CTF攻防世界密码学

已于 2024-02-25 09:49:47 修改
阅读量1.2k 收藏 21
点赞数 19
分类专栏: CTF 文章标签: 网络 密码学 CTF
于 2024-02-17 17:17:39 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_75023818/article/details/136140067
版权

base64

打开看到一串字符

直接base64解码得到flag

Caesar

打开附件是一串字母

使用工具一键解密得到flag发现偏移了14位

Morse

打开文件看到是一串数字

猜测为摩斯密码,不知道10是-.还是.-,经过尝试得到10为-.将上面转换

得到flag:cyberpeace{morsecodeissointeresting}

Broadcast

打开文件,尝试一个一个打开只有最后一个可以打开

打开task.py:

得到flag:flag{fa0f8335-ae80-448e-a329-6fb69048aae4}

hidden key

打开附件源代码

观察题目,发现byte_to_long后的key右移12位后得2669175714787937,即0x97B99E652B261,共13位数字,转二进制就是52位,52+12 = 64 bits = 8 bytes,与原题key=os.urandom(8)对应。而key的前52位我们已经知道了,只需要爆破后12位即可。

易得爆破脚本:

from Crypto.Util.number import *
import  random
import hashlib
import os

m = [140, 96, 112, 178, 38, 180, 158, 240, 179, 202, 251, 138, 188, 185, 23, 67, 163, 22, 150, 18, 143, 212, 93, 87, 209, 139, 92, 252, 55, 137, 6, 231, 105, 12, 65, 59, 223, 25, 179, 101, 19, 215]

def rand(rng):
    return rng - random.randrange(rng)

for j in range(2**12):
    tmpkey = long_to_bytes((2669175714787937 << 12) + j)
    flag = ""
    random.seed(int(hashlib.md5(tmpkey).hexdigest(), 16))
    for i in range(len(m)):
        rand(256)
        xor = m[i]^rand(256)
        flag += chr(xor)
    if "flag" in flag:
        print(flag)
# flag{e319a58c-4dd6-4e6a-a3fb-f4b0d339faba}

得到flag:flag{e319a58c-4dd6-4e6a-a3fb-f4b0d339faba}

rsarsa

进入在线场景

初始RSA

下载附件打开:

编写脚本

from Crypto.Util.number import inverse,long_to_bytes
c= 8722269075970644434253339592758512788160408912707387632591552130175707843950684315083250494010055435391879036285103810263591951437829414438640307561645721347859659807138051841516634704123100270651976676182059252251162982609391666023674158274992400910869692389001622774140191223807887675081808561012755545464977015973615407965906513878979919700065923364884766974187303774330319143647840846354404070430118235352622445115153298578370521811697710289716188726587743282814946239856766713516166990341116198180068191759095913957606379780234116317390622824096667107736103270907349927467971817639795094030622157581511033950777
n= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074584935050067254029262890188260006596141011807724688556673520261743199388391094490191001701011230322653422314758778116196105077883955436582364267530633358016652912054880813710531145973799193443828969535902856467548523653920307742364119002349899553478815101092655897400295925170383678499125295006364960124859003
pq= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074488896197029704465200125337817646702009123916866455067019234171839614862660036737875747177391796376553159880972782837853473250804807544086701088829096838316550146794766718580877976153967582795248676367265069623900208276878140709691073369415161936376086988069213820933152601453587292943483693378833664901178324
qp= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074475956379708898904933143429835002718457573266164923043251954374464149976302585916538814746811455883837138715445492053610047383292461097590195481556557381952895539341802954749542143253491617052100969586396996063822508764438280468492894012685918249843558593322831683872737943676955669923498182824352081785243246
e = 65537
phi = pq*qp//n
print(phi)
d = inverse(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))

得到flag:

baigeiRSA

下载附件打开

分析代码:

导入了libnum库

libnum.n2s(n):将整数n转换成字符串

libnum.s2n(s):将字符串s转换为整数

libnum.xor(s1,s2):计算两个字符串异或结果

libnum.invmod(a,m):计算模数为m的整数a的乘法逆元

libnum.factorize(n):因数分解整数n

libnum.next_prime(n):找到大于n的下一个素数

首先我们结合上面的数据知道nc的数据,因为n=p*q,所以我们就可以通过分解质因数求p和q,那么推荐的工具肯定当选yafu.

得到p和q分别是其中的一个

P39 = 274539690398523616505159415195049044439

P39 = 322368694010594584041053487661458382819

总结数据

我们可以得到

p=274539690398523616505159415195049044439

q=322368694010594584041053487661458382819

n = 88503001447845031603457048661635807319447136634748350130947825183012205093541

c = 40876621398366534035989065383910105526025410999058860023908252093679681817257

编写脚本

已知p,q,n,c我们编写代码

import gmpy2  # 导入高精度计算库gmpy2
from Crypto.Util.number import long_to_bytes  # 导入将长整数转换为字节串的工具函数

# 定义RSA公钥和密文
e = 65537
c = 40876621398366534035989065383910105526025410999058860023908252093679681817257

# 定义RSA算法中使用的两个大素数p和q,以及模数n和欧拉函数值phi_n
p = 322368694010594584041053487661458382819
q = 274539690398523616505159415195049044439
n = p * q
phi_n = (p - 1) * (q - 1)

# 计算RSA私钥中的解密指数
d = gmpy2.invert(e, phi_n)

# 使用RSA算法解密密文c,得到明文m
m = pow(c, d, n)

# 将解密后的长整数m转换为字节串,并输出到屏幕上
print(long_to_bytes(m))

运行后得到flag:HSCTF{@Zh3n_Ba1_G3i!@}

safer-than-rot13

照例下载附件,是一个文本文件:

题目提示rot13解密

逐个试了一下发现都不是,然后啊,然后就懵了,查了资料才发现是替代密码,加密方法是把一些字母用另外一些字母替换。可以用这个网站解密 http://quipqiup.com

但得到flag时上传显示错误

看上去有出现语句通顺的英文,拿去翻译看一下(英语不好^ ~ ^):

最终flag:no_this_is_not_crypto_my_dear

告诉你个秘密

txt文件内容如下

636A56355279427363446C4A49454A7154534230526D6843

56445A31614342354E326C4B4946467A5769426961453067

最大不超过F,猜测十六进制,将其转成字符串

cjV5RyBscDlJIEJqTSB0RmhCVDZ1aCB5N2lKIFFzWiBiaE0g

感觉像base64,解码

r5yG lp9I BjM tFhBT6uh y7iJ QsZ bhM

以此类推,
lp9I ----》 O
BjM ----》 N
tFhBT6uh ----》GY
y7iJ ----》 U
QsZ ----》A
bhM ----》N

最终,flag为:TONGYUAN、

你猜猜

打开文件显示这个

拿到文件后,发现是504B0304开头的。这是zip文件头,打开winhex,将那段16进制复制进去,选择ASCⅠⅠ HEX

打开后发现有密码。用Ziperello破解,得到密码为123456,输入,得到flag:daczcasdqwdcsdzasd

cr3-what-is-this-encryption

  • 看到p,q,e,c
  • 想到RSA加密

  • 把p,q,e转成10进制,在根据公式求出n,d,m
  • n=p*q
  • φ(N) = (p-1)(q-1)
  • e * d % φ(N) = 1(d是私钥,e是公钥)
  • m=c^ d mod n (m是明文)
    需要一个解码的脚本
import libnum
from Crypto.Util.number import long_to_bytes

q = int("0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9",16)
p = int("0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307",16)

e = int("0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41",16)

c = 0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520

n = q*p
 
d = libnum.invmod(e, (p - 1) * (q - 1))
m = pow(c, d, n)  
string = long_to_bytes(m)  
print(string)

得到flag:

ALEXCTF{RS4_I5_E55ENT1AL_T0_D0_BY_H4ND}

Railfence

打开看有点像栅栏密码,尝试得,五栏解密得到flag

不仅仅是Morse

打开附件看一下是下面一串摩斯电码

解个码——

把他换成小写就好了,拿到flag:cyberpeace{attackanddefenceworldisinteresting}

幂数加密

打开附件

#!/usr/bin/python
# -*- coding=utf8 -*-
"""
# @Author : pig
# @CreatedTime:2019-11-2423:54:02
# @Description : https://www.jianshu.com/p/b5aa5cf60f83
"""


def de_code(c):
    dic = [chr(i) for i in range(ord("A"), ord("Z") + 1)]
    flag = []
    c2 = [i for i in c.split("0")]
    for i in c2:
        c3 = 0
        for j in i:
            c3 += int(j)
        flag.append(dic[c3 - 1])
    return flag

def encode(plaintext):
    dic = [chr(i) for i in range(ord("A"), ord("Z") + 1)]
    m = [i for i in plaintext]
    tmp = [];flag = []
    for i in range(len(m)):
        for j in range(len(dic)):
            if m[i] == dic[j]:
                tmp.append(j + 1)
    for i in tmp:
        res = ""
        if i >= 8:
            res += int(i/8)*"8"
        if i%8 >=4:
            res += int(i%8/4)*"4"
        if i%4 >=2:
            res += int(i%4/2)*"2"
        if i%2 >= 1:
            res += int(i%2/1)*"1"
        flag.append(res + "0")
    print ("".join(flag)[:-1])

c = input("输入要解密的数字串:")
print (de_code(c))
m_code = input("请输入要加密的数字串:")
encode(m_code)

工业协议分析2

打开附件:

查看这些流量包,发现131,137对应的流量包存在异常的字符串。

将该字符串提取出来

666c61677b37466f4d3253746b6865507a7d

发现最大不超过F,猜测是16进制,将其转成字符串,得到flag:

flag{7FoM2StkhePz}

sherlock

打开附件:

奇怪之处是有些位置不应该使用大写字母,但是使用了大写字母,推断这些大写字母是用来传递消息的。将文章中的所有大写字母提取出来,得到一串全部由ZERO与ONE组成的字符串,ZERO替换为数字0,ONE替换为数字1,从而得到一个二进制表示的数,再将此数转换为字符串即可。

from string import uppercase
from Crypto.Util.number import long_to_bytes

def solve():
    with open('paper','r') as f:
        data=f.read()
    cip=''
    for c in data:
        if c in uppercase:
            cip+=c
    cip=cip.replace('ZERO','0')
    cip=cip.replace('ONE','1')
    return long_to_bytes(long(cip,2))

if __name__=='__main__':
    print solve()

运行得到flag:

$ python solve.py

BITSCTF{h1d3_1n_pl41n_5173}

crypto垃圾邮件

打开附件:

解码:flag{bd826fcdc637864d3ccc1c1e0360ff6d}

Xor很心疼你

打开附件

尝试使用原题的方法计算fibo(1000),报错,大意是超过最大递归深度。查资料后发现Python的默认递归深度为1000,于是使用下面的代码修改最大深度:

非递归方式计算fibo数

import os
import libnum

c = 43104378128345818181217961835377190975779804452524643191544804229536124095677294719566215359919831933542699064892141754715180028183150724886016542388159082125737677224886528142312511700711365919689756090950704

def fast_fibo(n):
    a,b=1,0
    c=1
    while c<=n:
        a,b=b,a+b
        c+=1
    return b

s = fast_fibo(1000)
print('s = ',s)
#c = m^s
m = s^c
print('m = ',m)

f = libnum.n2s(m) #.s2n(flag+os.urandom((len(bin(s))-2)//8-len(flag)))
print(f)

flag就在输出字符串的头部。

转轮机加密

把内容按照 2,3,7,5,13…行按顺序排列,

NACZDTRXMJQOYHGVSFUWIKPBEL

FHTEQGYXPLOCKBDMAIZVRNSJUW

QGWTHSPYBXIZULVKMRAFDCEONJ

KCPMNZQWXYIHFRLABEUOTSGJVD

SXCDERFVBGTYHNUMKILOPJZQAW

EIURYTASBKJDFHGLVNCMXZPQOW

VUBMCQWAOIKZGJXPLTDSRFHENY

OSFEZWAXJGDLUBVIQHKYPNTCRM

QNOZUTWDCVRJLXKISEFAPMYGHB

OWTGVRSCZQKELMXYIHPUDNAJFB

FCUKTEBSXQYIZMJWAORPLNDVHG

NBVCXZQWERTPOIUYALSKDJFHGM

PNYCJBFZDRUSLOQXVETAMKGHIW

第一列的内容即为密文,按照列读找flag,找到了 fireinthehole

shanghai

打开附件:

直接用https://www.guballa.de/vigenere-solver自动解密:

得到flag:
flag{vigenereisveryeasyhuh}

fanfie

题目给出的一个压缩包,包含的是一个抓包流量包pcap文件,如图:

0x02. 问题分析

搜索关键词flag,发现有很多,也不知道如何入手,参考大佬们的wp,才发现是有一个异常TCP!我们尝试将length降序,如图:

出现了一个长度异常的image/png文件。还有base64字样。猜测可能是base64加密的图片文件。我们将加密后的字符复制出来。(如何复制,如图:)

如图,复制:

使用在线解析

得到flag:flag{ICS-mms104}

ecb,_it’s_easy_as_123

0x01. 进入环境,下载附件

0x02. 问题分析

可以看到上面的文件是zip格式,因此,我们修改后缀为.zip,发现两个文件:

发现照片打不开使用winhex打开

修改文件头修改第一行即可

Miscellaneous-200

打开发现一堆数据,如图:

数据范围为0-255之间,且三个数据为一组,那么很容易联想到RGB图片的像素值。

我们通过代码创建一幅图,将每一行数据当做像素值写入图片,直接上代码:

import math

from PIL import Image

with open("./62f4ea780ecf4e6bbef5f40d674ec073.txt", 'r') as file:
    datas = []
    for line in file.readlines():
        row = line.rstrip('\n').split(',')
        array_row = [int(pix) for pix in row]
        # 之所以要转,是因为img.putpixel()方法只接受tuple
        datas.append(tuple(array_row))

size = int(math.sqrt(len(datas)))  # 最终的构建的画布大小

img = Image.new('RGB', (size, size), '#ffffff')
k = 0
for i in range(size):
    for j in range(size):
        img.putpixel((i, j), datas[k])
        k += 1
img.save("res.png")

执行代码后,效果如图:

用ps找个舒服的角度

最终的flag:flag{ youc@n’tseeme }

Recover-Deleted-File

解压发现是个无后缀的disk-image文件

在kali中先安装extundelete工具恢复文件:

fls列出图像中的文件和目录名,并可以显示使用给定名称的目录最近删除的文件的文件名:

发现到了flag

后恢复文件

恢复出了这个文件夹

打开文件,看到flag:是个可执行文件

修改权限:

运行flag:

得到flag:de6838252f95d3b9e803b28df33b4baa

enc

下载附件,发现没有后缀,放到winhex

ascii一堆ZERO和ONE,我们尝试将其转换成对应的01字符串,结果如下:

0100110001101001001100000110011101001100011010010011000001110101010011000110100101000001011101010100100101000011001100000111010101001100011010010011000001100111010011000101001100110100011101000100110001101001010000010111010001001001010000110011010001110101010011000101001100110100011001110100110001010011010000010111010101001100011010010011010001110101010010010100001100110100011101000100110001010011001100000111010001001001010000110011010001110101010011000110100100110100011101010100100101000011001100000111010001001100010100110100000101110101010011000101001100110000011101000100110001010011010000010111010101001100011010010011010001100111010011000101001100110000011101000100100101000011001101000111010101001100011010010011010001110101010010010100001100110100011101010100110001010011010000010111010101001100010100110011000001110101010010010100001100110100011101010100110001101001001100000111010001001001010000110011010001110100010011000110100101000001011101000100110001010011001100000110011101001100011010010011010001110101010011000110100100110100011001110100110001101001010000010111010001001100011010010011000001110101010010010100001100110100011101000100110001101001010000010111010101001100011010010011010001110100010011000101001101000001011101000100100101000011001100000111010001001100010100110100000101110100010010010100001100110000011101010100110001101001001100000110011101001100010100010011110100111101

长度是1408,8的倍数,猜测是ascii将其转码:
Li0gLi0uLiAuIC0uLi0gLS4tLiAtIC4uLS4gLSAuLi4uIC4tLS0tIC4uLi4uIC0tLSAuLS0tLSAuLi4gLS0tIC4uLi4uIC4uLSAuLS0uIC4uLi0tIC4tLiAtLS0gLi4uLi4gLiAtLi0uIC4tLiAuLi4tLSAtIC0tLSAtIC0uLi0gLQ==

有点像base64,解码得

.- .-.. . -..- -.-. - ..-. - .... .---- ..... --- .---- ... --- ..... ..- .--. ...-- .-. --- ..... . -.-. .-. ...-- - --- - -..- -

解码:

ALEXCTFTH15O1SO5UP3RO5ECR3TOTXT

在此,人麻了,查阅wp才发现还要增加下划线啥的,不说了,没含量,答案为:ALEXCTF{TH15_1S_5UP3R_5ECR3T_TXT}

xctf wtc_rsa_bbq

1 下载得一个压缩文件,解压后得cry200,用二进制文件查看器发现,是504B0304开头,这不还是压缩文件嘛!

2 改成cry200.zip,解压得两个文件:cipher.bin和key.pem,丢kali里运行即可:

python3 RsaCtfTool.py --publickey ~/Desktop/key.pem --uncipherfile ~/Desktop/cipher.bin

得到flag:flag{how_d0_you_7urn_this_0n?}

Decrypt-the-Message

下载附件:

ecb,_it’s_easy_as_123

给的文件没有任何后缀,放入kali中file一下,如图:

可以看到上面的文件是zip格式,因此,我们修改后缀为.zip,发现两个文件:

直接用winhex打开文件,将文件头修改为:

424d 7648 3f00 0000 0000 7600 0000 2800

0000 000f 0000 7008 0000 0100 0400 0000

0000 0048 3f00 0000 0000 0000 0000 0000

0000 0000 0000 0000 0000 0000 8000 0080

0000 0080 8000 8000 0000 8000 8000 8080

0000 8080 8000 c0c0 c000 0000 ff00 00ff

0000 00ff ff00 ff00 0000 ff00 ff00 ffff

0000 ffff ff00 ffff ffff ffff ffff ffff

最终将照片打开得到flag

为:flag{no_penguin_here}

easy_RSA

下载附件打开:

使用RSA-Tool工具得到flag:125631357777427553

cyberpeace{125631357777427553}

best_rsa


下载题目,是一个明文和密钥的4个附件:

提取公钥信息:

from Crypto.PublicKey import RSA
import libnum
import gmpy2

c1=libnum.s2n(open('cipher1.txt','rb').read())
c2=libnum.s2n(open('cipher2.txt','rb').read())

pub1=RSA.importKey(open('publickey1.pem').read())
pub2=RSA.importKey(open('publickey2.pem').read())

n1 = pub1.n
e1 = pub1.e
n2 = pub2.n
e2 = pub2.e

print(n1)
print(n2)
print(e1)
print(e2)

得到:

n1 = 13060424286033164731705267935214411273739909173486948413518022752305313862238166593214772698793487761875251030423516993519714215306808677724104692474199215119387725741906071553437840256786220484582884693286140537492541093086953005486704542435188521724013251087887351409946184501295224744819621937322469140771245380081663560150133162692174498642474588168444167533621259824640599530052827878558481036155222733986179487577693360697390152370901746112653758338456083440878726007229307830037808681050302990411238666727608253452573696904083133866093791985565118032742893247076947480766837941319251901579605233916076425572961

n2 = 13060424286033164731705267935214411273739909173486948413518022752305313862238166593214772698793487761875251030423516993519714215306808677724104692474199215119387725741906071553437840256786220484582884693286140537492541093086953005486704542435188521724013251087887351409946184501295224744819621937322469140771245380081663560150133162692174498642474588168444167533621259824640599530052827878558481036155222733986179487577693360697390152370901746112653758338456083440878726007229307830037808681050302990411238666727608253452573696904083133866093791985565118032742893247076947480766837941319251901579605233916076425572961

e1 = 117

e2 = 65537

两个文件的模数相同
共模攻击

from Crypto.PublicKey import RSA
import libnum
import gmpy2

c1=libnum.s2n(open('cipher1.txt','rb').read())
c2=libnum.s2n(open('cipher2.txt','rb').read())

pub1=RSA.importKey(open('publickey1.pem').read())
pub2=RSA.importKey(open('publickey2.pem').read())
n = pub1.n
e1= pub1.e
e2= pub2.e

s = gmpy2.gcdext(e1,e2)
s1 = s[1]
s2 = s[2]

if s1<0:
	s1 = -s1
	c1 = gmpy2.invert(c1, n)
elif s2<0:
	s2 = -s2
	c2 = gmpy2.invert(c2, n)

m = pow(c1,s1,n)*pow(c2,s2,n) % n
flag = libnum.n2s(m)
print(flag)

得到flag:flag{interesting_rsa}

easychallenge

下载附件是一个pyc文件:

pyc文件经过python解释器最终会生成机器码运行。所以pyc文件是可以跨平台部署的,类似Java的.class文件。如果py文件改变,也会重新生成pyc文件。

OldDriver

下载附件得到密文:

[{"c": 7366067574741171461722065133242916080495505913663250330082747465383676893970411476550748394841437418105312353971095003424322679616940371123028982189502042, "e": 10, "n": 25162507052339714421839688873734596177751124036723831003300959761137811490715205742941738406548150240861779301784133652165908227917415483137585388986274803},

{"c": 21962825323300469151795920289886886562790942771546858500842179806566435767103803978885148772139305484319688249368999503784441507383476095946258011317951461, "e": 10, "n": 23976859589904419798320812097681858652325473791891232710431997202897819580634937070900625213218095330766877190212418023297341732808839488308551126409983193},

{"c": 6569689420274066957835983390583585286570087619048110141187700584193792695235405077811544355169290382357149374107076406086154103351897890793598997687053983, "e": 10, "n": 18503782836858540043974558035601654610948915505645219820150251062305120148745545906567548650191832090823482852604346478335353784501076761922605361848703623},

{"c": 4508246168044513518452493882713536390636741541551805821790338973797615971271867248584379813114125478195284692695928668946553625483179633266057122967547052, "e": 10, "n": 23383087478545512218713157932934746110721706819077423418060220083657713428503582801909807142802647367994289775015595100541168367083097506193809451365010723},

{"c": 22966105670291282335588843018244161552764486373117942865966904076191122337435542553276743938817686729554714315494818922753880198945897222422137268427611672, "e": 10, "n": 31775649089861428671057909076144152870796722528112580479442073365053916012507273433028451755436987054722496057749731758475958301164082755003195632005308493},

{"c": 17963313063405045742968136916219838352135561785389534381262979264585397896844470879023686508540355160998533122970239261072020689217153126649390825646712087, "e": 10, "n": 22246342022943432820696190444155665289928378653841172632283227888174495402248633061010615572642126584591103750338919213945646074833823905521643025879053949},

{"c": 1652417534709029450380570653973705320986117679597563873022683140800507482560482948310131540948227797045505390333146191586749269249548168247316404074014639, "e": 10, "n": 25395461142670631268156106136028325744393358436617528677967249347353524924655001151849544022201772500033280822372661344352607434738696051779095736547813043},

{"c": 15585771734488351039456631394040497759568679429510619219766191780807675361741859290490732451112648776648126779759368428205194684721516497026290981786239352, "e": 10, "n": 32056508892744184901289413287728039891303832311548608141088227876326753674154124775132776928481935378184756756785107540781632570295330486738268173167809047},

{"c": 8965123421637694050044216844523379163347478029124815032832813225050732558524239660648746284884140746788823681886010577342254841014594570067467905682359797, "e": 10, "n": 52849766269541827474228189428820648574162539595985395992261649809907435742263020551050064268890333392877173572811691599841253150460219986817964461970736553},

{"c": 13560945756543023008529388108446940847137853038437095244573035888531288577370829065666320069397898394848484847030321018915638381833935580958342719988978247, "e": 10, "n": 30415984800307578932946399987559088968355638354344823359397204419191241802721772499486615661699080998502439901585573950889047918537906687840725005496238621}]

给了10组RSA的加密信息

  • 共有10个公钥
  • 所有的n都是互质的
  • 低加密指数广播攻击

脚本:

import libnum
import gmpy2

dic = [{"c": 7366067574741171461722065133242916080495505913663250330082747465383676893970411476550748394841437418105312353971095003424322679616940371123028982189502042, "e": 10, "n": 25162507052339714421839688873734596177751124036723831003300959761137811490715205742941738406548150240861779301784133652165908227917415483137585388986274803},
{"c": 21962825323300469151795920289886886562790942771546858500842179806566435767103803978885148772139305484319688249368999503784441507383476095946258011317951461, "e": 10, "n": 23976859589904419798320812097681858652325473791891232710431997202897819580634937070900625213218095330766877190212418023297341732808839488308551126409983193},
{"c": 6569689420274066957835983390583585286570087619048110141187700584193792695235405077811544355169290382357149374107076406086154103351897890793598997687053983, "e": 10, "n": 18503782836858540043974558035601654610948915505645219820150251062305120148745545906567548650191832090823482852604346478335353784501076761922605361848703623},
{"c": 4508246168044513518452493882713536390636741541551805821790338973797615971271867248584379813114125478195284692695928668946553625483179633266057122967547052, "e": 10, "n": 23383087478545512218713157932934746110721706819077423418060220083657713428503582801909807142802647367994289775015595100541168367083097506193809451365010723},
{"c": 22966105670291282335588843018244161552764486373117942865966904076191122337435542553276743938817686729554714315494818922753880198945897222422137268427611672, "e": 10, "n": 31775649089861428671057909076144152870796722528112580479442073365053916012507273433028451755436987054722496057749731758475958301164082755003195632005308493},
{"c": 17963313063405045742968136916219838352135561785389534381262979264585397896844470879023686508540355160998533122970239261072020689217153126649390825646712087, "e": 10, "n": 22246342022943432820696190444155665289928378653841172632283227888174495402248633061010615572642126584591103750338919213945646074833823905521643025879053949},
{"c": 1652417534709029450380570653973705320986117679597563873022683140800507482560482948310131540948227797045505390333146191586749269249548168247316404074014639, "e": 10, "n": 25395461142670631268156106136028325744393358436617528677967249347353524924655001151849544022201772500033280822372661344352607434738696051779095736547813043},
{"c": 15585771734488351039456631394040497759568679429510619219766191780807675361741859290490732451112648776648126779759368428205194684721516497026290981786239352, "e": 10, "n": 32056508892744184901289413287728039891303832311548608141088227876326753674154124775132776928481935378184756756785107540781632570295330486738268173167809047},
{"c": 8965123421637694050044216844523379163347478029124815032832813225050732558524239660648746284884140746788823681886010577342254841014594570067467905682359797, "e": 10, "n": 52849766269541827474228189428820648574162539595985395992261649809907435742263020551050064268890333392877173572811691599841253150460219986817964461970736553},
{"c": 13560945756543023008529388108446940847137853038437095244573035888531288577370829065666320069397898394848484847030321018915638381833935580958342719988978247, "e": 10, "n": 30415984800307578932946399987559088968355638354344823359397204419191241802721772499486615661699080998502439901585573950889047918537906687840725005496238621}]

n = []
C = []
for i in dic:
    n.append(i["n"])
    C.append(i["c"])

#  for i in n:
    #  for j in n:
        #  if i == j:
            #  continue
        #  else:
            #  if gmpy2.gcd(i, j) != 1:
                #  print i, j
N = 1
for i in n:
    N *= i

Ni = []
for i in n:
    Ni.append(N / i)

T = []
for i in xrange(10):
    T.append(long(gmpy2.invert(Ni[i], n[i])))

X = 0
for i in xrange(10):
    X += C[i] * Ni[i] * T[i]

m10 = X % N
m = gmpy2.iroot(m10, 10)
print libnum.n2s(m[0])

运行得到flag:

flag{wo0_th3_tr4in_i5_leav1ng_g3t_on_it}

baigeiRSA2

下载附件,得到压缩包,解压得到两个文件,内容:

运行得到n和c的值

n = 175797137276517400024170861198192089021253920489351812147043687817076482376379806063372376015921

c = 144009221781172353636339988896910912047726260759108847257566019412382083853598735817869933202168

解题:

对N进行分解,使用yafu工具。

P19 = 9401433281508038261

P20 = 11215197893925590897

P20 = 11855687732085186571

P20 = 10252499084912054759

P20 = 13716847112310466417

编写脚本

已知p、q、n、c我们编写代码

import gmpy2  # 导入高精度计算库gmpy2
from Crypto.Util.number import long_to_bytes  # 导入将长整数转换为字节串的工具函数

# 定义RSA公钥和密文
e = 65537
c = 40876621398366534035989065383910105526025410999058860023908252093679681817257

# 定义RSA算法中使用的两个大素数p和q,以及模数n和欧拉函数值phi_n
p = 322368694010594584041053487661458382819
q = 274539690398523616505159415195049044439
n = p * q
phi_n = (p - 1) * (q - 1)

# 计算RSA私钥中的解密指数
d = gmpy2.invert(e, phi_n)

# 使用RSA算法解密密文c,得到明文m
m = pow(c, d, n)

# 将解密后的长整数m转换为字节串,并输出到屏幕上
print(long_to_bytes(m))

运行得到flag:HSCTF{@Zh3n_Ba1_G3i!@}

二元一次方程组

下载附件打开:

根据得到的数据编写脚本:

import libnum
# extended euclidean algorithm
def egcd(a, b):
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = egcd(b % a, a)
        return (g, x - (b // a) * y, y)
# modular multiplicative inverse
def modinv(a, m):
    g, x, y = egcd(a, m)
    if g != 1:
        raise Exception('modular inverse does not exist')
    else:
        return x % m


n = 5700102857084805454304483466349768960970728516788155745115335016563400814300152521175777999545445613444815936222559357974566843756936687078467221979584601
avg = 75635892913589759545076958131039534718834447688923830032758709253942408722875
c = 888629627089650993173073530112503758717074884215641346688043288414489462472394318700014742820213053802180975816089493243275025049174955385229062207064503
e = 65537
phi_n = n - 2 * avg + 1  # phi(n) = (p-1)(q-1) = pq-(p+q)+1
d = modinv(e, phi_n)  # de = 1 mod phi_n, d = e^-1 mod phi_n
m = pow(c, d, n)
print(libnum.n2s(m))

运行后得到flag:hsctf{Dl3F4TH3rRR4iin_AvAvA}

flag_in_your_hand1

1、拿到文件后,发现是js文件和html文件。

2打开html文件:

按f12查看网页代码

script代表js代码的开始和结束。从代码中发现输入的正确与否与ci有关。

打开js文件,找到关键代码

与a中的数字对比,只要相差3,就输出true。所以只要将a中的数字剑减3,换成asc||字符,得到字符串。security-xbu

得到flag:RenIbyd8Fgg5hawvQm7TDQ

看我回旋踢

下载附件打开:

synt有点像rot13

在线解密(贼好用):http://www.rot13.de/index.php

得到flag:flag{0cd6559d-31a0-91d3-b275-beb0ba5962e6}

变异凯撒

打开附件:

通过上面的acsii码值对比表可以看到第一个字符向后移了5,第二个向后移了6,第三个向后移了7,以此类推,很容易想到变异凯撒即每个向后移的位数是前一个加1:编写脚本:

str="afZ_r9VYfScOeO_UL^RWUc"
k=5
for i in str:
    print(chr(ord(i)+k),end='')
    k+=1

运行后得到flag:flag{Caesar_variation}

丢失的MD5

下载zip压缩包打开:

解析py代码

python3

print des -格式错误

改为

print(des)

运行

import hashlib   
for i in range(32,127):
    for j in range(32,127):
        for k in range(32,127):
            m=hashlib.md5()
            m.update('TASC'+chr(i)+'O3RJMV'+chr(j)+'WDJKX'+chr(k)+'ZM')
            des=m.hexdigest()
            if 'e9032' in des and 'da' in des and '911513' in des:
                print(des)

发现结果为

import hashlib
for i in range(32,127):
    for j in range(32,127):
        for k in range(32,127):
            m=hashlib.md5()
            m.update('TASC'.encode('utf-8')+chr(i).encode('utf-8')+'O3RJMV'.encode('utf-8')+chr(j).encode('utf-8')+'WDJKX'.encode('utf-8')+chr(k).encode('utf-8')+'ZM'.encode('utf-8'))
            des=m.hexdigest()
            if 'e9032' in des and 'da' in des and '911513' in des:
                print (des)

运行后得到flag:e9032994dabac08080091151380478a2

Alice与Bob

题目描述:

使用在线工具分解两个素数:

分解后,小的放前面,大的放后面,合成一个新的数字,进行md5的32位小写哈希

得到flag{d450209323a847c8d01c6be47c81811a}

rsarsa

下载附件打开:

编写python脚本:

import gmpy2
e=65537
p=9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q=11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
n=p*q
#密文
C=83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034
d=gmpy2.invert(e,(p-1)*(q-1))
print(d)
#求明文
M=pow(C,d,n)
print(M)

运行后得到flag:5577446633554466577768879988

Windows系统密码

下载附件打开:

先用MD5解密工具测试一下这段数据:

测试另外一个数据:

得到flag{good-luck}

信息化时代的步伐

下载附件打开:

使用在线中文电码解密得到flag

RSA_gcd

题目给的是两个txt文件,每个文件包含三个字符:n、e、c,如图:

经典的RSA问题题目给的按时是RSA_gcd,猜想可能是素数分解问题,从而分部分进行加解密。

import gmpy2, libnum
from Crypto.Util.number import long_to_bytes


# 用于求解a和b的最大公约数
def get_p(a, b):
    p = gmpy2.gcd(a, b)
    return p


if __name__ == '__main__':
    n1 = 23220619839642624127208804329329079289273497927351564011985292026254914394833691542552890810511751239656361686073628273309390314881604580204429708461587512500636158161303419916259271078173864800267063540526943181173708108324471815782985626723198144643256432774984884880698594364583949485749575467318173034467846143380574145455195152793742611717169602237969286580028662721065495380192815175057945420182742366791661416822623915523868590710387635935179876275147056396018527260488459333051132720558953142984038635223793992651637708150494964785475065404568844039983381403909341302098773533325080910057845573898984314246089
    c1 = 9700614748413503291260966231863562117502096284616216707445276355274869086619796527618473213422509996843430296526594113572675840559345077344419098900818709577642324900405582499683604786981144099878021784567540654040833912063141709913653416394888766281465200682852378794478801329251224801006820925858507273130504236563822120838520746270280731121442839412258397191963036040553539697846535038841541209050503061001070909725806574230090246041891486506980939294245537252610944799573920844235221096956391095716111629998594075762507345430945523492775915790828078000453705320783486744734994213028476446922815870053311973844961
    n2 = 22642739016943309717184794898017950186520467348317322177556419830195164079827782890660385734113396507640392461790899249329899658620250506845740531699023854206947331021605746078358967885852989786535093914459120629747240179425838485974008209140597947135295304382318570454491064938082423309363452665886141604328435366646426917928023608108470382196753292656828513681562077468846105122812084765257799070754405638149508107463233633350462138751758913036373169668828888213323429656344812014480962916088695910177763839393954730732312224100718431146133548897031060554005592930347226526561939922660855047026581292571487960929911
    c2 = 20513108670823938405207629835395350087127287494963553421797351726233221750526355985253069487753150978011340115173042210284965521215128799369083065796356395285905154260709263197195828765397189267866348946188652752076472172155755940282615212228370367042435203584159326078238921502151083768908742480756781277358357734545694917591921150127540286087770229112383605858821811640935475859936319249757754722093551370392083736485637225052738864742947137890363135709796410008845576985297696922681043649916650599349320818901512835007050425460872675857974069927846620905981374869166202896905600343223640296138423898703137236463508
    e = 65537
	
	# 拿到共同的p,再分别求出各自的素数q
    p = get_p(n1, n2)
    q1 = n1 // p
    q2 = n2 // p

    # 求私钥d,另外gmpy2.invert()函数和libnum.invmod()函数等价
    d1 = libnum.invmod(e, (p - 1) * (q1 - 1))
    d2 = libnum.invmod(e, (p - 1) * (q2 - 1))

    # 将密文c用私钥d解密成明文
    m1 = gmpy2.powmod(c1, d1, n1)
    m2 = gmpy2.powmod(c2, d2, n2)

    # 将明文转字符
    message = long_to_bytes(m1) + long_to_bytes(m2)
    print(message.decode())

最终的答案为:flag{336BB5172ADE227FE68BAA44FDA73F3B}

苏生要努力
关注
  • 19
    点赞
  • 21
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
攻防世界-密码学-入门版
leila1997的博客
05-04 1224
攻防世界crypto-初级幂数加密分析题目云影密码代码实现 幂数加密 分析题目 8842101220480224404014224202480122 这里给出了一串数字,并且得知最终为8位大写字母,可以分析得到这种是云隐密码 云影密码 这种加密方式仅使用01248这5种数字来进行,其中0用来唯一表示间隔,其他数字用加法和表示替换密文。再使用数字1-26表示字母A-Z。 如:18 = 1+8 = ...
攻防世界密码学 浅尝
qq_43623550的博客
03-23 822
2021-3-23 学习下密码学,以攻防世界题目为例 第一题: 题目叫做base64: Y3liZXJwZWFjZXtXZWxjb21lX3RvX25ld19Xb3JsZCF9 直接解密为 cyberpeace{Welcome_to_new_World!} 这里解析下base64是什么。根据64位ASCII码表进行加密,把每个8位的字符进行合并 然后分割成6个6个的 然后添加2个0 ,重新对应。所以可以看到 解密后是解密前的3/4那么长。这里不多赘述具体方法,可见百度 第二题: oknqdbqmoq{kag
攻防世界--新手密码
qq_42201260的博客
10-02 682
不仅仅是MORSE 看到标题。。emm首先肯定是摩斯解码。 网上找了个在线工具进行解码 这AAAAA估摸的就是培根密码了,在接着找个在线工具解码就ok了。。 ...
攻防世界题目练习——Crypto密码新手+引导模式(一)(持续更新)
最新发布
qq_48550824的博客
09-08 4058
题目名字Caesar就是恺撒密码,也就是把每个字母移动相同的位数变成另一个字母,观察比较cyberpeace和oknqdbqmoq也看得出,字母相同的位置变化后的字母也相同,于是数一下移动的位数。上一题flag的格式为cyberpeace{xx_xx_xx_xx},因此猜测本题{}前面的内容为cyberpeace。联想到上一题拿到的flag的格式,可以看出是比较规律的一串字符。————待更新————————————————————题目提示说留下了明文。不懂,这和密码有啥关系。
CTF -攻防世界-crypto新手区(1~4)
aon8069924165211的博客
08-24 693
题目已经提示用base64直接解密就行 base64解密网址 http://tool.oschina.net/encrypt?type=3 题目提示是凯撒密码 http://www.zjslove.com/3.decode/ 题目已经提示摩斯我做了下转化 然后随便百度一个摩斯电码的在线转化网站就行 ...
攻防世界看雪看雪看雪杂项
11-20
在IT安全领域,尤其是网络安全竞赛(如CTF,Capture The Flag)中,"攻防世界"是一个颇受欢迎的在线平台,旨在提供各种安全挑战来提升参赛者的技能。在这个平台上,"杂项"(Miscellaneous)类题目通常涵盖广泛的知识...
网络安全攻防大赛ctf题目
03-09
网络安全攻防大赛CTF(Capture The Flag)是一种流行的竞赛形式,旨在提升参赛者的网络安全技能,包括漏洞挖掘、密码学、取证分析、网络嗅探等多个领域。这类比赛通常分为多个环节,如逆向工程、Web安全、密码学、二...
ctf网络安全攻防练习题
12-04
如果N等于NP,意味着所有可以快速验证的问题也能快速解决,这将对密码学、加密算法以及安全领域产生深远影响。描述中提到“N=NP能得到的结论当然是N=1或者P=0”,这是一种对问题的幽默化表达,暗示解题可能需要从二...
CTF Attack & Defense线下攻防赛比赛技巧.pdf
01-15
CTF比赛通常包括多种类型的问题,如Web安全、逆向工程、密码学、取证分析等。在这份资料中,重点讨论了“Attack With Defense”模式,即攻击与防御并重的游戏机制。这种模式要求参赛者不仅要具备攻击技能,寻找并...
ctf,web攻防工具-御剑1.5.7z
04-06
【御剑】是一款知名的Web安全扫描工具,常用于CTF(Capture The Flag)竞赛和网络安全检测。CTF是一种信息安全竞赛,参与者通过展示攻击与防御技术来争夺“旗标”,即获取或保护特定的信息资源。在这样的竞赛中,Web...
CTF多功能密码破解(需java环境)
02-09
CTF的小工具,实用方便,可支持多种古典密码,多种编码方式。
ctf密码加解密用到的工具
08-15
ctf密码加解密的工具,用于ctf中解有关密码学一类得小工具
攻防世界 Crypto高手进阶区 2分题 cr3-what-is-this-encryption
闵行小鱼塘
12-05 533
继续ctf的旅程,攻防世界Crypto高手进阶区的2分题,本篇是cr3-what-is-this-encryption的writeup
攻防世界 cr3-what-is-this-encryption
m0_74190309的博客
08-31 309
Fady同学以为你是菜鸟,不怕你看到他发的东西。随机选取一个正整数e,1
XCTF攻防世界--cr3-what-is-this-encryption
qq_46927150的博客
05-03 3015
cr3-what-is-this-encryption 题目来源: alexctf-2017 看到题目中的p,q,e,就想到了RSA加密 大致思路: 先把p,q,e转成十进制,再根据公式求出n,d,m n=p*q φ(N) = (p-1)(q-1) e * d % φ(N) = 1(d是私钥,e是公钥) m=c^ d mod n (m是明文) 借鉴大佬的代码: import libnum fro...
攻防世界crypto高手题之cr3-what-is-this-encryption
沐一 · 林 的博客
08-29 1060
攻防世界crypto高手题之cr3-what-is-this-encryption 继续开启全栈梦想之逆向之旅~ 这题是攻防世界crypto高手题的cr3-what-is-this-encryption . . 没有附件,依稀看得出有q、p、e、c,是简单的RSA题目,用我之前积累的RSA脚本CTF-RSA-tool跑一下,。。。跑不出来:(反复试了好多次,还是报错,我放弃了) . . 然后在网上查资料中找到一个讲得比较好的脚本和讲解: 借鉴于: https://www.cnblogs.com/zhe
xctf攻防世界 CRYPTO高手进阶区 cr3-what-is-this-encryption
热门推荐
l8947943的博客
02-11 1万+
1. 进入环境 题目给出了一长串字符,我们将其提出来,发现是p,q,e,c,因此猜测可能是RSA相关的解密问题。 查一查RSA的具体操作流程: 2. 代码解题 参考网上的wp,先安装两个包: pip install libnum pip install pycryptodome 接着上代码: import libnum from Crypto.Util.number import long_to_bytes p = int( "0xa6055ec186de51800ddd6fcbf019238
攻防世界CRYPTO cr3-what-is-this-encryption writeup(待)
qq_45837896的博客
08-16 932
RSA加密 根据题目所给的 pqec联想到密码学中学到的RSA加密算法 关于RSA: 题目中给出了p.q.e.c 那么很容易算出来φ(n),进而算出来d,然后得出c,可以跑一个脚本 import libnum from Crypto.Util.number import long_to_bytes q = int("0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c6
CTF密码学基础与编码解析
"CTF密码学CRYPTO.pdf" 在CTF( Capture The Flag)竞赛中,密码学是一个关键领域,涉及到编码、解码、古典密码学以及各种加密技术的运用和破解策略。密码学主要分为古典密码学和现代密码学,其核心目标是确保信息的...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值