crypto
week1 立正
逆序得到
:V Qook at you~ this is flag: EmxhE8tERKAfYAZ6S636dIWuEK46ZK4yRBdNdK4uRKd4 decode it
中间那串像b64
解码解不出什么 猜测还要rotate
Emxh 和 flag编码后的前几位比较接近
考虑大写字母需要继续偏移
对大写字母处理完后得到
:Q Look at you~ this is flag: ZmxhZ8tZMFVfTVU6N636dDRuZF46UF4yMWdIdF4uMFd4 decode it
解码得 flag�Y0U_MU:7��t4nd^:P^21gHt^.0Wx
对比flag{Y0U_base64编码ZmxhZ3tZMFVf和解出的前12位ZmxhZ8tZMFVf
数字也得继续偏移
a = ':V Qook at you~ this is flag: EmxhE8tERKAfYAZ6S636dIWuEK46ZK4yRBdNdK4uRKd4 decode it'
a = list(a)
for i in range(len(a)):
if a[i].isupper():
a[i] = chr((ord(a[i]) - 65 - 5) % 26+65)
if a[i].isdigit():
a[i] = chr((ord(a[i]) - 48 + 5) % 10+48)
print("".join(a))
解b64得到flag
flag{Y0U_MU57_5t4nd_uP_r1gHt_n0W}
[WEEK1]电信诈骗
真想不到
异或50后rot47
c = '050f000a7e407151537802540b747176075178027552756d0256726262627c'
print("".join([chr(int(c[i:i+2], 16) ^ 50) for i in range(0, len(c), 2)]))
# 7=28LrCcaJ0f9FCD5cJ0G`G_0d@PPPN
马后炮来说的话 第四行第七列 卷土重来 还是可以联想到rot47的
[WEEK3]ECC
哎 当初导sympy包
里面有个对象叫EllipticCurve
完了老和我说构造函数有问题
from Crypto.Util.number import *
import gmpy2
def crack_unknown_increment(states, modulus, multiplier):
increment = (states[1] - states[0]*multiplier) % modulus
return modulus, multiplier, increment
def crack_unknown_multiplier(states, modulus):
multiplier = (states[2] - states[1]) * \
inverse(states[1] - states[0], modulus) % modulus
return crack_unknown_increment(states, modulus, multiplier)
hint = [1570694739893062645954897001702004554030820147773705206144961894236480600502144377530243430,
1115071559941911318308753566664426840423418447339890011281946738239984044436490114276986358, 1724417937645231946682439402005218433918418922370889412352845326882349141006072218192190414]
N = 1756436166407836493798726314365345209041467063368466691280475314657490639743277323145836159
N, A, B = (crack_unknown_multiplier(hint, N))
rounds = 201
inv_a = gmpy2.invert(A, N)
seed = hint[0]
for i in range(rounds-2):
seed = (inv_a*(seed - B)) % N
E = EllipticCurve(GF(int(seed)), [A, B])
P=E(37977159917993725569055235995991171988930922261017470137494292644600863220268 , 18702328678557323528043531437349309255558505679181203523362701784535278781654 )
Q=E(50869218310545924409688834318827602878615827095578074934136681999097237356553 , 56112306156084592253561365078969255013878959268941761289693638560533128799289 )
print(E.order())
def SmartAttack(P, Q, p):
E = P.curve()
Eqp = EllipticCurve(
Qp(p, 2), [ZZ(t) + randint(0, p)*p for t in E.a_invariants()])
P_Qps = Eqp.lift_x(ZZ(P.xy()[0]), all=True)
for P_Qp in P_Qps:
if GF(p)(P_Qp.xy()[1]) == P.xy()[1]:
break
Q_Qps = Eqp.lift_x(ZZ(Q.xy()[0]), all=True)
for Q_Qp in Q_Qps:
if GF(p)(Q_Qp.xy()[1]) == Q.xy()[1]:
break
p_times_P = p*P_Qp
p_times_Q = p*Q_Qp
x_P, y_P = p_times_P.xy()
x_Q, y_Q = p_times_Q.xy()
phi_P = -(x_P/y_P)
phi_Q = -(x_Q/y_Q)
k = phi_Q/phi_P
return ZZ(k)
print(long_to_bytes(int(SmartAttack(P, Q, seed))))
[WEEK3]e=3
一开始以为p存在线性关系
像天山固网那道题样的
然后试了一下没出来就摆烂了
观察到N在M进制下易分解
我们用sage看看
from Crypto.Util.number import *
N = 3298593732762513945346583663585189774036688951059270517149719979434109398447628726951796006700754759352430339647168415338320547665794785951232342902233013221132246450312038122695046634624323814318286314664160113738299465643128504110932989263063331290006313
c = 869489491924953293290699796392271834401780578884556874640489836779925847562085802848542382525324081900560761299059365684697233025590164192409062717942292142906458498707677300694595072310705415037345581289469698221468377159605973403471463296806900975548438
M = 2**54
k = 6
digit = M
digits = N.digits(digit)
f = 0
for i, each in enumerate(digits):
f += each * x ^ i
print(f)
分解得到pqr
后面就是有限域开方
from Crypto.Util.number import *
N = 3298593732762513945346583663585189774036688951059270517149719979434109398447628726951796006700754759352430339647168415338320547665794785951232342902233013221132246450312038122695046634624323814318286314664160113738299465643128504110932989263063331290006313
c = 869489491924953293290699796392271834401780578884556874640489836779925847562085802848542382525324081900560761299059365684697233025590164192409062717942292142906458498707677300694595072310705415037345581289469698221468377159605973403471463296806900975548438
M = 2**54
k = 6
e = 3
digit = M
digits = N.digits(digit)
f = 0
for i, each in enumerate(digits):
f += each * x ^ i
# print(f.factor)
p = (54595*x ^ 5 + 17296*x ^ 4 + 5814*x ^ 3 + 36787*x ^ 2 + 58035*x + 45247)
q = (25282*x ^ 5 + 31957*x ^ 4 + 31998 *x ^ 3 + 6834*x ^ 2 + 31014*x + 33821)
r = (350*x ^ 5 + 48522*x ^ 4 + 12574*x ^ 3 + 35367*x ^ 2 + 47153*x + 11459)
p = int(p(M))
q = int(q(M))
r = int(r(M))
P.<x> = PolynomialRing(Zmod(p), implementation='NTL')
f = x ^ e - c
res1 = f.monic().roots()
P.<x> = PolynomialRing(Zmod(q), implementation='NTL')
f = x ^ e - c
res2 = f.monic().roots()
P.<x> = PolynomialRing(Zmod(r),implementation='NTL')
f = x ^ e - c
res3 = f.monic().roots()
for i in res1:
for j in res2:
for k in res3:
param1 = [int(i[0]), int(j[0]), int(k[0])]
param2 = [p, q, r]
m = CRT_list(param1, param2)
flag = long_to_bytes(m)
if b'flag{' in flag:
print(flag)
[WEEK3]Classical Master
重合指数 第一次见
建议看密码爷糖醋小鸡块的博客
https://tangcuxiaojikuai.xyz/post/165cec8c.html#more
web
[week_3]ez_rce
官方wp写到
于是要通过sett来改shell为True
shell是7
于是payload如下
[WEEK3]gogogo
猜测SESSION_KEY为空
本地启环境伪造session 成为admin
然后绕正则读文件
这是readfile的实现
可以执行命令
正则给命令分隔符过滤完了
可以考虑用find来查找并读取文件
$'\146\151\156\144' / -$'\155\141\170\144\145\160\164\150' 1 -$'\164\171\160\145' $'\146'
最后还要加个$()让其执行
类似这种效果
1093
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
