定义在CTF中如果存在对密码的提示如压缩包密码以“abc”开头且总长度为7我们就会优先采用字典破解的方式。这里我们用会用到在Kali中用到的工具crunch如:crunch1010-tabc%%%%%%%-oabc_7digit.txtcrunch 10 10固定生成 10 位 字符串 -t abc%%%%%%%模板参数 abc固定开头 %代表数字 0-9写 7 个就是 7 位数字 小写字母 a-z ,大写字母 A-Z ^特殊符号 -o abc_7digit.txt把字典保存到文件里 -z gzip压缩输出实战[第八章][8.2.3 字典破解]字典破解这道题《CTF实战从入门到提升》这本书里没有给一点提示所以就得把能想到的所有CTF常用字典Top1000字典搞来暴力破解一遍。这里我问了Workbuddy生成了一个字典脚本.py字典脚本脚本如下importzipfileimportitertoolsimportstring# # CTF 字典破解 ZIP# 字典来源# 1. CTF 高频密码比赛中出现最多的# 2. 常见数字组合# 3. 键盘走位# 4. 常见英文弱密码# 5. ctf/flag 相关变体# ZIP_PATHrc:\Users\lenovo\WorkBuddy\Claw\字典破解.zip# --- CTF 通用高频密码字典 ---CTF_WORDLIST[# CTF 专用flag,ctf,ctf123,flag123,ctfctf,passwd,password,pssw0rd,pssword,passw0rd,admin,admin123,administrator,root,root123,toor,test,test123,guest,guest123,# 数字序列123456,1234567,12345678,123456789,1234567890,111111,222222,333333,666666,888888,000000,123123,321321,112233,123321,1q2w3e,1q2w3e4r,1q2w3e4r5t,qwerty,qwerty123,qwertyuiop,# 常见英文弱密码password,password1,password123,iloveyou,sunshine,princess,monkey,dragon,master,letmein,welcome,login,hello,hello123,abc123,abcd1234,baseball,football,shadow,superman,batman,trustno1,# 键盘走位qazwsx,zxcvbnm,asdfgh,asdfghjkl,1234qwer,# 年份/日期2020,2021,2022,2023,2024,2025,20200101,20210101,20221212,19891231,# 中文拼音常见woaini,woshini,nihaoma,zhongguo,beijing,# CTF 平台常见hack,hacker,hacking,exploit,shell,pwn,pwned,reverse,crypto,web,misc,binary,# 空密码,# 其他pass,123,1234,12345,654321,7654321,a123456,a12345678,aa123456,abc,abcdef,abcdefg,abcdefgh,111,1111,11111,000,0000,00000,9999,99999,8888,88888,7777,6666,5555,4321,4444,3333,2222,1111,3141592,123qwe,123abc,a1b2c3,aaa111,success,game,love,god,sex,god123,michael,jessica,charlie,thomas,robert,pokemon,starwars,matrix,linux,windows,]# --- 生成额外的数字组合 (4-8位纯数字) ---extra[]# 4位forninrange(0,10000):extra.append(f{n:04d})# 6位常见fornin[100000,110000,111111,112233,121212,123321,123456,123654,132456,147258,159357,159753,192168,200000,202020,210987,212121,246810,258369,314159,321654,456789,519519,520520,521521,654321,666666,696969,741852,741963,753951,789456,852456,852963,963852,987654,999999]:extra.append(str(n))wordlistCTF_WORDLISTextraprint(f[*] 字典总词条数:{len(wordlist)})print(f[*] 开始破解:{ZIP_PATH})print()foundFalsecount0try:zfzipfile.ZipFile(ZIP_PATH)forpwdinwordlist:count1ifcount%5000:print(f [~] 已尝试{count}/{len(wordlist)}... 当前:{repr(pwd)})try:zf.extractall(pathrc:\Users\lenovo\WorkBuddy\Claw\cracked_output,pwdpwd.encode(utf-8))print(f\n[] 破解成功密码是:{repr(pwd)})foundTruebreakexcept(RuntimeError,zipfile.BadZipFile):continueexceptException:# 尝试 latin-1 编码try:zf.extractall(pathrc:\Users\lenovo\WorkBuddy\Claw\cracked_output,pwdpwd.encode(latin-1))print(f\n[] 破解成功密码是:{repr(pwd)})foundTruebreakexceptException:continueexceptExceptionase:print(f[-] 打开ZIP出错:{e})ifnotfound:print(f\n[-] 字典破解失败已尝试{count}个密码未找到匹配项)print( 建议尝试更大字典如 rockyou.txt或暴力破解)else:importos out_dirrc:\Users\lenovo\WorkBuddy\Claw\cracked_outputforfinos.listdir(out_dir):fpathos.path.join(out_dir,f)print(f[*] 解压文件:{fpath})try:contentopen(fpath,rb).read()print(f[*] 内容:{content})exceptException:pass最后拿到密码是pssw0rd。成功破解压缩包。