Pwn

babyjsk

解压后在众多文件夹中的找到 server.py 。内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
import sys
import tempfile
import os

# Python2中input()函数漏洞
size = int(input())
assert(size < 1024*1024) #1MB max
script = sys.stdin.read(size) # reads one byte at a time, similar to getchar()

temp = tempfile.mktemp()
with open(temp, "w") as f:
	f.write(script)

# os.environ['LD_PRELOAD'] = "./libJavaScriptCore.so.1"
cmd = "LD_PRELOAD=/home/ctf/libJavaScriptCore.so.1 /home/ctf/jsc " + temp
os.system(cmd)

Python2中input()函数漏洞笔记

脚本引入了 os 库:

1
os.system('/bin/sh')

Crypto

bd

仅知道 n e c ,但是 e 非常大,正常都是 65535 ,判断是低解密指数攻击。用现成轮子:https://github.com/pablocelayes/rsa-wiener-attack

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator
def decode(e,n):
    frac = ContinuedFractions.rational_to_contfrac(e, n)
    convergents = ContinuedFractions.convergents_from_contfrac(frac)
    
    for (k,d) in convergents:        
        #check if d is actually the key
        if k!=0 and (e*d-1)%k == 0:
            phi = (e*d-1)//k
            s = n - phi + 1
            # check if the equation x^2 - s*x + n = 0
            # has integer roots
            discr = s*s - 4*n
            if(discr>=0):
                t = Arithmetic.is_perfect_square(discr)
                if t!=-1 and (s+t)%2==0:
                    print("Hacked!")
                    return d
n1=86966590627372918010571457840724456774194080910694231109811773050866217415975647358784246153710824794652840306389428729923771431340699346354646708396564203957270393882105042714920060055401541794748437242707186192941546185666953574082803056612193004258064074902605834799171191314001030749992715155125694272289
c=37625098109081701774571613785279343908814425141123915351527903477451570893536663171806089364574293449414561630485312247061686191366669404389142347972565020570877175992098033759403318443705791866939363061966538210758611679849037990315161035649389943256526167843576617469134413191950908582922902210791377220066
e=46867417013414476511855705167486515292101865210840925173161828985833867821644239088991107524584028941183216735115986313719966458608881689802377181633111389920813814350964315420422257050287517851213109465823444767895817372377616723406116946259672358254060231210263961445286931270444042869857616609048537240249
d=decode(e,n1)
m=pow(c,d,n1)
print '[+]{:x}'.format(m)

RE

z3

这题其实跟逆向关系不大,会用z3库就解出来了,相当于去解一个46元一次方程组,人手算肯定算到天亮,那么用z3这个解方程库一下自就可以跑出来了

脚本

z3 库的使用另外开了笔记记录,简单记录这个脚本思路。首先变量类型不一定要 BitVec ,可以是 Int , 因为解出来的值必须是整数,不然怎么从 ascii 转成可见字符串;然后是 89 行开始的约束是限制结尾在 ascii 可见字符范围内,测试后发现不添加这部分也是可以解出来的。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
from z3 import *

de = [0x4F17,0x9CF6,0x8DDB,0x8EA6,0x6929,0x9911,0x40A2,0x2F3E,0x62B6,0x4B82,0x486C,0x4002,0x52D7,0x2DEF,0x28DC,0x640D,0x528F,0x613B,0x4781,0x6B17,0x3237,0x2A93,0x615F,0x50BE,0x598E,0x4656,0x5B31,0x313A,0x3010,0x67FE,0x4D5F,0x58DB,0x3799,0x60A0,0x2750,0x3759,0x8953,0x7122,0x81F9,0x5524,0x8971,0x3A1D]
v46=BitVec('v46',8)
v47=BitVec('v47',8)
v48=BitVec('v48',8)
v49=BitVec('v49',8)
v50=BitVec('v50',8)
v51=BitVec('v51',8)
v52=BitVec('v52',8)
v53=BitVec('v53',8)
v54=BitVec('v54',8)
v55=BitVec('v55',8)
v56=BitVec('v56',8)
v57=BitVec('v57',8)
v58=BitVec('v58',8)
v59=BitVec('v59',8)
v60=BitVec('v60',8)
v61=BitVec('v61',8)
v62=BitVec('v62',8)
v63=BitVec('v63',8)
v64=BitVec('v64',8)
v65=BitVec('v65',8)
v66=BitVec('v66',8)
v67=BitVec('v67',8)
v68=BitVec('v68',8)
v69=BitVec('v69',8)
v70=BitVec('v70',8)
v71=BitVec('v71',8)
v72=BitVec('v72',8)
v73=BitVec('v73',8)
v74=BitVec('v74',8)
v75=BitVec('v75',8)
v76=BitVec('v76',8)
v77=BitVec('v77',8)
v78=BitVec('v78',8)
v79=BitVec('v79',8)
v80=BitVec('v80',8)
v81=BitVec('v81',8)
v82=BitVec('v82',8)
v83=BitVec('v83',8)
v84=BitVec('v84',8)
v85=BitVec('v85',8)
v86=BitVec('v86',8)
v87=BitVec('v87',8)
v4=de[0]
v5=de[1]
v6=de[2]
v7=de[3]
v8=de[4]
v9=de[5]
v10=de[6]
v11=de[7]
v12=de[8]
v13=de[9]
v14=de[10]
v15=de[11]
v16=de[12]
v17=de[13]
v18=de[14]
v19=de[15]
v20=de[16]
v21=de[17]
v22=de[18]
v23=de[19]
v24=de[20]
v25=de[21]
v26=de[22]
v27=de[23]
v28=de[24]
v29=de[25]
v30=de[26]
v31=de[27]
v32=de[28]
v33=de[29]
v34=de[30]
v35=de[31]
v36=de[32]
v37=de[33]
v38=de[34]
v39=de[35]
v40=de[36]
v41=de[37]
v42=de[38]
v43=de[39]
v44=de[40]
v45=de[41]
s=Solver()
s.add(v4 == 34 * v49 + 12 * v46 + 53 * v47 + 6 * v48 + 58 * v50 + 36 * v51 + v52)
s.add(v5 == 27 * v50 + 73 * v49 + 12 * v48 + 83 * v46 + 85 * v47 + 96 * v51 + 52 * v52)
s.add(v6 == 24 * v48 + 78 * v46 + 53 * v47 + 36 * v49 + 86 * v50 + 25 * v51 + 46 * v52)
s.add(v7 == 78 * v47 + 39 * v46 + 52 * v48 + 9 * v49 + 62 * v50 + 37 * v51 + 84 * v52)
s.add(v8 == 48 * v50 + 14 * v48 + 23 * v46 + 6 * v47 + 74 * v49 + 12 * v51 + 83 * v52)
s.add(v9 == 15 * v51 + 48 * v50 + 92 * v48 + 85 * v47 + 27 * v46 + 42 * v49 + 72 * v52)
s.add(v10 == 26 * v51 + 67 * v49 + 6 * v47 + 4 * v46 + 3 * v48 + 68 * v52)
s.add(v11 == 34 * v56 + 12 * v53 + 53 * v54 + 6 * v55 + 58 * v57 + 36 * v58 + v59)
s.add(v12 == 27 * v57 + 73 * v56 + 12 * v55 + 83 * v53 + 85 * v54 + 96 * v58 + 52 * v59)
s.add(v13 == 24 * v55 + 78 * v53 + 53 * v54 + 36 * v56 + 86 * v57 + 25 * v58 + 46 * v59)
s.add(v14 == 78 * v54 + 39 * v53 + 52 * v55 + 9 * v56 + 62 * v57 + 37 * v58 + 84 * v59)
s.add(v15 == 48 * v57 + 14 * v55 + 23 * v53 + 6 * v54 + 74 * v56 + 12 * v58 + 83 * v59)
s.add(v16 == 15 * v58 + 48 * v57 + 92 * v55 + 85 * v54 + 27 * v53 + 42 * v56 + 72 * v59)
s.add(v17 == 26 * v58 + 67 * v56 + 6 * v54 + 4 * v53 + 3 * v55 + 68 * v59)
s.add(v18 == 34 * v63 + 12 * v60 + 53 * v61 + 6 * v62 + 58 * v64 + 36 * v65 + v66)
s.add(v19 == 27 * v64 + 73 * v63 + 12 * v62 + 83 * v60 + 85 * v61 + 96 * v65 + 52 * v66)
s.add(v20 == 24 * v62 + 78 * v60 + 53 * v61 + 36 * v63 + 86 * v64 + 25 * v65 + 46 * v66)
s.add(v21 == 78 * v61 + 39 * v60 + 52 * v62 + 9 * v63 + 62 * v64 + 37 * v65 + 84 * v66)
s.add(v22 == 48 * v64 + 14 * v62 + 23 * v60 + 6 * v61 + 74 * v63 + 12 * v65 + 83 * v66)
s.add(v23 == 15 * v65 + 48 * v64 + 92 * v62 + 85 * v61 + 27 * v60 + 42 * v63 + 72 * v66)
s.add(v24 == 26 * v65 + 67 * v63 + 6 * v61 + 4 * v60 + 3 * v62 + 68 * v66)
s.add(v25 == 34 * v70 + 12 * v67 + 53 * v68 + 6 * v69 + 58 * v71 + 36 * v72 + v73)
s.add(v26 == 27 * v71 + 73 * v70 + 12 * v69 + 83 * v67 + 85 * v68 + 96 * v72 + 52 * v73)
s.add(v27 == 24 * v69 + 78 * v67 + 53 * v68 + 36 * v70 + 86 * v71 + 25 * v72 + 46 * v73)
s.add(v28 == 78 * v68 + 39 * v67 + 52 * v69 + 9 * v70 + 62 * v71 + 37 * v72 + 84 * v73)
s.add(v29 == 48 * v71 + 14 * v69 + 23 * v67 + 6 * v68 + 74 * v70 + 12 * v72 + 83 * v73)
s.add(v30 == 15 * v72 + 48 * v71 + 92 * v69 + 85 * v68 + 27 * v67 + 42 * v70 + 72 * v73)
s.add(v31 == 26 * v72 + 67 * v70 + 6 * v68 + 4 * v67 + 3 * v69 + 68 * v73)
s.add(v32 == 34 * v77 + 12 * v74 + 53 * v75 + 6 * v76 + 58 * v78 + 36 * v79 + v80)
s.add(v33 == 27 * v78 + 73 * v77 + 12 * v76 + 83 * v74 + 85 * v75 + 96 * v79 + 52 * v80)
s.add(v34 == 24 * v76 + 78 * v74 + 53 * v75 + 36 * v77 + 86 * v78 + 25 * v79 + 46 * v80)
s.add(v35 == 78 * v75 + 39 * v74 + 52 * v76 + 9 * v77 + 62 * v78 + 37 * v79 + 84 * v80)
s.add(v36 == 48 * v78 + 14 * v76 + 23 * v74 + 6 * v75 + 74 * v77 + 12 * v79 + 83 * v80)
s.add(v37 == 15 * v79 + 48 * v78 + 92 * v76 + 85 * v75 + 27 * v74 + 42 * v77 + 72 * v80)
s.add(v38 == 26 * v79 + 67 * v77 + 6 * v75 + 4 * v74 + 3 * v76 + 68 * v80)
s.add(v39 == 34 * v84 + 12 * v81 + 53 * v82 + 6 * v83 + 58 * v85 + 36 * v86 + v87)
s.add(v40 == 27 * v85 + 73 * v84 + 12 * v83 + 83 * v81 + 85 * v82 + 96 * v86 + 52 * v87)
s.add(v41 == 24 * v83 + 78 * v81 + 53 * v82 + 36 * v84 + 86 * v85 + 25 * v86 + 46 * v87)
s.add(v42 == 78 * v82 + 39 * v81 + 52 * v83 + 9 * v84 + 62 * v85 + 37 * v86 + 84 * v87)
s.add(v43 == 48 * v85 + 14 * v83 + 23 * v81 + 6 * v82 + 74 * v84 + 12 * v86 + 83 * v87)
s.add(v44 == 15 * v86 + 48 * v85 + 92 * v83 + 85 * v82 + 27 * v81 + 42 * v84 + 72 * v87)
s.add(v45 == 26 * v86 + 67 * v84 + 6 * v82 + 4 * v81 + 3 * v83 + 68 * v87)
print s.check()
flag=""
if s.check() == sat:
	m = s.model()
	print m
else:
	print "no answer"
flag = ""
for d in m.decls():
    print "%s = %s" % (d.name(), m[d])

MISC

签到

  • 点进去助力一下,过了段时间出来个小喇叭说得到flag了交了就好了

电脑被黑

1
2
~:file disk_dump 
>>> disk_dump: Linux rev 1.0 ext3 filesystem data, UUID=4a3914c4-f9c1-4ec7-b682-c5554ce2f47f (large files)

ext3 filesystem data linux 平台下的备份移动文件,重新挂载可以读取原始资料

1
sudo mount -o loop ./disk_dump /mnt

demo 为加密程序:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
v7 = fopen(argv[1], "rb");
if ( v7 )
{
  stream = fopen(argv[1], "rb+");
  if ( stream )
  {
    while ( 1 )
    {
      v6 = fgetc(v7);
      if ( v6 == -1 )
        break;
      fputc(v4 ^ (v5 + v6), stream);
      v4 += 34;
      v5 = (v5 + 2) & 0xF;
    }
    fclose(v7);
    fclose(stream);
    result = 0;
  }
  else
  {
    printf("cannot open file", "rb+", argv);
    result = 0;
  }
}
else
{
  printf("cannot open this file", "rb", argv);
  result = 0;
}

根据算法可以知道加密后的密文写回到原文件中。使用 fakeflag.txt 内容进行解密乱码。

1
strings disk_dump | grep "flag"

找到有另外一个 flag.txt ,数据恢复出来:

1
extundelete --restore-all disk_dump -o out
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time    : ${DATE} ${TIME}
# @Author  : MrSkYe
# @Email   : [email protected]
# @File    : 电脑被黑.py
# @Software: ${PRODUCT_NAME}
c = [0x44,0x2a,0x03,0xe5,0x29,0xa3,0xaf,0x62,0x05,0x31,0x4e,0xf3,0xd6,0xeb,0x90,0x66,0x24,0x5c,0xb7,0x92,0xf6,0xd7,0x4d,0x0b,0x6a,0x41,0xa3,0x85,0xef,0x90,0x5a,0x7e,0x5b,0xec,0xc1,0xf0,0xd4,0x61,0x12,0x12,0x45,0xeb,0xb8]
v4 = 34
v5 = 0
flag = ''

for cr in c:
	flag += chr(((cr^v4)-v5)%256)
	v4+=34
	v5=(v5+2)&0xf

print(flag)

the_best_ctf_game

记事本直接打开,删除无用字节得到 flag