web

2020科来杯决赛部分wp

noob
2020-11-12 / 0 评论 / 371 阅读 / 正在检测是否收录...
  • 损坏的流量包

拿到流量包,无法打开,拖进editor里,在最后看到key.txt,于是改后缀为.zip,拿到key.txt,base64转码拿到flag。
QQ截图20201112174006.jpg

  • 签到题

因为是赛后写的wp,忘记存源码了,在源码中,有提示打出10颗星拿到flag,打到十颗星后F12,在control中看到flag,或者是查看源码,应该会看到一个好像是叫we1come_sdnisc.php的文件,把关于他的这个函数从control中输入,也可以返回flag。

  • ctf的起源
    拿到之后是一堆base64,于是notpad转化看不出来是啥,想到base64隐写,于是脚本出flag。
# coding=utf-8
from urllib3.connectionpool import xrange


def get_base64_diff_value(s1, s2):
    base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    res = 0
    for i in xrange(len(s2)):
        if s1[i] != s2[i]:
            return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
    return res


def solve_stego():
    with open('flag.txt', 'rb') as f:
        file_lines = f.readlines()
        bin_str = ''
        for line in file_lines:
            steg_line = line.replace('\n', '')
            norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')
            diff = get_base64_diff_value(steg_line, norm_line)
            print(diff)
            pads_num = steg_line.count('=')
            if diff:
                bin_str += bin(diff)[2:].zfill(pads_num * 2)
            else:
                bin_str += '0' * pads_num * 2
            print(goflag(bin_str))


def goflag(bin_str):
    res_str = ''
    for i in xrange(0, len(bin_str), 8):
        res_str += chr(int(bin_str[i:i + 8], 2))
    return res_str


if __name__ == '__main__':
    solve_stego()

QQ截图20201112174845.jpg

  • 简单的rsa
    共模攻击,跑脚本出flag。
#!/usr/bin/env python
# -*- coding: utf-8 -*-

from libnum import xgcd, invmod
from Crypto.Util.number import *

n = 0xa1d4d377001f1b8d5b2740514ce699b49dc8a02f12df9a960e80e2a6ee13b7a97d9f508721e3dd7a6842c24ab25ab87d1132358de7c6c4cee3fb3ec9b7fd873626bd0251d16912de1f0f1a2bba52b082339113ad1a262121db31db9ee1bf9f26023182acce8f84612bfeb075803cf610f27b7b16147f7d29cc3fd463df7ea31ca860d59aae5506479c76206603de54044e7b778e21082c4c4da795d39dc2b9c0589e577a773133c89fa8e3a4bd047b8e7d6da0d9a0d8a3c1a3607ce983deb350e1c649725cccb0e9d756fc3107dd4352aa18c45a65bab7772a4c5aef7020a1e67e6085cc125d9fc042d96489a08d885f448ece8f7f254067dfff0c4e72a63557
e1 = 0xf4c1158f
c1 = 12051796366524088489284445109295502686341498426965277230069915294159131976231473789977279364263965099422235647723775278060569378071469131866368399394772898224166518089593340803913798327451963589996734323497943301819051718709807518655868569656941242449109980876397661605271517459716669684900920279597477446629607627693769738733623143693170696779851882404994923673483971528314806130892416509854017091137325195201225617407959645788145876202882024723106204183257094755002924708009138560347432552090905489132135154932987521239299578509008290614398700799670928805692609756924823628055245227290288940649158862576448537833423
e2 = 0xf493f7d1
c2 = 16648382384980770705624348910895797622774711113202207693584907182552301186239613809347201161450012615995859738410661452438496756353485538305614949211776668793864984429696790944750894691957799234264508530084026894611228513698963347402329109838109621609770406925700520983387811451074838470370044678634099202003480925903267508744006195455234025325060817223813858985074720872124168142943926467694676717713503559007112874381750005406371400109962943508349497151148446064846096531445037416174913915923050332242843403926133165817310272633884358263778516770288515592959832151762499526363131801945163501999337808208074381212795

s1, s2, _ = xgcd(e1, e2)

if s1 < 0:
    s1 = -s1
    c1 = invmod(c1, n)

elif s2 < 0:
    s2 = -s2
    c2 = invmod(c2, n)

m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
print(long_to_bytes(m))
  • 过去和现在
    图片隐写,用binwalk分离第一个文件中有flag。

说一下总结吧,其实有很多遗憾,离三等奖只差一个题,不会python的毛病被无限放大,流量分析题一点分都没有拿...如果对脚本编写掌握的好的话,至少会再出一个题,学了这么长时间了,python还这么烂属实不应该,开始学python,多做做流量分析题,为之后的赛事做准备,冲冲冲!!!

3

评论 (0)

取消