2024CTF国城杯

01216

Misc

签到题

题目描述

在国城科技公众号回复 “国城杯我来啦” 即可得flag

解题过程

这是大部分公开赛都有的直接打开公众号关注输入国城杯我来啦

Crypto

题目名称:babyRSA

题目提示

解题过程

babyRSA 密码系统,像 rabin 加密一样,基于整数因式分解的难度。但 Rabin 解密时会得到四个解,而 babyRSA 得到的是唯一解。

题目

from secret import flag  
from Crypto.Util.number import*  
from gmpy2 import*  
  
flag = b'D0g3xGC{****************}'  
  
def gen_key(p, q):  
     public_key = p*p*q  
     e = public_key  
     n = p*q  
     phi_n = (p-1)*(q-1)  
     private_key = inverse(e,phi_n)  
     return public_key,private_key,e  
  
 p = getPrime(512)  
 q = getPrime(512)  
  
 N,d,e = gen_key(p,q)  
  
 c = gmpy2.powmod(bytes_to_long(flag),e,N)  
  
 print(N)  
 print(d)  
 print(c)  
  
n = 539403894871945779827202174061302970341082455928364137444962844359039924160163196863639732747261316352083923762760392277536591121706270680734175544093484423564223679628430671167864783270170316881238613070741410367403388936640139281272357761773388084534717028640788227350254140821128908338938211038299089224967666902522698905762169859839320277939509727532793553875254243396522340305880944219886874086251872580220405893975158782585205038779055706441633392356197489  
d = 58169755386408729394668831947856757060407423126014928705447058468355548861569452522734305188388017764321018770435192767746145932739423507387500606563617116764196418533748380893094448060562081543927295828007016873588530479985728135015510171217414380395169021607415979109815455365309760152218352878885075237009  
c = 82363935080688828403687816407414245190197520763274791336321809938555352729292372511750720874636733170318783864904860402219217916275532026726988967173244517058861515301795651235356589935260088896862597321759820481288634232602161279508285376396160040216717452399727353343286840178630019331762024227868572613111538565515895048015318352044475799556833174329418774012639769680007774968870455333386419199820213165698948819857171366903857477182306178673924861370469175

解题

from gmpy2 import *  
from libnum import *  
  
N = 539403894871945779827202174061302970341082455928364137444962844359039924160163196863639732747261316352083923762760392277536591121706270680734175544093484423564223679628430671167864783270170316881238613070741410367403388936640139281272357761773388084534717028640788227350254140821128908338938211038299089224967666902522698905762169859839320277939509727532793553875254243396522340305880944219886874086251872580220405893975158782585205038779055706441633392356197489  
d = 58169755386408729394668831947856757060407423126014928705447058468355548861569452522734305188388017764321018770435192767746145932739423507387500606563617116764196418533748380893094448060562081543927295828007016873588530479985728135015510171217414380395169021607415979109815455365309760152218352878885075237009  
c = 82363935080688828403687816407414245190197520763274791336321809938555352729292372511750720874636733170318783864904860402219217916275532026726988967173244517058861515301795651235356589935260088896862597321759820481288634232602161279508285376396160040216717452399727353343286840178630019331762024227868572613111538565515895048015318352044475799556833174329418774012639769680007774968870455333386419199820213165698948819857171366903857477182306178673924861370469175  
  
pq = gcd(pow(2, d * N, N) - 2, N)  
m = pow(c, d, pq)  
print(n2s(m))

flag=D0g3xGC{W1sh_Y0u_Go0d_L@ucK-111}

Misc

Tr4ffIc_w1th_Ste90

Wireshark 打开流量包

图片[1]-2024CTF国城杯-松鼠博客

追踪 udp 流 show data as 选择原始数据导出格式为 obs 的默认格式为 mkv 打开视频得到压缩包密码

图片[2]-2024CTF国城杯-松鼠博客
图片[3]-2024CTF国城杯-松鼠博客

将这个密码 !t15tH3^pAs5W#RD*f0RFL@9 输入到解压第二个压缩包拿到图片和 python 脚本

图片[4]-2024CTF国城杯-松鼠博客

打开 encode. py 的显示代码

import numpy as np  
import cv2  
import sys  
import random  
  
def encode(input_image, output_image, seed):  
    np.random.seed(seed)  
    to_hide = cv2.imread(input_image)  
  
    if to_hide is None:  
        print(f"Error: Unable to load image {input_image}")  
        exit(1)  
  
    to_hide_array = np.asarray(to_hide)  
  
    row_indices = list(range(to_hide_array.shape[0]))  
    col_indices = list(range(to_hide_array.shape[1]))  
  
    np.random.shuffle(row_indices)  
    np.random.shuffle(col_indices)  
  
    to_hide_array = to_hide_array[row_indices, :]  
  
    to_hide_array = to_hide_array[:, col_indices]  
  
    gray = cv2.cvtColor(to_hide_array, cv2.COLOR_BGR2GRAY)  
    cv2.imwrite(output_image, gray)  
    print(f"Encoded image saved as {output_image}")  
  
def main():  
    if len(sys.argv) != 4:  
        print('error! Please provide input image path, output image path, and seed as command-line arguments.')  
        exit(1)  
  
    input_image = sys.argv[1]  
    output_image = sys.argv[2]  
    seed = int(sys.argv[3])  
    encode(input_image, output_image, seed)  
  
if __name__ == '__main__':  
    main()
#just 50 - 70

根据他这个提示 50-70 之间根据上面代码我去尝试 50-70 发现都是差不多图片肯定需要解密


import numpy as np  
import cv2  
import sys  
import random  
  
def decode(input_image, output_image, seed):  
    np.random.seed(seed)  
    encoded_image = cv2.imread(input_image, cv2.IMREAD_GRAYSCALE)  
  
    if encoded_image is None:  
        print(f"Error: Unable to load image {input_image}")  
        exit(1)  
  
    encoded_array = np.asarray(encoded_image)  
  
    row_indices = list(range(encoded_array.shape[0]))  
    col_indices = list(range(encoded_array.shape[1]))  
  
    np.random.shuffle(row_indices)  
    np.random.shuffle(col_indices)  
  
    # Reverse the shuffle  
    reverse_row_indices = np.argsort(row_indices)  
    reverse_col_indices = np.argsort(col_indices)  
  
    decoded_array = encoded_array[reverse_row_indices, :]  
    decoded_array = decoded_array[:, reverse_col_indices]  
  
    cv2.imwrite(output_image, decoded_array)  
    print(f"Decoded image saved as {output_image}")  
  
def main():  
    if len(sys.argv) != 4:  
        print('error! Please provide input image path, output image path, and seed as command-line arguments.')  
        exit(1)  
  
    input_image = sys.argv[1]  
    output_image = sys.argv[2]  
    seed = int(sys.argv[3])  
    decode(input_image, output_image, seed)  
  
if __name__ == '__main__':  
    main()

我修改了

图片[5]-2024CTF国城杯-松鼠博客

使得 python encode.py encoded.png output.jpg 63
到 63 时候出现了二维码图片

图片[6]-2024CTF国城杯-松鼠博客

根据资料百度查了好久发现是用 DataMatrix 扫描器来扫出来

图片[7]-2024CTF国城杯-松鼠博客

扫出来是一串英文

图片[8]-2024CTF国城杯-松鼠博客
crumpled chairlift freedom chisel island dashboard crucial kickoff crucial chairlift drifter classroom highchair cranky clamshell edict drainage fallout clamshell chatter chairlift goldfish chopper eyetooth endow chairlift edict eyetooth deadbolt fallout egghead chisel eyetooth cranky crucial deadbolt chatter chisel egghead chisel crumpled eyetooth clamshell deadbolt chatter chopper eyetooth classroom chairlift fallout drainage klaxon

上面翻译一下估计跟字母表有关我当时就找了很多发现有个 PGP 词汇表然后我点进去一看

图片[9]-2024CTF国城杯-松鼠博客
图片[10]-2024CTF国城杯-松鼠博客

然后把单词每个输入之后得出结果是

44 30 67 33 78 47 43 7b 43 30 4e  39 72 41 37 55 4c 61 37 31 30 6e 35 5f 59 30 55 5f 48 61 56 33 5f 41 43 48 31 33 56 33 44 5f 37 48 31 35 5f 39 30 61 4c 7d

本来是想把上面的这些全部存到字典里面然后去查询发现没啥必要一个一个找到相应的十六进制
无脑的把这串加密的东西丢到随波逐流里面去看

图片[11]-2024CTF国城杯-松鼠博客
国城杯官方wp国城杯CTF-WP
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
CTF比赛wp
喜欢就支持一下吧
点赞6 分享
芝士丶小松鼠捏的头像-松鼠博客
【Docker换源】Docker更换镜像源教程-松鼠博客
【Docker换源】Docker更换镜像源教程
【Docker换源】Docker更换镜像源教程
3个月前 299
2024 楚彗杯 超级WriteUp-松鼠博客
2024 楚彗杯 超级WriteUp
2024 楚彗杯 超级WriteUp
2个月前 245
【CTF靶场搭建】GZ-CTF平台-松鼠博客
【CTF靶场搭建】GZ-CTF平台
【CTF靶场搭建】GZ-CTF平台
2个月前 224
【抓包神器】BurpSuite Professional v2024.11.1 中文汉化版-松鼠博客
【抓包神器】BurpSuite Professional v2024.11.1 中文汉化版
【抓包神器】BurpSuite Professional v2024.11.1 中文汉化版
2个月前 133
web-基础-源码信息泄露动态flag-松鼠博客
web-基础-源码信息泄露动态flag
web-基础-源码信息泄露动态flag
3个月前 111
蜀道山-海关题目平台-松鼠博客
蜀道山-海关题目平台
蜀道山-海关题目平台
3个月前 105
相关推荐
2024 楚彗杯 超级WriteUp-松鼠博客
2024 楚彗杯 超级WriteUp
2024 楚彗杯 超级WriteUp
2个月前 245
2024CTF国城杯-松鼠博客
2024CTF国城杯
2024CTF国城杯
2个月前 121
蜀道山-海关题目平台-松鼠博客
蜀道山-海关题目平台
蜀道山-海关题目平台
3个月前 105
2024NSSCTF签到-松鼠博客
2024NSSCTF签到
2024NSSCTF签到
3个月前 74
2024第一届Solar杯应急响应挑战赛-松鼠博客
2024第一届Solar杯应急响应挑战赛
2024第一届Solar杯应急响应挑战赛
2个月前 66
评论 抢沙发

请登录后发表评论

    暂无评论内容