NSSCTF-Crypto靶场练习--第11-20题wp

文章目录

  • [SWPUCTF 2021 新生赛]traditional
  • [LitCTF 2023]梦想是红色的 (初级)
  • [SWPUCTF 2021 新生赛]crypto2
  • [羊城杯 2021]Bigrsa
  • [LitCTF 2023]Hex?Hex!(初级)
  • [SWPU 2020]happy
  • [AFCTF 2018]BASE
  • [安洵杯 2019]JustBase
  • [鹤城杯 2021]Crazy_Rsa_Tech
  • [SWPUCTF 2021 新生赛]crypto9

[SWPUCTF 2021 新生赛]traditional

image-20231209182310576

八卦图的每一个方位对应 01234567 转换成二进制的形式。

EXP:

_hash = {"乾":"111" , "兑":"011" , "离":"101" , "震":"001" , "巽":"110" , "坎":"010" , "艮":"100" , "坤":"000"}
text = "震坤艮 震艮震 坤巽坤 坤巽震 震巽兑 震艮震 震离艮 震离艮"
enc = ""
for i in text:try:enc += ''.join(_hash[i])except KeyError:enc += ''.join(" ")
print(enc)
_flag = ''
for j in range(0 , len(enc) , 10):_flag += ''.join((chr((int(enc[j:j + 10] , 2)))))
print("NSSCTF{" + _flag + "}")# 001000100 001100001 000110000 000110001 001110011 001100001 001101100 001101100
# NSSCTF{Da01sall}

[LitCTF 2023]梦想是红色的 (初级)

image-20231209183114870

特殊编码,社会主义核心价值观。

image-20231209183251994


[SWPUCTF 2021 新生赛]crypto2

RSA共模攻击

在这里插入图片描述

RSA共模攻击,俩次加密共用一个模数n。

EXP:

from Crypto.Util.number import long_to_bytes
from gmpy2 import gmpy2, invertc1 = 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280
c2 = 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075
e1 = 3247473589
e2 = 3698409173
n = 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313
gcd, s, t = gmpy2.gcdext(e1, e2)
if s < 0:s = -sc1 = invert(c1, n)
elif t < 0:t = -tc2 = invert(c2, n)
m = pow(c1, s, n) * pow(c2, t, n) % n
print(long_to_bytes(m))
# NSSCTF{xxxxx******xxxxx}

[羊城杯 2021]Bigrsa

t题目:

image-20231210140429393

考察模不互素的知识,当存在两个公钥的 N 不互素时,我们显然可以直接对这两个数求最大公因数,然后直接获得 p,q,进而获得相应的私钥。

EXP:

from Crypto.Util.number import *
from gmpy2 import *
from z3 import *s = Solver()
c = 768896221699590111551397334346583376174312684057067400178334
e = 141730613
q, p = Ints('q p')
s.add(q + q * p ** 3 == 1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586)
s.add(q * p + q * p ** 2 == 1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594)
if s.check() == sat:print(s.model())
# [p = 1158310153629932205401500375817,
#  q = 827089796345539312201480770649]
p = 1158310153629932205401500375817
q = 827089796345539312201480770649
n = p * q
phi = (p-1)* (q-1)
d = invert(e,phi)
print(long_to_bytes(pow(c,d,n)))# b'flag{happy_rsa_1}'

[LitCTF 2023]Hex?Hex!(初级)

image-20231210140628053

hex编码,解码一下

image-20231210140659276


[SWPU 2020]happy

image-20231210140733273

可以使用z3约束求解计算出p和q,之后在根据RSA的公式计算就好。

EXP:

from z3 import *
from gmpy2 import gmpy2, invert
from Crypto.Util.number import long_to_bytes
s = Solver()
p,q=Ints('p q')
s.add(q+q*p**3 == 1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586)
s.add(p*q+q*p**2 ==1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594)
if s.check() == sat:print(s.model())
n=0x989f5774c6f199031dc64d5aad7907665ea5e03cde2d74da21
e=0x872a335
c=0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9e
p = 1158310153629932205401500375817
q = 827089796345539312201480770649
phi=(p-1)*(q-1)
d=invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
# [p = 1158310153629932205401500375817,
# q = 827089796345539312201480770649]
#b'flag{happy_rsa_1}'

[AFCTF 2018]BASE

image-20231210142023308

循环base。

EXP:

import re, base64
s = open('C:/Users/Sciurdae/Downloads/BASE/flag_encode.txt', 'rb').read()
base16_dic = r'^[A-F0-9=]*$'
base32_dic = r'^[A-Z2-7=]*$'
base64_dic = r'^[A-Za-z0-9/+=]*$'
n= 0
while True:n += 1t = s.decode()if '{' in t:print(t)breakelif re.match(base16_dic, t):s = base64.b16decode(s)print(str(n) + ' base16')elif re.match(base32_dic, t):s = base64.b32decode(s)print(str(n) + ' base32')elif re.match(base64_dic, t):s = base64.b64decode(s)print(str(n) + ' base64')

[安洵杯 2019]JustBase

image-20231210142229335

题目 表明很清楚了 Just base 只有base编码。

观察一下密文,只有英文跟!@#$%^&*() 没有数字,将文本里的符号都用0-9替换就可以解base64了。

EXP:

import base64
m = 'VGhlIGdlb@xvZ#kgb@YgdGhlIEVhcnRoJ#Mgc#VyZmFjZSBpcyBkb@!pbmF)ZWQgYnkgdGhlIHBhcnRpY#VsYXIgcHJvcGVydGllcyBvZiB#YXRlci$gUHJlc@VudCBvbiBFYXJ)aCBpbiBzb@xpZCwgbGlxdWlkLCBhbmQgZ@FzZW(!cyBzdGF)ZXMsIHdhdGVyIGlzIGV$Y@VwdGlvbmFsbHkgcmVhY#RpdmUuIEl)IGRpc#NvbHZlcywgdHJhbnNwb#J)cywgYW%kIHByZWNpcGl)YXRlcyBtYW%%IGNoZW!pY@FsIGNvbXBvdW%kcyBhbmQgaXMgY@(uc#RhbnRseSBtb@RpZnlpbmcgdGhlIGZhY@Ugb@YgdGhlIEVhcnRoLiBFdmFwb#JhdGVkIGZyb@)gdGhlIG(jZWFucywgd@F)ZXIgdmFwb#IgZm(ybXMgY@xvdWRzLCBzb@!lIG(mIHdoaWNoIGFyZSB)cmFuc#BvcnRlZCBieSB#aW%kIG(@ZXIgdGhlIGNvbnRpbmVudHMuIENvbmRlbnNhdGlvbiBmcm(tIHRoZSBjbG(!ZHMgcHJvdmlkZXMgdGhlIGVzc@VudGlhbCBhZ@VudCBvZiBjb@%)aW%lbnRhbCBlcm(zaW(uOiByYWluLlRoZSByYXRlIGF)IHdoaWNoIGEgbW(sZWN!bGUgb@Ygd@F)ZXIgcGFzc@VzIHRob#VnaCB)aGUgY#ljbGUgaXMgbm()IHJhbmRvbQpBbmQgdGhlIGZsYWcgaXM^IENURnsyMi!RV)VSVFlVSU*tUExLSkhHRkRTLUFaWENWQk%NfQ=='
c = ')!@#$%^&*('
for i in m:for j in range(10):if i == c[j]:m = m.replace(i,str(j))
print(base64.b64decode(m))

[鹤城杯 2021]Crazy_Rsa_Tech

低加密指数广播攻击

image-20231210164605507

分析题目信息

低加密指数广播攻击。

e = 9,n_list 和 c_list 分别都有 9组数据,满足e = k;

EXP:

from gmpy2 import *
from Crypto.Util.number import long_to_bytes as l2bns = [71189786319102608575263218254922479901008514616376166401353025325668690465852130559783959409002115897148828732231478529655075366072137059589917001875303598680931962384468363842379833044123189276199264340224973914079447846845897807085694711541719515881377391200011269924562049643835131619086349617062034608799, 92503831027754984321994282254005318198418454777812045042619263533423066848097985191386666241913483806726751133691867010696758828674382946375162423033994046273252417389169779506788545647848951018539441971140081528915876529645525880324658212147388232683347292192795975558548712504744297104487514691170935149949, 100993952830138414466948640139083231443558390127247779484027818354177479632421980458019929149817002579508423291678953554090956334137167905685261724759487245658147039684536216616744746196651390112540237050493468689520465897258378216693418610879245129435268327315158194612110422630337395790254881602124839071919, 59138293747457431012165762343997972673625934330232909935732464725128776212729547237438509546925172847581735769773563840639187946741161318153031173864953372796950422229629824699580131369991913883136821374596762214064774480548532035315344368010507644630655604478651898097886873485265848973185431559958627423847, 66827868958054485359731420968595906328820823695638132426084478524423658597714990545142120448668257273436546456116147999073797943388584861050133103137697812149742551913704341990467090049650721713913812069904136198912314243175309387952328961054617877059134151915723594900209641163321839502908705301293546584147, 120940513339890268554625391482989102665030083707530690312336379356969219966820079510946652021721814016286307318930536030308296265425674637215009052078834615196224917417698019787514831973471113022781129000531459800329018133248426080717653298100515701379374786486337920294380753805825328119757649844054966712377, 72186594495190221129349814154999705524005203343018940547856004977368023856950836974465616291478257156860734574686154136925776069045232149725101769594505766718123155028300703627531567850035682448632166309129911061492630709698934310123778699316856399909549674138453085885820110724923723830686564968967391721281, 69105037583161467265649176715175579387938714721653281201847973223975467813529036844308693237404592381480367515044829190066606146105800243199497182114398931410844901178842049915914390117503986044951461783780327749665912369177733246873697481544777183820939967036346862056795919812693669387731294595126647751951, 76194219445824867986050004226602973283400885106636660263597964027139613163638212828932901192009131346530898961165310615466747046710743013409318156266326090650584190382130795884514074647833949281109675170830565650006906028402714868781834693473191228256626654011772428115359653448111208831188721505467497494581]
cs = [62580922178008480377006528793506649089253164524883696044759651305970802215270721223149734532870729533611357047595181907404222690394917605617029675103788705320032707977225447998111744887898039756375876685711148857676502670812333076878964148863713993853526715855758799502735753454247721711366497722251078739585, 46186240819076690248235492196228128599822002268014359444368898414937734806009161030424589993541799877081745454934484263188270879142125136786221625234555265815513136730416539407710862948861531339065039071959576035606192732936477944770308784472646015244527805057990939765708793705044236665364664490419874206900, 85756449024868529058704599481168414715291172247059370174556127800630896693021701121075838517372920466708826412897794900729896389468152213884232173410022054605870785910461728567377769960823103334874807744107855490558726013068890632637193410610478514663078901021307258078678427928255699031215654693270240640198, 14388767329946097216670270960679686032536707277732968784379505904021622612991917314721678940833050736745004078559116326396233622519356703639737886289595860359630019239654690312132039876082685046329079266785042428947147658321799501605837784127004536996628492065409017175037161261039765340032473048737319069656, 1143736792108232890306863524988028098730927600066491485326214420279375304665896453544100447027809433141790331191324806205845009336228331138326163746853197990596700523328423791764843694671580875538251166864957646807184041817863314204516355683663859246677105132100377322669627893863885482167305919925159944839, 2978800921927631161807562509445310353414810029862911925227583943849942080514132963605492727604495513988707849133045851539412276254555228149742924149242124724864770049898278052042163392380895275970574317984638058768854065506927848951716677514095183559625442889028813635385408810698294574175092159389388091981, 16200944263352278316040095503540249310705602580329203494665614035841657418101517016718103326928336623132935178377208651067093136976383774189554806135146237406248538919915426183225265103769259990252162411307338473817114996409705345401251435268136647166395894099897737607312110866874944619080871831772376466376, 31551601425575677138046998360378916515711528548963089502535903329268089950335615563205720969393649713416910860593823506545030969355111753902391336139384464585775439245735448030993755229554555004154084649002801255396359097917380427525820249562148313977941413268787799534165652742114031759562268691233834820996, 25288164985739570635307839193110091356864302148147148153228604718807817833935053919412276187989509493755136905193728864674684139319708358686431424793278248263545370628718355096523088238513079652226028236137381367215156975121794485995030822902933639803569133458328681148758392333073624280222354763268512333515]
e = 9
assert len(ns) == len(cs) == edef CRT(N, C):nmul = 1for i in N:nmul *= isum = 0for n, c in zip(N, C):nresidue = nmul // nsum += c * nresidue * invert(nresidue, n)x = sum % nmulreturn xx = CRT(ns, cs)
m = int(iroot(x, e)[0])
print l2b(m)

[SWPUCTF 2021 新生赛]crypto9

image-20231210164802375

一个维吉尼亚密码。

用自己的维吉尼亚密码爆破一下先,可以爆出NSS的密钥,但是flag不正确。

def vigenere_decrypt(ciphertext, key):plaintext = ""key_length = len(key)for i in range(len(ciphertext)):char = ciphertext[i]if char.isalpha():key_char = key[i % key_length]decrypted_char = chr((ord(char) - ord(key_char) + 26) % 26 + ord('A'))if char.islower():decrypted_char = decrypted_char.lower()plaintext += decrypted_charelse:plaintext += charreturn plaintextdef vigenere_bruteforce(ciphertext, max_key_length):for key_length in range(1, max_key_length + 1):print(f"Trying key length {key_length}:")for i in range(26 ** key_length):key = ""for j in range(key_length):key_char = chr((i // (26 ** j)) % 26 + ord('A'))key += key_chardecrypted_text = vigenere_decrypt(ciphertext, key)if "NSSCTF" in decrypted_text:print(f"Key: {key}, Decrypted Text: {decrypted_text}")if __name__ == "__main__":# 用你的密文替换下面的内容ciphertext = "AKKPLX{qv5x0021-7n8w-wr05-x25w-7882ntu5q984}"# 设置最大密钥长度max_key_length = 3# 爆破vigenere_bruteforce(ciphertext, max_key_length)

image-20231210170302154

用附件给的脚本解密。

image-20231210170220977

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/212589.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

顺序表的应用

1. 顺序表 1.1 写法1 Linear_Opeartor2.c #include "stdio.h" #include "stdlib.h" #include "stdbool.h" #include "string.h" //顺序表//申明顺序表的大小 #define MAXSIZE 5 typedef bool status; //创建顺序表 int *Linear_Creat…

DockerFile中途执行出错的解决办法

DockerFile中途执行出错的解决办法 你们是否也曾经因为DockerFile中途执行出错,而对其束手无策?总是对docker避之不及! 但是当下载的源码运用到了docker,dockerFile 执行到一半,报错了怎么办? 现状 那么当DockerFile执行一半出错后,会产生什么结果呢? 如图可知,生成…

我们常说的流应用到底是什么?

流应用是DCloud公司开发的一种可以让手机App安装包实现边用边下的技术。基于HTML5规范的即点即用应用&#xff0c;开发者按照HTML5规范开发的应用&#xff0c;可以在支持HTML5流应用的发行渠道实现即点即用的效果。 流应用是基于 HTML5规范的即点即用应用&#xff0c;开发者按照…

Nacos注册中心客户端容灾

目前Nacos客户端有一个FailoverReactor来进行容灾文件的管理&#xff0c;可以通过在指定磁盘文件里写入容灾数据来进行客户端使用数据的覆盖。FailoverReactor目前会拦截Nacos客户端查询接口调用&#xff0c;以getAllInstances接口为例&#xff0c;目前FailoverReactor的工作流…

【合集】SpringBoot——Spring,SpringBoot,SpringCloud相关的博客文章合集

前言 本篇博客是spring相关的博客文章合集&#xff0c;内容涵盖Spring&#xff0c;SpringBoot&#xff0c;SpringCloud相关的知识&#xff0c;包括了基础的内容&#xff0c;比如核心容器&#xff0c;springMVC&#xff0c;Data Access&#xff1b;也包括Spring进阶的相关知识&…

免费的网页数据抓取工具有哪些?【2024附下载链接】

在网络上&#xff0c;有许多网页数据抓取工具可供选择。本文将探讨其如何全网采集数据并支持指定网站抓取。我们将比较不同的数据采集工具&#xff0c;帮助您找到最适合您需求的工具。 网页数据抓取工具种类 在选择网页数据抓取工具之前&#xff0c;让我们先了解一下这些工具…

TC397 EB MCAL开发从0开始系列 之 [21.2] FlsLoader配置实战 - 擦除读写Pflash

一、FlsLoader配置1、配置目标2、目标依赖2.1 硬件使用2.2 软件使用2.3 新增模块3、EB配置3.1 配置讲解3.2 模块配置3.2.1 MCU配置3.2.2 PORT配置3.2.3 FlsLoader配置3.2.5 Irq配置3.2.6 ResourceM配置4、ADS代码编写及调试<

[ 蓝桥杯Web真题 ]-布局切换

目录 介绍 准备 目标 规定 思路 解法参考 介绍 经常用手机购物的同学或许见过这种功能&#xff0c;在浏览商品列表的时候&#xff0c;我们通过点击一个小小的按钮图标&#xff0c;就能快速将数据列表在大图&#xff08;通常是两列&#xff09;和列表两种布局间来回切换。…

电机:有刷直流电机的原理

一、什么是有刷直流电机 直流有刷电机&#xff08;Brushed DC Motor&#xff09;&#xff0c;定子是用永磁铁或者线圈做成&#xff0c;以形成固定磁场。在定子一端上有固定碳刷&#xff0c;或者铜刷&#xff0c;负责把外部电流引入转子线圈。而转子是由线圈构成&#xff0c;线…

邮件营销软件:10个创新邮件营销策略,提升投资回报率(一)

电子商务和电子邮件营销密不可分。尽管电子商务在蓬勃发展&#xff0c;而很多人对邮件营销颇有微词。但是在电子商务中&#xff0c;邮件营销的确是一种有效营销方式。在本文中&#xff0c;我们将讨论一下邮件营销在电子商务中的有效运用&#xff0c;帮助您的企业在今年尽可能地…

2023-12-05 Qt学习总结6

点击 <C 语言编程核心突破> 快速C语言入门 Qt学习总结 前言十八 QMessageBox消息对话框十九 Qt布局管理总结 前言 要解决问题: 学习qt最核心知识, 多一个都不学. 十八 QMessageBox消息对话框 QMessageBox消息对话框是Qt中的一个提供用户交互界面的对话框窗口。 它通常…

MyBatis 四大核心组件之 ParameterHandler 源码解析

&#x1f680; 作者主页&#xff1a; 有来技术 &#x1f525; 开源项目&#xff1a; youlai-mall &#x1f343; vue3-element-admin &#x1f343; youlai-boot &#x1f33a; 仓库主页&#xff1a; Gitee &#x1f4ab; Github &#x1f4ab; GitCode &#x1f496; 欢迎点赞…

【图片版】计算机组成原理考前复习题【第2章 运算方法和运算器-1】

目录 前言 考前复习题&#xff08;必记&#xff09; 结尾 前言 在计算机组成原理的学习过程中&#xff0c;我们深入探索了计算机系统概述这一重要领域。计算机系统作为现代科技的核心&#xff0c;是整个计算机科学的基石。我们将学到的知识与理论转化为了能够解决现实问题的…

Python+unittest+requests接口自动化测试框架搭建 完整的框架搭建过程

首先配置好开发环境&#xff0c;下载安装Python并下载安装pycharm&#xff0c;在pycharm中创建项目功能目录。如果不会的可以百度Google一下&#xff0c;该内容网上的讲解还是比较多比较全的&#xff01; 大家可以先简单了解下该项目的目录结构介绍&#xff0c;后面会针对每个文…

docker 可视化工具操作说明 portainer

官网地址 https://docs.portainer.io/start/install-ce/server/docker/linux 1.First, create the volume that Port docker volume create portainer_data2.下载并安装容器 docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restartalways -v /var/run/docker…

PWN动态调试

这篇文章就是来教大家学习怎么动态调试的&#xff0c;然后我还写了一篇关于动态调试的文章&#xff0c;不是buu上面的题&#xff0c;就是两道简单的栈溢出问题&#xff0c;那两道题挺有特点的。大家可以去看看。 每日3道PWN之课外2道&#xff08;第2.5天&#xff09;-CSDN博客 …

C#暂停和恢复(Thread.Suspend()和Thread.Resume() vs AutoResetEvent()和EventWaitHandle())

目录 一、Thread.Suspend()和Thread.Resume() 二、AutoResetEvent()和EventWaitHandle() 1.AutoResetEvent() 2.EventWaitHandle() 3.示例及生成效果 一、Thread.Suspend()和Thread.Resume() 自 .NET 2.0 以后&#xff08;含&#xff09;&#xff0c;Thread.Suspend() 和…

性能监控体系:InfluxDB Grafana Prometheus

InfluxDB 简介 什么是 InfluxDB &#xff1f; InfluxDB 是一个由 InfluxData 开发的&#xff0c;开源的时序型数据库。它由 Go 语言写成&#xff0c;着力于高性能地查询与存储时序型数据。 InfluxDB 被广泛应用于存储系统的监控数据、IoT 行业的实时数据等场景。 可配合 Te…

SSD基础架构与NAND IO并发问题探讨

在我们的日常生活中&#xff0c;我们经常会遇到一些“快如闪电”的事物&#xff1a;比如那场突如其来的雨、那个突然出现在你眼前的前任、还有就是今天我们要聊的——固态硬盘&#xff08;SSD&#xff09;。 如果你是一个技术宅&#xff0c;或者对速度有着近乎偏执的追求&…

电阻知识总结与详细选型指南

目录 1. 基础知识 1.1 电阻的定义和符号 1.2 电阻的公式 1.3 电阻的串联与并联 2. 参数选型 2.1 电阻值 2.2 功率 2.3 精度 2.4 温度系数 2.5 电压系数 2.6 包装类型 2.7 耐压 2.8 特殊应用需求 2.9 环保要求 3. 产品应用 3.1 电流限制和保护 3.2 电压分压和电…