本次竞赛采用线上CTF(Capture The Flag,夺旗赛)赛制。选手充分运用自身掌握的各方面的知识与技能,设法解开题目,获得题目中的“Flag”并提交,得到分数,最终根据分数排名。内容涉及Reverse(逆向分析),Web(Web漏洞利用),PWN(溢出类),Crypto(密码学),Misc(混合杂项题)等方面。
defuncompress(path_name): if py7zr.is_7zfile(path_name): try: d_name = 'nss_yyds!' with py7zr.SevenZipFile(path_name,password=d_name, mode='r') as sevenZ_f: sevenZ_f.extractall(path_name.rsplit(".7z")[0]) except Exception as e: print('Error when uncompress file! info: ', e) returnFalse else: returnTrue else: print('This is not a true 7z file!') returnFalse if __name__ == '__main__': folder_name = 'xxx' os.chdir(folder_name) files = os.listdir(folder_name) for f in files: f_path = folder_name + os.sep + f if os.path.isfile(f_path): print("解压--"+f) uncompress(path_name=f_path)
from Crypto.Util.number import * from Crypto.Cipher import AES import binascii
flag = "flag{XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}" bs = AES.block_size pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs)
p = 174807157365465092731323561678522236549173502913317875393564963123330281052524687450754910240009920154525635325209526987433833785499384204819179549544106498491589834195860008906875039418684191252537604123129659746721614402346449135195832955793815709136053198207712511838753919608894095907732099313139446299843 g = 41899070570517490692126143234857256603477072005476801644745865627893958675820606802876173648371028044404957307185876963051595214534530501331532626624926034521316281025445575243636197258111995884364277423716373007329751928366973332463469104730271236078593527144954324116802080620822212777139186990364810367977 a = getRandomNBitInteger(40) b = getRandomNBitInteger(40) A = pow(g, a, p) B = pow(g, b, p) assertpow(A, b, p) == pow(B, a, p) key = pow(A, b ,p) key = long_to_bytes(key)[:16] cipher = AES.new(key, AES.MODE_ECB) ciphertext = cipher.encrypt(pad(flag))
withopen('cipher', 'w') as f: f.write("A, B = {}\n".format(str((A, B)))) f.write("ciphertext = {}\n".format(binascii.hexlify(ciphertext))) f.close()
# cipher # A, B = (142989488568573584455487421652639325256968267580899511353325709765313839485530879575182195391847106611058986646758739505820350416810754259522949402428485456431884223161690132385605038767582431070875138678612435983425500273038807582069763455994486365993366499478412783220052753597397455113133312907456163112016L, 16631700400183329608792112442038543911563829699195024819408410612490671355739728510944167852170853457830111233224257622677296345757516691802411264928943809622556723315310581871447325139349242754287009766402650270061476954875266747743058962546605854650101122523183742112737784691464177427011570888040416109544L) # ciphertext = ed5c68ebb65aa3a13afb259cf3984ce60bdc54b7ef918b850745df850cf4c450b02216c0c6e67ed501a17e516496cd6c
# Sage p = 174807157365465092731323561678522236549173502913317875393564963123330281052524687450754910240009920154525635325209526987433833785499384204819179549544106498491589834195860008906875039418684191252537604123129659746721614402346449135195832955793815709136053198207712511838753919608894095907732099313139446299843 g = 41899070570517490692126143234857256603477072005476801644745865627893958675820606802876173648371028044404957307185876963051595214534530501331532626624926034521316281025445575243636197258111995884364277423716373007329751928366973332463469104730271236078593527144954324116802080620822212777139186990364810367977 A, B = (142989488568573584455487421652639325256968267580899511353325709765313839485530879575182195391847106611058986646758739505820350416810754259522949402428485456431884223161690132385605038767582431070875138678612435983425500273038807582069763455994486365993366499478412783220052753597397455113133312907456163112016, 16631700400183329608792112442038543911563829699195024819408410612490671355739728510944167852170853457830111233224257622677296345757516691802411264928943809622556723315310581871447325139349242754287009766402650270061476954875266747743058962546605854650101122523183742112737784691464177427011570888040416109544) k = GF(p) B = k(B) g = k(g) b = discrete_log_lambda(B,g,(1,2**40)) ciphertext = 'ed5c68ebb65aa3a13afb259cf3984ce60bdc54b7ef918b850745df850cf4c450b02216c0c6e67ed501a17e516496cd6c' key = pow(A, b ,p) key = long_to_bytes(key)[:16] cipher = AES.new(key, AES.MODE_ECB) m = cipher.decrypt(bytes.fromhex(ciphertext)) print(m)
init(argc, argv, envp); printf("Hi there! What is your name? "); read(0, buf, 0x18uLL); puts("That is an interesting chall"); printf("where are you from? my frends??"); read_long(); return0; }