稍微有点阴间,但是血加成还是舒服
比如misc 500分的那个最后的部分、还有每道题的提交格式,嗐。

EasyWeb

第一个问问的是$fir == md5($fir)
弱比较,会把字符串类型转化成相同的,再进行比较。
绕过只需要找一个0e开头的并且md5之后也是0e开头,而且0e后面是纯数字的。公网电脑一搜即可(当然自己写脚本也不是不行

payload:10.1.117.1:20000/?fir=0e215962017

回显得到TheFlagFi1e.php,访问之后发现叫输入password,查看源码说“md5加密,很安全”
依旧搜了之后发现,“ffifdyop”这个字符串,md5之后是276f722736c95d99e921722cf9ed621c,转字符串即’or’66�]��!r,��b(‘or’6乱码)
select * from admin where password=’'or 1 实现sql注入
传入ffifdyop,得到flag

flag{74f3002433d36d6465fddecd52af9422}

Simplecomputer

密码学的两道都是MT19937随机数,很有幸我做过有关线代密码的稍微了解一点的就是MT19937,因为ISCC和GKCTF。(主要是ISCC嫖了一份striving的脚本)
题目:

# using python 3.8.8
# This is a simple computer with over 2**100 GB Memoryfrom hashlib import md5
from secret import flag
import randomsimple_list1 = [i for i in range(2 ** 32)]
simple_list2 = [i for i in range(2 ** 64)]
simple_list3 = [i for i in range(2 ** 128)]choices = []
for i in range(100):choices.append(random.choice(simple_list1))choices.append(random.choice(simple_list2))choices.append(random.choice(simple_list3))print(choices[:-1])assert flag.startswith("DASFLAG{") and flag.endswith("}")
assert flag[8:-1] == md5(str(choices[-1]).encode()).hexdigest()

这道题,还好比赛前一天我把我博客全部都给保存下来了。https://blog.csdn.net/qq_42880719/article/details/118251849

依旧是MT19937随机数预测,但是这个题是32bits,64bits,128bits循环,相当于每组可以提交7次,一共预测624次,正好是89组+32bits。而这道题一共给了100组,所以思路是用前面89组+第90组的32bits预测随机数,然后再输出之后的随机数,就能找到第100组输出的128bits的那个数

import random
from hashlib import md5
import randcrackmask1=(1<<32)-1
mask2=(1<<64)-1
mask3=(1<<96)-1
rc=randcrack.RandCrack()
f = [95930399, 630811384192147677, 22862956546801916146249195902732184111, 4099257856, 2718983114440162754, 112977816959911448651187534007460155465, 1249371009, 8559516268278111923, 60111035663109648856650373006790028956, 319240083, 14560442381002068496, 128327428306490893846907050146390382511, 2770935087, 6122104916341184739, 131547441587682514710566757387297968912, 4179647084, 11984714834927466417, 1210759748505925081550369940047241904, 2898524587, 11069835926441745770, 99455744688744193582656472815689921470, 2730096881, 15054533924441295573, 144985445173202171411057575105147291456, 1806982352, 3797130347584773539, 204933079151506125541129775638434889208, 371325980, 2153993678800145719, 247878403659939359037598437909994197561, 2815863803, 15130911785995325101, 17955494106427799992215565864521676667, 130093703, 5322659125216836331, 186940250941644796242567551393862023174, 1046949150, 15763669661833016083, 259062557762901143943756963704122372705, 302062580, 7237494714606284949, 165465562428047650015569274915841896510, 2130675496, 8233850056608440864, 212969881913853084045502061340629641381, 1951820453, 13924898201019445140, 181104775261798062298271222324820328499, 2213422363, 5410373756279204425, 192092004591272770270432240857758419914, 2694040588, 15662161791352619736, 92303375603704514404332097019434252020, 3614058180, 846446395182720823, 155093316739288678623208023793622306975, 174983408, 9886261686632573484, 89308189762846095042418155129938495410, 2708353173, 9717016511726786943, 246545363268335466360169797528133329029, 3097264988, 4408052026651860451, 167502346806895071126138315560769602788, 2149769262, 8554456609791485714, 30302289886101288586812191447647001078, 79066507, 1559096331585360007, 297665581615453365950543513622956753026, 108225713, 9379535704837166429, 171711510001720001884446296608170885632, 150296361, 17431778100273675863, 77833884740703931704642431073568904852, 4008422647, 3468955214990968020, 221975289950429882007918898647169241737, 1565206353, 15759515087971712020, 1058977698524730546555543818531014275, 2727941728, 273621514300848893, 12255868124650289944438093018174231140, 2393083602, 5114212674398355049, 88608217340157884502868209375014470981, 1427054885, 5447916625104853307, 12294058127071138724577454274533868228, 1668499829, 16899242350054181148, 116142527294590517640438891869029401513, 1635219902, 9454748230190678509, 248077140706550980379041246809348934960, 1003956149, 10887903294798325711, 68683943365603770540408398010168423446, 1793637154, 10393186731816805839, 277065074290842703696984993204621414086, 3142776153, 11091998712538527708, 68880494960830126876952478946163740211, 2205417257, 12256720523080140000, 235796800923787714176302861552833040419, 3449826188, 4921625852304337389, 317639050123995784198985254800017950824, 590972465, 12223438278873623805, 257438908573736139168093089870735173432, 3791533953, 4618394124547595, 131014693991416233849146055439995924332, 1749175237, 10928998994830777074, 18385966159117647169753617474844057740, 2091688148, 17975357494845024328, 33234679624454945269443907193421284204, 1845914825, 410345794930215572, 195605765211848736234024067810604573838, 2247301104, 16695289131440312322, 300008480969595674884459144804069050935, 3737160140, 10275409907171269574, 237987870489682421561621527430470614545, 1561502426, 5700436337175381840, 121612504753369937912905160374634999096, 4184791743, 2634038584210570734, 212979540995676246188329597724213884277, 857564672, 5300004390621653734, 15211108884755331267414304071879916714, 2893487415, 13569910723041761482, 172656801397820802300731957404031744287, 1380746832, 5999977114785162343, 33852156658906348753742354346552975474, 3985411583, 16523654311594391115, 300520971540280588872675680288604495560, 415019702, 2380570526619252922, 9805992573889106690406867082601585521, 697504570, 14690295575116204434, 105409450853805433544834546684018363669, 2722489666, 14638341434000291348, 127623354841168495658506873716264048604, 890244929, 325645790902703655, 131534228171892681124371513773124179887, 2091893431, 17651886966295669692, 276606830961502792889108072057489491897, 3409775821, 1094357859899322287, 273239796524721681097306281752805583730, 726170651, 5017112475039106326, 248509477189870514593193210321950593787, 91712143, 12854466095607364371, 255092451130878688370208689956209514491, 1662785927, 15334764541212234191, 168421660098534979247608876342208719584, 3371784516, 14874200732125652788, 30659801771152056283740071485592896081, 1051408721, 18096388154039883583, 227162954777208763199705110779695830238, 2093838830, 12383912682161821471, 41180491341398182154615435329925045830, 3652039163, 14480955186509154704, 221766901492732021136222930336014947003, 1426673851, 13016770798161081150, 204125322318454582568868470348355324043, 224886893, 7822688215626373258, 50751124225338354219699320501075592077, 3545480652, 843096376421111953, 111094989551688468348093926217079885455, 2430296166, 1179593445975215678, 194097832042190422911221319403515725536, 1763252073, 17793051623583978608, 314809336831089296978787514680998593648, 251738079, 14315450639436659105, 69873405911877166548859054094613840224, 386495058, 10373755624731454497, 59510400513715783563673181241385415323, 2755087941, 4150992642530583790, 182177323350031718899380340006361970951, 257490160, 17691467337931556617, 49661063070622109241236813649851223773, 1226929493, 15836107907323447391, 25677480067201140888733208646566773513, 1679588563, 7172910993248225988, 80609121320733492619104188788047175476, 318293790, 7410149122319794445, 109791054962741723765498089997564023334, 1298963718, 11157435017446179451, 261124920338114579348234113629984983277, 230121794, 8242037484257542412, 252416846152546402223499930445901323747, 244877646, 1351119457131492155, 47930307890646593116063357549162380614, 4274042750, 14673612141331936098, 199378645254453572299332656606046662164, 2623853167, 4295407059377222132, 244431808361890969795849847628756548152, 1384622204, 11035088643288654183, 306508993161299607692736194762896752222, 2477197949, 3638314922156926485, 247266823514296041897697725947236888775, 3674903044, 2314124878779523292, 28681967804109801451115536588127365420, 244301384, 6242461677125671685, 170885077869948457411361822183835477795, 3098948208, 7341461474453929527, 313936660214353125192074885539414395107, 1872429873, 2282364658439944001, 37724396452519246388298023035047595321, 1866492296, 3474170053964652049, 226769169652033230696526521938989716020, 3501809002, 16134023969071856553, 284897520019875753705580217712893913519, 191155103, 12448487655608476174, 304500319351869596320458220157511621925, 82928820, 14260264076955600821, 26950006400816194367959288633650775212, 934464506, 12801350881599410110, 29318050884839521195036767708262930548, 2592592527, 16418204164862222748, 122618341062075052806764217634034965405, 1743634862, 746505541554455068, 325336444065514886378101723238007000317, 1729286141, 7988616072210161842, 319589732627675554033176532660941178132, 1166940113, 12574203370019159163, 140791481455954996741967337231464730734, 4240631002, 15168623864630995332, 154528956368200267345950537884432753335, 1910686780, 16404335587369416198, 114879036493204646190581392436547259559, 1037511556, 6053628212642486615, 135598678961254921686005320000274544459, 3591540494, 8994518600523820369]
rr = 0
i = 0
while rr<624:r = int(f[i])rc.submit(r&mask1)i+=1rr+=1r = int(f[i])rc.submit((r&mask1))rr += 1rc.submit((r&mask2)>>32)i+=1rr += 1r = int(f[i])rc.submit((r&mask1))rr += 1rc.submit((r&mask2)>>32)rr += 1rc.submit((r&mask3)>>64)rr += 1rc.submit(r>>96)rr += 1i+=1for _ in range(11):r=rc.predict_randrange(0,2**64-1)print(r)r=rc.predict_randrange(0,2**128-1)print(r)r=rc.predict_randrange(0,2**32-1)print(r)print('DASFLAG{'+md5(b'16317540724729659494409803211180539173').hexdigest()+'}')
print(md5(b'16317540724729659494409803211180539173').hexdigest())

flag即第二个print

0bad2614132eedd104cd485aaebb5664

Random4

题目:

import random
from gmpy2 import *
from Crypto.Util.number import *
FLAG = b'xxx'
f = open('output.txt', 'w+')
seed = random.getrandbits(32)
def _int32(x):return int(0xFFFFFFFF & x)
class MT19937:def __init__(self, seed):self.mt = [0] * 624self.mt[0] = seedself.mti = 0for i in range(1, 624):self.mt[i] = _int32(1812433253 * (self.mt[i - 1] ^ self.mt[i - 1] >> 30) + i)def extract_number(self):if self.mti == 0:self.twist()y = self.mt[self.mti]y = y ^ y >> 11y = y ^ y << 7 & 2636928640y = y ^ y << 15 & 4022730752y = y ^ y >> 18self.mti = (self.mti + 1) % 624return _int32(y)def twist(self):for i in range(0, 624):y = _int32((self.mt[i] & 0x80000000) + (self.mt[(i + 1) % 624] & 0x7fffffff))self.mt[i] = (y >> 1) ^ self.mt[(i + 397) % 624]if y % 2 != 0:self.mt[i] = self.mt[i] ^ 0x9908b0dfdef getrandbits(self, bits):if bits == 32:return self.extract_number()elif bits < 32:return self.extract_number() >> (32-bits)elif bits > 32:res = 0for i in range(bits//32):res |= self.extract_number()<<(32*i)return resmt = MT19937(seed)print(mt.mt[random.getrandbits(32)%624], file=f)
r = lambda x: bytes([mt.getrandbits(8)])
P = getPrime(1024, randfunc=r)
Q = getPrime(1024, randfunc=r)
N = P*Qassert gcd(seed, (P-1)*(Q-1)) == 1print(powmod(bytes_to_long(FLAG), seed, N), file=f)

公网直接访问zbc53.top,根据striving这篇文章http://zbc53.top/archives/72/,找到MT19937的逆法,对比了一下,发现只需要逆init函数,找到seed,然后找到gcd之后等于1的,再看里面是否有flag内容就彳亍了。
脚本如下

from gmpy2 import invert
import gmpy2
from gmpy2 import *
import binascii
from Crypto.Util.number import *
from tqdm import tqdm
class MT19937:def __init__(self, seed):self.mt = [0] * 624self.mt[0] = seedself.mti = 0for i in range(1, 624):self.mt[i] = _int32(1812433253 * (self.mt[i - 1] ^ self.mt[i - 1] >> 30) + i)def extract_number(self):if self.mti == 0:self.twist()y = self.mt[self.mti]y = y ^ y >> 11y = y ^ y << 7 & 2636928640y = y ^ y << 15 & 4022730752y = y ^ y >> 18self.mti = (self.mti + 1) % 624return _int32(y)def twist(self):for i in range(0, 624):y = _int32((self.mt[i] & 0x80000000) + (self.mt[(i + 1) % 624] & 0x7fffffff))self.mt[i] = (y >> 1) ^ self.mt[(i + 397) % 624]if y % 2 != 0:self.mt[i] = self.mt[i] ^ 0x9908b0dfdef getrandbits(self, bits):if bits == 32:return self.extract_number()elif bits < 32:return self.extract_number() >> (32 - bits)elif bits > 32:res = 0for i in range(bits // 32):res |= self.extract_number() << (32 * i)return resdef _int32(x):return int(0xFFFFFFFF&x)def init(i,_mt):mt = [_mt]for j in range(i+1,624):mt.append(_int32(1812433253 * (mt[-1] ^ mt[-1] >> 30) + j))return mt[-1]def invert_right(res,shift):tmp = resbits = len(bin(res)[2:])for i in range(bits//shift):res = tmp^res >>shiftreturn _int32(res)def recover(last):n = 1<<32inv = invert(1812433253,n)for i in range(623,0,-1):last = ((last-i)*inv)%nlast = invert_right(last,30)return last_mt = 100176385
c = 7571652196092766090223186968087558579037842139444888198021178964714588918428192595419143310313602496376488070138966767698261219731901971329723666329289397709402485330671760821506879601328248124891987994732350640380957162534279887373825208046643057935110477288495767347874339752278312527376341171653341964866349488414265994501516173772247656668142437751412445921317071812554970172805235171477540302822784811317482339840833526886233494604510217374103068830159144334783219206523515296840693029930189771716952924259839709886180622612198146166363697344348786494017103284853009286490109212269809358401224990541417167758429for i in tqdm(range(1,624)):l_mt = init(i,_mt)seed=recover(l_mt)mt = MT19937(seed)r = lambda x: bytes([mt.getrandbits(8)])P = getPrime(1024, randfunc=r)Q = getPrime(1024, randfunc=r)N = P * Qif(gcd(seed, (P-1)*(Q-1)) ==1 ):L = (P-1)*(Q-1)d=invert(seed,L)m=pow(c,d,N)flag=long_to_bytes(m)if((b'DASCTF' in flag) or (b'flag' in flag) or (b'FLAG' in flag) or(b'dasctf' in flag)):print(flag)print(i)

上面import的库就不用问了,有几个可以删,懒得去试,反正跑出来就没管了

49%|████▊ | 303/623 [06:01<07:20, 1.38s/it]b’DASCTF{cbf5c7ec67b7083293f70f898162e3b6}’
flag:cbf5c7ec67b7083293f70f898162e3b6

Schoolboy

安卓re,但是题目要求很简单,只需要把密文base64解码,再s[i]^i即可
jadx-gui-1.2.0打开,找到核心函数

import base64
s = base64.b64decode('REBRQFBDfWY5MDgzOj9vbiNzdCcicXBxeiwteS0vfHtDQhZAFRwfWggJCgsMDQ4P')
for i in range(len(s)):print(chr(s[i]^i),end='')

DASCTF{a192862aa3bf46dffb57b12bdcc4c199}

暴力一点

这题出着属实没多大意义
因为忘了hashcat和john的那个指令,就正好有软件,就用软件爆了
直接Accent OFFICE Password Recovery爆破,然后因为我没授权,只能知道密码是23**,然后通过手动二分法爆破,得到密码范围

手动测试得到密码2345
然后打开文档,flag在图片后面

flag{9c2965fa13be342b8e70a50410bc76bd}

blasting的附件

软件题,同[INSHack2018](not) so deep
John.wav看频谱得到第一段

然后2.png观察高度,发现和1.png相同,于是宽度也改成和1.png相同,得到两张类似的图,直接盲水印

提示是Deepsound
然后用deepsound2john.py,跑出join

python3 deepsound2john.py john.wav
john.wav:$dynamic_1529$7242ef6f559962f7e928afc8be404f611557e267

然后直接join这个

得到密码!@#$%^&*
然后DeepSound2.0,工具一梭,得到flag.txt
内容radio}
合起来flag{iheatradio},md5一下中间的即可
好像是下面那个

725456a7196c09b559ccd441738b0cae

(阴间玩意,我一直以为要加上deepsound

签到:
题忘了,反正就base16+base32+base64
然后有一血加成美滋滋,就看谁做的快

Alice

这题是真的阴间,本来风雨无阻,突然来个阴间东西。后面再说
首先是一个raw,内存文件

volatility -f Alien.raw imageinfo

是一个XP的镜像

volatility -f Alien.raw --profile=WinXPSP2x86 pslist


这再敏感不过了
cmd直接看cmdscan或者consoles
notepad直接看notepad和editbox
WinRAR直接filescan的时候grep zip、7z、rar即可

发现在桌面,有一个secret.7z
还有一个基本操作,扫描桌面/Desktop,这题是桌面

发现还有个Fakeflag.txt,那么就将7z和fakeflag都导出

volatility -f Alien.raw --profile=WinXPSP2x86 dumpfiles -Q 0x000000000221e540 -D ./
volatility -f Alien.raw --profile=WinXPSP2x86 dumpfiles -Q 0x0000000002245f40 -D ./

其中,打开fakeflag,得到的是这个东西:

												


											

2021年四川省大学生信息安全技术大赛部分WP (四川省赛WP)相关推荐
	

    
								
  1. 永信至诚蓝莲花绽放2016“启明星辰杯”四川大学生信息安全技术大赛
		
    7月19--20日,2016年"启明星辰杯"四川省大学生信息安全技术大赛在成都信息工程大学正式落幕.本次大赛由北京永信至诚科技股份有限公司的e春秋网络安全竞赛系统全面提供技术平台支 ...
    
		
    2. 
						
  2. 2014全国计算机大赛,2014年全国大学生信息安全技术大赛举行
		
    27日,2014年全国大学生信息安全技术大赛暨四川省大学生信息安全技术大赛在成都信息工程学院举行,来自国内40所高校的80多支队伍240名学生参加了本次决赛角逐. 据介绍,举办信息安全技术大赛旨在促进 ...
    
		
    3. 
						
  3. 第二届360杯全国大学生信息安全技术大赛部分解题思路(逆向分析)
		
    /* 逆向分析第一题解题攻略: 已限定为用户名为:strawberry 分析该程序算法,得出该用户名所对应的Key 正确答案:K$q*a_+@Xt 逆向分析第二题解题攻略: 已在压缩包中给定了一个用R ...
    
		
    4. 
						
  4. 第二届360杯全国大学生信息安全技术大赛部分解题思路(加密解密题)
		
    第二届360杯全国大学生信息安全技术大赛比赛的题目如下: 加密解密第一题: 源码如下: <div class="container"><div class=&qu ...
    
		
    5. 
						
  5. 2021年全国大学生电子设计大赛(一)赛题解析与预测
		
    2021年全国大学生电子设计大赛赛题解析与预测 参考链接 往年赛题解析: 2015年无人机赛题: (2015)基本目标: (2015)发挥目标: (2015)赛题分解: 2017年赛题分析: (201 ...
    
		
    6. 
						
  6. 【大学生项目与竞赛】2021年全国大学生电子设计大赛 (二)模块储备
		
    2021年全国大学生电子设计大赛 (二)赛题解析与预测 储备: 硬件储备: 飞控主板: 机架 动力套件: 电池: 电池充电器 光流传感器 OPENMV: 超声波传感器: 软件储备(飞控): 天穹飞控: ...
    
		
    7. 
						
  7. 玲珑杯计算机大赛得奖作品,2021中国大学生计算机设计大赛“玲珑杯”河南省级赛在我校举行...
		
    5月22日至23日,由中国大学生计算机设计大赛河南省级赛组委会主办.我校信息科学与工程学院承办的2021中国大学生计算机设计大赛"玲珑杯"河南省级赛在我校莲花街校区成功举办.来自全 ...
    
		
    8. 
						
  8. 四川工程职业技术学院计算机专业,四川工程职业技术学院学生在四川省大学生计算机作品大赛获佳绩...
		
    原标题:四川工程职业技术学院学生在四川省大学生计算机作品大赛获佳绩 2019年5月25日,由四川省计算机学会主办.成都大学承办的四川省大学生计算机作品大赛在成都大学进行展示和决赛,四川工程职业技术学院 ...
    
		
    9. 
						
  9. 2021年全国大学生电子设计大赛每一个注意问题11.05
		
    2021年全国大学生电子设计大赛注意问题11.05 A,信号失真度测量装置 B,三相AC-DC变换电路 C 三端口DC-DC变换器 D,基于互联网的摄像测量系统 E 数字-模拟信号混合传输收发机 F  ...
    
		
    10. 
		


					

最新文章
	

    
						
  1. 【UIKit】解决iOS7状态栏问题
		
    2. 
						
  2. 广州.NET 俱乐部第三次聚会成功举办。
		
    3. 
						
  3. 怎样在android平台上使用第三方jar包
		
    4. 
						
  4. Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
		
    5. 
						
  5. 【java】java ReentrantLock 源码详解
		
    6. 
						
  6. 制定2015年的移动开发策略
		
    7. 
						
  7. restframework之节流
		
    8. 
						
  8. 软件测试用mac还是windows,Boot Camp还是虚拟机?Mac+Win实测
		
    9. 
						
  9. 【最大流】 HDU 3572 Task Schedule
		
    10. 
						
  10. Linux运维之路怎么走?
		
    11. 
						
  11. 当甲骨文思维遇上谷歌精神,谷歌云将走向何方?
		
    12. 
						
  12. GitHub 近两万 Star,无需编码,可一键生成前后端代码,开源项目
		
    13. 
						
  13. [Jenkins] docker-slim 容器瘦身的使用
		
    14. 
						
  14. Java中输入一个十进制数,如何转换为二进制数
		
    15. 
						
  15. 豆豉烘干技巧有哪些,只用下列步骤烘干就行了
		
    16. 
						
  16. sync.Once化作一道光让我顿悟
		
    17. 
						
  17. Oracle通过定时任务+dblink+存储过程传数据到中间库
		
    18. 
						
  18. 交换机依靠什么进行数据转发?
		
    19. 
						
  19. python强势来袭-35-邮件那点事儿~发送邮件
		
    20. 
						
  20. 中信证券600030
		
    21. 
		

	


热门文章
	

    
									
  1. Legacy autograd function with non-static forward method is deprecated
			
    2. 
						
  2. 目标检测经典论文——Fast R-CNN论文翻译(中英文对照版):Fast R-CNN(Ross Girshick, Microsoft Research(微软研究院))
			
    3. 
						
  3. 百度网盘直接下载文件方法
			
    4. 
						
  4. vue+element  动态加载数据,checkbox实现全选,不全选
			
    5. 
						
  5. 美容店多店会员管理系统
			
    6. 
						
  6. K8S太火了!花10分钟玩转它不香么,面试必备知识点
			
    7. 
						
  7. 复旦经管院李若山教授故事摘要
			
    8. 
						
  8. SWT已经日薄西山(转载)
			
    9. 
						
  9. java操作txt文本(一):遇到指定字符换行
			
    10. 
						
  10. 10 张令人泪牛满面的程序员趣图
			
    11.