2020湖湘杯部分writeup
週末打了湖湘杯,把做題過程記錄一下,大家交流學習。
下面的連結裡有題目,可以下來看看。
https://download.csdn.net/download/jameswhite2417/13081994
- misc passwd
下載檔案發現是raw,是道記憶體取證的題目
拷到kail中,先識別配置檔案
獲取密碼hash
進行解密
再根據題目用sha1加密得到flag
2.CPYPTO 古典美++
Virginia(維吉尼亞)無金鑰解密
- 破解祕鑰長度。
Python程式碼:
#coding=utf-8#-*- coding:utf-8 –*-def c_alpha(cipher): # 去掉非字母后的密文
cipher_alpha = ''
for i in range(len(cipher)):
if (cipher[i].isalpha()):
cipher_alpha += cipher[i]
return cipher_alpha
# 計算cipher的重合指數def count_CI(cipher):
N = [0.0 for i in range(26)]
cipher = c_alpha(cipher)
L = len(cipher)
if cipher == '':
return 0
else:
for i in range(L): #計算所有字母的頻數,存在陣列N當中
if (cipher[i].islower()):
N[ord(cipher[i]) - ord('a')] += 1
else:
N[ord(cipher[i]) - ord('A')] += 1
CI_1 = 0
for i in range(26):
CI_1 += ((N[i] / L) * ((N[i]-1) / (L-1)))
return CI_1
# 計算祕鑰長度為 key_len 的重合指數def count_key_len_CI(cipher,key_len):
un_cip = ['' for i in range(key_len)] # un_cip 是分組
aver_CI = 0.0
count = 0
for i in range(len(cipher_alpha)):
z = i % key_len
un_cip[z] += cipher_alpha[i]
for i in range(key_len):
un_cip[i]= count_CI(un_cip[i])
aver_CI += un_cip[i]
aver_CI = aver_CI/len(un_cip)
return aver_CI
## 找出最可能的前十個祕鑰長度def pre_10(cipher):
M = [(1,count_CI(cipher))]+[(0,0.0) for i in range(49)]
for i in range(2,50):
M[i] = (i,abs(0.065 - count_key_len_CI(cipher,i)))
M = sorted(M,key = lambda x:x[1]) #按照陣列第二個元素排序
for i in range(1,10):
print (M[i])
F = [0.0651738, 0.0124248, 0.0217339,0.0349835, 0.1041442, 0.0197881,0.0158610, 0.0492888, 0.0558094,0.0009033, 0.0050529, 0.0331490,0.0202124, 0.0564513, 0.0596302,0.0137645, 0.0008606, 0.0497563,0.0515760, 0.0729357, 0.0225134,0.0082903, 0.0171272, 0.0013692,0.0145984, 0.0007836] # 英文字元頻率。
cipher = 'SZWLVSRVVZICMUOJYIIZBSVSSITFSWHPCWCFPVPFXJMWRVJICVRGTCFLHPRJKJKSRVWYFUSEWHFXLHFOSFLYPFXXYFPOEGXFXMBUHVNIYHNDWXPGBXWSYBNDVQRVYRTZUWKTFSKUMVERCCRSBEMKEDRUNYYVRYKXFOKVLVXYGTRQZOEHFEYKJRKRVXFPBOINXFTCSRQCKIGBXWLVOQVVOSFLCRRWXYFQWUHWFGRVVZICMYBUQSKJASUWLRURVVBAVSCTZOPVEUWKKGLQZCRUHJBLRSRSBTFSCYIJICFVDRUUFSIHWYFQONPEGTYBUSMTUSFVVLLOEIGRRGFEGJKIKPMYURAEBHOIIVFNMBVRJKICGYHPMFQOJVLVQYGJHHZUUOJOESFJZVGSIBLUVPEINYZRGISVRHFKIIHPSRWHZTYDGRMEUKSEWMKXYGVPTKZQVVGMUOMHCLOVUMRIRTKICXRUJFSDSRUSWLGZCLRXTMAVESUZQCDDRRHCRKRTLUGHZQXFPLSFIXYFAIGESRSBGRVWYFDSCOTRTRWKZICMRVFXKYUYZZFIKPFSIVICGYTKHVJVAVRIECMYGKKMJJQVROPKIGBBQSKIGBXRJKVKPCLRXEMKEVXRJPGYRASSYJVWLVZJZROPKIGBBPIRUFCDHAYZGKFXPUORGRBEEZRVZQKRCMIKLXVWCBZIMWFJZFIJKICHFSSWUFSYRYJFUVZFLNBQJVUCCJISCBXIVCRFZRUPUBURAEXMICGXYFDOCORVWCFTRQVUMOEHRUJUCEGIIIMKDDRPNGZVVMMFDOCOIECWHYLWKJKSJKIJBGRROSLEGALVXSFESKWMEHQCDHAYFPSEHEIUFSTHRKSCCWWLVFYFKKPVUKSJHIKIYHNRYCEZSWRYIUFCLVEEEKWCHWUPUBZWLZOITFUCFVQSVDPZDCVRGPVBPBKVIMFPOCWLZOEGFIXYJQGFUXZOFSIOIJTMBJLRKICGTKSFMPCFPEEERVFXKYUFWJZEJOMHRYIIZECFGSGQMFKXRZUWTFUWYPUWEJSWGFSINRFXJSUJIRTRVVUINBQBFRRVUMZZVXVORCYHVJUGZCLXNBQUFRHGSYQKLGVUMGRBMKPTSIBIJUFOKVESPSHKKIIJEVKGMJUYBTHFLURVVQMNPLRVUAYBRZRWMKVBSFUPFOEWKXHVJTSXRXKPYZZFIYBBBFLHVBUVRWPRUGHLGINBQCIOSEHGHLGIVJRVVUFLURVFXKYURVVBAVSCBZFIXSYBUZSIEQHFVEPQPSJHRKMWGYHFVHYBRJEZOGKFQHVSGTZVLRMJTROPIJEVKWLIPSUYWLVFYFKKLFXDIEQCZUJZJHIDUMQFPIFVRODRRXUFSGHSGMCHYDXNBJYNLXYUFSZULVBBGURAEXYFUWLVBLHZSEKIGSJLXYJLYJKINBQFRWLVSEZRGXYFPSNDWEPMBVOMJUCBZQKKIGGKLQVBQWKGMUORGFXRUBROCOXYFPWXKXNPPRSXXZTFOCOLRWCHFDWBUFSDZLRURVVQEDFMTKKITPSBKUCZTWCLNRFXNZVDWVNYODLWKIGGEHAQFYZRQHFSYIJWVRMGORQHJICHILIUUMQLUXJFWOJVLVTNCBHJROAMTXVKTCMZQKRTWCLUIWBJZZQKKIPCLJLKICOZUHFZMIKKMELWCLFSLMBARQEXFGHRQHNIYHRQMXOMFRQXCJRHCHKZSJGYHPCUFWENQVGMFRVOZOEBFLXCMLSMHVUPRCRVOGFPVRSWZTFOCOWVFGHNUMKUCBLSWFNCKYHVV'
cipher_alpha = c_alpha(cipher)print u"祕鑰長度為:"
pre_10(cipher)
得出的結果排名靠前的都是7的倍數,我們可以猜測祕鑰長度為7
2.將密文分成N組,逐個破解祕鑰。
Python程式碼:
# 猜測單個祕鑰得到的重合指數def count_CI2(cipher,n): # n 代表我們猜測的祕鑰,也即偏移量
N = [0.0 for i in range(26)]
cipher = c_alpha(cipher)
L = len(cipher)
for i in range(L): #計算所有字母的頻數,存在陣列N當中
if (cipher[i].islower()):
N[(ord(cipher[i]) - ord('a') - n)%26] += 1
else:
N[(ord(cipher[i]) - ord('A') - n)%26] += 1
CI_2 = 0
for i in range(26):
CI_2 += ((N[i] / L) * F[i])
return CI_2
def one_key(cipher,key_len):
un_cip = ['' for i in range(key_len)]
cipher_alpha = c_alpha(cipher)
for i in range(len(cipher_alpha)): # 完成分組工作
z = i % key_len
un_cip[z] += cipher_alpha[i]
for i in range(key_len):
print (i)
pre_5_key(un_cip[i]) ####這裡應該將7個分組的祕鑰猜測全部列印出來
## 找出前5個最可能的單個祕鑰def pre_5_key(cipher):
M = [(0,0.0) for i in range(26)]
for i in range(26):
M[i] = (chr(ord('a')+i),abs(0.065 - count_CI2(cipher,i)))
M = sorted(M,key = lambda x:x[1]) #按照陣列第二個元素排序
for i in range(10):
print (M[i])
key_len = 7 #輸入猜測的祕鑰長度
one_key(cipher,key_len)
結果
得出的祕鑰會按照可能性進行排序,排在第一位的字元取出得到orderby
驗證一下
解密的結果最後幾個單詞明顯有意義
按題目要求將祕鑰大寫,用md5加密得到flag
參考:python實現維吉尼亞祕鑰破解 - 簡書 https://www.jianshu.com/p/23e3dcb3f0e9
3.未解出Misc 顏文字之謎
過濾http中含有flag的內容
追蹤http流
Base64解碼
AAEncode解碼無果 ……
4.未解出Misc 虛實之間
Binwalk一下
發現有兩個zip包
Foremost分離出來
用360壓縮開啟,有個沒加密的副本,把內容拷出來,儲存到本地。
用好壓開啟有3個加密的檔案。檔名也是mingwen-副本,還有個正本,crc32一樣。應該是明文攻擊。把剛才儲存到本地的txt壓縮一下,對比一下crc32一樣,這樣我們就有了明文檔案。
用archpr進行明文攻擊,可是報錯了……
5. 未解出 web
檔案包含 有過濾 做不動……
相關文章
- 逆向ctf-2020湖湘杯Re_03
- 太湖杯writeup
- 綠盟科技榮獲2020“湖湘杯”網路安全應急演練大賽一等獎
- guestbook(hackme web部分writeup)Web
- 無聲杯 xss 挑戰賽 writeup
- 網鼎杯-writeup-第二場-babyRSA
- 技術分享 | "錦行杯"比賽 Writeup
- 再創佳績 | 綠盟科技安全戰隊斬獲湖湘杯網路安全技能大賽一等獎
- 羊城杯-Cry部分
- 百度品牌之夜——華瑞IT教育綻放湖湘品牌魅力
- CTF——WriteUp(2020招新)
- Web_BUUCTF_WriteUp | [強網杯 2019]隨便注Web
- 2024春秋杯網路安全聯賽夏季賽-PWN-Writeup
- 藍橋杯,推導部分和
- CTF_復現(部分) | _XGCTF_西瓜杯GC
- buuoj[ACTF_Junior_2020]Splendid_MineCraft WriteUpRaft
- [V&N2020 公開賽]easyTHeap writeup
- 2020亞太杯小記
- 祥雲杯2020 Crypto wp
- SSCTF Writeup
- JCTF Writeup
- BCTF Writeup
- [網鼎杯 2020 朱雀組]phpwebPHPWeb
- HCTF writeup(web)Web
- wargame narnia writeupGAM
- [極棒雲鼎杯2020] Web題Web
- [網鼎杯 2020 青龍組]AreUSerialz
- 藍帽杯2020-Misc-簽到
- [網鼎杯 2020 朱雀組]phpweb 1PHPWeb
- BUUCTF [網鼎杯 2020 朱雀組] phpwebPHPWeb
- 第二屆你要魔怔杯鮮花大賽!!!部分作品列表
- 2017年第二屆廣東省強網杯線上賽WEB:Musee de X writeup(模板注入漏洞)Web
- Alictf2014 WriteupTF2
- Wargama-leviathan WriteupGAM
- 0ctf writeup
- 360hackgame writeupGAM
- [網鼎杯 2020 青龍組]notes wp
- 藍橋杯2020 E:七段碼