山东省“技能兴鲁”职业技能大赛-密码技术应用员
1.esaylog
题目描述:截获了某网站的访问日志,请从海量业务流量中寻找到攻击者获取的敏感数据
2.红队-ERSA
题目描述:ERSA
3.签到啦
题目描述:base!base!base!
flag格式:nctf{xxxx}
4.LNSS-x+1
题目描述:x+1计划需要flag
5.RSA1
题目描述:RSA
6.二十大保障之--国密算法
题目描述:二十大保障过程中,发现有针对性国密算法的攻击程序,请分析并破译,flag格式flag{}
7.singleBC_1.3
题目描述:网站根目录下的flag内容为?
说明:web安全题目,需要sql入侵,没有靶场,无法复盘。
给的是一个网页,只有一个id输入框,输入随机数字之后,点提交按钮,会提示一个错误。
=======================================================
以下是writeup:
1.;通过搜索可以找到 GET /search?q=x' OR (SELECT SUBSTR(flag_value,1,1) FROM flags)='f';--
;攻击者通过请求/search?q=x这个地址发送flag内容
;由于给出的是日志文件,纯文本 ,可以考虑用正则表达式处理
;~ FROM flags)='f';
使用autoit脚本处理,答案:flag{9780f3738ac14a14ac85c490147a7285}
Local $hFile = FileOpen('access.log')
Local $content = FileRead($hFile)
FileClose($hFile)
Local $aF = StringRegExp($content,"FROM flags\)='([\w\}\{]+?)';",3)
Local $Flag = ''
For $i = 0 To UBound($aF)-1
$Flag &= $aF[$i]
Next
ConsoleWrite($Flag&@CRLF)2.python计算:答案:flag{f9f9d6540a24ef6f94f75353b34c7b23}
import math
# 题目给出的已知值
c = 9770696378649599298335400149775800715278098395147272306126448777137278396736011727171893364673565527155223414914391695677662714372703334029492906594424180598856390103756148323078728616423112890680089381676909198635512847985842520084149817878301301549069609714683746667017517022441032437836984100201649521840529543340604204522906463708710970350337103229055624130836951088663226808981359344280485482464307017127139718730517463626060659603182668778899105742684687481146096184168045912805224630356362355241072789095254777822518083568596449809490848892863318817733333054146542365433313199368414727666368039248188714397128
n = 14936456980075783281922696832049096859221239201249171982141610258623112327968680537838099310211984453360226488577822212626095978045216530376208986236704143560705437756664226713691638742459855042144729993839511315308913815059681238743382692670368631286955063026418961862377638938848583503792443856492719474542034456285951706815893826312300947717749918478527247231204266257390058353494592957218853834915527042603661225894611873097295901222573134018399015617591564511819475791631668157430824467297886642079947309566578299940770281749782665274445486625638309935537123768790341685291775792134855237673460858730137431332457
d_diff = 33592333200998386040362834713014895724281133303213331571491951785196332425258583214521710608125318093619017193570907121774399377343191391602029873328929592320596625058289207378302506832182734714605207645165835350634120951823332889155095618617191430939499014551009714045296821289677791960512135184215407566096
# 步骤1:计算判别式 delta = d_diff² + 4n
delta = d_diff * d_diff + 4 * n
# 步骤2:开平方得到 sqrt_delta(验证是否为完全平方数)
sqrt_delta = math.isqrt(delta)
assert sqrt_delta * sqrt_delta == delta, "delta不是完全平方数"
# 步骤3:求解 q 和 p
q = (sqrt_delta - d_diff) // 2
p = q + d_diff
# 步骤4:验证 p*q == n(确保正确分解)
assert p * q == n, "p和q分解错误"
print(f"p = {p}")
print(f"q = {q}")
# 步骤5:计算私钥 d(e=65537为默认公钥)
e = 65537
phi = (p - 1) * (q - 1)
d = pow(e, -1, phi) # 模逆
# 步骤6:解密得到明文 m
m = pow(c, d, n)
# 步骤7:将m转换为ASCII字符串(flag)
flag = bytes.fromhex(hex(m)[2:]).decode('ascii')
print(f"flag = {flag}")3.python解密:nctf{random_mixed_base64_encode}
import base64
# 原始数据
encoded_data = "R00yRElOSlRHVVpUSU1aVUdNNFRHTlpVR0VaVElOQlVHTTJUR05CVEdVWlRFTVpVR01aREdOQlVHVVpUSU1aVUdNMkRHT0pUR01aVENNWlVHUTJUR05SVUdFWlRLTVpSR01aVEdNSlRHUTJES01aWEdRWVRHTkpUR0VaVEdNWlJHTTJESU5CVEdZMkRDTVpWR00yVEdOWlVHRVpUSU5CVkdNM0RJTVJUR1EyRElNWlRHTVlUR05CVUdVWlRNTkJSR00yVEdNUlRHUVpURU1aVUdRMlRHTkpUR1FaVEtNWlpHTVpUR01KVEdRMkRLTVpVR00yREdOSlRHSVpUSU1aU0dNMkRJTkpUR1FaVElNWlZHTTJUR01aVEdFWlRJTkJWR00yREdOQlRHVVpUS01aVEdNWVRHTkJVR1FaVE9OQlJHTTJUR05KVEdNWlRBTVpVR1EyREdOWlVHRVpUS01aVkdNWlRHTVJUR1EyREtNWldHUVpER05CVEhFWlRHTVpTR00yRElOSlRHUVpUSU1aVkdNMlRHTVpUR0laVElOQlZHTTJER05KVEdVWlRDTVpYR1FZVEdOQlVHUVpUS01aVUdNMlRHTkpURzRaVFNNWlVHUTJUR05CVEdVWlRJTVpWR01aVEdNSlRHUTJES01aVUdNMkRHTkpUR1VaVEdNWlNHTTJESU5KVEc0MkRDTVpVR01ZVEdNWlRHRVpUSU5CVkdNM0RJTUpUR1VaVEtNWlhHUVlUR05CVUdVWlRLTVpVR00yVEdOSlRHTVpUQ01aVUdRMlRHTkpUR1FaVE1NWlRHTVpUR05KVEdRMkRLTVpWR00yREdOQlRIRVpUR01aUkdNMkRJTkpUR1VaVElNWlZHTTRUR01aVEdBWlRJTkJWR00yREdOSlRHVVpUU01aVEdNWVRHTkJVR1FaVEtNWlVHTTJESU5CVEc0WlRPTVpVR1EyVEdOQlRHVVpUSU1aVkdNWlRHTUJUR1EyRE1NWlVHTTJER05KVEdVWlRHTVpSR00yRElOSlRHWTJERU1aVUdNNFRHTVpUR0FaVEtNWlJHTTJUR05CVEdVWlRDTVpUR01ZVEdOQlVHVVpUS01aVUdNMkRJTkJUR01aVENNWlVHUTJUR05KVEdRWlRJTkJVR01aVEdNSlRHUTJES01aVUdNMkRHTkJVR1FaVEdNWlJHTTJESU5KVEdZMkRDTVpWR00yVEdNWlRHRVpUSU5CVkdNM0RJTUpUR1EyRElNWlhHUVlUR05CVUdRWlRJTVpVR00yVEdNUlRHUVpUS01aVUdRMlRHTlJVR0laVElOQlVHTVpUR01KVEdRMkRJTVpXR1FZVEdOSlRHSVpUSU1aU0dNMkRJTkpUR1VaVElNWlZHTVlUR01aVEdFWlRJTkJWR00zRElNSlRHWVpUR01aWEdNM1RHTkJVR1VaVEtNWlVHTTJUR01KVEdNWlRDTVpVR1EyREdOUlVHRVpUSU5CVUdNM1RHT0JUR1EyREtNWlVHTTJUR05CVEdVWlRHTVpRR00yRElOQlRHNDJEQ01aVkdNMlRHTlpUSEVaVElOQlZHTTJER05CVEdVWlRLTVpUR01aREdOSlRHRVpUT05CUkdNMlRHTkpURzRaVFNNWlVHUTJUR05KVEdRWlRLTVpWR01aVEdNUlRHVVpUQ01aWEdRWVRHTkpUR1VaVEdNWlNHTTJESU5KVEdRWlRJTVpXR00zVEdNWlRHRVpUSU5CVkdNM1RJTUpUR1VaVEtNWlRHTVlER05CVUdVWlRJTVpWR00yREdOSlRHTVpUQU1aVUdRMlRHTlJVR0VaVEtNWlZHTTNUR09KVEdRMkRJTVpYR1FZVEdOQlRHRVpUT05CUkdNMkRJTkpUR1VaVElNWlZHTVpER05CVEdNWlRJTkJWR00yVEdOQlRHVVpUU01aVEdNWVRHTkJVR1VaVEtNWlVHTTJUR09KVEdNWlRBTVpVR1EyVEdOSlRHUVpUSU1aWkdNWlRHTUJUR1VaVEVNWlZHTTJER05KVEdFWlRHTVpTR00yRElOSlRHVVpUSU1aVUdNNFRHTVpUR0FaVEtNWlJHTTNUSU1KVEdVWlRLTVpUR01ZREdOQlVHVVpUTU5CU0dNMkRJTkJUR01aVEdNWlVHUTJER05CVEdRWlRLTVpWR01aVEdNWlRHUTJES01aVkdNMkRHTkJUSEVaVE9OQlJHTTJESU5CVEdRWlRJTVpVR1EyREdOWlRHNFpUSU5CVkdNM1RJTUpUR1kyREVNWlRHTVlUR05CVUdRWlRNTkJSR00yVEdNSlRHTVpUQ01aVUdRMlRHTlpVR0VaVEtNWlJHTVpUR01CVEdVWlRFTVpXR1FZVEdOSlRHVVpUT01aWUdNMkRJTkJURzQyRENNWlVHTVlUR01aVEdBWlRLTVpTR00yVEdOQlRHVVpUQ01aVEdNMkRHTkJVR1VaVEtNWlVHTTJUR05KVEdNWlRDTVpVR1EyVEdOUlVHRVpUTU1aVEdNM1RHTlpUR1EyREtNWlVHTTJER05KVEdVWlRHTVpSR00yRElOQlRHNDJEQ01aVkdNMlRHTVpUR0VaVElOQlVHTTNUSU1KVEdZMkRFTVpUR01ZREdOQlVHUVpUT05CUkdNMlRHTkpUR01aVEVNWlVHUTJUR05KVEdRWlRLTVpWR01aVEdNUlRHUTJES01aVUdNMkRHTkpUR1laVElNWlNHTTJESU5KVEdRWlRLTVpWR01ZVEdNWlRHSVpUS01aUkdNM0RJTUpUR1VaVEtNWlRHTVpER05CVUdVWlRJTVpWR00yREdOSlRHTVpUQ01aVUdRMlRHTkJUR1FaVEtOQlJHTTJER01aVEdRMkRLTVpYR1FZVEdOQlRHRVpUR01aUkdNMkRJTkpURzQyRENNWlZHTTJUR05aVEhFWlRJTkJVR00zVElNSlRHUVpUS01aVEdNWURHTkJVR1VaVE1OQlJHTTJUR09KVEc0WlRRTVpVR1EyVEdOSlRHUVpUS01aWkdNWlRHTUJUR1EyREtNWlZHTTJER05SVEdNWlRHTVpRR00yRElOSlRHVVpUSU1aVUdNWVRHTVpUR0VaVElOQlVHTTJUR05CVEdVMkRDTVpVR00yREdOQlVHVVpUS01aVUdNMlRHT0pUR01aVEFNWlVHUTNER05CVEdRWlRLTVpTR00yREdOUlRHUTJES01aVUdNMkRHTkpUR0VaVEdNWlFHTTJUR01KVEdVWlRJTVpWR01ZVEdNWlRHRVpUSU5CVkdNMlRHTkJUR1VaVEtNWlhHUVlUR05CVUdRWlRJTVpVR00yRElOQlRHTVpUQ01aVUdRMlRHTkJUR1VaVElOQlVHTVpUR01KVEdRMkRJTVpWR00yREdOSlVHRVpUSU1aVEdNMkRJTkpUR1kyRENNWlZHTVlUR01aVEdFWlRJTkJVR00zRElNSlRHVVpURU1aVUdNMlRHTkJVR1VaVE1OQlNHTTJESU5CVEdNWlRDTVpVR1EyREdOUlVHRVpUS01aU0dNMkRHTkJUR1EyREtNWlZHTTJER05KVEdFWlRPTkJSR00yRElOQlRHUVpUSU1aV0dNWlRHTlpURzRaVElOQlZHTTJUR05CVEdZWlRHTVpUR01ZVEdOQlVHUVpUTU5CUkdNM0RHTkJUR1FaVEVNWlVHUTJUR05KVEdRWlRJTVpWR01aVEdNWlRHUTJETU1aVkdNMkRHTkpUR1VaVE9NWlpHTTJESU5KVEdVWlRJTVpWR00yVEdNWlRHRVpUSU5CVkdNM0RJTUpUR1VaVEVNWlVHTTNUR05CVUdVWlRLTVpVR00yREdOSlRHNDJEQ01aVUdRMkRHTkJUR1FaVEtNWldHTTJER01SVEdRMkRLTVpVR00yREdOUlRHNFpUR01aUkdNMkRJTkpUR1VaVElNWlZHUVlUR05CVEdNWlRJTkJWR00yREdOSlRHUVpUS01aVEdNWURHTkJVR1VaVEtNWlVHTTJUR05KVEc0MkRDTVpVR1EyREdOWlVHRVpUSU1aVkdNWlRHTUJUR1EyREtNWldHUVlUR05KVEdJWlRJTVpUR00yRElOSlRHVVpUSU1aVkdNNFRHTVpUR0VaVElOQlZHTTJUR05CVEdVMkRDTVpVR00yREdOQlVHVVpUSU1aVUdNMlRHT0pUR01aVEFNWlZHTVpER05CVEdRWlRLTkJSR00yREdOQlRHUTJES01aVkdNMkRHTkJUSEVaVEdNWlFHTTJUR01KVEc0MkRDTVpWR00yVEdNWlRHQVpUSU5CVkdNM0RJTVJUR1FaVFNNWlRHTVlER05KVEdJWlRLTVpVR00yVEdNSlRHTVpURU1aVUdRMlRHTkpUR1FaVElNWlpHTTNUSU1KVEdRMkRJTVpWR00yREdOSlRHSVpUSU1aU0dNMkRJTkpUR1FaVElNWlZHTVlUR01aVEdFWlRJTkJWR00zRElNSlRHVVpUQ01aVEdNWVRHTkJVR1VaVE9OQlJHTTJUR01KVEdNWlRBTVpWR01aREdOSlRHUVpUS01aVkdNWlRHTVpUR1EyREtNWldHUVpER05CVUdRWlRHTVpSR00yVEdNSlRHVVpUSU1aVkdNWkRHTkJUR0laVElOQlZHTTJUR05CVEdRWlRTTVpUR01ZVEdOQlVHVVpUSU1aVUdNMlRHTVJUR1FaVEVNWlVHUTJUR05CVEdRWlRLTVpaR01aVEdNSlRHUTJESU1aV0dRWVRHTkpUR1VaVEdNWlJHTTJESU5CVEc0MkRDTVpWR00yVEdNWlRHQVpUS01aUkdNM0RJTUpUR1VaVEtNWlRHTVlUR05CVUdRWlRPTkJSR00yREdNSlRHTVpURU1aVUdRMlRHTkJUR1FaVEtNWlZHTTNUR09KVEdRMkRLTVpWR00yREdOUlRHTVpUR01aU0dNMlRHTUpUR1kyRENNWlZHTTJUR05aVEhFWlRJTkJWR00yREdOSlRHUVpUS01aVEdNWVRHTkJVR1VaVElNWlVHTTJUSU1KVEdRWlRHTVpVR1EyVEdOWlVHRVpUSU1aUkdNWlRHTUpUR1EyREtNWlZHTTJER05KVEdVWlRPTVpaR00yRElOQlRHNDJEQ01aVUdNMlRHTVpUR0laVEtNWlJHTTNESU1KVEdZWlRHTVpUR00yVEdOQlVHVVpUS01aVUdNMlRHT0pUR01aVEFNWlVHUTJUR05KVEdRWlRLTkJSR00yREdOQlRHUTJES01aVUdNMlRHTkpUSEVaVEdNWlJHTTJESU5CVEc0MkRDTVpWR1FZVEdOQlRHUVpUSU5CVkdNMlRHTkJUR1FaVFNNWlRHTVlER05CVUdZWlRJTVpVR00yVEdOSlRHTVpURU1aVUdRMlRHTkpUR1FaVEtNWlJHTVpUR01CVEdVWlRDTVpWR00yREdOSlRHRVpUR01aUkdNMkRJTkpUR1VaVElNWlVHUTJER01aVEdFWlRJTkJWR00zRElNSlRHVVpUQ01aVEdNWkRHTkJVR1VaVEtNWlVHTTJESU5CVEdNWlRDTVpVR1EyVEdOUlVHRVpUS05CUkdNMkRHTVpUR1EyREtNWldHUVlUR05KVEdFWlRHTVpRR00yVEdNSlRHVVpUSU1aVkdNWkRHTkJUR1VaVElOQlZHTTNESU1SVEdRWlRTTVpUR01ZVEdOQlVHUVpUTU5CUkdNMlRHTkpURzRaVE9NWlVHUTJUR05KVEdRWlRLTVpSR01aVEdNUlRHVVpUQ01aV0dRWVRHTlJUR01aVE9NWlhHTTJESU5KVEdVWlRJTVpXR01aVEdNWlRHRVpUSU5CVUdNM0RJTUpUR1EyRElNWlhHTTNUR05CVUdRWlRPTkJSR00yREdNSlRHTVpUR01aVUdRM0RHTkpUR1FaVEtNWlZHTTNUR09KVEdRMkRLTVpVR00yREdOSlRHVVpUR01aVEdNMkRJTkpUR1FaVElNWlZHTVpER05CVEdZWlRJTkJWR00yVEdOQlRHUTJESU1aVEdNWkRHTkpUR0VaVE9OQlJHTTJUR05SVEdRWlRFTVpVR1EyVEdOQlRHVVpUSU1aVkdNWlRHTUpUR1EyRElNWldHUVlUR05KVEdVWlRHTVpRR00yRElOSlRHUVpUS01aVUdNMlRHTVpUR0VaVElOQlZHTTJUR05CVEdVWlRLTVpUR01ZVEdOQlVHVVpUS01aVUdNMlRHTkpURzQyRENNWlVHUTJUR05KVEdRWlRLTVpSR01aVEdNQlRHUTJES01aVkdNMkRHTkJUR1VaVEdNWlNHTTJUR01KVEdZMkRDTVpWR000VEdNWlRHQVpUSU5CVkdNMlRHTkJUR1VaVFNNWlRHTVlER05KVEdJWlRJTVpVR00yRElOQlRHNFpUT01aVUdRMlRHTkpUR1FaVElNWlpHTVpUR01CVEdVWlRDTVpWR00yREdOSlRHVVpUR01aUkdNMkRJTkpUR1VaVElNWlZHTTRUR01aVEdNWlRJTkJVR00yREdOQlRHVVpUS01aVEdNWkRHTkJVR1VaVEtNWlVHTTJER09KVEc0MkRDTVpVR1EyREdOSlRHUVpUS05CUkdNMkRHTVpUR1EyREtNWlhHUVlUR05SVUdJWlRHTVpSR00yRElOSlRHWTJEQ01aVkdNWVRHTVpUR0VaVElOQlZHTTJER05KVEdVWlRLTVpUR01ZREdOSlRHSVpUTU5CUkdNMlRHTkpURzQyRENNWlVHUTJUR05SVUdJWlRJTkJVR01aVEdNQlRHVVpURU1aVkdNMkRHTkpUR0VaVEdNWlVHTTJESU5KVEdVWlRJTVpWR01ZVEdNWlRHRVpUSU5CVkdNM0RJTUpUR1laVEdNWlhHTTNUR05CVUdVWlRJTVpVR00yVEdOSlRHTVpUQ01aVUdRMkRHTlpVR0VaVEtNWlZHTVpUR01KVEdRMkRJTVpYR1FZVEdOUlVHSVpUR01aUUdNMkRJTkJURzQyRENNWlZHTTJUR01aVEdJWlRJTkJWR00yVEdOQlRHVVpUS01aVEdNWkRHTkJVR1FaVE9OQlJHTTJESU5CVEc0WlRPTVpVR1EyVEdOQlRHVVpUS01aUkdNWlRHTVJUR1VaVENNWldHUVlUR05KVEdVWlRHTVpTR00yRElOSlRHUVpUS01aVUdNMlRHTVpUR0VaVElOQlZHTTJER05CVEdVMkRDTVpVR01aVEdOQlVHVVpUT05CUkdNMlRHTUpUR01aVEFNWlVHUTJER05aVUdFWlRLTVpWR00zVEdPSlRHUTJESU1aWEdRWVRHTkJUR1VaVEdNWlJHTTJESU5KVEdVWlRJTVpXR01aVEdNWlRHVVpUSU5CVkdNMlRHTkJUR1VaVFNNWlRHTVlER05CVUdVWlRLTVpVR00yVElNSlRHUVpUSU1aVUdRMlRHTkpUR1FaVElNWlpHTVpUR01KVEdRMkRLTVpWR00yREdOSlVHRVpUSU1aVUdNMkRJTkpUR1VaVEtNWlVHTTJUR01aVEdBWlRJTkJXR00yREdOQlRHVVpUS01aVEdNWVRHTkJVR1VaVEtNWlVHTTJUR01KVEdNWlRBTVpWR01ZVEdOSlRHUVpUS01aUkdNWlRHTVJUR1EyREtNWlZHTTJER05CVEhFWlRHTVpSR00yRElOSlRHVVpUSU1aVUdRMkRHTVpUR0VaVElOQlZHTTJER05KVEdRWlRTTVpUR01ZVEdOQlVHVVpUT05CUkdNMlRHTUpUR01aVENNWlVHUTJUR05SVUdFWlRLTVpSR01aVEdNSlRHUTJESU1aV0dRWVRHTkpUR0laVElNWlZHTTJESU5CVEc0MkRDTVpVR00yVEdNWlRHRVpUSU5CVUdNM0RJTUpUR1VaVEVNWlVHTTJER05CVUdVWlRLTVpVR00yVEdOSlRHTVpUQ01aVUdRMlRHTkpUR1FaVE1NWlRHTTNUR05aVEdRMkRLTVpWR00yREdOSlRIRVpUR01aUkdNMkRJTkJURzQyRENNWlZHTVlUR01aVEdFWlRJTkJWR00yVEdOQlRHVVpUS01aVEdNWlRHTkJVR1laVEtNWlVHTTJUR05KVEdNWlRFTVpVR1EyVEdOQlRHUVpUS01aVkdNWlRHTVJUR1VaVENNWlhHUVlUR05KVEdJWlRJTVpXR00yRElOSlRHVVpUSU1aV0dNWlRHTVpUR0laVEtNWlJHTTNUSU1KVEdVWlRFTVpVR00zREdOQlVHVVpUSU1aVUdNM0RHTlpUR01aVENNWlVHUTJUR05SVUdFWlRLTVpWR01aVEdNUlRHUTJES01aV0dRWkRHTkJVR1FaVEdNWlFHTTJESU5KVEdVWlRJTVpWR00yVEdOWlVHRVpUSU5CVkdNMlRHTkJUR1VaVFNNWlRHTVlER05CVUdVWlRNTkJSR00yVEdNUlRHUVpUR01aVUdRMlRHTkpUR1FaVEtNWlpHTVpUR01CVEdRMkRLTVpWR00yREdOSlRIRVpUR01aUUdNMkRJTkpUR1VaVElNWlZHTTRUR01aVEdBWlRLTVpTR00yREdOQlRHVTJEQ01aVUdNWlRHTkJVR1VaVEtNWlVHTTJER09KVEdNWlRDTVpVR1EyREdOUlVHRVpUS01aVkdNWlRHTUJUR1EyREtNWldHUVpER05CVEhFWlRHTVpUR00yRElOQlRHUVpUSU1aVkdNMlRHTVpUR01aVElOQlZHTTJUR05CVEdRWlRTTVpYR1FZVEdOQlVHUVpUSU1aVUdNMkRJTkJUR01aVENNWlVHUTJUR05CVEdRWlRLTVpSR01aVEdNSlRHUTJESU1aV0dRWVRHTkpUR0VaVEdNWlJHTTJESU5KVEdZMkRDTVpWR01ZVEdNWlRHRVpUSU5CVUdNM1RJTUpUR1VaVEtNWlhHTTRER05CVUdVWlRNTkJTR00yRElOQlRHTVpUQ01aVUdRMkRHTlJVR0VaVEtNWlNHTTJER01SVEdRMkRLTVpWR00yREdOSlRHVVpUR01aUkdNMkRJTkpUR1kyRENNWldHTVpUR05aVEc0WlRJTkJWR00yVEdOQlRHVVpUU01aVEdNWVRHTkJVR1FaVE9OQlJHTTJUR05KVEdNWlRDTVpVR1EyREdOWlVHRVpUSU1aUkdNWlRHTVpUR1EyRE1NWlZHTTJER05KVEdVWlRPTVpaR00yRElOSlRHVVpUSU1aVkdNMlRHTVpUR0laVElOQlZHTTJER05CVEdVWlRFTVpVR00zVEdOQlVHVVpUS01aVUdNMkRHTkpURzQyRENNWlVHUTJER05CVEdRWlRLTVpSR01aVEdNSlRHUTJESU1aWEdRWVRHTlJVR0laVEdNWlJHTTJESU5CVEdRWlRJTVpWR00yVEdNWlRHQVpUSU5CVUdNM1RJTUpUR1FaVENNWlhHUVlUR05CVUdZWlRLTVpSR01aVElOQlRHTTJEST09PQ=="
def bytes_to_hex_ascii(data):
"""
将字节串中每两个数字字符当作十六进制数,转换为ASCII字符
"""
if not isinstance(data, bytes):
raise ValueError("输入必须是字节串")
# 将字节串解码为字符串
num_str = data.decode('ascii')
# 确保字符串长度是偶数
if len(num_str) % 2 != 0:
raise ValueError("数字字符串长度必须是偶数")
result = ""
# 每两个字符一组处理
for i in range(0, len(num_str), 2):
# 取两个数字字符
two_digits = num_str[i:i + 2]
# 当作十六进制数转换为整数
hex_value = int(two_digits, 16)
# 转换为ASCII字符
ascii_char = chr(hex_value)
result += ascii_char
return result
def hex_string_to_ascii(hex_str):
"""
将十六进制字符串转换为ASCII字符
"""
# 确保字符串长度是偶数(每个ASCII字符需要2个十六进制数字)
if len(hex_str) % 2 != 0:
# 如果长度是奇数,去掉最后一个字符
hex_str = hex_str[:-1]
print(f"警告: 十六进制字符串长度不是偶数,已截断最后一个字符")
result = ""
# 每两个十六进制数字一组处理
for i in range(0, len(hex_str), 2):
# 取两个十六进制数字
hex_pair = hex_str[i:i + 2]
# 转换为整数
ascii_code = int(hex_pair, 16)
# 转换为ASCII字符
ascii_char = chr(ascii_code)
result += ascii_char
return result
decoded_bytes = base64.b64decode(encoded_data)
decoded = decoded_bytes.decode('ascii')
print(decoded)
decoded = base64.b32decode(decoded)
print(decoded)
decoded = bytes_to_hex_ascii(decoded)
print(decoded)
decoded = hex_string_to_ascii(decoded)
print(decoded)
decoded_bytes = base64.b64decode(decoded)#NTIzMTRBNDI1NjQ1NzQ1MjUzNkM1NjRBNTY
decoded = decoded_bytes.decode('ascii')
print(decoded)
decoded = hex_string_to_ascii(decoded)#52314A4256457452536C564A56544A4554553543566B64564D3
print(decoded)
decoded = base64.b64decode(decoded)#R1JBVEtRSlVJVTJETU5CVkdVM1RJTVpVSUUyRUdOQ0JHUkJESU5
print(decoded)
decoded = base64.b32decode(decoded)
print(decoded)
decoded = bytes_to_hex_ascii(decoded)
print(decoded)
decoded = base64.b32decode(decoded)
decoded = decoded.decode('ascii')
print(decoded)
decoded = base64.b32decode(decoded)
print(decoded)
exit()4.python解密:flag{9f7e6c5028118efd1c9f20b95dcb48dd}
x = [13, 12, 7, 29, 67, 92, 80, 83, 80, 84, 87, 26, 1, 5, 8, 1, 6, 92, 0, 5,
84, 83, 91, 92, 87, 29, 81, 90, 13, 86, 6, 2, 81, 3, 91, 7, 24]
flag = [ord('f')]
for v in x:
flag.append((v ^ flag[-1]) + 1) # -bxor = XOR
result = ''.join(chr(c) for c in flag)
print(result)5.通过python解密得到压缩包密码:123!@#456,flag是:flag{78c46c7e7834474f972e3ed44413e27f}
import base64
from Crypto.PublicKey import RSA
from math import gcd
import zipfile
# 读取公钥
with open("rsa_public_key.pem", "r") as f:
key = RSA.import_key(f.read())
n = key.n
e = key.e
print("n =", n)
print("e =", e)
# 或者直接从字符串创建,避免复制问题
p=301421686937198008750983790559102741399
q=331647085034301039007512063728344459163
print("p =", p*q)
# 读取密文
with open("venus.en", "rb") as f:
ciphertext = f.read()
c = int.from_bytes(ciphertext, byteorder='big')
# 计算私钥
phi = (p - 1) * (q - 1)
d = pow(e, -1, phi)
# 解密
m = pow(c, d, n)
# 转为字节(可能是 zip 密码)
key_bytes = m.to_bytes((m.bit_length() + 7) // 8, byteorder='big')
print("Decrypted key (hex):", key_bytes.hex())
print("Decrypted key (raw):", key_bytes)6.反调试查看到程序是SM4加密算法,其中的CK被修改一个字节,CK最后一组数据,默认 0x646b7279,被修改为0x646b7278。
加密完成后检查内容为: 0xE5,0xE4,0x54, 0xFE, 0xD8, 0xB2, 0xB9, 0xF5, 0xC2, 0xD9, 0x32, 0xAE, 0xC3, 0xF4, 0xDA, 0xF1
将该值带入SM4算法,得到713cb4c41fda5c92,运行原始exe程序,输入713cb4c41fda5c92,提示good,输入其他都是wrong。
因此flag应该是 flag{713cb4c41fda5c92}
解题代码请看此链接(自己修改CK):https://wmzos.com/?id=160
7. 网站攻击,发现输入id==4的时候,其中id=4,是返回内容如图:各位自己发挥想象空间,看下用什么sql语句入侵。
该题flag是:flag{9b1f0ec2904bbc6cb72147ccf87a5d44}
如果有帮助到您,打赏一下作者吧~本篇文章链接 地址:https://wmzos.com/?id=159
添加新评论