密码CTF(5)

一、[安洵杯 2020]密码学?爆破就行了——sha256掩码爆破

1.题目:

#!/usr/bin/python2
import hashlib 
from secret import SECRET
from broken_flag import BROKEN_FLAG


flag = 'd0g3{' + hashlib.md5(SECRET).hexdigest() + '}'
broken_flag = 'd0g3{71b2b5616**2a4639**7d979**de964c}'

assert flag[:14] == broken_flag[:14]
assert flag[16:22] == broken_flag[16:22]
assert flag[24:29] == broken_flag[24:29]


ciphier = hashlib.sha256(flag).hexdigest()
print(ciphier)


'''
ciphier = '0596d989a2938e16bcc5d6f89ce709ad9f64d36316ab80408cb6b89b3d7f064a'
'''

2.

import hashlib


cipher = '0596d989a2938e16bcc5d6f89ce709ad9f64d36316ab80408cb6b89b3d7f064a'
strings = '0123456789abcdef'
for a in strings:
    for b in strings:
        for c in strings:
            for d in strings:
                for e in strings:
                    for f in strings:
                        flag = 'd0g3{71b2b5616' + a + b + '2a4639' + c + d + '7d979' + e + f + 'de964c}'
                        if hashlib.sha256(flag.encode()).hexdigest() == cipher:
                            print(flag)
                            break

NSSCTF{71b2b5616ee2a4639a07d979ebde964c}

二、[HNCTF 2022 WEEK2]md5太残暴了——MD5爆破

1.题目:

小明养成了定期修改密码的好习惯,同时,他还是一个CTF爱好者。有一天,他突发奇想,用flag格式来设置密码,为了防止忘记密码,他还把密码进行了md5加密。为了避免被其他人看到全部密码,他还特意修改了其中部分字符为#。你能猜出他的密码吗?
plaintext = flag{#00#_P4ssw0rd_N3v3r_F0rg3t_63####}
md5 = ac7f4d52c3924925aa9c8a7a1f522451
PS: 第一个#是大写字母,第二个#是小写字母,其他是数字。

2.

import hashlib


string1 = 'ABCDEFGHIGKLMNOPQRSTUVWXYZ'
string2 = 'abcdefghijklmnopqrstuvwxyz'
string3 = '0123456789'
md5 = 'ac7f4d52c3924925aa9c8a7a1f522451'

for a in string1:
    for b in string2:
        for c in string3:
            for d in string3:
                for e in string3:
                    for f in string3:
                        flag = 'flag{'+ a + '00' + b + '_P4ssw0rd_N3v3r_F0rg3t_63' + c + d + e + f + '}'
                        if hashlib.md5(flag.encode()).hexdigest() == md5:
                            print(flag)

flag{G00d_P4ssw0rd_N3v3r_F0rg3t_638291}

三、[LitCTF 2023]Where is P?——p的高位攻击

1.题目:

from Crypto.Util.number import *
m=bytes_to_long(b'XXXX')
e=65537
p=getPrime(1024)
q=getPrime(1024)
n=p*q
print(p)
c=pow(m,e,n)
P=p>>340
print(P)
a=pow(P,3,n)
print("n=",n)
print("c=",c)
print("a=",a)
#n= 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
#c= 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
#a= 22184346235325197613876257964606959796734210361241668065837491428527234174610482874427139453643569493268653377061231169173874401139203757698022691973395609028489121048788465356158531144787135876251872262389742175830840373281181905217510352227396545981674450409488394636498629147806808635157820030290630290808150235068140864601098322473572121965126109735529553247807211711005936042322910065304489093415276688746634951081501428768318098925390576594162098506572668709475140964400043947851427774550253257759990959997691631511262768785787474750441024242552456956598974533625095249106992723798354594261566983135394923063605

2.解题:p右移340位后进行低加密指数攻击,先进行解密求P,然后求p,然后是正常的rsa解密

3.

import gmpy2
import libnum

# 低加密指数攻击解密
a = 22184346235325197613876257964606959796734210361241668065837491428527234174610482874427139453643569493268653377061231169173874401139203757698022691973395609028489121048788465356158531144787135876251872262389742175830840373281181905217510352227396545981674450409488394636498629147806808635157820030290630290808150235068140864601098322473572121965126109735529553247807211711005936042322910065304489093415276688746634951081501428768318098925390576594162098506572668709475140964400043947851427774550253257759990959997691631511262768785787474750441024242552456956598974533625095249106992723798354594261566983135394923063605
n = 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
c = 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
k = 0
while 1:
    res = gmpy2.iroot(k * n + a,3)
    if res[1] == True:
        print(res[0])  # 即P
        break
    k += 1
P = p_high = 66302204855869216148926460265779698576660998574555407124043768605865908069722142097621926304390549253688814246272903647124801382742681337653915017783954290069842646020090511605930590064443141710086879668946


# sagemath,求p
# p_high = 66302204855869216148926460265779698576660998574555407124043768605865908069722142097621926304390549253688814246272903647124801382742681337653915017783954290069842646020090511605930590064443141710086879668946
# n= 24479907029118467064460793139240403258697681144532146836881997837526487637306591893357774423547391867013441147680031968367449693796015901951120514250935018725570026327610524687128709707340727799633444550317834481416507364804274266363478822257132586592232042108076935945436358397787891169163821061005102693505011197453089873909085170776511350713452580692963748763166981047023704528272230392479728897831538235554137129584665886878574314566549330671483636900134584707867654841021494106881794644469229030140144595938886437242375435914268001721437309283611088568191856208951867342004280893021653793820874747638264412653721
# c= 6566517934961780069851397787369134601399136324586682773286046135297104713708615112015588908759927424841719937322574766875308296258325687730658550956691921018605724308665345526807393669538103819281108643141723589363068859617542807984954436567078438099854340705208503317269397632214274507740533638883597409138972287275965697689862321166613821995226000320597560745749780942467497435742492468670016480112957715214640939272457886646483560443432985954141177463448896521810457886108311082101521263110578485768091003174683555938678346359150123350656418123918738868598042533211541966786594006129134087145798672161268647536724
#
# pbits = 1024
# kbits = 340
# p_high = p_high << kbits
# PR.<x> = PolynomialRing(Zmod(n))
# # f = x + p_high
# p0 = f.small_roots(X = 2 ^ kbits,beta = 0.4)[0]
# print(p_high + p0)
# p = 148500014720728755901835170447203030242113125689825190413979909224639701026120883281188694701625473553602289432755479244507504340127322979884849883842306663453018960250560834067472479033116264539127330613635903666209920113813160301513820286874124210921593865507657148933555053341577090100101684021531775022459


# 求flag
e = 65537
p = 148500014720728755901835170447203030242113125689825190413979909224639701026120883281188694701625473553602289432755479244507504340127322979884849883842306663453018960250560834067472479033116264539127330613635903666209920113813160301513820286874124210921593865507657148933555053341577090100101684021531775022459
q = n // p
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c,d,n)
print(libnum.n2s(int(m)))

NSSCTF{Y0U_hAV3_g0T_Th3_r1ghT_AnsW3r}

四、[LitCTF 2023]babyLCG——LCG求a、b、m、seed

1.题目:

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
bit_len = m.bit_length()
a = getPrime(bit_len)
b = getPrime(bit_len)
p = getPrime(bit_len+1)

seed = m
result = []
for i in range(10):
    seed = (a*seed+b)%p
    result.append(seed)
print(result)
"""
result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]
"""

2.LCG数学推导

3.python脚本

from functools import reduce
import gmpy2
import libnum

# 已知
result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878,
          193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390,
          1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943,
          659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506,
          111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829,
          1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909,
          655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698,
          1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851,
          492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509,
          70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]

# 第一阶段,获得模数m。一组数据即可,可以不使用列表
list1 = [s1 - s0 for s0, s1 in zip(result, result[1:])]
list2 = [t2 * t0 - t1 * t1 for t0, t1, t2 in zip(list1, list1[1:], list1[2:])]
m = gmpy2.gcd(list2[1], list2[2])
# m = abs(reduce(gcd, list2))
print(m)

# 第二阶段,获得常数A, B
A_son = result[2] - result[1]
A_mother_ni = gmpy2.invert(result[1] - result[0], m)
A = pow(A_son * A_mother_ni, 1, m)
# print(A)
B = pow(result[1] - A * result[0], 1, m)
# print(B)


# 第三阶段,逆推回seed
A_ni = gmpy2.invert(A, m)
seed = (result[0] - B) * A_ni % m
# print(seed)
flag = libnum.n2s(int(seed))
print(flag)

NSSCTF{31fcd7832029a87f6c9f760fcf297b2f}

五、[安洵杯 2020]easyaes——AES

1.题目:

#!/usr/bin/python
from Crypto.Cipher import AES
import binascii
from Crypto.Util.number import bytes_to_long
from flag import flag
from key import key

iv = flag.strip(b'd0g3{').strip(b'}')   # 只保留{}内的内容,flag

LENGTH = len(key)
assert LENGTH == 16

hint = os.urandom(4) * 8   # 随机生成4字节,重复8次
print(bytes_to_long(hint)^bytes_to_long(key))   # 将hint与key进行异或

msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'

def encrypto(message):
    aes = AES.new(key,AES.MODE_CBC,iv)
    return aes.encrypt(message)

print(binascii.hexlify(encrypto(msg))[-32:])

'''
56631233292325412205528754798133970783633216936302049893130220461139160682777
b'3c976c92aff4095a23e885b195077b66'
'''

2.解题:

加密流程:先将密文分组,然后每组生成密文与明文异或后,使用秘钥加密成密文,第一组加密,初始化向量充当密文

解密流程:将最后密文使用秘钥解密后,与前一组密文异或,得到部分明文,最后得到初始化向量

hint由重复八次的4个字节组成,key有15字节,所以异或后会有一部分hint保留,将hint转换为字符串,可以看到有部分重复的字节

由此推断,hint为 ‘}4$d’ * 8,然后异或可以得到key

import libnum

a = 56631233292325412205528754798133970783633216936302049893130220461139160682777
print(libnum.n2s(int(a)))
hint = '}4$d'
key = a ^ libnum.s2n(hint * 8)
print(libnum.n2s(int(key)))

#b'}4$d}4$d}4$d}4$d\x19\x04CW\x06CA\x08\x1e[I\x01\x04[Q\x19'
#b'd0g3{welcomeyou}'

然后将信息进行分组,解密

3.python脚本

import binascii
from Crypto.Cipher import AES
import libnum
from Crypto.Util.strxor import strxor

a = 56631233292325412205528754798133970783633216936302049893130220461139160682777
print(libnum.n2s(int(a)))
hint = '}4$d'
key = a ^ libnum.s2n(hint * 8)
print(libnum.n2s(int(key)))
key_bytes = libnum.n2s(int(key))   # 确保key是字节


# 确保密钥长度为 16 字节
key = key_bytes[:16]  # 截取前 16 字节
print(f"Key: {key}")


msg = b'Welcome to this competition, I hope you can have fun today!!!!!!'
msgs = [msg[i:i+16] for i in range(0, len(msg), 16)]
msgs.reverse()  # 将列表反转
IV = binascii.unhexlify('3c976c92aff4095a23e885b195077b66')


def decry(key, iv, ms):
    aes = AES.new(key, AES.MODE_ECB)     # 如果秘钥不是16,则需要进行填充或者截断
    return strxor(aes.decrypt(iv), ms)   # 将参数进行异或操作


for ms in msgs:
    IV = decry(key, IV, ms)
print(b'd0g3{' + IV + b'}')

注意:将key转换为字节

NSSCTF{aEs_1s_SO0o_e4sY}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/731324.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

解决virtualbox虚拟机与主机之间复制粘贴

1、在VirtualBox管理器中设置共享粘贴板和拖放方向为双向 2、在存储中设置使用主机输入输出&#xff08;I/O&#xff09;缓存。 3、在存储→控制器&#xff1a;SATA→***.vdi下勾选固态驱动器 4、在虚拟机→设备→安装增强功能 如果上述操作重启虚拟机后&#xff0c;还不行&am…

揭秘Xinstall如何助力App推广,提升用户量与转化率双指标!

在移动互联网时代&#xff0c;App的推广与运营成为了每个开发者必须面对的重要课题。然而&#xff0c;推广效果的评估和优化往往令众多开发者头疼不已。今天&#xff0c;我们将为您揭秘一款能够解决这一痛点的利器——Xinstall&#xff0c;带您一起探讨它如何助力App推广&#…

深度神经网络一

文章目录 深度神经网络 (DNN)1. 概述2. 基本概念3. 网络结构 深度神经网络的层次结构详细讲解1. 输入层&#xff08;Input Layer&#xff09;2. 隐藏层&#xff08;Hidden Layers&#xff09;3. 输出层&#xff08;Output Layer&#xff09;整体流程深度神经网络的优点深度神经…

项目实践---Windows11中安装Zookeeper/Hadoop/Hive的部分问题解决

一.Hadoop与Hive兼容版本选择 正常来说&#xff0c;Hadoop与Hive版本不兼容会出现很多问题导致hive安装失败&#xff0c;可以先确定HIve的版本&#xff0c;比如&#xff1a;要用Hive3.1.2版本&#xff0c;该如何确定使用Hadoop的版本呢&#xff0c;需要我们在hive源码中找到对…

C盘满了怎么清理?一招让你远离C盘空间不足的烦恼

C盘满了怎么清理&#xff1f;一招让你远离C盘空间不足的烦恼&#xff0c;当C盘空间满了时&#xff0c;会给我们来一系列烦恼和潜在问题。比如&#xff1a;系统运行缓慢、程序崩溃或无法安装、启动时间变长、系统不稳定、文件管理困难、游戏卡顿、电脑卡顿、系统故障等问题&…

「漏洞复现」真内控国产化开发平台 preview 任意文件读取漏洞

0x01 免责声明 请勿利用文章内的相关技术从事非法测试&#xff0c;由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失&#xff0c;均由使用者本人负责&#xff0c;作者不为此承担任何责任。工具来自网络&#xff0c;安全性自测&#xff0c;如有侵权请联系删…

Python基础用法 之 输入 与 输出

1.输入 &#xff08;1&#xff09;什么是输入&#xff1f; 输入&#xff1a;获取键盘的输入信息。 &#xff08;2&#xff09;语法 变量 input(给使⽤者的提示信息,即告诉别⼈输入什么内容) &#xff08;3&#xff09;注意事项 代码从上到下执⾏, 当代码执⾏遇到 input 的时候…

【产品经理】订单处理8-智能分仓

在电商ERP系统中&#xff0c;通常智能分仓策略是系统中最重要的功能之一&#xff0c;大公司若仓库较多时&#xff0c;智能分仓策略中也会加入大数据团队&#xff0c;通过算法来计算最优仓库。 本次讲解的智能分仓适用于中小公司&#xff0c;适合拥有2个以上10个以下仓库的公司…

ServBay 下一代Web开发环境

ServBay是一个集成式、图形化的本地化Web开发环境。开发者通过ServBay几分钟就能部署一个本地化的开发环境。解决了Web开发者&#xff08;比如PHP、Nodejs&#xff09;、测试工程师、小型团队安装和维护开发测试环境的问题&#xff0c;同时可以快速的进行环境的升级以及维护。S…

如何将现有系统逐步优化成微服务设计

目录 基础服务改造核心步骤准备阶段实施阶段 基础服务设计 本文诞生于学习架构实践专栏后的深思以及总结&#xff0c;结合公司之前“大泥球”的架构风格&#xff0c;改造服务设计的思维。 改造公司系统服务主要原因&#xff1a;1、代码类似“屎山”&#xff0c;牵一发而动全身&…

Virtualbox主机和虚拟机之间文件夹共享及双向拷贝

在VirtualBox这样的虚拟化环境中&#xff0c;实现主机与虚拟机之间的文件夹共享与双向文件传输是一个常见的需求。下面&#xff0c;我们将详细讲解如何在VirtualBox中实现这一功能。 一、安装与准备 首先&#xff0c;确保你已经安装了VirtualBox&#xff0c;并在其上成功创建…

Python学习打卡:day12

day12 笔记来源于&#xff1a;黑马程序员python教程&#xff0c;8天python从入门到精通&#xff0c;学python看这套就够了 目录 day1292、全国疫情地图构建数据整理获取数据数据整体结构&#xff08;全国&#xff09;省数据结构获取每个省份的确诊数据上述代码执行后输出&…

JavaScript的学习之旅之基本数据类型

目录 一、字面量&#xff08;常量&#xff09;和变量 二、标识符 三、数据类型 1.String类型 2.Number类型 四、布尔值类型 五、Null和Undefined类型 一、字面量&#xff08;常量&#xff09;和变量 字面量&#xff1a;不可变的数据&#xff0c;一般位于等式的右边 变量&…

vue生成二维码跳转到小程序

参考 https://blog.csdn.net/qq_51678620/article/details/121397610 https://blog.csdn.net/blue__k/article/details/125410448 this.$nextTick(()>{// new qrcode(this.$refs.qrCodeDiv, {// text: "https://www.aiitss.cn/member?id"id,//二维码链接&…

Python网络数据抓取(9):XPath

引言 XPath 是一种用于从 XML 文档中选取特定节点的查询语言。如果你对 XML 文档不太熟悉&#xff0c;XPath 可以帮你完成网页抓取的所有工作。 实战 XML&#xff0c;即扩展标记语言&#xff0c;它与 HTML&#xff0c;也就是我们熟知的超文本标记语言&#xff0c;有相似之处&am…

内存马的错误参数获取,导致原有接口失效解决方案

内存马的错误参数获取&#xff0c;导致接口失效。 前言 java Listener 类型内存马&#xff0c;在使用request.getParameter(String name); 获取请求参数去判断是否是恶意请求的时候&#xff0c;会影响某些框架无法接收到参数。 例子 在Jersey 框架 使用 MultivaluedMap 去接…

名校介绍|英国六所红砖大学

​近年来由于美国的拒签率增加&#xff0c;很多公派申请者&#xff0c;尤其是CSC资助的访问学者、公派联合培养学生及博士后研究学者&#xff0c;把出国目标改为其它发达国家&#xff0c;尤以英国居多&#xff0c;本文知识人网小编就重点介绍六所英国红砖大学。 我们在“英国大…

乐观锁实现库存控制

一、什么是乐观锁&#xff1f; 乐观锁是一种基于版本控制的并发控制机制。在乐观锁的思想中&#xff0c;认为数据访问冲突的概率很低&#xff0c;因此不加锁直接进行操作&#xff0c;但在更新数据时会进行版本比对&#xff0c;以确保数据的一致性。 乐观锁的原理主要基于版本号…

Spring IOC 控制反转(注解版)

Spring IOC 控制反转 文章目录 Spring IOC 控制反转一、前言什么是控制反转&#xff08;IOC&#xff09;什么是依赖注入&#xff08;DI&#xff09; 二、介绍 IOC2.1 传统思想代码2.2 解决方案2.3 IOC思想代码2.4 IOC 使用&#xff08;Autowired依赖注入&#xff09;2.5 IOC 优…

Service方法增加@Asyn注解后导致bean无法找到 NoSuchBeanDefinitionException

Service方法增加Asyn注解后导致bean无法找到 NoSuchBeanDefinitionException 场景处理方法原因 场景 首先确认的是Service添加了Service或Component等注解&#xff0c;另外也增加了ComponentScan确定扫描的包路径是包含对应Service的&#xff0c;但就是无法找到这个bean。 通…