Newstar_week1-2_wp
week1 wpcrypto
一眼秒了
n费马分解再rsa
flag:
import libnum
import gmpy2
from Crypto.Util.number import *
p =9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q =11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
e =65537
c =48757373363225981717076130816529380470563968650367175499612268073517990636849798038662283440350470812898424299904371831068541394247432423751879457624606194334196130444478878533092854342610288522236409554286954091860638388043037601371807379269588474814290382239910358697485110591812060488786552463208464541069
n = 52147017298260357180329101776864095134806848020663558064141648200366079331962132411967917697877875277103045755972006084078559453777291403087575061382674872573336431876500128247133861957730154418461680506403680189755399752882558438393107151815794295272358955300914752523377417192504702798450787430403387076153
p = gmpy2.iroot(n,2)-10000
while not isPrime(p) : p += 1
q = p + 2
while not isPrime(q) : q += 2
while p*q - n != 0 :
p = q
q += 2
while not isPrime(q) : q += 2
phi_n = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi_n)
m = pow(c, d, n)
print(m)
flag = libnum.n2s(int(m))
print(flag)b'flag{9cd4b35a-affc-422a-9862-58e1cc3ff8d2}'
Base
4C4A575851324332474E324547554B494A5A4446513653434E564D444154545A4B354D45454D434E4959345536544B474D5134513D3D3D3D
base16
base32
base64
flag{B@sE_0f_CrYpt0_N0W}
xor
from Crypto.Util.number import bytes_to_long, long_to_bytes
# 已知的密钥和加密后的数据
key = b'New_Star_CTF'
c1 = 8091799978721254458294926060841
c2 = b';:\x1c1<\x03>*\x10\x11u;'
# 恢复 m1
m1 = c1 ^ bytes_to_long(key)
m1_bytes = long_to_bytes(m1)
# 恢复 m2
def xor_bytes(a, b):
return bytes()
m2 = xor_bytes(c2, key)
# 拼接 m1 和 m2 得到完整的 flag
flag = 'flag{' + m1_bytes.decode('utf-8') + m2.decode('utf-8') + '}'
print(flag)flag
{flag{0ops!_you_know_XOR!}}misc
Labyrinth
LSB隐写
SilentEye打开发现里面有二维码,直接扫
web
会赢吗
part1
F12
藏在源代码里,还给了下一关的目录
part2
稍微看一下代码,await等待接受一个参数className,这个参数跟在/api/flag/,就是我们第一关源码泄露出来的目录名,这段代码接收后就将POST请求头补充完整,否则post请求就不会传递任何信息,导致后一个if里的response.ok的bool值为0,所以只需要我们在控制台里将className的正确值给他
只需要调用revealFlag函数,将目录名传给他,一开始传的格式不太对,后来发现不需要加/因为他的代码里已经有/了,所以只需要给名字就ok
恭喜你!你获得了第二部分的 flag: IV95NF9yM2Fs
……
时光荏苒,你成长了很多,也发生了一些事情。去看看吧:/s34lpart3
document.addEventListener('DOMContentLoaded', function () {
const form = document.getElementById('seal_him');
const stateElement = document.getElementById('state');
const messageElement = document.getElementById('message');
form.addEventListener('submit', async function (event) {
event.preventDefault();
if (stateElement.textContent.trim() !== '解封') {
messageElement.textContent = '如何是好?';
return;
}
try {
const response = await fetch('/api/flag/s34l', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ csrf_token: document.getElementById('csrf_token').value })
});
if (response.ok) {
const data = await response.json();
messageElement.textContent = `第三部分Flag: ${data.flag}, 你解救了五条悟!下一关: /${data.nextLevel || '无'}`;
} else {
messageElement.textContent = '请求失败,请重试。';
}
} catch (error) {
messageElement.textContent = '请求过程中出现错误,请重试。';
}
});
});在控制台输入
document.getElementById('state').textContent = '解封';然后点解封
第三部分Flag: MXlfR3I0c1B, 你解救了五条悟!下一关: /Ap3xpart4
禁用js
{
"flag": "fSkpKcyF9",
"nextLevel": null
}ZmxhZ3tXQTB3IV95NF9yM2FsMXlfR3I0c1BfSkpKcyF9
一眼base64
flag{WA0w!_y4_r3al1y_Gr4sP_JJJs!}
智械危机
进robots.txt会给一个目录,进去看到是一段php脚本
题目分析
访问index.php自动重定向到index.html
pizwww.php:
页:
[1]