tctf
# PREFACE:状态差,本来不想打了,但是又不想浪费时间,刚电子 ed 结束五个小时又开始了打个 rpg 好累
# 确实状态差,最近老是抱着不出题的心态开始做,有点啥思路反正又丢给别人自己不知道在干嘛,有始有终给 wp 水了吧,,,
# tmux
符号表打进去,其实用处不大
git clone https://github.com/tmux/tmux.git
cd tmux
git checkout bdf8e614af34ba1eaa8243d3a818c8546cb21812
sudo apt-get install libevent-dev libncurses-dev
./autogen.sh
./configure CFLAGS="-g -O0"
make
找这段(十六进制搜):
调调看看发现是 aes,key 只有 012
(偷 sink 爷个脚本)
from Crypto.Cipher import AES | |
for i1 in range(1, 3): | |
for i2 in range(1, 3): | |
for i3 in range(1, 3): | |
for i4 in range(1, 3): | |
for i5 in range(1, 3): | |
for i6 in range(1, 3): | |
for i7 in range(1, 3): | |
for i8 in range(1, 3): | |
for i9 in range(1, 3): | |
for ia in range(1, 3): | |
for ib in range(1, 3): | |
for ic in range(1, 3): | |
for id in range(1, 3): | |
for ie in range(1, 3): | |
for iff in range(1, 3): | |
for i10 in range(1, 3): | |
key = [ | |
i1, | |
i2, | |
i3, | |
i4, | |
i5, | |
i6, | |
i7, | |
i8, | |
i9, | |
ia, | |
ib, | |
ic, | |
id, | |
ie, | |
iff, | |
i10, | |
] | |
aes = AES.new(key=bytes(key), mode=AES.MODE_ECB) | |
p1 = bytes.fromhex("D47D8FE192A9605A5E8EDCADE2DBBEDC") | |
flag = aes.decrypt(p1) | |
if flag.startswith(b"flag{"): | |
p1 = bytes.fromhex( | |
"D47D8FE192A9605A5E8EDCADE2DBBEDC9E103EBAF7DB72DAF73367D9FA13043F680D89FE7399908919E4530E3EC8C3D0" | |
) | |
flag = aes.decrypt(p1) | |
print(flag) | |
exit() |
# RPC
golangRPC,加密套娃玩意
main__ptr_S_A 是加密,python tcp 协议按顺序传一下包即可调试
然后就是加密套娃