2022西湖论剑初赛Crypto部分wp

最新推荐文章于 2024-04-17 02:45:33 发布
最新推荐文章于 2024-04-17 02:45:33 发布
阅读量744 收藏 2
点赞数 3
分类专栏: CTF 文章标签: python linux 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_53283643/article/details/128908580
版权

些微写了一点,前两题稍微具体的可以看战队wp,后两题就十分简单的贴了个wp,凑合着看。以后有空来详细地补充一下(希望我能记得)

LockByLock

贴个exp吧
就先求n,再求e1,e2,最后rsa的共模求flag

#!usr/bin/python3
# -*- coding: utf-8 -*-
# @Time    : 2023/2/2 10:16
# @Author  : mxx307
# @FileName: exp.py
# @Software: PyCharm

import random
import string

from Crypto.Cipher import AES, DES
from Crypto.Util.number import *
from gmpy2 import *
# import numpy as np
from pwn import *
from sympy import *
from sympy.ntheory.factor_ import totient
from sympy.ntheory.modular import crt
from sympy.ntheory.residue_ntheory import nthroot_mod
from tqdm import tqdm

# re = remote('tcp.cloud.dasctf.com', 26257)
#
#
# def l():
#     re.recvuntil(b'Alice: locked msg1 = ')
#     msg1 = int(re.recvline().strip(b'\n'))
#     re.recvuntil(b'Bob: locked msg2 = ')
#     msg2 = int(re.recvline().strip(b'\n'))
#     re.recvuntil(b'Alice: unlocked msg3 = ')
#     msg3 = int(re.recvline().strip(b'\n'))
#     return msg1, msg2, msg3
# m1 =l()
# re.recvuntil(b'Bob: lock lock, unlock lock!\n')
# re.sendline(b'2')
# m2 =l()
# re.recvuntil(b'Bob: lock lock, unlock lock!\n')
# re.sendline(b'4')
# m3 =l()
# re.close()

m1 = (
1124346323248980833204341673426040673457276569061531980847105911792126578137708088406029339422885981954068123992255561399209782919656445535345129841536019789728650349772449698536572804780300480103788180473759438107830397290878833859981476945641585222623782799616490235628777321301684032138061770429176638831611678754974350369451261636269846824969601023233593261971694745788179227367570814713031878094293767130957413500744844307423025202856357991204067571260680949838013024714659542560429281721405898763410011577255910987866090441410858672763056343969623712769584818161925579787069462375119466558048752659256000570025,
4401810011194671652793822514557453827551219097780831827765937137515114365414469249475723734329875106085323210574795775012751049533133337157712555909754030481351443429002926773691400929226573386831362952505830531986974338984432961481309441493976727821411369721874828298929749858897485343289743801397026827540711770595532222686024829738139028206488171022540181898791403562066848290852802287981871599129881300675749217478860104822520296558855156217358370630788243550619188871555113262842033298967231045817602172958152925990347843442504409502482663805813455058604437047849356910242496668326224391482793572338270741024668,
459330529560758200548815298366482770075576233109954648332370344288173113381895402400433844759867533253953651671859486511956649142501351909577666901384673443129220344330509937887455367417950838379167778348837821888172567586903394342567110038940824595482649086580301216631651612672645750541346251888093233637095877579853366383912845197006684525634014165409012832958367726868202674141269714794723496985497608731054346482710870236594883154297267585874537324275507940585859277675754221204091953960201483110370171263486439589981077230709372396919135822054270565546808939957808050392227709348023480544642024907241111946921)
m2 = (
1189544252723601687710483304183031163140875970642457142145302401482496136847539164754041005029920499389172866772617382855551595529718625975599416548392733107183724025185324782804837712341579886825112675865948123913800600243935060299558524591430252503141979531518920435322360131610048121204950221659014767326892247496913006231381324178074834970266947935369010926209049284974025042290762085270113472077092893648670025986931607355024752583819389133199972911868970077650174319307965679698941527590985557019330249399889571432917976759466317499830470079333526406274386330754761578329856416993009223384814429406493051896262,
7291311901916921576785433514962814841861688445860722293640085294318924973005120469952211995217626784226930743953241439196392007354248388313498167092557846316633640140647172127946398995914651867285446127974015568663453247372445313299363327327783755107987378266022116782864722128693765417870060994209110141392236856570843445806771732502769879586960245964468295917006613602078281339487402227273554256002886207856675542520986293903573556308057310163119222418823947128986164204593357336403968143944188942393775874253122724058089150984639139733593019623328006591968562057596784637504625876181670563872793843144792325049785,
11567951204138372271836067880925660606624560260066733407042320353678323305133936118499615254418751871218602936171046942215074702854291904545678679772631004456948048197534754809659624405754943901494280439056652735150566756010338641351365332485029174862589297846961849050728801619881051605824235604133959898675729228708234558527575533056493226660293182293971347555881156066967444233661734475094207189745865818469767295963909435794996144493276920066069105945174195254814726427349597585873403718448811002601268920161592228697081383679039630797421948251766944442765931721765625231449502803012385352598597453746468559674714)
m3 = (
13238037567986995171206160824369033874540550405486043673508992046079143234503136613039314762007197456641338805986723912767362215391329317712710553108685934434676584968948895434087201324970730256182200712032678882902924119716578572195318111837471464017385418193643095508143391280380436392074773242954428904052854148357479050478433589317405074130509701967658572484434198496826608455700155230550292428607082843197698159847516177030070881944033773183960016122322013597905314448179477128799540166821764694976831316258086128507294791381176143205937597924078828955379526477296858100294688401841068015674428251739124560147177,
7886104907871207730607616581804118413895185148367519873447680724701597884578607828265755278892795362432818392112014912270972194677628140719552656601698394851139681765207667188551259699701731912947852657907678811594250882169288178131538540055997052317086055757197683848143597188557771366305885648248038322844281485906241947877696594511031799801121734224190135206038709913090692032653043546944404666814925130277698764097568177880266441384490781082610573045903202990438486215492149778241006656875519991698506697074865006752065633397412623498593116198617972246339097934490278403080386864877762682764103103847381379109558,
11131301474919107681538518438663604260693158396604873369847607644111178255940219109953696440885803622251453098678269327885946489425479397483131716294337558679474628177788119873540762992558983773184249586789188997268636830680352170750185358854578997116544334514124665091676536636252676767703790381740818800579123040494913659435232245932484216356587520990111818091911198168336774784671890828289949363058919186484878040335734520520111692960629179371223995306845834851583550554549201514352261147511263786835213745133593497394403589001043795456881535213279424471848062979440630279865960371840731783215310782306405124149639)
n = 14704077968578330849559615289704365877390346683857053917788232044804180625632285989992591229970643422553985226016095256450573886326295003034386834638459349294154164230105861692045687302681877376078504949559074352564905422519829239132187706707636416820753538571470579417601714455918892205973963979918942736299279697434470690379832890314122337673456382882279050180643990349122784610458305928451661826508471710212813750708486542409891042778242258569413885821363250425928754694226408871112929945808308535567428289734109851096181444273855673250440497674738220172244801878591858624170499637019582801098099623350260225963683
# n = gcd(m2[0]**2-m3[0],m2[2]**2-m3[2])
e1 = 210348487643897
e2 = 299289391950519
# e1 = discrete_log_lambda(mod(m2[0], n),mod(2, n),(ZZ(10**14),ZZ(10**15)))
# e2 = discrete_log_lambda(mod(m2[2], n),mod(2, n),(ZZ(10**14),ZZ(10**15)))
_, s1, s2 = gcdext(e1, e2)
print(long_to_bytes(pow(m1[0], s1, n) * pow(m1[2], s2, n) % n))

MyErrorLearn

small_roots求二元小根,半手撸交互一下

#!usr/bin/python3
# -*- coding: utf-8 -*-
# @Time    : 2023/2/2 10:52
# @Author  : mxx307
# @FileName: exp.py
# @Software: PyCharm

import random
import string
# import numpy as np
from pwn import *
from gmpy2 import *
from tqdm import tqdm
from sympy import *
from Crypto.Util.number import *
from Crypto.Cipher import AES, DES
from sympy.ntheory.modular import crt
from sympy.ntheory.residue_ntheory import nthroot_mod
from sympy.ntheory.factor_ import totient


re = remote('tcp.cloud.dasctf.com', 21716)
re.recvuntil(b'> mod = ')
p = int(re.recvline().strip(b'\n'))
print(f'p = {p}')

re.sendline(b'1')
re.recvuntil(b'> r = ')
r1 = int(re.recvline().strip(b'\n'))
re.recvuntil(b'> d = ')
d1 = int(re.recvline().strip(b'\n'))

re.sendline(b'1')
re.recvuntil(b'> r = ')
r2 = int(re.recvline().strip(b'\n'))
re.recvuntil(b'> d = ')
d2 = int(re.recvline().strip(b'\n'))
print(f'r1 = {r1}')
print(f'd1 = {d1}')
print(f'r2 = {r2}')
print(f'd2 = {d2}')
re.sendline(b'2')

re.interactive()

import itertools


def small_roots(f, bounds, m=1, d=None):
    if not d:
        d = f.degree()

    R = f.base_ring()
    N = R.cardinality()

    f /= f.coefficients().pop(0)
    f = f.change_ring(ZZ)

    G = Sequence([], f.parent())
    for i in range(m + 1):
        base = N ^ (m - i) * f ^ i
        for shifts in itertools.product(range(d), repeat=f.nvariables()):
            g = base * prod(map(power, f.variables(), shifts))
            G.append(g)

    B, monomials = G.coefficient_matrix()
    monomials = vector(monomials)

    factors = [monomial(*bounds) for monomial in monomials]
    for i, factor in enumerate(factors):
        B.rescale_col(i, factor)

    B = B.dense_matrix().LLL()

    B = B.change_ring(QQ)
    for i, factor in enumerate(factors):
        B.rescale_col(i, 1 / factor)

    H = Sequence([], f.parent().change_ring(QQ))
    for h in filter(None, B * monomials):
        H.append(h)
        I = H.ideal()
        if I.dimension() == -1:
            H.pop()
        elif I.dimension() == 0:
            roots = []
            for root in I.variety(ring=ZZ):
                root = tuple(R(root[var]) for var in f.variables())
                roots.append(root)
            return roots

    return []
p = 58847060704092768415293755741014945505511228191681113983240634496434957688382608645623671202817157554148710980857474891791994567962318319071985069868317186403119587727491425584539115147214471326232166965452497835792377728159486424041893682318529750166998181449054110873883993954602484694802907990544339109261
r1 = 7436405252588847814994198821713593934152723565128798497608177053277344778292138456826971159108290641732232174266603813316447063557570614590468021085614013
d1 = 29191842301847180614577097802710516296662684578333134962372633667740644586756183792245577587818479934042886406507539530637445154090869883728753853063584540297787761665428196076752683541780647388523531623078515153257945494371923953156518350007568641247573169876794266140749456852709229738289308492732623979323
r2 = 7860128235854515717318123661264906599154192715781741781688863262324925287822860325664493030488837681639177702522367779674760876357232532974248533156215107
d2 = 41290716956140939426322397722812393671489928646050630712172248152807005971349962697973501418734123476156288196480569448931933272078140888993635067139630232720196395208920917964086649988725550442197782680359959826050544899533753479123368982177028051930241435163723479643144259580619831535913731357631750042109
from gmpy2 import invert,mpz
PR.<t1,t2> = Zmod(p)[]
f = (d2+t2)*(1-d1*r1-t1*r1)+(d1+t1)*(d2*r2+t2*r2-1)
k1, k2 = small_roots(f,(2^246,2^246),m=3)[0]
s = (1-d1*r1-k1*r1)*invert(mpz(d1+k1),mpz(p))%p
print(s)
PR.<k1,k2,d2,d1,m> = Zmod(p)[]
m = r1 - r2
l = (d2+k2)-(d1+k1)*((d2+k2)*m+1)

MyErrorLearnTwice

hnp问题plus,简单分析一下
( d 0 + k 0 ) ∗ ( s + r 0 ) = 1 m o d    p ( d i + k i ) ∗ ( s + r i ) = 1 s = 1 d 0 + k 0 − r 0 ( d i + k i ) ∗ ( 1 d 0 + k 0 − r 0 + r i ) = 1 d i + k i d 0 + k 0 − ( d i + k i ) ∗ ( r 0 − r i ) = 1 ( d i + k i ) − ( d 0 + k 0 ) ∗ ( ( d i + k i ) ∗ ( r 0 − r i ) + 1 ) = 0 r k 0 k i + ( r d i + 1 ) k 0 + ( r d 0 − 1 ) k i + d 0 d i r + d 0 − d i = 0      ( r = r 0 − r i ) r r d 0 − 1 k 0 k i + r d i + 1 r d 0 − 1 k 0 + d 0 d i r + d 0 − d i r d 0 − 1 = − k i m o d    p A = r r d 0 − 1 , B = r d i + 1 r d 0 − 1 , C = d 0 d i r + d 0 − d i r d 0 − 1 A ∗ x + B ∗ x 0 + C ∗ 1 − P ∗ p k = 0 (d_0 + k_0)*(s+r_0)=1 \mod p \\ (d_i + k_i)*(s+r_i)=1 \\ s = \frac{1}{d_0+k_0} -r_0 \\ (d_i + k_i)*(\frac{1}{d_0+k_0} -r_0+r_i)=1 \\ \frac{d_i + k_i}{d_0+k_0}-(d_i + k_i)*(r_0-r_i)= 1 \\ (d_i + k_i)-(d_0+k_0)*((d_i + k_i)*(r_0-r_i)+1)=0\\ rk_0k_i+(rd_i+1)k_0+(rd_0-1)k_i+d_0d_ir+d_0-d_i=0\ \ \ \ (r=r_0-r_i)\\ \frac{r}{rd_0-1}k_0k_i+\frac{rd_i+1}{rd_0-1}k_0+\frac{d_0d_ir+d_0-d_i}{rd_0-1}=-k_i\mod p\\ A=\frac{r}{rd_0-1},B=\frac{rd_i+1}{rd_0-1},C=\frac{d_0d_ir+d_0-d_i}{rd_0-1}\\ A*x+B*x0+C*1-P*p_k=0 (d0+k0)(s+r0)=1modp(di+ki)(s+ri)=1s=d0+k01r0(di+ki)(d0+k01r0+ri)=1d0+k0di+ki(di+ki)(r0ri)=1(di+ki)(d0+k0)((di+ki)(r0ri)+1)=0rk0ki+(rdi+1)k0+(rd01)ki+d0dir+d0di=0    (r=r0ri)rd01rk0ki+rd01rdi+1k0+rd01d0dir+d0di=kimodpA=rd01r,B=rd01rdi+1,C=rd01d0dir+d0diAx+Bx0+C1Ppk=0

构造格子
M = [ p ∗ g A 1 ∗ g 1 p ∗ g A 2 ∗ g 1 ⋱ p ∗ g A n ∗ g 1 B 1 ∗ g B 2 ∗ g ⋯ ⋯ B n ∗ g g C 1 ∗ g C 2 ∗ g ⋯ ⋯ C n ∗ g g 2 ] M=\begin{bmatrix} p*g & &&&\\ A_1*g & 1&&&\\ &&p*g&&\\ &&A_2*g&1&\\ &&&&\ddots\\ &&&&&p*g\\ &&&&&A_n*g&1\\ B_1*g&&B_2*g&\cdots&\cdots&B_n*g&&g\\ C_1*g&&C_2*g&\cdots&\cdots&C_n*g&&&g^2 \end{bmatrix} M= pgA1gB1gC1g1pgA2gB2gC2g1pgAngBngCng1gg2
exp

from pwn import *
from Crypto.Util.number import *
re = remote('tcp.cloud.dasctf.com', 28083)
re.recvuntil(b'> mod = ')
p = int(re.recvline().strip(b'\n'))
n = 14
def renum():
    re.sendline(b'1')
    re.recvuntil(b'> r = ')
    r1 = int(re.recvline().strip(b'\n'))
    re.recvuntil(b'> d = ')
    d1 = int(re.recvline().strip(b'\n'))
    return r1, d1
r = []
d = []
for i in range(n):
    r1, d1 = renum()
    r.append(r1)
    d.append(d1)
R = [r[0]-r[i] for i in range(1, n)]
inv = [inverse(R[i]*d[0]-1,p) for i in range(n-1)]
A = [R[i] * inv[i] for i in range(n-1)]
B = [(R[i] * d[i+1] + 1) * inv[i] for i in range(n-1)]
C = [(d[0]*d[i+1]*R[i]+d[0]-d[i+1])*inv[i] for i in range(n-1)]
M = list(matrix(ZZ,2 * n, 2 * n))
g = 2 ^ 328
for i in range(0, 2 * n - 2, 2):
    M[i][i] =  p * g
    M[i+1][i] = A[i//2] * g
    M[i+1][i+1] = 1
    M[-2][i] = B[i//2] * g
    M[-1][i] = C[i//2] * g
M[-1][-1] = g ^ 2
M[-2][-2] = g
M = matrix(ZZ, M)
res = M.LLL()
for i in range(2*n):
    if res[i][-1] // g^2 == 1:
        k0 = res[i][-2] // g
        if isPrime(k0):
            s = inverse(d[0]+k0, p) - r[0]
            re.sendline(b'2')
            re.sendline(str(s).encode())
re.interactive()

MyCurveErrorLearn

ECHNP问题,类似上一题
exp

#!usr/bin/python3
# -*- coding: utf-8 -*-
# @Time    : 2023/2/2 16:43
# @Author  : mxx307
# @FileName: exp.py
# @Software: PyCharm

from Crypto.Util.number import *
from pwn import *


def sendNum(n):
    re.sendline(b'1')
    re.sendline(str(n).encode())
    return int(re.recvline().decode().strip('\n'))


# re = remote('tcp.cloud.dasctf.com', 22190)
re = remote('1.14.71.254', 28207)
_ = re.recvuntil(b'> mod = ')
p = int(re.recvline().decode().strip('\n'))
_ = re.recvuntil(b'> a = ')
a = int(re.recvline().decode().strip('\n'))
_ = re.recvuntil(b'> b = ')
b = int(re.recvline().decode().strip('\n'))
_ = re.recvuntil(b'> R = (')
R = (int(re.recvuntil(b', ').decode().strip(', ')), int(re.recvuntil(b')\n').decode().strip(')\n')))

E = EllipticCurve(GF(p), [0, 0, 0, a, b])
R = E(R)
h = [sendNum(0)]
Q = []
for i in range(14):
    num = i + 1
    h.append(sendNum(num))
    h.append(sendNum(-num))
    Q.append(int((num * R)[0]))

n = 14
Ai = []
Bi = []
Ci = []
A0i = []
B0i = []
h0 = h[0]
for i in range(n):
    hi = h[1 + 2 * i]
    hi_ = h[2 + 2 * i]
    Qx = Q[i]
    Ai.append((hi + hi_) - 2 * Qx)
    Bi.append(2 * ((hi + hi_) * (h0 - Qx) - 2 * h0 * Qx - a - Qx ^ 2))
    Ci.append((hi + hi_) * (h0 - Qx) ^ 2 - 2 * ((h0 ^ 2 + a) * Qx + (a + Qx ^ 2) * h0 + 2 * b))
    A0i.append(2 * (h0 - Qx))
    B0i.append((h0 - Qx) ^ 2)

inv_B0i = [inverse(a0i, p) for a0i in B0i]
Ai_inv_B0i = [Ai[i] * inv_B0i[i] % p for i in range(n)]
Bi_inv_B0i = [Bi[i] * inv_B0i[i] % p for i in range(n)]
Ci_inv_B0i = [Ci[i] * inv_B0i[i] % p for i in range(n)]
A0i_inv_B0i = [A0i[i] * inv_B0i[i] % p for i in range(n)]
B0i_inv_B0i = [B0i[i] * inv_B0i[i] % p for i in range(n)]

k = 163
g = 2 ^ k
M = list(matrix(ZZ, 3 * n + 3, 3 * n + 3))
for i in range(0, 3 * n, 3):
    M[i][i] = -p * g ^ 2
    M[i + 1][i] = inv_B0i[i // 3] * g ^ 2
    M[i + 2][i] = A0i_inv_B0i[i // 3] * g ^ 2
    M[i + 1][i + 1] = 1
    M[i + 2][i + 2] = g
    M[-3][i] = Ai_inv_B0i[i // 3] * g ^ 2
    M[-2][i] = Bi_inv_B0i[i // 3] * g ^ 2
    M[-1][i] = Ci_inv_B0i[i // 3] * g ^ 2
M[-1][-1] = g ^ 3
M[-2][-2] = g ^ 2
M[-3][-3] = g
M = matrix(ZZ, M)
res = M.LLL()
for i in range(3 * n + 3):
    if abs(res[i][-1] // g ^ 3) == 1:
        k0 = abs(res[i][-2] // g ^ 2)
        if isPrime(k0):
            s = k0 + h0
            re.sendline(b'2')
            re.sendline(str(s).encode())
            break
re.interactive()
mxx307
关注
  • 3
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
2022西湖论剑 部分wp
qq_61768489的博客
02-05 1234
拿到文件路径/usr/local/lib/php/extensions/no-debug-non-zts-20190902/zend_test.so。可以考虑用SSRF来绕过)读取 /proc/self/maps 查看当前进程的内存映射关系,发现加载了一个名为zend_test的扩展。参考此文https://xz.aliyun.com/t/9707#toc-11。提取出来,黑白像素转01二进制,注意要竖着跑 ,像素太多,我将结果保存到文件里。总之php文件被加密了,寻找加密猜测应该是有依赖,思路可以是读。
2022西湖论剑pwn部分wp
N1rvana的博客
02-05 840
西湖论剑2022pwn
2024西湖论剑-数据安全-PHPEMS_西湖论剑2024wp(1),网络安全架构师之路
最新发布
code8889的博客
04-17 442
phar触发点在 app/weixin/controller/index.api.php 中的file_getcontents,其中$picurl从xml数据中获取。exec中 虽然说用到了预处理,但是是prepare部分我们仍可以控制,那么这个预处理即使在这里那也是无效的,并不能防止注入。使用上面的exp我们就能把后台密码修改为123456,进入后台就能RCE,这个我们下面在写。题目给的源码中有几个点可以触发注入,但是能用的只有一个点,因为其他的php类没有被加载(利用substr截取。
2022西湖论剑-初赛CTF部分wp-Zodiac
toto的博客
02-03 3305
2023西湖论剑初赛CTF部分wp
2023西湖论剑-(部分)WP
xccwxy的博客
02-03 2303
2023西湖论剑-(部分)WP
2023西湖论剑pwn 部分wp
cainiao78777的博客
02-18 627
也就是*(&v3 + i) = v0 修改一个字节的内容,但是我们也要解一下这个方程,以免程序被exit()而且在buf的下面的变量都是能够覆盖的,也就是说,我们能通过覆盖 i 的值进行数组溢出。一个格式化字符串漏洞,一个栈溢出,但是只能副盖rbp和返回地址,所有要考虑栈迁移。我看有个大佬的解法很奇特,准备学习一下,待我学成,再来补充另外一种方法。泄露出这个函数地址,就能得到 libc——base。根据距离rbp的距离将相应的变量填入。这里的main指的是start,第二次getshell。
赛博地球杯工业互联网安全大赛wp1
08-03
工业互联网安全大赛 WP1 解析 本文将对赛博地球杯工业互联网安全大赛 WP1 进行详细解析,涵盖网络协议、PHP 和 SQL 等相关知识点。 一、网络协议 在 WP1 中,我们可以看到 ping 命令的使用,ping 命令是一种网络...
UNCTF2021 部分wp.pdf
12-10
UNCTF2021 部分 WP 解题报告 本文档对 UNCTF2021 部分 WP 进行了详细的解题报告,涵盖了 WEB、PHP、MYSQL、CRYPTO 等方面的知识点。 1. Fuzz_md5Get 和 Post 传参绕过 在 UNCTF2021 的 WEB 部分中,我们遇到了一...
IIS Crypto 3.2 下载
07-26
IIS Crypto 是一个免费工具,让管理员能够在 Windows Server 2008、2012、2016 和 2019 上启用或禁用协议、密码、哈希和密钥交换算法。一键禁用不安全的 SSL 3、TLS 1.0,开启TLS 1.2、TLS 1.3 非常方便
crypto_CRYPTO_PowerBuilder_
09-29
在IT领域,加密技术(CRYPTO)是一种至关重要的安全手段,用于保护数据的隐私和完整性。PowerBuilder是一款功能强大的开发工具,尤其适用于构建数据库应用程序。本主题将详细探讨如何在PowerBuilder 12中利用加密...
crypto-js.4.0.0
01-15
此资源为构建好的crypto-js.4.0.0版本,下载后可直接使用Script标签引入所需加密算法。支持:MD5 SHA-1 SHA-256 AES Rabbit MARC4 HMAC HMAC-MD5 HMAC-SHA等算法
2021西湖论剑网络安全大赛部分WP
七堇年的博客
12-23 4627
2021西湖论剑网络安全大赛WP
WP-2021西湖论剑
ce666666的博客
01-16 1063
2021西湖论剑-wp 前言 全靠大佬打,我是划水的。 灏妹的web 页面开发中 Dirsearch扫一下,idea泄露 ezupload 查看页面源代码,发现提示 ?source=1 发现使用_FILE进行上传,构造上传表单 访问并随便上传一个文件,放到bp里回显no 查看源码最后一个else,在此情况进行渲染temper/index.latte,同时文件也被写入temper。也就是我们上传index.latte的文件。 waf测试 {if “${nl /f*>1}”}{/if} 然后上
西湖论剑2022-misc-wp
网安小菜鸡
02-03 358
misc
MyError
Amoour的博客
03-05 263
1、关于 Failed to resolve: org.jetbrains.kotlin:kotlin-stdlib-jre7的错误:https://blog.csdn.net/mercyT/article/details/86586240
2020西湖论剑-Crypto-BrokenSystems
JensCrazy的博客
10-13 299
BrokenSystems 源码如下: from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from secret import flag import os rsa = RSA.generate(2048) public_key = rsa.publickey().exportKey() f=open("public.key","w") f.write(public_key.decode()) f.close() r
2020西湖论剑Crypto BrokenSystem wp
weixin_44795952的博客
10-09 494
题目 打开压缩包的三个文件 查看加密代码 from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from secret import flag import os rsa = RSA.generate(2048) public_key = rsa.publickey().exportKey() f=open("public.key","w") f.write(public_key.decode()) f.close()
西湖论剑2020.10.8 Crypto
MikeCoke的博客
10-08 605
BrokenSystems 题目: public.txt -----BEGIN PUBLIC KEY----- MIICITANBgkqhkiG9w0BAQEFAAOCAg4AMIICCQKCAQEAwgdFIj/1uUss2EEhZvco iiHyGH4aQhRTkYyrA8gCU0USM+sb3CNjdEIoqoaUqMLLyDP4Dd9AgxpokBsjC4Pz 8P7Uty0LlCteld7ayNzABHoq+5DIHtctOtSbcvyL0NMWfd2qarUWfAWN82rxkLIW CFu9
西湖论剑WriteUp By Nu1L.pdf
11-26
"西湖论剑WriteUp By Nu1L.pdf 是一份关于网络安全竞赛“西湖论剑”的解题报告,由Nu1L团队编写。报告涵盖了多个技术领域,包括Reverse(逆向工程)、ROR(Ruby on Rails框架漏洞利用)、TacticalArmed(可能涉及...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

mxx307

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值