Crypto
小学生的密码学
最基础仿射加密
1234 |
from Crypto.Util.number import inversefrom base64 import *flag = ''.join(chr(((ord(i)-ord('a') - 6))*inverse(11,26)%26+ord('a')) for i in 'welcylk')print('flag{'+b64encode(flag)+'}') |
汉字的秘密
当铺密码,然后有点脑洞的移位密码
12 |
a=[69,74,62,67,118,83,72,77,86,55,71,57,82,57,64,63,51,107]flag=''.join(chr(a[i]+(ord('f')-ord('e'))+i) for i in range(len(a))) |
babycrypto
已知p高位,coppersmith,现成的exp一把梭
12345678910 |
n = p = p_new = (p>>128)<<128pbits = 1024kbits = 128pbar = p_new & (2^pbits-2^kbits)PR.<x> = PolynomialRing(Zmod(n))f = x + pbarx0 = f.small_roots(X=2^kbits, beta=0.4)[0] # find root < 2^kbits with factor >= n^0.4p = x0 + pbar |
分解了n,之后这一题就结束了
Backdoor
p=k *M + (65537 ** a %M);ROCA, 是一个CVE,github上也有现成轮子
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 |
#p,q=k*M+(65537**a %M)# Hardcoded parameters for efficiency# Found using params.pyparam = \{ 512: { "n": 39, "a_max": 62, "k_max": 37, "M": 0x924cba6ae99dfa084537facc54948df0c23da044d8cabe0edd75bc6, "M_prime": 0x1b3e6c9433a7735fa5fc479ffe4027e13bea, "m": 5, "t": 6, "c_a": 0x80000 }, 1024: { "n": 71, "a_max": 134, "k_max": 37, "M": 0x7923ba25d1263232812ac930e9683ac0b02180c32bae1d77aa950c4a18a4e660db8cc90384a394940593408f192de1a05e1b61673ac499416088382, "M_prime": 0x24683144f41188c2b1d6a217f81f12888e4e6513c43f3f60e72af8bd9728807483425d1e, "m": 4, "t": 5, "c_a": 0x40000000 }, 2048: { "n": 126, "a_max": 434, "k_max": 53, "M": 0x7cda79f57f60a9b65478052f383ad7dadb714b4f4ac069997c7ff23d34d075fca08fdf20f95fbc5f0a981d65c3a3ee7ff74d769da52e948d6b0270dd736ef61fa99a54f80fb22091b055885dc22b9f17562778dfb2aeac87f51de339f71731d207c0af3244d35129feba028a48402247f4ba1d2b6d0755baff6, "M_prime": 0x16928dc3e47b44daf289a60e80e1fc6bd7648d7ef60d1890f3e0a9455efe0abdb7a748131413cebd2e36a76a355c1b664be462e115ac330f9c13344f8f3d1034a02c23396e6, "m": 7, "t": 8, "c_a": 0x400000000 }}# https://github.com/mimoo/RSA-and-LLL-attacks/blob/master/coppersmith.sagedef coppersmith_howgrave_univariate(pol, N, beta, mm, tt, XX): """ Coppersmith revisited by Howgrave-Graham finds a solution if: * b|N, b >= N^beta , 0 < beta <= 1 * |x| < XX """ # # init # dd = pol.degree() nn = dd * mm + tt # # checks # if not 0 < beta <= 1 : raise ValueError("beta should belongs in (0, 1]") if not pol.is_monic(): raise ArithmeticError("Polynomial must be monic.") # # Coppersmith revisited algo for univariate # # change ring of pol and x polZ = pol.change_ring(ZZ) x = polZ.parent().gen() # compute polynomials gg = [] for ii in range(mm): for jj in range(dd): gg.append((x * XX)**jj * N**(mm - ii) * polZ(x * XX)**ii) for ii in range(tt): gg.append((x * XX)**ii * polZ(x * XX)**mm) # construct lattice B BB = Matrix(ZZ, nn) for ii in range(nn): for jj in range(ii+1): BB[ii, jj] = gg[ii][jj] # LLL BB = BB.LLL(early_red=True, use_siegel=True) # transform shortest vector in polynomial new_pol = 0 for ii in range(nn): new_pol += x**ii * BB[0, ii] / XX**ii # factor polynomial potential_roots = new_pol.roots() return [i[0] for i in potential_roots]# Top level of the attack, feeds the queue for the workersdef roca(N): # Key is not always of perfect size, infer from size keylength = int(log(N, 2)) if keylength < 1000 : keylength = 512 elif keylength < 2000 : keylength = 1024 elif keylength < 4000 : keylength = 2048 else: keylength = 4096 # bruteforce M_prime = param[keylength]['M_prime'] c_prime = discrete_log(N, Mod(65537, M_prime)) ord_prime = Zmod(M_prime)(65537).multiplicative_order() top = (c_prime + ord_prime)/2 beta = 0.5 mm = param[keylength]['m'] tt = param[keylength]['t'] XX = int((2*pow(N, beta)) / M_prime) # Bruteforce until p, q are found a_prime = floor(c_prime/2) while a_prime < top: # Construct polynomial m_inv = int(inverse_mod(M_prime, N)) k_tmp = int(pow(65537, a_prime, M_prime)) known_part_pol = int(k_tmp * m_inv) F = PolynomialRing(Zmod(N), implementation='NTL', names=('x',)) (x,) = F._first_ngens(1) pol = x + known_part_pol # Get roots of polynomial using coppersmith roots = coppersmith_howgrave_univariate(pol, N, beta, mm, tt, XX) # Check if roots are p, q for root in roots: factor1 = k_tmp + abs(root) * M_prime if mod(N, factor1) == 0: factor2 = N // factor1 return int(factor1), int(factor2) a_prime += 1# Rocap = 135879036921529661794648581653002330298301044224526679653380767028908108252308273197382392628515754461497140112085352276569074111872088188367336757057332590938346879044292991775026289443754785127606230777989486075849384095736865778026395017314284500188674246388734465652666728075877428904646726042443084490733q = 136030166899916836494910593158841550636266310029556929683174827580476574762487106877006810987126725903225945843864212303796002840361299997548544768590518964089753416844749381816714973552330950849352052797513575852750175731227705787558580111648617297716840633123746097117675990517245812564173658065172087693179#N = p*qN=15518961041625074876182404585394098781487141059285455927024321276783831122168745076359780343078011216480587575072479784829258678691739print ("[+] Factoring %i" % N)factor1, factor2 = roca(N)print ("[+] Found factors of N:")print ("[+] p =" , factor1)print ("[+] q =" , factor2) |
分解n了,这一题结束了。
Misc
签到
进bilibili直播间复制
Pokémon
走到103,flag画在地板上了
问卷调查
pass
code obfuscation
首先用ps调好
然后因为这些空隙,直接扫可能是扫不出来的,这边推荐用支付宝扫码,然后扫的时候抖动你的手机,让画面模糊,把空隙给抖没了就能扫出来base(gkctf)
然后这张图下面有一个rar,经过测试密码是base58(gkctf),解密后是给了一串js代码,网站js解密后地得到
12345678 |
for n in a b c d e f g h i j k l m n o p q r s t u v w x y z do eval An = "n" donefor n in A B C D E F G H I J K L M N O P Q R S T U V W X Y Z do eval An = "n" done num = 0for n in a b c d e f g h i j do eval Bn = "n" num = $((num + 1)) done alert("Bk=' ';Bm='"';Bn='#';Bs=' (';Bt=')';By='.';Cb=';';Cc=' < ';Ce=' > ';Cl='_';Cn='{';Cp='}';Da='0 ';Db='1 ';Dc='2 ';Dd='3 ';De='4 ';Df=5 ';Dg='6 ';Dh='7 ';Di='8 ';Dj='9 ';") |
字符替换,结合
得到
12345 |
int main(){print("w3lc0me_4o_9kct5");retrun 0;} |
Harley Quinn
首先用AU把音频切掉,得到最后的电话音,然后用dtmf2num得到那一串数字
然后9键键盘加密得到ctfisfun,再用hint给的工具解密哈丽奎因那张图,得到flag.txt
Reverse
Check_1n
ida打开,搜索解密失败找到密码HelloWorld,然后开机,flag里头说让玩大砖块(真难),不过死了直接给flag,(还好)
Web
CheckIN
直接传一句话(base64encode),蚁剑连上,然后功能被禁用完了,
putenv还在,
直接LD_PRELOAD绕disablie_fuc
system没法输出flag,改一改hack.c,直接重定向到文件里就好了。
最后再在一句话那里include一下我们的hack.php就好
cve版签到
安恒月赛也有,get_header 的trick,直接日内网,url=http://127.0.0.1%00.ctfhub.com
tips说host以123结尾
payload:url=http://127.0.0.123%00.ctfhub.com
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可联系QQ 643713081,也可以邮件至 [email protected] - source:Van1sh的小屋
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论