Crypto
大帝攻占福岛
c="zpvepoudbsgcdqwvjgocqg|rxrqo|feviefsyx}szwt|skqfl?NKIZLYZUVfU|jslhyfzmiom
"
print(len(c))
flag = ''
for i in range(10):
print(chr(ord(c[i])-1),end='')
for i in range(10):
print(chr(ord(c[10:20][i])-2),end='')
for i in range(10):
print(chr(ord(c[20:30][i])-3),end='')
for i in range(10):
print(chr(ord(c[30:40][i])-4),end='')
for i in range(10):
print(chr(ord(c[40:50][i])-5),end='')
for i in range(10):
print(chr(ord(c[50:60][i])-6),end='')
for i in range(10):
print(chr(ord(c[60:70][i])-7),end='')
for i in range(10):
print(chr(ord(c[70:80][i])-8),end='')
# youdontcareabouthemandyouonlycareaboutyourownflag:HECTF{STOP_Nuclear_sewage}脚本可以优化,解得时候用这个思路试了一下解出来之后就没看
rsarsarsa
先解出p,q,x,y
import gmpy2
import libnum
import random
c = 23001012057110779471190091625946693776382380529397302126337301229214301450335125076016991835054198112255974220434689958104931664098817350134656616154892781885504255726632558690544057380195511404078662094726952602350250840712610362029824982069179543810686494204685887486972937880502875441232004432323308734978847464589775857815430854038396134952486665687531579988133729365443247597395131516449487146786214227230853061720614077115599878358089377114269765796099004940883513036567103436154122335792598432012140232905658895014924069330265282364249236142072335363164451294973492092043110680377767954710822286121195290921259
n = 25797576442752368834409243494498462987370374608513814739930733437032797864549696772439769896270235017474841764016848627149724764584643408544417890463920153063835758878658712790547466715525246861709503145754424896044647787146006099053059124466248594151765065039034244830614724509092882854620642569723528913880146979990993657935598837645247839225413889995373643109990149255485373119338024345925311643249141660177285328457994476509430988280481564046398593906405870633323621548853838399385539924067139236445142933316057900841508972844270649504321178274091144241788883353514769368447833090379142367062327674855735832181241
c1 = 5702553209026762891130621254037294747819864952568824327221430749829654552175171307151888953348659971422228556686092434932000213695492351602755144510029319044193567051613888876933660356756790444392278614143455408803808095980542751023095024106689759843322130186219560734082292015929006937318400901378373771587448471762923415750064340829545587346927358411518874090282598069394946985795177419501659425500481799157093068337225389827654860680897913114945871197415129055139716514884716404289565297854681809258375973195355836553939670482515484347869258398517276876478311544109924573128946617113822561968330536525876279165313
c2 = 17562619948191690401152271053920025392401205523418067246455197241332062181407775133406742024747779181762812656501246379566147855594504112107873162350649668441267907193889705868572309785100582281795380779594946422800722070311908572538672508371123334385630310655242811756206073131919770939609347021343765434127086363844595938894714892990053114153402729297796655717510572619694559203260762574159375142757462082162882775921182437134358375300674547217425590072112733480640372328934982979603312597484512120618223179217692002851194538130349201457319160001114007059615596355221194709809437500052122684989302563103918409825040
def isqrt(n):
x = n
y = (x + n // x) // 2
while y < x:
x = y
y = (x + n // x) // 2
return x
def fermat(n, verbose=True):
a = isqrt(n) # int(ceil(n**0.5))
b2 = a*a - n
b = isqrt(n) # int(b2**0.5)
count = 0
while b*b != b2:
# if verbose:
# print('Trying: a=%s b2=%s b=%s' % (a, b2, b))
a = a + 1
b2 = a*a - n
b = isqrt(b2) # int(b2**0.5)
count += 1
p=a+b
q=a-b
assert n == p * q
# print('a=',a)
# print('b=',b)
print('p=',p)
print('q=',q)
print('pq=',p*q)
return p, q
fermat(n)
p= 160616239660727858899273379103592231155409056274229284184975467127574269595624091311175627078626817259122507024363284463167205592226280887239280008933792076628602313168161987456794466948371108388445589568660803435612911564349113520700334500717237521981464112146232603304167030094761289132103178741978484324163
q= 160616239660727858899273379103592231155409056274229284184975467127574269595624091311175627078626817259122507024363284463167205592226280887239280008933792069345408116962980054711105579607903079344180647686753187313507576711078157922258567830351506693970326314484271008164343339287427523462030830749467794546707
phi=(p-1)*(q-1)
d=gmpy2.invert(65537,phi)
m0 = pow(c,d,n)
print(libnum.n2s(int(m0)))
# b'Hint{Seed_is_256087_+_396445_-_538018}'
print(256087+396445-538018)
seed=114514
random.seed(seed)
x = [random.randint(1,seed) for _ in range(2)]
y = [random.randint(1,seed) for _ in range(2)]
print(x)
print(y)#脚本1
#Sage
import binascii
# [30509, 13601]
# [92095, 27065]
def attack(c1, c2, n, e):
PR.<x>=PolynomialRing(Zmod(n))
# replace a,b,c,d
g1 = (30509*x+13601)^e - c1
g2 = (92095*x+27065)^e - c2
def gcd(g1, g2):
while g2:
g1, g2 = g2, g1 % g2
return g1.monic()
return -gcd(g1, g2)[0]
n = 25797576442752368834409243494498462987370374608513814739930733437032797864549696772439769896270235017474841764016848627149724764584643408544417890463920153063835758878658712790547466715525246861709503145754424896044647787146006099053059124466248594151765065039034244830614724509092882854620642569723528913880146979990993657935598837645247839225413889995373643109990149255485373119338024345925311643249141660177285328457994476509430988280481564046398593906405870633323621548853838399385539924067139236445142933316057900841508972844270649504321178274091144241788883353514769368447833090379142367062327674855735832181241
c1 = 5702553209026762891130621254037294747819864952568824327221430749829654552175171307151888953348659971422228556686092434932000213695492351602755144510029319044193567051613888876933660356756790444392278614143455408803808095980542751023095024106689759843322130186219560734082292015929006937318400901378373771587448471762923415750064340829545587346927358411518874090282598069394946985795177419501659425500481799157093068337225389827654860680897913114945871197415129055139716514884716404289565297854681809258375973195355836553939670482515484347869258398517276876478311544109924573128946617113822561968330536525876279165313
c2 = 17562619948191690401152271053920025392401205523418067246455197241332062181407775133406742024747779181762812656501246379566147855594504112107873162350649668441267907193889705868572309785100582281795380779594946422800722070311908572538672508371123334385630310655242811756206073131919770939609347021343765434127086363844595938894714892990053114153402729297796655717510572619694559203260762574159375142757462082162882775921182437134358375300674547217425590072112733480640372328934982979603312597484512120618223179217692002851194538130349201457319160001114007059615596355221194709809437500052122684989302563103918409825040
e=17
m1 = attack(c1, c2, n, e)
print(binascii.unhexlify("%x" % int(m1)))
我们仨
我们仨1原题
from Crypto.Cipher import AES
import os
from gmpy2 import*
from Crypto.Util.number import*
xor = 113271863767201424639329153097952947311122854394813183532903131317262533549675
enc_flag = b'_1\x16\xc2;\xb1\xddy\x14\xdd\x14\xe5{\x19\x04:'
out = long_to_bytes(xor)
key = out[:16]*2
iv = bytes_to_long(key[16:])^bytes_to_long(out[16:])
iv = long_to_bytes(iv)
aes = AES.new(key,AES.MODE_CBC,iv)
flag = aes.decrypt(enc_flag)
print(flag)
#b'RSAKEYISFTCEH\x00\x00\x01'我们仨2
import gmpy2
import libnum
e=65537
n=17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c=7650350848303138131393086727727533413756296838218347123997040508192472569084746342253915001354023303648603939313635106855058934664365503492172
phi=euler_phi(n)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(libnum.n2s(int(m)))
#b'keyisEa51stRsA'我们仨3
在线des得
你知道么?梵蒂冈的常住人口只有800人,同时,仅澳大利亚就有4700万只袋鼠。 如果袋鼠决定入侵梵蒂冈,那么每一个梵蒂冈人要打58750只袋鼠,你不知道!你不在乎!你只关心你自己的flagHECTF{DES_RSA_AES_WOMENSA_ZHENQIANG}littleblock
from Crypto.Util.number import *
# 逆向梅森旋转算法
def inverse_right(res, shift, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp >> shift
return tmp
# right shift with mask inverse
def inverse_right_mask(res, shift, mask, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp >> shift & mask
return tmp
# left shift inverse
def inverse_left(res, shift, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp << shift
return tmp
# left shift with mask inverse
def inverse_left_mask(res, shift, mask, bits=32):
tmp = res
for i in range(bits // shift):
tmp = res ^ tmp << shift & mask
return tmp
def extract_number(m):
m = m ^ m >> 13
m = m ^ m << 9 & 2029229568
m = m ^ m << 17 & 2245263360
m = m ^ m >> 19
return m & 0xffffffff
def recover(y):
y = inverse_right(y, 19)
y = inverse_left_mask(y, 17, 2245263360)
y = inverse_left_mask(y, 9, 2029229568)
y = inverse_right(y, 13)
return y & 0xffffffff
def circular_shift_right(int_value, k, bit=32):
bin_value = bin(int_value)[2:].zfill(32)
bin_value = bin_value[-k:] + bin_value[:-k]
int_value = int(bin_value, 2)
return int_value
def dec_block(block):
block ^= b
block = circular_shift_right(block, 11)
block ^= a
return block
def my_decblock(ciphertext):
assert len(ciphertext) % 4 == 0
plaintext = b''
IV = bytes_to_long(b'retu')
for i in range(len(ciphertext) // 4):
block = ciphertext[i * 4: i * 4 + 4]
block = bytes_to_long(block)
block ^= IV
block = dec_block(block)
block = recover(block)
IV = bytes_to_long(ciphertext[i * 4: i * 4 + 4])
block = long_to_bytes(block, 4)
plaintext += block
return plaintext
a = 1909693462
b = 3279553481
m = b'\xa1\x14\xa66\x9c\x88\xe3\xeco?\xe2\x95\xbd\xcd\x1a2)i\xf5_)\x15H\xf2y\xec\x8d\xfc*KU\xefv\xdd\xd0X'
# 解密并输出结果
plaintext = my_decblock(m)
print( plaintext.decode())
Misc
osint
公交车上广府春G19
得知应该在河北邯郸永年区
在搜格林豪泰
找到这个酒店对面的位置
HECTF{河北省邯郸市永年区永年太极广场}
签到
签退
Web
伪装者
X-Forwarded-For:127.0.0.1
Referer:ctf.sc0de.com
进行cookie伪造
ssrf
RE
ezzzvm
v = [77, 66, 68, 81, 63, 124, 79, 106, 88, 116, 52, 98, 106, 116, 88, 111, 52, 115, 126, 88, 116, 54, 106, 117, 105, 52, 122]
c = ''.join(chr(i) for i in v)
print(c)c = "MBDQ?|OjXt4bjtXo4s~Xt6jui4z"
m=''
for i in range(len(c)):
m += chr((ord(c[i])+1)^6)
print(m)
