Vs8RXnlB+Ro+R8x35Q1F+u+22yzjZANcyGJWkTmFXvlL/LaANJplNdIXfSVwBoWuFjg51w7IX1xjGoG6U6oxeTlyFgIOTTSQTB737u3W84j7HVvuZTa4ZbkvwEWhMxYaEgmMz8XXGkV3pqSXzqBDDn0nWCtcu5M23x2lE+GAzZrHS7+aR/7Q0TYpYUcTHgAtDQMoMTugN4/uNNrcJq1X3bVpey3rP+EcfPv7448txD4t+9BfbaNXbrq7s6B9itIhTfVzv4KcP1yt9ddHr0tazSQTQrcQOAh14vm9bVBXeIvi2wX8IYXSEji2+otE533777TMOVVgVLxSmjpJFrywmIMhS6+9Yb+ZTCLuPabRhGMZpFdH7zYsABjbR9xQ+2Tj9RSQENjsCdQyj7Ups9mqrfkJACAxEAOMdZwJJwnaiMttJaUzNw3ZhGFfKSrqxRnqx1ghwVFOUsKbOf9caHFVeCAgBISAEhMB/EUjnR058GYvEMI6FpNKZKwL4yHLCzYpICAgBISAEhIAQqCIQ50f8Ssbf1ZD9f4lh7I+ZYiwBgf3337/Mte3EhDKQboTAJkAgddKMbrNICAgBIdCEAAdUOOEUf0wSwzgmmkprbghgAIGXfQjHqZziIxICmx2B1Bl+myPizY6F6icEhEA7AuZTNXPhyhOe8ITi0JP2GP3ebtsvuEILgeUhYE6li0PYORFip512ysx5eGExOi8LQ6yzDzvssFErzNFoHNm20YgTEThxY0ziqDc8HGx0wrp37AXM1q1bM/7MTUcFHk56Mj+ZGXq9otkRmFfbmcuZ2Qs3MIVVH7dWvXwDYV9qNE6pMn+Q2e677154TuB0Go7FHZ1wqyMSAhsJAfxXuk9IfM+lJ52MVRf8ENoHN+offv82IjneY+KBj9DNQHWOgmfFydx01PrsI138MOIIus1n6mbAdRF1mEfbdTmtZZ51W/Vxa9XLN8+2mUfaOB7nNCTGBpx2mwuhXtn08cMoCaOhLNpYCOBz84QTTigkXjZpzs3/JpbZY7swiefhbiTUd9ttt9G3N7Zs2bKRIGgsK2d7j9lPcCOFxAC/im0UXU21hdO7ZgTGbjtywtBgmbTq49aql2+ZbTckb/xRI03ceeedM2MY5+rTU34Yh7SQ4ggBISAEhIAQEAJCYI0QkNHLGjW2qioEhIAQEAJCQAgIgSEIiGEcgpriCAEhIASEgBAQAkJgjRAQw7hGja2qCgEhIASEgBAQAkJgCAJiGIegpjhCQAgIASEgBISAEFgjBMQwrlFjq6pCQAgIASEgBISAEBiCgBjGIagpjhAQAkJACAgBISAE1ggBMYxr1NiqqhAQAkJACAgBISAEhiAghnEIaoojBISAEBACQkAICIE1QkAM4xo1tqoqBISAEBACQkAICIEhCIhhHIKa4ggBISAEhIAQEAJCYI0QEMO4Ro2tqgoBISAEhIAQEAJCYAgCYhiHoKY4QkAICAEhIASEgBBYIwTEMK5RY6uqQkAICAEhIASEgBAYgoAYxiGoKY4QEAJCQAgIASEgBNYIATGMa9TYqqoQEAJCQAgIASEgBIYgIIZxCGqKIwSEgBAQAkJACAiBNUJADOMaNbaqKgSEgBAQAkJACAiBIQiIYRyCmuIIASEgBISAEBACQmCNEBDDuEaNraoKASEgBISAEBACQmAIAmIYh6CmOEJACAgBISAEhIAQWCMExDCuUWOrqkJACAgBISAEhIAQGIKAGMYhqCmOEBACQkAICAEhIATWCAExjGvU2KqqEBACQkAICAEhIASGICCGcQhqiiMEhIAQEAJCQAgIgTVCQAzjGjW2qioEhIAQEAJCQAgIgSEIiGEcgpriCAEhIASEgBAQAkJgjRAQw7hGja2qCgEhIASEgBAQAkJgCAL/B96SenPx573PAAAAAElFTkSuQmCC' with open('flag.png', 'wb') as f: f.write(enc.decode('base64'))
flag.pngの画像にフラグが書いてあった。
CYCTF{2_f0r_th3_pr1c3_0f_1_b64}
Beware the Ides of March (Cryptography 50)
シーザー暗号。https://www.geocachingtoolbox.com/index.php?lang=en&page=caesarCipherで復号する。
Rotation 7:
CYCTF{c@3$@r_c!ph3r}
CYCTF{c@3$@r_c!ph3r}
Home Base (Cryptography 125)
hexデコードした後、base32、base64、base85の順でデコードする。
#!/usr/bin/env python3 import base64 import binascii enc = '4a5a57474934325a47464b54475632464f4259474336534a4f564647595653574a354345533454434b52585336564a524f425556435533554e4251574f504a35' dec = binascii.unhexlify(enc) print(dec) dec = base64.b32decode(dec) print(dec) dec = base64.b64decode(dec) print(dec) dec = base64.a85decode(dec) print(dec)
実行結果は以下の通り。
b'JZWGI42ZGFKTGV2FOBYGC6SJOVFGYVSWJ5CES4TCKRXS6VJROBUVCU3UNBQWOPJ5'
b'NldsY1U3WEppazIuJlVVODIrbTo/U1piQSthag=='
b'6WlcU7XJik2.&UU82+m:?SZbA+aj'
b'CYCTF{it5_@_H0m3_2un!}'
CYCTF{it5_@_H0m3_2un!}
Sus (Cryptography 200)
Vigenere暗号。https://www.guballa.de/vigenere-solverで復号する。
key: salad Clear text: wouldyoulikesomevinegarwiththat
CYCTF{wouldyoulikesomevinegarwiththat}
Rak 1 (Cryptography 250)
AES暗号で、問題に書かれているのは「暗号文:鍵:IV」と推測し、復号する。
from Crypto.Cipher import AES def unpad(s): return s[:-ord(s[-1])] ct = 'df 48 b8 6e 14 87 f6 8b a8 9c 2c c8 d3 2b ec 73 06 01 0a 01 e2 75 26 fe 38 d5 67 59 e6 55 33 b2 aa e0 2d 67 34 48 7d 52 8a 18 0d 36 d7 f2 18 8f' ct = ct.replace(' ', '').decode('hex') key = 'B55D3CE3183E06928 BA82F8980B661A30A 6C4B2BA499062CF6A 31EB1CD581E55' key = key.replace(' ', '').decode('hex') iv = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f'.replace(' ', '').decode('hex') cipher = AES.new(key, AES.MODE_CBC, iv) flag = unpad(cipher.decrypt(ct)) print flag
CYCTF{wh0_kn3w_yU0_w3r3_sO_sm@r7}
GATTACA (Cryptography 300)
DNAコードをデコードする。
dic = {'CGA': 'A', 'CCA': 'B', 'GTT': 'C', 'TTG': 'D', 'GGC': 'E', 'GGT': 'F',
'TTT': 'G', 'CGC': 'H', 'ATG': 'I', 'AGT': 'J', 'AAG': 'K', 'TGC': 'L',
'TCC': 'M', 'TCT': 'N', 'GGA': 'O', 'GTG': 'P', 'AAC': 'Q', 'TCA': 'R',
'ACG': 'S', 'TTC': 'T', 'CTG': 'U', 'CCT': 'V', 'CCG': 'W', 'CTA': 'X',
'AAA': 'Y', 'CTT': 'Z', 'ATA': ' ', 'TCG': ',', 'GAT': ',', 'GCT': ':',
'ACT': '0', 'ACC': '1', 'TAG': '2', 'GCA': '3', 'GAG': '4', 'AGA': '5',
'TTA': '6', 'ACA': '7', 'AGG': '8', 'GCG': '9'}
with open('message.txt', 'r') as f:
enc = f.read()
flag = ''
code = ''
for i in range(len(enc)):
if enc[i] == '{' or enc[i] == '}':
flag += enc[i]
else:
if len(code) < 2:
code += enc[i]
else:
code += enc[i]
flag += dic[code]
code = ''
print flag
CYCTF{S0LV1NG PR08L3M5 1S 1N Y0UR DNA}
