美文网首页CTF(capture the flag)
miniLCTF 2020 WP

miniLCTF 2020 WP

作者: Du1in9 | 来源:发表于2020-05-29 07:15 被阅读0次

    Misc

    0x01 MiniGameHacking
    解法一:

    打开JoJoDamu_CTF\JoJoDamu_Data\data.unity3d,最后一排发flag,minil{diosamasayikou}
    解法二:
    将Assembly-CSharp.dll放进dnspy,看函数,把OnDamaged()删掉,这样玩家就不会扣血了
    再进游戏,通关后拿到flag,minil{diosamasayikou}


    0x02 MITM_0
    从题目中可以看到MITM,即中间人欺骗,提示HTTPS,也就是对应SSL,TLS中间人攻击(因为有两种对抗https的中间人攻击,一个是伪造证书,一个是降https为http)

    中间人攻击首先进行arp欺骗

    ARP(Address Resolution Protocol)即地址解析协议, 用于实现从 IP 地址到 MAC 地址的映射,即询问目标IP对应的MAC地址。局域网络上的主机可以自主发送ARP应答消息,其他主机收到应答报文时不会检测该报文的真实性就会将其记入本机ARP缓存;由此攻击者就可以向某一主机发送伪ARP应答报文,使其发送的信息无法到达预期的主机或到达错误的主机,这就构成了一个ARP欺骗

    我们过滤一下arp协议的包发现有两个vm,记住这两个mac对应的ip地址



    紧接着就是对ssl协议与http协议进行过滤,发现http协议的包并不多,发现ip存在192.168.1.152的数据包非常多,而且所有http包中都存在该地址



    随便点进去一个

    Ethernet II: 数据链路层以太网帧头部信息
    Internet Protocol Version 4: 互联网层IP包头部信息

    前后呼应,所以192.168.1.1为网关,而剩下的192.168.1.152则为攻击者
    Crypto
    0x01 ιIl
    题目

    from Crypto.Util.number import *
q=getPrime(1024)
f=getPrime(511)
g=getPrime(511)
while g>pow(q/4,0.5) and g<pow(q/2,0.5):
    g=getPrime(511)
f_inv_q=inverse(f,q)
h=f_inv_q*g%q
m=bytes_to_long(b'flag')#flag=flag.itself
r=getPrime(510)
e=(r*h+m)%q
print q
print h
print e
#126982824744410328945797087760338772632266265605499464155168564006938381164343998332297867219509875837758518332737386292044402913405044815273140449332476472286262639891581209911570020757347401235079120185293696746139599783586620242086604902725583996821566303642800016358224555557587702599076109172899781757727
#31497596336552470100084187834926304075869321337353584228754801815485197854209104578876574798202880445492465226847681886628987815101276129299179423009194336979092146458547058477361338454307308727787100367492619524471399054846173175096003547542362283035506046981301967777510149938655352986115892410982908002343
#81425203325802096867547935279460713507554656326547202848965764201702208123530941439525435560101593619326780304160780819803407105746324025686271927329740552019112604285594877520543558401049557343346169993751022158349472011774064975266164948244263318723437203684336095564838792724505516573209588002889586264735

    考察非对称密码算法NTRUEncrypt,咱直接套用exp即可

    # sage

h = 31497596336552470100084187834926304075869321337353584228754801815485197854209104578876574798202880445492465226847681886628987815101276129299179423009194336979092146458547058477361338454307308727787100367492619524471399054846173175096003547542362283035506046981301967777510149938655352986115892410982908002343
p = 126982824744410328945797087760338772632266265605499464155168564006938381164343998332297867219509875837758518332737386292044402913405044815273140449332476472286262639891581209911570020757347401235079120185293696746139599783586620242086604902725583996821566303642800016358224555557587702599076109172899781757727
c = 81425203325802096867547935279460713507554656326547202848965764201702208123530941439525435560101593619326780304160780819803407105746324025686271927329740552019112604285594877520543558401049557343346169993751022158349472011774064975266164948244263318723437203684336095564838792724505516573209588002889586264735

v1 = vector(ZZ, [1, h])
v2 = vector(ZZ, [0, p])
m = matrix([[1, h], [0, p]])
shortest_vector = m.LLL()[0]
f, g = shortest_vector
print(f, g)
f = abs(f)
g = abs(g)

a = f*c % p % g
m = a * inverse_mod(f, g) % g
print(m)

    flag: minil{l1Ii5n0tea5y}
    参考:https://xz.aliyun.com/t/7163
    0x02 fxxk&base
    题目和上题差不多

    from Crypto.Util.number import *

q=getPrime(1024)
f=getPrime(511)
g=getPrime(511)
while g<pow(q/4,0.5) and g>pow(q/2,0.5):
    g=getPrime(511)
L=inverse(f,q)
h=L*g%q
m=bytes_to_long(b'flag')#flag is base**(flag)
r=getPrime(510)
e=(r*h+m)%q
#f = 4685394431238242086047454699939574117865082734421802876855769683954689809016908045500281898911462887906190042764753834184270447603004244910544167081517863
#g = 5326402554595682620065287001809742915798424911036766723537742672943459577709829465021452623299712724999868094408519004699993233519540500859134358256211397
#q = 172620634756442326936446284386446310176482010539257694929884002472846127607264743380697653537447369089693337723649017402105400257863085638725058903969478143249108126132543502414741890867122949021941524916405444824353100158506448429871964258931750339247018885114052623963451658829116065142400435131369957050799
#e = 130055004464808383851466991915980644718382040848563991873041960765504627910537316320531719771695727709826775790697704799143461018934672453482988811575574961674813001940313918329737944758875566038617074550624823884742484696611063406222986507537981571075140436761436815079809518206635499600341038593553079293254

    先算h

    from Crypto.Util.number import *

f = 4685394431238242086047454699939574117865082734421802876855769683954689809016908045500281898911462887906190042764753834184270447603004244910544167081517863
g = 5326402554595682620065287001809742915798424911036766723537742672943459577709829465021452623299712724999868094408519004699993233519540500859134358256211397
q = 172620634756442326936446284386446310176482010539257694929884002472846127607264743380697653537447369089693337723649017402105400257863085638725058903969478143249108126132543502414741890867122949021941524916405444824353100158506448429871964258931750339247018885114052623963451658829116065142400435131369957050799
L=inverse(f,q)
h=L*g%q
print(h)

    再套用exp,minil{y0u_ar3_s0_f@st}

    # sage

p = 172620634756442326936446284386446310176482010539257694929884002472846127607264743380697653537447369089693337723649017402105400257863085638725058903969478143249108126132543502414741890867122949021941524916405444824353100158506448429871964258931750339247018885114052623963451658829116065142400435131369957050799
c = 130055004464808383851466991915980644718382040848563991873041960765504627910537316320531719771695727709826775790697704799143461018934672453482988811575574961674813001940313918329737944758875566038617074550624823884742484696611063406222986507537981571075140436761436815079809518206635499600341038593553079293254
h = 151329002719304376362027696368646163467085515808682673717575560642726149869057265250392558008050660562783097319096498362176303390262264701228073289828403160669847466081386660614890905583309594613749396338284939265684148776225779456973724508960878672783815041756600146378064063304669815913837298828772677017362

v1 = vector(ZZ, [1, h])
v2 = vector(ZZ, [0, p])
m = matrix([[1, h], [0, p]])
shortest_vector = m.LLL()[0]
f, g = shortest_vector
print(f, g)
f = abs(f)
g = abs(g)

a = f*c % p % g
m = a * inverse_mod(f, g) % g
print(m)

    相关文章

      网友评论

        本文标题:miniLCTF 2020 WP

        本文链接:https://www.haomeiwen.com/subject/quwaahtx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        CTF(capture the flag)

        关于我们|服务条款|联系我们|miniLCTF 2020 WP|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!