ctf在线工具的网站: http://ctf.ssleye.com/
1.滴答~滴
摩斯密码,解码:
BKCTFMISC
2.聪明的小羊
栅栏密码,key=2。
KEY{sad23jjdsa2}
3.ok
Brainfuck/Ook!编码
在线解密:https://www.splitbrain.org/services/ook
4.这不是摩斯密码
Brainfuck/Ook!编码的一种
flag{ok-c2tf-3389-admin}
5.easy_crypto
摩斯电码
6.简单加密
末尾AA与base64的==相似,可联想为base64和凯撒加密
先将密文转化为ASCII码
101 54 90 57 105 126 93 56 82 126 85 126 81 72 69 123 82 110 89 123 81 88 103 126 81 110 81 123 94 88 86 108 82 88 108 112 94 88 73 53 81 54 81 54 83 75 89 56 106 85 65 65
末尾为65,A对应65,=对应61,即前移4位
97 50 86 53 101 122 89 52 78 122 81 122 77 68 65 119 78 106 85 119 77 84 99 122 77 106 77 119 90 84 82 104 78 84 104 108 90 84 69 49 77 50 77 50 79 71 85 52 102 81 61 61
十进制转化为ASCII码
a 2 V 5 e z Y 4 N z Q z M D A w N j U w M T c z M j M w Z T R h N T h l Z T E 1 M 2 M 2 O G U 4 f Q = =
base64解密得到
key{68743000650173230e4a58ee153c68e8}
7.杂乱的密文
将216534按从小到大的顺序竖着从上往下读得到
f25dl03fa4d1g87}{c9@544@
栅栏密码解密,flag{52048c453d794df1}@@
8.凯撒部长的奖励
凯撒密码,key=20.
SYC{here_Is_yOur_rEwArd_enjOy_It_Caesar_or_call_him_vIctOr_is_a_Excellent_man_if_you_want_to_get_his_informations_you_can_join_us}
9.一段Base64
第一层base64
第二层,根据plain1的形式(0-7的整数),推测为8进制加密
第三层,根据plain2的形式(\xdd),推测为16进制加密
第四层,根据plain3的形式(udd*),推测为unicode
第5层,根据plain4形式,将所有数字转ASCII即可
第6层,百度plain5的编码格式(&#x)得到解码方法
第7层,百度plain6的编码格式(&#)得到解码方法
10. .!?
Brainfuck/Ook!编码的一种
flag{bugku_jiami}
11.+[]-
Brainfuck/Ook!编码的一种
flag{bugku_jiami_23}
12.奇怪的密码
gndk€rlqhmtkwwp}z这个格式像不像flag{*******}?
我们比较一下"gndk"与"flag"的ASCII码
gndk的10进制的ASCII码分别是:103 110 100 107
flag的10进制的ASCII码分别是 :102 108 97 103
发现ASCII以此减少 1 2 3 4,所以以此类推。
python脚本:
c="gndk{rlqhmtkwwp}z"
i=0
flag=""
while i < len(c):
num=ord(c[i])-(i+1)
flag+=chr(num)
i+=1
print ("解密:",flag)
flag{lei_ci_jiami}
13.托马斯.杰斐逊
转轮加密,百度托马斯.杰斐逊
密钥: 2,5,1,3,6,4,9,7,8,14,10,13,11,12
密文:HCBTSXWCRQGLES
按2,5,1,3,6,4,9,7,8,14,10,13,11,12从上到下排序
比如第一个密钥匙:2 密文匙:H
剪切末尾到H的地方,把剪切的内容放在最前面,变成 2: <HGVSFUWIKPBELNACZDTRXMJQOY <
flag{xsxsbugkuadmin}
14.zip伪加密
略
15.告诉你个秘密(ISCCCTF)
十六进制转为ASCII码
cjV5RyBscDlJIEJqTSB0RmhC
VDZ1aCB5N2lKIFFzWiBiaE0g
再转为base64
r5yG lp9I BjM tFhBT6uh y7iJ QsZ bhM
观察键盘上r5yG包围了t,同理得到tongyuan
16.这不是md5
16进制转字符
flag{ae73587ba56baef5}
17.贝斯家族
联想到base,base16,32,64,36,56,62,91……都试一遍,base91得到
flag{554a5058c9021c76}
18.富强民主
19.python(N1CTF)
略
20.进制转换
很快能发现字符的规律,b开头的是二进制,o开头的是八进制,d开头的是十进制,x开头的是16进制
#! /usr/bin/env python
#coding=utf-8
s=["d87","x65","x6c","x63","o157","d109","o145","b100000","d116","b1101111","o40","x6b","b1100101","b1101100","o141","d105","x62","d101","b1101001","d46","o40","d71","x69","d118","x65","x20","b1111001","o157","b1110101","d32","o141","d32","d102","o154","x61","x67","b100000","o141","d115","b100000","b1100001","d32","x67","o151","x66","d116","b101110","b100000","d32","d102","d108","d97","o147","d123","x31","b1100101","b110100","d98","d102","b111000","d49","b1100001","d54","b110011","x39","o64","o144","o145","d53","x61","b1100010","b1100011","o60","d48","o65","b1100001","x63","b110110","d101","o63","b111001","d97","d51","o70","d55","b1100010","d125","x20","b101110","x20","b1001000","d97","d118","o145","x20","d97","o40","d103","d111","d111","x64","d32","o164","b1101001","x6d","o145","x7e"]
s1=""
t=""
t1=""
for i in s:
s1=i
for j in range(1):
if s1[0:1]=='d':
t=str(hex(int(s1[1:])))
t=t[2:]+" "
t1=t1+t
if s1[0:1]=='x':
t=s1[1:]+" "
t1=t1+t
if s1[0:1]=='o':
t=str(hex(int(s1[1:],8)))
t=t[2:]+" "
t1=t1+t
if s1[0:1]=='b':
t=str(hex(int(s1[1:],2)))
t=t[2:]+" "
t1=t1+t
print t1
都转换成16进制 最后用工具解出Welcome to kelaibei. Give you a flag as a gift. flag{1e4bf81a6394de5abc005ac6e39a387b} . Have a good time~
21.affine
仿射加密(单码加密法的另一种形式称为仿射加密法(affine cipher))
flag = "szzyfimhyzd"
flaglist = []
for i in flag:
flaglist.append(ord(i)-97)
flags = ""
for i in flaglist:
for j in range(0,26):
c = (17 * j - 8) % 26
if(c == i):
flags +=
print(flags)
flag{affineshift}
22.Crack it
看到是个shadow文件,二话不说下载下来放到KaLi Linux里面,more shadow看一下
Kali系统中的john工具可以用。
23.rsa
ne已经给出,可以看出e特别大,在e特别大的情况下,可以使用wiener attack的方法进行破解,正好工具RsaCtfTool集成了wiener attack的方法,所以可以直接使用RsaCtfTool计算私钥, 如下所示:
使用py脚本直接解密密文,得到flag,代码如下所示:
#coding:utf-8
from libnum import n2s,s2n
import base64
def gcd(a, b): #求最大公约数
if a < b:
a, b = b, a
while b != 0:
temp = a % b
a = b
b = temp
return a
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m
if __name__ == "__main__":
p=15991846970993213322072626901560749932686325766403404864023341810735319249066370916090640926219079368845510444031400322229147771682961132420481897362843199
q=28805791771260259486856902729020438686670354441296247148207862836064657849735343618207098163901787287368569768472521344635567334299356760080507454640207003
e = 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619
# tmp = base64.b64decode("qzogS7X8M3ZOpkUhJJcbukaRduLyqHAPblmabaYSm9iatuulrHcEpBmil7V40N7gbsQXwYx5EBH5r5V2HRcEIOXjgfk5vpGLjPVxBLyXh2DajHPX6KvbFpQ8jNpCQbUNq8Hst00yDSO/6ri9dk6bk7+uyuN0b2K1bNG5St6sCQ4qYEA3xJbsHFvMqtvUdhMiqO7tNCUVTKZdN7iFvSJqK2IHosIf7FqO24zkHZpHi31sYU7pcgYEaGkVaKs8pjq6nbnffr4URfoexZHeQtq5UAkr95zD6WgvGcxaTDKafFntboX9GR9VUZnHePiio7nJ3msfue5rkIbISjmGCAlj+w==")
# =
d = modinv(e, (p - 1) * (q - 1))
# c=s2n(tmp)
c = 38230991316229399651823567590692301060044620412191737764632384680546256228451518238842965221394711848337832459443844446889468362154188214840736744657885858943810177675871991111466653158257191139605699916347308294995664530280816850482740530602254559123759121106338359220242637775919026933563326069449424391192
#c = 225031483444634056931067907865853799650197225351377050632290334721073031287701730297815850654473721939907812470206115171738967740183098960272963323728747481560137205796840356532306950935686580268408289864109695494835661414073083573249882362332920722000099781994315336570711188934565379141406727420346806389405536474102730682155998263607095718543239272202402139286809779368710600842078606046563228470023546348908618719147790859257980882643030144242048154566691808688844513142261099020381730517293884263384819159874220288293023868919557980548807831273449743064237407705987056818011286315950476959812697067649075359373253
n = p*q
m=pow(c,d,n)
print n2s(m)
得到:
25.来自宇宙的信号
银河标准字母,如图
flag{nopqrst}