The competition practical only has 6 questions, involving web, misc, and crypto topics. This competition was organized for the client, but the questions are not difficult; otherwise, how could it be a small competition?
Question 1: 1-1#
Find js, search keyword flag
dasctf{d6e9c56d7f078d298ed4695d899effbe}
Question 2: 2-1#
Open the pdf
There is a text box on the image
Question 3: 3-1#
The source code of the question is as follows, solved by a friend:
import libnum
import gmpy2
from Crypto.Util.number import *
import flag,e1,e2
# Generate prime numbers
p=libnum.generate_prime(1024)
q=libnum.generate_prime(1024)
ec1=pow(bytes_to_long(str(e1).ljust(20,"D").encode()),3,p*q)
ec2=pow(bytes_to_long(str(e2).ljust(20,"A").encode()),5,p*q)
m=libnum.s2n(flag)
n=p*q
c1=pow(m,e1,n)
c2=pow(m,e2,n)
print("n1=",n)
print("ec1=",ec1)
print("c1=",c1)
print("n2=",n)
print("ec2=",ec2)
print("c2=",c2)
# n1= 27929259512873502442719286790227037320417984116570178470037376373267390909685621247157535458203218619293705428397911754453556082799420494496904478215709219317542924547049229150153308059698341011305505985823374280465467094476511869541135508518055946815227085548571701115773386101962695795789178321155174729047033298389886321980592410739667139376075568555729949442873964097042006391886635957242436522435588904492484342259494858627609438654632887244523845583473711604632109405043439047289868784236481926074763997559971182741918345193506253460323445846136663027639802131457594564405906763806426256107923417802076262573737
# ec1= 24979839185643431898760549059477070141596292955202172081572583839065034831779499992829742773873064296311713734486020739853343887094398935731264
# c1= 17695186679431856780362905635257355413310120106982055323913669124182832151093921194946365178919380690844190324897933591567360925332869903671651849060145290581360223200011298757871213149464298017718829480721410479504940393501845624196721013966839230696831321482946841011452400364600924503121451272593970649100410603943321149604376033957124800064565646929720179239631538966228020882733213221035707244692798307971636126058586394357032072695921642665492919186476321028415907982915011972040971875733852055633796811898421692604356476773910338982400925245494707729878821466569634334862311750349321720627252469986162120031838
# n2= 27929259512873502442719286790227037320417984116570178470037376373267390909685621247157535458203218619293705428397911754453556082799420494496904478215709219317542924547049229150153308059698341011305505985823374280465467094476511869541135508518055946815227085548571701115773386101962695795789178321155174729047033298389886321980592410739667139376075568555729949442873964097042006391886635957242436522435588904492484342259494858627609438654632887244523845583473711604632109405043439047289868784236481926074763997559971182741918345193506253460323445846136663027639802131457594564405906763806426256107923417802076262573737
# ec2= 2838620519239658396968146844964839207179863729944843241951228382052657801460586137213053314019699976475855578055607417923815486109050614096157077528657405905877896929808094661904905136761365045387901486261011216958309860644255996588189249
# c2= 10770781309274554738409447671578241895686779262243081931452089039730277591151694112684863740412412713684216227740930573490322958500198235497947657939304932868457999239593145330718657422535271157683896034543125292529800047408131765376686654378173684648427311300423776510153307756388404568013401217965931456538849277670384454454507752525534110389604969437991055504757081225690155489265359117617764571537216746554060783131168749700810806387918510612057149583061938836035963175555630655718716139689761210220525955656039741684390906935720406757364893793459339618913268943282961044530062475057887777134887741597041684698119
Given values, public key
The script provides the following parameters: n1, n2, ec1, ec2, c1, c2. Since ec1 and ec2 are both small exponent encryptions, we can directly take the fifth root to obtain the encryption indices e1 and e2.
Using variable k to find a valid k value such that the expression ec2 + k * n
is a perfect fifth power.
while 1:
res=iroot(ec2+k*n,5) #print(res)
In the above loop, the script calculates the fifth root of the expression ec2 + k * n
and checks if this fifth root is an integer. If it is an integer, it prints the corresponding string and breaks the loop. Otherwise, it increments k and continues the loop.
while True:
res = gmpy2.iroot(ec2 + k * n, 5) if res[1] == True: print(long_to_bytes(int(res[0])))
Next, the script uses the extended Euclidean algorithm to calculate the multiplicative inverses of the public keys e1 and e2, obtaining s1 and s2. Finally, the script calculates c1 raised to the power of s1 and c2 raised to the power of s2, multiplies these two results, and takes modulo n to obtain the plaintext m. These two indices are used to decrypt the ciphertext c1 and c2, thus obtaining the original message m.
s, s1, s2 = gmpy2.gcdext(e1, e2)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n # m = (c1^s1) * (c2^s2)
The decryption script is as follows:
import gmpy2
from Crypto.Util.number import *
n = 27929259512873502442719286790227037320417984116570178470037376373267390909685621247157535458203218619293705428397911754453556082799420494496904478215709219317542924547049229150153308059698341011305505985823374280465467094476511869541135508518055946815227085548571701115773386101962695795789178321155174729047033298389886321980592410739667139376075568555729949442873964097042006391886635957242436522435588904492484342259494858627609438654632887244523845583473711604632109405043439047289868784236481926074763997559971182741918345193506253460323445846136663027639802131457594564405906763806426256107923417802076262573737
ec2 = 2838620519239658396968146844964839207179863729944843241951228382052657801460586137213053314019699976475855578055607417923815486109050614096157077528657405905877896929808094661904905136761365045387901486261011216958309860644255996588189249
c1 = 17695186679431856780362905635257355413310120106982055323913669124182832151093921194946365178919380690844190324897933591567360925332869903671651849060145290581360223200011298757871213149464298017718829480721410479504940393501845624196721013966839230696831321482946841011452400364600924503121451272593970649100410603943321149604376033957124800064565646929720179239631538966228020882733213221035707244692798307971636126058586394357032072695921642665492919186476321028415907982915011972040971875733852055633796811898421692604356476773910338982400925245494707729878821466569634334862311750349321720627252469986162120031838
c2 = 10770781309274554738409447671578241895686779262243081931452089039730277591151694112684863740412412713684216227740930573490322958500198235497947657939304932868457999239593145330718657422535271157683896034543125292529800047408131765376686654378173684648427311300423776510153307756388404568013401217965931456538849277670384454454507752525534110389604969437991055504757081225690155489265359117617764571537216746554060783131168749700810806387918510612057149583061938836035963175555630655718716139689761210220525955656039741684390906935720406757364893793459339618913268943282961044530062475057887777134887741597041684698119
e1 = 34967
e2 = 65535
# Find a valid k value
k = 0
while True:
res = gmpy2.iroot(ec2 + k * n, 5)
if res[1] == True:
print(long_to_bytes(int(res[0]))) # Convert to string
break
k = k + 1
# Decrypt
s, s1, s2 = gmpy2.gcdext(e1, e2)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n # m = (c1^s1) * (c2^s2)
# Print decryption result
print(long_to_bytes(m))
Question 4: 4-1#
The original code is as follows:
from uuid import *
from caser import something
from secret import flag
base_table="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
result =""
for i in range(len(flag)):
if flag[i] in base_table:
result +=base_table[(base_table.index(flag[i])+33)%64]
else:
result +=flag[i]
print(result)
#khzj0m{9caZ87VV-8X77-WW/+-78Wa-eZVdaYYe9/dZ}
Write a decryption script based on the given code
encrypted_flag = "khzj0m{9caZ87VV-8X77-WW/+-78Wa-eZVdaYYe9/dZ}"
base_table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
flag = ""
for char in encrypted_flag:
if char in base_table:
index = (base_table.index(char) - 33) % 64
flag += base_table[index]
else:
flag += char
print(flag)
For crypto-type questions, directly use chatgpt to solve
Question 5: 5-1#
Analyze the provided attachment pcap.pcap
There is a file header format for rar compressed packages. Extract the above hexadecimal content and write it in hexadecimal format using 010editor
After writing, the specific content is as follows:
Obtain the rar file, which gives a flag.rar file after extraction, but requires a password to extract.
Suspect NTFS stream steganography, use NTFS data stream processing tools to process
Obtain a base64 string
The password is this base64 value, extract the compressed package