3月赛wp

Crypto

md5

写脚本吧 明文:s3c{P7?Y0OG?0XPC?ZPK} 密文:b235????f2da???874???63007?4b8970

其实很简单,就是通过明文解决密文,?中可以为任意字符串,通过一一尝试就出来了

``

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
import hashlib
password='s3c{P7?Y0OG?0XPC?ZPK}'
password1='s3c{P7'
password2='Y0OG'
password3='0XPC'
password4='ZPK}'
password5=''
password6=''
password7=''
jiemi='_0123456789abcdefghijklmnopqrstuvwsyzABCDEFGHIJKLMNOPQRSTUVWSYZ'
for i in range(len(jiemi)):
    password5=password1+jiemi[i]
    for j in range(len(jiemi)):
        password6=password5+password2+jiemi[j]
        for n in range(len(jiemi)):
            password7=password6+password3+jiemi[n]+password4
            m = hashlib.md5()

            m.update(password7.encode("utf-8"))
            psw = m.hexdigest()
            if psw[0:4]=='b235':
                print(psw)
                print(password7)

最后一一比对就行了

RSA

我用了工具RSA-TOOLS,已经知道pqec,可以·通过工具得到N,D,

p = 9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483 n = 114573516752272714750064227635008832737477859608443481000717283425702025029279291376859256856603741797722497252841363753834114679306784379319341824813349417007577541466886971550474580368413974382926969910999462429631003527365143148445405716553105750338796691010126879918594076915709977585368841428779903869581 e = 65537 c = 83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034 d = 56632047571190660567520341028861194862411428416862507034762587229995138605649836960220619903456392752115943299335385163216233744624623848874235303309636393446736347238627793022725260986466957974753004129210680401432377444984195145009801967391196615524488853620232925992387563270746297909112117451398527453977 flag=pow(c, d, n) print(flag)

RE

FXXK

其实就是jsfuck,解码后根据ascll码将数字转换为字符串

可得flag为s3c{SQc_N0t_B4d}

web

寻宝记

第一个点是上传,post方法dollar=100,AE86则是传到user_agent,后面RUssia则是将Referer加上Russia,后面伪造本地ip,要用Client_Ip.然后就是一段程序以base64的形式表现出来,

if(isset($_GET['key'])){ $a = $_GET['key']; $a = str_ireplace("flag","!!!",$a); ?key=,???!!!!!!.!!! $a = str_ireplace("php", "!!!", $a); $a = str_ireplace("data", "???", $a); $a = str_ireplace("access", '',$a); $a = str_replace(":", "!!!", $a); include($a);

然后就鸡了

总结:还是太菜不够努力,要花更多时间