首页 > 其他分享 >GKCTF2020WP-Crypto Misc

GKCTF2020WP-Crypto Misc

时间:2023-12-12 14:58:30浏览次数:35  
标签:题目 GKCTF2020WP Misc Crypto flag key print import 加密

Crypto

小学生的密码学

题目

e(x)=11x+6(mod26)

密文:welcylk

(flag为base64形式)

我的解答:

考点:仿射密码,已知a,b

结果base64加密即可

flag{c29yY2VyeQ==}

汉字的秘密

题目

你能看出汉字的奥秘吗? 答案形式:flag{小写字母}

王壮 夫工 王中 王夫 由由井 井人 夫中 夫夫 井王 土土 夫由

土夫 井中 士夫 王工 王人 土由 由口夫

我的解答:

考点:当铺密码

方式一:随波逐流工具一把梭 flag{you_are_good}

方式二:代码

dh = '田口由中人工大土士王夫井羊壮'
ds = '00123455567899'

cip = '王壮 夫工 王中 王夫 由由井 井人 夫中 夫夫 井王 土土 夫由 土夫 井中 士夫 王工 王人 土由 由口夫'
s = ''
for i in cip:
	if i in dh:
		s += ds[dh.index(i)]
	else:
		s += ' '
#print(s)

ll = s.split(" ")
t = ''
for i in range(0,len(ll)):
	t += chr(int(ll[i])+i+1)
print('t=', t, '\t\tt.lower()=', t.lower())
#flag{you_are_good}

babycrypto

题目

# n:0xb119849bc4523e49c6c038a509a74cda628d4ca0e4d0f28e677d57f3c3c7d0d876ef07d7581fe05a060546fedd7d061d3bc70d679b6c5dd9bc66c5bdad8f2ef898b1e785496c4989daf716a1c89d5c174da494eee7061bcb6d52cafa337fc2a7bba42c918bbd3104dff62ecc9d3704a455a6ce282de0d8129e26c840734ffd302bec5f0a66e0e6d00b5c50fa57c546cff9d7e6a978db77997082b4cb927df9847dfffef55138cb946c62c9f09b968033745b5b6868338c64819a8e92a827265f9abd409359a9471d8c3a2631b80e5b462ba42336717700998ff38536c2436e24ac19228cd2d7a909ead1a8494ff6c3a7151e888e115b68cc6a7a8c6cf8a6c005L
# e:65537
# enc:1422566584480199878714663051468143513667934216213366733442059106529451931078271460363335887054199577950679102659270179475911101747625120544429262334214483688332111552004535828182425152965223599160129610990036911146029170033592055768983427904835395850414634659565092191460875900237711597421272312032796440948509724492027247376113218678183443222364531669985128032971256792532015051829041230203814090194611041172775368357197854451201260927117792277559690205342515437625417792867692280849139537687763919269337822899746924269847694138899165820004160319118749298031065800530869562704671435709578921901495688124042302500361
# p>>128<<128:0xe4e4b390c1d201dae2c00a4669c0865cc5767bc444f5d310f3cfc75872d96feb89e556972c99ae20753e3314240a52df5dccd076a47c6b5d11b531b92d901b2b512aeb0b263bbfd624fe3d52e5e238beeb581ebe012b2f176a4ffd1e0d2aa8c4d3a2656573b727d4d3136513a931428b00000000000000000000000000000000L

 我的解答:

考点:经典的高位泄露攻击

先恢复p

#sage
p=0xe4e4b390c1d201dae2c00a4669c0865cc5767bc444f5d310f3cfc75872d96feb89e556972c99ae20753e3314240a52df5dccd076a47c6b5d11b531b92d901b2b512aeb0b263bbfd624fe3d52e5e238beeb581ebe012b2f176a4ffd1e0d2aa8c4d3a2656573b727d4d3136513a931428b00000000000000000000000000000000
n = 0xb119849bc4523e49c6c038a509a74cda628d4ca0e4d0f28e677d57f3c3c7d0d876ef07d7581fe05a060546fedd7d061d3bc70d679b6c5dd9bc66c5bdad8f2ef898b1e785496c4989daf716a1c89d5c174da494eee7061bcb6d52cafa337fc2a7bba42c918bbd3104dff62ecc9d3704a455a6ce282de0d8129e26c840734ffd302bec5f0a66e0e6d00b5c50fa57c546cff9d7e6a978db77997082b4cb927df9847dfffef55138cb946c62c9f09b968033745b5b6868338c64819a8e92a827265f9abd409359a9471d8c3a2631b80e5b462ba42336717700998ff38536c2436e24ac19228cd2d7a909ead1a8494ff6c3a7151e888e115b68cc6a7a8c6cf8a6c005
PR.<x> = PolynomialRing(Zmod(n))
f=p+x
x0=f.small_roots(X=2^128,beta=0.4)[0]
print(x0)
print(p+x0)
#194744276640369236134349576809641082787
#160734387026849747944319274262095716650717626398118440194223452208652532694713113062084219512359968722796763029072117463281356654614167941930993838521563406258263299846297499190884495560744873319814150988520868951045961906000066805136724505347218275230562125457122462589771119429631727404626489634314291445667

有了p就好办了

import gmpy2
import binascii

e = 65537
n = 0xb119849bc4523e49c6c038a509a74cda628d4ca0e4d0f28e677d57f3c3c7d0d876ef07d7581fe05a060546fedd7d061d3bc70d679b6c5dd9bc66c5bdad8f2ef898b1e785496c4989daf716a1c89d5c174da494eee7061bcb6d52cafa337fc2a7bba42c918bbd3104dff62ecc9d3704a455a6ce282de0d8129e26c840734ffd302bec5f0a66e0e6d00b5c50fa57c546cff9d7e6a978db77997082b4cb927df9847dfffef55138cb946c62c9f09b968033745b5b6868338c64819a8e92a827265f9abd409359a9471d8c3a2631b80e5b462ba42336717700998ff38536c2436e24ac19228cd2d7a909ead1a8494ff6c3a7151e888e115b68cc6a7a8c6cf8a6c005
c = 1422566584480199878714663051468143513667934216213366733442059106529451931078271460363335887054199577950679102659270179475911101747625120544429262334214483688332111552004535828182425152965223599160129610990036911146029170033592055768983427904835395850414634659565092191460875900237711597421272312032796440948509724492027247376113218678183443222364531669985128032971256792532015051829041230203814090194611041172775368357197854451201260927117792277559690205342515437625417792867692280849139537687763919269337822899746924269847694138899165820004160319118749298031065800530869562704671435709578921901495688124042302500361
p=160734387026849747944319274262095716650717626398118440194223452208652532694713113062084219512359968722796763029072117463281356654614167941930993838521563406258263299846297499190884495560744873319814150988520868951045961906000066805136724505347218275230562125457122462589771119429631727404626489634314291445667
q=n//p
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(binascii.unhexlify(hex(m)[2:]))

#b'flag{3d0914a1-1e97-4822-a745-c7e20c5179b9}'

Backdoor

题目

p=k*M+(65537**a %M)

task.py

#!/usr/bin/python
from Crypto.Util.number import *
from Crypto.PublicKey import RSA
import gmpy2, binascii
import base64
from FLAG import flag

def rsa_encrypt(message):
    with open('./pub.pem' ,'r') as f:
        key = RSA.import_key(f.read())
    e = key.e
    n = key.n
    c = pow(bytes_to_long(flag), e, n)
 
    ciphertext = binascii.hexlify(long_to_bytes(c))
    return ciphertext

if __name__ == "__main__":
    text = base64.b64encode(rsa_encrypt(flag))
    with open('flag.enc','wb') as f:
        f.write(text)

 pub.pem

-----BEGIN PUBLIC KEY-----
MFMwDQYJKoZIhvcNAQEBBQADQgAwPwI4BXdHlrMB4cf0C0lFBWiLH94h9tX/zmNv
8WfYXjfXp7dJPjPBfUQXolyiSmcWMUzxhuFpltz8Z5sCAwEAAQ==
-----END PUBLIC KEY-----

flag.enc

MDIxNDJhZjdjZTcwZmUwZGRhZTExNmJiN2U5NjI2MDI3NGVlOTI1MmE4Y2I1MjhlN2ZkZDI5ODA5YzJhNjAzMjcyN2MwNTUyNjEzM2FlNDYxMGVkOTQ0NTcyZmYxYWJmY2QwYjE3YWEyMmVmNDRhMg==

 我的解答:

考点:RSALib-cve漏洞

首先对密文进行base64解码

02142af7ce70fe0ddae116bb7e96260274ee9252a8cb528e7fdd29809c2a6032727c05526133ae4610ed944572ff1abfcd0b17aa22ef44a2

然后再公钥分解得到e,n

e = 65537
n = 15518961041625074876182404585394098781487141059285455927024321276783831122168745076359780343078011216480587575072479784829258678691739

有了n就可以分解得到p,q

p:3386619977051114637303328519173627165817832179845212640767197001941
q:4582433561127855310805294456657993281782662645116543024537051682479

题目给了提示:p=k*M+(65537**a %M) 发现是一个cve漏洞复现:
参考:https://asecuritysite.com/encryption/copper

[Back] With the ROCA (Return of the Coppersmith Attack) vulnerability an RSA private key can be recovered from the knowledge of the public key [article]. It has the CVE identifier of CVE-2017-15361. The vulnerability related to the Infineon RSA library on the Infineon Trusted Platform Module (TPM) firmware. It affected BitLocker with TPM 1.2 and YubiKey 4. In this case we calculate the prime number with Prime=k×M+(65537amodM): 
The library uses the value of 39 (1…167) for the number of primes used to generate M for key sizes of 512 to 960-bits, then 71, 126 and 225 values are used for the key intervals 992–1952 bits; 1984–3936 bits; and 3968–4096 bits, respectively. 

意思就是rsalib的素数生成有漏洞,不够随机,实际上的生成方式是用p=k*M+(65537**a %M)生成的,其中M为前x个素数乘积。
因此我们确定了M值,a和k理论上也不会相差太远,暴力碰撞一下,秒出p q 

from Crypto.Util import number
from gmpy2 import *

vals=39
M=1
n = mpz(15518961041625074876182404585394098781487141059285455927024321276783831122168745076359780343078011216480587575072479784829258678691739)
primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999]

for x in range(0, vals):
    M=M*primes[x]

for a in range(1,20):
    for k in range(50):
        p=mpz(k*M+(65537**a %M))
        if is_prime(p):
            q = mpz(n//p)
            if is_prime(q):
                print('p=%d\nq=%d'%(p,q))
#p=4582433561127855310805294456657993281782662645116543024537051682479
#q=3386619977051114637303328519173627165817832179845212640767197001941

 有了p,q直接解就行了。

import gmpy2
import binascii

e = 65537
n = 15518961041625074876182404585394098781487141059285455927024321276783831122168745076359780343078011216480587575072479784829258678691739
c = int("02142af7ce70fe0ddae116bb7e96260274ee9252a8cb528e7fdd29809c2a6032727c05526133ae4610ed944572ff1abfcd0b17aa22ef44a2",16)
p=4582433561127855310805294456657993281782662645116543024537051682479
q=3386619977051114637303328519173627165817832179845212640767197001941
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(binascii.unhexlify(hex(m)[2:]))

#b'flag{760958c9-cca9-458b-9cbe-ea07aa1668e4}'

Misc

签到

题目

 https://live.bilibili.com/772947

我的解答:

公屏右上角。

flag{Welcome_To_GKCTF_2020}

Pokémon

题目

比赛累了吧,怀旧一把,我在103号道路等你

Pokémon 说明是windows编码的,只是游戏简单操作说明 flag格式为flag{flag_is_here}

游戏说明:

操作说明:小键盘上下左右键控制方向。 Z X C A S D为功能键。

怀旧一把,玩游戏给flag

我的解答:

根据题目文件及描述,我们肯定需要玩这个游戏才行。

使用gba模拟器打开,使用金手指游戏辅助开穿墙直达103道路获得flag。

flag{PokEmon_14_CutE}

问卷调查

题目

各位辛苦了,这里是一份小小的问卷,填完就有 flag 哦~

https://jinshuju.net/f/n0U96I

我的解答:

填问卷即可。

flag{I_W4nt_t0_Fu4k_GKCTF}

code obfuscation

题目

提示:压缩包密码是加密过的

我的解答:

题目给了一张倾斜的二维码,使用ps调一下,因为图片中有白线分割,所以顺便把白色部分去掉然后内容拼接完整(不留空白线就行,不用那么标准!)

得到

扫描二维码得到 base(gkctf)但提交不对,根据提示可知有压缩包

使用010打开图片

kali分离出来,提示密码是加密过的,那我们使用base加密扫描二维码得到的结果试试,发现是base58加密 CfjxaPF

得到

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('15 n 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 10 11 17="n"12 15 n 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 10 11 17="n"12 13=0 15 n 14 a b c d e f g h i j 10 11 16="n"13=$((13+1))12 1g("1f=\' \';1e=\'"\';16=\'#\';1j=\'(\';1i=\')\';1h=\'.\';1a=\';\';19=\'<\';18=\'>\';1d=\'1c\';1b=\'{\';1k=\'}\';1t=\'0\';1u=\'1\';1s=\'2\';1r=\'3\';1n=\'4\';1m=\'5\';1l=\'6\';1q=\'7\';1p=\'8\';1o=\'9\';")',62,93,'||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||do|eval|done|num|in|for|Bn|An|Ce|Cc|Cb|Cn|_|Cl|Bm|Bk|alert|By|Bt|Bs|Cp|Dg|Df|De|Dj|Di|Dh|Dd|Dc|Da|Db'.split('|'),0,{}))

根据js压缩、混淆、加密的特点 js压缩、混淆和加密 - 简书 (jianshu.com)

可以判断这就是js压缩混淆,使用在线工具解码 JS混淆加密压缩 - 站长工具 (chinaz.com)

for n in a b c d e f g h i j k l m n o p q r s t u v w x y z do eval An = "n"
    done
for n in A B C D E F G H I J K L M N O P Q R S T U V W X Y Z do eval An = "n"
    done
    num = 0
for n in a b c d e f g h i j do eval Bn = "n"
    num =
    $((num + 1)) done alert("Bk=' ';Bm='"
        ';Bn='#
        ';Bs=' (';Bt=')
        ';By='.
        ';Cb=';
        ';Cc=' < ';Ce=' > ';Cl='
        _ ';Cn=' {
            ';Cp='
        }
        ';Da='
        0 ';Db='
        1 ';Dc='
        2 ';Dd='
        3 ';De='
        4 ';Df='
        5 ';Dg='
        6 ';Dh='
        7 ';Di='
        8 ';Dj='
        9 ';")

分析代码可知是替换密码表,注意:字母的替换实际上是以A为开头的密文,比如密文Am实际上在明文中就是m

c = "$Bn$Ai$An$Ac$Al$Au$Ad$Ae$Bk$Cc$As$At$Ad$Ai$Ao$By$Ah$Ce$Ai$An$At$Bk$Am$Aa$Ai$An$Bs$Bt$Cn$Ap$Ar$Ai$An$At$Bs$Bm$Aw$Dd$Al$Ac$Da$Am$Ae$Cl$De$Ao$Cl$Dj$Ak$Ac$At$Df$Bm$Bt$Cb$Ar$Ae$At$Au$Ar$An$Bk$Da$Cb$Cp"
dic = {"Bk":' ',"Bm":'"',"Bn":'#',"Bs":"(","Bt":")","By":".","Cb":";","Cc":"<","Ce":">","Cl":"_","Cn":"{","Cp":"}","Da":"0","Db":"1","Dc":"2","Dd":"3","De":"4","Df":"5","Dg":"6","Dh":"7","Di":"8","Dj":"9"}
ls = c.split("$")
print(ls)
for i in ls:
    if "A" in i:
        print(i[1],end="")
    if i in dic:
        print(dic[i],end="")
#w3lc0me_4o_9kct5

Harley Quinn

题目

Ivy给Harley发了一个短信……算了,编不下去了,先听后看就完事了……

音频解码可能有误差,密码为有意义的无空格小写短句 解密版本为1.25

hint:电话音&九宫格

FreeFileCamouflage,下载的文件可能显示乱码

我的解答:

压缩包打开得到wav和一张jpeg。Audacity打开wav,拉到曲末,切换频谱图

典型的拨号音,DTMF解一下

dtmf2num.exe 2.wav

得到

222833344477773338866

根据提示 ,九宫格解码得到ctfisfun

使用提示软件FreeFileCamouflage对图片解码

flag{Pudd1n!!_y0u_F1nd_m3!}

Sail a boat down the river

题目

提示1:闪烁的光芒

提示2:是一行不是一列

提示3:加密方式很常见

我的解答:

附件给了一个flag.mp4和有密码的vocal.rar。

观看一下mp4发现一个二维码 ,扫码得到 https://pan.baidu.com/s/1tygt0Nm_G5fTfVFlgxVcrQ

但发现没有提取码。。。

分析Hint(闪烁的光芒)再看一下视频发现一个闪烁灯。在此位置会很快闪烁。

使用Kinovea打开,一帧一帧地仔细看闪烁的部分(注意Kinovea没有帧数的说法,每0.03秒的时长即是一帧)

发现闪烁只有两种形式,连续三帧都有闪烁,或者只有一帧闪烁之后熄灭(由于所展现的信息很短,猜测大概率是Morse),分别对应-.

得到 -.-- .-- ---.. --.

解码得到 JW8G

0 8 1 7 4 0 0 0 0
3 0 2 0 6 8 0 0 0
4 0 6 5 0 0 8 2 0
0 3 0 0 0 0 0 5 6
7 0 4 3 0 9 2 0 1
1 2 0 0 0 0 0 4 0
0 5 9 0 0 4 1 0 8
0 0 0 1 8 0 9 0 2
0 0 0 0 9 7 4 6 0
 
密文:
efb851bdc71d72b9ff668bddd30fd6bd
密钥:
第一列九宫格从左到右从上到下

使用数独工具解码 https://shudu.gwalker.cn/

根据提示:是一行不是一列,得到 52693795149137

再根据提示3:加密方式很常见。想到AES加密 http://tool.chacuo.net/cryptaes

GG0kc.tf这个应该就是压缩包密码,解压得到

百度发现是乐谱文件,需要用Overture打开,下载链接: https://www.bear20.com/pcwin/42/725931042.html

下载完试用即可不要购买。

打开文件后查找即可,会发现

flag{gkctf_is_fun}

 

 

标签:题目,GKCTF2020WP,Misc,Crypto,flag,key,print,import,加密
From: https://www.cnblogs.com/xiaoqi-ctf/p/17896789.html

相关文章

  • “古剑山”初赛Misc 幸运饼干
    “古剑山”初赛Misc幸运饼干考点:Chrome的Cookies解密赛中思路bandzip极限压缩hint.jpg后打明文攻击压缩包密码:sv@1v3z┌──(root......
  • 2023第八届上海市大学生网络安全大赛-磐石行动(misc+crypto) WP
    Cryptobird题目docx文档出现:我的解答:使用在线工具即可:https://www.dcode.fr/birds-on-a-wire-cipherflag{birdislovely}crackme题目importosimportstringfromrandomimportrandint,samplefromCrypto.Util.numberimport*fromCrypto.CipherimportAESfromC......
  • 【misc】[GFCTF 2021]重生之我在A国当间谍 --短信pdu编码
    附件下载发现只有两个文件打开flag.rar需要密码,那考虑解压密码应该是从secret.txt中获得,打开secret.txt文件试过很多加密方式都不行,考虑是短信的pdu编码PDU编码(非常经典)-CSDN博客可以使用在线短信PDU编码解码-在线工具(bugscaner.com)在线解码,这里解码第三行数据得到b......
  • ctfshow:crypto
    山岚: 刚开始还没明白是什么意思,打开txt,感觉很熟悉,就搜发现跟他一起出来的有栅栏,然后解密,我就一个栏数一个栏数的试,一直试到了14才出的flag Findthetable  这个刚开始没有题目我懵了一下,然后发现要在F12里面,然后查看审查元素,得到一串数字957648923199910274,然......
  • ctfshow:misc入门
    misc24.  打开发现flag没在这,直接压缩之后用Winhex工具,然后将高度改为EE0000(第六列),保存之后再打开文件,就可以看到ctfshow了misc25. 同样压缩之后打开Winhex然后将高度调整(第六列),然后保存之后再次打开文件misc26. 压缩打开,修改高度之后看到一部分flag,再通过脚本得到......
  • 【misc】txt零宽度隐写
    零字符宽度隐写1.1前置知识1.1.1统一码(Unicode)统一码(Unicode),也叫万国码或单一码,是计算机科学领域中的一项业界标准,包括字符集、编码方案等。Unicode是一种重要的交互和显示的通用字符编码标准,它覆盖了美国、欧洲、中东、非洲、印度、亚洲和太平洋的语言,以及古文和专业符号。Uni......
  • 2023振兴杯-Crypto wp
    crypto1题目fromflagimportflagdefencrypt(x,y):key='zxb'result=''foriinrange(len(x)):result+=chr(ord(x[i])^ord(y[i])^ord(key[i%3]))returnresultx=flagy=flag[1:]+flag[......
  • “古剑山”第一届全国大学生网络攻防大赛-Crypto WP
    CryptobabyRSA题目信息p=10557060480607393156040418736281630895040877491596075167695884580033587151860045514604024031420460694464109891485815938658886878598710052458169904360535195234858613255345870229839390747695594699084944203444188274827818114850332930966......
  • 浙江省赛决赛 misc2 蝎子
    Misc2tcp.streameq0内得知是冰蝎3.0,key是e46023a69f8db309<?php@error_reporting(0);session_start();//$key="e45e329feb5d925b";//........................32...md5.........16........................rebeyond$key="e46023a69f8db309&qu......
  • Misc_XCTF_WriteUp | [简单] 凯撒大帝在培根里藏了什么
    题目提示:究极简单题(认真格式为flag{你所得到的大写字符串}题目:分析根据提示,该题用到凯撒密码和移位密码。题目中字符串非A即B,先用培根密码的方式解密:之后不断更换偏移量对培根密码解密的结果进行凯撒密码解密。当偏移量为6时得到的字符串可读:按格式提交flag......