正在复习密码学,突然发现今天有月赛了…于是做了一下,很简单的一次题目。。


Web1

进入后是一个JS的游戏,在index.js里修改一下destroyed的增加设置大一些,如下:

在这里插入图片描述

然后随便玩一下就能得到flag了:

在这里插入图片描述


Web2

题目名字叫地图,进入后发现实际上没什么功能,只有index.php一个页面,

在这里插入图片描述
点击发现url中存在page=index,于是尝试文件包含,正常的base64编码的payload会返回not base,应该是过滤了base,使用rot13编码读取,先读index.php可以发现flag在根目录,payload如下:

1
/index.php/?page=php://filter/read=string.toupper|string.rot13/resource=/flag

在这里插入图片描述

rot13解码得到flag。


Crypto1

题目如下给了3个png和一个加密脚本如下:

在这里插入图片描述

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from itertools import *
from key import key

ki= cycle(key)

fr1 = open("flag.png","rb")
fr2 = open("fflag.png","rb")
fw1 = open("flag_e.png","wb")
fw2 = open("fflag_e.png","wb")

for now in fr1:
    for nowByte in now:
        newByte = nowByte ^ ord(next(ki))
        fw1.write(bytes([newByte]))
fr1.close()
fw1.close()

for now in fr2:
    for nowByte in now:
        newByte = nowByte ^ ord(next(ki))
        fw2.write(bytes([newByte]))
fr2.close()
fw2.close()

其中fflag.png是打了马赛克的flag,看一下代码,flag.png加密得到flag_e.png,fflag.png加密得到fflag_e.png,但是加密用的ki不知道。简单分析一下,加密过程就是循环用ki每一位的ascii的与图片进行异或,且两次的加密过程一样,那么思路就清楚了。

我们有fflag.png和加密后的fflag_e.png,前者相当于明文m,后者相当于密文c,加密过程为c=m⊕k,那么现在已知m和c,容易得到k=m⊕c
有如下脚本计算ki的ascii:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
fr_m = open("fflag.png", "rb")
fr_c = open("fflag_e.png", "rb")
m = []
c = []
ki = []
for now in fr_m:
    for nowByte in now:
        m.append(nowByte)
    
for now in fr_c:
    for nowByte in now:
        c.append(nowByte)

for i in range(len(m)):
    ki.append(m[i] ^ c[i])

fr_m.close()
fr_c.close()
print(ki)

很容易得到ki如下:

1
[65, 108, 105, 116, 97, 95, 105, 115, 95, 115, 111, 95, 99, 117, 116, 101]

于是对flag_e.png进行解密如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
flag_r = open("flag_e.png","rb")
flag_w = open("flag.png","wb")
ki = [65, 108, 105, 116, 97, 95, 105, 115, 95, 115, 111, 95, 99, 117, 116, 101]*500
c = []
for now in flag_r:
    for nowByte in now:
        c.append(nowByte)

for i in range(len(c)):
    newByte = c[i] ^ ki[i]
    flag_w.write(bytes([newByte]))

flag_r.close()
flag_w.close()

运行得到flag.png:

在这里插入图片描述


Crypto2

一道RSA的题目,给的脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
from Crypto.Util.number import *
import gmpy2
import random
from flag import flag


p = getPrime(1024)
r = random.randint(2, 10)
e =65537
n = p ** r
m=flag
assert(int(m.encode('hex'), 16) < n)
c = pow(int(m.encode('hex'), 16),e,n) 
c=long_to_bytes(c)
print 'c =\n', c.encode('base64'),n


'''
c =
apxy3z3DgGnzaEedcUy3A49wAsqyyn9sqx6eYZL5iDrCq0Wjs8BOY2Ofza5wuaFigm32PVpO5jpu
Dgw9b6oX8KM2ZB9/dDmwQc7JKnAKhCQrIc1v9qt7iQbnTK0DTQj/xvQkz/IBeSjoWBmHOx4s0tDx
ZRAjOPui5wwAywNM3ynULEPczv+xN2v+6HBeoS2YuyfF5mq/pIAMPwZs+QpkuwxSbNQ6xPNP9Ox1
IeKz/41F7/D2fDsGB5CcFdAiQq+r95BhVeGzeaiQBpzwAXAPKIyO+fP6/M9XmpSJwjaMSiAUnksp
9KfVOXgEG9Z0FmxP6rgqPl0vU+rVeJ2RsTUYCSP8Vy+PD3PGwDDdUtNzvcEXKr2BKiNoOUxprBAt
yvcsmGqRLgDl1ZVgzSZ1U4MAmJ9x42mIU0XvolqaOCJZzaym1kJoBlw7/7+Nej4owEtan/c3TIkD
kr/gCenUD/8MSlvnfTUMGdQLkSht2BZiuiHxVVRVzY5ETG6v+w9AtDMC
4600616808891590817884946117009414083548013610469076381106568481948720521467073218024827360073980550620353792084520767372304347132535784875671026563160583598386773718586111034826555689602824563172463446924287072570386712719870348862904936370894695108302490867826094352072132696743116741635111860205049129717948520534270924834318704244999690532431941248905257880347561221151841978982240191397364038490250930604211256385925496658620755582058753376328583001312846508295319286941837220522563729215928111164274042890696771820759856790994461944209269732769269559257608440686713206622111649275898426040931301005711446055819707704086201357712959922814300067907536161841255533171805313149332383712997091780368142625499055149806043238057037400510197255364471685815004154357049874205884682322443391374020169114833722616851257895369648472048116320266548560787733764126281102645474252013714507014577620450816459153848279084910457288549191
'''

给了n和密文c,可以看到n是用p的r次幂,r为2~10的随机数,分解一下n试试,如下:

在这里插入图片描述

发现可以成功分解,并且知道r为3,这样就很容易求出d了,解密脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
import base64
from Crypto.Util.number import bytes_to_long
import gmpy2
import libnum

n = 4600616808891590817884946117009414083548013610469076381106568481948720521467073218024827360073980550620353792084520767372304347132535784875671026563160583598386773718586111034826555689602824563172463446924287072570386712719870348862904936370894695108302490867826094352072132696743116741635111860205049129717948520534270924834318704244999690532431941248905257880347561221151841978982240191397364038490250930604211256385925496658620755582058753376328583001312846508295319286941837220522563729215928111164274042890696771820759856790994461944209269732769269559257608440686713206622111649275898426040931301005711446055819707704086201357712959922814300067907536161841255533171805313149332383712997091780368142625499055149806043238057037400510197255364471685815004154357049874205884682322443391374020169114833722616851257895369648472048116320266548560787733764126281102645474252013714507014577620450816459153848279084910457288549191
e =65537
c ="apxy3z3DgGnzaEedcUy3A49wAsqyyn9sqx6eYZL5iDrCq0Wjs8BOY2Ofza5wuaFigm32PVpO5jpuDgw9b6oX8KM2ZB9/dDmwQc7JKnAKhCQrIc1v9qt7iQbnTK0DTQj/xvQkz/IBeSjoWBmHOx4s0tDxZRAjOPui5wwAywNM3ynULEPczv+xN2v+6HBeoS2YuyfF5mq/pIAMPwZs+QpkuwxSbNQ6xPNP9Ox1IeKz/41F7/D2fDsGB5CcFdAiQq+r95BhVeGzeaiQBpzwAXAPKIyO+fP6/M9XmpSJwjaMSiAUnksp9KfVOXgEG9Z0FmxP6rgqPl0vU+rVeJ2RsTUYCSP8Vy+PD3PGwDDdUtNzvcEXKr2BKiNoOUxprBAtyvcsmGqRLgDl1ZVgzSZ1U4MAmJ9x42mIU0XvolqaOCJZzaym1kJoBlw7/7+Nej4owEtan/c3TIkDkr/gCenUD/8MSlvnfTUMGdQLkSht2BZiuiHxVVRVzY5ETG6v+w9AtDMC"
p = 166317783008561461619809354338149369955529500804877784696135394445562837564392263478378996752766024769472311034930058535976624952022796449711650766155307359508289724267180551758503427912271216717074610090283635131622612435152898135011648054004511857955351506722712213877180074987292198905073222084609633471831
r = 3
phin = pow(p, 3) - pow(p, 2)
d = gmpy2.invert(e, phin)
c = bytes_to_long(base64.b64decode(c))
m = pow(int(c), d, n)
flag = libnum.n2s(m)
print(flag)

运行得到flag:

在这里插入图片描述