ycdxsb CTF / writeup8 分钟 读完 (大约 1236 个字)  0次访问

BUUCTF Crypto writeup

考虑到大部分人有直接抄答案的习惯,所以只给一些hint和关键步骤

Part1#

md5#

打开的md5即是flag

Url编码#

Url解码即可

一眼就解密#

base64解码

看我回旋踢#

凯撒密码

摩丝#

摩斯密码

password#

根据社工信息生成密码:zx19900315

变异凯撒#

凯撒的基础上做偏移,n+4

Quoted-printable#

http://ctf.ssleye.com/quoted.html

Rabbit#

http://www.jsons.cn/rabbitencrypt/

篱笆墙的影子#

https://www.qqxiuzi.cn/bianma/zhalanmima.php

RSA#

已知p,q,e,求d

丢失的MD5#

改一下运行就行

Alice与Bob#

大数分解

rsarsa#

已知p,q,e,c,求m

大帝的密码武器#

凯撒密码

Windows系统密码#

Windows ntlm,解hash即可

信息化时代的步伐#

http://code.mcdvisa.com/

传统知识+古典密码#

根据https://baike.baidu.com/item/%E5%85%AD%E5%8D%81%E7%94%B2%E5%AD%90/2615886?fr=aladdin找到对应数字,加上60获得ascii码,然后栅栏

凯撒?替换?呵呵!#

https://quipqiup.com/

RSA1#

P,q,dp,dq,c求m,推导可见https://skysec.top/2018/08/25/RSA%E4%B9%8B%E6%8B%92%E7%BB%9D%E5%A5%97%E8%B7%AF-2/

萌萌哒的八戒#

猪圈密码

old-fashion#

quipquip暴力分析

权限获得第一步#

ntlm解密

世上无难事#

quipquip

RSA3#

RSA共模攻击

RSA2#

dp泄露

1
2
3
4
5
6
7
8
for i in range(1,e):                   
    if(dp*e-1)%i == 0:
        if n%(((dp*e-1)//i)+1) == 0:   
            p=((dp*e-1)//i)+1
            q=n//(((dp*e-1)//i)+1)
            phi=(q-1)*(p-1)            
            d=gp.invert(e,phi)         
            m=pow(c,d,n)

异性相吸#

都是38字节,以比特位单位,异或,转成字节即可

还原大师#

明文只有4个字节不知道,爆破即可

Unencode解码#

找个网站直接解码

RSA#

小整数分解n

[AFCTF2018]Morse#

莫斯电码直接转

RSAROLL#

小整数分解

Part2#

robomunication#

音频,莫斯电码,耐心点

Dangerous RSA#

小e,爆破

Cipher#

playfair

[HDCTF2019]basic rsa#

n = p*q = (p+1)(q+1)-1-(p+q)

[GXYCTF2019]CheckIn#

Base64 + rot 47

达芬奇密码#

斐波那契数列

rsa2#

大e,维纳攻击

密码学的心声#

八进制

RSA5#

明文相同攻击,遍历所有n,求互相之间的gcd,找到p

[BJDCTF2020]这是base??#

base64换表

传感器#

曼切斯特编码

rot#

Rot13

[NCTF2019]Keyboard#

键盘加密,9键,例如ooo,代表9上的第三个字母

[NCTF2019]childRSA#

pollar’s p-1分解n

这是什么#

Jsfuck

[HDCTF2019]bbbbbbrsa#

爆破e

[MRCTF2020]古典密码知多少#

栅栏密码

[WUSTCTF2020]佛说:只能四天#

佛论解密http://hi.pcmoe.net/buddha.html

得到社会主义核心价值观编码

然后栅栏

然后凯撒

然后base32

[BJDCTF2020]RSA#

爆破e,共p

[MRCTF2020]天干地支+甲子#

天干地支的数字 + 60

[BJDCTF2020]rsa_output#

共模攻击

[MRCTF2020]vigenere#

维吉尼亚https://www.guballa.de/vigenere-solver

[ACTF新生赛2020]crypto-rsa0#

常规rsa

[BJDCTF2020]signin#

16进制转ascii

[MRCTF2020]keyboard#

同NCTF 2019 Keyboard

[WUSTCTF2020]babyrsa#

小整数分解n

RSA4#

广播攻击

[GWCTF 2019]BabyRSA#

p,q接近,费马分解

SameMod#

rsa共模攻击

一张谍报#

https://blog.csdn.net/weixin_30460489/article/details/95697477

yxx#

xor

Part3#

浪里淘沙#

什么玩意,https://blog.csdn.net/seven749/article/details/109208589

这是什么觅🐎#

https://www.cnblogs.com/vict0r/p/13562808.html

[BJDCTF2020]easyrsa#

z=Fraction(1,Derivative(arctan(p),p))-Fraction(1,Derivative(arth(q),q))

即z = p2+q2,用初中数学解得p,q

[AFCTF2018]Vigenère#

同前面的维吉尼亚

[ACTF新生赛2020]crypto-rsa3#

p,q接近,费马分解

[NCTF2019]babyRSA#

k(p-1)*(q-1)==ed-1,p和q很接近,通过爆破k获得p和q,https://blog.csdn.net/weixin_44110537/article/details/107214109

[AFCTF2018]你能看出这是什么加密么#

标准RSA

[AFCTF2018]可怜的RSA#

分解n

[RoarCTF2019]babyRSA#

考察威尔逊定理

-1 % A = (A-1)! %A = B!(B+1)...(A-1) % A,借此可以求出p和q

[RoarCTF2019]RSA#

A=(((y%x)**5)%(x%y))**2019+y**316+(y+1)/x

根据A的值我们知道((y%x)**5)%(x%y)只能为1,然后简单的爆破x,y的值即可

1
2
y = 83
x = 2

根据质数分布规律可以爆破出p和q

然后再爆破e即可

RSA & what#

共模攻击 + Base64隐写 https://www.cnblogs.com/vict0r/p/13282901.html

[MRCTF2020]babyRSA#

常规,根据质数规律求p

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
def solve():
    P = [0 for i in range(17)]
    P[9] = 206027926847308612719677572554991143421
    for i in range(10,17):
        P[i] = sympy.nextprime(P[i-1])
    for i in range(8,-1,-1):
        P[i] = preprime(P[i+1])
    phi = 1
    n = 1
    for i in range(17):
        phi = phi*(P[i]-1)
        n = n*P[i]
    P_factor=213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839

    e = 65537
    d = inverse(e,phi)
    p = pow(P_factor,d,n)
    p = sympy.nextprime(p)
    Q_1 = 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
    Q_2 = 151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
    sub_Q = 168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
    Q = pow(sub_Q, Q_2 ,Q_1)
    q = sympy.nextprime(Q)
    phi = (p-1)*(q-1)
    n = p*q
    d = inverse(e,phi)
    c = 1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
    m = pow(c,d,n)
    print(long_to_bytes(m))

[WUSTCTF2020]dp_leaking_1s_very_d@angerous#

dp泄露攻击

[NPUCTF2020]EzRSA#

lcm(p-1,q-1)过大,遍历下倍数可以得到p和q,注意e是合数,除以2后是质数,因此转换为求m^2,最后开平方根

Part4#

[MRCTF2020]Easy_RSA#

解方程求p,已知ed和n求q

Part5#

[GKCTF 2021]Random#

PRNG

1
2
3
4
5
6
7
8
9
10
11
12
from mt19937predictor import MT19937Predictor
from hashlib import md5
with open("random.txt",'r') as f:
    content =f.read().split('\n')[:-1]
predictor = MT19937Predictor()
for i in range(104):
    predictor.setrandbits(int(content[3*i]),32)
    predictor.setrandbits(int(content[3*i+1]),64)
    predictor.setrandbits(int(content[3*i]),96)

flag = md5(str(predictor.getrandbits(32)).encode()).hexdigest()
print(flag)

Part6#

Part7#

#

喜欢这篇文章?打赏一下作者吧

评论

关注我

链接

归档

订阅更新

邮件订阅,更新早知道

分类

最新文章

标签

AI2
CTF48
CVE4
Fuzz1
FuzzingBook1
HEVD5
NLP1
PyQt512
ROP Emporium2
Toddler's Bottle21
Web1
automatic analyse10
binary analyse1
codeql5
crypto7
fuzz3
life2
linux kernel2
machine learning1
mobile security1
others1
paper18
pentest3
pwn24
pwnable.kr21
re5
research20
security18
security situation awareness2
stack overflow3
tools2
windows8
work1
writeup5
数据库11
×