第四届全国网络空间安全技术大赛CSTC

Author Avatar
Xzhah 5月 16, 2018
  • 在其它设备中阅读本文章

首先感谢我队两位师傅带我,给师傅们端了两天水拿了第四名

1.png 2.png

下面发的wp其中有一些是师傅们做的我理解了也一并记录了

RE1

拿到一个pyc,反编译成py,题目如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Embedded file name: reverse.py
from hashlib import md5
import base64
from time import time
from datetime import datetime
import sys
def encodestr(string):
UC_KEY = '123456789'
key = md5(UC_KEY.encode('utf-8')).hexdigest()
keya = md5(key[0:16].encode('utf-8')).hexdigest()
keyb = md5(key[16:32].encode('utf-8')).hexdigest()
ckey_length = 4
keyc = md5(string.encode('utf-8')).hexdigest()[-ckey_length:]
cryptkey = md5((keya + keyc).encode('utf-8')).hexdigest()
key_length = len(cryptkey)
expiry = 20
string = '%10d' % expiry + md5((string + keyb).encode('utf-8')).hexdigest()[0:16] + string
box = range(256)
rndkey = [0] * 256
for i in range(256):
rndkey[i] = ord(cryptkey[i % key_length])
string_length = len(string)
result = ''
j = 0
for i in range(256):
j = (j + box[i] + rndkey[i]) % 256
tmp = box[i]
box[i] = box[j]
box[j] = tmp
a = 0
j = 0
for i in range(string_length):
a = (a + 1) % 256
j = (j + box[a]) % 256
tmp = box[a]
box[a] = box[j]
box[j] = tmp
result += chr(ord(string[i]) ^ box[(box[a] + box[j]) % 256])
return result
if __name__ == '__main__':
str1 = raw_input('please enter the flag:')
res = encodestr(str1)
lenn = len(res)
d = [128,
220,
109,
113,
242,
153,
181,
203,
21,
122,
2,
101,
42,
55,
56,
19,
190,
181,
99,
47,
217,
109,
129,
221,
9,
65,
235,
48,
197,
103,
123,
86,
25,
112,
172,
175,
42,
168,
232,
81,
224,
170,
16,
210,
98,
229,
15,
30,
134]
for i in range(lenn):
if ord(res[i]) == d[i]:
if i == lenn - 1:
print 'you get it'
else:
print 'wrong'
break

由于加密的string前10位不变,所以爆破rc4的密钥就行

爆破脚本如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Embedded file name: reverse.py
from hashlib import md5
import base64
from time import time
from datetime import datetime
import sys
#len=23
def encodestr(string):
string='flag{aaaaaaaaaaaaaaaaa}'
boxx=['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e']
for a1 in boxx:
for b in boxx:
for c in boxx:
for d1 in boxx:
count=0
keyc=a1+b+c+d1
UC_KEY = '123456789'
key = md5(UC_KEY.encode('utf-8')).hexdigest()
keya = md5(key[0:16].encode('utf-8')).hexdigest()
keyb = md5(key[16:32].encode('utf-8')).hexdigest()
ckey_length = 4
#keyc = md5(string.encode('utf-8')).hexdigest()[-ckey_length:]
cryptkey = md5((keya + keyc).encode('utf-8')).hexdigest()
key_length = len(cryptkey)
expiry = 20
string = '%10d' % expiry + md5((string + keyb).encode('utf-8')).hexdigest()[0:16] + string
#print string[0]
box = range(256)
rndkey = [0] * 256
for i in range(256):
rndkey[i] = ord(cryptkey[i % key_length])
string_length = len(string)
result = ''
j = 0
for i in range(256):
j = (j + box[i] + rndkey[i]) % 256
tmp = box[i]
box[i] = box[j]
box[j] = tmp
a = 0
j = 0
for i in range(string_length):
a = (a + 1) % 256
j = (j + box[a]) % 256
tmp = box[a]
box[a] = box[j]
box[j] = tmp
result += chr(ord(string[i]) ^ box[(box[a] + box[j]) % 256])
if(i==0):
if(ord(string[i]) ^ box[(box[a] + box[j]) % 256]==128):
count=count+1
else:
break
if(i==1):
if(ord(string[i]) ^ box[(box[a] + box[j]) % 256]==220):
count=count+1
else:
break
if(i==2):
if(ord(string[i]) ^ box[(box[a] + box[j]) % 256]==109):
count=count+1
else:
break
if(i==3):
if(ord(string[i]) ^ box[(box[a] + box[j]) % 256]==113):
count=count+1
else:
break
if(i==4):
if(ord(string[i]) ^ box[(box[a] + box[j]) % 256]==242):
count=count+1
else:
break
if(count==5):
print keyc+'!!!!!!!!!!!!!!!!!!!'
print keyc
return result
if __name__ == '__main__':
str1 = raw_input('please enter the flag:')
res = encodestr(str1)
lenn = len(res)
d = [128,
220,
109,
113,
242,
153,
181,
203,
21,
122,
2,
101,
42,
55,
56,
19,
190,
181,
99,
47,
217,
109,
129,
221,
9,
65,
235,
48,
197,
103,
123,
86,
25,
112,
172,
175,
42,
168,
232,
81,
224,
170,
16,
210,
98,
229,
15,
30,
134]
for i in range(lenn):
if ord(res[i]) == d[i]:
if i == lenn - 1:
print 'you get it'
else:
print 'wrong'
break

得到rc4密钥Flag也就出来了

3.png

RE2

首先是对输入有限制

4.png

然后升序排列

5.png

然后是循环(i+1,i+1*i+2)字符互换后做一个改了表的base64加密

6.png

最后和q3HizxD4s1D2ztLJCZfhwuvoEMLeEgPlEK1imM0ZEM9dmKnyD3H6qurABt0=比较

flag{Hel10~Kitty }

MISC1

binwalk提出来一个txt,内容是base64隐写

flag{Ba5e_640Five}

RSA2

相关明文攻击,原理链接https://ctf-wiki.github.io/ctf-wiki/crypto/asymmetric/rsa/rsa_coppersmith_attack/

链接里的脚本数据改下就能直接用

M1≡aM2+b 有这种情况就可以用这个方法

flag{I_Lov5_RSA_Rel6te7_me8sagE_aTTack}

BLOCK

padding oracle attack 原理链接http://www.freebuf.com/articles/database/151167.html

解题脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from pwn import *
io = remote('117.34.112.241', 1279)
enc1 = '\x03\xc1\x1c\x98\x0e\x8a\x75\xf4\x6b\x04\x83\xeb\x3b\x58\xa1\x3a'
enc2 = '\x31\xe8\x26\x08\xe2\x44\x5e\xa1\x05\xd9\xc7\x86\x8b\xd9\x75\x9a'
iv = '123456789ABCDEFG'
io.recvuntil('violently!')
def trysend(d1, d2):
io.sendline('2')
io.recvuntil('ciphertext\n')
io.sendline(d1)
io.recvuntil('IV\n')
io.sendline(d2)
if 'bad padding' in io.recv(): return False
return True
def tryblock(b1, b2):
block = ''
tmp = ''
for i in range(16):
left = b1[:15-i]
for j in range(256):
if chr(j) == b1[15-i]: continue
right = ''
for t in tmp:
right += chr(ord(t) ^ (i+1))
d2 = left + chr(j) + right
if trysend(b2, d2):
tmp = chr(j ^ (i+1)) + tmp
block = chr(j ^ (i+1) ^ ord(b1[15-i])) + block
print block
break
return block
block1 = tryblock(iv, enc1)
block2 = tryblock(enc1, enc2)
print block1
print block2

RSA

e和phi(n)不互素系列

import gmpy2

p = 111052706592359766492182549474994387389169491981939276489132990221393430874991652628482505832745103981784837665110819809096264457329836670397000634684595709283710756727662219358743235400779394350023790569023369287367240988429777113514012101219956479046699448481988253039282406274512111898037689623723478951613
q = 146182161315365079136034892629243958871460254472263352847680359868694597466935352294806409849433942550149005978761759458977642785950171998444382137410141550212657953776734166481126376675282041461924529145282451064083351825934453414726557476469773468589060088164379979035597652907191236468744400214917268039573
e = 200
c = 7797067792814175554801975939092864905908878472965854967525218347636721153564161093453344819975650594936628697646242713415817737235328825333281389820202851500260665233910426103904874575463134970160306453553794787674331367563821223358610113031883172742577264334021835304931484604571485957116313097395143177603380107508691261081725629713443494783479897404175199621026515502716868988672289887933681890547568860707175288422275073767747544353536862473367590288531216644146154729962448906402712219657000812226637887827912541098992158458173920228864293993030475885461755767069329678218760943185942331149777258713727459739405
N = p q
phi = (p-1)
(q-1)

#gmpy2.gcd(e,phi) is mpz(8)

d = gmpy2.invert(25, phi/8)

p8 = gmpy2.powmod(c, d, N)
p = gmpy2.iroot(p8, 8)[0]

from Crypto.Util.number import long_to_bytes
print long_to_bytes(p)

总结

谢谢师傅带飞。。。

记得美亚柏科比赛的时候也是dawn第一名,PWN爷爷真是你爷爷系列: )

也许要找个机会入门pwn了8