WEB:gift_F12
沒啥好說的 直接F12得了
NSSCTF{We1c0me_t0_WLLMCTF_Th1s_1s_th3_G1ft}
RE
簡簡單單的解密
import base64, urllib.parse
def e():
key = "HereIsFlagggg"
flag = "xxxxxxxxxxxxxxxxxxx"
s_box = list(range(256))
j = 0
# 打亂s_box 和flag無關
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
res = []
i = j = 0
for s in flag:
i = i + 1
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
res.append(chr(ord(s) ^ k))
enc = "".join(res)
#原來這里有個b64加密再解密 就等於沒變 所以改了一下
enc = urllib.parse.quote(enc)
print(enc)
def d():
enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA"
enc = urllib.parse.unquote(enc)#倒着往回做唄
key = "HereIsFlagggg"
s_box = list(range(256))
j = 0
r=[]
# 獲得s_box
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
i,j=0,0
for s in enc:
i = i + 1
j = (j + s_box[i]) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
t = (s_box[i] + s_box[j]) % 256
k = s_box[t]
r.append(chr(ord(s)^k))#基本直接復制就行 異或的逆運算就是再異或一次
print("".join(r))
if __name__ == '__main__':
e()
d()
腳本運行得到結果
NSSCTF{REAL_EZ_RC4}
簡簡單單的邏輯
先上腳本
def e():
flag = 'xxxxxxxxxxxxxxxxxx'
list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25]
result = ''
for i in range(len(list)):
key = (list[i] >> 4) + ((list[i] & 0xf) << 4)
a = hex(ord(flag[i]) ^ key)
result += str(a)[2:].zfill(2)
#分析得知 這是16進制補全兩位 所以是一個flag字符對應兩位
print(result)
def d():
list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25]
result = "bcfba4d0038d48bd4b00f82796d393dfec"
nums = []
#截取 轉換 得到原來十進制
for i in range(0,len(result),2):
nums.append("0x" + result[i:i+ 2])
for index in range(len(nums)):
nums[index]=int(nums[index],16)
#直接加密里面復制key的計算 然后再異或一次即可
for i in range(len(list)):
key = (list[i] >> 4) + ((list[i] & 0xf) << 4)
print(chr(nums[i]^key),end="")
if __name__ == '__main__':
# e()
d()
這看腳本就行了
NSSCTF{EZEZ_RERE}
非常簡單的邏輯題
def e():
flag = 'xxxxxxxxxxxxxxxxxxxxx'
s = 'wesyvbniazxchjko1973652048@$+-&*<>'
result = ''
for i in range(len(flag)):
s1 = ord(flag[i]) // 17
s2 = ord(flag[i]) % 17
#就 沒啥好講的 一點點拆開打斷點調試就能看懂計算過程
#還是flag一個字符轉換對應result的兩個字符
a = s[(s1 + i) % 34]
b = s[-(s2 + i + 1) % 34]
result += a + b
print(result)
def d():
result = 'v0b9n1nkajz@j0c4jjo3oi1h1i937b395i5y5e0e$i'
s = 'wesyvbniazxchjko1973652048@$+-&*<>'
#套這么多層循環 主要是我不知道 取余怎么更方便的算回去
for x in range(-5, 5):
for y in range(-5, 5):
r = ""
for j in range(0, len(result), 2):
a = result[j]
b = result[j + 1]
#根據數學知識可得(
s1 = int(s.index(a) + 34 * x - j / 2)
s2 = -1*int(s.index(b) + 34 * y + j / 2 + 1)
#去除沒啥意義的結果
if 32 < s1 * 17 + s2 < 130:
r += chr(s1 * 17 + s2)
else:
break
if len(r)==len('xxxxxxxxxxxxxxxxxxxxx'):
print(r)
if __name__ == '__main__':
# e()
d()
NSSCTF{Fake_RERE_QAQ}
fakerondom
import random
def e():
flag = 'xxxxxxxxxxxxxxxxxxxx'
#別的都不重要 就是這個隨機數種子
#同樣的隨機數種子生成的一定是相同的數字
random.seed(1)
l = []
for i in range(4):
l.append(random.getrandbits(8))
result = []
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
result.append(ord(flag[i * 5 + n]) ^ random.getrandbits(8))
print(result)
def d():
result = [201, 8, 198, 68, 131, 152, 186, 136, 13, 130, 190, 112, 251, 93, 212, 1, 31, 214, 116, 244]
random.seed(1)
ran=[]
t=[]
for x in range(4):
ran.append(random.getrandbits(8))
l=ran[0:4]
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
#異或題最好寫了 基本原樣復制代碼就行
print(chr(result[i * 5 + n]^ random.getrandbits(8)),end="")
if __name__ == '__main__':
e()
d()
NSSCTF{FakeE_random}
fakebase
def e():
flag = 'xxxxxxxxxxxxxxxxxxx'
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
tmp = ''
for i in flag:
x = bin(ord(i))
tmp += str(x)[2:].zfill(8)
b1 = int(tmp, 2)
s = ''
while b1 // 31 != 0:
c = b1 % 31
s += s_box[c]
b1 = b1 // 31
print(b1)
print(s)
def d():
s = "u#k4ggia61egegzjuqz12jhfspfkay"
# s="j3d4h1$6ggrouxktrgky5sxv6bk6i5"#測試
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
l = []
for x in s:
l.append(s_box.index(x))
l=l[::-1]
for n in range(0,31):
for x in l:
n=x+31*n
t=str(bin(n))[2:]
for j in range(0,len(t),8):
#這題最讓我迷惑 我覺得我寫的是對的
#但是拿上面的加密結果再解密出來的ascii值總差一倍
#但最后一個字符的ascii值又是對應的 所以只能除以2看看
#所以就 現在挺迷茫的
print(chr(int(int(t[j:j+8],2)/2)),end="")
print()
if __name__ == '__main__':
# e()
d()
NSSCTF{WHAt_BASe31}
astjs
經過查資料知道 這是把js文件轉換為ast 但是我不知道怎么轉回去
解不出 我太菜了
簡 單 的 邏 輯
我是 san兵
我真看不出
出題人說少給條件了 但可以瓊劇
密碼
帶rsa的都不會 萌新還沒學呢
crypto6
var="************************************"
flag='NSSCTF{' + base64.b16encode(base64.b32encode(base64.b64encode(var.encode()))) + '}'
print(flag)
小明不小心泄露了源碼,輸出結果為:4A5A4C564B36434E4B5241544B5432454E4E32465552324E47424758534D44594C4657564336534D4B5241584F574C4B4B463245365643424F35485649534C584A5A56454B4D4B5049354E47593D3D3D,你能還原出var的正確結果嗎?
會用base64庫就行
import base64
x="4A5A4C564B36434E4B5241544B5432454E4E32465552324E47424758534D44594C4657564336534D4B5241584F574C4B4B463245365643424F35485649534C584A5A56454B4D4B5049354E47593D3D3D"
a=base64.b16decode(x)
a=base64.b32decode(a)
a=base64.b64decode(a)
print(a)
NSSCTF{5e110989-dc43-1bd3-00b4-9009206158fe}
Crypto7
69f7906323b4f7d1e4e972acf4abfbfc
直接md5解密
NSSCTF{md5yyds}
crypto8
介紹pyhton庫:ciphey庫! 人工智能 yyds
直接一把梭
終端執行命令
ciphey -t "73E-30U1&>V-H965S95]I<U]P;W=E<GT`"
這個題用了uuencode
crypto9
題干腳本直接python執行
letter_list = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' # 字母表
# 根據輸入的key生成key列表
def Get_KeyList(key):
key_list = []
for ch in key:
key_list.append(ord(ch.upper()) - 65)
return key_list
# 加密函數
def Encrypt(plaintext, key_list):
ciphertext = ""
i = 0
for ch in plaintext: # 遍歷明文
if 0 == i % len(key_list):
i = 0
if ch.isalpha(): # 明文是否為字母,如果是,則判斷大小寫,分別進行加密
if ch.isupper():
ciphertext += letter_list[(ord(ch) - 65 + key_list[i]) % 26]
i += 1
else:
ciphertext += letter_list[(ord(ch) - 97 + key_list[i]) % 26].lower()
i += 1
else: # 如果密文不為字母,直接添加到密文字符串里
ciphertext += ch
return ciphertext
# 解密函數
def Decrypt(ciphertext, key):
plaintext = ""
i = 0
for ch in ciphertext: # 遍歷密文
if 0 == i % len(key_list):
i = 0
if ch.isalpha(): # 密文為否為字母,如果是,則判斷大小寫,分別進行解密
if ch.isupper():
plaintext += letter_list[(ord(ch) - 65 - key_list[i]) % 26]
i += 1
else:
plaintext += letter_list[(ord(ch) - 97 - key_list[i]) % 26].lower()
i += 1
else: # 如果密文不為字母,直接添加到明文字符串里
plaintext += ch
return plaintext
if __name__ == '__main__':
print("加密請按D,解密請按E:")
user_input = input();
while (user_input != 'D' and user_input != 'E'): # 輸入合法性判斷
print("輸入有誤!請重新輸入:")
user_input = input()
print("請輸入密鑰:")
key = input()
while (False == key.isalpha()): # 輸入合法性判斷
print("輸入有誤!密鑰為字母,請重新輸入:")
key = input()
key_list = Get_KeyList(key)
if user_input == 'D':
# 加密
print("請輸入明文:")
plaintext = input()
ciphertext = Encrypt(plaintext, key_list)
print("密文為:\n%s" % ciphertext)
else:
# 解密
print("請輸入密文:")
ciphertext = input()
plaintext = Decrypt(ciphertext, key_list)
print("明文為:\n%s" % plaintext)
試了試密碼NSS解密成功
Crypto10
當然你可以接着用這個
ciphey -t "AFFPGS{pbatenghyngvbaf!!!}"
NSSCTF{congratulations!!!}
ez_caesar
def caesar(plaintext):
str_list = list(plaintext)
i = 0
while i < len(plaintext):
if not str_list[i].isalpha():
str_list[i] = str_list[i]
else:
a = "A" if str_list[i].isupper() else "a"
str_list[i] = chr((ord(str_list[i]) - ord(a) + 5) % 26 + ord(a) or 5)
i = i + 1
return ''.join(str_list)
if __name__ == '__main__':
small = [chr(i) for i in range(97, 123)]
big = [chr(i) for i in range(65, 91)]
alpha = small + big
dic = {}
for flag in alpha:
str = caesar(flag)
dic[str] = flag
str = "SXXHYK{dtzmfajpstbhfjxfw}"
for x in str:
if x.isalpha():
print(dic[x], end="")
else:
print(x, end="")
分析代碼知道 這是個靜態加密 所以直接先把所有字母對應的密文加到字典里面 然后一一對應
NSSCTF{youhaveknowcaesar}
ez_rsa
為數不多我會寫的rsa了
工具算個d 然后再md5加密即可
d=104550CB8E2144921
pigpig
看名字就知道了 所以不想寫
traditional
題目:
西方的二進制數學的發明者萊布尼茨,從中國的八卦圖當中受到啟發,演繹並推論出了數學矩
陣,
最后創造的二進制數學。二進制數學的誕生為計算機的發明奠定了理論基礎。而計算機現在改
變
了我們整個世界,改變了我們生活,而他的源頭卻是來自於八卦圖。現在,給你一組由八卦圖
方位
組成的密文,你能破解出其中的含義嗎?
震坤艮 震艮震 坤巽坤 坤巽震 震巽兌 震艮震 震離艮 震離艮
格式:NSSCTF{}
我想說 差不多得了(
八卦從內向外看 --代表0 —代表1
inp= "震坤艮 震艮震 坤巽坤 坤巽震 震巽兌 震艮震 震離艮 震離艮"
dic={"震":"100","離":"101","兌":"110","乾":"111","坤":"000","艮":"001","坎":"010","巽":"011"}
results= ""
for result in inp:
if result in dic.keys():
results+= dic[result][::-1]+""
else:
results+= " "
print(results)
results=results.split()
for index in range(0,len(results)):
print(chr(int(results[index], 2)), end="")
寫成二進制 然后轉十進制 然后ascii碼
NSSCTF{Da01sall}
misc
你喜歡osu嗎?
我喜歡 但不至強行安利 真的(
OSU是一個windows的音游 要是想玩這個譜的話 可以去songs文件夾新建一個文件夾 然后把兩個文件扔進去 你就能玩了
復制底下的鋪面信息 對 就那一堆數字
224,224,0,5,0,0000
224,160,500,1,8,0000
224,160,1000,1,8,0000
224,160,1500,1,8,0000
224,160,2000,1,8,0000
224,224,2500,1,0,0000
224,160,3000,5,8,0000
224,160,3500,1,8,0000
224,224,4000,1,0,0000
224,224,4500,1,0,0000
224,160,5000,1,8,0000
224,224,5500,1,0,0000
224,224,6000,5,0,0000
224,224,6500,1,0,0000
224,224,7000,1,0,0000
224,160,7500,1,8,0000
224,224,8000,1,0,0000
224,160,8500,1,8,0000
224,160,9000,5,8,0000
224,160,9500,1,8,0000
224,224,10000,1,0,0000
224,160,10500,1,8,0000
224,224,11000,1,0,0000
224,160,11500,1,8,0000
224,224,12000,5,0,0000
224,160,12500,1,8,0000
224,160,13000,1,8,0000
224,160,13500,1,8,0000
224,224,14000,1,0,0000
224,224,14500,1,0,0000
224,160,15000,5,8,0000
224,160,15500,1,8,0000
224,224,16000,1,0,0000
224,160,16500,1,8,0000
224,160,17000,1,8,0000
224,224,17500,1,0,0000
224,160,18000,5,8,0000
224,160,18500,1,8,0000
224,160,19000,1,8,0000
224,160,19500,1,8,0000
224,224,20000,1,0,0000
224,160,20500,1,8,0000
224,224,21000,5,0,0000
224,160,21500,1,8,0000
224,160,22000,1,8,0000
224,160,22500,1,8,0000
224,160,23000,1,8,0000
224,160,23500,1,8,0000
224,224,24000,5,0,0000
224,160,24500,1,8,0000
224,160,25000,1,8,0000
224,224,25500,1,0,0000
224,224,26000,1,0,0000
224,160,26500,1,8,0000
224,224,27000,5,0,0000
224,160,27500,1,8,0000
224,224,28000,1,0,0000
224,160,28500,1,8,0000
224,160,29000,1,8,0000
224,224,29500,1,0,0000
224,160,30000,5,8,0000
224,224,30500,1,0,0000
224,160,31000,1,8,0000
224,160,31500,1,8,0000
224,224,32000,1,0,0000
224,160,32500,1,8,0000
224,160,33000,5,8,0000
224,224,33500,1,0,0000
224,160,34000,1,8,0000
224,224,34500,1,0,0000
224,224,35000,1,0,0000
224,160,35500,1,8,0000
224,224,36000,5,0,0000
224,160,36500,1,8,0000
224,160,37000,1,8,0000
224,224,37500,1,0,0000
224,160,38000,1,8,0000
224,160,38500,1,8,0000
224,224,39000,5,0,0000
224,224,39500,1,0,0000
224,224,40000,1,0,0000
224,160,40500,1,8,0000
224,224,41000,1,0,0000
224,160,41500,1,8,0000
224,160,42000,5,8,0000
224,160,42500,1,8,0000
224,160,43000,1,8,0000
224,160,43500,1,8,0000
224,224,44000,1,0,0000
224,160,44500,1,8,0000
224,160,45000,5,8,0000
224,160,45500,1,8,0000
224,224,46000,1,0,0000
224,160,46500,1,8,0000
224,224,47000,1,0,0000
224,160,47500,1,8,0000
224,224,48000,5,0,0000
224,160,48500,1,8,0000
224,160,49000,1,8,0000
224,224,49500,1,0,0000
224,160,50000,1,8,0000
224,160,50500,1,8,0000
224,160,51000,5,8,0000
224,160,51500,1,8,0000
224,224,52000,1,0,0000
224,160,52500,1,8,0000
224,160,53000,1,8,0000
224,160,53500,1,8,0000
224,160,54000,5,8,0000
224,224,54500,1,0,0000
224,224,55000,1,0,0000
224,160,55500,1,8,0000
224,224,56000,1,0,0000
224,160,56500,1,8,0000
224,224,57000,5,0,0000
224,160,57500,1,8,0000
224,160,58000,1,8,0000
224,160,58500,1,8,0000
224,160,59000,1,8,0000
224,160,59500,1,8,0000
224,224,60000,5,0,0000
224,160,60500,1,8,0000
224,160,61000,1,8,0000
224,160,61500,1,8,0000
224,224,62000,1,0,0000
224,160,62500,1,8,0000
224,160,63000,5,8,0000
224,160,63500,1,8,0000
224,224,64000,1,0,0000
224,160,64500,1,8,0000
224,160,65000,1,8,0000
224,224,65500,1,0,0000
224,160,66000,5,8,0000
224,160,66500,1,8,0000
224,160,67000,1,8,0000
224,160,67500,1,8,0000
224,224,68000,1,0,0000
224,160,68500,1,8,0000
224,160,69000,5,8,0000
224,224,69500,1,0,0000
224,160,70000,1,8,0000
224,160,70500,1,8,0000
224,160,71000,1,8,0000
224,224,71500,1,0,0000
224,224,72000,5,0,0000
224,160,72500,1,8,0000
224,160,73000,1,8,0000
224,224,73500,1,0,0000
224,160,74000,1,8,0000
224,224,74500,1,0,0000
224,160,75000,5,8,0000
224,160,75500,1,8,0000
224,224,76000,1,0,0000
224,160,76500,1,8,0000
224,224,77000,1,0,0000
224,160,77500,1,8,0000
224,160,78000,5,8,0000
224,160,78500,1,8,0000
224,160,79000,1,8,0000
224,160,79500,1,8,0000
224,224,80000,1,0,0000
224,160,80500,1,8,0000
224,160,81000,5,8,0000
224,224,81500,1,0,0000
224,160,82000,1,8,0000
224,224,82500,1,0,0000
224,224,83000,1,0,0000
224,160,83500,1,8,0000
224,224,84000,5,0,0000
224,160,84500,1,8,0000
224,160,85000,1,8,0000
224,160,85500,1,8,0000
224,160,86000,1,8,0000
224,160,86500,1,8,0000
224,224,87000,5,0,0000
224,160,87500,1,8,0000
224,224,88000,1,0,0000
224,160,88500,1,8,0000
224,224,89000,1,0,0000
224,224,89500,1,0,0000
224,224,90000,5,0,0000
224,160,90500,1,8,0000
224,160,91000,1,8,0000
224,224,91500,1,0,0000
224,224,92000,1,0,0000
224,160,92500,1,8,0000
224,224,93000,5,0,0000
224,160,93500,1,8,0000
224,224,94000,1,0,0000
224,160,94500,1,8,0000
224,224,95000,1,0,0000
224,224,95500,1,0,0000
224,224,96000,5,0,0000
224,160,96500,1,8,0000
224,224,97000,1,0,0000
224,224,97500,1,0,0000
224,224,98000,1,0,0000
224,224,98500,1,0,0000
224,160,99000,5,8,0000
224,160,99500,1,8,0000
224,224,100000,1,0,0000
224,160,100500,1,8,0000
224,224,101000,1,0,0000
224,160,101500,1,8,0000
然后觀察嘛 第二個數字 224轉為0 160轉為1 然后8位轉換一個十進制 當ascii碼用 最后來個翻轉
import re
if __name__ == '__main__':
with open("a.txt", "r")as file:
s = file.read()
s = s.split("\n")
for index in range(0, len(s)):
s[index] = s[index].split(",")[1]
if s[index] == "224":
s[index] = "0"
else:
s[index] = "1"
s="".join(s)
zero_one=re.findall(".{8}",s)
r=[]
for x in zero_one:
r.append(chr(int(x,2)))
print("".join(r[::-1]))
here_is_a_bug
真的 我一定是非預期解
右鍵文件夾 使用殺毒軟件殺毒(
打開得知flag
NSSCTF{oh_you_catch_the_bug}
原來你也玩原神
異世相遇 盡享美味!
file命令知道是個mp3
看了頻譜文件 不是摩斯啥的
用MP3stego解密 密碼留空就行
解密出一個txt文件 看內容有PK
后綴名改為.zip
里面一個txt
NSSCTF{So_you_also_play_Genshin_impact}
Mooooooooooorse
AU打開 你拿別的音頻軟件打開也行 敲個摩斯碼
解密就行了
文件已經忘了 不想再敲了
Bill
看提示應該是個excel表格
后綴改為.xlsx 但是有密碼
說不要被表象迷惑 猜測可能是有隱寫或者偽加密
foremost分離得到壓縮包
后綴名再改xlsx打開文件
然后修改一下excel表格 把所有的都換成中文大寫數字之后 把腳本拿出來
(上次DAS也有算錢的題...那個表格還比這個長
import openpyxl
import re
def trad_to_int(money):
# 轉換字典
trad_dict = {
'零':0,
'壹':1,
'貳':2,
'叄':3,
'肆':4,
'伍':5,
'陸':6,
'柒':7,
'捌':8,
'玖':9,
'拾':10,
'佰':100,
'仟':1000,
'萬':10000,
'億':100000000,
'角':0.1,
'分':0.01
}
trad = re.search(r"[零壹貳叄肆伍陸柒捌玖拾佰仟億角分]+", money)
if trad is not None:
num = 0
add = 0
sum = 0
for i in money:
if i in ['零','壹','貳','叄','肆','伍','陸','柒','捌','玖']:
add = trad_dict[i]
sum = sum + add
elif i in ['拾','佰','仟','億','角','分']:
num = add * trad_dict[i]
sum = sum - add
sum = sum + num
add = num
elif i == '萬' or i == '億':
sum = sum * trad_dict[i]
return float(sum)
else:
return money
def main():
submoneyCN = ["", "拾", "佰", "仟"]
numsCN = {"零": 0, "壹": 1, "貳": 2, "叄": 3, "肆": 4, "伍": 5, "陸": 6, "柒": 7, "捌": 8, "玖": 9}
w = openpyxl.open("00000025.xlsx")
ws = w.active
# 獲取第一列 即單件商品金額
t = ws['A']
t1=[]
for x in range(1,len(t)):
t1.append(trad_to_int(t[x].value))
print(t1)
# 獲取第二列並處理
t = ws['B']
t2=[]
for x in range(1,len(t)):
t2.append(trad_to_int(t[x].value))
print(t2)
r=0
for index in range(0,len(t2)):
r+=float(t1[index])*float(t2[index])
print(r)
if __name__ == '__main__':
main()
跑腳本
NSSCTF{5030782.26}
ZIPBOMB
我也不知道他為啥沒炸 反正我直接解壓了
010中得flag
NSSCTF{Z1p_B00m_d1sp0sal}
gif好像有點大
那確實挺大得 最開始以為是隱寫
看了看gif發現他只是長而已...
拆分gif腳本
from PIL import Image
import os
pic=Image.open("CTF.gif")
try:
i=0
while True:
pic.seek(i)#搜尋文件幀數
pic.save(str(i)+".png")
i+=1
except:
pass
然后有一幀里面有個二維碼 掃描即可