闲的没事写份wp(~ ̄▽ ̄)~
个人博客:https://www.st1ck4r.top
考点:棋盘密码
在线解密:https://www.qqxiuzi.cn/bianma/qipanmima.php
考点:Emoji表情符号编码,XXencode,核心价值观编码
Emoji表情符号编码
XXencode
核心价值观编码
考点:BubbleBabble编码,JSfuck编码,Brainfuck编码
BubbleBabble编码
JSfuck编码
在线解密:http://www.hiencode.com/jsfuck.html
或者使用浏览器控制台进行解密
Brainfuck编码
考点:RSA
附件中的脚本如下:
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
flag = "*****************"
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
c = pow(int(b2a_hex(flag),16),e,n)
print c
# 27565231154623519221597938803435789010285480123476977081867877272451638645710
解密脚本如下:
import gmpy2
from Crypto.Util.number import *
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710
e = 65533
n = p * q
phi_n = (p-1) * (q-1)
d = gmpy2.invert(e, phi_n)
m = pow(c, d, n)
print(long_to_bytes(m))
考点:base64,ROT47
先base64解码
再用ROT47解密得到结果
考点:手机键盘密码
打开附件发现这些字母是手机26键键盘的第一行,上面有对应数字,并且位数在1到4位,说明是9键键盘,刚好和题目意思对上了,这种题写法就是比如o,对应9,就在九键键盘上9的位置,看o有多少位,3个o,就是9那个位置字符串的第三个字符,也就是y。
明白原理后编写脚本:
c = "ooo yyy ii w uuu ee iii ee uuu ooo r yyy yyy e"
key26 = " qwertyuiop"
key9 = [" "," ","abc","def","ghi","jkl","mno","pqrs","tuv","wxyz"]
for part in c.split(" "):
s = key26.index(part[0])
count=len(part)
print(key9[s][count-1],end="")
考点:摩斯密码,16进制转文本
摩斯密码
16进制转文本
考点:维吉尼亚密码无密钥解密
下载附件解压得到两个文件,Encode.c文件为加密脚本,但是缺失密钥
#include
#include
#include
int main()
{
freopen("flag.txt","r",stdin);
freopen("flag_encode.txt","w",stdout);
char key[] = /*SADLY SAYING! Key is eaten by Monster!*/;
int len = strlen(key);
char ch;
int index = 0;
while((ch = getchar()) != EOF){
if(ch>='a'&&ch<='z'){
putchar((ch-'a'+key[index%len]-'a')%26+'a');
++index;
}else if(ch>='A'&&ch<='Z'){
putchar((ch-'A'+key[index%len]-'a')%26+'A');
++index;
}else{
putchar(ch);
}
}
return 0;
}
由脚本可知flag_encode.txt为加密后的文本,通过在线解密网站爆破密钥解密文本得到flag。
考点:RSA
题目如下:
from Crypto.Util.number import getPrime,bytes_to_long
from sympy import Derivative
from fractions import Fraction
from secret import flag
p=getPrime(1024)
q=getPrime(1024)
e=65537
n=p*q
z=Fraction(1,Derivative(arctan(p),p))-Fraction(1,Derivative(arth(q),q))
m=bytes_to_long(flag)
c=pow(m,e,n)
print(c,z,n)
'''
output:
7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441
'''
分析:
Derivative是表示导函数的类,它的第一个参数是需要进行求导的数学函数,第二个参数是求导的自变量,注意:Derivative所得到的是一个导函数,它不会进行求导运算;例:t=Derivative(sin(x),x)
Fraction():进行分数运算,例:Fraction(2,8)等于0.25
反正切函数的求导:(arctanx)'= 1/(1+x^2);
arth(x)是反双曲函数正切,(arth(x))'= 1/(1-x^2);
由此可得z=p^2 + q^2;
∵ n= p*q,z=p^2 + q^2;
∴ p + q = √(z + 2n) = √(p^2 + q^2 + 2pq) = √(p + q)^2,
p - q = √(z - 2n) = √(p^2 + q^2 - 2pq) = √(p - q)^2
则phi_n = (p-1)(q-1) = pq-(p+q )+1 = n - (p+q) + 1
编写解密脚本如下:
import gmpy2
from Crypto.Util.number import *
c = 7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
z = 32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
n = 15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441
e = 65537
p_plus_q = gmpy2.iroot(z+2*n, 2)[0]
# Tips: gmpy2.iroot(x,n) x开n次根
# print(p_plus_q)
phi_n = n - p_plus_q + 1
# print(phi_n)
d = gmpy2.invert(e, phi_n)
# Tips: gmpy2.invert(x,m) 求大整数x模m的逆元
m = pow(c, d, n)
print(long_to_bytes(m))
考点:16进制转文本,base32,base64
直接扔到CyberChef自动解密即可。
考点:RSA
from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random
flag = "******************************"
nbit = 128
p = getPrime(nbit)
q = getPrime(nbit)
n = p*q
print p
print n
phi = (p-1)*(q-1)
e = random.randint(50000,70000)
while True:
if gcd(e,phi) == 1:
break;
else:
e -= 1;
c = pow(int(b2a_hex(flag),16),e,n)
print b32encode(str(c))[::-1]
# 2373740699529364991763589324200093466206785561836101840381622237225512234632
分析:
enc文件给出了p,n,c,可求出q。
根据题目脚本可知e为50000到70000之间的随机值,所以我们对e进行遍历,爆破求出d。
最后判断明文中是否含有flag字样来确认最后答案(或者全部输出出来挨个找)。
解密脚本如下:
import gmpy2
import base64
from Crypto.Util.number import *
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
q = n//p
c = '==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM'
c = int(base64.b64decode(c[::-1]))
# c在脚本文件中给出,这里直接拿来用即可
phi_n = (p - 1) * (q - 1)
for e in range(50000,70000):
if gmpy2.gcd(e, phi_n) == 1:
# gmpy2.gcd(a,b) 求大整数a,b的最大公因数
d = gmpy2.invert(e, phi_n)
m = long_to_bytes(pow(c, d, n))
if 'flag' in str(m):
print(m)
else:
continue
考点:希尔密码
对希尔密码没太多研究,这里直接贴原题wp以及解密脚本。
s='wznqcaduqopfkqnwofDbzgeu'
flag_pre='utflag'
def getit(a1,b1,c1,a2,b2,c2,a3,b3,c3):
for i in range(26):
for j in range(26):
if (a1 * i + b1 * j) % 26 == c1 and (a2 * i + b2 * j) % 26 == c2 and (a3 * i+b3*j) % 26 == c3:
return (i,j)
x1=getit(22,25,20,13,16,5,2,0,0)
x2=getit(22,25,19,13,16,11,2,0,6)
import string
flag=''
for i in range(0, len(s),2):
flag+=string.ascii_letters[(x1[0]*string.ascii_letters.index(s[i])+x1[1]*string.ascii_letters.index(s[i+1]))%26]
flag+=string.ascii_letters[(x2[0]*string.ascii_letters.index(s[i])+x2[1]*string.ascii_letters.index(s[i+1]))%26]
print(flag)
https://www.cnblogs.com/1ucky/p/16257212.html
https://blog.csdn.net/m0_52727862/article/details/119118956
考点:AES密钥爆破
题目源码:
import random
from Crypto.Util.number import long_to_bytes
from Crypto.Cipher import AES
from secret import flag
assert flag[:5] ==b'cazy{'
def pad(m):
tmp = 16-(len(m)%16)
return m + bytes([tmp for _ in range(tmp)])
def encrypt(m,key):
aes = AES.new(key,AES.MODE_ECB)
return aes.encrypt(m)
if __name__ == "__main__":
flag = pad(flag)
key = pad(long_to_bytes(random.randrange(1,1<<20)))
c = encrypt(flag,key)
print(c)
# b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ\xd5\xc3\x1c'
解密脚本:
import random
from Crypto.Util.number import long_to_bytes
from Crypto.Cipher import AES
def pad(m):
tmp = 16-(len(m)%16)
return m + bytes([tmp for _ in range(tmp)])
def decrypt(c, key):
aes = AES.new(key, AES.MODE_ECB)
return aes.decrypt(c)
def main():
c = b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ\xd5\xc3\x1c'
for i in range(0, 1 << 20):
key = pad(long_to_bytes(i))
flag = decrypt(c, key)
if flag.startswith(b'cazy{'):
print(flag.decode())
if __name__ == '__main__':
main()
https://copyfuture.com/blogs-details/202204180203574829#no_cry_no_bb_309
考点:base64换表
直接丢进cyberchef解密即可。
考点:二进制转文本,base64,凯撒密码,替换加密2222
先通过二进制文本转换
再经过base64解密(表已给出)
提示罗马人,猜测为凯撒密码
根据提示可知为替换加密,并且由utflag{开头
通过替换解密网站解密获得flag。
考点:离散对数,同余数运算
题目脚本如下:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from Crypto.Util.number import *
import random
n = 2 ** 512
m = random.randint(2, n-1) | 1
c = pow(m, bytes_to_long(flag), n)
print 'm = ' + str(m)
print 'c = ' + str(c)
# m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075
# c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499
解密脚本如下:
m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075
c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499
n = 2 ** 512
import sympy
flag=sympy.discrete_log(2**512,c,m)
import binascii
print(binascii.unhexlify(hex(flag)[2:]))#将答案的十六进制转出来就行
2020网鼎杯-青龙组-you raise me up赛题讲解
考点:变异base64
附件的文本给出了修改过的码表和通过新码表生成的密文,编写脚本如下:
import base64
c = "FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw"
dict = {0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
Dict = ''
for i in range(0,65):
#用于替换的新码表
Dict+=dict[i]
# print(Dict)
# 默认码表
old_b64dic = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
print(base64.b64decode(c.translate(str.maketrans(Dict,old_b64dic))))
考点:字符替换,替换加密
看格式猜测为摩斯密码,将A替换为 - ,B替换为 . ,并进行解密:
在密文中看到一段疑似flag的字符串,结合题目描述,猜测为替换加密:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Dj6z1h42-1669820236723)(https://st1ck4r-1307158806.cos.ap-shanghai.myqcloud.com/hexo-img%2F202210262153050.png)]
将字母转换为小写并加上flag{}即可。
考点:栅栏密码,ROT
先栅栏密码解一下,在栅栏32处可得到flag字样
使用CyberChef的“ROT47 Brute Force”可以看到在rot32处可以看到flag{,rot31处可以看到uuid格式
将二者结合一下即可得到flag。
考点:RSA共模攻击
题目:
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
分析:
已知n,e1,c1,e2,c2,求解明文,采用共模攻击
共模攻击是指生成秘钥的过程中使用了相同的模数n,此时用不同的秘钥e1,e2加密同一信息m,得到不同的密文c1,c2,即
m^e1 % n = c1
m^e2 % n = c2
因为e1和e2都是素数,所以由扩展欧几里得算法
可以计算出s1和s2,使得e1 * s1 + e2 * s2 = 1
根据这些信息,可以直接计算m。
解密脚本:
import gmpy2
import binascii
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
#扩展欧几里得算法
#return (r,x,y) 其中,r为a和b的最大公约数,xy满足ax + by = 1
r, s1, s2 = gmpy2.gcdext(e1, e2) #计算s1,s2
m = (gmpy2.powmod(c1,s1,n)*gmpy2.powmod(c2,s2,n)) % n #计算明文m
m = hex(m)[2:]
print("明文数据为:0x" + m)
flag = binascii.unhexlify(m)
print(flag)
RSA详细讲解请关注B站风二西
考点:RSA
题目如下:
from Crypto.Util.number import *
from secret import flag
size = 1024
e = 65537
p = getPrime(size)
q = getPrime(size)
secret_number = p//2 + q//2
n = p*q
m = bytes_to_long(flag)
c = pow(m, e, n)
print('n = %d' % n)
print('secret_number = %d' % secret_number)
print('c = %d' % c)
'''
n = 22509086801958243584160896092746908630694018090056581017461443058446441899125092070639421197960378516372961277369740470406529943787211214964921083230926914343320661425624084409196872152674139019296604017412393812478062858042969761505020435940284503998062749707777048407106244812010761907190446218013202432083648343986092795304412078098832180950855581860843921608824482050763432049397135876577736184015035186956050899352615144545509108040234866166011938627657466203544914633594539776744105171825849608987456098888757535649477495128317810377886255753844074902127204594231503064532577241801932109207903469027362510506233
secret_number = 150814869558908087373464058202864038290992977960954022076493222042224699347856531016137334973082497483862270347934436594302143317750441792382701202396256173557675825668931157699846667286710175089825878631391093991147501899560360870600289219263223003413131728798812934604722319716762320615256029047005650484533
c = 8684819352060095140949755961626772275008541063620112226993948898217712105916743906266076784387852185058063580919761791704218108240937658757953644599584186462340112568545708954511494324407027145573632677044815957027804511347554060726296964346328343726403238305461023048724076194233352083590973693034206285350840404541871139333496967358749655838362873289564030144881687304779855244006191034457460831852327662418152650018585974958279046682474752240105120100306165547388506944241361336578650749566884180089756118324426547977914736225291225790022735934050192892414308107766266269197250386196913540163145594578786980011396
'''
分析:
∵phi_n = (p - 1)(q - 1) = pq - (p + q) + 1
而p*q=n已知,secret_number = p//2 + q//2 = (p + q)//2
将 secret_number * 2 即可得到p + q的值
∴phi_n = (p - 1)*(q - 1) = n - secret_number * 2 + 1
解题脚本如下:
import gmpy2
from Crypto.Util.number import *
n = 22509086801958243584160896092746908630694018090056581017461443058446441899125092070639421197960378516372961277369740470406529943787211214964921083230926914343320661425624084409196872152674139019296604017412393812478062858042969761505020435940284503998062749707777048407106244812010761907190446218013202432083648343986092795304412078098832180950855581860843921608824482050763432049397135876577736184015035186956050899352615144545509108040234866166011938627657466203544914633594539776744105171825849608987456098888757535649477495128317810377886255753844074902127204594231503064532577241801932109207903469027362510506233
secret_number = 150814869558908087373464058202864038290992977960954022076493222042224699347856531016137334973082497483862270347934436594302143317750441792382701202396256173557675825668931157699846667286710175089825878631391093991147501899560360870600289219263223003413131728798812934604722319716762320615256029047005650484533
c = 8684819352060095140949755961626772275008541063620112226993948898217712105916743906266076784387852185058063580919761791704218108240937658757953644599584186462340112568545708954511494324407027145573632677044815957027804511347554060726296964346328343726403238305461023048724076194233352083590973693034206285350840404541871139333496967358749655838362873289564030144881687304779855244006191034457460831852327662418152650018585974958279046682474752240105120100306165547388506944241361336578650749566884180089756118324426547977914736225291225790022735934050192892414308107766266269197250386196913540163145594578786980011396
e = 65537
phi_n = n - secret_number*2 + 1
d = gmpy2.invert(e,phi_n)
m = pow(c,d,n)
print(long_to_bytes(m))
考点:base64,md5
解压附件后获得一千多张二维码
使用python的pyzbar模块进行批量扫码
for i in range(1,1858):
qrcode = cv2.imread(str(i)+'.png')
data = pyzbar.decode(qrcode)[0].data.decode("utf-8")
扫完后发现为base编码后的文本,其中插着一些摩斯密码,根据题目描述,推定摩斯密码为干扰项,进行删除处理,获得以下文本:
用base64解码之后发现还有一层base64,所以这是双层base64编码,需要解码两次:
for i in range(0,len(debase)):
#解两次base64
md_5+=base64.b64decode(base64.b64decode(debase[i])).decode()
md_5+='\n'
解码后发现为md5,这里可以通过在线md5网站挨个进行解密
或者通过字符md5值比对获得flag。
wordlist='abcdefghijklmnopqrstuvwxyz1234567890-}{'
for i in range(0,len(cmd5)):
for word in wordlist:
md5 = hashlib.md5(word.encode()).hexdigest()
if md5 == str(cmd5[i].rstrip('\n')):
flag += word
完整解密脚本如下:
import hashlib
import cv2
import pyzbar.pyzbar as pyzbar
import base64
def QRcode():
for i in range(1,1858):
qrcode = cv2.imread(str(i)+'.png')
data = pyzbar.decode(qrcode)[0].data.decode("utf-8")
with open('decode.txt','a') as f:
#去除文本中的摩斯密码
if data == '.' or data == '-' or data == '/':
continue
elif data == '=':
f.write(data+'\n')
else:
f.write(data)
f.close()
def base():
md_5=''
base = open('decode.txt','r')
debase=base.readlines()
for i in range(0,len(debase)):
#解两次base64
md_5+=base64.b64decode(base64.b64decode(debase[i])).decode()
md_5+='\n'
base.close()
with open('decode.txt','w') as f:
f.write(md_5)
f.close()
def cmd5():
wordlist='abcdefghijklmnopqrstuvwxyz1234567890-}{'
flag=''
md_5 = open('decode.txt','r')
cmd5=md_5.readlines()
md_5.close()
#清空txt
with open('decode.txt','w') as f:
f.write('')
f.close()
#MD5字典比对
for i in range(0,len(cmd5)):
for word in wordlist:
md5 = hashlib.md5(word.encode()).hexdigest()
if md5 == str(cmd5[i].rstrip('\n')):
flag += word
with open('decode.txt','a') as f:
f.write(cmd5[i].rstrip('\n')+' = '+word+'\n')
f.close()
else:
continue
print(flag)
def main():
QRcode()
base()
cmd5()
if __name__ == '__main__':
main()
后话:
解密脚本跑出来的flag总是提交不对,问了出题人才发现是类UUID的格式,跑出来的flag少了一个“-”,这个需要加哪就自己想想吧。
考点:套娃,base64换表,base62,rabbit,gunzip,base58
经典套娃题
第一层:图片属性查看
获得密码1.zip的解压密码。
第二层:base64换表
获得密码2.zip的解压密码。
第三层:base62
获得密码3.zip的解压密码。
第四层:rabbit
获得密码4.zip的解压密码。
第五层:base64 + gunzip
获得密码5.zip的解压密码。
第六层:base58
获得密码end.zip的解压密码,获得flag。
Tips:
这道题很坑,有两层的解码必须使用那一个网站,其他网站都解不出来(至少我知道的没有),我怀疑出题人是来推广网站的内鬼!!!
from Crypto.Util.number import *
import gmpy2
from secret import flag
p = getPrime(1024)
q = getPrime(1024)
n = p * q
e = 65537
M = 2193887977 * flag * 3998648981 * p
c = pow(M, e, n)
print("e =",e)
print("n =",n)
print("c =",c)
'''
e = 65537
n = 16545807420674777260731864728347692716852933013510358278073611202332007473720430465950210831453874174540180585130284986359779330000733801240082822726387902347966983737629273658535545686936237936141483317768284389938633104733197235832335532556051916980785242007600099011879153728673588069312464701972213839299879617298657885362677778298115085245941641554378903105514256327378280355541317734041694207413428357390976229783945342498503928320163518890180270876637471305246355642573272287605884886848334407391989468718620712850803967430982862388658124662960138965477608743720994149731284055156410574157127935169200967464041
c = 12573125100440645635208438773062729879925788414291653704773664596815708408240935990941291157120226868540261287915991224097557261582576026311296297903426539698340847115148512587335396876711554850903542557730065494111799880290379940930365470290145336039125564114042461210457424293463908053697465052970279014937763120461866776230177455716958740744166180107518057001616745826304829048973489497061351429249921261051497057199034052110749413864159973040289368555140264908416367160930311792183536096094258397119579836896890818783685069994299697780296136914500206334079756465995253952551310399723804193050511824397531239144341
'''
nc不互素。
解题脚本如下:
from Crypto.Util.number import *
import gmpy2
c = 12573125100440645635208438773062729879925788414291653704773664596815708408240935990941291157120226868540261287915991224097557261582576026311296297903426539698340847115148512587335396876711554850903542557730065494111799880290379940930365470290145336039125564114042461210457424293463908053697465052970279014937763120461866776230177455716958740744166180107518057001616745826304829048973489497061351429249921261051497057199034052110749413864159973040289368555140264908416367160930311792183536096094258397119579836896890818783685069994299697780296136914500206334079756465995253952551310399723804193050511824397531239144341
n = 16545807420674777260731864728347692716852933013510358278073611202332007473720430465950210831453874174540180585130284986359779330000733801240082822726387902347966983737629273658535545686936237936141483317768284389938633104733197235832335532556051916980785242007600099011879153728673588069312464701972213839299879617298657885362677778298115085245941641554378903105514256327378280355541317734041694207413428357390976229783945342498503928320163518890180270876637471305246355642573272287605884886848334407391989468718620712850803967430982862388658124662960138965477608743720994149731284055156410574157127935169200967464041
e = 65537
p = gmpy2.gcd(n,c)
q = n//p
phi_n = (p-1)*(q-1)
d = gmpy2.invert(e,phi_n)
M = pow(c,d,n)
m = M//(2193887977 * 3998648981 * p)
print(long_to_bytes(m))
考点:RSA
已知p+q,(p+1)(q+1),e,d以及密文enc_flag。
分析:
∵(p+1)(q+1)=p*q+p+q+1,(p+1)(q+1),p+q已知;
而n=p*q;
∴n=(p+1)(q+1)-(p+q)-1
解密脚本如下:
from Crypto.Util.number import *
p_q = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
p_1_p_1 = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
e = 0xe6b1bee47bd63f615c7d0a43c529d219
d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
n = p_1_p_1 - p_q - 1
m=pow(c,d,n)
print(long_to_bytes(m))
考点:压缩包密码爆破,异或加密
附件中三个文件,其中一个为加密的压缩包,提示密码为小z的生日(知道密码为纯数字就行),使用压缩包爆破工具ARCHPR进行爆破。
解压后获得密文加密脚本:
#include
char flag[25] = ***
int main()
{
int i;
for(i=0;i<25;i++)
{
flag[i] -= 3;
flag[i] ^= 0x7;
printf("%c",flag[i]);
}
return 0;
}
一个简单的异或,编写解密脚本如下:
c='Ygvdmq[lYate[elghqvakl}'
m=''
for i in c:
#异或的异或等于不异或
a=ord(i)^0x7
a+=3
m+=chr(a)
print(m)
考点:培根密码
根据题目名称以及题目描述可知培根密码
将’.‘和’-'分别替换为’A’和’B’后,发现存在没有被替换的字符
采用手动替换
培根密码在线解密可得flag:
考点:波利比奥斯方阵密码
先了解一下波利比奥斯方阵密码
编写排布方式遍历脚本:
import itertools
s="aeoiu"
sumresult=[]
numsumresult=[]
ciper="ouauuuoooeeaaiaeauieuooeeiea"
for i in itertools.permutations(s,5):#找出所有全排列
sumresult.append("".join(i))
for i in sumresult:
temp=""
for j in ciper:
temp+=str(i.index(j)+1)
numsumresult.append(temp)
for i in numsumresult:
ans_=""
for j in range(0, len(i),2):
xx=(int(i[j])-1)*5+int(i[j+1])+96
if xx>ord('i'):
xx+=1
ans_+=chr(xx)
print(ans_)
考点:RSA
题目脚本如下:
from Crypto.Util.number import getPrime,bytes_to_long
flag=open("flag","rb").read()
p=getPrime(1024)
q=getPrime(1024)
assert(e<100000)
n=p*q
m=bytes_to_long(flag)
c=pow(m,e,n)
print c,n
print pow(294,e,n)
p=getPrime(1024)
n=p*q
m=bytes_to_long("BJD"*32)
c=pow(m,e,n)
print c,n
'''
output:
12641635617803746150332232646354596292707861480200207537199141183624438303757120570096741248020236666965755798009656547738616399025300123043766255518596149348930444599820675230046423373053051631932557230849083426859490183732303751744004874183062594856870318614289991675980063548316499486908923209627563871554875612702079100567018698992935818206109087568166097392314105717555482926141030505639571708876213167112187962584484065321545727594135175369233925922507794999607323536976824183162923385005669930403448853465141405846835919842908469787547341752365471892495204307644586161393228776042015534147913888338316244169120 13508774104460209743306714034546704137247627344981133461801953479736017021401725818808462898375994767375627749494839671944543822403059978073813122441407612530658168942987820256786583006947001711749230193542370570950705530167921702835627122401475251039000775017381633900222474727396823708695063136246115652622259769634591309421761269548260984426148824641285010730983215377509255011298737827621611158032976420011662547854515610597955628898073569684158225678333474543920326532893446849808112837476684390030976472053905069855522297850688026960701186543428139843783907624317274796926248829543413464754127208843070331063037
381631268825806469518166370387352035475775677163615730759454343913563615970881967332407709901235637718936184198930226303761876517101208677107311006065728014220477966000620964056616058676999878976943319063836649085085377577273214792371548775204594097887078898598463892440141577974544939268247818937936607013100808169758675042264568547764031628431414727922168580998494695800403043312406643527637667466318473669542326169218665366423043579003388486634167642663495896607282155808331902351188500197960905672207046579647052764579411814305689137519860880916467272056778641442758940135016400808740387144508156358067955215018
979153370552535153498477459720877329811204688208387543826122582132404214848454954722487086658061408795223805022202997613522014736983452121073860054851302343517756732701026667062765906277626879215457936330799698812755973057557620930172778859116538571207100424990838508255127616637334499680058645411786925302368790414768248611809358160197554369255458675450109457987698749584630551177577492043403656419968285163536823819817573531356497236154342689914525321673807925458651854768512396355389740863270148775362744448115581639629326362342160548500035000156097215446881251055505465713854173913142040976382500435185442521721 12806210903061368369054309575159360374022344774547459345216907128193957592938071815865954073287532545947370671838372144806539753829484356064919357285623305209600680570975224639214396805124350862772159272362778768036844634760917612708721787320159318432456050806227784435091161119982613987303255995543165395426658059462110056431392517548717447898084915167661172362984251201688639469652283452307712821398857016487590794996544468826705600332208535201443322267298747117528882985955375246424812616478327182399461709978893464093245135530135430007842223389360212803439850867615121148050034887767584693608776323252233254261047
'''
题目中对于p值输入了两次,所以前后n对应不同的值,于是,我们可以从个题目中得知 c1,n1,c294,c2,n2 五个条件。
分析:
前后q值相同,于是我们可以用gcd函数求出q值,进而求出在不同操作中的p1和p2值。
通过 c294 = pow(294,e,n1)这个条件对e进行暴力求解。
解密脚本如下:
import gmpy2
from Crypto.Util.number import *
c1=12641635617803746150332232646354596292707861480200207537199141183624438303757120570096741248020236666965755798009656547738616399025300123043766255518596149348930444599820675230046423373053051631932557230849083426859490183732303751744004874183062594856870318614289991675980063548316499486908923209627563871554875612702079100567018698992935818206109087568166097392314105717555482926141030505639571708876213167112187962584484065321545727594135175369233925922507794999607323536976824183162923385005669930403448853465141405846835919842908469787547341752365471892495204307644586161393228776042015534147913888338316244169120
n1=13508774104460209743306714034546704137247627344981133461801953479736017021401725818808462898375994767375627749494839671944543822403059978073813122441407612530658168942987820256786583006947001711749230193542370570950705530167921702835627122401475251039000775017381633900222474727396823708695063136246115652622259769634591309421761269548260984426148824641285010730983215377509255011298737827621611158032976420011662547854515610597955628898073569684158225678333474543920326532893446849808112837476684390030976472053905069855522297850688026960701186543428139843783907624317274796926248829543413464754127208843070331063037
c294=381631268825806469518166370387352035475775677163615730759454343913563615970881967332407709901235637718936184198930226303761876517101208677107311006065728014220477966000620964056616058676999878976943319063836649085085377577273214792371548775204594097887078898598463892440141577974544939268247818937936607013100808169758675042264568547764031628431414727922168580998494695800403043312406643527637667466318473669542326169218665366423043579003388486634167642663495896607282155808331902351188500197960905672207046579647052764579411814305689137519860880916467272056778641442758940135016400808740387144508156358067955215018
c2=979153370552535153498477459720877329811204688208387543826122582132404214848454954722487086658061408795223805022202997613522014736983452121073860054851302343517756732701026667062765906277626879215457936330799698812755973057557620930172778859116538571207100424990838508255127616637334499680058645411786925302368790414768248611809358160197554369255458675450109457987698749584630551177577492043403656419968285163536823819817573531356497236154342689914525321673807925458651854768512396355389740863270148775362744448115581639629326362342160548500035000156097215446881251055505465713854173913142040976382500435185442521721
n2=12806210903061368369054309575159360374022344774547459345216907128193957592938071815865954073287532545947370671838372144806539753829484356064919357285623305209600680570975224639214396805124350862772159272362778768036844634760917612708721787320159318432456050806227784435091161119982613987303255995543165395426658059462110056431392517548717447898084915167661172362984251201688639469652283452307712821398857016487590794996544468826705600332208535201443322267298747117528882985955375246424812616478327182399461709978893464093245135530135430007842223389360212803439850867615121148050034887767584693608776323252233254261047
p = gmpy2.gcd(n1,n2)
q1 = n1//p
phi_n = (p-1)*(q1-1)
for e in range(1,100000):
if c294 == pow(294,e,n1):
break
d = gmpy2.invert(e,phi_n)
m = pow(c1,d,n1)
print(long_to_bytes(m))
考点:替换加密
密文:
加密脚本:
#include
using namespace std;
int main()
{
freopen("Plain.txt","r",stdin);
freopen("Cipher.txt","w",stdout);
map f;
int arr[26];
for(int i=0;i<26;++i){
arr[i]=i;
}
random_shuffle(arr,arr+26);
for(int i=0;i<26;++i){
f['a'+i]='a'+arr[i];
f['A'+i]='A'+arr[i];
}
char ch;
while((ch=getchar())!=EOF){
if(f.count(ch)){
putchar(f[ch]);
}else{
putchar(ch);
}
}
return 0;
}
题目提示无规律替换加密,直接在线词频分析网站分析即可。
考点:曼彻斯特编码
用工具直接解:
最后复制16进制转换成文本获得flag(工具解出来需要自己添加一个B)
考点:RSA,费马小定理
题目:
from random import choice
from Crypto.Util.number import isPrime, sieve_base as primes
from flag import flag
def getPrime(bits):
while True:
n = 2
while n.bit_length() < bits:
n *= choice(primes)
if isPrime(n + 1):
return n + 1
e = 0x10001
m = int.from_bytes(flag.encode(), 'big')
p, q = [getPrime(2048) for _ in range(2)]
n = p * q
c = pow(m, e, n)
# n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513
# c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108
对费马小定理了解不多,这里直接贴原题wp:https://blog.csdn.net/qq_61774705/article/details/124676106
考点:替换加密
打开题目附件,给了一个网址,访问后下载一个流量包
追踪TCP流获得加密文本,使用在线替换加密网站进行解密获得flag。
考点:键盘密码,维吉尼亚密码
电脑键盘密码,每五个字符圈起来的那个字符连起来就是压缩包密码
接下来找密钥。根据题目ACTF,猜测接出来的flag应该是‘ACTF开头’,对于维吉尼亚表格可以找到密钥:spsp或者sp
利用解密工具解出flag。
考点:伪加密,RSA
提示为压缩包伪加密,将压缩包用010editor打开,将这两处改为00即可正常解压。
解压后获得rsa的加密脚本和输出文本
from Cryptodome.Util.number import *
import random
FLAG=#hidden, please solve it
flag=int.from_bytes(FLAG,byteorder = 'big')
p=getPrime(512)
q=getPrime(512)
print(p)
print(q)
N=p*q
e=65537
enc = pow(flag,e,N)
print (enc)
p = 9018588066434206377240277162476739271386240173088676526295315163990968347022922841299128274551482926490908399237153883494964743436193853978459947060210411
q = 7547005673877738257835729760037765213340036696350766324229143613179932145122130685778504062410137043635958208805698698169847293520149572605026492751740223
enc = 50996206925961019415256003394743594106061473865032792073035954925875056079762626648452348856255575840166640519334862690063949316515750256545937498213476286637455803452890781264446030732369871044870359838568618176586206041055000297981733272816089806014400846392307742065559331874972274844992047849472203390350
已知p,q,e,编写解密脚本如下:
import gmpy2
from Crypto.Util.number import *
p = 9018588066434206377240277162476739271386240173088676526295315163990968347022922841299128274551482926490908399237153883494964743436193853978459947060210411
q = 7547005673877738257835729760037765213340036696350766324229143613179932145122130685778504062410137043635958208805698698169847293520149572605026492751740223
enc = 50996206925961019415256003394743594106061473865032792073035954925875056079762626648452348856255575840166640519334862690063949316515750256545937498213476286637455803452890781264446030732369871044870359838568618176586206041055000297981733272816089806014400846392307742065559331874972274844992047849472203390350
e = 65537
n = p * q
phi_n = (p-1) * (q-1)
d = gmpy2.invert(e, phi_n)
m = pow(enc, d, n)
print(long_to_bytes(m))
考点:线性方程(?)
加密脚本:
from Crypto.Util.number import*
from secret import flag
assert flag[:5] == b'cazy{'
assert flag[-1:] == b'}'
flag = flag[5:-1]
assert(len(flag) == 24)
class my_LCG:
def __init__(self, seed1 , seed2):
self.state = [seed1,seed2]
self.n = getPrime(64)
while 1:
self.a = bytes_to_long(flag[:8])
self.b = bytes_to_long(flag[8:16])
self.c = bytes_to_long(flag[16:])
if self.a < self.n and self.b < self.n and self.c < self.n:
break
def next(self):
new = (self.a * self.state[-1] + self.b * self.state[-2] + self.c) % self.n
self.state.append( new )
return new
def main():
lcg = my_LCG(getRandomInteger(64),getRandomInteger(64))
print("data = " + str([lcg.next() for _ in range(5)]))
print("n = " + str(lcg.n))
if __name__ == "__main__":
main()
# data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
# n = 10104483468358610819
不会做,官方wp在此。
from Crypto.Util.number import long_to_bytes
import gmpy2
data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
n = 10104483468358610819
r = []
for i in range(10):
r.append([])
for j in range(10):
r[i].append(0)
for i in range(3):
for j in range(3):
r[i][j] = data[i + j]
for i in range(2):
for j in range(3):
r[i][j] = (r[i][j] - r[i + 1][j]) % n
k = gmpy2.invert(r[0][0], n)
for j in range(3):
r[0][j] = (r[0][j] * k) % n
k = r[1][0]
for j in range(3):
r[1][j] = (r[1][j] - k * r[0][j]) % n
k = gmpy2.invert(r[1][1], n)
for j in range(3):
r[1][j] = (r[1][j] * k) % n
k = r[0][1]
for j in range(3):
r[0][j] = (r[0][j] - k * r[1][j]) % n #解出a和b
#用a和b求c
a = 8175498372211240502
b = 5490290802446982981
c = data[2] - a * data[0] - b * data[1]
c=c%n
print(long_to_bytes(b) + long_to_bytes(a) + long_to_bytes(c))
考点:计算机浮点数保存
这个题考的是数据在计算机内存中的存储,需要将上面的数据转换为 内部存储模式再转换为 二进制数据,再转成字节,就得到 flag了。
解题脚本如下:
from libnum import*
import struct
s = [72065910510177138000000000000000.000000,71863209670811371000000.000000,18489682625412760000000000000000.000000,72723257588050687000000.000000,4674659167469766200000000.000000,19061698837499292000000000000000000000.000000]
a = ''
b = ''
for i in s:
i = float(i)
a += struct.pack(',i).hex() #小端
print(a)
for j in s:
i = float(i)
b += struct.pack('>f',i).hex() #大端
print(b)
a = 0x61666374667b7365635f69735f657665727977686572657d
b = 0x7d6572657d6572657d6572657d6572657d6572657d657265
print(n2s(a))
print(n2s(b))
参考:https://blog.csdn.net/MikeCoke/article/details/113802168
考点:rabbbit,核心价值观编码,栅栏密码
下载附件打开,看到熟悉的U2Fsd开头,题目名字带兔子,所以猜测加密方式为Rabbit。
Rabbit在线解密:
接下来就简单了,核心价值观编码:
栅栏密码(栅栏数在题目描述中可以得到为6):
考点:hash爆破,pwntools应用
import random
import string
from signal import alarm
from flag import flag
import os
import hashlib
def proof_of_work():
random.seed(os.urandom(8))
proof = ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(20)])
digest = hashlib.sha256(proof.encode()).hexdigest()
print("sha256(XXXX+%s) == %s" % (proof[4:], digest))
print("Give me XXXX:")
x = input()
if len(x) != 4 or hashlib.sha256((x + proof[4:]).encode()).hexdigest() != digest:
return False
return True
def main():
alarm(120)
if not proof_of_work():
return
try:
print("Welcome to the Vigenere game!")
for i in range(1,1000):
x = random.randint(500, 700)
y = random.randint(40, 50)
z = random.randint(0, 700)
ap = ''.join([random.choice(string.ascii_letters + string.digits + '{' + '}' + '-') for _ in range(x)])
fakeflag = ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(y)])
fakeflag = 'flag{' + fakeflag + '}'
if i%50==0:
fakeflag=flag
vigenere = ap[z:] + fakeflag + ap[:z]
print("Vigemere > ",vigenere)
m=str(input("Please input your fakeflag : "))
if m==fakeflag:
print('right!')
else:
print('wrong!')
break
except:
print("Error!")
if __name__ == "__main__":
main()
开启容器使用netcat(nc)进行连接:
由于前半部分和2022年安洵杯Crypto部分的签到题类似(一样),不过多赘述,这里直接借用S1gMa大佬的解题脚本:
import hashlib
dic=['Q','W','E','R','T','Y','U','I','O','A','S','D','F','G','H','J','K','P','L','Z','X','C','V','B','N','M','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0']
for a in range(len(dic)):
for b in range(len(dic)):
for c in range(len(dic)):
for d in range(len(dic)):
m = dic[a] + dic[b] + dic[c] + dic[d] + '{此处填写给定的明文}'
flag=hashlib.sha256(m.encode('utf-8')).hexdigest()
if flag[0:8]=='{此处填写后面sha256值的前8位}':
print (flag)
print(dic[a]+dic[b]+dic[c]+dic[d])
将爆破出来的值输入后开始进行下半部分(如果在爆破期间nc断了是需要重新爆破的,每回连接的值不一样):
分析脚本可以知道需要从一大串字符中找到flag的值并输入,并且会一直循环,当 i % 50 = 0的时候,会把真正的flag赋值给fakeflag,所以我们至少需要循环50次才能拿到flag。
我们这里选用pwntools进行操作(当然你想手撸也行,不过需要你眼尖手快)。
解题脚本如下:
'''
# @Author: St1ck4r
# @Date: 2022-11-30 22:17:01
# @LastEditors: St1ck4r
# @Partial script: S1gMa
# @LastEditTime: 2022-11-30 22:48:25
# @link: https://www.st1ck4r.top
'''
from pwn import *
import hashlib
import re
io = remote("challenge.qsnctf.com",10173)
c=io.recvline()
M = c[12:28].decode()
sha_256 = c[33:97].decode()
dic=['Q','W','E','R','T','Y','U','I','O','A','S','D','F','G','H','J','K','P','L','Z','X','C','V','B','N','M','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0']
for a in range(len(dic)):
for b in range(len(dic)):
for c in range(len(dic)):
for d in range(len(dic)):
m = dic[a] + dic[b] + dic[c] + dic[d] + M
flag=hashlib.sha256(m.encode('utf-8')).hexdigest()
if flag==sha_256:
payload = dic[a]+dic[b]+dic[c]+dic[d]
break
io.sendlineafter('Give me XXXX:\n', payload.encode())
for i in range(1,1000):
res=io.recvlines(2)[1]
new_res=res.decode()[12:]
qsn_res=re.findall('(?=qsnctf).*?(?<=})',new_res)[0]
io.sendline(qsn_res.encode())
if i % 50 ==0:
print(qsn_res)
break
io.close()
此文章不定时更新…