-
记 : CTF2023羊城杯 - Reverse 方向 Blast 题目复现and学习记录
前言
羊城杯题目复现:
第一题 知识点 :DES算法 : 链接:Ez加密器
第二题 知识点 :动态调试 : 链接:CSGO这一题的查缺补漏:
虚假控制流的去除(还没学习);
MD5加密算法的原理:链接:MD5加密算法原理
python 字典的使用刚学点题目分析and复习过程
ida打开,到main函数里面发现都是虚假控制流的混淆,还不知道怎么去除,先Shift + F12 搜索字符串
看到success的同时还看到下面,一大堆相同长度的十六进制字符串,想到哈希hash
用插件Findcrypt看看
可以看到的确是使用了MD5加密算法,同时看看这个md5是被谁调用了,可以看到调用了俩次。
修改一下名字,依次查看下,
第一次调用是在main 函数的 第 112 行
第二次调用是在sub_402370函数的第61行
而sub_402370函数是main函数的最后一行,sub_402370函数执行的最后就是比较并且输出success或error。
这里可以猜测 就是 进行了 俩次md5 的 加密。
exp
编写exp的思路就是,对单字节进行俩次md5加密,然后和enc进行验证,如果验证通过就将字节存入字典中。
import hashlib import itertools enc = [ '14d89c38cd0fb23a14be2798d449c182', 'a94837b18f8f43f29448b40a6e7386ba', 'af85d512594fc84a5c65ec9970956ea5', 'af85d512594fc84a5c65ec9970956ea5', '10e21da237a4a1491e769df6f4c3b419', 'a705e8280082f93f07e3486636f3827a', '297e7ca127d2eef674c119331fe30dff', 'b5d2099e49bdb07b8176dff5e23b3c14', '83be264eb452fcf0a1c322f2c7cbf987', 'a94837b18f8f43f29448b40a6e7386ba', '71b0438bf46aa26928c7f5a371d619e1', 'a705e8280082f93f07e3486636f3827a', 'ac49073a7165f41c57eb2c1806a7092e', 'a94837b18f8f43f29448b40a6e7386ba', 'af85d512594fc84a5c65ec9970956ea5', 'ed108f6919ebadc8e809f8b86ef40b05', '10e21da237a4a1491e769df6f4c3b419', '3cfd436919bc3107d68b912ee647f341', 'a705e8280082f93f07e3486636f3827a', '65c162f7c43612ba1bdf4d0f2912bbc0', '10e21da237a4a1491e769df6f4c3b419', 'a705e8280082f93f07e3486636f3827a', '3cfd436919bc3107d68b912ee647f341', '557460d317ae874c924e9be336a83cbe', 'a705e8280082f93f07e3486636f3827a', '9203d8a26e241e63e4b35b3527440998', '10e21da237a4a1491e769df6f4c3b419', 'f91b2663febba8a884487f7de5e1d249', 'a705e8280082f93f07e3486636f3827a', 'd7afde3e7059cd0a0fe09eec4b0008cd', '488c428cd4a8d916deee7c1613c8b2fd', '39abe4bca904bca5a11121955a2996bf', 'a705e8280082f93f07e3486636f3827a', '3cfd436919bc3107d68b912ee647f341', '39abe4bca904bca5a11121955a2996bf', '4e44f1ac85cd60e3caa56bfd4afb675e', '45cf8ddfae1d78741d8f1c622689e4af', '3cfd436919bc3107d68b912ee647f341', '39abe4bca904bca5a11121955a2996bf', '4e44f1ac85cd60e3caa56bfd4afb675e', '37327bb06c83cb29cefde1963ea588aa', 'a705e8280082f93f07e3486636f3827a', '23e65a679105b85c5dc7034fded4fb5f', '10e21da237a4a1491e769df6f4c3b419', '71b0438bf46aa26928c7f5a371d619e1', 'af85d512594fc84a5c65ec9970956ea5', '39abe4bca904bca5a11121955a2996bf'] # 生成所有ASCII可见字符 characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~' combinations = itertools.product(characters, repeat=1) # 创建一个字典以存储已知哈希值和对应的原始字符 hashes_dict = {hash_val: None for hash_val in enc} # 遍历所有组合,计算哈希值并与已知的哈希值进行比较 for combo in combinations: plaintext = ''.join(combo) hash0 = hashlib.md5(hashlib.md5(plaintext.encode()).hexdigest().encode()).hexdigest() if hash0 in enc: hashes_dict[hash0] = plaintext flag = '' for i in enc: flag += hashes_dict[i] print(f"Original Text for Hash '{i}': {hashes_dict[i]}") print(flag) """ Original Text for Hash '14d89c38cd0fb23a14be2798d449c182': H Original Text for Hash 'a94837b18f8f43f29448b40a6e7386ba': e Original Text for Hash 'af85d512594fc84a5c65ec9970956ea5': l Original Text for Hash 'af85d512594fc84a5c65ec9970956ea5': l Original Text for Hash '10e21da237a4a1491e769df6f4c3b419': o Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '297e7ca127d2eef674c119331fe30dff': C Original Text for Hash 'b5d2099e49bdb07b8176dff5e23b3c14': t Original Text for Hash '83be264eb452fcf0a1c322f2c7cbf987': f Original Text for Hash 'a94837b18f8f43f29448b40a6e7386ba': e Original Text for Hash '71b0438bf46aa26928c7f5a371d619e1': r Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash 'ac49073a7165f41c57eb2c1806a7092e': V Original Text for Hash 'a94837b18f8f43f29448b40a6e7386ba': e Original Text for Hash 'af85d512594fc84a5c65ec9970956ea5': l Original Text for Hash 'ed108f6919ebadc8e809f8b86ef40b05': c Original Text for Hash '10e21da237a4a1491e769df6f4c3b419': o Original Text for Hash '3cfd436919bc3107d68b912ee647f341': m Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '65c162f7c43612ba1bdf4d0f2912bbc0': T Original Text for Hash '10e21da237a4a1491e769df6f4c3b419': o Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '3cfd436919bc3107d68b912ee647f341': m Original Text for Hash '557460d317ae874c924e9be336a83cbe': y Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '9203d8a26e241e63e4b35b3527440998': M Original Text for Hash '10e21da237a4a1491e769df6f4c3b419': o Original Text for Hash 'f91b2663febba8a884487f7de5e1d249': v Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash 'd7afde3e7059cd0a0fe09eec4b0008cd': a Original Text for Hash '488c428cd4a8d916deee7c1613c8b2fd': n Original Text for Hash '39abe4bca904bca5a11121955a2996bf': d Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '3cfd436919bc3107d68b912ee647f341': m Original Text for Hash '39abe4bca904bca5a11121955a2996bf': d Original Text for Hash '4e44f1ac85cd60e3caa56bfd4afb675e': 5 Original Text for Hash '45cf8ddfae1d78741d8f1c622689e4af': ( Original Text for Hash '3cfd436919bc3107d68b912ee647f341': m Original Text for Hash '39abe4bca904bca5a11121955a2996bf': d Original Text for Hash '4e44f1ac85cd60e3caa56bfd4afb675e': 5 Original Text for Hash '37327bb06c83cb29cefde1963ea588aa': ) Original Text for Hash 'a705e8280082f93f07e3486636f3827a': _ Original Text for Hash '23e65a679105b85c5dc7034fded4fb5f': w Original Text for Hash '10e21da237a4a1491e769df6f4c3b419': o Original Text for Hash '71b0438bf46aa26928c7f5a371d619e1': r Original Text for Hash 'af85d512594fc84a5c65ec9970956ea5': l Original Text for Hash '39abe4bca904bca5a11121955a2996bf': d Hello_Ctfer_Velcom_To_my_Mov_and_md5(md5)_world """- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
-
相关阅读:
验证码案例 —— Kaptcha 插件介绍 后端生成验证码,前端展示并进行session验证(带完整前后端源码)
C#源码 LIS实验室(检验科)信息系统源码 SaaS模式的Client/Server架构
Fiddler下载与安装
Redis面经
Mac M1芯片Java开发环境搭建 · Maven安装
BeanShell 如何加密加签?
乐队现场如何播放PROGRAM以及VJ视频 ?M-Live“B Beat”取代了我使用10年的PGM机器
9.2.4 DATETIME类型
notepad++下载 地址真实有效
将ppt里的视频导出来
- 原文地址:https://blog.csdn.net/Sciurdae/article/details/134053784
