1.flag_in_your_hand && flag_in_your_hand1
下載,解壓后
打開index文件,直接點擊get flag錯誤,輸入其他點擊也同樣
打開js文件,在其中找到正確的Token條件
可知Token里要填的是a數列里的ASCII碼得到的字符,代碼如下:
a=[118, 104, 102, 120, 117, 108, 119, 124, 48, 123, 101, 120]
b=list()
for i in a:
i=i-3
b.append(chr(i))
s=''
for i in b:
s+=i
print(s)
在Token里輸入得到結果security-xbu,得到flag
2.告訴你個秘密
是一個TXT文件,下載好之后,內容如下
16進制轉成字符串
然后base64解碼
鍵盤加密:一組字符在鍵盤上所圈住的字母就是加密內容
連在一起,得到flag(記得大寫)
3.Broadcast
下載之后是一堆文件
用記事本或者編輯器打開task.py(這里我用的是Notepad++),得flag
4.cr3-what-is-this-encryption
看到p,q,e,c,就知道是RSA加密,腳本解密:
import libnum
from Crypto.Util.number import long_to_bytes
c = 0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520
e = int("0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41",16)
q = int("0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9",16)
p = int("0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307",16)
n = q*p
d = libnum.invmod(e, (p - 1) * (q - 1))
m = pow(c, d, n) # m 的十進制形式
string = long_to_bytes(m) # m明文
print(string) # 結果為 b‘ m ’ 的形式
得到flag:ALEXCTF{RS4_I5_E55ENT1AL_T0_D0_BY_H4ND}
5.工業協議分析2
用Wireshark打開,發現大量的UPD包,仔細分析后發現大量的upd包大小都一樣,只有少量的是不同的,一個一個找下去,發現如下包有異常字符
將字符拿出來,ASCII碼解密,得到flag
6.你猜猜
下載打開后,前幾位明顯是zip文件頭
HxD新建文件,將txt里的內容拷貝進去,保存為zip文件
打開之后發現需要密碼,暴力破解得到密碼
輸入密碼,得到flag.txt文件,打開就是flag
7.Safer-than-rot13
記事本打開,得到大量字符串
然后去quipqiup網站上進行解碼
最后把空格換成下划線,大寫字母變成小寫,得到flag
8.shanghai
題目提示:維吉尼亞密碼,
所以直接上網站解密就行了https://guballa.de/vigenere-solver
得到flag
9.OldDriver
打開發現給了10組RSA加密信息
貼腳本
import libnum import gmpy2 dic = [{"c": 7366067574741171461722065133242916080495505913663250330082747465383676893970411476550748394841437418105312353971095003424322679616940371123028982189502042, "e": 10, "n": 25162507052339714421839688873734596177751124036723831003300959761137811490715205742941738406548150240861779301784133652165908227917415483137585388986274803}, {"c": 21962825323300469151795920289886886562790942771546858500842179806566435767103803978885148772139305484319688249368999503784441507383476095946258011317951461, "e": 10, "n": 23976859589904419798320812097681858652325473791891232710431997202897819580634937070900625213218095330766877190212418023297341732808839488308551126409983193}, {"c": 6569689420274066957835983390583585286570087619048110141187700584193792695235405077811544355169290382357149374107076406086154103351897890793598997687053983, "e": 10, "n": 18503782836858540043974558035601654610948915505645219820150251062305120148745545906567548650191832090823482852604346478335353784501076761922605361848703623}, {"c": 4508246168044513518452493882713536390636741541551805821790338973797615971271867248584379813114125478195284692695928668946553625483179633266057122967547052, "e": 10, "n": 23383087478545512218713157932934746110721706819077423418060220083657713428503582801909807142802647367994289775015595100541168367083097506193809451365010723}, {"c": 22966105670291282335588843018244161552764486373117942865966904076191122337435542553276743938817686729554714315494818922753880198945897222422137268427611672, "e": 10, "n": 31775649089861428671057909076144152870796722528112580479442073365053916012507273433028451755436987054722496057749731758475958301164082755003195632005308493}, {"c": 17963313063405045742968136916219838352135561785389534381262979264585397896844470879023686508540355160998533122970239261072020689217153126649390825646712087, "e": 10, "n": 22246342022943432820696190444155665289928378653841172632283227888174495402248633061010615572642126584591103750338919213945646074833823905521643025879053949}, {"c": 1652417534709029450380570653973705320986117679597563873022683140800507482560482948310131540948227797045505390333146191586749269249548168247316404074014639, "e": 10, "n": 25395461142670631268156106136028325744393358436617528677967249347353524924655001151849544022201772500033280822372661344352607434738696051779095736547813043}, {"c": 15585771734488351039456631394040497759568679429510619219766191780807675361741859290490732451112648776648126779759368428205194684721516497026290981786239352, "e": 10, "n": 32056508892744184901289413287728039891303832311548608141088227876326753674154124775132776928481935378184756756785107540781632570295330486738268173167809047}, {"c": 8965123421637694050044216844523379163347478029124815032832813225050732558524239660648746284884140746788823681886010577342254841014594570067467905682359797, "e": 10, "n": 52849766269541827474228189428820648574162539595985395992261649809907435742263020551050064268890333392877173572811691599841253150460219986817964461970736553}, {"c": 13560945756543023008529388108446940847137853038437095244573035888531288577370829065666320069397898394848484847030321018915638381833935580958342719988978247, "e": 10, "n": 30415984800307578932946399987559088968355638354344823359397204419191241802721772499486615661699080998502439901585573950889047918537906687840725005496238621}] n = [] C = [] for i in dic: n.append(i["n"]) C.append(i["c"]) # for i in n:
# for j in n:
# if i == j:
# continue
# else:
# if gmpy2.gcd(i, j) != 1:
# print i, j
N = 1
for i in n: N *= i Ni = [] for i in n: Ni.append(N / i) T = [] for i in xrange(10): T.append(long(gmpy2.invert(Ni[i], n[i]))) X = 0 for i in xrange(10): X += C[i] * Ni[i] * T[i] m10 = X % N m = gmpy2.iroot(m10, 10) print libnum.n2s(m[0])
運行,得flag:flag{wo0_th3_tr4in_i5_leav1ng_g3t_on_it}
10.工控安全取證
拿到文件,改成Wireshark可以識別的文件后綴(.pcapng)
分析流量包發現存在ICMP、TCP、UDP協議的流量包,其中IP地址192.168.0.9向IP地址192.168.0.99發送大量的TCP請求,題目要求分析第四次發起掃描時的數據包,如果一個一個審計TCP的連接請求工作量太大,於是換一個思路,觀察數據包發現,一開始,IP地址192.168.0.9向IP地址192.168.0.99發送了一個ICMP的Ping請求,之后才是大量的TCP請求數據。於是,猜測在每次發送TCP請求,會先進行一次ICMP的Ping請求。於是,在Wireshark中過濾出ICMP的數據包進行分析,然后分析其中ICMP的數據包編號。
最終發現IP為192.168.0.199的ICMP的Ping請求對應的數據包編號155989和155990,嘗試之后發現flag為155989
11.fanfie
(這道題是真的沒想出來,百度一下大佬的Writeup,哇,腦回路是真的新奇= =||)
首先對BITSCTF進行base32加密后得到的是:IJEVIU2DKRDA====
與密文前面幾位進行對應,發現:M解密兩次對應的都是I,不同的字母對應的都是不同的解密字母,那么猜測可能是根據某種規則進行了字母替換。
MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI
IJEVIU2DKRDA====
對字母表進行編碼:
1 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7
2 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
則有:3 → 11;4 → 24;8 → 12……
那么,觀察可得,這是仿射密碼,https://www.cnblogs.com/zishu/p/8650214.html(不懂的可以去這個博客看看,簡單明了)
加密函數:E(x) = (ax + b) (mod m),其中 a與b互質,m是編碼系統中字母的個數(通常都是26)。
解密函數:D(x) = 
(x - b) (mod m),其中 是 a 在
群的乘法逆元。
根據函數求出仿射密碼的a = 13和b = 4,對應表如下:
則密文進行仿射解密得:
MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI → IJEVIU2DKRDHWUZSKZ4VSMTUN5RDEWTNPU
然后對所得字符串進行base32解密得:BITSCTF{S2VyY2tob2Zm}
12.簡單流量分析
用Wireshark打開,發現這個特殊的tcp有一串很長的base64編碼
base64轉圖片,得到flag
13.簡單流量分析
官方腳本
import pyshark import base64 L_flag = [] packets = pyshark.FileCapture('fetus_pcap.pcap') for packet in packets: for pkt in packet: if pkt.layer_name == "icmp": if int(pkt.type) != 0: L_flag.append(int(pkt.data_len)) c = len(L_flag) for i in range(0, c): L_flag[i] = chr(L_flag[i]) print(''.join(L_flag)) print(base64.b64decode(''.join(L_flag)))
運行,得到flag:flag{xx2b8a_6mm64c_fsociety}
暫時先不更新了- -||