MISC
复合
尝试导出http数据
发现文件类型和文件名都被改过
把pass.md改为pass.zip,发现打不开
添加文件头
解压得到
Emklyusg=E2=80=82gni=E2=80=82bvvymlag=E2=80=82tsqic=E2=80=82colz=E2=80=82jx=
moxvl=E2=80=82tiwhz=E2=80=82ebmee,=E2=80=82Zhjeoig=E2=80=82Krpvpi-Zgvlyvx=
=E2=80=82Evdr=E2=80=82or=E2=80=82olv=E2=80=82Rbtm=E2=80=82bl=E2=80=82Gcscck=
h=E2=80=82une=E2=80=82fz=E2=80=82e=E2=80=82tftstrtkdrx=E2=80=82rxeb=E2=80=
=82suv=E2=80=82olfqx=E2=80=82dpb=E2=80=82tizh=E2=80=82km=E2=80=82kliq=E2=80=
=82ox=E2=80=82hsjr:=E2=80=82mom=E2=80=82luyik,=E2=80=82kfx=E2=80=82dwhrh-wi=
=E2=80=82iympwagp,=E2=80=82vru=E2=80=82ral=E2=80=82qzveomvlm.=E2=80=82Aw=E2=
=80=82fgc=E2=80=82olrr=E2=80=82fhvl=E2=80=82nivpkf=E2=80=82vhzr=E2=80=82vvj=
jvqlpwagpn=E2=80=82jrje=E2=80=82pvgu=E2=80=82xcijc=E2=80=82vhbrmsmmvq=E2=80=
=82bz=E2=80=82vbz=E2=80=82xj=E2=80=82jrsea=E2=80=82bukq=E2=80=82wyk=E2=80=
=82kxymye=E2=80=82xj=E2=80=82hvqvyqok=E2=80=82xcid.=E2=80=82Uav=E2=80=82jro=
rb=E2=80=82cfsgn=E2=80=82knt=E2=80=82oisn=E2=80=82uahb=E2=80=82vz=E2=80=82m=
n=E2=80=82pzix=E2=80=82aw=E2=80=82ok=E2=80=82sgh?=E2=80=82Nfh=E2=80=82aznor=
zh=E2=80=82zl=E2=80=82plagkvi=E2=80=82wtgxubvlmx=E2=80=82qvbbjqak=E2=80=82h=
vvvq=E2=80=82gvb=E2=80=82gxc=E2=80=82os=E2=80=82sc=E2=80=82khbvurvp?=E2=80=
=82Wjtn=E2=80=82qf=E2=80=82rmai=E2=80=82zq=E2=80=82yhvggwomt.Ygk=E2=80=82eu=
u=E2=80=82gvyxfm=E2=80=82bx=E2=80=82vt=E2=80=82xci=E2=80=82kylr-weoiixvb=E2=
=80=82btxrxeommc=E2=80=82hm=E2=80=82kbtxzqgmkhzl=E2=80=82siymtggl=E2=80=82k=
nt=E2=80=82xmycw=E2=80=82vsivs=E2=80=82xci=E2=80=82mgkacr=E2=80=82uj=E2=80=
=82kekgxukr?=E2=80=82Kzzr=E2=80=82scyvzr=E2=80=82seiexcw-jiek=E2=80=82mimkg=
taqikw=E2=80=82ns=E2=80=82xpxhbye=E2=80=82migictzmq=E2=80=82zlz=E2=80=82tic=
lzcek,=E2=80=82tccjgvpiay=E2=80=82azvv=E2=80=82dttwhypt=E2=80=82xzkx-kzvbii=
,=E2=80=82xiybumq=E2=80=82zs=E2=80=82nivi=E2=80=82xmnvimzrtw=E2=80=82bu=E2=
=80=82iyr=E2=80=82xcmeel,=E2=80=82jiek=E2=80=82sa=E2=80=82trrblvgy=E2=80=82=
tmsdgglvgrc=E2=80=82vqflz=E2=80=82aprs.=E2=80=82Xj=E2=80=82wlaa=E2=80=82wme=
ysiw,=E2=80=82kfx=E2=80=82apbakcx=E2=80=82fd=E2=80=82kliqorb=E2=80=82e=E2=
=80=82emolt=E2=80=82zgc=E2=80=82nivk=E2=80=82t=E2=80=82wzblpdkrrx=E2=80=82d=
ifzi=E2=80=82jj=E2=80=82kgfl.=E2=80=82Eue=E2=80=82wkieb=E2=80=82avcey=E2=80=
=82vzeuggn=E2=80=82iouyo=E2=80=82ayym=E2=80=82umikv=E2=80=82cegnxumq?=E2=80=
=82Zldw=E2=80=82hsxzbvur=E2=80=82cej=E2=80=82zxlv=E2=80=82rrslyvlmsg=E2=80=
=82ntwriicw=E2=80=82vdrx=E2=80=82xci=E2=80=82pctya=E2=80=82oe=E2=80=82xcsjc=
=E2=80=82pow=E2=80=82hyi=E2=80=82gmkckhbhxi=E2=80=82dr=E2=80=82dcwpknr=E2=
=80=82iyytympwa.=E2=80=82
根据特征发现是quoted-printable编码
Emklyusg gni bvvymlag tsqic colz jxmoxvl tiwhz ebmee, Zhjeoig Krpvpi-Zgvlyvx Evdr or olv Rbtm bl Gcscckh une fz e tftstrtkdrx rxeb suv olfqx dpb tizh km kliq ox hsjr: mom luyik, kfx dwhrh-wi iympwagp, vru ral qzveomvlm. Aw fgc olrr fhvl nivpkf vhzr vvjjvqlpwagpn jrje pvgu xcijc vhbrmsmmvq bz vbz xj jrsea bukq wyk kxymye xj hvqvyqok xcid. Uav jrorb cfsgn knt oisn uahb vz mn pzix aw ok sgh? Nfh aznorzh zl plagkvi wtgxubvlmx qvbbjqak hvvvq gvb gxc os sc khbvurvp? Wjtn qf rmai zq yhvggwomt.Ygk euu gvyxfm bx vt xci kylr-weoiixvb btxrxeommc hm kbtxzqgmkhzl siymtggl knt xmycw vsivs xci mgkacr uj kekgxukr? Kzzr scyvzr seiexcw-jiek mimkgtaqikw ns xpxhbye migictzmq zlz ticlzcek, tccjgvpiay azvv dttwhypt xzkx-kzvbii, xiybumq zs nivi xmnvimzrtw bu iyr xcmeel, jiek sa trrblvgy tmsdgglvgrc vqflz aprs. Xj wlaa wmeysiw, kfx apbakcx fd kliqorb e emolt zgc nivk t wzblpdkrrx difzi jj kgfl. Eue wkieb avcey vzeuggn iouyo ayym umikv cegnxumq? Zldw hsxzbvur cej zxlv rrslyvlmsg ntwriicw vdrx xci pctya oe xcsjc pow hyi gmkckhbhxi dr dcwpknr iyytympwa.
把flagggggg.exe改为.doc
FLAG.png则是everything 的安装包
获得一个key:everything
维吉尼亚解密
Arguably the greatest novel ever written about aging, Gabriel Garcia-Marquez Love in the Time of Cholera may be a challenging text for those who need to read it most: the young, the would-be rational, and the impatient. To say that many health care professionals fall into these categories is not to fault them but merely to describe them. Who being young can know what it is like to be old? Who trained in western scientific medicine dares not try to be rational? Flag is life is fantastic.And who caught up in the task-oriented imperative of contemporary medicine can truly claim the virtue of patience? Even before managed-care initiatives so greatly increased the pressure, physicians were famously time-driven, trained to seek efficiency in all things, care of patients prominently among them. To such persons, the thought of reading a novel may seem a profligate waste of time. Why spend hours reading about what never happened? This question has been eloquently answered over the years by those who use literature in medical education.
Flag is life is fantastic
flag{life_is_fantastic}
EasySteg
reverse一下
然后不知道怎么写了,有没有大神
CRYPTO
crypto-xor2
”轮环异或加密,你能解开么?格式:flag{}“
文件下载有一个py文件和一个文本文件
从描述可得知就是一个异或加密
from secret import flag
key = "xxxx" # not real key
cipher = ""
for i, c in enumerate(flag):
cipher += chr(ord(c) ^ ord(key[i%4]))
with open("cipher", "w") as f:
f.write(cipher)
先把cipher乱码打印出来,再比葫芦画瓢异或就行
key = "xxxx"
f = open("cipher", "rb")
for i in f:
print(i)
#b'\x1e\x14\x19\x1f\x03\x1e\x1b\x1b\x1aHNNMU\x1a\x1b\x1dMU\x1cKJAU\x19\x1b\x19OUAAIOA\x1a\x1c\x1bA\x1d\x1cK\x05'
flag = b'\x1e\x14\x19\x1f\x03\x1e\x1b\x1b\x1aHNNMU\x1a\x1b\x1dMU\x1cKJAU\x19\x1b\x19OUAAIOA\x1a\x1c\x1bA\x1d\x1cK\x05'
cipher = ""
for i, c in enumerate(flag):
cipher += chr(c ^ ord(key[i % 4]))
print(cipher)
#flag{fccb0665-bce5-d329-aca7-99179bdc9ed3}
RSA Fault
题目基于RSA的CRT解密故障,正常流程下,RSA的CRT解密流程是:
- 计算mp = c^dp % p
- 计算mq = c^dq % q
- CRT组合得到模n下的明文m
而在这一题目中也是按照这个流程进行解密的,只是解密时出现了一点故障,如下:
def fault_signature(m,dp,p):
bits = list(range(dp.bit_length()))
# Random Errors
for i in range(2):
dp ^= 1 << bits.pop(randbelow(len(bits)))
return pow(m,dp,p)
也就是说,在计算mp、mq时,dp、dq都发生了两比特的随机翻转,这会导致什么后果呢?我们以dp做例子看一看错误结果与正确结果的关系是什么,假设发生故障后,dp的第i比特位由1变成0,第j比特位由0变成1,则有:
那么计算明文时,原本正确的mp应该是:
标签:攻防,self,flag,2022,WP,80,php,def,E2 From: https://www.cnblogs.com/hihopkc/p/18188691