題目下載了一個+_+.pcapng ,用Wireshark打開, Ctrl-F搜索flag 發現python代碼 將Data導出
#!/usr/bin/env python # coding:utf-8 __author__ = 'Aklis' from Crypto import Random from Crypto.Cipher import AES import sys import base64 def decrypt(encrypted, passphrase): IV = encrypted[:16] aes = AES.new(passphrase, AES.MODE_CBC, IV) return aes.decrypt(encrypted[16:]) def encrypt(message, passphrase): IV = message[:16] length = 16 count = len(message) padding = length - (count % length) message = message + '\0' * padding aes = AES.new(passphrase, AES.MODE_CBC, IV) return aes.encrypt(message) IV = 'YUFHJKVWEASDGQDH' message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}' print len(message) example = encrypt(message, 'Qq4wdrhhyEWe4qBF') print example example = decrypt(example, 'Qq4wdrhhyEWe4qBF') print example
是DES加密,知道VI 與 key
在pcap流量包繼續搜索看到了
mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA=
猜測是直接加密,發現解不開。
測試得出:
用base64解碼,再用該decrypt()解密。
#!/usr/bin/env python # coding:utf-8 __author__ = 'Aklis' from Crypto import Random from Crypto.Cipher import AES import sys import base64 def decrypt(encrypted, passphrase): IV = encrypted[:16] aes = AES.new(passphrase, AES.MODE_CBC, IV) return aes.decrypt(encrypted[16:]) def encrypt(message, passphrase): IV = message[:16] length = 16 count = len(message) padding = length - (count % length) message = message + '\0' * padding aes = AES.new(passphrase, AES.MODE_CBC, IV) return aes.encrypt(message) # IV = 'YUFHJKVWEASDGQDH' # message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}' # # # print len(message) # example = encrypt(message, 'Qq4wdrhhyEWe4qBF') # print example a='mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA==' b = base64.b64decode(a) example = decrypt(b, 'Qq4wdrhhyEWe4qBF') print example
