728x90
반응형
728x90
반응형
RSA
728x90
반응형

System32.kr

RSA108 풀이

 

rsa107문제랑 거의 똑같다.

n값을 base-16 hex로 보면 rsa107문제처럼 중간에 0이 많이 있다.

728x90

000...000을 기준으로 앞 뒤 잘라서 factor을 찾으면

이렇게 나온다.

저 공통인수를 p로 두고 n/p 로 q를 구할 수 있다.

p랑 q 구했으니 d구해서 c 복호화하면 끝.

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA108] 풀이  (0) 2021.01.19
System32.kr [RSA107] 풀이  (0) 2021.01.18
System32.kr [EZB64] 풀이  (0) 2019.12.28
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
RSA
728x90
반응형

System32.kr

RSA107 풀이

 

간만에 system32.kr 문제를 풀었다.

 

보면 모듈러 n 중간에 많은 0이 특징이다.

 

 

rsa 문제 풀이들을 찾아보다가

 

ctftime.org/writeup/22977

 

CTFtime.org / Crypto CTF 2020 / Decent RSA / Writeup

Tags: polynomials rsa  Rating: 4.5

ctftime.org

이런 풀이인가 싶었는데, 여기 풀이는 n값이 대부분 0으로 구성되었을 때였다.

 

728x90

그러다가 포스트 하나를 찾았다.

party4bread.github.io/a-year-of-ctf-rsa/#pq%EC%97%90-0%EC%9D%B4-%EB%A7%8E%EC%9D%84-%EA%B2%BD%EC%9A%B0

 

A year of CTF RSA | Haven 4 BREAD

1년정도 CTF 뉴비로 있으면서 (아직도 뉴비지만) 겪었던 RSA 문제들의 유형을 대략 정리했습니다.

party4bread.github.io

오 출제자님 블로그

 

 

1234..00000000...1234 이런 식으로 구성되어 있으면 p나 q중에 하나는 100000...00 + z 형태를 취하고 있을 가능성이 높다.

 

따라서 n값을 0000...000을 기준으로 큰 부분을 a로 두고

작은 부분을 b로 두어 b/a를 계산하였더니 나누어 떨어졌다.

 

p = 1000...0000 + 961

이렇게 p와 q를 구할 수 있다.

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA108] 풀이  (0) 2021.01.19
System32.kr [RSA107] 풀이  (0) 2021.01.18
System32.kr [EZB64] 풀이  (0) 2019.12.28
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
728x90
반응형

System32.kr 

[EZB64] 풀이

 

 

 

코드는 이러하다 :

import flag
flag = flag.EZB64
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
import base64,random,string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
rtable = ''.join(random.sample(table,len(table)))
tb=string.maketrans(table,rtable)
orig=base64.b64encode(story+flag)
print(orig.translate(tb))
#Output : CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=

 

table = A-Za-z0-9+/

 

stroy에 flag를 붙여서 base64 인코딩을 하고, 랜덤으로 만든 테이블로 치환을 해서 출력을 한다.

 

 

 

만약

table=ABCDE

rtable=qwert

이면, A는 q로, B는 w로 치환하는 것이다.

 

 

 

 

 

flag를 얻기 위해서는 rtable를 구해야 한다.

 

샘플을 충분히 제공하기 때문에, rtable를 쉽게 구할 수 있다.

 

story만을 base64로 인코딩하면 VGhlIHVzYWdlICJjcmliIi....이 나오는데

 

이를 Output과 비교를 하게 되면 V->C, G->p, h->I 이렇게 1:1대응이 된다.

 

 

 

 

 

 

1:1 대응 리스트를 쫙 뽑아서 rtable를 만들고 rtable->table로 Output를 바꿔주어서 base64 디코딩을 하면 flag를 구할 수 있다.

 

 

python2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
 
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
 
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
 
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
 
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
 
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
 
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
 
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
 
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
 
tran='''CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=
'''
 
import base64, string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
table_dict = dict.fromkeys(table, '?')
#rtable = ''.join(random.sample(table,len(table)))
orig=base64.b64encode(story)
 
for i in range(0len(orig)-4):
    table_dict[orig[i]] = tran[i]
    #print(orig[i]+";;"+tran[i])
 
tdv = table_dict.values()
rtable=""
for j in range(len(table)):
    rtable += table_dict[table[j]]
print(rtable)
tb=string.maketrans(rtable,table)
btran = tran.translate(tb)
print(base64.b64decode(btran))
 
cs

 

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA108] 풀이  (0) 2021.01.19
System32.kr [RSA107] 풀이  (0) 2021.01.18
System32.kr [EZB64] 풀이  (0) 2019.12.28
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
728x90
반응형

System32.kr

RSA106 풀이

 

이번에는 작은 e값과 다른 n값이 주어질 때다.

 

문제를 보면 n, c값이 각각 7개가 주어진다.

 

n0 = 10022036265379037873283606776808482557866459308090111534883940865718177639983512662119342281119416241158033537298567286851709556229498058859877121683228774596682463530354223972067629198444968982788922250713559891865919261816911330848802614913631706032562776893224597357355324255263321117746371249374897281379618765006492730806494403308111072966637211560823960482878492897669436775113233218090173773953205373859777529204336743904524724605913439667291642450283502539056317167865950955271726411160185108661710605305209881749978968104668372320740311039079195405595564405545553067816984977942352952679613295335945453198237
e0 = 7
c0 = 7391172673494652807685679927464443742804469716124686497937352685631944739927403334100753118718810827819939551249092644730733640887813475157863909267732710966904033874563749607452101004880603517576015117231543666882714876053816889315304434716583902097326869862769223330226929267650196146699723546298777721549327230579524043853731525842228354074211952590809573512193002908675659981910521560218722078118583409532890190350278993572874200629804040761922640444870232404736174533503458666401049021690701120014711135662159756073554655169987524174160454336199103732766648969310872094773896573037726906071280884398964499625020
n1 = 5466545789924978392117734846441651025566944649290017587961487324101229594609777422305368037344954585418241587633957551279641772525768764611188988227720597556634650034264505822514430445671371902394845226110100975570935303274836520009041255673258743208173396958290432905543148641745168024380646078191379194650244323448918977124653886707963511968894925605598683697007725355334218510153808020236986866621440493131392397106674236875719949237921916816824901951782815445968997182425608119302657645645838081847911729329333764403590828687896595484627953582720022494684431177689169562431514156723717431880081981556861583018517
e1 = 7
c1 = 2843216698827041985234155126413219625102551967694195507616270458944256794024725727982775312996964360225107871298400288303715856835949437523897251998356574507142899492557143968158430397540293189973986706379386430519381858403628687144765951766733259166975201698201001559608435647196300391229794290104430338488390377935687114237067952186727947306540592887865659962691657932063711547531829312199823488118775597548579002212505954186919111624039557627729228692097539779090276034544147566301508294383730646789567286167983001460941761651651550106133788841812817514137482151210600991083197714286954280138543861307503606716687
n2 = 5216273350923762348996819172932047657740263255248423536832070896504436079290996116053910458202206066607495080005143242081376348478552546332314483414339219088245406077072653291793201707938210052137737032136008691204273974883871392886847900590411035963981133018158012140770585855836554605968542686051767074445169576528595295868833612083435959789899465479063315706805137423972403304919456897675923521668190245644201632092213606749130854730067502251227674778549657054487536558408785381601255488927062660442522496864532745842104460605804514922118066012819002689049981557892095296223518873642160006462186453091627377846719
e2 = 7
c2 = 2302840660982990706559514467752282608279989971179438892300937945447548784136021634663470424995563089657378083878340327507907273677046617011731588253183115962507981205380038591937454135692479378461272309601984068994340223460110011927750428790367899740123933101545519333275378177450046677349361228228756023343552737751276656981842493825940592644061106798477517795237715348144352954728534699021231559916391882314536204099649751257130666668855055343556693412599766542087842727824032038771853002304289245363376208213623603995010083510086051017014020583014841158059684157033215101586049552797894220844380611133865673630801
n3 = 23877677498268410284879275681599753946472064168982107017698987574875291853430610166705520818854679284024035965166084667071782959877626088875201104444061372210767667483286033873186027043018865270765379778972734594727020084433542927434622162385031073045949543728094450158066806302710336945902706311444702067892897382023369572561933840697091647190739941807440726157963736515169755622514090303488227644584510175870987096541366007967982302476854613123392400570876217436169696368690150208874814955767774660004903549034030453797617219708937501949676157124852802614561580437881345741238143591504284958256829966154954860310643
e3 = 7
c3 = 21542650580244090952784375188737468745448203348922868429406196302086271073676866277485976451720227641278427496915785578412784529024335740676758107987503859146577358215708248682437455044274509620470752764937668805057881069241160619380098319880566533327878406656365405208233812965208982731078254898819598904848966997244978017829737683687504578693319927257965587343277686790692897770069007188699761774062935389828173866322096724684461746266895396261083359145450376711339892131239899937109104845549497760224715797430549267596702844680269969086579967938513817206661072633561450576990683873838952925270459005180113251070249
n4 = 14095304106189288640829933284328100925981109805290171926596523882500992828050689610054551419208961617895244032677408948518722739184220513962788253695294440224817835843547289773514113860609727834208120554675150777100035341397359695754443831969620545126239117460426602273999534524462242741389375433175237422632997941648269022097426901783701566115072520388843879171454672942810241915423341751813855234874758865121037886735845464875242609743056346324057991215234482527871877337706502944703023808957350962273199545033462807203671480858363579332623386369851297631986187711675134368500976725781503614885257984375549898158689
e4 = 7
c4 = 5841298358718613696062311056221508337701416292725004974138314539876150378702426703549430117040191903647122061403407396288001626124108215908094632322171004807595060730467760110047822011747633210272450557602443585240325321882265082987790788937409746656818781811819115452970840966600299402274664167896074281874767663751931697405940475209595160606989446399735956632932740140774120362773964862067823210273048778380937955790417026758705126758582714675929109140032046187572583702405164513719448544031934183587141634161632757693697249167749952737814924049718225194470053426092226496663009906557955566430066736079650924094775
n5 = 2805822354201662117320594043711993782804865769293499426012360087817858551003001395302163740603703828195195932459444805174556152674013174027197071452536007720377642902614079800876454139985267840390802982000981391589121247087945323071621814892873054291187100453510563927190923456819020327967812411342557586095287060637718034456241630931342321644065932761169946330107762168341828247523519427454538373734712173180277190763105614286976239296025622448068573996830818370176355468420604889972971911137825122031079799394840034520000378583048365213663261323826755042085539056699658078298352991498848183741926741253336809983081
e5 = 7
c5 = 1840296233218477853481534562215626625414182376149520279565477106636326502423629202398872352247072974928247089059258779616805363438919346177179751144150840146502100528681001973857981344372271699254564085124019490542816704779558116713918712764905289545904746631301089653173086838314931849726257101196974182707388814949943497825270433233859953596462571591644141313685767121169211812959266024665387037379326240471760061808331954030889737904363024686917008151847474903564630772753685195974245871917099262116749552267414561620711561171348300446183668428521497810537883987976853838751652062973640912281502768323552961119727
n6 = 25454009749168470343695633209096091829115329722572151778843118833425745470034996921255287732666381145235781038972818879902175747917173596391714646458631517429967987558853821226063117620100131280109980358660151611745478185529770001530290709260636770225215186800776097876644514962324976911466656250316831758848397129882568596479711529118559633884457580705072157006277242414838614921959845416195868135339484150235079747708585021249992266719965641249640344662274664797188479304252760363884135230450876493335745378727727079727827645384850449255019980920544237025044248135670516643488962958548195014144666470074377908386063
e6 = 7
c6 = 789032093589329919433103064912734499692800138044594105985741187192587133548423627123979828515942204884228205644612915396782678903901468096055669312556620684388723470685365523376229767716532460150705694588934426363146781448912873886792079146178749619507171787017137430583992061952004088013585625578578697225347700205144867425958935656640766720643294601810945228322481781587820554087577038637902482084286507222529109418279162740318995563410236088568237694026601631788889001088963413678782229872782538151806577918829849586853938669782376616395525544507480942096894639889844916812413303666411186051339002485237155449662

 

http://blog.naver.com/PostView.nhn?blogId=yjw_sz&logNo=221441769257&parentCategoryNo=&categoryNo=46&viewDate=&isShowPopularPosts=true&from=search

 

RSA for CTF

1. d 값 계산복호화를 하기 위해 d 값이 필요한데, e 값이 주어지고 d 값을 모르는 경우가 대부분이다.e * ...

blog.naver.com

'5. 하스타드 공격'에 나와있는 코드를 수정하여 문제를 풀었다.

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import binascii
from Crypto.PublicKey import RSA
from base64 import b64decode
 
print "\n"
print "\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
print "\t        RSA Hastad Attack         "
print "\t         JulesDT -- 2016          "
print "\t         License GNU/GPL          "
print "\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
 
def chinese_remainder(n, a):
    sum = 0
    prod = reduce(lambda a, b: a*b, n)
 
    for n_i, a_i in zip(n, a):
        p = prod / n_i
        sum += a_i * mul_inv(p, n_i) * p
    return sum % prod
 
def mul_inv(a, b):
    b0 = b
    x0, x1 = 01
    if b == 1return 1
    while a > 1:
        q = a / b
        a, b = b, a%b
        x0, x1 = x1 - q * x0, x0
    if x1 < 0: x1 += b0
    return x1
 
def find_invpow(x,n):
    high = 1
    while high ** n < x:
        high *= 2
    low = high/2
    while low < high:
        mid = (low + high) // 2
        if low < mid and mid**< x:
            low = mid
        elif high > mid and mid**> x:
            high = mid
        else:
            return mid
    return mid + 1
 
def parseC(argv, index, verbose):
    import string
    file = open(argv[index],'r')
    cmd = ' '.join(argv)
    fileInput = ''.join(file.readlines()).strip()
    if '--decimal' in cmd:
        if verbose:
            print "##"
            print "##",fileInput
            print "## Considered as decimal input"
            print "##"
        return long(fileInput)
    elif '--hex' in cmd:
        if verbose:
            print "##"
            print "##",fileInput
            print "## Considered as hexadecimal input"
            print "##"
        return long(fileInput,16)
    elif '--b64' in cmd:
        if verbose:
            print "##"
            print "##",fileInput
            print "## Considered as base64 input"
            print "##"
        return long(binascii.hexlify(binascii.a2b_base64(fileInput)),16)
    else:
        try:
            fileInput = long(fileInput)
            if verbose:
                print "##"
                print "##",fileInput
                print "## Guessed as decimal input"
                print "##"
            return long(fileInput)
        except ValueError:
            if all(c in string.hexdigits for c in fileInput):
                if verbose:
                    print "##"
                    print "##",fileInput
                    print "## Guessed as hexadecimal input"
                    print "##"
                return long(fileInput,16)
            else:
                if verbose:
                    print "##"
                    print "##",fileInput
                    print "## Guessed as base64 input"
                    print "##"
                return long(binascii.hexlify(binascii.a2b_base64(fileInput)),16)
            pass
 
def parseN(argv,index):
    file = open(argv[index],'r')
    fileInput = ''.join(file.readlines()).strip()
    try:
        fileInput = long(fileInput)
        return fileInput
    except ValueError:
        from Crypto.PublicKey import RSA
        return long(RSA.importKey(fileInput).__getattr__('n'))
        pass
 
 
if __name__ == '__main__':
    e = 7
 
    n1 = 10022036265379037873283606776808482557866459308090111534883940865718177639983512662119342281119416241158033537298567286851709556229498058859877121683228774596682463530354223972067629198444968982788922250713559891865919261816911330848802614913631706032562776893224597357355324255263321117746371249374897281379618765006492730806494403308111072966637211560823960482878492897669436775113233218090173773953205373859777529204336743904524724605913439667291642450283502539056317167865950955271726411160185108661710605305209881749978968104668372320740311039079195405595564405545553067816984977942352952679613295335945453198237
    n2 = 5466545789924978392117734846441651025566944649290017587961487324101229594609777422305368037344954585418241587633957551279641772525768764611188988227720597556634650034264505822514430445671371902394845226110100975570935303274836520009041255673258743208173396958290432905543148641745168024380646078191379194650244323448918977124653886707963511968894925605598683697007725355334218510153808020236986866621440493131392397106674236875719949237921916816824901951782815445968997182425608119302657645645838081847911729329333764403590828687896595484627953582720022494684431177689169562431514156723717431880081981556861583018517
    n3 = 5216273350923762348996819172932047657740263255248423536832070896504436079290996116053910458202206066607495080005143242081376348478552546332314483414339219088245406077072653291793201707938210052137737032136008691204273974883871392886847900590411035963981133018158012140770585855836554605968542686051767074445169576528595295868833612083435959789899465479063315706805137423972403304919456897675923521668190245644201632092213606749130854730067502251227674778549657054487536558408785381601255488927062660442522496864532745842104460605804514922118066012819002689049981557892095296223518873642160006462186453091627377846719
    n4 = 23877677498268410284879275681599753946472064168982107017698987574875291853430610166705520818854679284024035965166084667071782959877626088875201104444061372210767667483286033873186027043018865270765379778972734594727020084433542927434622162385031073045949543728094450158066806302710336945902706311444702067892897382023369572561933840697091647190739941807440726157963736515169755622514090303488227644584510175870987096541366007967982302476854613123392400570876217436169696368690150208874814955767774660004903549034030453797617219708937501949676157124852802614561580437881345741238143591504284958256829966154954860310643
    n5 = 14095304106189288640829933284328100925981109805290171926596523882500992828050689610054551419208961617895244032677408948518722739184220513962788253695294440224817835843547289773514113860609727834208120554675150777100035341397359695754443831969620545126239117460426602273999534524462242741389375433175237422632997941648269022097426901783701566115072520388843879171454672942810241915423341751813855234874758865121037886735845464875242609743056346324057991215234482527871877337706502944703023808957350962273199545033462807203671480858363579332623386369851297631986187711675134368500976725781503614885257984375549898158689
    n6 = 2805822354201662117320594043711993782804865769293499426012360087817858551003001395302163740603703828195195932459444805174556152674013174027197071452536007720377642902614079800876454139985267840390802982000981391589121247087945323071621814892873054291187100453510563927190923456819020327967812411342557586095287060637718034456241630931342321644065932761169946330107762168341828247523519427454538373734712173180277190763105614286976239296025622448068573996830818370176355468420604889972971911137825122031079799394840034520000378583048365213663261323826755042085539056699658078298352991498848183741926741253336809983081
    n7 = 25454009749168470343695633209096091829115329722572151778843118833425745470034996921255287732666381145235781038972818879902175747917173596391714646458631517429967987558853821226063117620100131280109980358660151611745478185529770001530290709260636770225215186800776097876644514962324976911466656250316831758848397129882568596479711529118559633884457580705072157006277242414838614921959845416195868135339484150235079747708585021249992266719965641249640344662274664797188479304252760363884135230450876493335745378727727079727827645384850449255019980920544237025044248135670516643488962958548195014144666470074377908386063
 
    c1 = 7391172673494652807685679927464443742804469716124686497937352685631944739927403334100753118718810827819939551249092644730733640887813475157863909267732710966904033874563749607452101004880603517576015117231543666882714876053816889315304434716583902097326869862769223330226929267650196146699723546298777721549327230579524043853731525842228354074211952590809573512193002908675659981910521560218722078118583409532890190350278993572874200629804040761922640444870232404736174533503458666401049021690701120014711135662159756073554655169987524174160454336199103732766648969310872094773896573037726906071280884398964499625020
    c2 = 2843216698827041985234155126413219625102551967694195507616270458944256794024725727982775312996964360225107871298400288303715856835949437523897251998356574507142899492557143968158430397540293189973986706379386430519381858403628687144765951766733259166975201698201001559608435647196300391229794290104430338488390377935687114237067952186727947306540592887865659962691657932063711547531829312199823488118775597548579002212505954186919111624039557627729228692097539779090276034544147566301508294383730646789567286167983001460941761651651550106133788841812817514137482151210600991083197714286954280138543861307503606716687
    c3 = 2302840660982990706559514467752282608279989971179438892300937945447548784136021634663470424995563089657378083878340327507907273677046617011731588253183115962507981205380038591937454135692479378461272309601984068994340223460110011927750428790367899740123933101545519333275378177450046677349361228228756023343552737751276656981842493825940592644061106798477517795237715348144352954728534699021231559916391882314536204099649751257130666668855055343556693412599766542087842727824032038771853002304289245363376208213623603995010083510086051017014020583014841158059684157033215101586049552797894220844380611133865673630801
    c4 = 21542650580244090952784375188737468745448203348922868429406196302086271073676866277485976451720227641278427496915785578412784529024335740676758107987503859146577358215708248682437455044274509620470752764937668805057881069241160619380098319880566533327878406656365405208233812965208982731078254898819598904848966997244978017829737683687504578693319927257965587343277686790692897770069007188699761774062935389828173866322096724684461746266895396261083359145450376711339892131239899937109104845549497760224715797430549267596702844680269969086579967938513817206661072633561450576990683873838952925270459005180113251070249
    c5 = 5841298358718613696062311056221508337701416292725004974138314539876150378702426703549430117040191903647122061403407396288001626124108215908094632322171004807595060730467760110047822011747633210272450557602443585240325321882265082987790788937409746656818781811819115452970840966600299402274664167896074281874767663751931697405940475209595160606989446399735956632932740140774120362773964862067823210273048778380937955790417026758705126758582714675929109140032046187572583702405164513719448544031934183587141634161632757693697249167749952737814924049718225194470053426092226496663009906557955566430066736079650924094775
    c6 = 1840296233218477853481534562215626625414182376149520279565477106636326502423629202398872352247072974928247089059258779616805363438919346177179751144150840146502100528681001973857981344372271699254564085124019490542816704779558116713918712764905289545904746631301089653173086838314931849726257101196974182707388814949943497825270433233859953596462571591644141313685767121169211812959266024665387037379326240471760061808331954030889737904363024686917008151847474903564630772753685195974245871917099262116749552267414561620711561171348300446183668428521497810537883987976853838751652062973640912281502768323552961119727
    c7 = 789032093589329919433103064912734499692800138044594105985741187192587133548423627123979828515942204884228205644612915396782678903901468096055669312556620684388723470685365523376229767716532460150705694588934426363146781448912873886792079146178749619507171787017137430583992061952004088013585625578578697225347700205144867425958935656640766720643294601810945228322481781587820554087577038637902482084286507222529109418279162740318995563410236088568237694026601631788889001088963413678782229872782538151806577918829849586853938669782376616395525544507480942096894639889844916812413303666411186051339002485237155449662
 
    n = [n1,n2,n3,n4,n5,n6,n7]
    a = [c1,c2,c3,c4,c5,c6,c7]
 
    result = (chinese_remainder(n, a))
    resultHex = str(hex(find_invpow(result,e)))[2:-1]
    print ""
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    print "Decoded Hex :\n",resultHex
    print "---------------------------"
    print "As Ascii :\n",resultHex.decode('hex')
    print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
 
cs

 

FLAG : FLAG{}

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA107] 풀이  (0) 2021.01.18
System32.kr [EZB64] 풀이  (0) 2019.12.28
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
728x90
반응형

System32.kr

RSA104 풀이 : e가 매우 큰 경우

 

 

RSA와 관련하여 다양한 공격들이 정리되어 있는 포스트 :

 

http://blog.naver.com/PostView.nhn?blogId=yjw_sz&logNo=221441769257&parentCategoryNo=&categoryNo=46&viewDate=&isShowPopularPosts=true&from=search

 

RSA for CTF

1. d 값 계산복호화를 하기 위해 d 값이 필요한데, e 값이 주어지고 d 값을 모르는 경우가 대부분이다.e * ...

blog.naver.com

 

n : 3032477561712159969038624247612606302727093197744745572360777744993048030579151290131884950670071512201722458811242592707243074323418373868073398996531180136126242688542841461913438478172053913773719857973056957510415089185531311916330433139160859155532409659622858101341629671133093910407988882203728644794239348874379289178268208136028146328608462805956004322306707963431825015814504527120066991706462521947050575789728072629790386979812591216920320695619189898158302924158362481320767791340177005794951187859952230300784183151549243274733552565133526078458260073961873518009693814714967027162359505297313081834097
e : 1284326209972781865603077160971589716597082902272211399147338196589345961573850891014620874113849550830317643345862732752124534686326463252899962000181188143162889928709347890165345017914959645496102666603718956753486894961504533642515954173645086524281277713918605331772209589332254176733343767685347067353884996601325356300748766439627935771840516032698936889600866124222228999743139709077148311384874536127451456213137422854764346519585961972790189180618601186990003649947864963747868420118048077351758919340934501383717797396822778472985089935849274746400142421412113278085759384358033116596950545779218825432105
c : 1806317310369980009932706441907756891122685977239032637376117653939592629181132498482038670618195984694250867867129559863693561069046351110958045303559854954588234447977692922829988785926862451801584819310702407585491177718755152055518733553927421577214740347956274468684747058682785453167186126384869898095355009620193273626895484591988153555158110880196986268949355968500092832237411654394295951441648748044375864656268901973180401377014754165200068392806529746504801815744345095507516459256483869799173054189822960434563127784898151685448212418354649354925633786590825084141495329161421555698179241894408873422390

 

e가 매우 크므로 위너 공격을 사용하면 된다. 위에 올려둔 포스트대로 코드를 수정하여 사용했다.

 

그러면 d값을 구할 수 있다. 

Hacked!
D = 1235441821

 

복호화 작업

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
def powermod4(a, b, n):
    if b == 1:
        return a % n
    r = powermod4(a, b / 2, n)
    r = r * r % n
    if (b & 1== 1:
        r = r * a % n
    return r
#c^d mod N
#a^b mod c
= 1806317310369980009932706441907756891122685977239032637376117653939592629181132498482038670618195984694250867867129559863693561069046351110958045303559854954588234447977692922829988785926862451801584819310702407585491177718755152055518733553927421577214740347956274468684747058682785453167186126384869898095355009620193273626895484591988153555158110880196986268949355968500092832237411654394295951441648748044375864656268901973180401377014754165200068392806529746504801815744345095507516459256483869799173054189822960434563127784898151685448212418354649354925633786590825084141495329161421555698179241894408873422390
= 1235441821
= 3032477561712159969038624247612606302727093197744745572360777744993048030579151290131884950670071512201722458811242592707243074323418373868073398996531180136126242688542841461913438478172053913773719857973056957510415089185531311916330433139160859155532409659622858101341629671133093910407988882203728644794239348874379289178268208136028146328608462805956004322306707963431825015814504527120066991706462521947050575789728072629790386979812591216920320695619189898158302924158362481320767791340177005794951187859952230300784183151549243274733552565133526078458260073961873518009693814714967027162359505297313081834097
 
print powermod4(a, b, c)
 
cs

 

나온 값 -> hex -> ascii

 

FLAG : FLAG{}

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [EZB64] 풀이  (0) 2019.12.28
System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
728x90
반응형

RSA105  풀이 : e가 매우 작은 경우

n : 14563994539777678316321336781712344883711529518189434139233680882263409604514153869699501702104322682479573897503872406635890483506906896813982089686642192006130896329932374470690714494675193648369783731927754727548782563723442681780574596631901415395263336968261396444462141129255716197310580275877681304858562705807686921384452565148850113267428665758030506035314679252439022969913295597306528946210184007253645129375949497711293612867692547866985135149571625792745784234869796370504461309988327790266777539646009367784188629367635437858554533733747458534618750336302736798813966890424262766487012612696221075689613
e : 7
c : 3257687211413179849713234287228115652852064803596545802006316144655701336714918948672668217982037728069055370417273850104541474476810598369542627961429180060096555295519064954697207788677528957569208943432299557549774333187664920215674167987939460257141632237998790136575185293301081863083862494006009415801599660234577382347813571039134562532471377834137776834839392965274882404992875421226913724316557631483699200757

 

e의 값이 7로 매우 작고 N은 매우 크다. 이 경우 M^e mod N = c 에서 mod N 과정을 거치지 않게 되어 M^e = c가 된다. 그럼 c의 e제곱근이 M이 된다.

 

1
2
3
4
5
6
7
import gmpy2
 
num=3257687211413179849713234287228115652852064803596545802006316144655701336714918948672668217982037728069055370417273850104541474476810598369542627961429180060096555295519064954697207788677528957569208943432299557549774333187664920215674167987939460257141632237998790136575185293301081863083862494006009415801599660234577382347813571039134562532471377834137776834839392965274882404992875421226913724316557631483699200757
k=7
 
result, bool = gmpy2.iroot(num, k)
print(result)
cs

 

나온 값 -> hex -> ascii 로 변환

 

FLAG : FLAG{too_short_too_small}

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA106] 풀이  (0) 2019.05.19
System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
728x90
반응형

System32.kr 2019

RSA103 풀이입니다

 

p=randprim

e(bits=1024)
q=nextprime(p+rand(bits=64))

 

 

 

n = 523171545908439347079984829857166272490755110515501164347840985772081537607153032633627034283672952165088744702194194598263665644007012474218688874744119159433576941649802374269873297096542482864673663028420121028933290892148695399630471141652388858142837379625106663728466970543106475670944695178426345128622404188659395819609731517136209346499201958503231477376821955664260131840643055815735489615434847356385240589414518958821012582916986700315695213312797927
e = 75890823319493894649778238119866660628924668661939725653243821591293734119876987514543360050173914547032827753044199325926436760242819383884783456287774063959012970808345743726395349179476088924414519992417795625843440292670765531
c = 48724864779313923840771368863315403978774157546525429106022441664935683078731021092597773499396876686078062855830596180404569211641060040265424503580011984253306252131461826391739149934613684983289826611746524999894630859459114240689860752847497252922935755063842138052718553154569645504114125024099577779165840521064654503400340349866956420272930288416620386084299030911419380258260740993752837219665010025735212424683776284178649990068611783883405716180340421

 

n을 소인수분해 합니다.

https://www.alpertron.com.ar/ECM.HTM

 

Integer factorization calculator

 

www.alpertron.com.ar

 

  • 523171 545908 439347 079984 829857 166272 490755 110515 501164 347840 985772 081537 607153 032633 627034 283672 952165 088744 702194 194598 263665 644007 012474 218688 874744 119159 433576 941649 802374 269873 297096 542482 864673 663028 420121 028933 290892 148695 399630 471141 652388 858142 837379 625106 663728 466970 543106 475670 944695 178426 345128 622404 188659 395819 609731 517136 209346 499201 958503 231477 376821 955664 260131 840643 055815 735489 615434 847356 385240 589414 518958 821012 582916 986700 315695 213312 797927 (462 digits) = 723 305983 597840 387090 073124 295695 063058 926103 842858 618139 332402 030402 176745 237557 965345 230728 740505 468522 590100 663617 877936 830954 821254 102084 213431 441982 251604 821311 082681 331648 040651 828570 490510 112186 434619 298867 817000 367372 585141 (231 digits) × 723 305983 597840 387090 073124 295695 063058 926103 842858 618139 332402 030402 176745 237557 965345 230728 740505 468522 590100 663617 877936 830954 821254 102084 213431 441982 251604 821311 082681 331648 040651 828570 490510 112186 434619 298867 817000 367372 594347 (231 digits)

p와 q를 구할 수 있습니다. 

 

c를 복호화하기 위해 주어진 e, c 와 위에서 구한 p, q를 아래 코드에 대입해준 뒤에 실행합니다.

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
def egcd(a, b):
    x,y, u,v = 0,11,0
    while a != 0:
        q, r = b//a, b%a
        m, n = x-u*q, y-v*q
        b,a, x,y, u,v = a,r, u,v, m,n
        gcd = b
    return gcd, x, y
def main():
    p = 723305983597840387090073124295695063058926103842858618139332402030402176745237557965345230728740505468522590100663617877936830954821254102084213431441982251604821311082681331648040651828570490510112186434619298867817000367372585141
    q = 723305983597840387090073124295695063058926103842858618139332402030402176745237557965345230728740505468522590100663617877936830954821254102084213431441982251604821311082681331648040651828570490510112186434619298867817000367372594347
    e = 75890823319493894649778238119866660628924668661939725653243821591293734119876987514543360050173914547032827753044199325926436760242819383884783456287774063959012970808345743726395349179476088924414519992417795625843440292670765531
    ct = 48724864779313923840771368863315403978774157546525429106022441664935683078731021092597773499396876686078062855830596180404569211641060040265424503580011984253306252131461826391739149934613684983289826611746524999894630859459114240689860752847497252922935755063842138052718553154569645504114125024099577779165840521064654503400340349866956420272930288416620386084299030911419380258260740993752837219665010025735212424683776284178649990068611783883405716180340421
    # compute n
    n = p * q
    # Compute phi(n)
    phi = (p - 1* (q - 1)
    # Compute modular inverse of e
    gcd, a, b = egcd(e, phi)
    d = a
    print"d:  " + str(d) );
    # Decrypt ciphertext
    pt = pow(ct, d, n)
    print"pt: " + str(pt) )
if __name__ == "__main__":
    main()
 
cs

 

그 다음 plaintext 값을 hex로 변환해준뒤에 ascii로 변환하면 flag가 나온다

 

46470827271975360721170849266738216410598415569944733823469870790619975080677955656802059050975833386869168748918671974627709

 

https://www.mobilefish.com/services/big_number/big_number.php

 

Mobilefish.com - Big number converter

This service allows you to convert big positive integer numbers into binary, decimal, hexadecimal or base64 encoding schemes. The big number bitsize is also calculated. For example: The following hexadecimal big number converted into a decimal encoding sch

www.mobilefish.com

 

464C41477B6E65696768626F725F69735F7468655F626967676573745F73656375726974795F76756C6E65726162696C6974797D

 

https://www.branah.com/ascii-converter

 

ASCII Converter - Hex, decimal, binary, base64, and ASCII converter

Convert ASCII characters to their hex, decimal and binary representations and vice versa. In addition, base64 encode/decode binary data. The converter happens automatically.

www.branah.com

 

FLAG : FLAG{neighbor_is_the_biggest_security_vulnerability}

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA104] 풀이  (0) 2019.05.19
System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
728x90
반응형

files  Forensics  Cert


BigImage.md

CertCertCert… Find FLAG 

Ex) FLAG{Can_you_Find_Flag}

 

Make my hanukoon



인증서... 복호화쪽 문제인줄 알았으나 hex로 까서 아랫부분에 있는 hex값 긁어다가 ascii로 바꿔주면 된다.



yougotit!flag{I_can_import_certification_in_certmgr}



flag{I_can_import_certification_in_certmgr}




아직 중간고사 안끝났는데 이러고 있...

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA105] 풀이  (0) 2019.05.19
System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
728x90
반응형

files  Forensics  Password


system32.kr의 Password 문제 풀이입니다.



cmd.md

I lost my password…. 

Who can find password?

Make my pental




zip파일이 주어진다.



윈도우 프로세스 덤프파일로 보인다.

이 프로세스 덤프파일에서 패스워드를 찾아야 한다.


일단 어디에 있는지를 몰라서 검색해봤다.


"윈도우 패스워드 프로세스"



갓 구글.. 원하는걸 딱 보여준다.

패스워드는 lsass.exe에 있는 것 같다.

lsass.exe를 덤프한 lsass.DMP만 따로 뺐다.



mimikatz를 이용하면 윈도우 패스워드를 알 수 있다.

다운로드 링크 : https://github.com/gentilkiwi/mimikatz/releases

(그냥 다운로드 받으면 바이러스 있다고 막아버린다. 윈도우 디펜더랑 이것저것 다 꺼놔야 한다.)



lsass.DMP파일을 mimikatz.exe 경로로 옮겼다.


mimikatz.exe를 실행하고 다음 명령어를 입력해 주었다.


sekurlsa::minidump lsass.DMP


sekurlsa::logonpasswords



만약 오류가 나면 아래를 참고하자.


Some errors:

  • ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->MajorVersion (A) != MIMIKATZ_NT_MAJOR_VERSION (B)
    You try to open minidump from a Windows NT of another major version (NT5 vs NT6).
  • ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->ProcessorArchitecture (A) != PROCESSOR_ARCHITECTURE_xxx (B)
    You try to open minidump from a Windows NT of another architecture (x86 vs x64).
  • ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000002)
    The minidump file is not found (check path).
  • https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa




플래그를 구할 수 있다.


FLAG : FLAG{I_WILL_FIND_PASSWORD}




728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [RSA103] 풀이  (0) 2019.05.19
System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
  1. 2018.09.04 00:04

    비밀댓글입니다

728x90
반응형

files  Forensics  CMD


system32.kr의 CMD 문제 풀이입니다.



cmd.md

Find Flag

Make my pental




압축파일이 하나 있는데, 압축을 풀면 1GB짜리 파일이 하나 나온다.


써니나타스 30번의 문제파일이랑 형태가 거의 같은 것 같아서

메모리 덤프 파일임을 확신하고 vol.py를 쓰기 위해 파일을 리눅스로 옮겼다.


volatility 설치방법이랑 사용법은 다음 링크를 참조하자. http://mandu-mandu.tistory.com/145



먼저 시스템정보를 확인했다.


vol.py -f cmd imageinfo




Win7SP1x86 이다.


어디서 무얼 찾아야 하나 생각하다가 파일이름이 cmd라서 cmdscan을 사용해 봤다.


vol.py -f cmd --profile=Win7SP1x86 cmdscan




역시나 플래그가 있었다.


FLAG : FLAG{CMD_LINE_CAN_YOU_FIND?}

728x90
반응형

'WAR GAME > System32.kr' 카테고리의 다른 글

System32.kr [Cert] 풀이  (0) 2018.10.12
System32.kr [Password] 풀이  (2) 2018.09.02
System32.kr [CMD] 풀이  (0) 2018.09.02
System32.kr [BigImage] 풀이  (0) 2018.08.31
System32.kr [PPT] 풀이  (3) 2018.07.29
System32.kr [HardCrypto] 풀이  (0) 2018.07.29

+ Recent posts