picoCTF-WP

2020年10月17日 34点热度 0人点赞 0条评论

The Numbers

Description:The numbers... what do they mean?
Hints:The flag is in the format PICOCTF{}

在这里插入图片描述

a-1 b-2 c-3 d-4 e-5 f-6 g-7 h-8 
i-9 j-10 k-11 l-12 m-13 n-14 o-15 p-16 
q-17 r-18 s-19 t-20 u-21 v-22 w-23 x-24 
y-25 z-26 

大括号前数字对应的字母是PICOCTF

GET FLAG!

PICOCTF{THENUMBERSMASON}

caesar

Description:Decrypt this message
Hints:caesar cipher tutorial

picoCTF{gvswwmrkxlivyfmgsrhnrisegl}

凯撒加密在线解密网站
在这里插入图片描述
GET FLAG!

picoCTF{crossingtherubicondjneoach}

Easy1

Description:The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We've given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPTO. Can you use this table to solve it?
Hints:
1.Submit your answer in our flag format. For example, if your answer was 'hello', you would submit 'picoCTF{HELLO}' as the flag.
2.Please use all caps for the message.

一看附件我们就知道这是考察维吉尼亚密码
在这里插入图片描述
维吉尼亚加密在线解密网站

GET FLAG!

picoCTF{CRYPTOISFUN}

13

Description:Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}
Hints:This can be solved online if you don't want to do it by hand!

ROT13在线解密网站
在这里插入图片描述
GET FLAG!

picoCTF{not_too_bad_of_a_problem}

2Warm

Description:Can you convert the number 42 (base 10) to binary (base 2)?
Hints:Submit your answer in our competition's flag format. For example, if your answer was '11111', you would submit 'picoCTF{11111}' as the flag

直接将十进制转化为二进制

GET FLAG!

picoCTF{101010}

Lets Warm Up

Description:If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?
Hints:Submit your answer in our flag format. For example, if your answer was 'hello', you would submit 'picoCTF{hello}' as the flag

0x70为十六进制70,转化为ASCII码为字母p

GET FLAG!

picoCTF{p}

Warmed Up

Description:What is 0x3D (base 16) in decimal (base 10)?
Hints:Submit your answer in our flag format. For example, if your answer was '22', you would submit 'picoCTF{22}' as the flag

GET FLAG!

picoCTF{61}

Bases

Description:What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases
Hints:Submit your answer in our flag format. For example, if your answer was 'hello', you would submit 'picoCTF{hello}' as the flag

在这里插入图片描述
GET FLAG!

picoCTF{l3arn_th3_r0p35}

plumbing

Description:Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to jupiter.challenges.picoctf.org 22058
Hints:
1.Remember the flag format is picoCTF{XXXX}
2.What's a pipe? No not that kind of pipe... This kind

nc jupiter.challenges.picoctf.org 22058 | grep pico

在这里插入图片描述
GET FLAG!

picoCTF{digital_plumb3r_5ea1fbd7}

flag_shop

Description:There's a flag shop selling stuff, can you buy a flag?
Source. Connect with nc jupiter.challenges.picoctf.org 60804
Hints:Two's compliment can do some weird things when numbers get
really big!

((1<<31)//900)*1.5
3579138.0

在这里插入图片描述
GET FLAG!

picoCTF{m0n3y_bag5_65d67a74}

Glory of the Garden

Description:This garden contains more than it seems
Hints:What is a hex editor?

在这里插入图片描述
使用010 editor打开
在这里插入图片描述
GET FLAG!

picoCTF{more_than_m33ts_the_3y33dd2eEF5}

Insp3ct0r

Description:Kishor Balan tipped us off that the following code may
need inspection: https://jupiter.challenges.picoctf.org/problem/51418/
(link) or http://jupiter.challenges.picoctf.org:51418 Hints:
1.How do you inspect web code on a browser?
2.There's 3 parts
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

GET FLAG!

picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?2e7b23e3}

dont-use-client-side

Description:Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/61882/ (link) or
http://jupiter.challenges.picoctf.org:61882 Hints:Never trust the
client

在这里插入图片描述
GET FLAG!

picoCTF{no_clients_plz_b706c5}

So Meta

Description:Find the flag in this picture.
Hints:
1.What does meta mean in the context of files?
2.Ever heard of metadata?

在这里插入图片描述

在这里插入图片描述
010 editor打开

GET FLAG!

picoCTF{s0_m3ta_d8944929}

extensions

Description:This is a really weird text file TXT? Can you find the
flag? Hints:
1.How do operating systems know what kind of file it is? (It's not just the ending!
2.Make sure to submit the flag as picoCTF{XXXXX}

$ file flag.txt
flag.txt: PNG image data, 1697 x 608, 8-bit/color RGB, non-interlaced

GET FLAG!

picoCTF{now_you_know_about_extensions}

Flags

在这里插入图片描述
国际信号旗
在这里插入图片描述
GET FLAG!

PICOCTF{F1AG5AND5TUFF}

Tapping

Description:Theres tapping coming in from the wires. What's it saying nc jupiter.challenges.picoctf.org 28927
Hints:
1.What kind of encoding uses dashes and dots?
2.The flag is in the format PICOCTF{}

在这里插入图片描述
在这里插入图片描述

GET FLAG!

PICOCTF{M0RS3C0D31SFUN1261438181}

la cifra de

Description:I found this cipher in an old book. Can you figure out what it says? Connect with nc jupiter.challenges.picoctf.org 50523
Hints:
1.There are tools that make this easy
2.Perhaps looking at history will help

在这里插入图片描述
https://github.com/d4rkvaibhav/picoCTF-2018-Writeups/tree/master/Cryptography/blaise

hgqqpohzCZK{m311a50_0x_a1rn3x3_h1ah3x6kp60egf}

维吉尼亚密码

key = FLAG

在这里插入图片描述
GET FLAG!

picoCTF{b311a50_0r_v1gn3r3_c1ph3r6fe60eaa}

what's a net cat?

Description:Using netcat (nc) is going to be pretty important. Can you connect to jupiter.challenges.picoctf.org at port 29138 to get the flag?
Hints:nc tutorial

在这里插入图片描述
GET FLAG!

picoCTF{nEtCat_Mast3ry_3214be47}

WhitePages

Description:I stopped using YellowPages and moved onto WhitePages...
but the page they gave me is all blank!

# coding=utf8
text = '                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                '
firstType = ' '
secondType =  ' '
binaryString = ''
for char in text: 
    if char == firstType: 
        binaryString += '0' 
    else:
        binaryString += '1' 

print(binaryString) 

输出

00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111001101110011000100110000001100000011100000110110001100000110001000110000011001100110000100110111001101110011100101100001001101010110001001100100001110000110001101100101001100100011100101100110001100100011010001100110001101010011100000110110011001000110001101111101000010100000100100001001

转ASCII码 工具网站

GET FLAG!

picoCTF{not_all_spaces_are_created_equal_7100860b0fa779a5bd8ce29f24f586dc}

What Lies Within

Description:There's something in the building. Can you retrieve the
flag?
Hints:There is data encoded somewhere... there might be an
online decoder.

在这里插入图片描述
工具网站
在这里插入图片描述
GET FLAG!

picoCTF{h1d1ng_1n_th3_b1t5}

WebNet1

Description:We found this packet capture and key. Recover the flag
Hints:
1.Try using a tool like Wireshark
2.How can you decrypt the TLS stream?

GET FLAG!

picoCTF{honey.roasted.peanuts}

WebNet0

Description:We found this packet capture and key. Recover the flag
Hints:
1.Try using a tool like Wireshark
2.How can you decrypt the TLS stream?

GET FLAG!

picoCTF{nongshim.shrimp.crackers}

where are the robots

Description:Can you find the robots? https://jupiter.challenges.picoctf.org/problem/39894/ (link) or http://jupiter.challenges.picoctf.org:39894
Hints:What part of the website could tell you where the creator doesn't want you to look?

访问robots.txt
在这里插入图片描述

根据提示

在这里插入图片描述
GET FLAG!

picoCTF{ca1cu1at1ng_Mach1n3s_1bb4c}

vault-door-1

Description:This vault uses some complicated arrays! I hope you can
make sense of it, special agent. The source code for this vault is
here: VaultDoor1.java Hints:Look up the charAt() method online

在这里插入图片描述
按照角标顺序排列flag

GET FLAG!

picoCTF{d35cr4mbl3_tH3_cH4r4cT3r5_f6daf4}

b00tl3gRSA2

Description:In RSA d is a lot bigger than e, why don't we use d to
encrypt instead of e? Connect with nc jupiter.challenges.picoctf.org
42900 Hints:What is e generally?

在这里插入图片描述

c: 92463390472800087192779180555276580211051758237753990093467988753236538925883757175417786475785221755573537602631074151210657360317799967259884659949392552159838621678804670612766985877974655351984488131211987107682381778065275421745056196897499631525959085217314939336166215734168532140939021392881405389286
n: 95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
e: 11059744591715910578070340621547437785588438727097211605814758009779325773449576760956039130507852117111832187863992376677414916384846199388996358637108859690080713845763365325065050579354007467047781033177175443033195253442490388200752078155010002629110176868787028938174146082210324003736225329259711461473

维纳攻击

1.求d

import gmpy2

def transform(x, y):  # 使用辗转相处将分数 x/y 转为连分数的形式
    res = []
    while y:
        res.append(x // y)
        x, y = y, x % y
    return res

def continued_fraction(sub_res):
    numerator, denominator = 1, 0
    for i in sub_res[::-1]:  # 从sublist的后面往前循环
        denominator, numerator = numerator, i * numerator + denominator
    return denominator, numerator  # 得到渐进分数的分母和分子,并返回

# 求解每个渐进分数
def sub_fraction(x, y):
    res = transform(x, y)
    res = list(map(continued_fraction, (res[0:i] for i in range(1, len(res)))))  # 将连分数的结果逐一截取以求渐进分数
    return res

def get_pq(a, b, c):  # 由p+q和pq的值通过维达定理来求解p和q
    par = gmpy2.isqrt(b * b - 4 * a * c)  # 由上述可得,开根号一定是整数,因为有解
    x1, x2 = (-b + par) // (2 * a), (-b - par) // (2 * a)
    return x1, x2

def wienerAttack(e, n):
    for (d, k) in sub_fraction(e, n):  # 用一个for循环来注意试探e/n的连续函数的渐进分数,直到找到一个满足条件的渐进分数
        if k == 0:  # 可能会出现连分数的第一个为0的情况,排除
            continue
        if (e * d - 1) % k != 0:  # ed=1 (mod φ(n)) 因此如果找到了d的话,(ed-1)会整除φ(n),也就是存在k使得(e*d-1)//k=φ(n)
            continue

        phi = (e * d - 1) // k  # 这个结果就是 φ(n)
        px, qy = get_pq(1, n - phi + 1, n)
        if px * qy == n:
            p, q = abs(int(px)), abs(int(qy))  # 可能会得到两个负数,负负得正未尝不会出现
            d = gmpy2.invert(e, (p - 1) * (q - 1))  # 求ed=1 (mod  φ(n))的结果,也就是e关于 φ(n)的乘法逆元d
            return d
    print("该方法不适用")

e = 11059744591715910578070340621547437785588438727097211605814758009779325773449576760956039130507852117111832187863992376677414916384846199388996358637108859690080713845763365325065050579354007467047781033177175443033195253442490388200752078155010002629110176868787028938174146082210324003736225329259711461473
n =  95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
d = wienerAttack(e, n)
print("d=", d)
#d= 65537

2.求m

from libnum import *
n = 95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
d = 65537
c = 92463390472800087192779180555276580211051758237753990093467988753236538925883757175417786475785221755573537602631074151210657360317799967259884659949392552159838621678804670612766985877974655351984488131211987107682381778065275421745056196897499631525959085217314939336166215734168532140939021392881405389286
m = pow(c,d,n)
print(n2s(m))

在这里插入图片描述
GET FLAG!

picoCTF{bad_1d3a5_2152720}

miniRSA

Description:Let's decrypt this: ciphertext? Something seems a bit small
Hints:
1.RSA tutorial
2.How could having too small an e affect the security of this 2048 bit key?
3.Make sure you don't lose precision, the numbers are pretty big (besides the e value)

N: 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
e: 3

ciphertext (c): 2205316413931134031074603746928247799030155221252519872650080519263755075355825243327515211479747536697517688468095325517209911688684309894900992899707504087647575997847717180766377832435022794675332132906451858990782325436498952049751141 

e =3时的RSA题目

from Crypto.Util.number import *
from gmpy2 import *
from libnum import *
n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
c = 2205316413931134031074603746928247799030155221252519872650080519263755075355825243327515211479747536697517688468095325517209911688684309894900992899707504087647575997847717180766377832435022794675332132906451858990782325436498952049751141
m=gmpy2.iroot(c, 3)[0]
print(n2s(m))

在这里插入图片描述
GET FLAG!

picoCTF{n33d_a_lArg3r_e_d0cd6eae}

Irish-Name-Repo 1

Description:There is a website running at
https://jupiter.challenges.picoctf.org/problem/3726/ (link) or
http://jupiter.challenges.picoctf.org:3726. Do you think you can log
us in? Try to see if you can login! Hints:
1.There doesn't seem to be many ways to interact with this. I wonder if the users are kept in a database?
2.Try to think about how the website verifies your login
在这里插入图片描述
在这里插入图片描述

SQL注入

payload:' or '1' = '1' 

在这里插入图片描述

GET FLAG!

picoCTF{s0m3_SQL_c218b685}

Irish-Name-Repo 2

和上题同理

payload:admin' -- 

GET FLAG!

picoCTF{m0R3_SQL_plz_fa983901}

Irish-Name-Repo 3

Description:There is a secure website running at
https://jupiter.challenges.picoctf.org/problem/50530/ (link) or
http://jupiter.challenges.picoctf.org:50530. Try to see if you can
login as admin!
Hints:Seems like the password is encrypted.

在这里插入图片描述
与1、2两道题同理

curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=test&debug=1"
curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=' or 1=1--&debug=1" 
curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=' be 1=1--&debug=1" && echo

GET FLAG!

 picoCTF{3v3n_m0r3_SQL_06a9db19}

waves over lambda

Description:We made a lot of substitutions to encrypt this. Can you
decrypt it? Connect with nc jupiter.challenges.picoctf.org 1981
Hints:Flag is not in the usual flag format

在这里插入图片描述
词频分析
在这里插入图片描述
GET FLAG!

frequency_is_c_over_lambda_agflcgtyue

b00tl3gRSA3

Description:Why use p and q when I can use more? Connect with nc jupiter.challenges.picoctf.org 39728.
Hints:There's more prime factors than p and q, finding d is going to be different.

在这里插入图片描述
分解素数的工具网站

from Crypto.Util.number import inverse, long_to_bytes

c = 9110463223047560768627983185837291013065984026979122246691670641693507921911138714471825503351416502181538612084759216298024080954635276369884872819045865694323415877393380666698659188786433206204829651839486083439227167739782947380858763016074244533538230626997602679997768419742108438809488997378745885135231397275005541829697447680796841905
n = 11425538401584819806163706604657610172775157597028277103094952137160380635225159026064395321087981712633906712739001816221425882068990717800986885493997067188586022750570022795672674475873925525922555950273900533287986298704530406011201812424577382906358024265538261377845497251332824866711211660311638977500554447447450274961748409116197814869
e = 65537

a = "11 425538 401584 819806 163706 604657 610172 775157 597028 277103 094952 137160 380635 225159 026064 395321 087981 712633 906712 739001 816221 425882 068990 717800 986885 493997 067188 586022 750570 022795 672674 475873 925525 922555 950273 900533 287986 298704 530406 011201 812424 577382 906358 024265 538261 377845 497251 332824 866711 211660 311638 977500 554447 447450 274961 748409 116197 814869 (344 digits) = 9254 199419 × 9611 386963 × 9656 971573 × 9734 674853 × 9814 413929 × 10172 377043 × 10412 171879 × 10599 912247 × 10639 162679 × 10727 233411 × 10801 893607 × 10904 203789 × 11225 791151 × 11470 689287 × 11649 492817 × 11665 695823 × 11840 123279 × 12229 823701 × 12579 771889 × 12937 711057 × 13314 407311 × 13446 623123 × 13558 683371 × 13658 357221 × 13959 625063 × 14161 977139 × 14457 731831 × 14748 001043 × 14841 466091 × 15295 362287 × 15882 693553 × 16130 247647 × 16461 937153 × 16717 618037".split("=")[1].replace(" ", "").split("×")
factors = []

for i in a:
    factors.append(int(i))

phi = 1
for i in factors:
    phi *= (i - 1)

d = inverse(e, phi)

print(long_to_bytes(pow(c, d, n)).decode())

GET FLAG!

picoCTF{too_many_fact0rs_8024768}

Client-side-again

Description:Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/17684/ (link) or
http://jupiter.challenges.picoctf.org:17684
Hints:What is obfuscation?

在这里插入图片描述
源码里有一段这样的js代码,整理后解码

 function verify(){
    checkpass=document[_0x4b5b('0x0')]('pass')[_0x4b5b('0x1')];
    split=0x4;
    if(checkpass[_0x4b5b('0x2')](0x0,split*0x2)==_0x4b5b('0x3')){
        if(checkpass[_0x4b5b('0x2')](0x7,0x9)=='{n'){
            if(checkpass[_0x4b5b('0x2')](split*0x2,split*0x2*0x2)==_0x4b5b('0x4')){
                if(checkpass[_0x4b5b('0x2')](0x3,0x6)=='oCT'){
                    if(checkpass[_0x4b5b('0x2')](split*0x3*0x2,split*0x4*0x2)==_0x4b5b('0x5')){
                        if(checkpass['substring'](0x6,0xb)=='F{not'){
                            if(checkpass[_0x4b5b('0x2')](split*0x2*0x2,split*0x3*0x2)==_0x4b5b('0x6')){
                                if(checkpass[_0x4b5b('0x2')](0xc,0x10)==_0x4b5b('0x7')){
                                    alert(_0x4b5b('0x8'));
                                }
                            }
                        }
                    }
                }
            }
        }
    }else{
        alert(_0x4b5b('0x9'));
    }
 }

在这里插入图片描述

GET FLAG!

picoCTF{not_this_again_ef49bf}

Open-to-admins

Description:This secure website allows users to access the flag only if they are admin and if the time is exactly 1400. https://jupiter.challenges.picoctf.org/problem/51400/ (link) or http://jupiter.challenges.picoctf.org:51400
Hints:Can cookies help you to get the flag?

在这里插入图片描述
题目说时间和身份不对,修改后访问
在这里插入图片描述
在这里插入图片描述

GET FLAG!

picoCTF{0p3n_t0_adm1n5_132f8585}

picobrowser

Description:This secure website allows users to access the flag only
if they are admin and if the time is exactly 1400.
https://jupiter.challenges.picoctf.org/problem/51400/ (link) or
http://jupiter.challenges.picoctf.org:51400
Hints:Can cookies help you to get the flag?

curl --user-agent "picobrowser" "https://2019shell1.picoctf.com/problem/32205/flag"

在这里插入图片描述
GET FLAG!

picoCTF{p1c0_s3cr3t_ag3nt_84f9c865}

logon

Description:The factory is hiding things from all of its users. Can
you login as logon and find what they've been looking at?
https://jupiter.challenges.picoctf.org/problem/39681/ (link) or
http://jupiter.challenges.picoctf.org:39681
Hints:Hmm it doesn't seem
to check anyone's password, except for logon's?

首先利用admin登陆
在这里插入图片描述
使用工具EditorThisCookie修改admin的cookie为True
在这里插入图片描述
在这里插入图片描述
GET FLAG!

picoCTF{th3_c0nsp1r4cy_l1v3s_0c98aacc}

rsa-pop-quiz

Description:Class, take your seats! It's PRIME-time for a quiz... nc
jupiter.challenges.picoctf.org 41130
Hints:RSA info

(base) luoluo@luoluodeMacBook-Pro ~ % nc jupiter.challenges.picoctf.org 41130
Good morning class! It's me Ms. Adleman-Shamir-Rivest
Today we will be taking a pop quiz, so I hope you studied. Cramming just will not do!
You will need to tell me if each example is possible, given your extensive crypto knowledge.
Inputs and outputs are in decimal. No hex here!
#### NEW PROBLEM ####
q : 60413
p : 76753
##### PRODUCE THE FOLLOWING ####
n
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
n: 4636878989
Outstanding move!!!


#### NEW PROBLEM ####
p : 54269
n : 5051846941
##### PRODUCE THE FOLLOWING ####
q
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
q: 93089
Outstanding move!!!


#### NEW PROBLEM ####
e : 3
n : 12738162802910546503821920886905393316386362759567480839428456525224226445173031635306683726182522494910808518920409019414034814409330094245825749680913204566832337704700165993198897029795786969124232138869784626202501366135975223827287812326250577148625360887698930625504334325804587329905617936581116392784684334664204309771430814449606147221349888320403451637882447709796221706470239625292297988766493746209684880843111138170600039888112404411310974758532603998608057008811836384597579147244737606088756299939654265086899096359070667266167754944587948695842171915048619846282873769413489072243477764350071787327913
##### PRODUCE THE FOLLOWING ####
q
p
IS THIS POSSIBLE and FEASIBLE? (Y/N):n
Outstanding move!!!


#### NEW PROBLEM ####
q : 66347
p : 12611
##### PRODUCE THE FOLLOWING ####
totient(n)
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
totient(n): 836623060
Outstanding move!!!


#### NEW PROBLEM ####
plaintext : 6357294171489311547190987615544575133581967886499484091352661406414044440475205342882841236357665973431462491355089413710392273380203038793241564304774271529108729717
e : 3
n : 29129463609326322559521123136222078780585451208149138547799121083622333250646678767769126248182207478527881025116332742616201890576280859777513414460842754045651093593251726785499360828237897586278068419875517543013545369871704159718105354690802726645710699029936754265654381929650494383622583174075805797766685192325859982797796060391271817578087472948205626257717479858369754502615173773514087437504532994142632207906501079835037052797306690891600559321673928943158514646572885986881016569647357891598545880304236145548059520898133142087545369179876065657214225826997676844000054327141666320553082128424707948750331
##### PRODUCE THE FOLLOWING ####
ciphertext
IS THIS POSSIBLE and FEASIBLE? (Y/N):y 
#### TIME TO SHOW ME WHAT YOU GOT! ###
ciphertext: 256931246631782714357241556582441991993437399854161372646318659020994329843524306570818293602492485385337029697819837182169818816821461486018802894936801257629375428544752970630870631166355711254848465862207765051226282541748174535990314552471546936536330397892907207943448897073772015986097770443616540466471245438117157152783246654401668267323136450122287983612851171545784168132230208726238881861407976917850248110805724300421712827401063963117423718797887144760360749619552577176382615108244813
Outstanding move!!!


#### NEW PROBLEM ####
ciphertext : 107524013451079348539944510756143604203925717262185033799328445011792760545528944993719783392542163428637172323512252624567111110666168664743115203791510985709942366609626436995887781674651272233566303814979677507101168587739375699009734588985482369702634499544891509228440194615376339573685285125730286623323
e : 3
n : 27566996291508213932419371385141522859343226560050921196294761870500846140132385080994630946107675330189606021165260590147068785820203600882092467797813519434652632126061353583124063944373336654246386074125394368479677295167494332556053947231141336142392086767742035970752738056297057898704112912616565299451359791548536846025854378347423520104947907334451056339439706623069503088916316369813499705073573777577169392401411708920615574908593784282546154486446779246790294398198854547069593987224578333683144886242572837465834139561122101527973799583927411936200068176539747586449939559180772690007261562703222558103359
##### PRODUCE THE FOLLOWING ####
plaintext
IS THIS POSSIBLE and FEASIBLE? (Y/N):n
Outstanding move!!!


#### NEW PROBLEM ####
q : 92092076805892533739724722602668675840671093008520241548191914215399824020372076186460768206814914423802230398410980218741906960527104568970225804374404612617736579286959865287226538692911376507934256844456333236362669879347073756238894784951597211105734179388300051579994253565459304743059533646753003894559
p : 97846775312392801037224396977012615848433199640105786119757047098757998273009741128821931277074555731813289423891389911801250326299324018557072727051765547115514791337578758859803890173153277252326496062476389498019821358465433398338364421624871010292162533041884897182597065662521825095949253625730631876637
e : 65537
##### PRODUCE THE FOLLOWING ####
d
IS THIS POSSIBLE and FEASIBLE? (Y/N):y 
#### TIME TO SHOW ME WHAT YOU GOT! ###
d: 1405046269503207469140791548403639533127416416214210694972085079171787580463776820425965898174272870486015739516125786182821637006600742140682552321645503743280670839819078749092730110549881891271317396450158021688253989767145578723458252769465545504142139663476747479225923933192421405464414574786272963741656223941750084051228611576708609346787101088759062724389874160693008783334605903142528824559223515203978707969795087506678894006628296743079886244349469131831225757926844843554897638786146036869572653204735650843186722732736888918789379054050122205253165705085538743651258400390580971043144644984654914856729
Outstanding move!!!


#### NEW PROBLEM ####
p : 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433
ciphertext : 18031488536864379496089550017272599246134435121343229164236671388038630752847645738968455413067773166115234039247540029174331743781203512108626594601293283737392240326020888417252388602914051828980913478927759934805755030493894728974208520271926698905550119698686762813722190657005740866343113838228101687566611695952746931293926696289378849403873881699852860519784750763227733530168282209363348322874740823803639617797763626570478847423136936562441423318948695084910283653593619962163665200322516949205854709192890808315604698217238383629613355109164122397545332736734824591444665706810731112586202816816647839648399
e : 65537
n : 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239
##### PRODUCE THE FOLLOWING ####
plaintext
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
plaintext: 14311663942709674867122208214901970650496788151239520971623411712977120586163535880168563325
Outstanding move!!!


If you convert the last plaintext to a hex number, then ascii, you'll find what you need! ;)
n = 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239
p = 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433
q = 156408916769576372285319235535320446340733908943564048157238512311891352879208957302116527435165097143521156600690562005797819820759620198602417583539668686152735534648541252847927334505648478214810780526425005943955838623325525300844493280040860604499838598837599791480284496210333200247148213274376422459183
from gmpy2 import *
e = 65537
p = 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433 
q = 156408916769576372285319235535320446340733908943564048157238512311891352879208957302116527435165097143521156600690562005797819820759620198602417583539668686152735534648541252847927334505648478214810780526425005943955838623325525300844493280040860604499838598837599791480284496210333200247148213274376422459183
phi = (p-1)*(q-1)
d = invert(e,phi)
#print(d)
d = 22034129334251191532436631052427142022088744911087428294376533303549714947731798818325604737385904031714383011477708757017443918217594934051491731465975983129741023155187658874730504062262863677059204116473042418196655483682312571059072267891580301964167098006533984400230039789561227549336513668349914598133972091774519248676772440875769025772999278219313806132022105603602125065517276257780089695487263525233311631530270816107086663522684249560931634897706468898520986823978521565593553989544219514141658868117625286137870896148765109851519254459305427251830096270116145359667655034114642356864731801259263519426097
c =  18031488536864379496089550017272599246134435121343229164236671388038630752847645738968455413067773166115234039247540029174331743781203512108626594601293283737392240326020888417252388602914051828980913478927759934805755030493894728974208520271926698905550119698686762813722190657005740866343113838228101687566611695952746931293926696289378849403873881699852860519784750763227733530168282209363348322874740823803639617797763626570478847423136936562441423318948695084910283653593619962163665200322516949205854709192890808315604698217238383629613355109164122397545332736734824591444665706810731112586202816816647839648399
m = pow(c,d,n)
print(m)
#m十进制转hex
m=7069636f4354467b7741385f74683474245f696c6c336147616c2e2e6f64653031653462627d
#hex转ASCII码
picoCTF{wA8_th4t$_ill3aGal..ode01e4bb}

GET FLAG!

picoCTF{wA8_th4t$_ill3aGal..ode01e4bb}

luoluo

我爱吃螺蛳粉

文章评论