个人赛

20211108_俞振阳

排名

第六名

解题思路

ctf1 签到题 类型：Misc

文件最后出现明显字符提示，尝试base64编码

flag{ae9603a1-a905-f9be-5143-660bac605401}

ctf5 伪装者 类型：Web

尝试注入此ip值
curl -H "X-Forwarded-For: 1.1.1.1" http://39.106.48.123:13504/

flag{4404c26d-cd6b-43a7-b8f4-1a844dcae940}

simple 类型：Crypto

有很规整的答案的格式，而且提示“放射”，猜测是仿射密码

ciphertext="kgws{m8u8cm65-ue9k-44k5-8361-we225m76eeww}"
decrypted_text=""
 
for i in ciphertext:
    if ord(i)>=ord('a') and ord(i)<=ord('z'):
        text=ord(i)-ord('a')
        for j in range(26):
            if pow(123456*j+321564,1,26)==text:
                decrypted_text=decrypted_text+chr(ord('a')+j)
                break
    else:
        decrypted_text=decrypted_text+i
print(decrypted_text)

flag{c8d8ec65-db9f-44f5-8361-ab225c76bbaa}

b64 类型：Crypto

将泄露的明文进行base64编码，结果YXNobGtqIUBzajEyMjMlXiYqU2Q0NTY0c2Q4NzlzNWQxMmYyMzFhNDZxd2prZDEySjtESmpsO0xqTDtLSjg3MjkxMjg3MTM=
与泄露的的密文存在对应关系pTjMwJ9WiQHfvC+eFCFKTBpWQtmgjopgqtmPjfKfjSmdFLpeFf/Aj2ud3tN7u2+enC9+nLN8kgdWo29ZnCrOFCDdFCrOFoF=
但是字母['E', 'G', 'I', 's', 'X', 'z']的映射关系未知，需要进行穷举。
这里是对已知关系进行解密的一次结果：

ZmxhZ3sxZTNhMmElNI0xYzGyLTEmNGYtOWIyZIshNGFmYWXkZjGxZTZz

# 已知的明密文对
known_plain = "YXNobGtqIUBzajEyMjMlXiYqU2Q0NTY0c2Q4NzlzNWQxMmYyMzFhNDZxd2prZDEySjtESmpsO0xqTDtLSjg3MjkxMjg3MTM="
known_cipher = "pTjMwJ9WiQHfvC+eFCFKTBpWQtmgjopgqtmPjfKfjSmdFLpeFf/Aj2ud3tN7u2+enC9+nLN8kgdWo29ZnCrOFCDdFCrOFoF="

# 新的密文
new_cipher = "uLdAuO8duojAFLEKjIgdpfGeZoELjJp9kSieuIsAjJ/LpSXDuCGduouz"

# 解密函数
def decrypt(ciphertext, known_plain, known_cipher):
    # 构建替换密码字典
    substitution_dict = {}
    for p, c in zip(known_plain, known_cipher):
        substitution_dict[c] = p
    
    # 解密新的密文
    plaintext = ""
    for char in ciphertext:
        if char in substitution_dict:
            plaintext += substitution_dict[char]
        else:
            plaintext += char
    return plaintext

# 解密新的密文
decrypted_text = decrypt(new_cipher, known_plain, known_cipher)
print("Decrypted text:", decrypted_text)

与结果格式flag{XX-XX-XX-XX}十分接近，之前未知的几个字母的映射关系就可以进行猜测。
最后筛选符合格式的编码后结果有

flag{1e3a2be4-1c02-2f4f-9b2d-a4afaddf01e6}
flag{1e3a2be4-1c02-2f4f-9b2d-a4afaedf01e6}
flag{1e3a2de4-1c02-4f4f-9b2d-a4afabdf01e6}
flag{1e3a2de4-1c02-4f4f-9b2d-a4afaedf01e6}
flag{1e3a2ee4-1c02-5f4f-9b2d-a4afabdf01e6}
flag{1e3a2ee4-1c02-5f4f-9b2d-a4afaddf01e6}

最后一个一个尝试提交，正确的结果是
flag{1e3a2de4-1c02-4f4f-9b2d-a4afabdf01e6}