安洵杯 2022

Cry1

就是猜数字,范围是1-20,每次连接终端有6次机会,6/20的概率,多次连接尝试爆破即可。

from pwn import *
from hashlib import *
import string
import itertools

table = string.ascii_uppercase + string.ascii_lowercase + string.digits

def proof():
    s1 = io.recvline()
    print(s1)
    p1 = s1.find(b'X +')
    p2 = s1.find(b')')
    p3 = s1.find(b':')
    s = s1[p1+4:p2]
    h = s1[p3+1:-1]
    h = h.decode()
    print(h)
    print(s)
    for i in itertools.product(table, repeat=4):
        d = ''.join(i).encode()
        dd = d + s
        #print(dd)
        if sha256(dd).hexdigest() == h:
            print(d)
            io.sendline(d)
            print(io.recvuntil(b'(1~20)\n'))
            break
while True:
    io = remote('120.78.131.38',10001)
    proof()
    for i in range(6):
        num = str(randint(1,20)).encode()
        print(num)
        io.sendline(num)
        try:
            nounce = io.recvline()
            print(nounce)
        except:
            io.interactive()
    io.close()
# right!, give you flag: D0g3{Y0u_C4n_gu3ss_The_Fl4g}

Cry2

类似该题,区别在于这里需要先填充8个字节让flag的前八个字符为一组,再继续填充15个字符进行爆破,爆破出来之后用flag2作为密钥解密即可。

from pwn import *
from hashlib import *
import string
import itertools

table = string.ascii_letters + string.digits

def proof():
    s1 = io.recvline()
    print(s1)
    p1 = s1.find(b'X +')
    p2 = s1.find(b')')
    p3 = s1.find(b':')
    s = s1[p1+4:p2]
    h = s1[p3+1:-1]
    h = h.decode()
    print(h)
    print(s)
    io.recvline()
    for i in itertools.product(table, repeat=4):
        d = ''.join(i).encode()
        dd = d + s
        #print(dd)
        if sha256(dd).hexdigest() == h:
            print(d)
            io.sendline(d)
            #io.interactive()
            break

def go():
    flag = ''
    for i in range(16):
        pre = '0' * (23 - i)
        print(pre)
        io.sendline(pre.encode())
        r1 = io.recvline()
        r2 = io.recvline()
        r = r2[55:55+32]
        #print(r1)
        print(r2)
        for c in table:
            cc = pre + flag + c
            print(cc)
            io.sendline(cc.encode())
            h1 = io.recvline()
            h2 = io.recvline()[55:55+32]
            print(h2)
            if h2 == r:
                flag = flag + c
                print(flag)
                break
    print(flag)
io = remote('120.78.131.38',10086)
proof()
go()
# flag长度 < 32 应该是24
# kSUKUMYeRf0wXFX
from Crypto.Cipher import AES
import binascii

c = b'0f36bfb814a1774a6de43b60ac9029089c1521dbf0736105885155ffc5b8e0be4a72df2a37e81511b8b6d009ef414cfd'
cc = binascii.a2b_hex(c)
key = b'kSUKUMYeRf0wXFX}'
cipher = AES.new(key,AES.MODE_ECB)
print(cipher.decrypt(cc))
# D0g3{AtkkSUKUMYeRf0wXFX}

Cry3

proof1爆破哈希,proof2就是字节翻转,具体构造是这样的:
god = b'Whitfield__Diffie' know = binascii.a2b_hex(know) s1 = xor(know,god[:-1]) s = pad(god,16) + s1 + b'e' print(pad(s,16))
把s发过去就成了。
最后那部分类似领航杯的三组e共模攻击,也不是很麻烦。

from pwn import *
from hashlib import *
import string
import itertools
from Crypto.Util.Padding import pad

table = string.ascii_uppercase + string.ascii_lowercase + string.digits
flag_table = string.ascii_letters

def proof():
    s1 = io.recvline()
    print(s1)
    p1 = s1.find(b'X +')
    p2 = s1.find(b')')
    p3 = s1.find(b':')
    s = s1[p1+4:p2]
    h = s1[p3+1:-1]
    h = h.decode()
    print(h)
    print(s)
    for i in itertools.product(table, repeat=4):
        d = ''.join(i).encode()
        dd = d + s
        #print(dd)
        if sha256(dd).hexdigest() == h:
            print(d)
            io.sendline(d)
            #io.interactive()
            break

io = remote('120.78.131.38',10010)
proof()
tmp = io.recvuntil(b'-->')
know = tmp[-4-32:-4]
print(know)

god = b'Whitfield__Diffie'
know = binascii.a2b_hex(know)
s1 = xor(know,god[:-1])
s = pad(god,16) + s1 + b'e'
print(pad(s,16))
# 服务端没有strip所以这里用send
io.send(s)
io.interactive()

from gmpy2 import *
cha = [11566315178810666112045792507349527046290230067590228743184825825305869761202826664570607864644144508409221969424536410403793563976852067314909614503778864397775516728068035194953626046633530002020897947579064799821077089770722910272330069747223336673674759531868093029878680043530695414313390279155625116826166789957725778984497828615892023549295298176004809224634080780499440355563728205394007031421663011999323392091886591604823620004456395626836396774932824152758268853097898576425369752554043855455065996785594400034881451785425057459117799787686422750986220527190281391472953650656184887881302234965171530009879, 87534325350423034026000929881959603857363849743409034326618148829269599141976355688936424710510983122624493020255797270209376109681058159961011211835205457563532310435236677511439688885574862069097165089074767182887958478105952931260515312435496311772061940391229473078660200885665542891597461629822729058099, 83525339270950845042080993549664951111021077232214752006280489620661343566404209457954830630488404973234633988484046600077523003645546756617371449483994167901471126460785263634844319742771539168359797181577188869647956863282805740935950366377260966414686642306862436128156049265898142170497321393550246955921, 112600908576678130569865839920123225274694118474713810445020421026589560950550589137347762514510599511184559677226262131137291258487839249875666608320286403587541297270322474831885466401506940186477846377243109394316365607937209298035055984347625785774133076023608041157900318111276639600620561903442975590491, 4472210003639656121655049123361376209185470178509395297337604084661633214989111553975551451698374922835313396462399387561982577576429775303941854871946352443233945198232110566625237391798817377544542771169681872613578993178818111788722534628417290275379964129990876608009957569856014568846174219668632972575169894619012760570296653611147179161838964716965297095469773022627092117759430632943019739337561038470752128735881944826825200503911153469625107317671085252017915725464043014674763134028741305670619933923026351646632315454547060035393338238373055026301318257808382091346664057179080368657957273057406145162376, 507567374479512313850485466434637683225446379356276041932911843385627911887279136185156821258399504984410144175663342373984055576612752578542719678865646682799243616254214241415207348182545666283115028054599905129515672689969125639220088116804385327509271180428838101643005707150184024726324650833944037105890791395593965135244860834884370551567491657351205070893266849848286169197140608147868320089327580883384534118419957907892907486824807273009270630242249079373102915271693858409419170116157086555201595383942336556579140271442720601254188295314626447635910941999097306884799784961914839456780297356817343712401, 7518952489971567038834168619442122388600315254804037192340714783302844529911942883138445208232115672709034806089640729171781374762840050581338952211820333638192882780478004379139975369918755703687757007614759731872975556431322811820371284378947504839430886761718411341864516600325347209393805783049014703577384086299815561007095295465919677590710112944567101358151038017967112168303302572793018879187644050979695109662449285210301998111721579295480521877570588409654694763086801242871457663354267878307472172828162689913572706779002081462357235369207056761675612557122543122375315234741891365002833142815601258037627]
n, e1, e2, e3, c1, c2, c3 = cha[0],cha[1],cha[2],cha[3],cha[4],cha[5],cha[6]

y1,x1,x2=gcdext(e1,e2)
s,t1,x3=gcdext(y1,e3)
# sage中为xgcd
print(s)
m=pow(c1,x1*t1,n)*pow(c2,x2*t1,n)*pow(c3,x3,n)%n
print(bytes.fromhex(hex(m)[2:]))
posted @ 2022-11-28 14:51  ZimaB1ue  阅读(412)  评论(0编辑  收藏  举报