2021-10-G60攻防大赛
crypto1
凯撒加密
flag{7eb61b29-8f38-40cd-8ec5-50a3f1f9d8b8}
crypto2
AABA ABAA AB BBA BBBBABB AAAAB BAA BAAAA AAABB BAAA BBBBA A AAAAB BABBAB AABA A BAAAA AAABB BABBAB AAAAB BAAAA BBAAA BABA BABBAB BBBBA AAAAA BBBBB AAAAB BABBAB BAAA BBBAA BAAA AABBB BBBAA A ABBBB AAAAB AAAAA BBBAA BAAA BAAA BBBBBAB摩斯电码
A > .
B > -
..-. .-.. .- --. ----.-- ....- -.. -.... ...-- -... ----. . ....- -.--.- ..-. . -.... ...-- -.--.- ....- -.... --... -.-. -.--.- ----. ..... ----- ....- -.--.- -... ---.. -... ..--- ---.. . .---- ....- ..... ---.. -... -... -----.-flag{4d63b9e4-fe63-467c-9504-b8b28e1458bb}
crypto3
e = 2953544268002866703872076551930953722572317122777861299293407053391808199220655289235983088986372630141821049118015752017412642148934113723174855236142887 N = 6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983 flag = 4082777468662493175049853412968913980472986215497247773911290709560282223053863513029985115855416847643274608394467813391117463817805000754191093158289399
"factor(6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983)"
md 原题
from Crypto.Util.number import *
from tqdm import tqdm
e = 2953544268002866703872076551930953722572317122777861299293407053391808199220655289235983088986372630141821049118015752017412642148934113723174855236142887
N = 6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983
c = 4082777468662493175049853412968913980472986215497247773911290709560282223053863513029985115855416847643274608394467813391117463817805000754191093158289399
for dp in tqdm(range(3, 1<<20, 2)):
tmp = e*dp-1
t = pow(3, tmp, N)
p = GCD(N, t-1)
if p != 1:
print("find p!")
q = N//p
phi = (p-1)*(q-1)
d = inverse(e, phi)
m = pow(c, d, N)
print(long_to_bytes(m))
breakmisc2
52316B7A5245315A576C644852544E455430347A5130644E4D6C5248545670555345566156454E4E576C6C48575670455230394B56456330576B644A546C4A585230307A5645644F536C524854567048535531615655644E4D30524E545570555231566152306C4F556C4A48545670555455315356456442576B644A546C4A5552316C615645314E536C64485656705552553161566B644E576B524E54564A555230307A5245744E576C6C48545452555431704250513D3Dhex
R1kzRE1ZWldHRTNET04zQ0dNMlRHTVpUSEVaVENNWllHWVpER09KVEc0WkdJTlJXR00zVEdOSlRHTVpHSU1aVUdNM0RNTUpUR1VaR0lOUlJHTVpUTU1SVEdBWkdJTlJUR1laVE1NSldHVVpURU1aVkdNWkRNTVJUR00zREtNWllHTTRUT1pBPQ==
base64
GY3DMYZWGE3DON3CGM2TGMZTHEZTCMZYGYZDGOJTG4ZGINRWGM3TGNJTGMZGIMZUGM3DMMJTGUZGINRRGMZTMMRTGAZGINRTGYZTMMJWGUZTEMZVGMZDMMRTGM3DKMZYGM4TOZA=
base32
666c61677b35333931386239372d663735332d343661352d613362302d6363616532353262336538397d
hex
flag{53918b97-f753-46a5-a3b0-ccae252b3e89}
ezUp
扫描到 robots.txt 里面有个备份文件
找到上传的部分源码
上传时修改 文件头
Content-Type: image/jpeg
发包爆破上传路径 为 0-1000 的 sha1
爆破到 webshell 地址后连接,在 /flag 有 flag
flag{57cd7c00-66fa-4fbe-8747-ed53f170e82b}
misc1
base64
ZmxhZ3tDN0ZfVzBybGRfaTVfaW50ZXIzc3Rpbmd9
flag{C7F_W0rld_i5_inter3sting}
misc3
0-377 还有 ,
猜测是 8 进制数
8 转 16 另存成图片
1_D0't_1ike!!!
解压后得到 game.csv
9x9 的方阵 是个数独
后面做不下去了。。。