江阴网站建设,江阴网站制作,江阴网站设计,江阴SEO优化,江阴小程序开发-江阴雨辰互联

  1. JustNews 首页
  2. 建站资讯

CTFHUB技能树-Misc-流量分析-ICMP

admin建站资讯阅读9

CTFHUB技能树-Misc-流量分析-ICMP

2023年7月31日发(作者:)

CTFHUB技能树-Misc-流量分析-ICMP⽬录Tips:代码仅供借鉴学习,还请⼤家多多思考ICMP-Data:根据题⽬给出的提⽰进⾏过滤显⽰,这⾥可以看到,ICMP协议Data部分的内容发⽣了变动,看后⾯的流量很容易就发现了ctfhub这个字符串,所以根据字符在data中的位置取值并转化为字符串即得flag# coding = utf-8# --author:valecalida--from os import system as get_hex# 调⽤tshark时需要将tshark加⼊环境变量,且脚本需要与流量包在⼀个路径下get_hex("tshark -r icmp_ -Y "icmp && ==8" -T fields -e data > ")f = open('', 'r')flag = ''for line in nes(): flag += chr(int(line[16:18], 16))print(flag)()⽅法⼆:使⽤pyshark解析并获取flag# coding = utf-8# --author: valecalida--import pysharkcap = pture("icmp_", display_filter="icmp && ==8")flag = ''for i in range(0, 25): flag += chr(int(str(cap[i]._data)[24:26], 16))print(flag)() 依然是7⾏完成flag的获取ICMP-Length:根据题⽬给出的提⽰进⾏过滤显⽰,这⾥可以看到,ICMP协议Data部分的Length都是⼈为指定的,所以只需要把这⼀部分的值取出来,再转换成字符串即可获取flag 因为协议的字段都是层层递进的,所以这个部分根据字段头部取值即可,即# coding = utf-8# --author:valecalida--from os import system as get_code# 调⽤tshark时需要将tshark加⼊环境变量,且脚本需要与流量包在⼀个路径下get_code('tshark -r icmp_ -Y "icmp && ==8" -T fields -e > ')f = open('','r')flag = ''for line in nes(): flag += (chr(int(())))print(flag)()⽅法⼆:使⽤pyshark来对流量进⾏解析# coding = utf-8# --author: valecalida--In [1]: import pysharkIn [2]: cap = pture('icmp_',display_filter="icmp && ==8")In [3]: flag = ''In [4]: for i in range(0,18): ...: pkt = cap[i] ...: flag += (chr(int(_len))) ...:In [5]: flagOut[5]: 'ctfhub{acb659f023}'In [6]: ()这样看起来不涉及到⽂件的创建以及读取处理,似乎更快⼀点,脚本稍后完善# coding = utf-8# --author: valecalida--import pysharkcap = pture('icmp_', display_filter="icmp && ==8")flag = ''for i in range(0, 18): flag += (chr(int(cap[i]._len)))print(flag)()ICMP-LengthBinary题⽬很直接的给了提⽰,就是⼆进制与length的关系,使⽤wireshark打开流量包查看,使⽤过滤器icmp&& ==8来进⾏过滤,查看每⼀条流量的length值,发现都是32或64,直接编写脚本# coding = utf-8# --author: valecalida--import pysharkcap = pture('icmp_len_', display_filter="icmp && ==8")_packets()flag = ''con1 = ""con2 = ""for i in range(0, len(cap)): if cap[i]._len == '32': con1 += '0' con2 += '1' elif cap[i]._len == '64': con1 += '1' con2 += '0'print(con1)print(con2)()运⾏得到两串⼆进制字符串1111101111直接在线解码,可以看到,直接得到了flag

或者直接⽤下⾯的脚本跑出flag# coding = utf-8# --author: valecalida--import binasciiimport pysharkcap = pture('icmp_len_', display_filter="icmp && ==8")_packets()flag = ''con1 = ""con2 = ""for i in range(0, len(cap)): if cap[i]._len == '32': con1 += '0' con2 += '1' elif cap[i]._len == '64': con1 += '1' con2 += '0'print(binascii.a2b_hex(hex(int(con1, base=2))[2:]))print(binascii.a2b_hex(hex(int(con2, base=2))[2:]))() 运⾏得到flagb'ctfhub{04efed1e05}'b'x9cx8bx99x97x8ax9dx84xcfxcbx9ax99x9ax9bxcex9axcfxcax82'如博客有侵权请联系我,这边⽴马做处理,如果⽂章内容有问题,也请私信给我,我会纠正,本⼈是菜狗,拒绝喷⼦

发布者:admin,转转请注明出处:http://www.yc00.com/news/1690775237a423198.html

adminadmin
0

相关推荐

发表回复

评论列表(0条)

  • 暂无评论

联系我们

400-800-8888

在线咨询: QQ交谈

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息

关注微信