正在複習密碼學,突然發現今天有月賽了…於是做了一下,很簡單的一次題目。。
Web1
進入後是一個JS的遊戲,在index.js裏修改一下destroyed的增加,設置大一些,如下:
然後隨便玩一下就能得到flag了:
Web2
題目名字叫地圖,進入後發現實際上沒什麼功能,只有index.php一個頁面,
點擊發現url中存在page=index,於是嘗試文件包含,常用的base64編碼的payload會返回not base,應該是過濾了base,使用rot13編碼讀取,先讀index.php可以發現flag在根目錄,payload如下:
/index.php/?page=php://filter/read=string.toupper|string.rot13/resource=/flag
rot13解碼得到flag。
Crypto1
題目如下給了3個png和一個加密腳本如下:
from itertools import *
from key import key
ki= cycle(key)
fr1 = open("flag.png","rb")
fr2 = open("fflag.png","rb")
fw1 = open("flag_e.png","wb")
fw2 = open("fflag_e.png","wb")
for now in fr1:
for nowByte in now:
newByte = nowByte ^ ord(next(ki))
fw1.write(bytes([newByte]))
fr1.close()
fw1.close()
for now in fr2:
for nowByte in now:
newByte = nowByte ^ ord(next(ki))
fw2.write(bytes([newByte]))
fr2.close()
fw2.close()
其中fflag.png是打了馬賽克的flag,看一下代碼,flag.png加密得到flag_e.png,fflag.png加密得到fflag_e.png,但是加密用的ki不知道。簡單分析一下,加密過程就是循環用ki每一位的ascii的與圖片進行異或,且兩次的加密過程一樣,那麼思路就清楚了。
我們有fflag.png和加密後的fflag_e.png,前者相當於明文m,後者相當於密文c,加密過程爲c=m⊕k,那麼現在已知m和c,容易得到k=m⊕c
有如下腳本計算ki的ascii:
fr_m = open("fflag.png", "rb")
fr_c = open("fflag_e.png", "rb")
m = []
c = []
ki = []
for now in fr_m:
for nowByte in now:
m.append(nowByte)
for now in fr_c:
for nowByte in now:
c.append(nowByte)
for i in range(len(m)):
ki.append(m[i] ^ c[i])
fr_m.close()
fr_c.close()
print(ki)
很容易得到ki如下:
[65, 108, 105, 116, 97, 95, 105, 115, 95, 115, 111, 95, 99, 117, 116, 101]
於是對flag_e.png進行解密如下:
flag_r = open("flag_e.png","rb")
flag_w = open("flag.png","wb")
ki = [65, 108, 105, 116, 97, 95, 105, 115, 95, 115, 111, 95, 99, 117, 116, 101]*500
c = []
for now in flag_r:
for nowByte in now:
c.append(nowByte)
for i in range(len(c)):
newByte = c[i] ^ ki[i]
flag_w.write(bytes([newByte]))
flag_r.close()
flag_w.close()
運行得到flag.png:
Crypto2
一道RSA的題目,給的腳本如下:
from Crypto.Util.number import *
import gmpy2
import random
from flag import flag
p = getPrime(1024)
r = random.randint(2, 10)
e =65537
n = p ** r
m=flag
assert(int(m.encode('hex'), 16) < n)
c = pow(int(m.encode('hex'), 16),e,n)
c=long_to_bytes(c)
print 'c =\n', c.encode('base64'),n
'''
c =
apxy3z3DgGnzaEedcUy3A49wAsqyyn9sqx6eYZL5iDrCq0Wjs8BOY2Ofza5wuaFigm32PVpO5jpu
Dgw9b6oX8KM2ZB9/dDmwQc7JKnAKhCQrIc1v9qt7iQbnTK0DTQj/xvQkz/IBeSjoWBmHOx4s0tDx
ZRAjOPui5wwAywNM3ynULEPczv+xN2v+6HBeoS2YuyfF5mq/pIAMPwZs+QpkuwxSbNQ6xPNP9Ox1
IeKz/41F7/D2fDsGB5CcFdAiQq+r95BhVeGzeaiQBpzwAXAPKIyO+fP6/M9XmpSJwjaMSiAUnksp
9KfVOXgEG9Z0FmxP6rgqPl0vU+rVeJ2RsTUYCSP8Vy+PD3PGwDDdUtNzvcEXKr2BKiNoOUxprBAt
yvcsmGqRLgDl1ZVgzSZ1U4MAmJ9x42mIU0XvolqaOCJZzaym1kJoBlw7/7+Nej4owEtan/c3TIkD
kr/gCenUD/8MSlvnfTUMGdQLkSht2BZiuiHxVVRVzY5ETG6v+w9AtDMC
4600616808891590817884946117009414083548013610469076381106568481948720521467073218024827360073980550620353792084520767372304347132535784875671026563160583598386773718586111034826555689602824563172463446924287072570386712719870348862904936370894695108302490867826094352072132696743116741635111860205049129717948520534270924834318704244999690532431941248905257880347561221151841978982240191397364038490250930604211256385925496658620755582058753376328583001312846508295319286941837220522563729215928111164274042890696771820759856790994461944209269732769269559257608440686713206622111649275898426040931301005711446055819707704086201357712959922814300067907536161841255533171805313149332383712997091780368142625499055149806043238057037400510197255364471685815004154357049874205884682322443391374020169114833722616851257895369648472048116320266548560787733764126281102645474252013714507014577620450816459153848279084910457288549191
'''
給了n和密文c,可以看到n是用p的r次冪,r爲2~10的隨機數,分解一下n試試,如下:
發現可以成功分解,並且知道r爲3,這樣就很容易求出d了,解密腳本如下:
import base64
from Crypto.Util.number import bytes_to_long
import gmpy2
import libnum
n = 4600616808891590817884946117009414083548013610469076381106568481948720521467073218024827360073980550620353792084520767372304347132535784875671026563160583598386773718586111034826555689602824563172463446924287072570386712719870348862904936370894695108302490867826094352072132696743116741635111860205049129717948520534270924834318704244999690532431941248905257880347561221151841978982240191397364038490250930604211256385925496658620755582058753376328583001312846508295319286941837220522563729215928111164274042890696771820759856790994461944209269732769269559257608440686713206622111649275898426040931301005711446055819707704086201357712959922814300067907536161841255533171805313149332383712997091780368142625499055149806043238057037400510197255364471685815004154357049874205884682322443391374020169114833722616851257895369648472048116320266548560787733764126281102645474252013714507014577620450816459153848279084910457288549191
e =65537
c ="apxy3z3DgGnzaEedcUy3A49wAsqyyn9sqx6eYZL5iDrCq0Wjs8BOY2Ofza5wuaFigm32PVpO5jpuDgw9b6oX8KM2ZB9/dDmwQc7JKnAKhCQrIc1v9qt7iQbnTK0DTQj/xvQkz/IBeSjoWBmHOx4s0tDxZRAjOPui5wwAywNM3ynULEPczv+xN2v+6HBeoS2YuyfF5mq/pIAMPwZs+QpkuwxSbNQ6xPNP9Ox1IeKz/41F7/D2fDsGB5CcFdAiQq+r95BhVeGzeaiQBpzwAXAPKIyO+fP6/M9XmpSJwjaMSiAUnksp9KfVOXgEG9Z0FmxP6rgqPl0vU+rVeJ2RsTUYCSP8Vy+PD3PGwDDdUtNzvcEXKr2BKiNoOUxprBAtyvcsmGqRLgDl1ZVgzSZ1U4MAmJ9x42mIU0XvolqaOCJZzaym1kJoBlw7/7+Nej4owEtan/c3TIkDkr/gCenUD/8MSlvnfTUMGdQLkSht2BZiuiHxVVRVzY5ETG6v+w9AtDMC"
p = 166317783008561461619809354338149369955529500804877784696135394445562837564392263478378996752766024769472311034930058535976624952022796449711650766155307359508289724267180551758503427912271216717074610090283635131622612435152898135011648054004511857955351506722712213877180074987292198905073222084609633471831
r = 3
phin = pow(p, 3) - pow(p, 2)
d = gmpy2.invert(e, phin)
c = bytes_to_long(base64.b64decode(c))
m = pow(int(c), d, n)
flag = libnum.n2s(m)
print(flag)
運行得到flag:
