Contents

2023全国网络空间取证竞赛

Contents

除了两个程序分析

VC容器密码:

1
2023FIC@HeFei~wecomeback
1
Contacts Only
1
8770
1
DC305C27-CB72-4786-8E0A-5346CD7B0D6A
1
1
1
卢冠华
1
MatePad Pro 12.9
1
4979ecbb-5312-4801-851d-a959ec847463@inbox.appleid.apple.com
1
IMG_3204.pvt
1
2d99d
1
8618697928485

得知的嫌疑人手机号 sha256 值的前后五位 可以爆破出完整的手机号 在爆破的时候记得中国大陆手机号前面需要加上 86

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
import hashlib

# 常见手机号前三位
dict = ["186","131","132","145","155","166","185","130","134","135","136","137","138","139","147","150","151","152","157","158","159","182","183","184","187","188","130","131","132","145","155","166","185","186","133","149","153","173","177","180","181","189","191","199"]

found = False
for phone_prefix in dict:
    for i in range(0, 100000000):
        num_str = str(i).zfill(8)
        phone_num = '86' + str(phone_prefix) + str(num_str)
        hash_start = hashlib.sha256(str(phone_num).encode('UTF-8')).hexdigest() [:5]
        hash_end = hashlib.sha256(str(phone_num).encode('UTF-8')).hexdigest() [-5:]
        if hash_start == "eeb48" and hash_end == "2d99d":
            print("找到手机号:", phone_num)
            Found = True
            break

    if found:
        break
1
FDD3ED3893E31D6E9A363A83969AA701D06E0E3E3628B7DC97A8A23C13FF027D
1
1qaz@WSX3edczhaohong
1
www.HLHL.com

image-20240409094958595

仿真,导出,算SHA256

1
053950850ec6200c1a06a84b6374bd62242064780f7f680ca23932ee53dc0110

image-20240409095535009

A、AES B、DES C、BASE58 D、BASE64 E、HKDF”

1
CE

E:\手机app测试\server\KeyPoolGenerator\src\main\java\org\example

image-20240426143055914

A、ToDesk B、Xshell C、向日葵 D、网探 E、RayLink”

1
C

image-20240409113246078

1
116.192.174.254

image-20240409113442641

1
172.19.0.128

image-20240426135520941

1
58.215.100.83

image-20240426140427215

1
18:39:17

image-20240409113628160

1
99c8af2df71e80a30f9fe33e73706fb11fde024517d228d606326bba14466988

image-20240426143651644

导出来算sha256

12.APK程序在勒索的时候会向服务器申请钱包地址,请问申请后台IP地址为?

13.APK从服务器端申请的包含钱包地址的配置文件的文件名为?

14.APK程序在嫌疑人测试环境中,申请到的钱包地址为?

15.嫌疑人模拟器中,有测试文件被加密,该文件被加密后文件名为?

16.“APK程序勒索过程中,对于勒索文件使用的加密算法为?

A、AES B、DES C、BASE58 D、BASE64 E、HKDF”

17.请综合分析检材,嫌疑人模拟器环境中,申请的钱包地址对应的加密密钥为?

18.嫌疑人模拟器中,有测试文件被加密,被加密文件的文件内容为?

19.请综合分析检材,嫌疑人的密钥库文件的sha256值为?(不区分大小写)

20.如果嫌疑人使用的勒索钱包为74Vmx83bYvuhffEHnxVNnbbq9d1AAfJhXZ,那么该钱包对应的AES加密KEY为?

1
68307

image-20240426203530965

A、2019-12-30 19:21:19 B、2019-12-30 19:22:19 C、2019-12-30 19:23:19 D、2019-12-30 19:24:19 E、2019-12-30 19:25:19"

1
B

image-20240426205526270

image-20240426205438800

image-20240426205417664

1
胡艳红

把离线数据库文件放到网钜里,导出excl表格,导出列name,username,pid(上级)

image-20240426230825132

然后将该exel文件放到网钜里构建组织架构

image-20240426231015579

pid设置为邀请人id

image-20240426231221510

分析完后得到最深层级会员

image-20240426230522733

1
1142590

image-20240426212445909

1
2293600

image-20240426212544487

1
2431042

image-20240426212813000

1
2036114.90

image-20240426213359911

1
25043200

image-20240426213856155

1
272

image-20240426231630818

1
8

image-20240426231725910

1
E8B1C00DCA13B5CA83BD7C5623A80F07

image-20240409154345995

1
MBRE

image-20240409155111528

1
3

14.请分析服务器中嫌疑人用于赚钱的exe程序,窗口1中所显示的内容是什么?

1
Microsoft YaHei Light

image-20240409160042862

16.请分析服务器中嫌疑人用于赚钱的exe程序,窗口1中显示的字符串第一笔的长度为多少像素(答案格式只需填写数字)

17.请分析服务器中嫌疑人用于赚钱的exe程序,窗口2中解密字符串所使用的密钥为?

18.“请分析服务器中嫌疑人用于赚钱的exe程序,窗口2中使用了解密算法为? A. RC4 B.AES C.DES D.SHA256 E.ECC”

1
SSADWWSWAADDSS

image-20240409164530158

1
www.abcd.com

image-20240409161610491