v4 = [42,70,39,34,78,44,34,40,73,63,43,64] s = '' flag = '' s = '~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)(\'&%$# !"' for i in v4: flag += chr(s.find(chr(i))+1) print(flag)
flag{U9X_1S_W6@T?}
rsa
这题跟rsa有关,见面做过几道密码的rsa
这一题的不同之处是数字处理,以及把key放到文件里面去了
提取公钥
IDA打开pub.key后,转换里面的十六进制为字符串,提取出公钥。
—–BEGIN PUBLIC KEY—– MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMAzLFxkrkcYL2wch21CM2kQVFpY9+7+
e = 65537 n = 86934482296048119190666062003494800588905656017203025617216654058378322103517 p = 285960468890451637935629440372639283459 q = 304008741604601924494328155975272418463
phin = (q-1)*(p-1) d = gmpy2.invert(e, phin)
key = rsa.PrivateKey(n, e, int(d), p, q)
with open("C:\\Users\\Hyang\\Desktop\\flag.enc", "rb+") as f: f = f.read() print(rsa.decrypt(f, key))
#include <stdio.h> #include <string.h> int main() { char s[] = "Qsw3sj_lz4_Ujw@l"; int len = strlen(s); char a[100]; char flag[100]; int i, j = 0; for ( i = 0;i < len;i++) { for ( j = 0;j < 128;j++) { a[i] = j; if (a[i] >= 65 && a[i] <= 90) { a[i] = (a[i] - 51) % 26 + 65; } if (a[i] >= 97 && a[i] <= 122) { a[i] = (a[i] - 79) % 26 + 97; } if (a[i] == s[i]) { flag[i] = j; printf("%c", flag[i]); } } } return 0; }
flag{Cae3ar_th4_Gre@t}
CrackRTF
IDA32位
看流程的话一共是要输入两次密码
atoi函数把字符串转换成长整型数
关键是加密函数sub_40100A
我点进去是一脸懵逼,看了几篇wp才算好点
这个函数是hash加密
后面的0x8004是标识符,所以这个加密是sha1加密
加密过后的密文长这样
6E32D0943418C2C33385BC35A1470250DD8923A9
利用爆破写一个脚本(CV)
1 2 3 4 5 6 7 8 9 10 11
import hashlib
flag = "@DBApp"
for i in range(100000, 999999): s = str(i) + flag x = hashlib.sha1(s.encode()) cnt = x.hexdigest() if "6e32d0943418c2c" in cnt: print(cnt) print(str(i) + flag)
<!DOCTYPE Html /> <html> <head> <title>FLARE On 2017</title> </head> <body> <input type="text" name="flag" id="flag" value="Enter the flag" /> <input type="button" id="prompt" value="Click to check the flag" /> <script type="text/javascript"> document.getElementById("prompt").onclick = function () { var flag = document.getElementById("flag").value; var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);}); if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) { alert("Correct flag!"); } else { alert("Incorrect flag, rot again"); } } </script> </body> </html>
分析一下
输入的密码大写就是90,小写就是122,然后与其ascii+13判断
大于为其自己+13,小于为其自己-13
+13这个运算实际上就是把情况分成了 a到m和m到z两种情况
脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14
a='PyvragFvqrYbtvafNerRnfl@syner-ba.pbz' flag='' for i in a: if i >='A' and i<='M': flag += chr(ord(i)+13) elif i >='a' and i<='m': flag += chr(ord(i)+13) elif i>='N' and i<="Z": flag+=chr(ord(i)-13) elif i>='n' and i<='z': flag+=chr(ord(i)-13) else: flag+=i print(flag)