1.17学习记录

题目均来自basectf2024

Web

basectf2024 flag直接读取不就行了？

先进行代码审计

<?php
highlight_file('index.php');
# 我把flag藏在一个secret文件夹里面了，所以要学会遍历啊~
error_reporting(0);
$J1ng = $_POST['J'];
$Hong = $_POST['H'];
$Keng = $_GET['K'];
$Wang = $_GET['W'];
$dir = new $Keng($Wang);
foreach($dir as $f) {
    echo($f . '<br>');
}
echo new $J1ng($Hong);
?>

题目提示flag藏在secret文件夹里面，要学会遍历，先看明白四个参数是干什么的
K、W是通过POST方式请求并且是通过类的方式创建了一个对象dir
K：可以通过查询php文档找遍历的类。我找到的是DirectoryIterator这个类，所以K传入的就是这个类。
W:一般就先访问根目录 传入 ”/“
根据提示 说flag在secret文件夹里面，所以就直接http://challenge.basectf.fun:29227/?K=DirectoryIterator&W=/secret
可以找到flag文件；从KW中只能得到flag的路径，读取还是需要查询PHP中读取文件的类是什么。经查询可以得到是SplFileObject类。再通过传入刚刚得到的flag文件的路径可以读取flag文件。

传参后没找到flag，根据查询被藏在元素里面了

一起吃豆豆

这道题是个小游戏，提示是个js小游戏，打开游戏后想看源码发现右键和Ctrl+u，f12都被禁用了，在右上角找到开发人员模式，接着Ctrl+u查看源代码一直往下翻，就能够翻到gameover提示语是一串字符，用ctf一把梭看一下确实是flag

你听不到我的声音

代码审计

<?php
highlight_file(__FILE__);
shell_exec($_POST['cmd']);

这题代码很简单，看上去就是传个cmd就可以拿到shell，但是这题的关键是shell_exec不会将结果直接输出，需要弄一个外带
根据查询，这题可以用流重定向符号解决

cmd=ls > 1

接着在URL后面输入/1就会下载文件，打开发现没有内容，就同样的方法查看根目录，在根目录下找到了flag，用同样的的方法读取flag即可

misc

哇！珍德食泥鸭

下载后得到一个gif，一来就想到是gif分帧查看，但是没有flag但是也注意到binwalk检测到了文件，用binwalk分离出来因为binwalk分出来都是zip格式，看到压缩包的内容是一堆小目录和xml文件，png就判断这是一个word文档，改拓展名后打开打开后上面数一张图片，图片下面全是空白，但是有标识符，可能是回车的，往下翻找到一张白色图片把图片删掉没有发现内容，查看隐藏内容
发现隐藏内容用其他颜色标出来

二维码1-街头小广告

下载后得到一个二维码被踩了一脚，发现少了右上角的定位角，用Photoshop补齐之后用cqr扫码试试扫码后发现纠错能力挺强的，这里要知道%7B，和%7D是大括号，就可以得到flag了

二维码2-阿喀琉斯之踵

这题也是修复二维码，也给了提示这题是二维码的骨架有错误
缺少了格式信息，时间信息，根据搜索可以用脚本解决

from PIL import Image, ImageDraw
import pyzbar.pyzbar as pyzbar

img = Image.open('qrcode-2.png')
img_draw = ImageDraw.Draw(img)

def get_module(x, y):
    return 0 if 255 == img.getpixel((20*x+40+10, 20*y+40+10))[0] else 1

def set_module(x, y, v):
    img_draw.rectangle((20*x+40, 20*y+40, 20*x+40+19, 20*y+40+19),
                       fill=(0, 0, 0) if v else (255, 255, 255))

# Timing patterns

for x in range(8, 41-8):
    set_module(x, 6, ~x&1)

for y in range(8, 41-8):
    set_module(6, y, ~y&1)

# Bruteforce format information

FORMATS = '''L  0   111011111000100
L   1   111001011110011
L   2   111110110101010
L   3   111100010011101
L   4   110011000101111
L   5   110001100011000
L   6   110110001000001
L   7   110100101110110
M   0   101010000010010
M   1   101000100100101
M   2   101111001111100
M   3   101101101001011
M   4   100010111111001
M   5   100000011001110
M   6   100111110010111
M   7   100101010100000
Q   0   011010101011111
Q   1   011000001101000
Q   2   011111100110001
Q   3   011101000000110
Q   4   010010010110100
Q   5   010000110000011
Q   6   010111011011010
Q   7   010101111101101
H   0   001011010001001
H   1   001001110111110
H   2   001110011100111
H   3   001100111010000
H   4   000011101100010
H   5   000001001010101
H   6   000110100001100
H   7   000100000111011'''.split('\n')

# 红色部分坐标
GROUP1 = [
    (0, 8), (1, 8), (2, 8), (3, 8), (4, 8),
    (5, 8), (7, 8), (8, 8), (8, 7), (8, 5),
    (8, 4), (8, 3), (8, 2), (8, 1), (8, 0),
]

# 黄色部分坐标
GROUP2 = [
    (8, 40), (8, 39), (8, 38), (8, 37), (8, 36),
    (8, 35), (8, 34), (33, 8), (34, 8), (35, 8),
    (36, 8), (37, 8), (38, 8), (39, 8), (40, 8),
]

for fmt in FORMATS:
    level, mask, fmtstr = fmt.split()

    # 填图
    for i, c in enumerate(fmtstr):
        x, y = GROUP1[i]
        set_module(x, y, int(c))
        x, y = GROUP2[i]
        set_module(x, y, int(c))

    # 存图
    # img.save(f'output/{level}{mask}.png')

    # 解码
    res = pyzbar.decode(img)
    if res:
        print(level, mask, res[0].data.decode())
    else:
        print(level, mask, 'None')

需要安装依赖，将图片放在脚本同一个文件夹内

白丝上的flag

下载附件后得到三个文件根据提示感觉像是要用Stegsolve查看这题的官方解法并不是这种，但是用这个工具确实可以硬看出来

crypto

铜匠

from Crypto.Util.number import getPrime, bytes_to_long
#from secret import flag
flag=b'XXXX'

p = getPrime(1024)
q = getPrime(1024)
n = p * q
e = 65537
hint1 = p >> 721
hint2 = q % (2 ** 266)
ct = pow(bytes_to_long(flag), e, n)
print(hint1)
print(hint2)
print(n)
print(ct)
'''
hint1 = 14439249591349619691972392177790365247490839237199085979433418493254022567815148979672690178
hint2 = 90063199151369157959005663017593053931871580139169245885113098598755909124764417
n = 18347545778876678838092757800261556931131930866012101566000425608407193858675622059415995283684230959320874387944052648148677918542763633503231962873204645415818139345588988936580526094727943067102768943117592654029397879665312089518191052154267343886226820785206334238961064175118262578895847281575656290248049404047727756356910896332939145136942219317065063060070725033146788186604738271846183709127655298440696824683099637827282095133642324657860714680107691622056420045091586609974536644773286992447027164350612852922016376888380895187804771279035652496676089183636450028327097084911908336202253562671798012457461
ct = 15659576879410368237140555530527974801613150473447768911067611094143466009251385693099110691602954207905029692682380253595062935017486879899242785756448973466690818942065250284891341066578689696180061755610538867770441139827574063212967027249650509215685566103350688284041405586915563454117672061141919712416360596137520514412607512596079964611672166435592936417138352662031529414118312166411150736015788925026636845744110093161894267707446937939130745326244186579516665160036229715964182962542836836457885170975474737620430886449029488829662146456489724775166105816909257516908496172172266375617868819982791477888289
'''

题目是一个rsa算法，根据查阅题目给出的是p高位和q低位，并发现相加之后为570位，剩余454位可以考虑用coppersmith求解，但是coppersmith要用同一个数的多个二进制位数，那么可以考虑把q的低位转变为p的低位,进而求出p求出flag
解密脚本：

from Crypto.Util.number import long_to_bytes, inverse

# 给定的提示信息
hint1 = 14439249591349619691972392177790365247490839237199085979433418493254022567815148979672690178
hint2 = 90063199151369157959005663017593053931871580139169245885113098598755909124764417
n = 18347545778876678838092757800261556931131930866012101566000425608407193858675622059415995283684230959320874387944052648148677918542763633503231962873204645415818139345588988936580526094727943067102768943117592654029397879665312089518191052154267343886226820785206334238961064175118262578895847281575656290248049404047727756356910896332939145136942219317065063060070725033146788186604738271846183709127655298440696824683099637827282095133642324657860714680107691622056420045091586609974536644773286992447027164350612852922016376888380895187804771279035652496676089183636450028327097084911908336202253562671798012457461
e=65537
ct = 15659576879410368237140555530527974801613150473447768911067611094143466009251385693099110691602954207905029692682380253595062935017486879899242785756448973466690818942065250284891341066578689696180061755610538867770441139827574063212967027249650509215685566103350688284041405586915563454117672061141919712416360596137520514412607512596079964611672166435592936417138352662031529414118312166411150736015788925026636845744110093161894267707446937939130745326244186579516665160036229715964182962542836836457885170975474737620430886449029488829662146456489724775166105816909257516908496172172266375617868819982791477888289

# 恢复 p 的高位部分
p_high = hint1 << 721

# 尝试恢复 q 的低位部分
for q_low in range(2**266):
    q_guess = (hint2 + q_low * (2**266))
    if n % q_guess == 0:
        q = q_guess
        p = n // q
        break

# 计算私钥 d
phi = (p - 1) * (q - 1)
d = inverse(e, phi)

# 解密 flag
flag = long_to_bytes(pow(ct, d, n))
print(flag.decode())

解密时间有点长，因为是进行枚举恢复pq
最后解得BaseCTF{7074ddc3e006810688241196414e49e2}