[网络安全自学篇] 四.实验吧CTF实战之WEB渗透和隐写术解密

120 篇文章 3344 订阅 ¥49.90 ¥99.00

最近开始学习网络安全相关知识,接触了好多新术语,感觉自己要学习的东西太多,真是学无止境,也发现了好几个默默无闻写着博客、做着开源的大神。接下来系统分享一些网络安全的自学笔记,希望读者们喜欢。
上一篇文章分享了解BurpSuite工具的安装配置、Proxy基础用法,并分享一个简单的暴库案例;本篇文章分享实验吧CFT实战的题目,涉及WEB渗透和隐写术常见题型,包括“这是什么”、“天网管理系统”、“忘记密码”、“false”、“天下武功唯快不破”和“隐写术之水果、小苹果”。非常有意思的文章,作为在线笔记,希望对入门的博友们有帮助,大神请飘过,谢谢各位看官!

下载地址:https://github.com/eastmountyxz/NetworkSecuritySelf-study
百度网盘:https://pan.baidu.com/s/1dsunH8EmOB_tlHYXXguOeA 提取码:izeb

PS:作为初学者,这些题目自己只能完成很少部分,更多是学习别人的知识慢慢成长,未来希望自己能真正独立完成更多CTF夺旗题目。

前文学习:
[网络安全自学篇] 一.入门笔记之看雪Web安全学习及异或解密示例
[网络安全自学篇] 二.Chrome浏览器保留密码功能渗透解析及登录加密入门笔记
[网络安全自学篇] 三.Burp Suite工具安装配置、Proxy基础用法及暴库示例

前文欣赏:
[渗透&攻防] 一.从数据库原理学习网络攻防及防止SQL注入
[渗透&攻防] 二.SQL MAP工具从零解读数据库及基础用法

  • 46
    点赞
  • 115
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 5
    评论
下面是一个使用Spring Boot和SM4 CBC加解密的完整实现示例: 1. 添加依赖 在`pom.xml`文件中添加以下依赖: ```xml <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> <version>1.64</version> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.64</version> </dependency> ``` 这些依赖包含了Bouncy Castle加密库。 2. 创建SM4加解密工具类 创建一个名为`SM4Utils`的工具类,其中包含SM4加解密的方法。 ```java import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.encoders.Hex; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.security.Security; public class SM4Utils { private static final String ALGORITHM_NAME = "SM4"; private static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS7Padding"; private static final String ALGORITHM_NAME_CBC_PADDING = "SM4/CBC/PKCS7Padding"; private static final String IV_PARAMETER = "0000000000000000"; static { Security.addProvider(new BouncyCastleProvider()); } public static String encryptECB(String key, String plaintext) { try { Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_ECB_PADDING, BouncyCastleProvider.PROVIDER_NAME); byte[] keyBytes = Hex.decode(key); byte[] plaintextBytes = plaintext.getBytes(); SecretKeySpec sm4Key = new SecretKeySpec(keyBytes, ALGORITHM_NAME); cipher.init(Cipher.ENCRYPT_MODE, sm4Key); byte[] ciphertextBytes = cipher.doFinal(plaintextBytes); return new String(Hex.encode(ciphertextBytes)); } catch (Exception e) { throw new RuntimeException("SM4 ECB encrypt failed.", e); } } public static String decryptECB(String key, String ciphertext) { try { Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_ECB_PADDING, BouncyCastleProvider.PROVIDER_NAME); byte[] keyBytes = Hex.decode(key); byte[] ciphertextBytes = Hex.decode(ciphertext); SecretKeySpec sm4Key = new SecretKeySpec(keyBytes, ALGORITHM_NAME); cipher.init(Cipher.DECRYPT_MODE, sm4Key); byte[] plaintextBytes = cipher.doFinal(ciphertextBytes); return new String(plaintextBytes); } catch (Exception e) { throw new RuntimeException("SM4 ECB decrypt failed.", e); } } public static String encryptCBC(String key, String iv, String plaintext) { try { Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_CBC_PADDING, BouncyCastleProvider.PROVIDER_NAME); byte[] keyBytes = Hex.decode(key); byte[] ivBytes = Hex.decode(iv); byte[] plaintextBytes = plaintext.getBytes(); SecretKeySpec sm4Key = new SecretKeySpec(keyBytes, ALGORITHM_NAME); IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes); cipher.init(Cipher.ENCRYPT_MODE, sm4Key, ivParameterSpec); byte[] ciphertextBytes = cipher.doFinal(plaintextBytes); return new String(Hex.encode(ciphertextBytes)); } catch (Exception e) { throw new RuntimeException("SM4 CBC encrypt failed.", e); } } public static String decryptCBC(String key, String iv, String ciphertext) { try { Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_CBC_PADDING, BouncyCastleProvider.PROVIDER_NAME); byte[] keyBytes = Hex.decode(key); byte[] ivBytes = Hex.decode(iv); byte[] ciphertextBytes = Hex.decode(ciphertext); SecretKeySpec sm4Key = new SecretKeySpec(keyBytes, ALGORITHM_NAME); IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes); cipher.init(Cipher.DECRYPT_MODE, sm4Key, ivParameterSpec); byte[] plaintextBytes = cipher.doFinal(ciphertextBytes); return new String(plaintextBytes); } catch (Exception e) { throw new RuntimeException("SM4 CBC decrypt failed.", e); } } } ``` 3. 创建一个RESTful API 在`RestController`中创建一个RESTful API,该API将加密和解密请求发送到`SM4Utils`工具类。 ```java import org.springframework.web.bind.annotation.*; @RestController @RequestMapping("/sm4") public class SM4Controller { @PostMapping("/encrypt/ecb") public String encryptECB(@RequestParam("key") String key, @RequestParam("plaintext") String plaintext) { return SM4Utils.encryptECB(key, plaintext); } @PostMapping("/decrypt/ecb") public String decryptECB(@RequestParam("key") String key, @RequestParam("ciphertext") String ciphertext) { return SM4Utils.decryptECB(key, ciphertext); } @PostMapping("/encrypt/cbc") public String encryptCBC(@RequestParam("key") String key, @RequestParam(value = "iv", defaultValue = IV_PARAMETER) String iv, @RequestParam("plaintext") String plaintext) { return SM4Utils.encryptCBC(key, iv, plaintext); } @PostMapping("/decrypt/cbc") public String decryptCBC(@RequestParam("key") String key, @RequestParam(value = "iv", defaultValue = IV_PARAMETER) String iv, @RequestParam("ciphertext") String ciphertext) { return SM4Utils.decryptCBC(key, iv, ciphertext); } } ``` 4. 测试API 使用Postman或类似的工具测试RESTful API。以下是一些示例请求和响应: 加密请求: ```http POST /sm4/encrypt/ecb?key=12345678901234567890123456789012&plaintext=Hello%20world! HTTP/1.1 Host: localhost:8080 ``` 加密响应: ``` 8ad6a9d9b5b5139dc6c6c3d4ee92f3f5 ``` 解密请求: ```http POST /sm4/decrypt/ecb?key=12345678901234567890123456789012&ciphertext=8ad6a9d9b5b5139dc6c6c3d4ee92f3f5 HTTP/1.1 Host: localhost:8080 ``` 解密响应: ``` Hello world! ``` 加密请求: ```http POST /sm4/encrypt/cbc?key=12345678901234567890123456789012&iv=0000000000000000&plaintext=Hello%20world! HTTP/1.1 Host: localhost:8080 ``` 加密响应: ``` 4d7d881e1ebe6f9f2d1d7d1f2a5d3d0d ``` 解密请求: ```http POST /sm4/decrypt/cbc?key=12345678901234567890123456789012&iv=0000000000000000&ciphertext=4d7d881e1ebe6f9f2d1d7d1f2a5d3d0d HTTP/1.1 Host: localhost:8080 ``` 解密响应: ``` Hello world! ```

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 5
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Eastmount

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值