2021-10-G60攻防大赛

crypto1

凯撒加密

flag{7eb61b29-8f38-40cd-8ec5-50a3f1f9d8b8}

crypto2

AABA ABAA AB BBA BBBBABB AAAAB BAA BAAAA AAABB BAAA BBBBA A AAAAB BABBAB AABA A BAAAA AAABB BABBAB AAAAB BAAAA BBAAA BABA BABBAB BBBBA AAAAA BBBBB AAAAB BABBAB BAAA BBBAA BAAA AABBB BBBAA A ABBBB AAAAB AAAAA BBBAA BAAA BAAA BBBBBAB

摩斯电码

A > .
B > -

..-. .-.. .- --. ----.-- ....- -.. -.... ...-- -... ----. . ....- -.--.- ..-. . -.... ...-- -.--.- ....- -.... --... -.-. -.--.- ----. ..... ----- ....- -.--.- -... ---.. -... ..--- ---.. . .---- ....- ..... ---.. -... -... -----.-

flag{4d63b9e4-fe63-467c-9504-b8b28e1458bb}

crypto3

e = 2953544268002866703872076551930953722572317122777861299293407053391808199220655289235983088986372630141821049118015752017412642148934113723174855236142887 N = 6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983 flag = 4082777468662493175049853412968913980472986215497247773911290709560282223053863513029985115855416847643274608394467813391117463817805000754191093158289399

"factor(6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983)"

md 原题

from Crypto.Util.number import *
from tqdm import tqdm

e = 2953544268002866703872076551930953722572317122777861299293407053391808199220655289235983088986372630141821049118015752017412642148934113723174855236142887
N = 6006128121276172470274143101473619963750725942458450119252491144009018469845917986523007748831362674341219814935241703026024431390531323127620970750816983
c = 4082777468662493175049853412968913980472986215497247773911290709560282223053863513029985115855416847643274608394467813391117463817805000754191093158289399

for dp in tqdm(range(3, 1<<20, 2)):
    tmp = e*dp-1
    t = pow(3, tmp, N)
    p = GCD(N, t-1)
    if p != 1:
        print("find p!")
        q = N//p
        phi = (p-1)*(q-1)
        d = inverse(e, phi)
        m = pow(c, d, N)
        print(long_to_bytes(m))
        break

misc2

52316B7A5245315A576C644852544E455430347A5130644E4D6C5248545670555345566156454E4E576C6C48575670455230394B56456330576B644A546C4A585230307A5645644F536C524854567048535531615655644E4D30524E545570555231566152306C4F556C4A48545670555455315356456442576B644A546C4A5552316C615645314E536C64485656705552553161566B644E576B524E54564A555230307A5245744E576C6C48545452555431704250513D3D

hex

R1kzRE1ZWldHRTNET04zQ0dNMlRHTVpUSEVaVENNWllHWVpER09KVEc0WkdJTlJXR00zVEdOSlRHTVpHSU1aVUdNM0RNTUpUR1VaR0lOUlJHTVpUTU1SVEdBWkdJTlJUR1laVE1NSldHVVpURU1aVkdNWkRNTVJUR00zREtNWllHTTRUT1pBPQ==

base64

GY3DMYZWGE3DON3CGM2TGMZTHEZTCMZYGYZDGOJTG4ZGINRWGM3TGNJTGMZGIMZUGM3DMMJTGUZGINRRGMZTMMRTGAZGINRTGYZTMMJWGUZTEMZVGMZDMMRTGM3DKMZYGM4TOZA=

base32

666c61677b35333931386239372d663735332d343661352d613362302d6363616532353262336538397d

hex

flag{53918b97-f753-46a5-a3b0-ccae252b3e89}

ezUp

扫描到 robots.txt 里面有个备份文件

找到上传的部分源码

上传时修改文件头

Content-Type: image/jpeg

发包爆破上传路径为 0-1000 的 sha1

爆破到 webshell 地址后连接，在 /flag 有 flag

flag{57cd7c00-66fa-4fbe-8747-ed53f170e82b}

misc1

base64

ZmxhZ3tDN0ZfVzBybGRfaTVfaW50ZXIzc3Rpbmd9

flag{C7F_W0rld_i5_inter3sting}

misc3

0-377 还有 ,

猜测是 8 进制数

8 转 16 另存成图片

1_D0't_1ike!!!

解压后得到 game.csv

9x9 的方阵是个数独

后面做不下去了。。。

Previous2021 9 全国网络与信息安全管理职业技能大赛江苏场 NextICS

hashtagcrypto1

hashtagcrypto2

hashtagcrypto3

hashtagmisc2

hashtagezUp

hashtagmisc1

hashtagmisc3