# SICTF-round3-wp

题解：

# MISC

# GeekChallege

最终分数 269 pts

我的密码可是很长的呢！（nc）

Rule:If the i-th character of the string you input is the same as the i-th character of my password, I will output a 1. Otherwise, I will output a 0. Keep guessing my password until you get it right, and I will give you flag

Tip:len(array)=5&&len(passwd)=114

已知规则为爆破密码，密码为 5 位长度的数组构成的 114 个密码

所以先进行爆破数组，然后就可以快速爆破密码

脚本

	import socket
	import string

	HOST = 'yuanshen.life'
	PORT = 33615

	characters = string.printable
	password = ['?'] * 114
	known_chars = set()

	with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
	s.connect((HOST, PORT))

	banner = s.recv(1024)
	print(banner.decode())

	for i in range(114):
	if len(known_chars) >= 5:
	chars = known_chars
	else:
	chars = characters

	for char in chars:
	attempt = ''.join(password).replace('?', char, 1)
	s.sendall((attempt + '\n').encode())

	response = ""
	while len(response) < 114:
	part = s.recv(1024).decode()
	response += part.strip()
	print(f"TEST: {attempt} -> {response}")

	if response[i] == '1':
	password[i] = char
	known_chars.add(char)
	print(f"FOUND {char} at {i}")
	break

	print("Password:", ''.join(password))
	result = s.recv().decode()
	print(result)

# WHO?WHO?WHO

最终分数 438 pts

题目描述：我不说是谁了！！！太渣了！！！呜呜呜！！！让我遍体鳞伤！！！

压缩包密码为 6 位小写字母

树木是渣男

压缩包密码 6 位小写

qweqwe

得到文本内容，零宽

U2FsdGVkX19uvldJ6CGUNff3B28QEdIjZqgUh98K+/0J16ELU8WVQydohw4P5+2M
jbhTLQHNOpcoOd7kSRgy8pwpovCmimdD8M0IbYUeXjNKYePL/WP4PCMaOJHAW3HR
b7IEoDDH1NYh3o5NwMmcFEqy1ujf72VgQIQkaeYFFFE=

兔子解密

密钥 shumu

GTAGAGCTAGTCCTT

DNA 加密

SICTF

# 日志分析 1

最终分数 703 pts

可恶的树魔王黑客居然控制了我的电脑，聪明的你一定能够识破树魔王的阴谋吧！
flag 格式为 SICTF {黑客所接入的 IP 地址 | 黑客所创建的用户名 | 黑客所加入的用户组 | 黑客创建的计划名 | 创建计划任务的对象后门所处的路径（小写盘符…, 后门路径精确到 ****.exe）| 黑客远程登陆 RDP 的账户}
后门路径精确到 ****.exe

后门路径精确到 ****.exe

注意 system 的权限

远程登录账户请加上用户域 (xxxxxxx\xxxxxxx)

所用工具

Log Parser Lizard （需要自行设置 Maps 路径）

windows 自带日志工具

黑客所接入的 IP 地址

payload data2 中搜索 Logon Type 10 (远程 rdp 连接)

找到 Remote Host 为 WIN-WH8G5MDPHE5 (192.168.222.200)

所以 IP 为 192.168.222.200

黑客所创建的用户名

Map Description 中搜索 A new account was created 或者在 Event ID 找 4720

发现只有一条创建用户操作

Target: ADOFLMB\attack$ (S-1-5-21-867333373-202576419-2389709931-1103)

所以用户为 attack$

黑客所加入的用户组

Map Description 中搜索 A member was added to a security-enabled local group 或者在 Event ID 找 4732

只有一条记录

payload data1 为 Target: Builtin\Administrators (S-1-5-32-544)

payload data4 为 MemberSid: S-1-5-21-867333373-202576419-2389709931-1103

由前面可知 attack$ 的 SSID 为 S-1-5-21-867333373-202576419-2389709931-1103

所以加入的用户组为 Administrators

黑客创建的计划名

Map Description 中搜索 Scheduled Task created 或者在 Event ID 找 4698

只有一条记录

payload data1 为 TaskName: \callback

所以创建的计划名为 callback

创建计划任务的对象后门所处的路径（小写盘符…, 后门路径精确到 ****.exe）

仍然是 4698

在 payload 2 中发现计划内容

其中后门路径为 c:\windows\system32\windows_attack.exe

黑客远程登陆 RDP 的账户 (加上用户域)

需要在 windows 审计日志工具寻找

需要事件 ID 为 4624

使用者:
安全 ID: SYSTEM
帐户名: WIN-WH8G5MDPHE5$
帐户域: ADOFLMB
登录 ID: 0x3E7

登录类型: 10

新登录:
安全 ID: S-1-5-21-867333373-202576419-2389709931-1103
帐户名: attack$
帐户域: ADOFLMB
登录 ID: 0x12A334
登录 GUID:

进程信息:
进程 ID: 0x974
进程名: C:\Windows\System32\winlogon.exe

网络信息:
工作站名: WIN-WH8G5MDPHE5
源网络地址: 192.168.222.200
源端口: 35186

详细身份验证信息:
登录进程: User32
身份验证数据包: Negotiate
传递的服务: -
数据包名 (仅限 NTLM): -
密钥长度: 0

创建登录会话后，在被访问的计算机上生成此事件。

“使用者” 字段指明本地系统上请求登录的帐户。这通常是一个服务 (例如 Server 服务) 或本地进程 (例如 Winlogon.exe 或 Services.exe)。

“登录类型” 字段指明发生的登录种类。最常见的类型是 2 (交互式) 和 3 (网络)。

“新登录” 字段指明新登录是为哪个帐户创建的，即登录的帐户。

“网络” 字段指明远程登录请求来自哪里。“工作站名” 并非总是可用，而且在某些情况下可能会留为空白。

模拟级别字段指明登录会话中的进程可以模拟的程度。

“身份验证信息” 字段提供关于此特定登录请求的详细信息。
-“登录 GUID” 是可用于将此事件与 KDC 事件关联起来的唯一标识符。
-“传递的服务” 指明哪些中间服务参与了此登录请求。

“数据包名” 指明在 NTLM 协议之间使用了哪些子协议。
-“密钥长度” 指明生成的会话密钥的长度。如果没有请求会话密钥，则此字段为 0。

由此可见黑客远程登陆 RDP 的账户为 ADOFLMB\attack$

# CRYPTO

# [签到] Vigenere

最终分数 102 pts

19 世纪末，无法破译的密码被应用于一场大规模内战，它在 20 世纪初期更是被认为是无法被转化的密码。后来，人们走到了 21 世纪，有着更高的算力，这种无法破译的密码也被高算力轻松攻破，你的任务便是使用你的高算力，跨越历史的长河，攻破这份密文！

Gn taj xirly gf Fxgjuakd, oe igywnd mt tegbs mnrxxlrivywd sngearbsw wakksre. Bs kpimj gf tank, it bx gur bslenmngn th jfdetagur mt ceei yze Ugnled Lystel tx Amxwaca gjmtrtq.

An taj wvegy gf tank nom xmccxjvinz, bw prhugse ts sllbffce hs lhe ytdlopnfg btxas wbyz Meqnuo: Tafl we lmsll ffce wtw logxyzer tsv madj heavj logxyzer. Pj khaeq yivLNUTF{4695vft9-fd68-4684-uj81-u6c1avg6uaft}j yenxwgus ynfanvnsl snuhorm, ffd ag zfdekxlanwnfg og tmr ptwl thty Eexbhg is mt jechsiuek yze lhxl tekwatokd an Nxb Eexbhg, Teqfk, anw Fjizhss. Thx iwtabqk of ljltlxrwnt tww leyy lo yhz.

Qou tww inlyjucmjv to bsxorf yze Pkjkidxsl [of Fjpich] tx thx ftovx nf thx ljeamjkt chsxidxsue al xgon tx at il hwrttnf thty lhekj oile gw an hzlbrxfc of pfj wimm lhe Nsatew Xlatxx snd lzygely lham yze Pkjkidxsl, on ank owg nfitbflivx, nfvimj Bapts lo ifrwdityw adajjenvj oita yzis iqsn; am yze strw tifj, gffxw lo mxiaatx gwtwxjf Jaiff anw tmrsxqnes.

Iqwasx hsll mt lhe tylenmngn oy yze Pkjkidxsl thty lhe kzlhlxxk emiqgymxsl of hzj suursrigjk nop txfekx lhe iwgspxhl of vtepeeqang Xsylagi lo mtpw pethw in t kww mhslhs.

网址 Vigenere Solver | guballa.de

# 铜匠

最终分数 759 pts

三年二班的皮郜伟同学，他的理想是做一名铜匠，为此他决定深入学习关于铜匠的知识

出题脚本

	from Crypto.Util.number import *
	from enc import flag

	def Decimal_conversion(num):
	if num == 0:
	return '0'
	digits = []
	while num:
	digits.append(str(num % 5))
	num //= 5
	return ''.join(reversed(digits))

	m = bytes_to_long(flag)
	p = getPrime(512)
	q = getPrime(512)
	e = 65537
	n = p*q
	c = pow(m,e,n)
	print(f"leak = {Decimal_conversion(p)[:112]}")
	print(f"n = {n}")
	print(f"e = {e}")
	print(f"c = {c}")
	'''
	leak = 2011133132443111302000224204142244403203442000141102312242343143241244243020003333022112141220422134444214010012
	n = 85988668134257353631742597258304937106964673395852009846703777410474172989069717247424903079500594820235304351355706519069516847244761609583338251489134035212061654870087550317540291994559481862615812258493738064606592165529948648774081655902831715928483206013332330998262897765489820121129058926463847702821
	e = 65537
	c = 64708526479058278743788046708923650158905888858865427385501446781738669889375403360886995849554813207230509920789341593771929287415439407977283018525484281064769128358863513387658744063469874845446480637925790150835186431234289848506337341595817156444941964510251032210939739594241869190746437858135599624562
	'''

首先还原 p 高位

	def Decimal_conversion(num):
	if num == 0:
	return '0'
	digits = []
	while num:
	digits.append(str(num % 5))
	num //= 5
	# print(''.join(reversed(digits)))
	return ''.join(reversed(digits))
	p = getPrime(512)
	leak = Decimal_conversion(p)
	leak1 = '2011133132443111302000224204142244403203442000141102312242343143241244243020003333022112141220422134444214010012'
	def decimal_conversion_back(num_in_base_5_str):
	num_in_base_10 = 0
	for index, digit in enumerate(reversed(num_in_base_5_str)):
	num_in_base_10 += int(digit) * (5 ** index)
	return num_in_base_10
	print(hex(decimal_conversion_back(str(int(leak[:112])10*109))))
	print(hex(decimal_conversion_back(str(int(leak1[:112])10*109))))
	print(hex(p))

	#0xe0640a71f195151ec1ce19d2f279bdb781cd408c9c3e6cd98d52c685828cbf34\|3dcf54f720d12f289219a8e129ad48ff74f5a6ffe3b9502a872bc176eb039c9a
	#0xe86194b49733b661b45654e0b6d7ec038e2815ce2b3ca16dcafda0b456f91e1e\|752c3b385c8799bf36ebac684ae31c199eb59f6a4626ae786f811aa05d87a667
	#0xe0640a71f195151ec1ce19d2f279bdb781cd408c9c3e6cd98d52c685828cbf34\|5f65ebf6b4b4d56880c2291ec13802ca68082513a08c63cd034f98a9d4f3261d

取得 p 高位后 8bit 爆破即可

	#sage
	from tqdm import *
	n = 85988668134257353631742597258304937106964673395852009846703777410474172989069717247424903079500594820235304351355706519069516847244761609583338251489134035212061654870087550317540291994559481862615812258493738064606592165529948648774081655902831715928483206013332330998262897765489820121129058926463847702821
	p_high = 0xe86194b49733b661b45654e0b6d7ec038e2815ce2b3ca16dcafda0b456f91e1e
	c = 64708526479058278743788046708923650158905888858865427385501446781738669889375403360886995849554813207230509920789341593771929287415439407977283018525484281064769128358863513387658744063469874845446480637925790150835186431234289848506337341595817156444941964510251032210939739594241869190746437858135599624562
	pbits=512
	for i in trange(2**8,1,-1):
	p4 = p_high<<8
	p4 = p4 + i
	kbits = pbits - p4.nbits()
	p4 = p4 << kbits
	PR.<x> = PolynomialRing(Zmod(n))
	f = x + p4
	roots = f.small_roots(X=2^kbits, beta=0.4, epsilon=0.01)
	if roots:
	p = p4+int(roots[0])
	if n%p==0:
	print(i,p)
	break

然后正常 rsa

# SuperbRSA

最终分数 239 pts

CRYPTO 真的很难吗？Ö_O 不会吧不会吧！，一定要相信自己咩～

出题脚本

	#user:mumu666
	from Crypto.Util.number import *
	p=getPrime(1024)
	q=getPrime(1024)
	n=p*q
	e1=55
	e2=200
	m=bytes_to_long("flag")
	assert(pow(m,5) < n)
	c1 = pow(m, e1, n)
	c2 = pow(m, e2, n)
	print("n=",n)
	print("c1=",c1)
	print("c2=",c2)

	n= 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
	c1= 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
	c2= 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021

e1 e2 不互素

	from gmpy2 import gcdext, iroot
	from Crypto.Util.number import long_to_bytes

	n= 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
	c1= 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
	c2= 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021
	e1 = 55
	e2 = 200

	g,x,y=gcdext(e1,e2)
	m=pow(c1,x,n)*pow(c2,y,n)%n
	m=iroot(m,5)[0]
	print(long_to_bytes(m))

# 签到，确信！

未出但写

	from Crypto.Util.number import *
	from enc import flag

	m = bytes_to_long(flag)
	def gen_keys(bits):
	while 1:
	p = getPrime(bits)
	q = sum([p**i for i in range(7)])
	if isPrime(q):
	r = getPrime(1024)
	n = pqr
	return p,n
	p,n = gen_keys(512)
	e = 65537
	c = pow(m,e,n)
	print(f"n = {n}")
	print(f"e = {e}")
	print(f"c = {c}")

	n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
	e = 65537
	c = 990174418341944658163682355081485155265287928299806085314916265580657672513493698560580484907432207730887132062242640756706695937403268682912083148568866147011247510439837340945334451110125182595397920602074775022416454918954623612449584637584716343806255917090525904201284852578834232447821716829253065610989317909188784426328951520866152936279891872183954439348449359491526360671152193735260099077198986264364568046834399064514350538329990985131052947670063605611113730246128926850242471820709957158609175376867993700411738314237400038584470826914946434498322430741797570259936266226325667814521838420733061335969071245580657187544161772619889518845348639672820212709030227999963744593715194928502606910452777687735614033404646237092067644786266390652682476817862879933305687452549301456541574678459748029511685529779653056108795644495442515066731075232130730326258404497646551885443146629498236191794065050199535063169471112533284663197357635908054343683637354352034115772227442563180462771041527246803861110504563589660801224223152060573760388045791699221007556911597792387829416892037414283131499832672222157450742460666013331962249415807439258417736128976044272555922344342725850924271905056434303543500959556998454661274520986141613977331669376614647269667276594163516040422089616099849315644424644920145900066426839607058422686565517159251903275091124418838917480242517812783383


	k = 7
	R = Zmod(n)["x"]
	while True:
	Q = R.quo(R.random_element(k))
	pp1 = gcd(ZZ(list(Q.random_element() ^ n)[1]), n)
	if pp1 != 1:
	print(pp1)
	qq = sum([pp1**i for i in range(k)])
	rr = n // (pp1 * qq)
	assert n == pp1 * qq * rr

	p = 12682901567122222027862267249598083531042605533994291954963094692106317834600627170541482405569672263127679934367189535951903117852500278279000920954628951
	q = sum([p**i for i in range(k)])
	r = n//p//q
	d = inverse(e,(p-1)(q-1)(r-1))
	m = pow(c,d,n)
	flag = long_to_bytes(m)
	#b'SICTF{d9428fc7-fa3a-4096-8ec9-191c0a4562ff}'

	#原文链接：https://blog.csdn.net/m0_62584492/article/details/134758030

# RE

# Game[Battle City]

打游戏出的，二维码就在那个文件夹中