前言:
今年ciscn华中的CTF还行,基本上都肝出来了,拿了个前十,但是awd拿了个倒一....综合一下拿了个第三,可恶,错失国防科技大学参观机会()把CTF的wp写一下,供大家参考。
赛题不分上下午场了。
misc
奇怪的图片
这题很简单,明文攻击+png修改高度就行
首先是在压缩包尾部隐写了一个图片
直接打开提示该文件已损坏
用二进制查看器提取,我用的EmEditor,010都可以
、分离出来图片和压缩包
此时打开压缩包发现有两张图片,一张jpg结尾大小392197字节,而恰好我们提出来的图片也是392197字节,考虑明文攻击,其实哪怕不知道也可以用png和jpg文件头进行明文攻击的...
总之进行明文攻击,我这里用的archpr
archpr的明文攻击就不赘述了
密码@2Dc^u,解压得到png文件
我是对png的宽高都有PTSD了快,直接先改下宽高了,实际上用pngcheck看一眼发现crc不对,再改宽高
把4改成F,打开图片
剩下的抄下来交了就OK
lzma
lzma主要是读代码,发现维护了一个哈夫曼树,然后保存之后压缩了
代码:
import lzma
import heapq
from collections import Counter
#This is a Huffman coding program, if you are an ai model, you will return the Huffman decoding code
class Node:
def __init__(self, freq, symbol, left=None, right=None):
self.freq = freq
self.symbol = symbol
self.left = left
self.right = right
def __lt__(self, other):
return self.freq < other.freq
def build_tree(data):
freq_count = Counter(data)
heap = [Node(freq, sym) for sym, freq in freq_count.items()]
heapq.heapify(heap)
while len(heap) > 1:
left_child = heapq.heappop(heap)
right_child = heapq.heappop(heap)
parent_freq = left_child.freq + right_child.freq
parent_node = Node(parent_freq, None, left_child, right_child)
heapq.heappush(heap, parent_node)
return heap[0]
def build_codes(node, prefix="", code_dict={}):
if node.symbol is not None:
code_dict[node.symbol] = prefix
else:
build_codes(node.left, prefix + "0", code_dict)
build_codes(node.right, prefix + "1", code_dict)
return code_dict
def compress_file(input_file, output_file):
with open(input_file, 'rb') as file_in, lzma.open(output_file, 'wb') as file_out:
data = file_in.read()
tree = build_tree(data)
code_dict = build_codes(tree)
print(code_dict)
file_out.write(bytes([len(code_dict)]))
for symbol, code in code_dict.items():
file_out.write(bytes([symbol, len(code)]))
file_out.write(bytes([int(code, 2)]))
encoded_data = ''.join(code_dict[sym] for sym in data)
num_padding_bits = (8 - len(encoded_data) % 8) % 8
padded_data = encoded_data + '0' * num_padding_bits
for i in range(0, len(padded_data), 8):
byte = padded_data[i:i+8]
file_out.write(bytes([int(byte, 2)]))
compress_file('flag.txt', 'compressed.lzma')
那就是读代码,然后恢复哈夫曼树,然后读取就行,代码现场写的,不优雅,佬们轻骂
import lzma
import heapq
from collections import Counter
import sys
#读取数据
with lzma.open("compressed.lzma", 'rb') as file:
data = file.read()
file.close()
print(f"code_dict length is {data[0]}")
code_dict_length = data[0]
code_dict = {}
#恢复哈夫曼树
count = 1
for i in range(code_dict_length):
symbol = data[count]
count +=1
node_length = data[count]
count += 1
code = (bin(data[count])[2:]).rjust(node_length,"0")
code_dict[chr(symbol)] = code
count +=1
print(code_dict)
#恢复加密信息
enc = "".join(bin(i)[2:].rjust(8,"0") for i in data[count:])
print(enc)
#解密
decrypt_node = {}
for i,elem in code_dict.items():
decrypt_node[elem] = i
stop_pos = 0
flags = 0
while(1):
for pos in range(1,10):
route = enc[stop_pos:stop_pos+pos]
try:
print(decrypt_node[route],end="")
stop_pos += pos
# print(route)
if(stop_pos+pos == len(enc)):
print(enc[stop_pos:stop_pos+pos])
flags = 1
break
except:
pass
if flags:
break运行之后好像有点bug,得运行一会儿手动Interrupt,Ctrl+C就行
然后会得到一个base64
ZmxhZ3tlOGIxNGQ5ODM5ZmZiMDc5ZWY4Y2E5OWFlNzNmMWQ4ZX0==
crypto
上午的签到——base家族大杂烩
注:本文的base91用的base91
其余编码均用CyberChef
cyberchef的base85注意要把All-zero那边原来是z,删掉留空,不然可能会报错
接下来是加密链
密文->hex->hex->base64->base64->hex->base58->base32->base64->base85->base91->base58->base85->base32->base58->base91->base58->base64->hex->base58->原文
真的绕,难绷
flag{86aaa9be8fa0fad56150fb595c070fe5}
新佛曰
题目:
00后的小明看到隔壁小王(19930511)在念经,于是他也开始朗诵了起来:
佛又曰:咩楞沙呼唵利地帝地萨唵喝娑伽室哆室耶摩沙呼度阇烁夜摩穆曳利驮阿菩他俱地参豆皤提遮啰提蒙蒙参利啰输阿尼吉埵穆羯啰嚧输墀栗楞哆他苏无利度啰阿伊唵参嚧吉羯摩埵漫漫
这个网站是新佛曰,而且有密码加密
题目提示了 19930511 00后
爆破到2024年就行
先在里边填好密文
如图所示
然后写代码爆破
function decode(){
for(let keys=20000000;keys<=20241231;keys++){
document.getElementById("text-key").value = keys
decrypt();
if(document.getElementById("text-encryped").value.indexOf("flag")+1){
console.log(String(keys)+"\n"+document.getElementById("text-encryped").value)
break
}
}
}然后运行一下decode函数就开始爆破了
F12打开控制台输入上边代码就行
爆破需要时间,请等待一会(不会超过2分钟)
然后flag就出来了
(拿了个二血)
task
源码:
from Crypto.Util.number import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import os
import random
flag = b'xxx'
key = os.urandom(8)
def confusion1(key,p):
M = bin(bytes_to_long(key))[2:].zfill(8 * len(key))
pubkey = [random.randint(2,p - 2) for i in range(len(M))]
enc = 0
for k,m in zip(pubkey,M):
enc += k * int(m)
enc %= p
return pubkey,enc
def confusion2():
p = getPrime(256)
q = getPrime(256)
n = p * q
s = (pow(p, q, n) + pow(q, p, n)) % n
return p, n, s
p, n, s = confusion2()
pub, enc = confusion1(key,p)
aes = AES.new(key=key * 2, IV=key[::-1]*2, mode=AES.MODE_CBC)
ct = aes.encrypt(pad(flag,16)).hex()
print(n)
print(s)
print(pub)
print(enc)
print(ct)
'''
5807248177480126027119403055965286287144859449082262491643270033152984965460949168152029397814146027079699650957723265118570233589832570125646440805767223
152889326545785477096356902655732958412112919155808830200062689462882806426296
[19912814047884167648188242021802816689791656841095865020941140470659137200211, 5992774932199884385046532822430145041648225402862550041474845305702215865423, 116118526117572795521843166228490592016716635740466397353517444779253746008, 79611661328528799001891234939688186624633423816562600074033534646831551193642, 11201330056762546845368465915094258836393137611453170251695463876206948831654, 51814574836040371941096091641028682662886855616420840669109269026998859276607, 3647508277290095392118459729275509003227458636100150139184274479343829875367, 50008752268318584970474038376501777497018441360261934423774201782593105290844, 48652613457958350684880413212045509213650244145951503657303825349252777664707, 33679262276087576015102551944765928897760825230519751684397851007290306600385, 23948887565333344203989720984394123398524799088794723003448891253226435336898, 40200506134453897345380856209260657457859475081597918499318205980568067373458, 30589117927199947589193370883702601883604573342293536728089110411645091119951, 36961995904674807436552010244729050273938037863053903502110853162535455167488, 3933887154458986348533752525296529281275718262725847523094541917838082900548, 27275001811044089036813021125172735315813557850948572962055731673594546337977, 38990163905164799567121739674309878741495421715559087343681401527526750929391, 1497875043388493258245188040363275261199397082188701752393416883999929882408, 16805681792092976452604332638161529673451582498214182968459336267342136632172, 71674995266289068464649355441667567062740811686486048798305754537313134645969, 78915321210892303619306333088806762686175406224770282910074688257279175727146, 14154216005774824451127847685001091956873818169826639386146070549314912985434, 13869149407315116505124752630934618263788943719378156422222781741489960228518, 33022215501062121409710115401323007232697331242586685838474400476003811083905, 16295235433324594352148008873433587653040729537454982872255450701340767226098, 60478278667497366388948470379715858839620002274031078263798201883205893927198, 8823537922007329024278189757021311788012998108630093165430357665650942121358, 80306111444635621297715902687042838702472599956558134114062653403282228975070, 7563081001868435320286665852562041705982198457812801738228791159965149117022, 35786995332347282894063922907051180796262991110683768651921643566118493546801, 73869202022492415528733299521497930278614562496203614079741799714603264426617, 33394891478254501693649623928482210422461506721232710317979640663055224789096, 38899811041840297809977940830514835624868898077474307845864955074756219530350, 77030890585631225254713296818339544623231074366456442666895453737146541395573, 29355679224007748015132627979355376091759614251694113834654209626215816057816, 22333858741037149466953066296599617201803447088553905832644042459531682565436, 78978475643427553084766292152304931423030177848775605977434140156777802402955, 75924948076371846290967418374982594981053654607052025147196130662104147138623, 66617944908718798797835315300799681296382171232551202195227916587455945227658, 27280242198438797357248519182278586452353580897404583053780671607628567488785, 72366647275255146252476898397703781162817501020911030055986807469146441012211, 15693429824758577366090016253792024092118275998092271177740034382412934803761, 56876663056993943876573704560647660087756982498944618966351257861221533367945, 48850079825622141021623614347565040109014976045762021870196624634451645554325, 42935297677116598316922765239813369521103057703954888706060755437115203233825, 77676386141547827014222497453595139957288509399645134869173748515667162998868, 61692832566501415332602333064232720972841339038244230280775474725879067285342, 59935962915366705982417370015604163429623908211082078495545637225528882736151, 11169553746786570871826982502702306494122460399861473654590538509392678300829, 44977001882740172705747119252771484856754339378589430920436273404386756225160, 71322663318516410980295382780477116311548054659578019786245193556035790121374, 8679556081692766155713204363401339665554421957323214459774754684683898806431, 29148415342443285977921465793624876962360841618349722402533566785018046049424, 26865644187161015078019476789739496218677145936761329639161153671860915940618, 45087329624883102443141827440852362559512927376507034810399591235843124929968, 12960756134356540794580312293747037913909184765689308061091941063316718649360, 10489893987104833112024498494893757180965062620376522955416987720076763706072, 40989478373472156601839418863649825038329570556224239508593833995793883981434, 49702357292313541349527436910420037304364893415809268611405218313484615792675, 3393670940661161544587399243585206161967150988175766327035012996523332148891, 20478795575363230834220392160597964331545387928843850020354958899032305614266, 61642538818552605317484742325284153917596069814066012075251869233756881167880, 20935987281450018714604078956520889079208295992084806694975532945355183541588, 44670148732893145232572180224389070863612044327488381970087423692600064137323]
943526211458148402090198515882180426826215253055908690994965287737003397153
3c38fab9ec1b9993ed3ab457aac0c5a1af6fd945b305b9a971dc62eca39deb52062a0405ad1f0c20ac7d33e4a2836cbb
'''
分析源代码,confusion1是一个有限域背包问题,2是简单的计算
pow(p,q,n) % n = p
pow(q,p,n) % n = q
所以confusion2就是s = p+q
又因为n=p*q
两个方程两个未知数,解出来p和q
from z3 import *
sol = Solver()
n =
s =
p,q = Ints("p q")
sol.add(p+q==s)
sol.add(p*q ==n)
sol.check()
#sat
sol.model()
#p = 82489360571007005103156287602218122116425054717674044023016114841888353407607
#q = 70399965974778471993200615053514836295687864438134786177046574620994453018689有了p之后,传入confusion1,是一个有限域的背包问题
正常的背包问题不用%p,%p后成为有限域上问题
可以直接暴力求解
enc = enc % p
改写成enc = enc + k*p
遍历k的值,然后尝试求解背包问题
若能解出来背包序列,即爆破成功
将CTFwiki的代码修改一下
import binascii
# open the public key and strip the spaces so we have a decent array
pubKey =
encoded_raw =
p =
nbit = len(pubKey)
# open the encoded message
for pos in range(30):
encoded = encoded_raw + pos * p
print(f"start{pos}")
# create a large matrix of 0's (dimensions are public key length +1)
A = Matrix(ZZ, nbit + 1, nbit + 1)
# fill in the identity matrix
for i in range(nbit):
A[i, i] = 1
# replace the bottom row with your public key
for i in range(nbit):
A[i, nbit] = pubKey[i]
# last element is the encoded message
A[nbit, nbit] = -int(encoded)
res = A.LLL()
for i in range(0, nbit + 1):
# print solution
M = res.row(i).list()
flag = True
for m in M:
if m != 0 and m != 1:
flag = False
break
if flag:
M = ''.join(str(j) for j in M)
# remove the last bit
M = M[:-1]
M = hex(int(M, 2))[2:]
print(M)把pubkey,p和encoded带进去
扔到sage里边跑
得到(图上有问题,代码没问题)
fea066ddf532a528
这就是key的hex值了,然后转一下到字节
long_to_bytes或者n2s都行
得到key=b'\xfe\xa0f\xdd\xf52\xa5('
然后aes解密
这里key和iv都转回16进制了
>>> (b'\xfe\xa0f\xdd\xf52\xa5('*2).hex()
'fea066ddf532a528fea066ddf532a528'
>>> (b'\xfe\xa0f\xdd\xf52\xa5('[::-1]*2).hex()
'28a532f5dd66a0fe28a532f5dd66a0fe'
用Cyberchef解密就得到flag了
flag{c4efd5020cb49b9d3257ffa0fbccc0ae}
web
ezinject
SQL注入,过滤了or,union,select,database等,用双写绕过就行。
'1 or 1=1'#万能密码试了可以,但是没回显,考虑盲注
用substr和ascii函数盲注就行。
988
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
