Pwn

babyjsk

解压后在众多文件夹中的找到 server.py 。内容如下:

import sys
import tempfile
import os

# Python2中input()函数漏洞
size = int(input())
assert(size < 1024*1024) #1MB max
script = sys.stdin.read(size) # reads one byte at a time, similar to getchar()

temp = tempfile.mktemp()
with open(temp, "w") as f:
    f.write(script)

# os.environ['LD_PRELOAD'] = "./libJavaScriptCore.so.1"
cmd = "LD_PRELOAD=/home/ctf/libJavaScriptCore.so.1 /home/ctf/jsc " + temp
os.system(cmd)
Python2中input()函数漏洞笔记

脚本引入了 os 库:

os.system('/bin/sh')

Crypto

bd

仅知道 n e c ,但是 e 非常大,正常都是 65535 ,判断是低解密指数攻击。用现成轮子:https://github.com/pablocelayes/rsa-wiener-attack

import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator
def decode(e,n):
    frac = ContinuedFractions.rational_to_contfrac(e, n)
    convergents = ContinuedFractions.convergents_from_contfrac(frac)
    
    for (k,d) in convergents:        
        #check if d is actually the key
        if k!=0 and (e*d-1)%k == 0:
            phi = (e*d-1)//k
            s = n - phi + 1
            # check if the equation x^2 - s*x + n = 0
            # has integer roots
            discr = s*s - 4*n
            if(discr>=0):
                t = Arithmetic.is_perfect_square(discr)
                if t!=-1 and (s+t)%2==0:
                    print("Hacked!")
                    return d
n1=86966590627372918010571457840724456774194080910694231109811773050866217415975647358784246153710824794652840306389428729923771431340699346354646708396564203957270393882105042714920060055401541794748437242707186192941546185666953574082803056612193004258064074902605834799171191314001030749992715155125694272289
c=37625098109081701774571613785279343908814425141123915351527903477451570893536663171806089364574293449414561630485312247061686191366669404389142347972565020570877175992098033759403318443705791866939363061966538210758611679849037990315161035649389943256526167843576617469134413191950908582922902210791377220066
e=46867417013414476511855705167486515292101865210840925173161828985833867821644239088991107524584028941183216735115986313719966458608881689802377181633111389920813814350964315420422257050287517851213109465823444767895817372377616723406116946259672358254060231210263961445286931270444042869857616609048537240249
d=decode(e,n1)
m=pow(c,d,n1)
print '[+]{:x}'.format(m)

RE

z3

这题其实跟逆向关系不大,会用z3库就解出来了,相当于去解一个46元一次方程组,人手算肯定算到天亮,那么用z3这个解方程库一下自就可以跑出来了

脚本

z3 库的使用另外开了笔记记录,简单记录这个脚本思路。首先变量类型不一定要 BitVec ,可以是 Int , 因为解出来的值必须是整数,不然怎么从 ascii 转成可见字符串;然后是 89 行开始的约束是限制结尾在 ascii 可见字符范围内,测试后发现不添加这部分也是可以解出来的。

from z3 import *

de = [0x4F17,0x9CF6,0x8DDB,0x8EA6,0x6929,0x9911,0x40A2,0x2F3E,0x62B6,0x4B82,0x486C,0x4002,0x52D7,0x2DEF,0x28DC,0x640D,0x528F,0x613B,0x4781,0x6B17,0x3237,0x2A93,0x615F,0x50BE,0x598E,0x4656,0x5B31,0x313A,0x3010,0x67FE,0x4D5F,0x58DB,0x3799,0x60A0,0x2750,0x3759,0x8953,0x7122,0x81F9,0x5524,0x8971,0x3A1D]
v46=BitVec('v46',8)
v47=BitVec('v47',8)
v48=BitVec('v48',8)
v49=BitVec('v49',8)
v50=BitVec('v50',8)
v51=BitVec('v51',8)
v52=BitVec('v52',8)
v53=BitVec('v53',8)
v54=BitVec('v54',8)
v55=BitVec('v55',8)
v56=BitVec('v56',8)
v57=BitVec('v57',8)
v58=BitVec('v58',8)
v59=BitVec('v59',8)
v60=BitVec('v60',8)
v61=BitVec('v61',8)
v62=BitVec('v62',8)
v63=BitVec('v63',8)
v64=BitVec('v64',8)
v65=BitVec('v65',8)
v66=BitVec('v66',8)
v67=BitVec('v67',8)
v68=BitVec('v68',8)
v69=BitVec('v69',8)
v70=BitVec('v70',8)
v71=BitVec('v71',8)
v72=BitVec('v72',8)
v73=BitVec('v73',8)
v74=BitVec('v74',8)
v75=BitVec('v75',8)
v76=BitVec('v76',8)
v77=BitVec('v77',8)
v78=BitVec('v78',8)
v79=BitVec('v79',8)
v80=BitVec('v80',8)
v81=BitVec('v81',8)
v82=BitVec('v82',8)
v83=BitVec('v83',8)
v84=BitVec('v84',8)
v85=BitVec('v85',8)
v86=BitVec('v86',8)
v87=BitVec('v87',8)
v4=de[0]
v5=de[1]
v6=de[2]
v7=de[3]
v8=de[4]
v9=de[5]
v10=de[6]
v11=de[7]
v12=de[8]
v13=de[9]
v14=de[10]
v15=de[11]
v16=de[12]
v17=de[13]
v18=de[14]
v19=de[15]
v20=de[16]
v21=de[17]
v22=de[18]
v23=de[19]
v24=de[20]
v25=de[21]
v26=de[22]
v27=de[23]
v28=de[24]
v29=de[25]
v30=de[26]
v31=de[27]
v32=de[28]
v33=de[29]
v34=de[30]
v35=de[31]
v36=de[32]
v37=de[33]
v38=de[34]
v39=de[35]
v40=de[36]
v41=de[37]
v42=de[38]
v43=de[39]
v44=de[40]
v45=de[41]
s=Solver()
s.add(v4 == 34 * v49 + 12 * v46 + 53 * v47 + 6 * v48 + 58 * v50 + 36 * v51 + v52)
s.add(v5 == 27 * v50 + 73 * v49 + 12 * v48 + 83 * v46 + 85 * v47 + 96 * v51 + 52 * v52)
s.add(v6 == 24 * v48 + 78 * v46 + 53 * v47 + 36 * v49 + 86 * v50 + 25 * v51 + 46 * v52)
s.add(v7 == 78 * v47 + 39 * v46 + 52 * v48 + 9 * v49 + 62 * v50 + 37 * v51 + 84 * v52)
s.add(v8 == 48 * v50 + 14 * v48 + 23 * v46 + 6 * v47 + 74 * v49 + 12 * v51 + 83 * v52)
s.add(v9 == 15 * v51 + 48 * v50 + 92 * v48 + 85 * v47 + 27 * v46 + 42 * v49 + 72 * v52)
s.add(v10 == 26 * v51 + 67 * v49 + 6 * v47 + 4 * v46 + 3 * v48 + 68 * v52)
s.add(v11 == 34 * v56 + 12 * v53 + 53 * v54 + 6 * v55 + 58 * v57 + 36 * v58 + v59)
s.add(v12 == 27 * v57 + 73 * v56 + 12 * v55 + 83 * v53 + 85 * v54 + 96 * v58 + 52 * v59)
s.add(v13 == 24 * v55 + 78 * v53 + 53 * v54 + 36 * v56 + 86 * v57 + 25 * v58 + 46 * v59)
s.add(v14 == 78 * v54 + 39 * v53 + 52 * v55 + 9 * v56 + 62 * v57 + 37 * v58 + 84 * v59)
s.add(v15 == 48 * v57 + 14 * v55 + 23 * v53 + 6 * v54 + 74 * v56 + 12 * v58 + 83 * v59)
s.add(v16 == 15 * v58 + 48 * v57 + 92 * v55 + 85 * v54 + 27 * v53 + 42 * v56 + 72 * v59)
s.add(v17 == 26 * v58 + 67 * v56 + 6 * v54 + 4 * v53 + 3 * v55 + 68 * v59)
s.add(v18 == 34 * v63 + 12 * v60 + 53 * v61 + 6 * v62 + 58 * v64 + 36 * v65 + v66)
s.add(v19 == 27 * v64 + 73 * v63 + 12 * v62 + 83 * v60 + 85 * v61 + 96 * v65 + 52 * v66)
s.add(v20 == 24 * v62 + 78 * v60 + 53 * v61 + 36 * v63 + 86 * v64 + 25 * v65 + 46 * v66)
s.add(v21 == 78 * v61 + 39 * v60 + 52 * v62 + 9 * v63 + 62 * v64 + 37 * v65 + 84 * v66)
s.add(v22 == 48 * v64 + 14 * v62 + 23 * v60 + 6 * v61 + 74 * v63 + 12 * v65 + 83 * v66)
s.add(v23 == 15 * v65 + 48 * v64 + 92 * v62 + 85 * v61 + 27 * v60 + 42 * v63 + 72 * v66)
s.add(v24 == 26 * v65 + 67 * v63 + 6 * v61 + 4 * v60 + 3 * v62 + 68 * v66)
s.add(v25 == 34 * v70 + 12 * v67 + 53 * v68 + 6 * v69 + 58 * v71 + 36 * v72 + v73)
s.add(v26 == 27 * v71 + 73 * v70 + 12 * v69 + 83 * v67 + 85 * v68 + 96 * v72 + 52 * v73)
s.add(v27 == 24 * v69 + 78 * v67 + 53 * v68 + 36 * v70 + 86 * v71 + 25 * v72 + 46 * v73)
s.add(v28 == 78 * v68 + 39 * v67 + 52 * v69 + 9 * v70 + 62 * v71 + 37 * v72 + 84 * v73)
s.add(v29 == 48 * v71 + 14 * v69 + 23 * v67 + 6 * v68 + 74 * v70 + 12 * v72 + 83 * v73)
s.add(v30 == 15 * v72 + 48 * v71 + 92 * v69 + 85 * v68 + 27 * v67 + 42 * v70 + 72 * v73)
s.add(v31 == 26 * v72 + 67 * v70 + 6 * v68 + 4 * v67 + 3 * v69 + 68 * v73)
s.add(v32 == 34 * v77 + 12 * v74 + 53 * v75 + 6 * v76 + 58 * v78 + 36 * v79 + v80)
s.add(v33 == 27 * v78 + 73 * v77 + 12 * v76 + 83 * v74 + 85 * v75 + 96 * v79 + 52 * v80)
s.add(v34 == 24 * v76 + 78 * v74 + 53 * v75 + 36 * v77 + 86 * v78 + 25 * v79 + 46 * v80)
s.add(v35 == 78 * v75 + 39 * v74 + 52 * v76 + 9 * v77 + 62 * v78 + 37 * v79 + 84 * v80)
s.add(v36 == 48 * v78 + 14 * v76 + 23 * v74 + 6 * v75 + 74 * v77 + 12 * v79 + 83 * v80)
s.add(v37 == 15 * v79 + 48 * v78 + 92 * v76 + 85 * v75 + 27 * v74 + 42 * v77 + 72 * v80)
s.add(v38 == 26 * v79 + 67 * v77 + 6 * v75 + 4 * v74 + 3 * v76 + 68 * v80)
s.add(v39 == 34 * v84 + 12 * v81 + 53 * v82 + 6 * v83 + 58 * v85 + 36 * v86 + v87)
s.add(v40 == 27 * v85 + 73 * v84 + 12 * v83 + 83 * v81 + 85 * v82 + 96 * v86 + 52 * v87)
s.add(v41 == 24 * v83 + 78 * v81 + 53 * v82 + 36 * v84 + 86 * v85 + 25 * v86 + 46 * v87)
s.add(v42 == 78 * v82 + 39 * v81 + 52 * v83 + 9 * v84 + 62 * v85 + 37 * v86 + 84 * v87)
s.add(v43 == 48 * v85 + 14 * v83 + 23 * v81 + 6 * v82 + 74 * v84 + 12 * v86 + 83 * v87)
s.add(v44 == 15 * v86 + 48 * v85 + 92 * v83 + 85 * v82 + 27 * v81 + 42 * v84 + 72 * v87)
s.add(v45 == 26 * v86 + 67 * v84 + 6 * v82 + 4 * v81 + 3 * v83 + 68 * v87)
print s.check()
flag=""
if s.check() == sat:
    m = s.model()
    print m
else:
    print "no answer"
flag = ""
for d in m.decls():
    print "%s = %s" % (d.name(), m[d])

MISC

签到

  • 点进去助力一下,过了段时间出来个小喇叭说得到flag了交了就好了

电脑被黑

~:file disk_dump 
>>> disk_dump: Linux rev 1.0 ext3 filesystem data, UUID=4a3914c4-f9c1-4ec7-b682-c5554ce2f47f (large files)

ext3 filesystem data linux 平台下的备份移动文件,重新挂载可以读取原始资料

sudo mount -o loop ./disk_dump /mnt

demo 为加密程序:

  v7 = fopen(argv[1], "rb");
  if ( v7 )
  {
    stream = fopen(argv[1], "rb+");
    if ( stream )
    {
      while ( 1 )
      {
        v6 = fgetc(v7);
        if ( v6 == -1 )
          break;
        fputc(v4 ^ (v5 + v6), stream);
        v4 += 34;
        v5 = (v5 + 2) & 0xF;
      }
      fclose(v7);
      fclose(stream);
      result = 0;
    }
    else
    {
      printf("cannot open file", "rb+", argv);
      result = 0;
    }
  }
  else
  {
    printf("cannot open this file", "rb", argv);
    result = 0;
  }

根据算法可以知道加密后的密文写回到原文件中。使用 fakeflag.txt 内容进行解密乱码。

strings disk_dump | grep "flag"

找到有另外一个 flag.txt ,数据恢复出来:

extundelete --restore-all disk_dump -o out
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time    : ${DATE} ${TIME}
# @Author  : MrSkYe
# @Email   : [email protected]
# @File    : 电脑被黑.py
# @Software: ${PRODUCT_NAME}
c = [0x44,0x2a,0x03,0xe5,0x29,0xa3,0xaf,0x62,0x05,0x31,0x4e,0xf3,0xd6,0xeb,0x90,0x66,0x24,0x5c,0xb7,0x92,0xf6,0xd7,0x4d,0x0b,0x6a,0x41,0xa3,0x85,0xef,0x90,0x5a,0x7e,0x5b,0xec,0xc1,0xf0,0xd4,0x61,0x12,0x12,0x45,0xeb,0xb8]
v4 = 34
v5 = 0
flag = ''

for cr in c:
    flag += chr(((cr^v4)-v5)%256)
    v4+=34
    v5=(v5+2)&0xf

print(flag)

the_best_ctf_game

记事本直接打开,删除无用字节得到 flag

Last modification:October 13th, 2020 at 11:31 pm