CTFshow元旦渗透赛第一章

第一章

启程

得到个压缩包,我以为和给的提示的RSA有关系,没找到密文,爆破得到密码654321

image-20250113201551328

flag:ctfshow{654321}

破解加密通讯

提交中心网站

把上面得到的png图片,zsteg看一下,藏了个base64,解码

image-20250113202045977

image-20250113202055604

执行上面这段代码获得

image-20250113203827389

第一次碰见还能把密文藏到库里,出题者创建一个库,你下载执行得到被隐藏的信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv          
请使用组织分配的私钥解密后使用                                               
----------------------------------------------------------
2024-12-16
gHgAsclUVPhWDv4S8Oa8SuRTDaj+V0dI4z2jrQwfvfSFWilWwMKwNULUI48UBLS2shZcm/yv2/e5Hq5VRDfXkdxCYQMdvdnvONtpm2yNiIaLpDV4Rs8fOXJ6kcaeT+mg4RkIIFgx35w4J1KgO72pSP8j1p+R9f9TNMafwJ91XmO4QTcOYkMKQMddKvhbyMXzJkSS0uZqEppNSIUnVX9b7m8PmMjV0uHShvb1Zc8UQWJWUJ3cOxwNasOeMQGxJrZXPkxIxDYzm3f0tXbCgvdgNZ8TQY7u+iCXjOtD6xnUsdSahnPq14BD30CilIfsG0r/klPHfxQ+psmHSX47Ylai0TtgfbHWJJ4lSo0ojMvTx6HYK8zmAoCmg4OGXDbv/IjJgYU1w24na0iXZCNtcjB9MLRNck00c20f/uS64Ss0Ixii8nmfsFOjQBCcIYN+HGmOnj5Uw8DVJrxlOmcfQciG3rzuIvYlbOdGMcyarTy2Ba7iZfoovYZObPscAwhNLWqbU4tuR78aOVxiXTFRY7+Y0x2eRT5sulcvB3vsKuDMlNrxaUgiFUohPBZGNsgQgyCPxxqk0NpUn0bbHLH+vBebjJxaim4AU28ctWW8xv7xpxVttb0EoohtK2cIHr79ep5XrU/rv4R58obD/o+QqI1Mrb4wwpX9tsL7ZbROw/MXJwM=
----------------------------------------------------------


请使用组织分配的私钥解密后使用
----------------------------------------------------------
2024-04-11
Z93Khatj+AWZcpPwIqu8LzbJ8xb8CuVMI8okE0qwoQD2IC2lixg77mJZireOrbW7zFkDsk1hP67dROJZwVUDrYot2g5GxX/xy7lGjIblUX4iJVUtP4mHqZUgKROaLoh/gippMpP+8Ik2X/QRBx5gdhq0xam+wuVC+77/tyu8Fd/DohKbAMp8aaJsFr/W4mLDZ1gv4JK+2O3l+bAvpodBRTzb0ld5zD2ueYvjTudoDjdanQP1oVTH7pkDO2Vb+SsdIyTi2C410JEOF4Qm8mzVHtiOunOcLVpAlQsM6/LdhqsTNelXl/Myb84NGxwGWVmx6j2QejiL7S1hHeHlmQ9ExHeURPdZAvKhgMCemYXu3BGlFq3ydb5SkqwLFvM4vJ6XUBcWkHT8eijBFF6Y7YgOv9GRvBTnsAQhUBp4W4EAMtXkDdToG+S8ZO7El8Gh8jaWC49n5CuUBRz3z2GeOVbsBamfLV06IO5v78jGHXig4saEFKHvYSIGewyUCVQEGoIR5xOTJBTUTePAdvQjfg28vZZxFB/hIYNDUHkaek1Mg1UH5HWGgsCX1In5hSX/9eBkznEhzeWnJ1yMsYkj+ddN34DLQSrHc83geXMcoW3Ah3cAQG8E8bszvKL3hme+T5rOeENjkOAgYhf84k4YlxDskdwvzyu8HkE9CSaBpDP6lKI=
----------------------------------------------------------


请使用组织分配的私钥解密后使用
----------------------------------------------------------
2024-03-05
ckDSthpl5DDJMpBE26Jqk8EjaSq7MUntdwLHPouwx6D38un6WQfLJ9wgDyjh9GA/ICJR7WrwWsVinr6y3u9w+ubMZ0mqmtnphzQraagk8NkKc1u1+qGp8llsud3C8mvJWa4GYa9KEhnACDHwppPKJDCfr1HKwPbR0NIi+1Aunmy6DeOKRkFwysnrSco5QiiC9+gdXFhQDmN9KEiYW6Pc3mWVbqFiJgRW3/Df6638oGPm6AUcgRnEWMKiluyN81frM9VNtCeJ64YrU6Rgx4D153YxNNQbLTcyCQMamHTrJnhxPojkuDqbEcU+iiN4offwrQyr4eEu9ecvmyD2w/n7pAOsVnqSzroBujVA+CK6Zq8Uie15mL5yWG9hD5ZcbSwnRmtqK3yl0Xl91hgn1JqcIEKtf+MnMQPr80uoxT3mz8IX8pyVnyyw1x6F+IK1I2G+5w6rUDjhzIbME5XB9hopwcswsXrMo9PP6/5Sz1noJrsu6k6WN8ZM0MyRIav+xuKP1+cYzlPSQZrMo3L4ieHQnBbsoyzGVf9QONMwaooGOrxu88ZWlGe8e7eyCzteeNSVOC2zqtQiwQJIgfp2UwTymA/cEjOICWVzUXwbE5wWUBPCLp2C/XWc82byrOHAFXHLOVKgolVToUpZ5uOvizgk/ahaxdGxGa9CrRyr6sf+goA=
----------------------------------------------------------

执行

1
pip show secretMessageResponse

查看库的信息

找到目录读取加密方式

image-20250115182443478

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import base64,datetime

message = {
    "inputMessage_20241216" :'''gHgAsclUVPhWDv4S8Oa8SuRTDaj+V0dI4z2jrQwfvfSFWilWwMKwNULUI48UBLS2shZcm/yv2/e5Hq5VRDfXkdxCYQMdvdnvONtpm2yNiIaLpDV4Rs8fOXJ6kcaeT+mg4RkIIFgx35w4J1KgO72pSP8j1p+R9f9TNMafwJ91XmO4QTcOYkMKQMddKvhbyMXzJkSS0uZqEppNSIUnVX9b7m8PmMjV0uHShvb1Zc8UQWJWUJ3cOxwNasOeMQGxJrZXPkxIxDYzm3f0tXbCgvdgNZ8TQY7u+iCXjOtD6xnUsdSahnPq14BD30CilIfsG0r/klPHfxQ+psmHSX47Ylai0TtgfbHWJJ4lSo0ojMvTx6HYK8zmAoCmg4OGXDbv/IjJgYU1w24na0iXZCNtcjB9MLRNck00c20f/uS64Ss0Ixii8nmfsFOjQBCcIYN+HGmOnj5Uw8DVJrxlOmcfQciG3rzuIvYlbOdGMcyarTy2Ba7iZfoovYZObPscAwhNLWqbU4tuR78aOVxiXTFRY7+Y0x2eRT5sulcvB3vsKuDMlNrxaUgiFUohPBZGNsgQgyCPxxqk0NpUn0bbHLH+vBebjJxaim4AU28ctWW8xv7xpxVttb0EoohtK2cIHr79ep5XrU/rv4R58obD/o+QqI1Mrb4wwpX9tsL7ZbROw/MXJwM=''',
    "inputMessage_20240411" : '''Z93Khatj+AWZcpPwIqu8LzbJ8xb8CuVMI8okE0qwoQD2IC2lixg77mJZireOrbW7zFkDsk1hP67dROJZwVUDrYot2g5GxX/xy7lGjIblUX4iJVUtP4mHqZUgKROaLoh/gippMpP+8Ik2X/QRBx5gdhq0xam+wuVC+77/tyu8Fd/DohKbAMp8aaJsFr/W4mLDZ1gv4JK+2O3l+bAvpodBRTzb0ld5zD2ueYvjTudoDjdanQP1oVTH7pkDO2Vb+SsdIyTi2C410JEOF4Qm8mzVHtiOunOcLVpAlQsM6/LdhqsTNelXl/Myb84NGxwGWVmx6j2QejiL7S1hHeHlmQ9ExHeURPdZAvKhgMCemYXu3BGlFq3ydb5SkqwLFvM4vJ6XUBcWkHT8eijBFF6Y7YgOv9GRvBTnsAQhUBp4W4EAMtXkDdToG+S8ZO7El8Gh8jaWC49n5CuUBRz3z2GeOVbsBamfLV06IO5v78jGHXig4saEFKHvYSIGewyUCVQEGoIR5xOTJBTUTePAdvQjfg28vZZxFB/hIYNDUHkaek1Mg1UH5HWGgsCX1In5hSX/9eBkznEhzeWnJ1yMsYkj+ddN34DLQSrHc83geXMcoW3Ah3cAQG8E8bszvKL3hme+T5rOeENjkOAgYhf84k4YlxDskdwvzyu8HkE9CSaBpDP6lKI=''',
    "inputMessage_20240305" : '''ckDSthpl5DDJMpBE26Jqk8EjaSq7MUntdwLHPouwx6D38un6WQfLJ9wgDyjh9GA/ICJR7WrwWsVinr6y3u9w+ubMZ0mqmtnphzQraagk8NkKc1u1+qGp8llsud3C8mvJWa4GYa9KEhnACDHwppPKJDCfr1HKwPbR0NIi+1Aunmy6DeOKRkFwysnrSco5QiiC9+gdXFhQDmN9KEiYW6Pc3mWVbqFiJgRW3/Df6638oGPm6AUcgRnEWMKiluyN81frM9VNtCeJ64YrU6Rgx4D153YxNNQbLTcyCQMamHTrJnhxPojkuDqbEcU+iiN4offwrQyr4eEu9ecvmyD2w/n7pAOsVnqSzroBujVA+CK6Zq8Uie15mL5yWG9hD5ZcbSwnRmtqK3yl0Xl91hgn1JqcIEKtf+MnMQPr80uoxT3mz8IX8pyVnyyw1x6F+IK1I2G+5w6rUDjhzIbME5XB9hopwcswsXrMo9PP6/5Sz1noJrsu6k6WN8ZM0MyRIav+xuKP1+cYzlPSQZrMo3L4ieHQnBbsoyzGVf9QONMwaooGOrxu88ZWlGe8e7eyCzteeNSVOC2zqtQiwQJIgfp2UwTymA/cEjOICWVzUXwbE5wWUBPCLp2C/XWc82byrOHAFXHLOVKgolVToUpZ5uOvizgk/ahaxdGxGa9CrRyr6sf+goA=''',

}

def printMessage():
    for key, value in message.items():
        title = key.replace('inputMessage_', '')
        print("\033[1;31m" + "请使用组织分配的私钥解密后使用" + "\033[0m")
        title = datetime.datetime.strptime(title, '%Y%m%d').strftime('%Y-%m-%d')
        print("----------------------------------------------------------")
        print(title)
        print(value)
        print("----------------------------------------------------------")
        print("\n")

# 最新流通公钥
def getPublicKey():
    return b'''
    -----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmziayo9Tddo1FYdrtOsw
yjLYJ5frYKEwm4rQTsKU8UcdnnDRgms+ZmStoqlH/qi6x+D1K3fvvioCnGZLFHZw
BUqbgT5x+qUmUaVMll9FOT7ZJ05w8n8Ljqa1akzFMU5G7YbCr3vQwN63vwvD9/63
TDbXkJrv1fGl2rHpPwp5OPCUeCB3nIFIRCWHpJU7sHJqIP5vzV8KNJtbxgR+dhsz
dg+NhoBDUpxoVN5lzSKr2TMOLFLZaQR9AWOV/aHV8gjTkTLDZfc+XlfhxiDMTQdi
UTbk/tynpt+JFrDA8vL5/TOmuxgumqgXZIPGrIUbwloTYyHD/XXmvXu5KE8g3eMK
gxNxuEKM5bMTESBK9A7Q2Kj3eNp0Rvb5Aleg7h8/YbQemGelY/o5xpUyHgHjsfNQ
3j/xhdhVCNVaXZF64V/YVpvC9Cq29F7qI+bl6FlN7zSpuHB3QgNS1uXOmjBCsA7y
pZoWmdXeaLIO+I3kP48BBSmue4nidJifiK/kSOcZ0iegRXV1hyZ6pYdDE7hM5V5t
5tvayJ31zRQNT2ALAFeCDozVWELHTnphkPkQO+SOPglrVz0S1dXicqRofXWMj7PJ
OFkBpWIX0aywMIh1woEAawUs3RM2pfLUNtqUTfodSCmWlwcpGrBWG5NACx7csPFt
zWn8oPZfzL346at5DDIwD2kCAwEAAQ==
-----END PUBLIC KEY-----
'''

def enctryptMessage(message):
    import base64
    message_bytes = message.encode('utf-8')  
    message_base64 = base64.b64encode(message_bytes).decode('utf-8')
    publicKey = getPublicKey()
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives import serialization
    from cryptography.hazmat.primitives.asymmetric import padding
    from cryptography.hazmat.primitives import hashes
    public_key = serialization.load_pem_public_key(publicKey, backend=default_backend())
    encrypted = public_key.encrypt(
        message_base64.encode('utf-8'),
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    encrypted_base64 = base64.b64encode(encrypted).decode('utf-8')
    return encrypted_base64

printMessage()

找个公钥解析网站推出n和e(这个e我做的时候猜的是65537还真是)

1
e=65537
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
n=6332468885045739207798242375080077355892316665891880211715759509
3994025514008605209080197241118207580620027792226491625637695206
8104942084262732765302869757002336862151158422906662985191392193
4625112891871237543378546847020163969961987899081707281756262252
8140625647621607986357475076878716996947515271743090346014970559
7463505143799487488630064694962535355825378265518133414832135165
9981250042829128658958363792059338950291542877888243170008437712
5133143593941038995757255274641093310334721226053335140687658479
8128116835102705770834548333327952204414218313396767348386545933
7003717067807320811287647328283988796540276949990614458889846521
9605771776162366647139022650041904735454600952684919003805581700
8252022472857695300387827500818231719929626707573775972451255428
0591198406698260860277025465102137918643581832045307760200048667
7053654569533032416756977779117517004481202822749496645886400266
0598592490354017639158027968836329598282419666463285900175674408
0268810527371486113951531943901306283561047843588041585812947331
9670347691343405520944180270848572345532298565444740094573471751
0509951259155462497189459983874690099575241597111904193711108488
6165664866650538846290845643642053197978121486841730575238128406
84555544241901417

那个提示给的后两组数就是pq

得到私钥

1
d=255494060238307270904376344480014961692638719012943980588351790511526316834981085331720795191975165913416051220234812634864570648409766675192260551751506509523716241344598181462349247820785089026591444660053501261906305947643584072714472782578549436500124340310728805775448735106024990894767052700947375594060596201817529153455346023559945898594239348755052546418848846155358881110182939750390821196911668488114179216382384926036860278813344161481291906950716540115221296877179617588432773959543357536626648010364101250672960094999655265377265631813923749342246934132261730741091371723922305227416677557188283308296236221668815925784512852044291355167731705666340336896234239097284201418078819508782841013506098248607490669283372652309698886330888594401260157111267337618589385328458170871309386675783417913977677592175152532663930748569315846293991784782073744026212234038850487736671990624960666049359427646696567908479413777548419239816695981241578678851908594429943937859946635004227968029219621307338825722289578116044664518758852790207035110719643081246219363264672864916483562061006683514992740110898785579215127202200186207575760049520971437781541536256606142748784987704960904222016122617597238247773464058692994329931242753

导出为私钥,得到

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAmziayo9Tddo1FYdrtOswyjLYJ5frYKEwm4rQTsKU8UcdnnDR
gms+ZmStoqlH/qi6x+D1K3fvvioCnGZLFHZwBUqbgT5x+qUmUaVMll9FOT7ZJ05w
8n8Ljqa1akzFMU5G7YbCr3vQwN63vwvD9/63TDbXkJrv1fGl2rHpPwp5OPCUeCB3
nIFIRCWHpJU7sHJqIP5vzV8KNJtbxgR+dhszdg+NhoBDUpxoVN5lzSKr2TMOLFLZ
aQR9AWOV/aHV8gjTkTLDZfc+XlfhxiDMTQdiUTbk/tynpt+JFrDA8vL5/TOmuxgu
mqgXZIPGrIUbwloTYyHD/XXmvXu5KE8g3eMKgxNxuEKM5bMTESBK9A7Q2Kj3eNp0
Rvb5Aleg7h8/YbQemGelY/o5xpUyHgHjsfNQ3j/xhdhVCNVaXZF64V/YVpvC9Cq2
9F7qI+bl6FlN7zSpuHB3QgNS1uXOmjBCsA7ypZoWmdXeaLIO+I3kP48BBSmue4ni
dJifiK/kSOcZ0iegRXV1hyZ6pYdDE7hM5V5t5tvayJ31zRQNT2ALAFeCDozVWELH
TnphkPkQO+SOPglrVz0S1dXicqRofXWMj7PJOFkBpWIX0aywMIh1woEAawUs3RM2
pfLUNtqUTfodSCmWlwcpGrBWG5NACx7csPFtzWn8oPZfzL346at5DDIwD2kCAwEA
AQKCAgA+oGYD2DQqVrIYT50rT8FNs5n2z5rOT/rWpvlI7cU+XB0dMhO19SMmGPTd
rkM4AkfqIV+J/Egkh7qp87PTO74SxHldeh5urHd7daAjA6lgYXUoIMP9czjsg2Kq
0vK05ApGB5tBRkmBp9qnIE4fHwxBmdb7pyehQHBUfnfHUah7SsX8ec0Ivji0FhhW
VUfR9zfOvBnL2M67TvuGN4X2jR8EQV4uqE2BZU3LADg+vgBsD+dmBr9lWcQ97To1
LTivANSrvrmLyGfHlNmpIM6NPa9zaRyXn9ucvpAHMaWH4HTwrghVcHpNOAjIK0rb
jJEYp1MvKg5zk0BXrzWTh+mQ3Ov+NXrbdDspmeZsY02SuyPheOBHHHs7cHANPcRH
1Nl/nxXkRF9H+oSOmTQi7wjZbhrEFFCeCK2TuT8vyf0p+lQMPEc+cAFn5rSXnhii
W2Mq6nwx5Nbllr/hj7oVeyGrUZFskvbZnYYVM4NTFqUPBzQbBuQTGGfccZc9OrJx
2qpDZdUknQe9ZI742c2vZRTqY2yZX6InR8JoQbmscke4LRdUMHH6G/PbfkqPXfFy
r5mxscghP+kRFj86dyL03CB039N23xCNezK/AGE/6JzJgwpvUPaYtvnIuhSFQEmH
DGrYYrDXSbwTT0ufM/tIEuHMHXT4DYX3nm94SG8wB/b3zpFdAQKCAQEAnexbL5So
v7N4W7BrZZao8cKEnM6goDpUjqgEnlIG4FF+UVmBzuAYNlLjOXW7fKK6nt5q95R1
AA72FpfOHbZnTTYHm9u1zUecIeuvNVjxi9swhmhMn43pxaQcUfgWSsCrqH+8SrVE
z8Lc7V2lbswx/V94PC8Za7ZLSr+FOz6X7C71sLQR8XI3SkrZIkmL150N8LO4WdKA
tKKIfvz7Lo2xLxpGLNJ3Xf/NW51wMs5BwQNzEUWRUmkgCmeU74m47TCSOj580qLL
T0Hxj1jRhecZOs0DHqDCeHt0hz82EtOcw1TBJKTly3Xj/UjGRpzEmo8rAuU8XoKc
/NkmaZCjpxh/eQKCAQEA+56kjWCgWcjo+QUgp50+BIa5hkFoV16QOCQEsqh+s5rh
VMke7svuo5+U6C/rNFIkpR1iKRPL3LOqJ8B5P7ZAPdhbHAPjdtnUDbPzM1r0RYpj
bJPh4AcRVqhDTWy20Yd7iZN9mHxHSKBZ4Txn20gvkHamPVlPMejsDRpDoauS/euz
n2GlG9GPq7i5vHwQiy6sYZAPm9Eyz+XxsQNiqB32tHnZqYrj/GS64Jx6eaa5MdSC
LIPkHHWAUHzBQ5A8/bNTFf8VAYriR9GnTZF8oSNne6oD62IYVzDH2wWOWSnUKdAd
snaahJLvHQnWbz6itWPWj+2TrjLSnl9Tz7uuhrRjcQKCAQEAhnF+W65yTulKELzL
YWv2ngLchOY/xsiBzgTqEaKBahzWrgjGQslys2SzPuqk14Ft4Ow3IljHlmomRKut
9IuhvBDAP4a3anCJUjNkMMVstYS/9dz7RmY5W2HQHlRXHgKS4NsGAI/7aehZztYH
jaDW+f55zLrIKHPD+3m6weoSyiZcUberAuMagOvhmJgGLmPtRzqpOgbEPYOVMo7K
hCJqclAq5+OxbVvlhxYsO4RuZBQ8tLqF8iO+/DychaS4w2yzQFSMTYH8FZhtPnz9
usI4L1/zRPLVPF7VoIJG1ZZDgeM4nqqnWyQdGTcIXXr+wRobItbnIwqM/ZEca4iQ
WiO3+QKCAQEArbI5E+OFLhXURbs1bJ/OpR8/yR8z4URFOIwcthw8ws2DCZ2A/gXH
aiqKh7I0oryl0Vm0Xnjs/SEFsEVdLg8oz8igNHm2t1/t07vKgkQiZjL/KX/4qEcY
wAKN20/V8FSfgjxPskjwiIExKpwhca2mMArH/Ye+dMy+zti3oU4ovaLNL5Qff1Gt
5TQy+5uFbB8/HmZtb/n9IqkwrCqTG0z79mA7Up+vfJcork82+O2P4Ic7iXFOshqn
BmjonTRf9h6pl4CsRpFSXZOr848gQriHAkY+SGpCNUZWYKq4NnL6pBanuX/IcQZh
jGEzJz5M4fzWrCqsDM/Gt09FMxzzgMfb8QKCAQEAh4vGV/+sD6MsiafBfsfPiegv
oqjUCj6HuXwVBMAM3yvRqLkmWfh2delFnKD2SOVsu11i5pm9AVnQYER6rS7QsIpu
O3WcAIvxbOfbD7A5aQvVAqHQIZDWDWy8eJK80Zq/ZbYWZ7JuOkw3MuYfUji41esO
LvRSjDi9hXpTplRlv0dYZofa4c2vlOyu3MCPk+S0sSOvEpWCsHxbiBZacugfyr4E
/IrE/zH5n94opAULaY7UXvCTQ9WuvDjDHb21SvfcoYLCKOwb1+gRSDJR4vty+4Z1
WnIm+IGyBS2uHBQH1upASOt3LzHZm7l5YBxKvDTjn3smlqMRl5FdI+uRVm4OYQ==
-----END RSA PRIVATE KEY-----

在线网站解码得到base64

image-20250115190818615

image-20250115190908005

image-20250115191025210

image-20250115190951359

flag:ctfshow{https://task.ctfer.com}

第二章

好像关站了,死活打不开GG