0x01 base64?
GUYDIMZVGQ2DMN3CGRQTONJXGM3TINLGG42DGMZXGM3TINLGGY4DGNBXGYZTGNLGGY3DGNBWMU3WI===
base32加密,Python解密即可。
from base64 import *
b32decode('GUYDIMZVGQ2DMN3CGRQTONJXGM3TINLGG42DGMZXGM3TINLGGY4DGNBXGYZTGNLGGY3DGNBWMU3WI===').decode('hex')
拿到flag
PCTF{Just_t3st_h4v3_f4n}
0x02 veryeasy
使用基本命令获取flag
直接记事本打开就可以看到flag,或者用strings
命令也可以。
PCTF{strings_i5_3asy_isnt_i7}
0x03 段子
程序猿圈子里有个非常著名的段子:
手持两把锟斤拷,口中疾呼烫烫烫。
请提交其中"锟斤拷"的十六进制编码。(大写)
FLAG: PCTF{你的答案}
'PCTF{%s}' % '锟斤拷'.encode('hex').upper()
'PCTF{EFBFBDEFBFBD}'
0x04 手贱
某天A君的网站被日,管理员密码被改,死活登不上,去数据库一看,啥,这密码md5不是和原来一样吗?为啥登不上咧?
d78b6f302l25cdc811adfe8d4e7c9fd34
请提交PCTF{原来的管理员密码}
33位的密文,猜测是32位的md5多了一位,枚举一下,分别解密,知道是多了一个l
。
0x05 美丽的实验室logo
出题人丢下个logo就走了,大家自己看着办吧
stegsolve打开,第二个frame就是flag。
PCTF{You_are_R3ally_Car3ful}
0x06 veryeasyRSA
已知RSA公钥生成参数:
p = 3487583947589437589237958723892346254777 q = 8767867843568934765983476584376578389
e = 65537
求d =
请提交PCTF{d}
写了个脚本。
# coding = utf-8
def computeD(fn, e):
(x, y, r) = extendedGCD(fn, e)
#y maybe < 0, so convert it
if y < 0:
return fn + y
return y
def extendedGCD(a, b):
#a*xi + b*yi = ri
if b == 0:
return (1, 0, a)
#a*x1 + b*y1 = a
x1 = 1
y1 = 0
#a*x2 + b*y2 = b
x2 = 0
y2 = 1
while b != 0:
q = a / b
#ri = r(i-2) % r(i-1)
r = a % b
a = b
b = r
#xi = x(i-2) - q*x(i-1)
x = x1 - q*x2
x1 = x2
x2 = x
#yi = y(i-2) - q*y(i-1)
y = y1 - q*y2
y1 = y2
y2 = y
return(x1, y1, a)
p = 3487583947589437589237958723892346254777
q = 8767867843568934765983476584376578389
e = 65537
n = p * q
fn = (p - 1) * (q - 1)
d = computeD(fn, e)
print d
其实可以直接用RSAtool,计算得到d = 19178568796155560423675975774142829153827883709027717723363077606260717434369
0x07 神秘的文件
出题人太懒,还是就丢了个文件就走了,你能发现里面的秘密吗?
binwalk
文件能发现是一个磁盘文件,直接mount
到一个文件夹就能看到一堆文件,写个shell
按顺序cat
出来,连起来就是flag
。
mkdir mnt && mount haha.f38a74f55b4e193561d1b707211cf7eb mnt
cd mnt
# coding = utf-8
string = ''
for i in range(0,254):
f = open(str(i))
tmp = f.readline()
string += tmp
f.close
print string
拿到flag。
Haha ext2 file system is easy, and I know you can easily decompress of it and find the content in it.But the content is spilted in pieces can you make the pieces together. Now this is the flag PCTF{P13c3_7oghter_i7}. The rest is up to you. Cheer up, boy.
0x08 公倍数
请计算1000000000以内3或5的倍数之和。
如:10以为这样的数有3,5,6,9,和是23
请提交PCTF{你的答案}
数学题,3的倍数加5的倍数减去15的倍数。
0x09 Easy Crackme
0x0A Secret
flag在headers里
0x0B 爱吃培根的出题人
听说你也喜欢吃培根?那我们一起来欣赏一段培根的介绍吧:
bacoN is one of aMerICa'S sWEethEartS. it's A dARlinG, SuCCulEnt fOoD tHAt PaIRs FlawLE
什么,不知道要干什么?上面这段巨丑无比的文字,为什么会有大小写呢?你能发现其中的玄机吗?
提交格式:PCTF{你发现的玄机}
显然是培根密码,大小写换成ab,网上解一下就好。
0x0C Easy RSA
还记得veryeasy RSA吗?是不是不难?那继续来看看这题吧,这题也不难。
已知一段RSA加密的信息为:0xdc2eeeb2782c且已知加密所用的公钥:
(N=322831561921859 e = 23)
请解密出明文,提交时请将数字转化为ascii码提交
比如你解出的明文是0x6162,那么请提交字符串ab
提交格式:PCTF{明文字符串}
一样的原理,写个脚本。
# coding = utf-8
def fastExpMod(b, e, m):
"""
e = e0*(2^0) + e1*(2^1) + e2*(2^2) + ... + en * (2^n)
b^e = b^(e0*(2^0) + e1*(2^1) + e2*(2^2) + ... + en * (2^n))
= b^(e0*(2^0)) * b^(e1*(2^1)) * b^(e2*(2^2)) * ... * b^(en*(2^n))
b^e mod m = ((b^(e0*(2^0)) mod m) * (b^(e1*(2^1)) mod m) * (b^(e2*(2^2)) mod m) * ... * (b^(en*(2^n)) mod m) mod m
"""
result = 1
while e != 0:
if (e&1) == 1:
# ei = 1, then mul
result = (result * b) % m
e >>= 1
# b, b^2, b^4, b^8, ... , b^(2^n)
b = (b*b) % m
return result
def computeD(fn, e):
(x, y, r) = extendedGCD(fn, e)
#y maybe < 0, so convert it
if y < 0:
return fn + y
return y
def extendedGCD(a, b):
#a*xi + b*yi = ri
if b == 0:
return (1, 0, a)
#a*x1 + b*y1 = a
x1 = 1
y1 = 0
#a*x2 + b*y2 = b
x2 = 0
y2 = 1
while b != 0:
q = a / b
#ri = r(i-2) % r(i-1)
r = a % b
a = b
b = r
#xi = x(i-2) - q*x(i-1)
x = x1 - q*x2
x1 = x2
x2 = x
#yi = y(i-2) - q*y(i-1)
y = y1 - q*y2
y1 = y2
y2 = y
return(x1, y1, a)
def decryption(C, d, n):
#RSA M = C^d mod n
return fastExpMod(C, d, n)
p = 13574881
q = 23781539
n = p * q
fn = (p - 1) * (q - 1)
e = 23
d = computeD(fn, e)
C = int('0xdc2eeeb2782c', 16)
M = decryption(C, d, n)
flag = str(hex(M))[2:-1]
print d
print flag.decode('hex')
或者RSAtool,都可以。
拿到flag。
3a5Y
0x0D ROPGadget
都说学好汇编是学习PWN的基础,以下有一段ROPGadget的汇编指令序列,请提交其十六进制机器码(大写,不要有空格)
XCHG EAX,ESP
RET
MOV ECX,[EAX]
MOV [EDX],ECX
POP EBX
RET
提交格式:PCTF{你的答案}
找个网站,翻译一下就好。
0: 94 xchg esp,eax
1: c3 ret
2: 8b 08 mov ecx,DWORD PTR [eax]
4: 89 0a mov DWORD PTR [edx],ecx
6: 5b pop ebx
7: c3 ret
0x0E 取证
有一款取证神器如下图所示,可以从内存dump里分析出TureCrypt的密钥,你能找出这款软件的名字吗?名称请全部小写。
提交格式:PCTF{软件名字}
谷歌搜索内存 取证即可。
0x0F 熟悉的声音
两种不同的元素,如果是声音的话,听起来是不是很熟悉呢,据说前不久神盾局某位特工领便当了大家都很惋惜哦
XYYY YXXX XYXX XXY XYY X XYY YX YYXX
请提交PCTF{你的答案}
看起来像摩斯密码,Python替换一下。
'XYYY YXXX XYXX XXY XYY X XYY YX YYXX'.replace('X', '.').replace('Y', '-')
'.--- -... .-.. ..- .-- . .-- -. --..'
解密得到JBLUWEWNZ
,扔进JPK里跑一下凯撒密码,得到唯一一个有意义的。
PHRACKCTF
0x10 Baby's Crack
0x11 Help!!!
出题人硬盘上找到一个神秘的压缩包,里面有个word文档,可是好像加密了呢~让我们一起分析一下吧!
题目链接
分为两步,第一步是一个zip伪加密,放到Kali下直接解压,第二步那个word其实是个压缩包,里面有张图片就是flag。
0x12 Shellcode
作为一个黑客,怎么能不会使用shellcode?
这里给你一段shellcode,你能正确使用并最后得到flag吗?
PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIYIhkmKzyCDq4l4FQyBlrRWEahI1tLKT16Pnk1ftLnkPvwlnkW6fhNkan5pNkgF6XPOR8T5HsCivaN19okQSPlKRLvD6DNk3uelNkpTthRXuQ9znk2jEHLK1Ja0FaXkhcTtBink4tlKUQhnvQYotqo0ylnLMTO0SDEWZahOtMwqhG8kXteksLwTdh1e8aLKsja4uQ8kavLKdLrklK0ZeL7qjKLKUTLKuQM8k9bdvDeL1qiSnR5XVIXTOyjENikrphNnrnVnhlBrzHooKOYoyok93u7tOKCNyHzBBSnguLgTcbyxlNKOYoYoMYaUTHphRL2LupQQ0htsFRTn541x3E2Se5T26PyKK8QLTddJlIZFBvyoSeUTLIkrv0oKy8ORpMmlk7Gl6DBrm8SoyoioyoaxrOqh0XwP1xu1Qw1upBbHrmrED3T34qiKOxQLTdEZOyZCaxQmRxgPUp0hpnPn4srRe8BDSo2PT7axqOCWROpophSYpnSo04u83K72Peu70hBpCsqDpF4qHIMXpLQ429k98aEaJr1BF3Ca3bIozp01IPf0Yof5GxAA
用Shellcodeexec跑一下,可以拿到flag。
0x13 A Piece Of Cake
nit yqmg mqrqn bxw mtjtm nq rqni fiklvbxu mqrqnl xwg dvmnzxu lqjnyxmt xatwnl, rzn nit uxnntm xmt zlzxuuk mtjtmmtg nq xl rqnl. nitmt vl wq bqwltwlzl qw yivbi exbivwtl pzxuvjk xl mqrqnl rzn nitmt vl atwtmxu xamttetwn xeqwa tsftmnl, xwg nit fzruvb, nixn mqrqnl ntwg nq gq lqet qm xuu qj nit jquuqyvwa: xbbtfn tutbnmqwvb fmqamxeevwa, fmqbtll gxnx qm fiklvbxu ftmbtfnvqwl tutbnmqwvbxuuk, qftmxnt xznqwqeqzluk nq lqet gtamtt, eqdt xmqzwg, qftmxnt fiklvbxu fxmnl qj vnltuj qm fiklvbxu fmqbtlltl, ltwlt xwg exwvfzuxnt nitvm twdvmqwetwn, xwg tsivrvn vwntuuvatwn rtixdvqm - tlftbvxuuk rtixdvqm yivbi evevbl izexwl qm qnitm xwvexul. juxa vl lzrlnvnzntfxllvldtmktxlkkqzaqnvn. buqltuk mtuxntg nq nit bqwbtfn qj x mqrqn vl nit jvtug qj lkwnitnvb rvquqak, yivbi lnzgvtl twnvnvtl yiqlt wxnzmt vl eqmt bqefxmxrut nq rtvwal nixw nq exbivwtl.
提交格式:PCTF{flag}
在线解密,直接拿到flag。
the word robot can refer to both physical robots and virtual software agents, but the latter are usually referred to as bots. there is no consensus on which machines qualify as robots but there is general agreement among experts, and the public, that robots tend to do some or all of the following: accept electronic programming, process data or physical perceptions electronically, operate autonomously to some degree, move around, operate physical parts of itself or physical processes, sense and manipulate their environment, and exhibit intelligent behavior - especially behavior which mimics humans or other animals. flag is substitutepassisveryeasyyougotit. closely related to the concept of a robot is the field of synthetic biology, which studies entities whose nature is more comparable to beings than to machines.