Buuctf miscellaneous - QR code

Topic link ：BUUCTF Online evaluation

The file gives a two-dimensional code ：

The QR code is obtained by scanning the code ：secret is here

The answer is wrong after input , No flag

next Think of checking QR_code.png Whether there is steganography

One . use first binwalk View file information

binwalk /tmp/mozilla_kali0/QR_code.png

  Find out 4number.txt , There is steganography

Two . Then use binwalk Perform file separation

binwalk You can scan firmware images to find many different embedded file types and file systems .
-e Parameters ： Extract hidden files

-dd Parameters are extracted manually , Store in current directory  dd if=QR_code.png of=flag.zip skip=471 bs=1 

binwalk -e /tmp/mozilla_kali0/QR_code.png.

obtain flag.zip, It is found that decompression requires a password

Guess the password 4 position , There is no effect

3、 ... and . Use brute force to crack zip file , have access to 2 Methods ：

    Method 1： Use fcrackzip Tools         

 fcrackzip -b -c1 -u -l4 flag.zip

    Method 2： Use john Tools

         Use john On the hash Value cracking , Mr Into hash file

zip2john flag.zip >  HASH

         Yes hash Values are calculated , Password found ：

The password came out ！！ You can get flag~~

There are many tools used in this problem  

Reference link ：

BUUCTF QR code of _ Lu Xiaodao -1 The blog of -CSDN Blog _buuctf QR code

BUUCTF miscellaneous —— QR code _Mokapeng The blog of -CSDN Blog _buuctf QR code