密码CTF(5)

已于 2024-06-21 17:30:49 修改
阅读量389 收藏 3
点赞数 5
文章标签: 密码学 python
于 2024-06-21 17:29:33 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/l2ohvef/article/details/139845238
版权

一、[安洵杯 2020]密码学?爆破就行了——sha256掩码爆破

1.题目:

#!/usr/bin/python2
import hashlib 
from secret import SECRET
from broken_flag import BROKEN_FLAG


flag = 'd0g3{' + hashlib.md5(SECRET).hexdigest() + '}'
broken_flag = 'd0g3{71b2b5616**2a4639**7d979**de964c}'

assert flag[:14] == broken_flag[:14]
assert flag[16:22] == broken_flag[16:22]
assert flag[24:29] == broken_flag[24:29]


ciphier = hashlib.sha256(flag).hexdigest()
print(ciphier)


'''
ciphier = '0596d989a2938e16bcc5d6f89ce709ad9f64d36316ab80408cb6b89b3d7f064a'
'''

2.

import hashlib


cipher = '0596d989a2938e16bcc5d6f89ce709ad9f64d36316ab80408cb6b89b3d7f064a'
strings = '0123456789abcdef'
for a in strings:
    for b in strings:
        for c in strings:
            for d in strings:
                for e in strings:
                    for f in strings:
                        flag = 'd0g3{71b2b5616' + a + b + '2a4639' + c + d + '7d979' + e + f + 'de964c}'
                        if hashlib.sha256(flag.encode()).hexdigest() == cipher:
                            print(flag)
                            break

NSSCTF{71b2b5616ee2a4639a07d979ebde964c}

二、[HNCTF 2022 WEEK2]md5太残暴了——MD5爆破

1.题目:

小明养成了定期修改密码的好习惯,同时,他还是一个CTF爱好者。有一天,他突发奇想,用flag格式来设置密码,为了防止忘记密码,他还把密码进行了md5加密。为了避免被其他人看到全部密码,他还特意修改了其中部分字符为#。你能猜出他的密码吗?
plaintext = flag{#00#_P4ssw0rd_N3v3r_F0rg3t_63####}
md5 = ac7f4d52c3924925aa9c8a7a1f522451
PS: 第一个#是大写字母,第二个#是小写字母,其他是数字。

2.

import hashlib


string1 = 'ABCDEFGHIGKLMNOPQRSTUVWXYZ'
string2 = 'abcdefghijklmnopqrstuvwxyz'
string3 = '0123456789'
md5 = 'ac7f4d52c3924925aa9c8a7a1f522451'

for a in string1:
    for b in string2:
        for c in string3:
            for d in string3:
                for e in string3:
                    for f in string3:
                        flag = 'flag{'+ a + '00' + b + '_P4ssw0rd_N3v3r_F0rg3t_63' + c + d + e + f + '}'
                        if hashlib.md5(flag.encode()).hexdigest() == md5:
                            print(flag)

flag{G00d_P4ssw0rd_N3v3r_F0rg3t_638291}

三、[LitCTF 2023]Where is P?——p的高位攻击

1.题目:

from Crypto.Util.number import *
m=bytes_to_long(b'XXXX')
e=65537
p=getPrime(1024)
q=getPrime(1024)
n=p*q
print(p)
c=pow(m,e,n)
P=p>>340
print(P)
a=pow(P,3,n)
print("n=",n)
print("c=",c)
print("a=",a)
#n= 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
#c= 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
#a= 22184346235325197613876257964606959796734210361241668065837491428527234174610482874427139453643569493268653377061231169173874401139203757698022691973395609028489121048788465356158531144787135876251872262389742175830840373281181905217510352227396545981674450409488394636498629147806808635157820030290630290808150235068140864601098322473572121965126109735529553247807211711005936042322910065304489093415276688746634951081501428768318098925390576594162098506572668709475140964400043947851427774550253257759990959997691631511262768785787474750441024242552456956598974533625095249106992723798354594261566983135394923063605

2.解题:p右移340位后进行低加密指数攻击,先进行解密求P,然后求p,然后是正常的rsa解密

3.

import gmpy2
import libnum

# 低加密指数攻击解密
a = 22184346235325197613876257964606959796734210361241668065837491428527234174610482874427139453643569493268653377061231169173874401139203757698022691973395609028489121048788465356158531144787135876251872262389742175830840373281181905217510352227396545981674450409488394636498629147806808635157820030290630290808150235068140864601098322473572121965126109735529553247807211711005936042322910065304489093415276688746634951081501428768318098925390576594162098506572668709475140964400043947851427774550253257759990959997691631511262768785787474750441024242552456956598974533625095249106992723798354594261566983135394923063605
n = 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
c = 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
k = 0
while 1:
    res = gmpy2.iroot(k * n + a,3)
    if res[1] == True:
        print(res[0])  # 即P
        break
    k += 1
P = p_high = 66302204855869216148926460265779698576660998574555407124043768605865908069722142097621926304390549253688814246272903647124801382742681337653915017783954290069842646020090511605930590064443141710086879668946


# sagemath,求p
# p_high = 66302204855869216148926460265779698576660998574555407124043768605865908069722142097621926304390549253688814246272903647124801382742681337653915017783954290069842646020090511605930590064443141710086879668946
# n= 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
# c= 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
#
# pbits = 1024
# kbits = 340
# p_high = p_high << kbits
# PR.<x> = PolynomialRing(Zmod(n))
# # f = x + p_high
# p0 = f.small_roots(X = 2 ^ kbits,beta = 0.4)[0]
# print(p_high + p0)
# p = 148500014720728755901835170447203030242113125689825190413979909224639701026120883281188694701625473553602289432755479244507504340127322979884849883842306663453018960250560834067472479033116264539127330613635903666209920113813160301513820286874124210921593865507657148933555053341577090100101684021531775022459


# 求flag
e = 65537
p = 148500014720728755901835170447203030242113125689825190413979909224639701026120883281188694701625473553602289432755479244507504340127322979884849883842306663453018960250560834067472479033116264539127330613635903666209920113813160301513820286874124210921593865507657148933555053341577090100101684021531775022459
q = n // p
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c,d,n)
print(libnum.n2s(int(m)))

NSSCTF{Y0U_hAV3_g0T_Th3_r1ghT_AnsW3r}

四、[LitCTF 2023]babyLCG——LCG求a、b、m、seed

1.题目:

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
bit_len = m.bit_length()
a = getPrime(bit_len)
b = getPrime(bit_len)
p = getPrime(bit_len+1)

seed = m
result = []
for i in range(10):
    seed = (a*seed+b)%p
    result.append(seed)
print(result)
"""
result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]
"""

2.LCG数学推导

3.python脚本

from functools import reduce
import gmpy2
import libnum

# 已知
result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878,
          193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390,
          1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943,
          659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506,
          111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829,
          1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909,
          655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698,
          1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851,
          492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509,
          70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]

# 第一阶段,获得模数m。一组数据即可,可以不使用列表
list1 = [s1 - s0 for s0, s1 in zip(result, result[1:])]
list2 = [t2 * t0 - t1 * t1 for t0, t1, t2 in zip(list1, list1[1:], list1[2:])]
m = gmpy2.gcd(list2[1], list2[2])
# m = abs(reduce(gcd, list2))
print(m)

# 第二阶段,获得常数A, B
A_son = result[2] - result[1]
A_mother_ni = gmpy2.invert(result[1] - result[0], m)
A = pow(A_son * A_mother_ni, 1, m)
# print(A)
B = pow(result[1] - A * result[0], 1, m)
# print(B)


# 第三阶段,逆推回seed
A_ni = gmpy2.invert(A, m)
seed = (result[0] - B) * A_ni % m
# print(seed)
flag = libnum.n2s(int(seed))
print(flag)

NSSCTF{31fcd7832029a87f6c9f760fcf297b2f}

五、[安洵杯 2020]easyaes——AES

1.题目:

#!/usr/bin/python
from Crypto.Cipher import AES
import binascii
from Crypto.Util.number import bytes_to_long
from flag import flag
from key import key

iv = flag.strip(b'd0g3{').strip(b'}')   # 只保留{}内的内容,flag

LENGTH = len(key)
assert LENGTH == 16

hint = os.urandom(4) * 8   # 随机生成4字节,重复8次
print(bytes_to_long(hint)^bytes_to_long(key))   # 将hint与key进行异或

msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'

def encrypto(message):
    aes = AES.new(key,AES.MODE_CBC,iv)
    return aes.encrypt(message)

print(binascii.hexlify(encrypto(msg))[-32:])

'''
56631233292325412205528754798133970783633216936302049893130220461139160682777
b'3c976c92aff4095a23e885b195077b66'
'''

2.解题:

加密流程:先将密文分组,然后每组生成密文与明文异或后,使用秘钥加密成密文,第一组加密,初始化向量充当密文

解密流程:将最后密文使用秘钥解密后,与前一组密文异或,得到部分明文,最后得到初始化向量

hint由重复八次的4个字节组成,key有15字节,所以异或后会有一部分hint保留,将hint转换为字符串,可以看到有部分重复的字节

由此推断,hint为 ‘}4$d’ * 8,然后异或可以得到key

import libnum

a = 56631233292325412205528754798133970783633216936302049893130220461139160682777
print(libnum.n2s(int(a)))
hint = '}4$d'
key = a ^ libnum.s2n(hint * 8)
print(libnum.n2s(int(key)))

#b'}4$d}4$d}4$d}4$d\x19\x04CW\x06CA\x08\x1e[I\x01\x04[Q\x19'
#b'd0g3{welcomeyou}'

然后将信息进行分组,解密

3.python脚本

import binascii
from Crypto.Cipher import AES
import libnum
from Crypto.Util.strxor import strxor

a = 56631233292325412205528754798133970783633216936302049893130220461139160682777
print(libnum.n2s(int(a)))
hint = '}4$d'
key = a ^ libnum.s2n(hint * 8)
print(libnum.n2s(int(key)))
key_bytes = libnum.n2s(int(key))   # 确保key是字节


# 确保密钥长度为 16 字节
key = key_bytes[:16]  # 截取前 16 字节
print(f"Key: {key}")


msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'
msgs = [msg[i:i+16] for i in range(0, len(msg), 16)]
msgs.reverse()  # 将列表反转
IV = binascii.unhexlify('3c976c92aff4095a23e885b195077b66')


def decry(key, iv, ms):
    aes = AES.new(key, AES.MODE_ECB)     # 如果秘钥不是16,则需要进行填充或者截断
    return strxor(aes.decrypt(iv), ms)   # 将参数进行异或操作


for ms in msgs:
    IV = decry(key, IV, ms)
print(b'd0g3{' + IV + b'}')

注意:将key转换为字节

NSSCTF{aEs_1s_SO0o_e4sY}

l2ohvef
关注
  • 5
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
BugkuCTF-MISC题怀疑人生
am_03的博客
09-05 444
补充:掩码爆破 字掩码爆破 所以选择数字,打三个英文问号,如果知道几位比如知道掩码是meimei后面是三个但是不知道,就写meimei??? 解题流程 下载文件file.zip 解压出三个文件 ctf1.zip,ctf2.zip,ctf3.zip 对于ctf1.zip 根据先得到ctf2.zip与ctf3.zip的flag猜想ctf1.zip为flag{??? 通过ARCHPR掩码爆破,但未得到密码 通过ARCHPR重新爆破,得到密码为password 解压出文件后打开发现为base64编码,解码为
p高位攻击
Emmaaaaa's blog
04-12 1435
三道p高位攻击题目,四种求p方法,都大同小异,放一起更好理解
密码爆破工具HashCat的安装与使用
最新发布
OrientalGlass的博客
06-10 3882
下载压缩包后解压,在所在文件夹中打开cmd即可。
BUUCTF 安洵杯 easy_serialize_php题目解析
2201_75327657的博客
03-29 215
反序列化后又为 {s:4:"flag";s:3:"img";得到fag=flag in /d0g3_fllllllag再利用base64转化得到flag。d0g3——flag.php的base64为ZDBnM19mMWFnLnBocA==查看后寻找flag位置得到它在d0g3里面通过看源码得知需要利用base64转化。这题是利用phpinfo查看回显。通过查看源码就能得知许多信息。
CRYPTO [61dctf]cry Writeup(RSA已知p的高位攻击)
lostnerv的专栏
05-09 3846
边学边做的大龄小白写了第一篇wp -.- [61dctf]cry 题目来源:https://www.jarvisoj.com/challenges Coppersmith攻击:已知p的高位攻击 关键点:用SageMath 恢复RSA完整的p 题目给了源码,其中print如下信息: print "====welcome to cry system====" (p,q,n,e,d)=rsa_gen() print "give you the public key:" ..
ctf 密码工具
07-30
ctf 密码类工具 各种加密解密都支持 编码转换 古典密码
CTF常见密码总结.docx
04-10
ctf解题中总结的一些实用的密码(编码方式),非常适合刚入坑的新手参考学习。比如常见的栅栏密码,摩斯电码,还有一些不常见的比如培根密码等等等等,非常全面!!!
ctf密码资料
10-26
### CTF密码学基础知识 #### 密码学概述 密码学是信息安全领域的一个核心部分,主要涉及信息的保护与安全传输。在网络安全竞赛(CTF)中,掌握基础的密码学知识至关重要。本文将深入探讨几种常见的加密技术,并...
ctf比赛密码方面总结
10-28
ctf比赛密码总结,涵盖各种密码的解析
ctf密码大全
11-02
### CTF密码学基础知识与实践应用 在网络安全竞赛(CTF)中,密码学作为一项重要的技术领域,涉及到了各种加密、解密方法的应用。本文将根据提供的标题、描述及部分内容,详细介绍其中提及的一些核心密码学知识点。...
Ziperello爆破
05-20
可以快速进行密码爆破,是很有效的解密软件。。。。。
密码破解那些事
hl1293348082的专栏
04-11 1897
最近恰巧刚好搞到一批hash,所以就寻思着,要不顺手小结一点关于hash破解的东西吧,反正经常要用,就当留备忘了,顺便也分享给大家,主要还是希望大家都能在实际渗透中能尽快上手用,既是这样,就肯定不会涉及太深,比如,其内部的破解算法具体是如何实现的等等…,我们都不会去深入剖析,毕竟,并不是为了去写此类工具,如果真的有兴趣,可自行去读源码[起码自己暂时还没那能力],经常渗透的朋友可能都非常清楚,由于各种各样的途径,我们经常会搞到各种各样的散列[hash],比如,各类web管理用户的密码hash,各类系统用户的密
WEEK7
mengxianshen的博客
11-23 440
周报
BUUCTF 每日打卡 2021-5-18
weixin_52446095的博客
05-18 336
引言 果然当鸽子会上瘾。。。 上周五打的国赛24小时不间断就离谱 原本打算通宵打,结果发现到半夜能写的都写了(指就写了一道 200 分的 rsa) 槽点太多,一时不知道从哪开始吐了 总之鸽了三天,今天就肝(水)一期国赛的那道 rsa 吧(咕咕咕) [CISCN]rsa 加密代码如下: from flag import text,flag import md5 from Crypto.Util.number import long_to_bytes,bytes_to_long,getPrime assert
BUUCTF [GUET-CTF2019]zips
../../../../../../../
09-29 1666
解开压缩包 需要输入密码,使用ARCHPR爆破,密码为:723456 发现111.zip伪加密,利用wireshark修改数据 将9改为偶数,修复好解压得到 查看setup.sh 运行这段python代码 print(__import__('time').time()) flag.zip为掩码爆破,利用ARCHPR设置掩码160137???.?? 掩码符号为**?** 然后解压flag.zip即可 ...
【2020安洵杯】EasyCM WriteUp
古月浪子的博客
12-17 506
这题从早上9点开始,做了快3小时,最后被人领先8分钟拿了一血,只拿到一个二血,呜呜呜/(ㄒoㄒ)/~~ 这题IDA有点白给,直接上x32dbg动调 可以看到要比较的字符串 我输入的是111d0g,经过某种加密以后变成了OOOBhKaT 前面有判断输入是不是3的倍数,不是则用-补齐的操作 推测是3位一组,一组输出4个字符,有点像base64 加密操作在这个函数里,会调用length/3次,每次输出4个字符 这个函数是动态解密的,而且dump下来后idapython写IDA里patch后也没法F5,懒得修花
RSA已知高位攻击
m0_57291352的博客
10-09 9092
背景: rsa解密,已知e,n,c(其中n太大,分解不了),和p的高位或m的高位或d的高位 工具: sage (没下载的话,有个在线网站可用:https://sagecell.sagemath.org/) 基础知识: PR.<x> = PolynomialRing(Zmod(n)) 用于生成一个以x为符号的一元多项式环 f = x + p4 定义求解的函数 roots = f.small_roots(X=2^kbits, beta=0.4) 多项式小值根求解及因子分解,其中X表示求解根的上
CTF比赛加密技巧: Caesar与Affine密码解析
CTF(Capture the Flag)比赛和其他信息安全挑战中,加密技术起着至关重要的作用,尤其是在密码学领域。Cryptography,或称密码学,是保护数据安全的关键方法,它通过改变信息的形式使其只有授权的人能够理解内容...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值