ACTF2020 writeup

Pwm

不会

Reverse

题目名称 easyalgorithm
FLAG: ACTF{Oolong_milk_tea}
大概就先把文件拖进IDA里面反编译一下，看反编译出来的c代码大概就知道是首先判断输入是否为ACTF{}，然后将花括弧中的字符串赋给dest，然后通过4006A6和400792两个函数对dest进行加密，然后将得到的密文和v3后的连续地址上的asc码进行比较
然后进入792函数
发现对密文主要进行加密的就是选中的那一条语句，且发现异或运算的逆运算为异或运算所以将v3后面的先赋给dest然后然dest执行一遍792函数即可

Crypto

题目名称：Column Permutation Cipher
FLAG:忘了
好像是矩阵转置吧，大概就把字符串先读入然后依次枚举j，输出str[i%j]=0 1 2 3 4…j;

#include<bits/stdc++.h>
using namespace std;
const int maxn=1e5+10;
char s[maxn];int main()
{gets(s);int t=5;for(;t<51;t++){int tt=0;printf("%d\n",t);for(int t1=0;t1<=t;t1++){for(int i=0;i<strlen(s);i++){if(i%t==t1){printf("%c",s[i]);}}}puts("");puts("");}    return 0;
}

题目名称：我的密码本
FLAG：忘了
emmmm大概替换密码，本来想用字频分析的，但是中间几个连续的太明显了，一看就是I have a dream,接着把每个符号换成对应的字母就行了
题目名称：[bomb or boom](http://actf2020.csuaurora.org/challenges#bomb or boom)
FLAG：也忘了
emmm5个密码只用破译四个就能拿到最后密码，明显是门限方案，结合题目名称，应该是bloom门限
密码1：培根密码
密码2：盲文
密码3：音符
密码4：放进浏览器f12即可
密码5：beautifulfxxk

from Crypto.Util.number import long_to_bytes
#from Cryptodome.Util.number import *
a1 =2891369521230520600
d1 =5539166121540472709
a2 =5485400237604727152
d2 =9993590208169240051
a3 =10305113992248275270
d3 =23524210813213316809
a4 =63558232650391605454
d4 =134070550878039878083dd = d1*d2*d3*d4
t1 = pow(dd//d1,d1-2,d1)
assert(t1*d2*d3*d4%d1 == 1)
t2 = pow(dd//d2,d2-2,d2)
assert(t2*d1*d3*d4%d2 == 1)
t3 = pow(dd//d3,d3-2,d3)
assert(t3*d2*d1*d4%d3 == 1)
t4 = pow(dd//d4,d4-2,d4)
assert(t4*d1*d2*d3%d4 == 1)
s = a1*t1*d2*d3*d4+a2*t2*d1*d3*d4+a3*t3*d1*d2*d4+a4*t4*d1*d2*d3
p = 80804238007977405688648566160504278593148666302626415149704905628622876270862865768337953835725801963142685182510812938072115996355782396318303927020705623120652014080032809421180400984242061592520733710243483947230962631945045134540159517488288781666622635328316972979183761952842010806304748313326215619695085380586052550443025074501971925005072999275628549710915357400946408857
s %= dd
print(s)
s %= p
print(long_to_bytes(s))
s1=long_to_bytes(s)
string = str(s1, 'utf-8')

题目名称：[naive encryption](http://actf2020.csuaurora.org/challenges#naive encryption)
FLAG：也忘了
脚本没了QAQ，大概就是一个很简单的加密，本来应该用逆元来干的，脑抽了，后来索性就把1-1000赋给一个数组然后把这个数组送进脚本加密，最后根据密文从这个数组中搜索相同的值，那个值的数组下标就是对应的明文
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3QjQUPBe-1595158567300)(D:\桌面\TIM图片20200605231507.png)]
题目名称：[naive rsa](http://actf2020.csuaurora.org/challenges#naive rsa)
FLAG：也忘了（梅开六度
大概就是一个知道n，e和p%q的rsa加密，数字都比较大，就通过两个方程来联立
n=p*q
p=i*q+r r=p%q
大概联立之后是一个一元二次方程，求根公式得到Δ表达式，然后枚举i，求i=？Δ开方为整数
计算i的脚本

import math
from Crypto.Util.number import *
import random
import gmpy2
#from flag import FLAG
from hashlib import sha512
# k=1004566198076519599602210506731394352706714405801310206329305430708682949563948700333927208488048733764810655777562050736705748648879470498998723741270
# N=6175514749485049413373053071377575530945321634164009072622885654208471537300095005766963778577419199581721246040523785483324001647047467977214814050030943587133763852027399660086870815580138990175204425542876441687390233356169129495839603358265027911239762126454056305503929467053024849366236798248475696207k=1664378273764672561481497292551642336941327875994089223647717998013917832303422428361645030411515444821419803773096130060882949555523385748675583853223
N=5754094104856015920963155315529694503752968701370323713954167246906863558022656918708749389447554038178168689652102239536100003732359209400841675514433022980427389298328148493518873305290450595854131004830326345098651091200924006517559346903653009437814617233027734388847229394921531624565677894307201380299
enc=2661364740807287854110181071739266317728462490127466995676506910093610338260841203050069626005131198286843482586503455269576555138365541733524628733534905931329636510784603944959000258482158578421511001987422779325971552722003155928579456158300542375865577164829487177394136543724724417365476765424760984669def main():# w1=gmpy2.mpz(1)# w2=gmpy2.mpz(1)# print(w1==w2)for i in range(1,N):tmp=pow(k,2)+4*i*Nt2=gmpy2.mpz(tmp)t1=gmpy2.isqrt(tmp)t1=gmpy2.mpz(t1)if(t1*t1==t2):print(i)print(t1*t1)print(t2)tmp1=(-k+t1)print(tmp1%(2*i)==0)tmp1=tmp1//(2*i)q=tmp1print(q)print("\n")p=N//qprint(p)print(p*q==N)breakif __name__ == "__main__":main()

破解明文的脚本

import math
from Crypto.Util.number import *
import random
#from flag import FLAG
from hashlib import sha512
import gmpy2#enc=619131807053341983712996592129731844946129596361804867448023818077266884366071907777148396343131913424753531469667253075830996004711559531521437680038739168021990771840146116736026028722046579674483003435680909352182226754031166260584553606550138319245292347367443791048564768901364057882741366609043947257
#p%q=1664378273764672561481497292551642336941327875994089223647717998013917832303422428361645030411515444821419803773096130060882949555523385748675583853223
N=5754094104856015920963155315529694503752968701370323713954167246906863558022656918708749389447554038178168689652102239536100003732359209400841675514433022980427389298328148493518873305290450595854131004830326345098651091200924006517559346903653009437814617233027734388847229394921531624565677894307201380299
enc=2661364740807287854110181071739266317728462490127466995676506910093610338260841203050069626005131198286843482586503455269576555138365541733524628733534905931329636510784603944959000258482158578421511001987422779325971552722003155928579456158300542375865577164829487177394136543724724417365476765424760984669
e=65537
#N=6175514749485049413373053071377575530945321634164009072622885654208471537300095005766963778577419199581721246040523785483324001647047467977214814050030943587133763852027399660086870815580138990175204425542876441687390233356169129495839603358265027911239762126454056305503929467053024849366236798248475696207
#cmp='actf'
q=3200913633159406700739711619676356828830359533084335918792917056899609530674479638023261347286860850048621666570302221712996430920616792302792029358479p=1797641162587862886621385006530773899427124515827105214755163452706932525563681417095567980804026038624450846609018641414592282480829787314218357947364376581def main():phi_n = (p-1)*(q-1)d = gmpy2.invert(e,phi_n)c=encm=pow(c,d,N)print(m)m=int(m)# a=input()print(long_to_bytes(m))if __name__ == "__main__":main()

Mise

题目名称：签到
进入公众号，即可获得宝贵的flag一枚（狗头保命

ACTF2020 writeup相关推荐

2021年中国工业互联网安全大赛核能行业赛道writeup之usb流量分析
目录一.USB协议二.键盘流量三.鼠标流量四.writeup 附件题:usb流量分析题目描述: 具体描述忘记了o(╯□╰)o 大概意思是有个U盘插到电脑上,然后经过一些操作导致该电脑重启了. ...
2021年中国工业互联网安全大赛核能行业赛道writeup之鱿鱼游戏
目录一.尝试二.Writeup 附加题鱿鱼游戏(来自最近一部很火的韩剧) 题目描述: 小王由于操作不规范,误将不明U盘插入到上位机中,导致上位机中的某些关键文件被加密,但攻击者在U盘中还留下了一 ...
2018湖湘杯海选复赛Writeup
2018湖湘杯Writeup 0x01 签到题 0x02 MISC Flow 0x03 WEB Code Check 0x04 WEB Readflag 0x05 WEB XmeO 0x06 Reve ...
php upload ctf,强网杯CTF防御赛ez_upload Writeup
这是强网杯拟态防御线下赛遇到的web题目,本来是不打算分享Writeup的,但是由于问的人很多,于是这里分享给大家. ez_upload这题算是非常经典的堆叠black trick的题目,算是比较典型 ...
安恒赛php_安恒11月月赛周周练writeup
前言 11月月赛完美错过时间,正好有周周练,基本都是一样月赛的web,记录下write up 手速要快这题是10月月赛中的一题,直接看我上次的writeup:安恒月赛(十)web-2题writeu ...
南京邮电大学网络攻防训练平台(NCTF)-异性相吸-Writeup
南京邮电大学网络攻防训练平台(NCTF)-异性相吸-Writeup 题目描述文件下载地址很明显,文件之间进行亦或就可得到flag,不再多说,直接上脚本 1 #coding:utf-8 2 file ...
社团的CTF逆向题WriteUp
最近社团弄了CTF比赛,然后我就帮忙写了逆向的题目,这里写一下WriteUp,题目和源码在附件中给出一个简单的逆向:one_jmp_to_flag.exe 这题算是签到题,直接OD智能搜索就完事了, ...
CTF-i春秋网鼎杯第一场misc部分writeup
CTF-i春秋网鼎杯第一场misc部分writeup 最近因为工作原因报名了网鼎杯,被虐了几天后方知自己还是太年轻!分享一下自己的解题经验吧 minified 题目: 一张花屏,png的图片,老方法, ...
NCTF2019 -- PWN部分writeup
pwn学习总结(二) -- PWN部分writeup warmup easy_rop warmup 查看程序防护: 查看反汇编: 已知条件: 开启了溢出检测开启了沙盒模式,只能调用libc中的ope ...

ACTF2020 writeup

ACTF2020 writeup

Pwm

Reverse

Crypto

Mise

ACTF2020 writeup相关推荐

最新文章

热门文章