[Writeup] rsaaaa writeup

[复制链接]
查看7404 | 回复0 | 2019-5-23 17:29:11 | 显示全部楼层 |阅读模式
题目名称:“骇极杯”全国大学生网络安全邀请赛 misc-rsaaaa
题目地址:https://www.bugku.com/ctfexercise-competition-183.html


首先要先proof脚本如下
  1. def brute_force(pad, shavalue):
  2. dict = string.letters + string.digits
  3. key = ""
  4. for i1 in dict:
  5.     tmp = key
  6.     key1 = tmp + i1
  7.     for i2 in dict:
  8.         tmp = key1
  9.         key2 = tmp + i2
  10.         for i3 in dict:
  11.             tmp = key2
  12.             key3 = tmp + i3
  13.             for i4 in dict:
  14.                 tmp = key3
  15.                 key4 = tmp + i4
  16.                 final_key = key4
  17.                 if sha512(pad+key4).hexdigest()==shavalue:
  18.                     print key4
  19.                     return key4
  20. key_1 = brute_force('XkJ6v0Svif9H5wWd','6eb77ec24eee0fd5e59290c44acf22e377a3b08e33e0efa2bfd9971dbacf3e8a3bc32eed2fc710ddb26863f01dd82c63224fdc9851d9f9f46a9e6402c68206f5')
  21. print key_1
复制代码
随后要解决这里的问题
epftfgl6r8.jpeg

发现根本不需要求解他的d和n
直接d=1,n=c-m就好
直接进入下一关
这里需要做一个数学运算先算cc = pow(2, e, n),然后算ccc = c*cc%n,然后把ccc发过去让服务器解密,拿到明文后除以2
得到的就是MM
post后直接进行aes解密,拿到flag
整个交互过程如下
  1. sha512(XkJ6v0Svif9H5wWd+XXXX) == 6eb77ec24eee0fd5e59290c44acf22e377a3b08e33e0efa2bfd9971dbacf3e8a3bc32eed2fc710ddb26863f01dd82c63224fdc9851d9f9f46a9e6402c68206f5

  2. Tell me XXXX:
  3. ZTmx
  4. OK, you proof.
  5. Give you a message:0x6f57434e74344a6a4831485177694169
  6. and its ciphertext:0xaef0ac66619ad00415bdf53f3232fffb1e19be5ae92b187f98544187f4021d9192b731f3bdedcf024310e918b6dcf052c6c13bca7587650806bcabcba0943ada57abfe8ec6aed1749ebf35d6c1716fd40c5fed105f1604caed170421b2e12efcb174b38bf2427331e2a22bdd4731c004c4d714a3a593b2cd0fd0031968526a4420ff2adfc0b752ddf9c2381e8cfd98f0471e820ee5ee8b83955730bc1087b12151ce0c65b4a90b84555c12db8053429ee6c40e7977b087829bec0e7dc42632d9c16a162500893ac635e3b6c4e1d3e34f069cbdc8183c19a28e400751ae1c9168d0689c0162ce59852170394eb881ab99130a4837422e5081143a2b62a3bc76d8
  7. Please give me the private key to decrypt cipher
  8. n:
  9. 22084145559267142542278247205711206806769035096867203562084376236135074979071593494695165415304475011906014512427242327757399235206725659075262541485105057336477881466546208394134375073948200202231086452529564372313656850419369453050936175671378881331075871605986332054320133956210417108252203550155296981956383715305509205993100035845876676100308496728282263311014876821564144113735314621093460404122348973685951350134860330087006324081818356485787747916004167088733576488568724106608053548411305492271813170870510029120401564662767509523812680234467117029176109380429489145638460342248988331319677739729495421826415
  10. d:
  11. 1
  12. Oh, how you know the private key!
  13. n=0xac53a7e7f4a8ddb0d52b6df045527551d541a40365116ae66e9d8709442ffcfd786a8df7d203e117a709553d510edece5ae72c8e6f9a9552b4be987e6f2021f2a339930cdb221a8d484ea09df63c2a55f582b3c9ade2912c9650786e9f5c82973e2baea122cb895d06fa174a106d4660740f0c204666dc69168e330b2c41a78633bf24d48d023a6c0bdfa2f3761c4f38d081b5bf8c9ffd11abbe4d5be6e63f064125b3ead319c09242f5366124a0bfc8f73ba11a067a7904fec9c5497b3f376382427e3e60e95ae747cce634d721009cd13350b1cf2383c6880c05ff8ec7824339ea438ea800b5d15ec05fd0df7e53c569e1951560a75eb289f3afdf19beded1
  14. e=0xcf90945cb5ed1485
  15. c=0x9a9c94ec0094c5e3c1e1b6c2b534b637726cba2e8b0da0a2ba3f12cb98a225206755f13a7ae3e459489e253a6b4719645d741a48d3b47184a2bc8cc6be73b4040443821dc7796754cf5f40c3d9845f15f23486d50d06fdbcde6c017599703ac9ec6015ae61b67379f48272f4f84491506bc3e56eaf124c9b14584330657a26b4cc009c489441cafc3ed5555ff2f5806a5b56eb0d312dfea2ad985e37b5a3917f7930b492331bc1e12f71949ae7d76c53a44c5d9f7d25e8856aafd69f3b6bcfb44e5cf2fa9c09aa35bf4b6566c89f174d0c68abd8970aa41e1fe441c4b38c705979e33d5c9a2abf15560477c31b6346fcfc723289b9751f893fb7a8dac47de3f0

  16. Now, you have a chance to decrypt something(but no c):
  17. 10861852131164322077412797986625616181717063053353581369663738748831496772954289381470035381197611133580693273961257855424019526480196780126545278666064266535981465755567420264745935227134754534350002537986969850551526328493939419096511440892423045037104987011041181269866090307965509267257918136812218547637066029308872688916113197541758600923169257485066711422003515732668822443487279464330075761022284709750952016470762309134261713817800958762289127439071427678699871872454105477099012449462911427691966935866152040055058801656487819090362844926572779942769475645537130146301058513228439997764047914117721832371520
  18. message:0xce6adae4ac9ec86c8ee264a28ae2a46e
  19. Give me right message:
  20. 137187895140717694653920589162394767927
  21. Master in math!
  22. Here is your flag:0x4af4a66ee3ff9bb620e20db7e0f3489bbf4bb358ad8d39a4a446ff4338570a241ec06f2d3703c7cfc1a1c6c0fce789e0
复制代码
exp如下
  1. #!/usr/bin/python
  2. import random
  3. import string
  4. from hashlib import sha512
  5. from Crypto.Util.number import *
  6. from Crypto.Cipher import AES

  7. '''
  8. def brute_force(pad, shavalue):
  9.     dict = string.letters + string.digits
  10.     key = ""
  11.     for i1 in dict:
  12.         tmp = key
  13.         key1 = tmp + i1
  14.         for i2 in dict:
  15.             tmp = key1
  16.             key2 = tmp + i2
  17.             for i3 in dict:
  18.                 tmp = key2
  19.                 key3 = tmp + i3
  20.                 for i4 in dict:
  21.                     tmp = key3
  22.                     key4 = tmp + i4
  23.                     final_key = key4
  24.                     if sha512(pad+key4).hexdigest()==shavalue:
  25.                         print key4
  26.                         return key4
  27. key_1 = brute_force('XkJ6v0Svif9H5wWd','6eb77ec24eee0fd5e59290c44acf22e377a3b08e33e0efa2bfd9971dbacf3e8a3bc32eed2fc710ddb26863f01dd82c63224fdc9851d9f9f46a9e6402c68206f5')
  28. print key_1


  29. m = 0x6f57434e74344a6a4831485177694169
  30. c = 0xaef0ac66619ad00415bdf53f3232fffb1e19be5ae92b187f98544187f4021d9192b731f3bdedcf024310e918b6dcf052c6c13bca7587650806bcabcba0943ada57abfe8ec6aed1749ebf35d6c1716fd40c5fed105f1604caed170421b2e12efcb174b38bf2427331e2a22bdd4731c004c4d714a3a593b2cd0fd0031968526a4420ff2adfc0b752ddf9c2381e8cfd98f0471e820ee5ee8b83955730bc1087b12151ce0c65b4a90b84555c12db8053429ee6c40e7977b087829bec0e7dc42632d9c16a162500893ac635e3b6c4e1d3e34f069cbdc8183c19a28e400751ae1c9168d0689c0162ce59852170394eb881ab99130a4837422e5081143a2b62a3bc76d8

  31. print c-m





  32. n=0xac53a7e7f4a8ddb0d52b6df045527551d541a40365116ae66e9d8709442ffcfd786a8df7d203e117a709553d510edece5ae72c8e6f9a9552b4be987e6f2021f2a339930cdb221a8d484ea09df63c2a55f582b3c9ade2912c9650786e9f5c82973e2baea122cb895d06fa174a106d4660740f0c204666dc69168e330b2c41a78633bf24d48d023a6c0bdfa2f3761c4f38d081b5bf8c9ffd11abbe4d5be6e63f064125b3ead319c09242f5366124a0bfc8f73ba11a067a7904fec9c5497b3f376382427e3e60e95ae747cce634d721009cd13350b1cf2383c6880c05ff8ec7824339ea438ea800b5d15ec05fd0df7e53c569e1951560a75eb289f3afdf19beded1
  33. e=0xcf90945cb5ed1485
  34. c=0x9a9c94ec0094c5e3c1e1b6c2b534b637726cba2e8b0da0a2ba3f12cb98a225206755f13a7ae3e459489e253a6b4719645d741a48d3b47184a2bc8cc6be73b4040443821dc7796754cf5f40c3d9845f15f23486d50d06fdbcde6c017599703ac9ec6015ae61b67379f48272f4f84491506bc3e56eaf124c9b14584330657a26b4cc009c489441cafc3ed5555ff2f5806a5b56eb0d312dfea2ad985e37b5a3917f7930b492331bc1e12f71949ae7d76c53a44c5d9f7d25e8856aafd69f3b6bcfb44e5cf2fa9c09aa35bf4b6566c89f174d0c68abd8970aa41e1fe441c4b38c705979e33d5c9a2abf15560477c31b6346fcfc723289b9751f893fb7a8dac47de3f0

  35. cc = pow(2,e,n)
  36. ccc = c*cc%n
  37. print ccc

  38. m = 0xce6adae4ac9ec86c8ee264a28ae2a46e

  39. print m/2

  40. '''
  41. enc_flag = '4af4a66ee3ff9bb620e20db7e0f3489bbf4bb358ad8d39a4a446ff4338570a241ec06f2d3703c7cfc1a1c6c0fce789e0'
  42. enc_flag = enc_flag.decode('hex')
  43. msg1 = '6f57434e74344a6a4831485177694169'.decode('hex')
  44. msg2 = '67356d72564f64364771325145715237'.decode('hex')
  45. cipher = AES.new(msg2, AES.MODE_CBC, msg1)
  46. dec = cipher.decrypt(enc_flag)

  47. print dec
复制代码


回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

5

主题

6

帖子

87

积分

版主

Rank: 7Rank: 7Rank: 7

积分
87