swpu新生賽ctf wp
阿新 • • 發佈:2021-12-23
WEB:gift_F12
沒啥好說的 直接F12得了
NSSCTF{We1c0me_t0_WLLMCTF_Th1s_1s_th3_G1ft}
RE
簡簡單單的解密
import base64, urllib.parse def e(): key = "HereIsFlagggg" flag = "xxxxxxxxxxxxxxxxxxx" s_box = list(range(256)) j = 0 # 打亂s_box 和flag無關 for i in range(256): j = (j + s_box[i] + ord(key[i % len(key)])) % 256 s_box[i], s_box[j] = s_box[j], s_box[i] res = [] i = j = 0 for s in flag: i = i + 1 j = (j + s_box[i]) % 256 s_box[i], s_box[j] = s_box[j], s_box[i] t = (s_box[i] + s_box[j]) % 256 k = s_box[t] res.append(chr(ord(s) ^ k)) enc = "".join(res) #原來這裡有個b64加密再解密 就等於沒變 所以改了一下 enc = urllib.parse.quote(enc) print(enc) def d(): enc = "%C2%A6n%C2%87Y%1Ag%3F%C2%A01.%C2%9C%C3%B7%C3%8A%02%C3%80%C2%92W%C3%8C%C3%BA" enc = urllib.parse.unquote(enc)#倒著往回做唄 key = "HereIsFlagggg" s_box = list(range(256)) j = 0 r=[] # 獲得s_box for i in range(256): j = (j + s_box[i] + ord(key[i % len(key)])) % 256 s_box[i], s_box[j] = s_box[j], s_box[i] i,j=0,0 for s in enc: i = i + 1 j = (j + s_box[i]) % 256 s_box[i], s_box[j] = s_box[j], s_box[i] t = (s_box[i] + s_box[j]) % 256 k = s_box[t] r.append(chr(ord(s)^k))#基本直接複製就行 異或的逆運算就是再異或一次 print("".join(r)) if __name__ == '__main__': e() d()
指令碼執行得到結果
NSSCTF{REAL_EZ_RC4}
簡簡單單的邏輯
先上指令碼
def e(): flag = 'xxxxxxxxxxxxxxxxxx' list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25] result = '' for i in range(len(list)): key = (list[i] >> 4) + ((list[i] & 0xf) << 4) a = hex(ord(flag[i]) ^ key) result += str(a)[2:].zfill(2) #分析得知 這是16進位制補全兩位 所以是一個flag字元對應兩位 print(result) def d(): list = [47, 138, 127, 57, 117, 188, 51, 143, 17, 84, 42, 135, 76, 105, 28, 169, 25] result = "bcfba4d0038d48bd4b00f82796d393dfec" nums = [] #擷取 轉換 得到原來十進位制 for i in range(0,len(result),2): nums.append("0x" + result[i:i+ 2]) for index in range(len(nums)): nums[index]=int(nums[index],16) #直接加密裡面複製key的計算 然後再異或一次即可 for i in range(len(list)): key = (list[i] >> 4) + ((list[i] & 0xf) << 4) print(chr(nums[i]^key),end="") if __name__ == '__main__': # e() d()
這看指令碼就行了
NSSCTF{EZEZ_RERE}
非常簡單的邏輯題
def e(): flag = 'xxxxxxxxxxxxxxxxxxxxx' s = 'wesyvbniazxchjko1973652048@$+-&*<>' result = '' for i in range(len(flag)): s1 = ord(flag[i]) // 17 s2 = ord(flag[i]) % 17 #就 沒啥好講的 一點點拆開打斷點除錯就能看懂計算過程 #還是flag一個字元轉換對應result的兩個字元 a = s[(s1 + i) % 34] b = s[-(s2 + i + 1) % 34] result += a + b print(result) def d(): result = 'v0b9n1nkajz@j0c4jjo3oi1h1i937b395i5y5e0e$i' s = 'wesyvbniazxchjko1973652048@$+-&*<>' #套這麼多層迴圈 主要是我不知道 取餘怎麼更方便的算回去 for x in range(-5, 5): for y in range(-5, 5): r = "" for j in range(0, len(result), 2): a = result[j] b = result[j + 1] #根據數學知識可得( s1 = int(s.index(a) + 34 * x - j / 2) s2 = -1*int(s.index(b) + 34 * y + j / 2 + 1) #去除沒啥意義的結果 if 32 < s1 * 17 + s2 < 130: r += chr(s1 * 17 + s2) else: break if len(r)==len('xxxxxxxxxxxxxxxxxxxxx'): print(r) if __name__ == '__main__': # e() d()
NSSCTF{Fake_RERE_QAQ}
fakerondom
import random
def e():
flag = 'xxxxxxxxxxxxxxxxxxxx'
#別的都不重要 就是這個隨機數種子
#同樣的隨機數種子生成的一定是相同的數字
random.seed(1)
l = []
for i in range(4):
l.append(random.getrandbits(8))
result = []
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
result.append(ord(flag[i * 5 + n]) ^ random.getrandbits(8))
print(result)
def d():
result = [201, 8, 198, 68, 131, 152, 186, 136, 13, 130, 190, 112, 251, 93, 212, 1, 31, 214, 116, 244]
random.seed(1)
ran=[]
t=[]
for x in range(4):
ran.append(random.getrandbits(8))
l=ran[0:4]
for i in range(len(l)):
random.seed(l[i])
for n in range(5):
#異或題最好寫了 基本原樣複製程式碼就行
print(chr(result[i * 5 + n]^ random.getrandbits(8)),end="")
if __name__ == '__main__':
e()
d()
NSSCTF{FakeE_random}
fakebase
def e():
flag = 'xxxxxxxxxxxxxxxxxxx'
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
tmp = ''
for i in flag:
x = bin(ord(i))
tmp += str(x)[2:].zfill(8)
b1 = int(tmp, 2)
s = ''
while b1 // 31 != 0:
c = b1 % 31
s += s_box[c]
b1 = b1 // 31
print(b1)
print(s)
def d():
s = "u#k4ggia61egegzjuqz12jhfspfkay"
# s="j3d4h1$6ggrouxktrgky5sxv6bk6i5"#測試
s_box = 'qwertyuiopasdfghjkzxcvb123456#$'
l = []
for x in s:
l.append(s_box.index(x))
l=l[::-1]
for n in range(0,31):
for x in l:
n=x+31*n
t=str(bin(n))[2:]
for j in range(0,len(t),8):
#這題最讓我迷惑 我覺得我寫的是對的
#但是拿上面的加密結果再解密出來的ascii值總差一倍
#但最後一個字元的ascii值又是對應的 所以只能除以2看看
#所以就 現在挺迷茫的
print(chr(int(int(t[j:j+8],2)/2)),end="")
print()
if __name__ == '__main__':
# e()
d()
NSSCTF{WHAt_BASe31}
astjs
經過查資料知道 這是把js檔案轉換為ast 但是我不知道怎麼轉回去
解不出 我太菜了
簡 單 的 邏 輯
我是 san兵
我真看不出
出題人說少給條件了 但可以瓊劇
密碼
帶rsa的都不會 萌新還沒學呢
crypto6
var="************************************"
flag='NSSCTF{' + base64.b16encode(base64.b32encode(base64.b64encode(var.encode()))) + '}'
print(flag)
小明不小心洩露了原始碼,輸出結果為:4A5A4C564B36434E4B5241544B5432454E4E32465552324E47424758534D44594C4657564336534D4B5241584F574C4B4B463245365643424F35485649534C584A5A56454B4D4B5049354E47593D3D3D,你能還原出var的正確結果嗎?
會用base64庫就行
import base64
x="4A5A4C564B36434E4B5241544B5432454E4E32465552324E47424758534D44594C4657564336534D4B5241584F574C4B4B463245365643424F35485649534C584A5A56454B4D4B5049354E47593D3D3D"
a=base64.b16decode(x)
a=base64.b32decode(a)
a=base64.b64decode(a)
print(a)
NSSCTF{5e110989-dc43-1bd3-00b4-9009206158fe}
Crypto7
69f7906323b4f7d1e4e972acf4abfbfc
直接md5解密
NSSCTF{md5yyds}
crypto8
介紹pyhton庫:ciphey庫! 人工智慧 yyds
直接一把梭
終端執行命令
ciphey -t "73E-30U1&>V-H965S95]I<U]P;W=E<GT`"
這個題用了uuencode
crypto9
題幹指令碼直接python執行
letter_list = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' # 字母表
# 根據輸入的key生成key列表
def Get_KeyList(key):
key_list = []
for ch in key:
key_list.append(ord(ch.upper()) - 65)
return key_list
# 加密函式
def Encrypt(plaintext, key_list):
ciphertext = ""
i = 0
for ch in plaintext: # 遍歷明文
if 0 == i % len(key_list):
i = 0
if ch.isalpha(): # 明文是否為字母,如果是,則判斷大小寫,分別進行加密
if ch.isupper():
ciphertext += letter_list[(ord(ch) - 65 + key_list[i]) % 26]
i += 1
else:
ciphertext += letter_list[(ord(ch) - 97 + key_list[i]) % 26].lower()
i += 1
else: # 如果密文不為字母,直接新增到密文字串裡
ciphertext += ch
return ciphertext
# 解密函式
def Decrypt(ciphertext, key):
plaintext = ""
i = 0
for ch in ciphertext: # 遍歷密文
if 0 == i % len(key_list):
i = 0
if ch.isalpha(): # 密文為否為字母,如果是,則判斷大小寫,分別進行解密
if ch.isupper():
plaintext += letter_list[(ord(ch) - 65 - key_list[i]) % 26]
i += 1
else:
plaintext += letter_list[(ord(ch) - 97 - key_list[i]) % 26].lower()
i += 1
else: # 如果密文不為字母,直接新增到明文字串裡
plaintext += ch
return plaintext
if __name__ == '__main__':
print("加密請按D,解密請按E:")
user_input = input();
while (user_input != 'D' and user_input != 'E'): # 輸入合法性判斷
print("輸入有誤!請重新輸入:")
user_input = input()
print("請輸入金鑰:")
key = input()
while (False == key.isalpha()): # 輸入合法性判斷
print("輸入有誤!金鑰為字母,請重新輸入:")
key = input()
key_list = Get_KeyList(key)
if user_input == 'D':
# 加密
print("請輸入明文:")
plaintext = input()
ciphertext = Encrypt(plaintext, key_list)
print("密文為:\n%s" % ciphertext)
else:
# 解密
print("請輸入密文:")
ciphertext = input()
plaintext = Decrypt(ciphertext, key_list)
print("明文為:\n%s" % plaintext)
試了試密碼NSS解密成功
Crypto10
當然你可以接著用這個
ciphey -t "AFFPGS{pbatenghyngvbaf!!!}"
NSSCTF{congratulations!!!}
ez_caesar
def caesar(plaintext):
str_list = list(plaintext)
i = 0
while i < len(plaintext):
if not str_list[i].isalpha():
str_list[i] = str_list[i]
else:
a = "A" if str_list[i].isupper() else "a"
str_list[i] = chr((ord(str_list[i]) - ord(a) + 5) % 26 + ord(a) or 5)
i = i + 1
return ''.join(str_list)
if __name__ == '__main__':
small = [chr(i) for i in range(97, 123)]
big = [chr(i) for i in range(65, 91)]
alpha = small + big
dic = {}
for flag in alpha:
str = caesar(flag)
dic[str] = flag
str = "SXXHYK{dtzmfajpstbhfjxfw}"
for x in str:
if x.isalpha():
print(dic[x], end="")
else:
print(x, end="")
分析程式碼知道 這是個靜態加密 所以直接先把所有字母對應的密文加到字典裡面 然後一一對應
NSSCTF{youhaveknowcaesar}
ez_rsa
為數不多我會寫的rsa了
工具算個d 然後再md5加密即可
d=104550CB8E2144921
pigpig
看名字就知道了 所以不想寫
traditional
題目:
西方的二進位制數學的發明者萊布尼茨,從中國的八卦圖當中受到啟發,演繹並推論出了數學矩
陣,
最後創造的二進位制數學。二進位制數學的誕生為計算機的發明奠定了理論基礎。而計算機現在改
變
了我們整個世界,改變了我們生活,而他的源頭卻是來自於八卦圖。現在,給你一組由八卦圖
方位
組成的密文,你能破解出其中的含義嗎?
震坤艮 震艮震 坤巽坤 坤巽震 震巽兌 震艮震 震離艮 震離艮
格式:NSSCTF{}
我想說 差不多得了(
八卦從內向外看 --代表0 —代表1
inp= "震坤艮 震艮震 坤巽坤 坤巽震 震巽兌 震艮震 震離艮 震離艮"
dic={"震":"100","離":"101","兌":"110","乾":"111","坤":"000","艮":"001","坎":"010","巽":"011"}
results= ""
for result in inp:
if result in dic.keys():
results+= dic[result][::-1]+""
else:
results+= " "
print(results)
results=results.split()
for index in range(0,len(results)):
print(chr(int(results[index], 2)), end="")
寫成二進位制 然後轉十進位制 然後ascii碼
NSSCTF{Da01sall}
misc
你喜歡osu嗎?
我喜歡 但不至強行安利 真的(
OSU是一個windows的音遊 要是想玩這個譜的話 可以去songs資料夾新建一個資料夾 然後把兩個檔案扔進去 你就能玩了
複製底下的鋪面資訊 對 就那一堆數字
224,224,0,5,0,0000
224,160,500,1,8,0000
224,160,1000,1,8,0000
224,160,1500,1,8,0000
224,160,2000,1,8,0000
224,224,2500,1,0,0000
224,160,3000,5,8,0000
224,160,3500,1,8,0000
224,224,4000,1,0,0000
224,224,4500,1,0,0000
224,160,5000,1,8,0000
224,224,5500,1,0,0000
224,224,6000,5,0,0000
224,224,6500,1,0,0000
224,224,7000,1,0,0000
224,160,7500,1,8,0000
224,224,8000,1,0,0000
224,160,8500,1,8,0000
224,160,9000,5,8,0000
224,160,9500,1,8,0000
224,224,10000,1,0,0000
224,160,10500,1,8,0000
224,224,11000,1,0,0000
224,160,11500,1,8,0000
224,224,12000,5,0,0000
224,160,12500,1,8,0000
224,160,13000,1,8,0000
224,160,13500,1,8,0000
224,224,14000,1,0,0000
224,224,14500,1,0,0000
224,160,15000,5,8,0000
224,160,15500,1,8,0000
224,224,16000,1,0,0000
224,160,16500,1,8,0000
224,160,17000,1,8,0000
224,224,17500,1,0,0000
224,160,18000,5,8,0000
224,160,18500,1,8,0000
224,160,19000,1,8,0000
224,160,19500,1,8,0000
224,224,20000,1,0,0000
224,160,20500,1,8,0000
224,224,21000,5,0,0000
224,160,21500,1,8,0000
224,160,22000,1,8,0000
224,160,22500,1,8,0000
224,160,23000,1,8,0000
224,160,23500,1,8,0000
224,224,24000,5,0,0000
224,160,24500,1,8,0000
224,160,25000,1,8,0000
224,224,25500,1,0,0000
224,224,26000,1,0,0000
224,160,26500,1,8,0000
224,224,27000,5,0,0000
224,160,27500,1,8,0000
224,224,28000,1,0,0000
224,160,28500,1,8,0000
224,160,29000,1,8,0000
224,224,29500,1,0,0000
224,160,30000,5,8,0000
224,224,30500,1,0,0000
224,160,31000,1,8,0000
224,160,31500,1,8,0000
224,224,32000,1,0,0000
224,160,32500,1,8,0000
224,160,33000,5,8,0000
224,224,33500,1,0,0000
224,160,34000,1,8,0000
224,224,34500,1,0,0000
224,224,35000,1,0,0000
224,160,35500,1,8,0000
224,224,36000,5,0,0000
224,160,36500,1,8,0000
224,160,37000,1,8,0000
224,224,37500,1,0,0000
224,160,38000,1,8,0000
224,160,38500,1,8,0000
224,224,39000,5,0,0000
224,224,39500,1,0,0000
224,224,40000,1,0,0000
224,160,40500,1,8,0000
224,224,41000,1,0,0000
224,160,41500,1,8,0000
224,160,42000,5,8,0000
224,160,42500,1,8,0000
224,160,43000,1,8,0000
224,160,43500,1,8,0000
224,224,44000,1,0,0000
224,160,44500,1,8,0000
224,160,45000,5,8,0000
224,160,45500,1,8,0000
224,224,46000,1,0,0000
224,160,46500,1,8,0000
224,224,47000,1,0,0000
224,160,47500,1,8,0000
224,224,48000,5,0,0000
224,160,48500,1,8,0000
224,160,49000,1,8,0000
224,224,49500,1,0,0000
224,160,50000,1,8,0000
224,160,50500,1,8,0000
224,160,51000,5,8,0000
224,160,51500,1,8,0000
224,224,52000,1,0,0000
224,160,52500,1,8,0000
224,160,53000,1,8,0000
224,160,53500,1,8,0000
224,160,54000,5,8,0000
224,224,54500,1,0,0000
224,224,55000,1,0,0000
224,160,55500,1,8,0000
224,224,56000,1,0,0000
224,160,56500,1,8,0000
224,224,57000,5,0,0000
224,160,57500,1,8,0000
224,160,58000,1,8,0000
224,160,58500,1,8,0000
224,160,59000,1,8,0000
224,160,59500,1,8,0000
224,224,60000,5,0,0000
224,160,60500,1,8,0000
224,160,61000,1,8,0000
224,160,61500,1,8,0000
224,224,62000,1,0,0000
224,160,62500,1,8,0000
224,160,63000,5,8,0000
224,160,63500,1,8,0000
224,224,64000,1,0,0000
224,160,64500,1,8,0000
224,160,65000,1,8,0000
224,224,65500,1,0,0000
224,160,66000,5,8,0000
224,160,66500,1,8,0000
224,160,67000,1,8,0000
224,160,67500,1,8,0000
224,224,68000,1,0,0000
224,160,68500,1,8,0000
224,160,69000,5,8,0000
224,224,69500,1,0,0000
224,160,70000,1,8,0000
224,160,70500,1,8,0000
224,160,71000,1,8,0000
224,224,71500,1,0,0000
224,224,72000,5,0,0000
224,160,72500,1,8,0000
224,160,73000,1,8,0000
224,224,73500,1,0,0000
224,160,74000,1,8,0000
224,224,74500,1,0,0000
224,160,75000,5,8,0000
224,160,75500,1,8,0000
224,224,76000,1,0,0000
224,160,76500,1,8,0000
224,224,77000,1,0,0000
224,160,77500,1,8,0000
224,160,78000,5,8,0000
224,160,78500,1,8,0000
224,160,79000,1,8,0000
224,160,79500,1,8,0000
224,224,80000,1,0,0000
224,160,80500,1,8,0000
224,160,81000,5,8,0000
224,224,81500,1,0,0000
224,160,82000,1,8,0000
224,224,82500,1,0,0000
224,224,83000,1,0,0000
224,160,83500,1,8,0000
224,224,84000,5,0,0000
224,160,84500,1,8,0000
224,160,85000,1,8,0000
224,160,85500,1,8,0000
224,160,86000,1,8,0000
224,160,86500,1,8,0000
224,224,87000,5,0,0000
224,160,87500,1,8,0000
224,224,88000,1,0,0000
224,160,88500,1,8,0000
224,224,89000,1,0,0000
224,224,89500,1,0,0000
224,224,90000,5,0,0000
224,160,90500,1,8,0000
224,160,91000,1,8,0000
224,224,91500,1,0,0000
224,224,92000,1,0,0000
224,160,92500,1,8,0000
224,224,93000,5,0,0000
224,160,93500,1,8,0000
224,224,94000,1,0,0000
224,160,94500,1,8,0000
224,224,95000,1,0,0000
224,224,95500,1,0,0000
224,224,96000,5,0,0000
224,160,96500,1,8,0000
224,224,97000,1,0,0000
224,224,97500,1,0,0000
224,224,98000,1,0,0000
224,224,98500,1,0,0000
224,160,99000,5,8,0000
224,160,99500,1,8,0000
224,224,100000,1,0,0000
224,160,100500,1,8,0000
224,224,101000,1,0,0000
224,160,101500,1,8,0000
然後觀察嘛 第二個數字 224轉為0 160轉為1 然後8位轉換一個十進位制 當ascii碼用 最後來個翻轉
import re
if __name__ == '__main__':
with open("a.txt", "r")as file:
s = file.read()
s = s.split("\n")
for index in range(0, len(s)):
s[index] = s[index].split(",")[1]
if s[index] == "224":
s[index] = "0"
else:
s[index] = "1"
s="".join(s)
zero_one=re.findall(".{8}",s)
r=[]
for x in zero_one:
r.append(chr(int(x,2)))
print("".join(r[::-1]))
here_is_a_bug
真的 我一定是非預期解
右鍵資料夾 使用防毒軟體防毒(
開啟得知flag
NSSCTF{oh_you_catch_the_bug}
原來你也玩原神
異世相遇 盡享美味!
file命令知道是個mp3
看了頻譜檔案 不是摩斯啥的
用MP3stego解密 密碼留空就行
解密出一個txt檔案 看內容有PK
字尾名改為.zip
裡面一個txt
NSSCTF{So_you_also_play_Genshin_impact}
Mooooooooooorse
AU開啟 你拿別的音訊軟體開啟也行 敲個摩斯碼
解密就行了
檔案已經忘了 不想再敲了
Bill
看提示應該是個excel表格
字尾改為.xlsx 但是有密碼
說不要被表象迷惑 猜測可能是有隱寫或者偽加密
foremost分離得到壓縮包
字尾名再改xlsx開啟檔案
然後修改一下excel表格 把所有的都換成中文大寫數字之後 把指令碼拿出來
(上次DAS也有算錢的題...那個表格還比這個長
import openpyxl
import re
def trad_to_int(money):
# 轉換字典
trad_dict = {
'零':0,
'壹':1,
'貳':2,
'叄':3,
'肆':4,
'伍':5,
'陸':6,
'柒':7,
'捌':8,
'玖':9,
'拾':10,
'佰':100,
'仟':1000,
'萬':10000,
'億':100000000,
'角':0.1,
'分':0.01
}
trad = re.search(r"[零壹貳叄肆伍陸柒捌玖拾佰仟億角分]+", money)
if trad is not None:
num = 0
add = 0
sum = 0
for i in money:
if i in ['零','壹','貳','叄','肆','伍','陸','柒','捌','玖']:
add = trad_dict[i]
sum = sum + add
elif i in ['拾','佰','仟','億','角','分']:
num = add * trad_dict[i]
sum = sum - add
sum = sum + num
add = num
elif i == '萬' or i == '億':
sum = sum * trad_dict[i]
return float(sum)
else:
return money
def main():
submoneyCN = ["", "拾", "佰", "仟"]
numsCN = {"零": 0, "壹": 1, "貳": 2, "叄": 3, "肆": 4, "伍": 5, "陸": 6, "柒": 7, "捌": 8, "玖": 9}
w = openpyxl.open("00000025.xlsx")
ws = w.active
# 獲取第一列 即單件商品金額
t = ws['A']
t1=[]
for x in range(1,len(t)):
t1.append(trad_to_int(t[x].value))
print(t1)
# 獲取第二列並處理
t = ws['B']
t2=[]
for x in range(1,len(t)):
t2.append(trad_to_int(t[x].value))
print(t2)
r=0
for index in range(0,len(t2)):
r+=float(t1[index])*float(t2[index])
print(r)
if __name__ == '__main__':
main()
跑指令碼
NSSCTF{5030782.26}
ZIPBOMB
我也不知道他為啥沒炸 反正我直接解壓了
010中得flag
NSSCTF{Z1p_B00m_d1sp0sal}
gif好像有點大
那確實挺大得 最開始以為是隱寫
看了看gif發現他只是長而已...
拆分gif指令碼
from PIL import Image
import os
pic=Image.open("CTF.gif")
try:
i=0
while True:
pic.seek(i)#搜尋檔案幀數
pic.save(str(i)+".png")
i+=1
except:
pass
然後有一幀裡面有個二維碼 掃描即可