Cryptohack-RSA writeups

最新推荐文章于 2024-03-23 11:44:15 发布
最新推荐文章于 2024-03-23 11:44:15 发布
阅读量7k 收藏 3
点赞数 2
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_46591654/article/details/109966653
版权

STARTER

1.RSA Starter 1

Find the solution to 101^17 mod 22663

print(pow(101,17,22663))
#19906

2.RSA Starter 2

“Encrypt” the number 12 using the exponent e = 65537 and the primes p = 17 and q = 23. What number do you get as the ciphertext?

b = 12 
e = 65537
p, q = 17, 23 
N = p * q 
print(pow(b, e, N))
#301

3.RSA Starter 3


Given N = p*q and two primes:

p = 857504083339712752489993810777

q = 1029224947942998075080348647219

What is the totient of N?

p = 857504083339712752489993810777
q = 1029224947942998075080348647219
phi = ( p - 1) * ( q - 1 )
print(phi)
#882564595536224140639625987657529300394956519977044270821168

4.RSA Starter 4

Given the two primes:

p = 857504083339712752489993810777

q = 1029224947942998075080348647219

and the exponent:

e = 65537

What is the private key d?

import gmpy2
p = 857504083339712752489993810777
q = 1029224947942998075080348647219
e=65537
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
print(d)
# 121832886702415731577073962957377780195510499965398469843281

5.RSA Starter 5

Use the private key that you found for these parameters in the previous challenge to decrypt this ciphertext:

c = 77578995801157823671636298847186723593814843845525223303932

pow(c, d, n)
#13371337

6.RSA Starter 6

Sign the flag crypto{Immut4ble_m3ssag1ng} using your private key and the SHA256 hash function

A nice application of RSA, but still nice and straightforward to implement:

from hashlib import sha256

N=15216583654836731327639981224133918855895948374072384050848479908982286890731769486609085918857664046075375253168955058743185664390273058074450390236774324903305663479046566232967297765731625328029814055635316002591227570271271445226094919864475407884459980489638001092788574811554149774028950310695112688723853763743238753349782508121985338746755237819373178699343135091783992299561827389745132880022259873387524273298850340648779897909381979714026837172003953221052431217940632552930880000919436507245150726543040714721553361063311954285289857582079880295199632757829525723874753306371990452491305564061051059885803
d=11175901210643014262548222473449533091378848269490518850474399681690547281665059317155831692300453197335735728459259392366823302405685389586883670043744683993709123180805154631088513521456979317628012721881537154107239389466063136007337120599915456659758559300673444689263854921332185562706707573660658164991098457874495054854491474065039621922972671588299315846306069845169959451250821044417886630346229021305410340100401530146135418806544340908355106582089082980533651095594192031411679866134256418292249592135441145384466261279428795408721990564658703903787956958168449841491667690491585550160457893350536334242689

flag="crypto{Immut4ble_m3ssag1ng}"
flag=flag.encode("gb2312")
h=sha256(flag)
h=h.hexdigest()

c=pow(int(h,16),d,N)
print(hex(c))
#0x6ac9bb8f110b318a40ad8d7e57defdcce2652f5928b5f9b97c1504d7096d7af1d34e477b30f1a08014e8d525b14458b709a77a5fa67d4711bd19da1446f9fb0ffd9fdedc4101bdc9a4b26dd036f11d02f6b56f4926170c643f302d59c4fe8ea678b3ca91b4bb9b2024f2a839bec1514c0242b57e1f5e77999ee67c450982730252bc2c3c35acb4ac06a6ce8b9dbf84e29df0baa7369e0fd26f6dfcfb22a464e05c5b72baba8f78dc742e96542169710918ee2947749477869cb3567180ccbdfe6fdbe85bcaca4bf6da77c8f382bb4c8cd56dee43d1290ca856318c97f1756b789e3cac0c9738f5e9f797314d39a2ededb92583d97124ec6b313c4ea3464037d3

PRIMES PART 1

1.Factoring

Factorise the 150-bit number 510143758735509025530880200653196460532653147 into its two constituent primes. Give the smaller one as your answer.

Use factor DB,and get 19704762736204164635843 , 25889363174021185185929
So the answer is 19704762736204164635843

2.Inferius Prime

Here is my super-strong RSA implementation, because it’s 1600 bits strong it should be unbreakable… at least I think so!

import gmpy2 
from Crypto.Util.number import inverse,long_to_bytes
n = 742449129124467073921545687640895127535705902454369756401331
p = 752708788837165590355094155871
q = 986369682585281993933185289261
e = 3
ct = 39207274348578481322317340648475596807303160111338236677373
phi=(p-1)*(q-1)
d=inverse(e,phi)
m=pow(ct,d,n)

print(long_to_bytes(m))
# crypto{N33d_b1g_pR1m35}

3.Monoprime

Why is everyone so obsessed with multiplying two primes for RSA. Why not just use one?

from Crypto.Util.number import inverse,long_to_bytes

n = 171731371218065444125482536302245915415603318380280392385291836472299752747934607246477508507827284075763910264995326010251268493630501989810855418416643352631102434317900028697993224868629935657273062472544675693365930943308086634291936846505861203914449338007760990051788980485462592823446469606824421932591                                                                  
e = 65537
ct = 161367550346730604451454756189028938964941280347662098798775466019463375610700074840105776873791605070092554650190486030367121011578171525759600774739890458414593857709994072516290998135846956596662071379067305011746842247628316996977338024343628757374524136260758515864509435302781735938531030576289086798942  

phi=n-1
d=inverse(e,phi)
print(long_to_bytes(pow(ct, d, n)))
#crypto{0n3_pr1m3_41n7_pr1m3_l0l}

4.Square Eyes

It was taking forever to get a 2048 bit prime, so I just generated one and used it twice.

If you’re stuck, look again at the formula for Euler’s totient.

5.Manyprime

Using one prime factor was definitely a bad idea so I’ll try using over 30 instead.

If it’s taking forever to factorise, read up on factorisation algorithms and make sure you’re using one that’s optimised for this scenario.
在这里插入图片描述

from Crypto.Util.number import inverse,long_to_bytes
import gmpy2
n = 580642391898843192929563856870897799650883152718761762932292482252152591279871421569162037190419036435041797739880389529593674485555792234900969402019055601781662044515999210032698275981631376651117318677368742867687180140048715627160641771118040372573575479330830092989800730105573700557717146251860588802509310534792310748898504394966263819959963273509119791037525504422606634640173277598774814099540555569257179715908642917355365791447508751401889724095964924513196281345665480688029639999472649549163147599540142367575413885729653166517595719991872223011969856259344396899748662101941230745601719730556631637
e = 65537
ct = 320721490534624434149993723527322977960556510750628354856260732098109692581338409999983376131354918370047625150454728718467998870322344980985635149656977787964380651868131740312053755501594999166365821315043312308622388016666802478485476059625888033017198083472976011719998333985531756978678758897472845358167730221506573817798467100023754709109274265835201757369829744113233607359526441007577850111228850004361838028842815813724076511058179239339760639518034583306154826603816927757236549096339501503316601078891287408682099750164720032975016814187899399273719181407940397071512493967454225665490162619270814464
factors=[13099895578757581201,16656402470578844539,12132158321859677597,14963354250199553339,12834461276877415051,14278240802299816541, 14178869592193599187, 11492065299277279799, 10336650220878499841, 12955403765595949597, 10638241655447339831, 11403460639036243901, 12973972336777979701, 14100640260554622013, 11665347949879312361, 11328768673634243077,9303850685953812323, 11530534813954192171, 15998365463074268941, 13572286589428162097, 11282698189561966721, 9389357739583927789, 15824122791679574573, 17281246625998849649, 15669758663523555763, 14523070016044624039, 17138336856793050757, 11473665579512371723,9282105380008121879, 16898740504023346457, 15364597561881860737, 17174065872156629921]
phi=1
for x in factors:
    phi *= (x-1)
d = gmpy2.invert(e, phi)
print(long_to_bytes(pow(ct, d, n)))
#crypto{700_m4ny_5m4ll_f4c70r5}

PUBLIC EXPONENT

1.Salty

Smallest exponent should be fastest, right?

from Crypto.Util.number import inverse, long_to_bytes
n = 110581795715958566206600392161360212579669637391437097703685154237017351570464767725324182051199901920318211290404777259728923614917211291562555864753005179326101890427669819834642007924406862482343614488768256951616086287044725034412802176312273081322195866046098595306261781788276570920467840172004530873767                                                                  
e = 1
ct = 44981230718212183604274785925793145442655465025264554046028251311164494127485

print(long_to_bytes(ct))
#crypto{saltstack_fell_for_this!}

2.Modulus Inutilis

My primes should be more than large enough now!

from Crypto.Util.number import long_to_bytes
from gmpy2 import iroot
n = 17258212916191948536348548470938004244269544560039009244721959293554822498047075403658429865201816363311805874117705688359853941515579440852166618074161313773416434156467811969628473425365608002907061241714688204565170146117869742910273064909154666642642308154422770994836108669814632309362483307560217924183202838588431342622551598499747369771295105890359290073146330677383341121242366368309126850094371525078749496850520075015636716490087482193603562501577348571256210991732071282478547626856068209192987351212490642903450263288650415552403935705444809043563866466823492258216747445926536608548665086042098252335883
e = 3
ct = 243251053617903760309941844835411292373350655973075480264001352919865180151222189820473358411037759381328642957324889519192337152355302808400638052620580409813222660643570085177957

print(long_to_bytes(iroot(ct,3)[0]))
#crypto{N33d_m04R_p4dd1ng}
Ccomptine
关注
  • 2
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
趣味密码学入门--cryptohack
weixin_39664643的博客
12-18 4136
Awesome CTF中发现了一个有趣的密码学挑战平台–cryptohack。小白的我通过做题来学习密码学知识~ cryptohack平台官网:https://cryptohack.org/ cryptohack平台的题目几乎都是Python3编写,题目类型有三个: 下载易受攻击的源代码并确定如何破解输出。 向服务器发出Web请求并缓慢提取机密数据。 连接到端口,并对试图进行通信的两方进行中间人攻击。 由此,通过做题熟悉python相关密码库的应用及密码学知识 题目面板如下 注意:由于平台公告超过10
[CryptoHack] RSA-PRIMES PART1 Write-Up
dlfls0710的博客
06-05 1452
1. Factoring 利用factordb.com寻找prime
[CryptoHack] Public-key Cryptography Partial Solutions
baola的博客
05-12 748
本篇文章记录了CRYPTOHACK中public-key cryptography Course中的题解。
Cryptohack刷题记录(五) RSA部分 STARTER writeup
u010883831的博客
11-14 693
cryptohackRSAwriteup,Crypto,CTF
Cryptohack刷题记录(三) Mathematics部分 Lattice WriteUp
u010883831的博客
01-24 3237
cryptohack, Mathematic, Lattice, WriteUp
Cryptohack刷题记录(一) General部分 WP
u010883831的博客
01-24 2607
文章目录注册平台账号GeneralEncoding第一题第二题第三题第四题第五题XOR1. XOR Starter2. XOR Properties3.Favourite byte4.You either know, XOR you don't5. Lemur XORMATHEMATICS1. Greatest Common Divisor2. Extended GCD3. Modular Arithmetic 14. Modular Arithmetic 25. Modular InvertingDATA
easy-rsa-2.2.0.tar.gz
06-30
首先,我们需要从源代码包`easy-rsa-2.2.0.tar.gz`中解压并安装。这通常包括解压、进入目录、配置和编译过程。在Unix/Linux环境下,可以使用以下命令: ``` tar -zxvf easy-rsa-2.2.0.tar.gz cd easy-rsa-2.2.0 ./...
spring-security-rsa-1.0.10.RELEASE-API文档-中文版.zip
05-04
赠送jar包:spring-security-rsa-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-rsa-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-rsa-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
CTF-RSA-tool-master.zip
01-19
针对CTF中CRYPTO的RSA工具
browserify-rsa
05-24
在`browserify-rsa-master`压缩包中,可能包含了`browserify-rsa`库的源码、示例、测试文件以及相关文档。开发者可以通过阅读源码了解其内部实现,或者参考示例快速上手使用。 总之,`browserify-rsa`是一个在...
CryptoHack:应对CryptoHack挑战的解决方案
04-16
加密黑客 是用于学习密码学的平台。 您可以通过一系列Capture The Flag风格的挑战来学习现代密码学,在这里,我为您提供了应对这些挑战的解决方案。 解决方案: 1.简介: 2.总则: 2.1编码: 编码挑战 2.2 XOR: 异或启动器 XOR属性 最喜欢的字节 你们都知道,XOR你们不 狐猴XOR 2.3数学 最大公约数 扩展GCD 模块化算术1 模块化算术2 模块化反相 2.4数据格式 增强隐私的邮件? 绝对不是 透明度 如果您发现任何错误或有任何建议,可以通过我的社交网络与我联系: 推特: @ h_r0rsch4ch Discord:h-rorschach#3993
ctf-writeups:我如何解决信息安全捕获标志(CTF)挑战的详细文章
05-28
CTF撰写 我参与安全CTF的注意事项,主要供个人参考。 在其他地方托管的文章 blog.cryptohack.org 皇冠 宗族 Sectalks LON0x18-工作证明 Sectalks LON0x19-FPGA / RSA Sectalks LON0x1c-来自未来 Sectalks LON0x1e-可延展的RSA Sectalks LON0x20-BACPA Sectalks LON0x23-Tesseract OCR Sectalks LON0x24-齐柏林飞艇 Sectalks LON0x25-MAC Sectalks LON0x27-神经巫师CTF Sectalks LON0x2A-公元前 我写的CTF: 匿名(来源/解决方案) 龙(提示)
Desafios_CRYPTOHACK_Resueltos:储存资料库
03-06
Desafios_CRYPTOHACK 资料库活动范围:Fin de Ciclo,Cryptohack desarrollandodesafíos
cryptohack:使用python解决cryptohack.org上的挑战
03-14
cryptohack:使用python解决cryptohack.org上的挑战
前端开源库-node-rsa
08-30
**文件名称列表:“node-rsa-master”** 这可能是项目的主分支或者仓库名,通常在Git版本控制系统中,"master"是默认的主要分支,包含了项目最新的稳定代码。"node-rsa"部分与标题相呼应,表明这是关于Node.js RSA库...
网络安全、夺旗赛(CTF)技能汇总
hanjingjava的专栏
10-22 6150
本文综合博主参赛准备经历,总结介绍了过程中了解的网络安全、夺旗赛(CTF)相关知识及资源,分为资料篇、工具篇、解题思路篇。
国内外优秀网安练习平台
Ms08067安全实验室
12-06 799
0x01 前言小编总结网上一些靶场类型,并进行了分类,整理不足可以及时给小编留言!0x02基础类靶场1. DVWA:http://www.dvwa.co.u2.BWVS:https://github.com/bugku/BWVS3.Webug3.0:https://pan.baidu.com/s/1cM39UrKeWjS92-3am8L_bg?pwd=xjqr4. BWAPP:https://...
cryptohack代码以及题解(1)
最新发布
2301_80284843的博客
03-23 388
cryptohack
CryptoHack-wp(一)
热门推荐
weixin_32805909的博客
09-09 11万+
一、INTRODUCTION 1.Great Snacks 下载py文件,直接运行得到flag 2.Network Attacks 下载py文件,运行得到flag 二、GENERAL 1.ENCODING 1.1ASCII 运行得到flag:crypto{ASCII_pr1nt4bl3} 1.2Hex 运行得到同样的结果flag:crypto{You_will_be_working_with_hex_strings_a_lot} 1.3Base64 运行得到flag:crypto/Base+64+E
mac no matching host key type found. Their offer: ssh-rsa
08-30
这个问题通常出现在使用较新的 macOS 版本连接到较旧的 SSH 服务器时。这是因为较新的 macOS 默认不再支持弱加密算法,如 ssh-rsa。 要解决这个问题,可以尝试以下几种方法: 1. 指定支持的加密算法:在 SSH 命令中使用 `-o` 参数指定支持的加密算法,例如:`ssh -o HostKeyAlgorithms=+ssh-rsa user@host`。 2. 更新服务器的 SSH 配置:如果你有权限访问服务器,可以尝试更新服务器的 SSH 配置文件,将支持的加密算法列表中添加 `ssh-rsa`。具体配置文件位置和修改方法可能因操作系统而异,请查阅相应的文档。 3. 使用较旧版本的 OpenSSH:如果无法更改服务器的配置,你可以尝试使用较旧版本的 OpenSSH 客户端。你可以通过 Homebrew 或其他方法安装较旧版本的 OpenSSH,并使用该版本来连接服务器。 请注意,在进行任何更改之前,请确保你理解了安全风险,并且只在需要时才应该使用较旧的加密算法。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值