给你压缩包却又不给你密码的人在想什么

发表于 | 分类于 | 作者:ESE

当然是有秘密不能给汝看,必学中华人民共和国网络安全法

压缩包

rar加密压缩包

看看是不是有ntfs

这里一般都是misc题目。

爆破

直接用ARCHPR爆破,这里有些技巧,数字1-10位跑一下(大概2分钟),字母跑6位左右,如果跑不出来,那这道题你就走偏啦。

CRC明文攻击

这里和zip文明攻击一样的,代码在zip明文攻击那里。

zip加密压缩包

看看是不是伪加密

010打开zip压缩包,伪加密的

修改为正常的

可以打开了

kali也可以直接提取zip伪加密???

爆破

直接用ARCHPR爆破,这里有些技巧,数字1-10位跑一下(大概2分钟),字母跑6位左右,如果跑不出来,那这道题你就走偏啦。

CRC明文攻击

如果是这样的,就可以啦

取出zip中的CRC
python代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import zipfile, os
import binascii
c=[]
rootname = 'misc_big_zip.zip';
r = "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_@";
for i in range(1,41):
    if i < 10:
        t = "0" + str(i)
    else:
        t = str(i)
    name = "small_" + t + ".txt";
    print name;
    zipFile = zipfile.ZipFile(os.path.join(os.getcwd(), rootname));
    zipinfo = zipFile.getinfo(name);
    crcs = zipinfo.CRC;
    c.append(crcs)
print c

C语言CRC代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# include<string.h>
# include <stdio.h>
static unsigned long Crc32_ComputeBuf(const void *buf, size_t bufLen) {
	static const unsigned long crcTable[256] = {
		0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,0xE963A535,
		0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,0x09B64C2B,0x7EB17CBD,
		0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,0xF3B97148,0x84BE41DE,0x1ADAD47D,
		0x6DDDE4EB,0xF4D4B551,0x83D385C7,0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,
		0x14015C4F,0x63066CD9,0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,
		0xA2677172,0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
		0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,0x26D930AC,
		0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,0xCFBA9599,0xB8BDA50F,
		0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,0x2F6F7C87,0x58684C11,0xC1611DAB,
		0xB6662D3D,0x76DC4190,0x01DB7106,0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,
		0x9FBFE4A5,0xE8B8D433,0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,
		0x086D3D2D,0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
		0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,0x8BBEB8EA,
		0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,0x4DB26158,0x3AB551CE,
		0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,0xA4D1C46D,0xD3D6F4FB,0x4369E96A,
		0x346ED9FC,0xAD678846,0xDA60B8D0,0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,
		0x5005713C,0x270241AA,0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,
		0xCE61E49F,0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
		0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,0xEAD54739,
		0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,0x0D6D6A3E,0x7A6A5AA8,
		0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,0xF00F9344,0x8708A3D2,0x1E01F268,
		0x6906C2FE,0xF762575D,0x806567CB,0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,
		0x10DA7A5A,0x67DD4ACC,0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,
		0xA1D1937E,0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
		0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,0x316E8EEF,
		0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,0xCC0C7795,0xBB0B4703,
		0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,0x2BB45A92,0x5CB36A04,0xC2D7FFA7,
		0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,
		0x9C0906A9,0xEB0E363F,0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,
		0x0CB61B38,0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
		0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,0x88085AE6,
		0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,0x616BFFD3,0x166CCF45,
		0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,0xA7672661,0xD06016F7,0x4969474D,
		0x3E6E77DB,0xAED16A4A,0xD9D65ADC,0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,
		0x47B2CF7F,0x30B5FFE9,0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,
		0xCDD70693,0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
		0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
	};
	unsigned long crc32 = 0xFFFFFFFF;
	unsigned char *byteBuf;
	size_t i;
	byteBuf = (unsigned char*)buf;
	for (i = 0; i < bufLen; i++) {
		crc32 = (crc32 >> 8) ^ crcTable[(crc32 ^ byteBuf[i]) & 0xFF];
	}
	return crc32 ^ 0xFFFFFFFF;
}
static char *charSet = "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_@\n ";
int main() {
	unsigned long crc32[] = { 1606238046, 1943531056, 3598719407L, 2578797435L, 1405086858, 2143805016, 3234701029L, 3224637410L, 
		2346013297L, 1146766327, 4038678768L, 3119445409L, 2111148220, 383413051, 2853461348L, 3176759361L, 1852520927, 
		3083243303L, 2151747034L, 1392140456, 544449252, 1871340857, 574988077, 3459049483L, 2786065872L, 3888485555L, 
		1716930793, 1933746678, 3178216769L, 3774357278L, 622718466, 1488109481, 525106857, 3123386181L, 3472027048L, 
		616379830, 3728848209L, 1358333123, 1852520927, 3096466191L, 622718466
	};
	char tmp[6] = "";
	int len = strlen(charSet);
	for (int h = sizeof(crc32) / sizeof(unsigned long) - 1;h>=0; h--) {
		for (int a = 0; a < len; a++) {
			tmp[0] = charSet[a];
			for (int b = 0; b < len; b++) {
				tmp[1] = charSet[b];
				for (int c = 0; c < len; c++) {
					tmp[2] = charSet[c];
					for (int d = 0; d < len; d++) {
						tmp[3] = charSet[d];
						for (int e = 0; e < len; e++) {
							tmp[4] = charSet[e];
							if (Crc32_ComputeBuf(tmp, strlen(tmp)) == crc32[h]) {
								printf("%s", tmp);
								//goto label;				//若是存在碰撞,那么这里可以将这里注释掉
							}
						}
					}
				}
			}
		}
		label :	;
		printf("\n");
	}
	return 0;
}

得到明文,要看看是什么压缩算法的,只有压缩算法相同,才能用已知明文攻击。查看加密算法,建议用7z查看,将得到的明文加密,在与需要解密的压缩包做比较,这样算法一样的,就可以用已知明文攻击

LZ4压缩包

安装解压工具
sudo apt-get install liblz4-tool
解压命令
lz4 -d 文件名

网络安全法

https://www.virzz.com/2017/06/01/Network_security_law_of_the_PRC.html

可以用ARCHPR和AZPR这里贴个链接吧
https://jingyan.baidu.com/article/3052f5a1f62d6597f31f861c.html

Donate
-------------本文结束感谢您的阅读-------------