强网杯S6初赛 部分题解

已于 2022-08-05 21:36:43 修改
阅读量389 收藏
点赞数
分类专栏: CTF 文章标签: 安全
于 2022-08-05 16:08:54 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_51122085/article/details/126177525
版权
本文介绍了如何通过多项式环的模2除法解决数学竞赛中的问题,并展示了利用ECDSA签名算法的漏洞(CVE-2022-21449)来伪造JWT令牌。通过分析JWT生成和验证过程,构造特定payload,最终成功获取flag。此外,还展示了RSA和RSA盲签名的应用,通过计算私钥和模数的逆元,破解加密信息。
摘要由CSDN通过智能技术生成

强网杯S6初赛 部分题解

和师傅们一起打强网杯初赛,题目质量很高,算是打过的比较难的比赛了。最终排名47(1135分)。
PWN题好多,然而才刚开始学。(乐
Misc坐牢,第二天一直在和zlib玩了。
vmess还在研究,复现估计就需要两三天。

强网先锋

polydiv

题目给了个模2多项式环计算的class,搭靶机测试一下,第一步sha256验证,第二步题目会给出 a ( x ) a(x) a(x) c ( x ) c(x) c(x) r ( x ) r(x) r(x)三个模2多项式,让你找到一个满足 a ( x ) b ( x ) + c ( x ) = = r ( x ) a(x)b(x)+c(x)==r(x) a(x)b(x)+c(x)==r(x)的多项式 b ( x ) b(x) b(x)
因此只需要写一个模2除法即可。提取数据做好格式处理就行。

from hashlib import sha256
from pwn import *
from re import findall
from math import log,floor

def GF2_sub(n1, n2):
    return n1 ^ n2

def GF2_div(n1, n2):
    if n2 == 1:
        return n1
    else:
        len1 = len(bin(n1))
        len2 = len(bin(n2))
        lensub = len1 - len2 + 1

        if lensub < 1:
            return hex(0)
        elif lensub == 1:
            return hex(1)
        elif lensub > 1:
            div = 0
            while len1 >= len2:
                n1 ^= (n2 << (len1 - len2))
                div ^= (1 << (len1-len2))
                len1 = len(bin(n1))
            return div

p = remote('182.92.161.17', 31466)

s = p.recv()
kk = str(s)[14:30]
tt = str(s)[35:-3]
print(kk)
print(tt)

alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
for i in alphabet:
    for j in alphabet:
        for k in alphabet:
            for l in alphabet:
                if sha256((i+j+k+l+kk).encode()).hexdigest() == tt:
                    p.sendline((i+j+k+l).encode())


for i in range(40):
    s = p.recv()

    poly = str(s).split("\\n")
    rr = []
    aa = []
    cc = []
    print(poly)
    print(len(poly))
    ps = poly[0] + ' '
    for i in range(len(ps)-1):
        if ps[i] == 'x' and ps[i+1] == ' ':
            rr.append(1)
            break
    ps = poly[1] + ' '
    for i in range(len(ps)-1):
        if ps[i] == 'x' and ps[i+1] == ' ':
            aa.append(1)
            break
    ps = poly[2] + ' '
    for i in range(len(ps)-1):
        if ps[i] == 'x' and ps[i+1] == ' ':
            cc.append(1)
            break
    r = findall(r"\d+",poly[0])
    a = findall(r"\d+",poly[1])
    c = findall(r"\d+",poly[2])
    r = [int(i) for i in r]
    a = [int(i) for i in a]
    c = [int(i) for i in c]
    if 1 in r:
        rr.append(0)
    if 1 in a:
        aa.append(0)
    if 1 in c:
        cc.append(0)
    for i in r:
        if i != 1:
            rr.append(i)
    for i in a:
        if i != 1:
            aa.append(i)
    for i in c:
        if i != 1:
            cc.append(i)
    print(rr,aa,cc)

    rp = 0
    ap = 0
    cp = 0
    for i in rr:
        rp += 2 ** i
    for i in aa:
        ap += 2 ** i
    for i in cc:
        cp += 2 ** i
    print(rp,ap,cp)
    bp = GF2_div(GF2_sub(rp,cp),ap)
    print(bp)
    sends = ""
    strb = bin(bp)[2:]
    for i in range(len(strb)):
        if strb[i] == '1':
            if i == len(strb)-1:
                sends += "1"
            elif i == len(strb)-2:
                sends += "x"
            else:
                sends += "x^{}".format(len(strb)-i-1)
            sends += " + "
    sends = sends[:-3]
    print(sends)
    p.sendline(sends.encode())
    print(p.recv())
p.sendline(sends.encode())
print(p.recv())

Crypto

myJWT

关于JWT贴一篇不错的文章:什么是 JWT – JSON WEB TOKEN –
Dearmadman
简单来说就是用户与服务器之间采用单点登录时的一个令牌,常用来认证身份。Token由“.”分割的三部分(header、payload、signature)组成。
题目中给出了服务器认证的源码,审一下。
首先是第三部分signature用到的签名协议,包含签名算法、sign函数和vrfy函数。

class ECDSA{
	public KeyPair keyGen() throws Exception {
		KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
		keyPairGenerator.initialize(384);
		KeyPair keyPair = keyPairGenerator.genKeyPair();
		return keyPair;
	}
	
	public byte[] sign(byte[] str, ECPrivateKey privateKey) throws Exception {
		Signature signature = Signature.getInstance("SHA384withECDSAinP1363Format");
		signature.initSign(privateKey);
		signature.update(str);
		byte[] sig = signature.sign();
		return sig;
	}
	
	public boolean verify(byte[] sig, byte[] str ,ECPublicKey publicKey) throws Exception {
		Signature signature = Signature.getInstance("SHA384withECDSAinP1363Format");
		signature.initVerify(publicKey);
		signature.update(str);
		return signature.verify(sig);
	}
}

基础的签名算法都规定好了,为每个用户生成公私钥对,私钥签名公钥认证,常规操作,暂时看不出什么漏洞点。接着看jwt部分:

public class jwt{
	
	public static int EXPIRE = 60;
	public static ECDSA ecdsa = new ECDSA();
	public static String generateToken(String user, ECPrivateKey ecPrivateKey) throws Exception {
		JSONObject header = new JSONObject();
		JSONObject payload = new JSONObject();
		header.put("alg", "myES");
		header.put("typ", "JWT");
		String headerB64 = Base64.getUrlEncoder().encodeToString(header.toJSONString().getBytes());
		payload.put("iss", "qwb");
		payload.put("exp", System.currentTimeMillis() + EXPIRE * 1000);
		payload.put("name", user);
		payload.put("admin", false);
		String payloadB64 = Base64.getUrlEncoder().encodeToString(payload.toJSONString().getBytes());
		String content = String.format("%s.%s", headerB64, payloadB64);
		byte[] sig = ecdsa.sign(content.getBytes(), ecPrivateKey);
		String sigB64 = Base64.getUrlEncoder().encodeToString(sig);
		
		return String.format("%s.%s", content, sigB64);
	}
	
	public static boolean verify(String token, ECPublicKey ecPublicKey) throws Exception {
		String[] parts = token.split("\\.");
		if (parts.length != 3) {
			return false;
		}else {
			String headerB64 = parts[0];
			String payloadB64 = parts[1];
			String sigB64 = parts[2];
			String content = String.format("%s.%s", headerB64, payloadB64);
			byte[] sig = Base64.getUrlDecoder().decode(sigB64);
			return ecdsa.verify(sig, content.getBytes(), ecPublicKey);
		}
		
	}
	
	public static boolean checkAdmin(String token, ECPublicKey ecPublicKey, String user) throws Exception{
		if(verify(token, ecPublicKey)) {
			String payloadB64 = token.split("\\.")[1];
			String payloadDecodeString = new String(Base64.getUrlDecoder().decode(payloadB64));
			JSONObject payload = JSON.parseObject(payloadDecodeString);
			
			if(!payload.getString("name").equals(user)) {
				return false;
			}
			if (payload.getLong("exp") < System.currentTimeMillis()) {
				return false;
			}
			return payload.getBoolean("admin");
		} else {
			return false;
		}	
	}
	
	public static String getFlag(String token, ECPublicKey ecPublicKey, String user) throws Exception{
		String err = "You are not the administrator.";
		if(checkAdmin(token, ecPublicKey, user)) {
			File file = new File("/root/task/flag.txt");
			BufferedReader br = new BufferedReader(new FileReader(file));
			String flag = br.readLine();
			br.close();
			return flag;
		} else {
			return err;
		}
	}
	
	public static boolean task() throws Exception {
		Scanner input = new Scanner(System.in);
		System.out.print("your name:");
		String user = input.nextLine().strip();
		System.out.print(String.format("hello %s, let's start your challenge.\n", user));
		KeyPair keyPair = ecdsa.keyGen();
		ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate();
		ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic();
		String menu = "1.generate token\n2.getflag\n>";
		Integer choice = 0;
		Integer count = 0;
		while (count <= 10) {
			count++;
			System.out.print(menu);
			choice = Integer.parseInt(input.nextLine().strip());
			if(choice == 1) {
				String token = generateToken(user, ecPrivateKey);
				System.out.println(token);
			} else if (choice == 2) {
				System.out.print("your token:");
				String token = input.nextLine().strip();
				String flag = getFlag(token, ecPublicKey, user);
				System.out.println(flag);
				input.close();
				break;
			} else {
				input.close();
				break;
			}
		}
		return true;
	}
	
	public static void main(String[] args) throws Exception {
		task();
	}
	
}

好长。。。练一下耐心审源码的能力,首先看令牌生成函数:

header.put("alg", "myES");
header.put("typ", "JWT");
String headerB64 = Base64.getUrlEncoder().encodeToString(header.toJSONString().getBytes());
payload.put("iss", "qwb");
payload.put("exp", System.currentTimeMillis() + EXPIRE * 1000);
payload.put("name", user);
payload.put("admin", false);
String payloadB64 = Base64.getUrlEncoder().encodeToString(payload.toJSONString().getBytes());
String content = String.format("%s.%s", headerB64, payloadB64);
byte[] sig = ecdsa.sign(content.getBytes(), ecPrivateKey);
String sigB64 = Base64.getUrlEncoder().encodeToString(sig);
return String.format("%s.%s", content, sigB64);

可以看到生成Token的几部分都已经做好了。
头部包含两个字段:算法myES和类型JWT。
payload包含四个字段:

{"iss":"qwb";"exp":<System.gen()>;"name":<user.input()>;"admin":"false"}

测试靶机可知exp记录时间,系统会自动生成;name可以随意提交。admin字段对应值为false,而登陆成功时该字段值应该为true,不过该字段为明文编码,可以随意修改。
将header和payload拼接一下,用私钥签个名作为signature,拼接起来即可得到一个非管理员用户的Token。
另外注意到jwt设置了过期,EXPIRE=60说明Token分发超过60s后该用户Token会被视为无效。
验签函数verify就是验证Token的三部分,checkAdmin函数验证Token是否过期以及用户是否为admin,如果是的话给flag。
因此jwt的逻辑大致清楚,我们需要构造一个payload绕过验签函数检测,伪造admin为true即可。然而题目给出的代码中没有明显漏洞,推测有现成的洞,搜索关键词发现CVE-2022-21449:Psychic Signatures of ECDSA
(这个洞加上关键词SHA384会查的很快
大致意思是说,json-ECDSA没有验证输入的签名 ( r , s ) (r,s) (r,s)是否满足参数不为0,因此只需输入一个长度合适的空字节的base64编码就可以轻松绕过。
SHA-384散列值长度为384位,因此构造96个空字节的base64编码即可:

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

在靶机上提交用户名为abc,得到签名的前两部分:

eyJ0eXAiOiJKV1QiLCJhbGciOiJteUVTIn0=.eyJpc3MiOiJxd2IiLCJuYW1lIjoiYWJjIiwiYWRtaW4iOmZhbHNlLCJleHAiOjE2NTkxOTU1ODQ1ODB9

分别解码为:

{"typ":"JWT","alg":"myES"}
{"iss":"qwb","name":"abc","admin":false,"exp":1659195584580}

修改admin字段为true,重新编码,最终构造payload为:

eyJ0eXAiOiJKV1QiLCJhbGciOiJteUVTIn0=.eyJpc3MiOiJxd2IiLCJuYW1lIjoiYWJjIiwiYWRtaW4iOnRydWUsImV4cCI6MTY1OTE5NTU4NDU4MH0=.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

提交拿到flag。

Factor

考察RSA当 N = p r q N=p^rq N=prq形式时的分解。可以找到论文:New Attacks on RSA with Moduli N = p r q N=p^rq N=prq
论文中阐述了三种分解 N N N的方法,对应题目中生成的三组问题。第一组问题使用连分数法让 N 1 N 2 \frac{N_1}{N_2} N2N1逼近 q 1 q 2 \frac{q_1}{q_2} q2q1,第二种方法和第三种方法基于格的LLL算法进行因子搜索。关于本题的原理之后会另写一篇文章详细证明。

import gmpy2
from libnum import n2s
from math import gcd


def tCf(n, d):
    res = []
    while d:
        res.append(n // d)
        n, d = d, n % d
    return res


def cf(sub_res):
    n, d = 1, 0
    for i in sub_res[::-1]:
        d, n = n, i * n + d
    return d, n


def listFraction(x, y):
    res = tCf(x, y)
    res = list(map(cf, (res[0:i] for i in range(1, len(res)))))
    return res


n11=801049932940568005269978912396585741498810389425615966036828877784238116634177290247194019425111606811005728521368879065336038221361037062407029836155148874719789714345603547779284558101833801155509762818376470874215789574939002212274399950433269775325144015468620263028557804618774240232988157961712628677901130814703917513004114547234375629747176834581166306552311075522669403347828095831520693563291249869832390698646691647204371133362254846234990175138047928703289833460734235302093916147489509206061923877623300596194317059884824322527532662470348274079800781120104946546063500763852622187404608639542858285661288293918912184354236687975919510300221932074135531028314170475917110204254042336116619335841213418990605590620842511615815443114612333881430920769002933370887494558640833005339906706603497809846863863967391543647049224309556936909768179259581851520214669904560467640473144481633920438487615788689262961741053146610554997224861331949716721056553499531186695425439163222802917813140266513735841447717418846360096652592844940362932171019143434080184728093326143821165097895058935372215708948088248596585127475770021962501262915274497478428868130455122612016408381607561200802267038869516896665387576895570245272035575637
n12=635401970340205725139325006504978344512744926958688031423448003992072769931808217486709574151492230879374574313457662436423263437792389711379687512056391117410807565492548718691166183372633151644917135272259770997096195518489056319350258673723095417922153182423913759272893696867426193704479752772511081457729513843682588951499551132432923147997238597538055902932123792252593514225328196541483451747314048080824405530742533473914329294346486691684904100406972073037050089861816604505650042953778360621934380815999541183067585498606053857125775979915077329566722531830089714823979965934190338538564188253271016367299890015449611141166780048763403252309160517164569110740561584100839212138661881615351382946813818078899882595313362934594951895560189003438775450675343590147821186953526262224973333962454561275321925151619178204499342339749637758100126893330994252902926509705617882239610380420830791088907378397226817514095468815228186716220057075095711894070032344613244803934541318573847029365563159918970404057137270884587905766828750387753130065274147902379993224780149663600462492281891320702134153853359393588902750423972068679293373333869389393970353760507436913233657422185531482023237384247535554666481760197851108297145147371
e11=1898839980562048754607069073527844852132536432440793106124181406514770178066775988232362054809850074774981836898118651469424148725970708199461113088705044905633592578936333918328544505910996746428679299419879472444790941363558025887620570856598548320246426354974395765243741646121743413447132297230365355148066914830856904433750379114692122900723772114991199979638987571559860550883470977246459523068862898859694461427148626628283198896659337135438506574799585378178678790308410266713256003479022699264568844505977513537013529212961573269494683740987283682608189406719573301573662696753903050991812884192192569737274321828986847640839813424701894578472933385727757445011291134961124822612239865
e12=1262647419018930022617189608995712260095623047273893811529510754596636390255564988827821761126917976430978175522450277907063247981106405519094560616378241247111698915199999363948015703788616554657275147338766805289909261129165025156078136718573006479030827585347458143645738353716189131209398056741864848486818076440355778886993462012533397208330925057305502653219173629466948635110352752162442552541812665607516753186595817376029707777599029040724727499952161261179707271814405907165207904499722122779096230563548011491932378429654764486855147873135769116637484240454596231092684424572258119768093562747249251518965380465994055049411715353547147466711949391814550591591830515262296556050946881

res = listFraction(n11, n12)
for i in res:
    if n12 % i[0] == 0 and n11 % i[1] == 0 and i != (1,1):
        q1 = i[1]
        q2 = i[0]
p1 = int(gmpy2.iroot(n11 // q1, 2)[0])
p2 = int(gmpy2.iroot(n12 // q2, 2)[0])
print(p1,p2)

c11=18979511327426975645936984732782737165217332092805655747550406443960209507493506811471688957217003792679188427155591583024966608843371190136274378868083075515877811693937328204553788450031542610082653080302874606750443090466407543829279067099563572849101374714795279414177737277837595409805721290786607138569322435729584574023597293220443351227559400618351504654781318871214405850541820427562291662456382362148698864044961814456827646881685994720468255382299912036854657082505810206237294593538092338544641919051145900715456411365065867357857347860000894624247098719102875782712030938806816332901861114078070638796157513248160442185781635520426230183818695937457557248160135402734489627723104008584934936245208116232179751448263136309595931691285743580695792601141363221346329077184688857290503770641398917586422369221744736905117499140140651493031622040723274355292502182795605723573863581253354922291984335841915632076694172921289489383700174864888664946302588049384130628381766560976143458735712162489811693014419190718601945154153130272620025118408017441490090252674737105557818759190934585829634273698371996797545908125156282869589331913665938038870431655063063535672001112420959158339261862052308986374193671007982914711432579
c12=336587005671304527566745948355290412636261748969581976214239578621816863343117433524033533838636941679300497270909696775021031004312477997130741361709262822736904340641138652359632950455651920464042448022467664596484055174270895170499076347333381222768518599018520948098943626229061996126260154604038101543546588917619576702866444998578555907070990331574722135141778182631559802154493815687284077524469331290249057291163803290619701104007028836609832847351748020354798788508790258935718399783002069490123663345156902440501507117289747695510266461539019431610123351176227443612317037899257774045751487135646052309277098939919088029284437221840182769808850184827681307611389353392683707516141736067793897378911235819049432542758429901945202632117089595899280390575706266239252841152490534353760118231918190110043319877744119083811214707593122757409240645257409097436061825613686773916466122693168971062418046703969144004779270391320645495586024342668002497155358623795942692477164489475917351003149045087283510728981096449890130735055015075557614253867698702479920619299919816768972581273507837309179450374634916567083251630203067065663910073926990517108921490442919372774170201239734064819301693527366233007925670043499415100789027665

phi11 = (p1) * (p1-1) * (q1-1)
phi12 = (p2) * (p2-1) * (q2-1)
d11 = gmpy2.invert(e11,phi11)
d12 = gmpy2.invert(e12,phi12)
m1 = pow(c11,d11,n11)
m2 = pow(c12,d12,n12)
print(m1)
print(m2)
n2 = 209798341155088334158217087474227805455138848036904381404809759100627849272231840321985747935471287990313456209656625928356468120896887536235496490078123448217785939608443507649096688546074968476040552137270080120417769906047001451239544719039212180059396791491281787790213953488743488306241516010351179070869410418232801398578982244984544906579574766534671056023774009163991804748763929626213884208260660722705479782932001102089367261720194650874553305179520889083170973755913964440175393646890791491057655226024046525748177999422035469428780228224800114202385209306803288475439775037067014297973202621118959024226798935588827359265962780792266516120013602384766460619793738405476219362508944225007365127768741191310079985425349292613888185378948854602285379329682053663283534930182589905986063348509703027498270111412063194971956202729807710253369312175636837558252924035002153389909587349043986253518050303628071319876207392440085675892353421232158925122721273720564784886530611286461575045181073744696415657043278123662980166364494583141297996445429477446442693717498789391918530672770193730629928408766563592081857706608049076318165712479742423149330311238462044666384622153280310696667586565906758451118241914402257039981388209
x = 3549384841973213309621072870106254602253656209014197632823411827739864720839737811030401306800875843661955913236834617545674409639259372934721570288281471569069146201536309734296340629562207991295283896
g = gcd(m1*m2*x-(m2-m1),n2)
p2 = int(gmpy2.iroot(g,6)[0])
q2 = n2 // (p2 ** 7)
e2 = 0x10001
phi2 = (p2 ** 6) * (p2 - 1) * (q2 - 1)
d2 = gmpy2.invert(e2,phi2)
c2 = 18352572608055902550350386950073774530453857897248738030380007830701135570310622004368605208336922266513238134127496822199799761713782366178177809597137102612444147565578155260524747439899150012223027218489946124086276814899675563837669559795153349686434242738207425653079514376089070980797596457151965772460109519623572502109592612394316680202287712465721767341302234806130244551387296133051760893033194962691942040228545508895009195291106297581470066545991352668826197346830561010198417527057944507902143965634058848276017283478933675052993657822322866778994956205033704582047618324071045349072526540250707463112668579342537349567247810715604220690215313641329522674080146047291570752430231923566302463491877377617044768978997438596643458475128936850994934029476030136643053997549253792076260765459166618369864942681056864815996253315631930002738854235841120321870075261782250357506436825550088826469396508045912258303652912217151127280959435741419961721418428605515096160344688795655562889755165362006775317188009008288782691705879510655892181975003485714604340542378477388225736316682379616676770234557939471098919647053799313777248678455620231721202780830980063824003076308811540534492317719811588898727134190545533822501681653
b = pow(c2,d2,n2)
print(b)

n3=539779851369541956878655738599584730199799866957191805784596190682932284216781781433367450841202917758999300635019369629627621029957135109806205877317954671312041249493462048283611940752235036153024920172209763260723728345918562258401803973624430150143563078517485996070862532682695228590709019451174548520135142052216785774589096706631010293690859363524584240662502290912412366366114571976050857239915691266377257797199583543940504695517331512813468837128344612227973709974625418257243011036826241599265375741977853552204640800449679679351666009764297016524814036295707311913711955324055690490892097177271718850857268982130811714517356073266905474635370690445031512184247179039751734276906533177939993769044135143389748416635981226449566039039202521305851567296884751935162651063209779647359922622084851547605090230221057349511482738300221222563908357379545905837110168948295030747460300104202323692732549831403834387939156877086852393515817984772384147449841124275061609701453997579569931391166586163299940486204581696722731952467570857217406030804590055255431828403195798003509083922294733709507134156466158642941338493323430671502043066148246348074878064089651235355282144209668143249348243220714471988019011613749340243917652821
e3=8179300978753084587812861894047395225516049110376948812109811319430275614612773726672345893359691900281432484382670047044697374818043512731533402576374645405477207239801498428774783768163880078495448747421425078521981578408638790336528372019271073712013371141939808017049399434858687299480461753638164719404612128939787055797762174745092074547412183349192156638711750872083313795551439465507724807626674514935170104573715458782366469587138508845980490673890245713729782917089910271980557159592807350504157192913530007199510144004848020221181558472160543018733124225266127379373751910439604459368078652499029070936707349862139053913745186413782066470461478961703013591655136140060879250067379283913798867648758171004535775565306842444545755351202796833177560656564652632975685912935281581268141803696686952259539945588609591385807620108279333498170028167338690235117003515264281843953984997958878272347778561933726792473981855755454522886321669676790813189668084373153897754540290867346751033567500922477317530445967753955221454744946208555394588111484610700789566547507402309549957740815535069057837915204852490930168843605732632328017129154852857227895362549146737618906180651623216848500491438142456250653458053922622240299736136335179639180898730269690699965799644757774472147210271111150769048976871249731156387939260749192370361488285775377622944817570292095201906142567403539151179209316853493906909989301225903409448461436855145
x3 = 16731588253866128571163910758846497670928988943944436618514118121761227689113110943465936457030051710610254169629932203082368465978112219532158626669990117160986135699541953274434781877420432743573801621
g3 = gcd(e3*x3-b,n3)
p3 = int(gmpy2.iroot(g3,6)[0])
q3 = n3 // (p3 ** 7)
phi3 = (p3 ** 6) * (p3 - 1) * (q3 - 1)
c3 = 113097822337683973761068913398570777162211043704088253732500045618770280334319497174908657828372816818344430304314992760410247741225285170975119344962728883084314382093407445567724674775086423808679124143380073906159023182353116556175251427048715466914368972746661938211846262612414049036821553068430149530397389927209475908905748728402722287875974303298260579839357610962198145974153609818939841880084892796820949226354126424023144300953584658958900737493704530725894948802258740332090822797815745616247879170037794873059391625680745994045522420168248552864215035136318711240256011217929372430302003068882829637056296413462078222453765071094277727760527662423010417144554652783429899139309180017349156600053882338180319473460877576898373222480215735280046214925463242092830060830764299787309912687294672319845054775281463150375545716818434962456139485501224661520991156961587158843064393883274763714930309353593180897123378717852182761518709151878662808890356934477932099818218743384674756674800089177733447066489275506387382342429495897972218764782517198727316942685748481956118012927027254979181519862451112593068440686462293151078537886822555211870303467014484443432209106264020502334805536091587252238173816637270028678636848763
d3 = gmpy2.invert(e3,phi3)
m3 = pow(c3,d3,n3)
print(n2s(int(m3)))
Ch3V@l
关注
专栏目录
强网杯部分Crypto题解
Risker
03-26 4072
周末打了两天强网杯,被大佬虐成狗,web狗做不出来去搞密码.... 爆出三道密码题,题解如下:题目名称:streamgame1操作:分析下载的压缩包,给了一个python脚本和key,key值16进制打开是12个数,脚本里是用flag值和mask等进行一系列加密算法,最终得到12个key文件里的数,而且flag内容为19位的二进制数字,即2^19种可能。所以写脚本爆破,每次按照给出的算法计算出12...
2019强网杯部分writeup
Sea_Sand息禅
06-04 5618
Web 1、UPLOAD 复现环境https://github.com/CTFTraining/qwb_2019_upload 先看一下网站情况: 是一个注册可登录的界面,登陆之后可以上传图片,一个账号只能上传一次。 扫一下后台目录,发现upload是泄露的,www.tar.gz是泄露的。 www.tar.gz下载下来是网站的源码,upload则是我们上传的文件,找到上传文件的源码: &lt...
强网杯 ExtremelySlow题目
06-30
强网杯2021题目
强网杯2022·Crypto
PUTAOAO的博客
08-01 1823
强网杯
[ CTF ]【天格】战队WriteUp-第六届“强网杯”全国安全挑战赛(初赛
ZXW_NUDT的博客
08-01 3823
第六届“强网杯”全国网络安全挑战赛
第五届“强网杯”全国网络安全挑战赛 - 青少年专项赛 crypto
qq_52193383的博客
10-04 3145
文章目录CryptoCrypto1Crypto2 Crypto Crypto1 题目: n=967226697499512129137566782343586511841340684078124704344359166031568189175458414397790319438006342500321067641548043099355576785128586300482122046964714877621607449248380107464455109792027351231405365999757311
2022强网杯青年赛MISC1和MISC3,Crypto2 部分writeup
Ba1_Ma0的博客
09-11 1672
有什么不会的都可以私信我。
【技术分享】用图片讲一个故事——第五届强网杯Threebody题目官方题解 .pdf
09-05
【技术分享】这篇内容主要围绕的是第五届强网杯网络安全竞赛中的一个题目——"Threebody",这是一道涉及图像隐写术和信息安全挑战的问题。题目通过一张图片来讲述故事,测试参赛者的安全分析和漏洞分析能力。以下是...
2019年 百度之星大赛资料 包含初赛 复赛 题解答案 问题解答 .rar
08-14
【描述】中的“包含初赛 复赛 题解答案 问题解答”意味着这个压缩包文件中存储了当年比赛的所有相关资料,包括初赛和复赛的题目,以及这些题目的官方解答和可能的问题解析。这对于参赛者来说是非常宝贵的资源,可以...
第六届“强网杯”全国网络安全挑战赛
Pysnow's Blog
08-06 1892
也就是go服务端,接着go再解析json,并计算出cost,如果cost小于money就成功,并将money返回,flask这边接受到数据并上传到数据库上。,令num为0就不用花钱了,要在双键的前面被覆盖位置。
强网杯部分题目Writeup
蚁景网安学院
03-29 781
点击上方“合天智汇”,选择“置顶公众号”有内涵的干货文章第一时间送达!本文作者:tinyfisher投稿活动:重金悬赏 | 合天原创投稿等你来!周末参加了强网杯,虽然只做出了一些题目,收...
第五届强网杯全国网络安全挑战赛 题目复现(有题目附件,详解)
路baby的博客
07-26 6306
第五届强网杯全国网络安全挑战赛 题目复现(有题目附件,详解) 题目名称:签到 问卷题 BlueTeaming CipherMan ISO1995 EzTime threebody 加油各位( •̀ ω •́ )y期待与君再相逢
sql注入,强网杯题目2019
h0ld1rs的博客
08-19 307
文章目录题目步骤1. 先确认存在注入2.show tables3. show columns4. 更改表的字段 题目 步骤 1. 先确认存在注入 使用 1‘ 发现报错 使用1'# 发现正常回显 2.show tables 构造payload1';show tables;# 3. show columns 1';show columns from words;# 根据两个表的查询可以知道,查询出的结果是一个数字加一个字符串,words表结构是id和data,传入的inject参数也就是赋值给了id,
强网杯2021 pwn 赛题解析——babypwn
CoLin的pwn小屋
07-26 875
强网杯2021 pwn 赛题回顾——babypwn
强网杯2022 pwn 赛题解析——house_of_cat
CoLin的pwn小屋
08-04 3093
强网杯2022 pwn 赛题分析——house_of_cat
2021强网杯Write-Up真题解析之WEB部分(暴力干货,建议收藏)
MachineGunJoe666
06-16 4710
前言: 强网杯作为国内最好的CTF比赛之一,搞安全的博友和初学者都可以去尝试下。首先,里面有很多大神队伍,0x300R、eee、0ops、AAA、NeSE、Nu1L等,真的值得我们去学习。其次,非常感谢强网杯的主办方,这么好的比赛离不开许多师傅们的辛苦,我们应该感恩这么高质量比赛的幕后工作者。最后,作为一枚安全菜鸡,就让我简单复现下本次比赛的Web题目。不喜勿喷,欢迎指正~ 比赛信息 比赛全称:第五届强网杯全国网络安全挑战赛 比赛地址:https://ctf.ichunqiu.com/20.
第六届“强网杯”全国网络安全挑战赛-青少年专项赛
热门推荐
Moxin1044的博客
09-06 1万+
试卷说明:本次考试共设置30道考题,单选题3分/道,多选题4分/道,满分100分。16、若两台主机在同一子网中,则两台主机的IP地址分别与它们的子网掩码相“与”的结果一定是?10、若两台主机在同一子网中,则两台主机的IP地址分别与它们的子网掩码相“与”的结果一定是?14、如果数据包是给本网广播的,那么该数据包的目的IP地址应该是()。13、如果数据包是给本网广播的,那么该数据包的目的IP地址应该是()。11、如果数据包是给本网广播的,那么该数据包的目的IP地址应该是()。
【CTF WriteUp】2020第四届强网杯部分Crypto题解
cccchhhh6819的博客
08-24 7726
写在前边 强网杯还是难。。去年正赛赛题一道都不会,只能靠临时补充的强网先锋题目拿分的情景历历在目。今年也没好哪去,只能写一点是一点吧。 modestudy 这道题是一道六合一块密码大杂烩,考察基础知识与变换,六道小的题目全做完以后拿到flag。其中4、5、6三道题需要大量交互,因此答案不变,可以单次做完后保留答案一起提交。1、2、3三道题当场变换即可。 Stage 1 [$] challenge 1 [+] cookie:session=6b1f33a78c5b9c17;admin=0;checksum=5
1028 - NOIP 2018 普及组初赛试题题解
最新发布
09-10
NOIP 2018 普及组初赛第1028题的题解如下: 题目描述: 给定一个正整数N,要求编写一个程序,计算出它的阶乘N!。阶乘N!是所有小于或等于N的正整数的乘积,且0!定义为1。例如:5! = 5 × 4 × 3 × 2 × 1 = 120。 ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值