H&NCTF

Naby發表於2024-05-13

總排名:67

不用看,沒寫幾題

總結:比賽真的不錯,還有遊戲可以玩,mc好玩,hnwanna玩得血壓高

misc

簽到、問卷、簽退

111

mc題

好玩

crypto

babyAES

有點偏雜項

原始碼:

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from secret import flag
import time
import random

flag = pad(flag,16)
assert b"H&NCTF" in flag

seed = int(time.time())
random.seed(seed)
key = random.randbytes(16)
iv = random.randbytes(16)
aes = AES.new(key,AES.MODE_CBC,iv)
cipher = aes.encrypt(flag)

print(f"cipher = {cipher}")

"""
cipher = b'\x96H_hz\xe7)\x0c\x15\x91c\x9bt\xa4\xe5\xacwch\x92e\xd1\x0c\x9f\x8fH\x05\x9f\x1d\x92\x81\xcc\xe0\x98\x8b\xda\x89\xcf\x92\x01a\xe1B\xfb\x97\xdc\x0cG'
"""

分析:

正常的aes加密,沒法破解

但是使用了時間作為隨機數種子,並且給出了flag頭 H&NCTF

嘗試用時間爆破

分析壓縮包內指令碼時間為2020-08-21 07:57:34

問題:

random.randbytes好像是python3.9以上版本才支援,我本機是python3.7,所以在ctfos裡搞了個python3.11再來實現爆破

安裝Crypto庫

python3報錯:ModuleNotFoundError: No module named ‘Crypto‘-CSDN部落格

exp:

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import time
import random
from datetime import datetime
"""
from secret import flag
flag = pad(flag,16)
assert b"H&NCTF" in flag

seed = int(time.time())
random.seed(seed)
key = random.randbytes(16)
iv = random.randbytes(16)
aes = AES.new(key,AES.MODE_CBC,iv)
cipher = aes.encrypt(flag)

print(f"cipher = {cipher}")

cipher = b'\x96H_hz\xe7)\x0c\x15\x91c\x9bt\xa4\xe5\xacwch\x92e\xd1\x0c\x9f\x8fH\x05\x9f\x1d\x92\x81\xcc\xe0\x98\x8b\xda\x89\xcf\x92\x01a\xe1B\xfb\x97\xdc\x0cG'
"""

input_time = "2020-08-21 07:57:34"
dt_object = datetime.strptime(input_time, "%Y-%m-%d %H:%M:%S")
timestamp = dt_object.timestamp()
print("轉換後的時間戳:", int(timestamp))

cipher = b'\x96H_hz\xe7)\x0c\x15\x91c\x9bt\xa4\xe5\xacwch\x92e\xd1\x0c\x9f\x8fH\x05\x9f\x1d\x92\x81\xcc\xe0\x98\x8b\xda\x89\xcf\x92\x01a\xe1B\xfb\x97\xdc\x0cG'
seed = timestamp
while 1:
    print(seed)
    random.seed(seed)
    key = random.randbytes(16)
    iv = random.randbytes(16)
    aes = AES.new(key,AES.MODE_CBC,iv)
    flag = aes.decrypt(cipher)
    if b'H&NCTF' in flag:
        print(flag)
        break
    seed=seed-1
#H&NCTF{b1c11bd5-2bfc-404e-a795-a08a002aeb87}

babyPQ

nc 拿到n和phin

找板子題

#sagemath
n= 84967980776527544496943680131423842923512046894041731607176640110898498802469731781070436504175388661640937653364301460733816586383222327413567483887666189296775849963234033271010745401521888426163420141276372523680128816422811003690985871825766712074831006261568111266175398419328915540117249501508109717071
phin= 84967980776527544496943680131423842923512046894041731607176640110898498802469731781070436504175388661640937653364301460733816586383222327413567483887666170150364803915403739743537009245473380563093872669321929942073526760203803207933337361796440929073069517669928723004654265729894464621820967768261829637944
p=(n-phin+1-((n-phin+1)^2-4*n).nth_root(2))//2
q=n//p
print(p)
print(q)


pwn

close

看不懂

就一直嘗試連線然後輸入命令就出來了(攤手

reverse

childmaze

我願其為找一找

全程x

a="H'L@PC}Ci625`hG2]3bZK4{1~"
b=[]
for i in a:
    b.append(ord(i))
for i in range(len(b)):
    b[i]=(b[i])^(i%7)
    print(chr(b[i]),end="")
#H&NCTF{Ch411enG3_0f_M4z3}

I_LOVE_SWDD

不會逆向

先看F12

看到個這個

百度一下

知道smc是對區域性程式碼進行加密,靜態除錯不行,所以只能動調

分析到這裡,看彙編有點複雜

交給Copilot

初步分析是判斷是否在A-Z範圍內

往下翻發現關鍵,有跟一個字串進行判斷,而且除符號外字元都在A-Z

因為解題人數較多,而且彙編貌似挺短的,猜測為簡單的加解密,猜測凱撒(總之就是試出來的

最後加上H&NCTF{}

H&NCTF

算是猜出來的

最喜歡的逆向題

確實最喜歡

找一找,F12

web(一題都不會的說)

相關文章