【CTF-Crypto】修复RSA证书入门汇总

已于 2024-05-03 13:10:19 修改
阅读量1k 收藏 15
点赞数 14
分类专栏: ctf-crypto 文章标签: python 密码学 网络安全
于 2024-05-03 13:09:16 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jayq1/article/details/138414162
版权

证书修复

文章目录

基础知识

  • 为什么要引入证书?

在正常题目中,大部分直接给出了数字,但是数字在现实世界中传输不稳定,容易在某处出现错误,所以我们将所有的数字信息使用统一的格式进行封装,封装后的内容称为证书

  • 分类?

常见的有两种格式,一种是PEM,一种是DER,最终都可以转化为数字,之间都可以进行转换

  • 工具?

openssl

参考:https://blog.csdn.net/zyhse/article/details/108186278

  • 手撕?

私钥:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCg0VTVv5fED3eXtEgZ0Jxgj6S1w45w2DvBMmcTjG7/TBqs7+Pd
tXHhtB2RHHq2E2z5BJMYlWNFDh9CcMq7xCB8VMTae4SiAxHPu6voK5/mC99IoI1X
g50M35Rk2EJivMBrwwgJWmmH9grQfWaaMStafkEzITeI7s8lhjJIuRNJ7wIDAQAB
AoGAD4JwxJaQO/Pj7EkSRQ8V7cgcsfz0sVRhWu4R+9Qo5k1AK1qNZtX3cDWPPm35
NbMk6NU0nIPXyZKlmCJJoxc0rLHbGcTI2CkmdRS8Hve7++JC1DUPZ6ACpW0z5W0a
lK3HHGjwINw5q30AZMERsWTia6BpjclKA839UW/9lm6HeUkCQQDKl+ScBYI3+W6Z
EYzjg/kZEsuhFj3pI2GB/3VO8+8aJg+sjS2a7oZtUai2g2mDsFz4UOeGKJtoWZJb
yGlfxnxHAkEAyzYwqv/8spYH8IM9x/BcFD7pL63+l12kz2cZ5xImvuclYuhjEyii
XXNRUHqNQ8EpWrbqJCtgoosQkjOpg/QhGQJAG0oypUGotNmIqF3Q2KTiXRpHC7/v
PwRhEh3TM3twbdlKqzepOQGAYiFp1IwHHpIXM+vSBCRcKsZGDM8GQrx96QJBAI2f
RKfII+qqWPor3SC8yM9rUMRj9Ky1HKlW51x87/fXy9x0rKeriAys05zM7CquMg4A
sIlomb5uQKxDyP4nY/ECQQDGfKbZiPU6vqghWUMaFGUSqNlCl41Kj4Py1CbxCV47
8bW5uLHMu60qMcZAGIBEekX14HkCaQYawTtfaPF3fX8H
-----END RSA PRIVATE KEY-----

其内容都是由base64编码生成,想要手撕,就要先将其转化为十六进制

两种转化方法

  1. 在文件中读
with open('./priv.pem', 'r') as f:
    data = f.read()

key_64 = ''.join(data.split('\n')[1:-1])
key_num = libnum.s2n(base64.b64decode(key_64))
key_hex = hex(key_num)[2:]
print(key_hex)

'''
3082025d02010002818100a0d154d5bf97c40f7797b44819d09c608fa4b5c38e70d83bc13267138c6eff4c1aacefe3ddb571e1b41d911c7ab6136cf90493189563450e1f4270cabbc4207c54c4da7b84a20311cfbbabe82b9fe60bdf48a08d57839d0cdf9464d84262bcc06bc308095a6987f60ad07d669a312b5a7e4133213788eecf25863248b91349ef02030100010281800f8270c496903bf3e3ec4912450f15edc81cb1fcf4b154615aee11fbd428e64d402b5a8d66d5f770358f3e6df935b324e8d5349c83d7c992a5982249a31734acb1db19c4c8d829267514bc1ef7bbfbe242d4350f67a002a56d33e56d1a94adc71c68f020dc39ab7d0064c111b164e26ba0698dc94a03cdfd516ffd966e877949024100ca97e49c058237f96e99118ce383f91912cba1163de9236181ff754ef3ef1a260fac8d2d9aee866d51a8b6836983b05cf850e786289b6859925bc8695fc67c47024100cb3630aafffcb29607f0833dc7f05c143ee92fadfe975da4cf6719e71226bee72562e8631328a25d7351507a8d43c1295ab6ea242b60a28b109233a983f4211902401b4a32a541a8b4d988a85dd0d8a4e25d1a470bbfef3f0461121dd3337b706dd94aab37a9390180622169d48c071e921733ebd204245c2ac6460ccf0642bc7de90241008d9f44a7c823eaaa58fa2bdd20bcc8cf6b50c463f4acb51ca956e75c7ceff7d7cbdc74aca7ab880cacd39cccec2aae320e00b0896899be6e40ac43c8fe2763f1024100c67ca6d988f53abea82159431a146512a8d942978d4a8f83f2d426f1095e3bf1b5b9b8b1ccbbad2a31c6401880447a45f5e0790269061ac13b5f68f1777d7f07
'''
  1. 直接输入
from base64 import b64decode
import binascii

s = '''MIICXQIBAAKBgQCg0VTVv5fED3eXtEgZ0Jxgj6S1w45w2DvBMmcTjG7/TBqs7+Pd
tXHhtB2RHHq2E2z5BJMYlWNFDh9CcMq7xCB8VMTae4SiAxHPu6voK5/mC99IoI1X
g50M35Rk2EJivMBrwwgJWmmH9grQfWaaMStafkEzITeI7s8lhjJIuRNJ7wIDAQAB
AoGAD4JwxJaQO/Pj7EkSRQ8V7cgcsfz0sVRhWu4R+9Qo5k1AK1qNZtX3cDWPPm35
NbMk6NU0nIPXyZKlmCJJoxc0rLHbGcTI2CkmdRS8Hve7++JC1DUPZ6ACpW0z5W0a
lK3HHGjwINw5q30AZMERsWTia6BpjclKA839UW/9lm6HeUkCQQDKl+ScBYI3+W6Z
EYzjg/kZEsuhFj3pI2GB/3VO8+8aJg+sjS2a7oZtUai2g2mDsFz4UOeGKJtoWZJb
yGlfxnxHAkEAyzYwqv/8spYH8IM9x/BcFD7pL63+l12kz2cZ5xImvuclYuhjEyii
XXNRUHqNQ8EpWrbqJCtgoosQkjOpg/QhGQJAG0oypUGotNmIqF3Q2KTiXRpHC7/v
PwRhEh3TM3twbdlKqzepOQGAYiFp1IwHHpIXM+vSBCRcKsZGDM8GQrx96QJBAI2f
RKfII+qqWPor3SC8yM9rUMRj9Ky1HKlW51x87/fXy9x0rKeriAys05zM7CquMg4A
sIlomb5uQKxDyP4nY/ECQQDGfKbZiPU6vqghWUMaFGUSqNlCl41Kj4Py1CbxCV47
8bW5uLHMu60qMcZAGIBEekX14HkCaQYawTtfaPF3fX8H'''

s = b64decode(s)

print(binascii.hexlify(s))

'''
3082025d02010002818100a0d154d5bf97c40f7797b44819d09c608fa4b5c38e70d83bc13267138c6eff4c1aacefe3ddb571e1b41d911c7ab6136cf90493189563450e1f4270cabbc4207c54c4da7b84a20311cfbbabe82b9fe60bdf48a08d57839d0cdf9464d84262bcc06bc308095a6987f60ad07d669a312b5a7e4133213788eecf25863248b91349ef02030100010281800f8270c496903bf3e3ec4912450f15edc81cb1fcf4b154615aee11fbd428e64d402b5a8d66d5f770358f3e6df935b324e8d5349c83d7c992a5982249a31734acb1db19c4c8d829267514bc1ef7bbfbe242d4350f67a002a56d33e56d1a94adc71c68f020dc39ab7d0064c111b164e26ba0698dc94a03cdfd516ffd966e877949024100ca97e49c058237f96e99118ce383f91912cba1163de9236181ff754ef3ef1a260fac8d2d9aee866d51a8b6836983b05cf850e786289b6859925bc8695fc67c47024100cb3630aafffcb29607f0833dc7f05c143ee92fadfe975da4cf6719e71226bee72562e8631328a25d7351507a8d43c1295ab6ea242b60a28b109233a983f4211902401b4a32a541a8b4d988a85dd0d8a4e25d1a470bbfef3f0461121dd3337b706dd94aab37a9390180622169d48c071e921733ebd204245c2ac6460ccf0642bc7de90241008d9f44a7c823eaaa58fa2bdd20bcc8cf6b50c463f4acb51ca956e75c7ceff7d7cbdc74aca7ab880cacd39cccec2aae320e00b0896899be6e40ac43c8fe2763f1024100c67ca6d988f53abea82159431a146512a8d942978d4a8f83f2d426f1095e3bf1b5b9b8b1ccbbad2a31c6401880447a45f5e0790269061ac13b5f68f1777d7f07
'''

证书中存储的顺序

RSAPrivateKey ::= SEQUENCE {
    version           Version,     0表示两个素数的RSA  1表示多素数的RSA
    modulus           INTEGER,  -- n
    publicExponent    INTEGER,  -- e
    privateExponent   INTEGER,  -- d
    prime1            INTEGER,  -- p
    prime2            INTEGER,  -- q
    exponent1         INTEGER,  -- d mod (p-1)
    exponent2         INTEGER,  -- d mod (q-1)
    coefficient       INTEGER,  -- (inverse of q) mod p
    otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

对应16进制 以上面的为例 格式:tag +

3082025d  #30  是Sequence的tag 结构开始  82表示接下来两个bytes是这个Sequence的长度双字节长度 即0x025d个bytes

020100   #02 是整数的tag  01表示这个整数占1byte 00表示值value为0x00 = 0  即两个素数的RSA

028181   #02  整数tag  中间的81表示长度类型 代表后面一个跟着一个单字节长度  最后的81代表长度为0x81
00a0d154d5bf97c40f7797b44819d09c608fa4b5c38e70d83bc13267138c6eff4c1aacefe3ddb571e1b41d911c7ab6136cf90493189563450e1f4270cabbc4207c54c4da7b84a20311cfbbabe82b9fe60bdf48a08d57839d0cdf9464d84262bcc06bc308095a6987f60ad07d669a312b5a7e4133213788eecf25863248b91349ef

0203     #02  整数tag   0x03表示长度
010001

028180
0f8270c496903bf3e3ec4912450f15edc81cb1fcf4b154615aee11fbd428e64d402b5a8d66d5f770358f3e6df935b324e8d5349c83d7c992a5982249a31734acb1db19c4c8d829267514bc1ef7bbfbe242d4350f67a002a56d33e56d1a94adc71c68f020dc39ab7d0064c111b164e26ba0698dc94a03cdfd516ffd966e877949024100ca97e49c058237f96e99118ce383f91912cba1163de9236181ff754ef3ef1a260fac8d2d9aee866d51a8b6836983b05cf850e786289b6859925bc8695fc67c47024100cb3630aafffcb29607f0833dc7f05c143ee92fadfe975da4cf6719e71226bee72562e8631328a25d7351507a8d43c1295ab6ea242b60a28b109233a983f4211902401b4a32a541a8b4d988a85dd0d8a4e25d1a470bbfef3f0461121dd3337b706dd94aab37a9390180622169d48c071e921733ebd204245c2ac6460ccf0642bc7de90241008d9f44a7c823eaaa58fa2bdd20bcc8cf6b50c463f4acb51ca956e75c7ceff7d7cbdc74aca7ab880cacd39cccec2aae320e00b0896899be6e40ac43c8fe2763f1024100c67ca6d988f53abea82159431a146512a8d942978d4a8f83f2d426f1095e3bf1b5b9b8b1ccbbad2a31c6401880447a45f5e0790269061ac13b5f68f1777d7f07

学习参考及附件来源:

https://tangcuxiaojikuai.xyz/post/e1a814d3.html#more

https://www.cnblogs.com/mumuhhh/p/18122781

https://github.com/tamuctf/tamuctf-2024/blob/master/crypto

下面的题目复现是基于鸡块师傅和mumu师傅的博客展开学习,收益颇丰!先给大师傅磕一个

Truncated 1

题目描述

Only part of the private key was able to be retrieved. Decrypt the flag.txt.enc file.

flag.txt.enc

直接在文件中读吧 粘贴也是乱码

private.pem

ZXPI0zfM5EJkeooRvNr3RKQEoQKBgQD0WrYbxhBveSRYvkOV0+omfutwS6wIoCme
CYCq5MboHdZn8NDCHy+Y66b+G/GMZJewqEKQSLwHcAjKHxouneFXp6AxV0rkBWtO
RNnjXfthsWXvOgBJzGm8CJQS+xVtUpYc4l1QnYaQpc0/SClSTPG775H5DnJ8t4rK
oNQur+/pcwKBgD1BU0AjW6x+GYPXUzA0/tXQpu5XaAMxkinhiiOJWT/AExzJU8Jt
eQULJ3EDENG6acSuwMhm0WMLhQ0JG6gIejRyOBZSIqjESWGHPmkU1XbUDz0iLb1h
HTqJMAWYKWJs4RnJbx6NGJAhd2Ni4CyOGmujYpqNnp1qfZNhmcj/VOeBAoGBAJgD
stU2c9UVlTIMM7mLG1kVjlzPBtha42ko2j32k3Ol1FPXcdfCVPcaa0ockjnX/rJt
CvP9+9PYs+8iSESF/cFtS/BGMRYH9Qi9NpwHRLMzDIo2GCXRIFpVL+FbCKp5PV/8
xza2uRdVvolG2EYWDjDvym0Zusmx2YtTYI0m8ObXAoGAZ6T8aF6GAZ0s814ZfEcy
zZGrZZQ/MJ7W8ZGdU1/y+204LzfGsW+d+sTPfQPYhn03/qU3SFhP095sYzELeOOZ
3yITOftHEdMP3XffnAudgn3tBHrtu0EsVFL44H7CWe4hx3M49M0lfERD60lPwUG1
8hY5qcthSko1f1WkTgN7Rrs=
-----END PRIVATE KEY-----

public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64u2qOSKwRf6GWPrq9ZX
uWqvooTq2uz/3obioiWMY2l2tLpi2Jgiq7F40t9QHLuIzcggU6bRH5Cn2gsh1DtE
UQYLMkszbp88akQqpPEa7t6leIqnT8Z4rFqj6sRpdYSQS8U2FzAzWDRvhY4oEliw
comX84WCVh8BKe38qOqN1QvhZVBY00JoUk2x/HBFNCA8VpEZIeTSKvH0Rc/Dzy5h
KoHBRaL8bBLYjhqO2PNfAkvHewJIqRyqtXXbedqqDn6vp9JX4lVcS5n/i95kQN98
JYn2RSuhTxk+v1ZHpEiSLImzc+9aOAPPtsikZPsah6JOnjDbhctfZGRn1MfFfzOd
UwIDAQAB
-----END PUBLIC KEY-----

解题:

首先是不完整的私钥文件,前半部分是丢失了,但是不影响我们提取后面的数据,所以,先进行base64解码,然后转化成hex16机制,根据数据的特征提取数据

exp:

from base64 import b64decode
import binascii

s = '''ZXPI0zfM5EJkeooRvNr3RKQEoQKBgQD0WrYbxhBveSRYvkOV0+omfutwS6wIoCme
CYCq5MboHdZn8NDCHy+Y66b+G/GMZJewqEKQSLwHcAjKHxouneFXp6AxV0rkBWtO
RNnjXfthsWXvOgBJzGm8CJQS+xVtUpYc4l1QnYaQpc0/SClSTPG775H5DnJ8t4rK
oNQur+/pcwKBgD1BU0AjW6x+GYPXUzA0/tXQpu5XaAMxkinhiiOJWT/AExzJU8Jt
eQULJ3EDENG6acSuwMhm0WMLhQ0JG6gIejRyOBZSIqjESWGHPmkU1XbUDz0iLb1h
HTqJMAWYKWJs4RnJbx6NGJAhd2Ni4CyOGmujYpqNnp1qfZNhmcj/VOeBAoGBAJgD
stU2c9UVlTIMM7mLG1kVjlzPBtha42ko2j32k3Ol1FPXcdfCVPcaa0ockjnX/rJt
CvP9+9PYs+8iSESF/cFtS/BGMRYH9Qi9NpwHRLMzDIo2GCXRIFpVL+FbCKp5PV/8
xza2uRdVvolG2EYWDjDvym0Zusmx2YtTYI0m8ObXAoGAZ6T8aF6GAZ0s814ZfEcy
zZGrZZQ/MJ7W8ZGdU1/y+204LzfGsW+d+sTPfQPYhn03/qU3SFhP095sYzELeOOZ
3yITOftHEdMP3XffnAudgn3tBHrtu0EsVFL44H7CWe4hx3M49M0lfERD60lPwUG1
8hY5qcthSko1f1WkTgN7Rrs='''

s = b64decode(s)

print(binascii.hexlify(s))

result:

6573c8d337cce442647a8a11bcdaf744a404a102818100f45ab61bc6106f792458be4395d3ea267eeb704bac08a0299e0980aae4c6e81dd667f0d0c21f2f98eba6fe1bf18c6497b0a8429048bc077008ca1f1a2e9de157a7a031574ae4056b4e44d9e35dfb61b165ef3a0049cc69bc089412fb156d52961ce25d509d8690a5cd3f4829524cf1bbef91f90e727cb78acaa0d42eafefe9730281803d415340235bac7e1983d7533034fed5d0a6ee576803319229e18a2389593fc0131cc953c26d79050b27710310d1ba69c4aec0c866d1630b850d091ba8087a347238165222a8c44961873e6914d576d40f3d222dbd611d3a8930059829626ce119c96f1e8d189021776362e02c8e1a6ba3629a8d9e9d6a7d936199c8ff54e781028181009803b2d53673d51595320c33b98b1b59158e5ccf06d85ae36928da3df69373a5d453d771d7c254f71a6b4a1c9239d7feb26d0af3fdfbd3d8b3ef22484485fdc16d4bf046311607f508bd369c0744b3330c8a361825d1205a552fe15b08aa793d5ffcc736b6b91755be8946d846160e30efca6d19bac9b1d98b53608d26f0e6d702818067a4fc685e86019d2cf35e197c4732cd91ab65943f309ed6f1919d535ff2fb6d382f37c6b16f9dfac4cf7d03d8867d37fea53748584fd3de6c63310b78e399df221339fb4711d30fdd77df9c0b9d827ded047aedbb412c5452f8e07ec259ee21c77338f4cd257c4443eb494fc141b5f21639a9cb614a4a357f55a44e037b46bb

按照证书格式拆分

6573c8d337cce442647a8a11bcdaf744a404a1
028181
00f45ab61bc6106f792458be4395d3ea267eeb704bac08a0299e0980aae4c6e81dd667f0d0c21f2f98eba6fe1bf18c6497b0a8429048bc077008ca1f1a2e9de157a7a031574ae4056b4e44d9e35dfb61b165ef3a0049cc69bc089412fb156d52961ce25d509d8690a5cd3f4829524cf1bbef91f90e727cb78acaa0d42eafefe973
028180
3d415340235bac7e1983d7533034fed5d0a6ee576803319229e18a2389593fc0131cc953c26d79050b27710310d1ba69c4aec0c866d1630b850d091ba8087a347238165222a8c44961873e6914d576d40f3d222dbd611d3a8930059829626ce119c96f1e8d189021776362e02c8e1a6ba3629a8d9e9d6a7d936199c8ff54e781
028181
009803b2d53673d51595320c33b98b1b59158e5ccf06d85ae36928da3df69373a5d453d771d7c254f71a6b4a1c9239d7feb26d0af3fdfbd3d8b3ef22484485fdc16d4bf046311607f508bd369c0744b3330c8a361825d1205a552fe15b08aa793d5ffcc736b6b91755be8946d846160e30efca6d19bac9b1d98b53608d26f0e6d7
028180
67a4fc685e86019d2cf35e197c4732cd91ab65943f309ed6f1919d535ff2fb6d382f37c6b16f9dfac4cf7d03d8867d37fea53748584fd3de6c63310b78e399df221339fb4711d30fdd77df9c0b9d827ded047aedbb412c5452f8e07ec259ee21c77338f4cd257c4443eb494fc141b5f21639a9cb614a4a357f55a44e037b46bb

解释一下最后对应的信息 首先在尾部就三个 dp dq inv(q,p)

可能顺序会有些乱,但是注意 dp和dq长度相同 且比inv小1

image-20240502214953237

故提取如下:

q = 0x00f45ab61bc6106f792458be4395d3ea267eeb704bac08a0299e0980aae4c6e81dd667f0d0c21f2f98eba6fe1bf18c6497b0a8429048bc077008ca1f1a2e9de157a7a031574ae4056b4e44d9e35dfb61b165ef3a0049cc69bc089412fb156d52961ce25d509d8690a5cd3f4829524cf1bbef91f90e727cb78acaa0d42eafefe973
inv = 0x009803b2d53673d51595320c33b98b1b59158e5ccf06d85ae36928da3df69373a5d453d771d7c254f71a6b4a1c9239d7feb26d0af3fdfbd3d8b3ef22484485fdc16d4bf046311607f508bd369c0744b3330c8a361825d1205a552fe15b08aa793d5ffcc736b6b91755be8946d846160e30efca6d19bac9b1d98b53608d26f0e6d7
dp = 0x3d415340235bac7e1983d7533034fed5d0a6ee576803319229e18a2389593fc0131cc953c26d79050b27710310d1ba69c4aec0c866d1630b850d091ba8087a347238165222a8c44961873e6914d576d40f3d222dbd611d3a8930059829626ce119c96f1e8d189021776362e02c8e1a6ba3629a8d9e9d6a7d936199c8ff54e781
dq = 
0x67a4fc685e86019d2cf35e197c4732cd91ab65943f309ed6f1919d535ff2fb6d382f37c6b16f9dfac4cf7d03d8867d37fea53748584fd3de6c63310b78e399df221339fb4711d30fdd77df9c0b9d827ded047aedbb412c5452f8e07ec259ee21c77338f4cd257c4443eb494fc141b5f21639a9cb614a4a357f55a44e037b46bb

这就导致q泄露,那么通过公钥文件提取n和e 直接解密

用一下我的新工具openssl吧

openssl rsa -pubin -in public.pem -inform PEM -text -noout

Public-Key: (2048 bit)
Modulus:
    00:eb:8b:b6:a8:e4:8a:c1:17:fa:19:63:eb:ab:d6:
    57:b9:6a:af:a2:84:ea:da:ec:ff:de:86:e2:a2:25:
    8c:63:69:76:b4:ba:62:d8:98:22:ab:b1:78:d2:df:
    50:1c:bb:88:cd:c8:20:53:a6:d1:1f:90:a7:da:0b:
    21:d4:3b:44:51:06:0b:32:4b:33:6e:9f:3c:6a:44:
    2a:a4:f1:1a:ee:de:a5:78:8a:a7:4f:c6:78:ac:5a:
    a3:ea:c4:69:75:84:90:4b:c5:36:17:30:33:58:34:
    6f:85:8e:28:12:58:b0:72:89:97:f3:85:82:56:1f:
    01:29:ed:fc:a8:ea:8d:d5:0b:e1:65:50:58:d3:42:
    68:52:4d:b1:fc:70:45:34:20:3c:56:91:19:21:e4:
    d2:2a:f1:f4:45:cf:c3:cf:2e:61:2a:81:c1:45:a2:
    fc:6c:12:d8:8e:1a:8e:d8:f3:5f:02:4b:c7:7b:02:
    48:a9:1c:aa:b5:75:db:79:da:aa:0e:7e:af:a7:d2:
    57:e2:55:5c:4b:99:ff:8b:de:64:40:df:7c:25:89:
    f6:45:2b:a1:4f:19:3e:bf:56:47:a4:48:92:2c:89:
    b3:73:ef:5a:38:03:cf:b6:c8:a4:64:fb:1a:87:a2:
    4e:9e:30:db:85:cb:5f:64:64:67:d4:c7:c5:7f:33:
    9d:53
Exponent: 65537 (0x10001)


n = 0x00eb8bb6a8e48ac117fa1963ebabd657b96aafa284eadaecffde86e2a2258c636976b4ba62d89822abb178d2df501cbb88cdc82053a6d11f90a7da0b21d43b4451060b324b336e9f3c6a442aa4f11aeedea5788aa74fc678ac5aa3eac4697584904bc53617303358346f858e281258b0728997f38582561f0129edfca8ea8dd50be1655058d34268524db1fc704534203c56911921e4d22af1f445cfc3cf2e612a81c145a2fc6c12d88e1a8ed8f35f024bc77b0248a91caab575db79daaa0e7eafa7d257e2555c4b99ff8bde6440df7c2589f6452ba14f193ebf5647a448922c89b373ef5a3803cfb6c8a464fb1a87a24e9e30db85cb5f646467d4c7c57f339d53
e = 0x10001
q = 0x00f45ab61bc6106f792458be4395d3ea267eeb704bac08a0299e0980aae4c6e81dd667f0d0c21f2f98eba6fe1bf18c6497b0a8429048bc077008ca1f1a2e9de157a7a031574ae4056b4e44d9e35dfb61b165ef3a0049cc69bc089412fb156d52961ce25d509d8690a5cd3f4829524cf1bbef91f90e727cb78acaa0d42eafefe973

exp:

n = 0x00eb8bb6a8e48ac117fa1963ebabd657b96aafa284eadaecffde86e2a2258c636976b4ba62d89822abb178d2df501cbb88cdc82053a6d11f90a7da0b21d43b4451060b324b336e9f3c6a442aa4f11aeedea5788aa74fc678ac5aa3eac4697584904bc53617303358346f858e281258b0728997f38582561f0129edfca8ea8dd50be1655058d34268524db1fc704534203c56911921e4d22af1f445cfc3cf2e612a81c145a2fc6c12d88e1a8ed8f35f024bc77b0248a91caab575db79daaa0e7eafa7d257e2555c4b99ff8bde6440df7c2589f6452ba14f193ebf5647a448922c89b373ef5a3803cfb6c8a464fb1a87a24e9e30db85cb5f646467d4c7c57f339d53
e = 0x10001
q = 0x00f45ab61bc6106f792458be4395d3ea267eeb704bac08a0299e0980aae4c6e81dd667f0d0c21f2f98eba6fe1bf18c6497b0a8429048bc077008ca1f1a2e9de157a7a031574ae4056b4e44d9e35dfb61b165ef3a0049cc69bc089412fb156d52961ce25d509d8690a5cd3f4829524cf1bbef91f90e727cb78acaa0d42eafefe973
p = n // q
phi = (p - 1) * (q - 1)
import gmpy2
from Crypto.Util.number import *
d = gmpy2.invert(e, phi)
c = open('flag.txt.enc','rb').read()   #二进制读取
c = bytes_to_long(c)
print(long_to_bytes(pow(c,d,n)))

image-20240502220240382

flag : gigem{Q_Fr0M_Pr1V473_K3Y_89JD54}

Truncated 2

题目描述

It seems even less was able to be retrieved this time. Decrypt the flag.txt.enc file.

附件

private.pem

WXH2tecCgYBIlOn6LCaw4cYxztL4a+AgeoJ1HXB7AYg5Vl6T9VHfWW6dFvBVmaK/
sLuzAAZBOfOD3oXHk+BY2izOQamgOY5AvgW7m4JwP+gEFk9f9NdmI9DkxyD9cFzm
76zpeUiaizor1mMAd2mcCqjaYlDB3ohA0+Wvw024ZeBlDOCPgotJrQKBgFTU0ZgY
cNeZM05a5RdFJtKXnhTG7MdNe1lgD799tMBgSBw9OMg6pASOTGrUg6QW1DrsxY23
/ouePRFBh1OMArIskZf+Ov0jqD9umsM/q1XIR3ax3iOmBX6RxH42qyrHYArbv+tB
WdiwnYGJj5oE5HtnnL5pDa9qYFUfK4InhjN3AoGAZ2q2zPPhW9v75hq8fwVvLGjP
yDT4gGIz168dnCBLLMHsNv8y0twKQMY8UnqKBBIIkaC+j6zdCM+9CU3SEGC/TwQc
5iTOHmknFfuvRYN6WKOXbTQZJIx2aDHaRz4MZlpHOVFeHrmY9/s+y24U2nOG9kAC
zBzyXKI5PxT40b/mIGs=
-----END PRIVATE KEY-----

public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+KEz83nu2HZ1fy9jec/
twHw1bkdZJStKl9J2wIo21gvJmcr+VyUcozF8mJgZKTVBvu57GTd6PhcCjyqnbH3
KB63Nji2imT8DVzHaNVTBHu1c3jm/9dNBe6qp3SxSGozO00pE/27VOrEIRwM+595
kHIO7YKWfPbdXuSp5XyVAdX9+I1gtGNYLc+yjO5h5bwHm95Le0sW8/T/Sl2i/M5d
wlYwpidyBhIJ7WPKBcgiAe0etC9XKoA5JPmtv+U3BQ5k/75hGq6pL0vxYIS4WlU8
fij2aD3QooEQJyV+8dleXQ2q0MBKRPcQGLzuM6hFVc8DesPm3g84FiNeR+jdtNNQ
iwIDAQAB
-----END PUBLIC KEY-----

解题:

先用openssl把公钥拆了 看看大小

Public-Key: (2048 bit)
Modulus:
    00:cb:e2:84:cf:cd:e7:bb:61:d9:d5:fc:bd:8d:e7:
    3f:b7:01:f0:d5:b9:1d:64:94:ad:2a:5f:49:db:02:
    28:db:58:2f:26:67:2b:f9:5c:94:72:8c:c5:f2:62:
    60:64:a4:d5:06:fb:b9:ec:64:dd:e8:f8:5c:0a:3c:
    aa:9d:b1:f7:28:1e:b7:36:38:b6:8a:64:fc:0d:5c:
    c7:68:d5:53:04:7b:b5:73:78:e6:ff:d7:4d:05:ee:
    aa:a7:74:b1:48:6a:33:3b:4d:29:13:fd:bb:54:ea:
    c4:21:1c:0c:fb:9f:79:90:72:0e:ed:82:96:7c:f6:
    dd:5e:e4:a9:e5:7c:95:01:d5:fd:f8:8d:60:b4:63:
    58:2d:cf:b2:8c:ee:61:e5:bc:07:9b:de:4b:7b:4b:
    16:f3:f4:ff:4a:5d:a2:fc:ce:5d:c2:56:30:a6:27:
    72:06:12:09:ed:63:ca:05:c8:22:01:ed:1e:b4:2f:
    57:2a:80:39:24:f9:ad:bf:e5:37:05:0e:64:ff:be:
    61:1a:ae:a9:2f:4b:f1:60:84:b8:5a:55:3c:7e:28:
    f6:68:3d:d0:a2:81:10:27:25:7e:f1:d9:5e:5d:0d:
    aa:d0:c0:4a:44:f7:10:18:bc:ee:33:a8:45:55:cf:
    03:7a:c3:e6:de:0f:38:16:23:5e:47:e8:dd:b4:d3:
    50:8b
Exponent: 65537 (0x10001)

再用脚本把私钥文件转化成十六进制

5971f6b5e7
028180   dp
4894e9fa2c26b0e1c631ced2f86be0207a82751d707b018839565e93f551df596e9d16f05599a2bfb0bbb300064139f383de85c793e058da2cce41a9a0398e40be05bb9b82703fe804164f5ff4d76623d0e4c720fd705ce6eface979489a8b3a2bd6630077699c0aa8da6250c1de8840d3e5afc34db865e0650ce08f828b49ad
028180   dq
54d4d1981870d799334e5ae5174526d2979e14c6ecc74d7b59600fbf7db4c060481c3d38c83aa4048e4c6ad483a416d43aecc58db7fe8b9e3d114187538c02b22c9197fe3afd23a83f6e9ac33fab55c84776b1de23a6057e91c47e36ab2ac7600adbbfeb4159d8b09d81898f9a04e47b679cbe690daf6a60551f2b8227863377
028180    ?打个问号
676ab6ccf3e15bdbfbe61abc7f056f2c68cfc834f8806233d7af1d9c204b2cc1ec36ff32d2dc0a40c63c527a8a04120891a0be8facdd08cfbd094dd21060bf4f041ce624ce1e692715fbaf45837a58a3976d3419248c766831da473e0c665a4739515e1eb998f7fb3ecb6e14da7386f64002cc1cf25ca2393f14f8d1bfe6206b

那么现在就n和e和dp进行求解

在鸡块哥哥这边看到一个比较巧妙的解法

image-20240503001116377

注意这里面的所有运算都是同余,设t的值 和 g的值,经过推导,计算出p的值

因为g - 2 = k * p 且 n = p * q 故两数有公因子

但是现在不清楚的是,在推导g的时候,为什么可以直接去掉edp

教你怎么去:

image-20240503100930555

2 e d p ≡ 2   ( m o d   p ) 推导如下: d p = d + k ( p − 1 ) 故: 2 e d p = 2 e [ d + k ( p − 1 ) ] = 2 e d + e k ( p − 1 ) 对于 2 p − 1 m o d   p ∵ ( 2 , p ) = 1 根据欧拉定理 2 p − 1 ≡ 1   m o d   p ∴ 2 e d + e k ( p − 1 ) ≡ 2 e d   m o d   p 根据循环节 2 e d ≡ 2 e d   m o d   ( p − 1 )   m o d   p ∵ e d ≡ 1   m o d   ϕ ( n ) e d ≡ 1   m o d   ( p − 1 ) ( q − 1 ) 根据同余的性质,模模数的因子其同余性质不改变 ∴ e d ≡ 1   m o d   ( p − 1 ) ∴ 根据循环节 2 e d ≡ 2 e d   m o d   ( p − 1 ) ≡ 2   m o d   p     推导毕 2^{edp}\equiv2~(mod~p)推导如下:\\ dp=d+k(p-1)\\ 故:2^{edp}=2^{e[d+k(p-1)]}=2^{ed+ek(p-1)}\\ 对于2^{p-1}mod~p \\ \because(2,p)=1 根据欧拉定理 2^{p-1}\equiv1~mod~p\\ \therefore 2^{ed+ek(p-1)} \equiv2^{ed}~mod~p \\根据循环节 2^{ed} \equiv2^{ed~mod~(p-1)}~mod~p \\\because ed \equiv1~mod~\phi(n)\\ ed \equiv1~mod~(p-1)(q-1)\\ 根据同余的性质,模 模数的因子 其同余性质不改变\\ \therefore ed \equiv1~mod~(p-1) \\\therefore 根据循环节 2^{ed} \equiv2^{ed~mod~(p-1)} \equiv 2~mod~p~~~~推导毕 2edp2 (mod p)推导如下:dp=d+k(p1)故:2edp=2e[d+k(p1)]=2ed+ek(p1)对于2p1mod p(2,p)=1根据欧拉定理2p11 mod p2ed+ek(p1)2ed mod p根据循环节2ed2ed mod (p1) mod ped1 mod ϕ(n)ed1 mod (p1)(q1)根据同余的性质,模模数的因子其同余性质不改变ed1 mod (p1)根据循环节2ed2ed mod (p1)2 mod p    推导毕

exp:

n = 0x00cbe284cfcde7bb61d9d5fcbd8de73fb701f0d5b91d6494ad2a5f49db0228db582f26672bf95c94728cc5f2626064a4d506fbb9ec64dde8f85c0a3caa9db1f7281eb73638b68a64fc0d5cc768d553047bb57378e6ffd74d05eeaaa774b1486a333b4d2913fdbb54eac4211c0cfb9f7990720eed82967cf6dd5ee4a9e57c9501d5fdf88d60b463582dcfb28cee61e5bc079bde4b7b4b16f3f4ff4a5da2fcce5dc25630a62772061209ed63ca05c82201ed1eb42f572a803924f9adbfe537050e64ffbe611aaea92f4bf16084b85a553c7e28f6683dd0a2811027257ef1d95e5d0daad0c04a44f71018bcee33a84555cf037ac3e6de0f3816235e47e8ddb4d3508b
e = 0x10001

#==dp大法==========================
dp = 0x4894e9fa2c26b0e1c631ced2f86be0207a82751d707b018839565e93f551df596e9d16f05599a2bfb0bbb300064139f383de85c793e058da2cce41a9a0398e40be05bb9b82703fe804164f5ff4d76623d0e4c720fd705ce6eface979489a8b3a2bd6630077699c0aa8da6250c1de8840d3e5afc34db865e0650ce08f828b49ad
t = pow(2,e,n)
g = pow(t,dp,n)
import gmpy2
p = gmpy2.gcd(g - 2, n)
q = n // p

#==常规RSA===================================
phi = (p - 1) * (q - 1)
import gmpy2
from Crypto.Util.number import *
d = gmpy2.invert(e, phi)
c = open('flag.txt.enc','rb').read()   #二进制读取
c = bytes_to_long(c)
print(long_to_bytes(pow(c,d,n)))

image-20240503104748281

flag : gigem{DP_DQ_r54_7rUNC473D_SDA79}

Jumbled

题目描述

The RSA public and private keys are provided. However, the private key seems to be jumbled in a block size of 10 hex characters. Can you get the flag?

附件

public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmTYhYT7+NBzZDrsfKD4
4K+9rtLcZLT+VaWHYvn8Bp9X/fg7TmK5l5D6MsF89rZ8taEGFJPy+kx+qUqOO95G
QhM2SXAwn0D1TJKdaSZunG06pcQ3b+pb5GDYYp43P7agUsgHSCw2OFCtU/Ms53Ew
i2j51dEv+8KbuqIp2IOGzLy3Mzx4r1TjTIm18DnpVVeoy8sNtWbVdnCCtIY6LnPP
smaOJ1+jWrWgv9DndpZIeDOuozd1bKltLBeIK2kfFnoxomTgW+SASL4rn/ojqNc0
6CZ5L+KnDCBybhG3sgTimzw0QMrS5G35kFv2l3M7/8WHOiXWpSSZKmKq1Tsbev+r
lwIDAQAB
-----END PUBLIC KEY-----

private

49 45 4e 42 47 2d 2d 2d 2d 2d 
20 54 4b 41 45 49 50 56 20 52 
0a 2d 4d 2d 0d 2d 59 2d 45 2d 
44 42 41 49 41 76 49 41 49 45 
47 6b 39 68 69 6b 42 71 4e 67 
41 46 53 45 41 41 30 51 77 42 
...

解题:

题目中说,我们的私钥证书,每十个一组 ,然后在一组中跳跃,就表示10个区间内会出现乱序。

根据基础知识中我们私钥证书的标准格式

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

可以发现开头和结尾有固定的值的,所以转化为16进制

s = "-----BEGIN RSA PRIVATE KEY-----"
print(s.encode().hex())

2d 2d 2d 2d 2d 42 45 47 49 4e 
20 50 52 49 56 41 54 45 20 4b 
45 59 2d 2d 2d 2d 2d

拿过跳跃后的前几个找规律

jumped: 49 45 4e 42 47 2d 2d 2d 2d 2d 
standa: 2d 2d 2d 2d 2d 42 45 47 49 4e 

jumped: 20 54 4b 41 45 49 50 56 20 52 
standa: 20 50 52 49 56 41 54 45 20 4b

可以发现前后五个互换 采用数组下标表示正确数据

9,7,10,6,8,4,2,5,1,3

exp:

with open('private', 'r') as file:
    jump_hex = file.read()

jump = list(jump_hex.split(' '))
print(jump)

#10个一分组
BLOCK_SIZE = 10
ori = []
for i in range(len(jump) // BLOCK_SIZE):
    ori.append(jump[BLOCK_SIZE * i : BLOCK_SIZE * i + BLOCK_SIZE])
print(ori)

#组内恢复顺序
for i in ori:
    temp = [i[8],i[6],i[9],i[5],i[7],i[3],i[1],i[4],i[0],i[2]]
    for j in temp:
      print(chr(int(j,16)),end="")

-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCqZNiFhPv40HNk
Oux8oPjgr72u0txktP5VpYdi+fwGn1f9+DtOYrmXkPoywXz2tny1oQYUk/L6TH6p
So473kZCEzZJcDCfQPVMkp1pJm6cbTqlxDdv6lvkYNhinjc/tqBSyAdILDY4UK1T
8yzncTCLaPnV0S/7wpu6oinYg4bMvLczPHivVONMibXwOelVV6jLyw21ZtV2cIK0
hjouc8+yZo4nX6NataC/0Od2lkh4M66jN3VsqW0sF4graR8WejGiZOBb5IBIviuf
+iOo1zToJnkv4qcMIHJuEbeyBOKbPDRAytLkbfmQW/aXczv/xYc6JdalJJkqYqrV
Oxt6/6uXAgMBAAECggEAAU8gCLqSUwGK+Wioe3ajItrGysqM7eskDxVj+mMwR/6+
ZtGa5wnEIkF3Yp9w7dZOE/kmOk8+rSScToGnoRcelBBguOS3Qun1WH7B3dZxQBto
uXBN+rqitRj3YJ6VjxRAnBI0WB4a1ojsI/p4zFhmxpNqY/Wk+DqxBpiLWMH97aG8
UcQhR2CtLP09O/EV8FDCI1NCthE0RYX9vkWCsDEbN9QEthxq8lgQyJKUKaK3Yl4q
v2baj4PKgsAJHtx99KJAYkD4Xp0kYtsWK0TOjEDuZPSchB11QJxiquhZRG9z+geo
TU4eEGPXqj7Q3+9dKHjIqIMXFE0/FKJT+CXnZU235QKBgQDFmc+tjBdUwLfb/cjS
M3Q8od0FKRV4IE4dBUlyRPNjhFLzUvzuSchRDFARcNUz7MAf+EBAMcMP/9pjKXyP
KcXCaSqmKEIBhjNNUR/BisabNlokxBu8CosuE9lgX+f8mbp5cKD3Fnjqh81QWKm6
LtgNdHVHj7nz2IgmIa2hXcgpgwKBgQDcwJnEhieqri7IUFc4fEpnzK62xtTg6C1y
hCUoqtBLKiSeEZZI46tnRgEZBxY75/Yq+nwvMhPbPsX7HRGEa7WyVcY9dr40h1Ks
TNTiNrwfue4n0TlidGuv/i8Zp6xS0idQD0BL6XXrpvI+JDoUVKSz1pidoRJ9uNv9
uPSrErxdXQKBgBxAY3rynptVenQPktjK1oGcutb0CsfEBqcLjHaz+QBveNSlNthy
4BsGYaQ8t57W6JkpizYiZzswX27yDYcCd+3Vz202MEm7gDY7tQic6MxkNvsutrBp
6YBLAjdPPwHUkN6wBbOOGPefNvGX25xs+iLiVapHmFSOzth01DhQCkA1AoGAbib1
E6lVlceAtJfSTe9HOXBbJf0lMGzqcKAb4qUJdtg6mV1xPkHMv6Wg2po8r/vZTCzd
VreITPiP1fP1T7xnV+uRFg5wbsmvqSZVe+OQD8y5V8kA923cZl9RpV2TkWgoEbzq
enauTr5pVjTBfm+WF97XHKDJF07tBzgJbmvU7kkCgYAz+FdbBcZEj9KPt2J1O8rl
hL7J6eUuip1JSkLclg27yetxFlAPqLSwv5GTgdRR6/+tT/ilt+JkmYPTAbI5p3bD
wFbwjgYhiw+DL/KXIEbRs5sqqhhAzgB+6zFMTKR8yPtyw+PC6W7CnYVrvN2a3eVe
palIDTkjSFadyj7owR7OtQ==
-----END PRIVATE KEY-----

这种完整的私钥文件得到后,就不要自己手撕了,上工具就好

openssl rsa -in private.pem -text -noout

image-20240503125728028

好像附件还给了public 但是显然没有用了

flag: gigem{jumbl3d_r54_pr1v473_k3y_z93kd74lx}

哈皮Superman
关注
  • 14
    点赞
  • 15
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
CTF-CYRPTO-RSA-Recovery
zippo1234的博客
11-20 1073
CTF-CYRPTO-RSA-RecoveryRSA-Recovery题目分析开始1.题目2.分析3.私钥恢复(1)私钥结构(2)恢复原理(3)恢复脚本4.常规套路5.get flag结语 RSA-Recovery 题目分析 私钥恢复 开始 1.题目 给出三个文件: flag.enc、private.corrupted、pubkey.pem 很明显是加密结果、损坏的私钥、公钥。 2.分析 核心在于恢复损坏的私钥。Plaid CTF 2014、Jarvis OJ God Like RSA两题,都与此题类似
CTF-CRYPTO-RSA-Evaluate
zippo1234的博客
11-27 259
CTF-CRYPTO-RSA-EvaluateRSA-Evaluate题目分析开始1.题目2.分析3.脚本4.get flag结语 每天一题,只能多不能少 RSA-Evaluate 题目分析 爆破x和y 数学计算 开始 1.题目 n = 240152805134947292476871478328219119218832547749382061299563916172003651729128615218824774769469250174112317232907232890534755807392423
CTF-Crypto-RSA整理
热门推荐
Love&Share
10-28 1万+
rsa基本参数 N:大整数N,我们称之为模数(modulus) p 和 q :大整数N的两个因子(factor) e 和 d:互为模反数的两个指数(exponent) c 和 m:分别是密文和明文 {N,e}称为公钥,{N,d}称为私钥 加密过程: c=m^e mod n c=pow(m,e,n) 解密过程: m=c^d mod n m=pow(c,d,n) 求解私钥d: d = gmpy2.invert(e, (p-1)*(q-1)) 一般来说,n,e是公开的,但是由于n一般是两
CTF-CRYPTO-RSA-partial
zippo1234的博客
11-21 722
CTF-CRYPTO-RSA-partialRSA-partial题目分析开始1.题目2.分析(1)已给出部分解密(2)rsa私钥格式解析(3)理论4.常规套路5.get flag结语 每天一题,只能多不能少 RSA-partial 题目分析 私钥格式 私钥恢复 开始 1.题目 题目介绍 这里有一张RSA私钥上半部分被挡住的截图,你能恢复私钥并解密出flag的内容吗?flag格式为0ctf{字符串}。 -----BEGIN RSA PRIVATE KEY----- ****隐藏的部分**** Os9mh
CTF-CRYPTO-RSA-ECC
zippo1234的博客
11-26 2733
CTF-CRYPTO-RSA-ECCRSA-ECC题目分析1.题目2.分析(1)加密过程分析(2)理论基础(3)sage分解脚本4.get flag结语 这几天在准备一个培训,身心俱疲,略有懈怠。。。 每天一题,只能多不能少 RSA-ECC 题目分析 ECC椭圆曲线方程 sage求因式 gcd(p,n) != 1 1.题目 ecn.py from fastecdsa.point import Point from Crypto.Util.number import bytes_to_long, isPr
CTF-CRYPTO-RSA-SupplementRabin
zippo1234的博客
12-11 1091
CTF-CRYPTO-RSA-SupplementRabinSupplementRabin题目分析开始1.题目2.分析(1)关系(2)gift分解(3)数学原理(4)最大公因数范围(5)e不是素数3.完整脚本4.get flag结语 有时间就多更新一两题 SupplementRabin 题目分析 supplement rabin lcm最小公倍数 开始 1.题目 task.py #!/usr/bin/env python # -*- coding: utf-8 -*- import gmpy2 from
BugkuCTF-Cryptorsa
am_03的博客
08-31 943
解题流程 n,e已经给出,可以看出e特别大,在e特别大的情况下,可以使用wiener attack的方法进行破解,正好工具RsaCtfTool集成了wiener attack的方法,所以可以直接使用RsaCtfTool计算私钥。 典型的rsa… 密钥的产生: 选两个满足需要的大素数p和q,计算n= p x q, φ(n) = (p - 1) x (q - 1),其里φ(n)是n的欧拉函数值。 选一个整数e,满足1< e < φ \varphi φ,且gcd(φ(n), e) = 1。通过d x
CTF-Crypto-RSA基本原理及常见攻击方法
H1zerguo的博客
10-04 3366
RSA
CTF-Crypto-RSA指数攻击-低加密指数广播攻击
Sciurdae的博客
12-10 590
e 较小,模数n和密文c不同,明文m和加密密钥e相同。有多组n和c,组数k,一般k等于e;
CTF-RSA-tool-master.zip
01-19
针对CTFCRYPTORSA工具
Backdoor-CTF-Crypto-400.rar
09-30
Backdoor-CTF-Crypto-400.rar
CTF-Crypto实战-2023红队】Babystack
07-28
Babystack
CTF-misc工具2-CTF-Tools-masterV1.3.7
08-17
内容概要: CTF-Tools-master是一个专注于密码编码识别与解码的工具,能自动推断密码的编码类型,... 适用人群: 该工具主要适用于参加CTF竞赛的选手,以及对密码编码算法感兴趣的信息安全从业人员。 使用场景: ... 其他说明: ...
CTF-Crypto实战-2023红队】从乱码.txt文件获取flag
07-28
CTF-Crypto实战-2023红队】从乱码.txt文件获取flag
【hackmyvm】Slowman靶机
woshicainiao666的博客
05-20 670
发现/secretLOGIN/login.html为登录地址,根据账号密码登录发现一个zip,但是需要密码。在FTP中得到的账号,爆破一下SSH。上传linpeas.sh文件,报一下。SSH爆破无果,试试mysql。得到用户名和加密的密码。
Python爬虫】案例_github模拟登录
最新发布
qq_45951891的博客
05-21 141
【代码】【Python爬虫】案例_github模拟登录。
python中用“*”运算符复制列表时子列表实际上引用的是同一个列表,列表和嵌套列表的坑
ThreeS_tones的博客
05-21 272
当你修改了一个子列表的元素时,所有的子列表都会随之改变。因为他们实际上都是同一个子列表的引用。输出如下,可以看到每个子列表中的第5个元素相同,并没有实现从0.8-1.2分布。先看一个例子,我想改变load的子列表中第五个元素,从0.8-1.2分布。的时候,Python实际上。
使用Python操作excel单元格——在单元格中插入公式
xll_007的博客
05-16 961
使用Python操作excel单元格——在单元格中插入公式。 通过使用Python的openpyxl库,来操作excel单元格,在单元格中插入公式的操作。把学习的过程分享给大家。大佬勿喷!
ctf-qsnctf此地无银三百
02-20
ctf-qsnctf是一个CTF(Capture The Flag)比赛平台,它提供了一系列的网络安全挑战,旨在帮助参与者提升网络安全技能和解决问题的能力。在ctf-qsnctf平台上,参与者可以通过解决各种类型的题目来获取旗帜(flag),并提交给平台进行验证。 "此地无银三百"是ctf-qsnctf平台上的一道题目,它的名称可能是一个提示,暗示着解题的思路。具体的解题方法和答案我无法透露,因为这会破坏比赛的公平性和乐趣。如果你对这道题目感兴趣,我建议你在ctf-qsnctf平台上注册账号并参与比赛,通过自己的努力和思考来解决问题。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值