忙里偷闲做做题wwwwwwwwwwwww

Intro to Hashing

1
2
3
4
5
 

import hashlib
hashlib.md5(hashlib.sha256('id0-rsa.pub').hexdigest()).hexdigest()
# 'b25d449d86aa07981d358d3b71b891de'

Intro to PGP

1
2
3
4
5
6
7
8
9
10
11
 
# bash

root@kali:~/Documents/id0-rsa# touch Intro_to_PGP.key
root@kali:~/Documents/id0-rsa# gpg --import Intro_to_PGP.key 
gpg: key 2503D0F1A81B09D4: public key "id0-rsa.pub (http://id0-rsa.pub) <id0rsa.pub@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
root@kali:~/Documents/id0-rsa# touch Intro_to_PGP.txt
root@kali:~/Documents/id0-rsa# gpg -d Intro_to_PGP.txt

# Thank you Phil Zimmermann!

Hello PGP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
#!/bin/bash

count=1

while read WORD; do
	gpg --batch --passphrase $WORD --decrypt test.txt 2>/dev/null
	if [ $? -eq 0 ]; then
		echo 
		echo $WORD
		exit
	fi
	count=$(( count + 1 ))
	if [ $((count % 1000)) -eq 0 ]; then
		echo $count
	fi
done < words

# passionately apathetic
# seamanship
# gpg: AES256 encrypted data
# gpg: encrypted with 1 passphrase

Hello OpenSSL

繁琐的解法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# bash
root@kali:~/Documents/id0-rsa/Hello_OpenSSL# openssl rsa -in priva.pem -text
Private-Key: (256 bit)
modulus:
    00:e6:dc:a0:a5:26:5d:39:95:0c:7e:e3:b7:a1:31:
    96:47:87:00:2c:1b:56:ba:2e:54:ce:b4:30:db:ff:
    09:95:9d
publicExponent: 65537 (0x10001)
privateExponent:
    00:8f:67:e1:8a:75:28:57:ca:94:76:85:f1:dd:79:
    b6:05:0e:35:05:e7:f9:ed:da:23:e6:de:14:aa:22:
    d9:78:a9
prime1:
    00:fd:99:07:3e:67:03:c1:72:2a:96:81:ab:9a:29:
    db:d7
prime2:
    00:e9:0c:76:fe:de:98:c1:9d:d3:c8:30:c0:e4:3a:
    8b:ab
exponent1:
    00:b4:a6:37:17:c7:d0:50:14:20:ac:58:30:c2:c0:
    00:bf
exponent2:
    00:c5:87:27:25:07:8e:fa:2c:c7:e0:9a:52:24:1f:
    eb:59
coefficient:
    00:e3:bd:9b:a2:47:11:68:33:2d:80:fe:7d:ed:34:
    de:fc
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIGtAgEAAiEA5tygpSZdOZUMfuO3oTGWR4cALBtWui5UzrQw2/8JlZ0CAwEAAQIh
AI9n4Yp1KFfKlHaF8d15tgUONQXn+e3aI+beFKoi2XipAhEA/ZkHPmcDwXIqloGr
minb1wIRAOkMdv7emMGd08gwwOQ6i6sCEQC0pjcXx9BQFCCsWDDCwAC/AhEAxYcn
JQeO+izH4JpSJB/rWQIRAOO9m6JHEWgzLYD+fe003vw=
-----END RSA PRIVATE KEY-----
 
1
2
3
4
5
6
7
8
9
 
n = 0xe6dca0a5265d39950c7ee3b7a131964787002c1b56ba2e54ceb430dbff09959d

d = 0x8f67e18a752857ca947685f1dd79b6050e3505e7f9edda23e6de14aa22d978a9

c = 0x6794893f3c47247262e95fbed846e1a623fc67b1dd96e13c7f9fc3b880642e42

>>> hex(pow(c,d,n))
'0x310f2eb0634ed1ab'

一行

1
2
3
 
# bash
root@kali:~/Documents/id0-rsa/Hello_OpenSSL# openssl rsautl -decrypt -in <(xxd -r -p cipher) -inkey priva.pem -raw | xxd -p -c 8 | tail -n1
# 310f2eb0634ed1ab

Intro to RSA

1
2
3
4
5
6
7
8
 
>>> (e, N) = (0x3, 0x64ac4671cb4401e906cd273a2ecbc679f55b879f0ecb25eefcb377ac724ee3b1)
>>> d = 0x431d844bdcd801460488c4d17487d9a5ccc95698301d6ab2e218e4b575d52ea3

>>> c = 0x599f55a1b0520a19233c169b8c339f10695f9e61c92bd8fd3c17c8bba0d5677e

>>> hex(pow(c,d,N))
'0x4d801868d894740b2be29309fcd3edcd51bd2c2a685028b89290f9268c727581'

Caesar

但是交了以后就显示错误,不知道为什么……

破案了,因为凯撒之后的原文是

Hello Bitcoin

按资料算就是了

然而我找到了在线计算的工具;D

按照比特币wiki的说法,计算过程大概是这样的:

  1. 首先我们生成一个私钥
  2. 获取对应的公钥
  3. 获得公钥的SHA256散列值
  4. 获取上一步结果的RIPEMD-160散列值
  5. 在散列值前加入版本号
  6. 计算上一步结果的SHA-256散列
  7. 取第二个SHA-256散列值的前四字节作为地址校验和
  8. 在第四步的结果末尾加入校验和
  9. 进行Base28编码

You already solved this one! Solution: 18GZRs5nx8sVhF1xVAaEjKrYJga4hMbYc2

Ps and Qs

factordb.com 完成

噫,年老体衰也就算了,眼神也不好了,其实没有分解成功

然后开了个yafu,结果还是很不错的,我做出来了以后依然没有分解出答案

先是打开题目看了下,说是生成的素数low entropy(低熵)吗,然后打开论文大概看了下,就说生成素数有毛病,就猜测是不是共同素数的锅

结果还真是

先读两个公钥,然后gcd了一波,成功

1
2
3
4
5
6
7
8
9
 
# python
def (a, b):
	if b == 0:
		return a
	else:
		return gcd(b, a%b)

#q = gcd(3367646059138877442579820972831876412006279917097809082279412851693123955964282545145500497393579598954859534731890460229194372339215098506788375050698427369, 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141)
#print(q)

然后懒得写求拓展欧几里得求逆元了,直接拿工具了

补全代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
# python
def (a, b):
	if b == 0:
		return a
	else:
		return gcd(b, a%b)

#q = gcd(3367646059138877442579820972831876412006279917097809082279412851693123955964282545145500497393579598954859534731890460229194372339215098506788375050698427369, 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141)
#print(q)

#print(9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141//q)

n = 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141

d = 5595429548525262877923879998920954875376781621351655927785581040054379710925982991727871918848397312612397095534700830662119225899345003601005897300178945

c = 0xf5ed9da29d8d260f22657e091f34eb930bc42f26f1e023f863ba13bee39071d1ea988ca62b9ad59d4f234fa7d682e22ce3194bbe5b801df3bd976db06b944da

print(hex(pow(c,d,n))[2:])

# f6a1df363229c6ec

Affine Cipher

暴力一下肉眼看吧

是的,暴力以后搜索THE,出现次数最多的那个基本就确定了

不过得感叹一下 ……自己越来越蠢了……求个逆元,不是a*b%c==1则mod c下ab互为逆元么,我™a的b次方是要闹哪样……

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# python
plain = "BOHHIKBI,OZ,REI,WZRIKZIR,EX.,BOHI,RO,KISU,XSHO.R,ICBSG.WYISU,OZ, WZXZBWXS,WZ.RWRGRWOZ.,.IKYWZP,X.RKG.RIT,REWKT,DXKRWI.,RO,DKOBI..,ISIBRKOZWB,DXUHIZR.F,NEWSI,REI,.U.RIH,NOKA.,NISS,IZOGPE, OKHO.R,RKXZ.XBRWOZ.Q,WR,.RWSS,.G  IK., KOH,REI,WZEIKIZR,NIXAZI..I.,O ,REI,RKG.R,MX.IT,HOTISF,BOHDSIRISU,ZOZKIYIK.WMSI,RKXZ.XBRWOZ.,XKI,ZOR,KIXSSU,DO..WMSIQ,.WZBI, WZXZBWXS,WZ.RWRGRWOZ.,BXZZORXYOWT,HITWXRWZP,TW.DGRI.F,REI,BO.R,O ,HITWXRWOZ,WZBKIX.I.,RKXZ.XBRWOZ,BO.R.Q,SWHWRWZP,REIHWZWHGH,DKXBRWBXS,RKXZ.XBRWOZ,.WJI,XZT,BGRRWZP,O  ,REI,DO..WMWSWRU, OK,.HXSS,BX.GXS,RKXZ.XBRWOZ.QXZT,REIKI,W.,X,MKOXTIK,BO.R,WZ,REI,SO..,O ,XMWSWRU,RO,HXAI,ZOZKIYIK.WMSI,DXUHIZR., OK,ZOZKIYIK.WMSI.IKYWBI.F,NWRE,REI,DO..WMWSWRU,O ,KIYIK.XSQ,REI,ZIIT, OK,RKG.R,.DKIXT.F,HIKBEXZR.,HG.RMI,NXKU,O ,REIWK,BG.ROHIK.Q,EX..SWZP,REIH, OK,HOKI,WZ OKHXRWOZ,REXZ,REIU,NOGST,OREIKNW.I,ZIITF,X,BIKRXWZ,DIKBIZRXPI,O , KXGT,W.,XBBIDRIT,X.,GZXYOWTXMSIF,REI.I,BO.R.,XZT,DXUHIZR,GZBIKRXWZRWI.BXZ,MI,XYOWTIT,WZ,DIK.OZ,MU,G.WZP,DEU.WBXS,BGKKIZBUQ,MGR,ZO,HIBEXZW.H,ICW.R.,RO,HXAI,DXUHIZR.OYIK,X,BOHHGZWBXRWOZ.,BEXZZIS,NWREOGR,X,RKG.RIT,DXKRUF"
mp = "ABCDEFGHIJKLMNOPQRSTUVWXYZ ,."
dict = {}
inv_dict = {}
for i in range(0, len(mp)):
    dict[i] = mp[i]
    dict[mp[i]] = i

# print(dict)

for i in range(1, 29):
    for j in range(1, 29):
        if i*j%29 == 1:
            inv_dict[i] = j
            break

print(inv_dict)

newarr = []

for i in range(0, len(plain)):
    newarr.append(dict[plain[i]])

# print(newarr)

def decry(c, a, b):
    s = ""
    for i in range(0, len(c)):
        s += dict[(c[i]-b+29)*inv_dict[a]%29]

    return s

for i in range(1, 29):
    for j in range(0, 29):
        print(decry(newarr, i, j))
        print(i, j)

for j in range(0, 29):
    print(decry(newarr, 0, j))
    print(0, j)

# plain = "RLZZC SCIZJB"
#
# newarr = []
#
# for i in range(0, len(plain)):
#     newarr.append(dict[plain[i]])
#
# print(decry(newarr, 2, 3))
 
1
2
3
4
5
6
7
 
λ python
Python 3.6.1 on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> plain = "COMMERCE ON THE INTERNET HAS COME TO RELY ALMOST EXCLUSIVELY ON FINANCIAL INSTITUTIONS SERVING ASTRUSTED THIRD PARTIES TO PROCESS ELECTRONIC PAYMENTS. WHILE THE SYSTEM WORKS WELL ENOUGH FORMOST TRANSACTIONS, IT STILL SUFFERS FROM THE INHERENT WEAKNESSES OF THE TRUST BASED MODEL. COMPLETELY NONREVERSIBLE TRANSACTIONS ARE NOT REALLY POSSIBLE, SINCE FINANCIAL INSTITUTIONS CANNOTAVOID MEDIATING DISPUTES. THE COST OF MEDIATION INCREASES TRANSACTION COSTS, LIMITING THEMINIMUM PRACTICAL TRANSACTION SIZE AND CUTTING OFF THE POSSIBILITY FOR SMALL CASUAL TRANSACTIONS,AND THERE IS A BROADER COST IN THE LOSS OF ABILITY TO MAKE NONREVERSIBLE PAYMENTS FOR NONREVERSIBLESERVICES. WITH THE POSSIBILITY OF REVERSAL, THE NEED FOR TRUST SPREADS. MERCHANTS MUSTBE WARY OF THEIR CUSTOMERS, HASSLING THEM FOR MORE INFORMATION THAN THEY WOULD OTHERWISE NEED. A CERTAIN PERCENTAGE OF FRAUD IS ACCEPTED AS UNAVOIDABLE. THESE COSTS AND PAYMENT UNCERTAINTIESCAN BE AVOIDED IN PERSON BY USING PHYSICAL CURRENCY, BUT NO MECHANISM EXISTS TO MAKE PAYMENTSOVER A COMMUNICATIONS CHANNEL WITHOUT A TRUSTED PARTY."
>>> hashlib.md5(plain.encode()).hexdigest()
'880cabd53df2f03050a7214d3ae30a07'

Cut and Paste Attack On AES-ECB

截取一哈就行

ECB的问题就在于同样的明文总是对应相同的密文,而AES又是分组加密,所以我们只需要16字节截一段,然后从截出来的字段里拼出Deposit amount: One million dollars就吼啦

然后把对应的密文组合提交就好啦

Rail Fence

栅栏密码

不是栅栏密码,丢人

就是这个名字,密码是17

然而提交又失败……是不是要加空格???

和凯撒那题一样的问题

Factoring RSA With CRT Optimization

看看论文

论文结论放得挺快的,喜欢

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
>>> e = 0x10001
>>> n = 0x90def3c2c91ae9bf6089ec8857960d567fdbcd7c2c3ea713046977231e65f44e1b91550971d4e5d43b51675fae4ba640add3af02dad4bf68c3ddef3a98907e1e01156de7a4474d9fce2ba8c055f44673c703a72a111a06f8a7b2fe582463938d802e91630e1e1b5483b1774e608eb4368c6bbf4da375319d9a2799bf8a5ae453
>>> x = 0xdeadc0de
>>> y = 0x17d7f90a4597fb2bbbb41d1a70f505f0d8c5cb53faaafea259150eb6910fb08fbf1ba40e42de70c596fb0032d132c9c6ce46c650999ad5f14a990d205984260146e2949b819dc8732beceed452701d88b2c8723b410fce739009df89930424c566af5102403981c26c3e75d9c62065a347e815b26984dcd3b5f02fc8a8092051
>>> def (a,b):
...     if b == 0:
...             return a
...     else:
...             return gcd(b,a%b)
...
>>> gcd(pow(y,e,n)-x,n)
9966524937284363425885222065976539626835093420150865305435384403545526100948308275937186399398105835105908301433416877915451315435074364352622884631548129
>>> p = gcd(pow(y,e,n)-x,n)
>>> q = n//p
>>> n%p
0
>>> print(p)
9966524937284363425885222065976539626835093420150865305435384403545526100948308275937186399398105835105908301433416877915451315435074364352622884631548129
>>> print(q)
10207350221528968021374239537567355734439270587735020516681487302155761468885207397982418037573103389660473080952277752719230542349569271803978030721660851

Easy Passwords

暴力/去他们推特看看

Hint for 1: the "easy" passwords are all standard English words

很惭愧,原本没思路的,又学习了一下别人怎么用John the Ripper的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
root@kali:~# touch crackit
root@kali:~# john --wordlist=/usr/share/dict/words crackit 
Created directory: /root/.john
Warning: detected hash type "md5crypt", but the string is also recognized as "aix-smd5"
Use the "--format=aix-smd5" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 10 password hashes with no different salts (md5crypt, crypt(3) $1$ [MD5 128/128 SSE2 4x3])
Press 'q' or Ctrl-C to abort, almost any other key for status
each             (?)
in               (?)
letter           (?)
list             (?)
of               (?)
order            (?)
second           (?)
the              (?)
this             (?)
word             (?)
10g 0:00:00:04 DONE (2018-05-07 07:53) 2.421g/s 24502p/s 24502c/s 176147C/s woolly..word's
Warning: passwords printed above might not be all those cracked

# 这里直接看是不知道交什么的,id0-rsa好像都是这样做的
root@kali:~# john --show crackit
?:the
?:second
?:letter
?:of
?:each
?:word
?:in
?:this
?:list
大专栏  id0-rsa WP合集 class="line">?:in
?:order

11 password hashes cracked, 0 left

RSA Modulus Factorization

有公钥、私钥,分解N

有人提示

You may want to look at end of section 1 of this paper to get an idea of how to tackle this.

但是懒人选择直接用工具

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
λ python rsatool.py -f PEM key.pem -n 2575379069244619122811590270693932708961682118615086945187580561953482470842235 5391264253236312033342930767629026955594380914791828872789640882880456756317355718989951748134910495292317107822354638062542536621806610548119524360577494257082085388892230653871347635789064083634194556923152378748383913055689941464591534636606264605505256200032003073128045380287795929441895659897956729518691264242454587153279087011099643014705274937963488514996712634166563179373202236856266518026166326484283485368106496495400924862033175617707157820195751946135848383888076352630565287208026865192435711425148588227314034233872575399 -d 17105402368913594732268140576016021009260884834703468214454459966320267707293844817833310635571150638333054368126620841170740802501167335402566350357845884586982802288930597441429262542859551082213714762867946512961388972561696317770839625342858127315991460791480206023627821121730752214777828377914024156239192555174948311918712437146465305330571121417401154082076772433310857936602097318370602240544385942653856271345622469333448979309288295132145434251447399809135938564905989171217097472641153308592366164932415033656821923922166211242186853476413476873462490965233576571621275866183349806774845359965178419609761
Using (n, d) to initialise RSA instance

n =
cc0262c3764f6d1bfa485a88c0566a6d68cb89ac382fbbc577a4862bdbce111bb59960ea787f132e3fddb9c914d0d11d156dd433a2adab9084d48cf58f58b42804805966ecd318ad19218791e14e19a8d0cf3441e219e5e1395eb5dba1fba11d94321a34eb536c51f4c44c5987e74a467b5fe2eae8d2725d63f24feebfd9ca746de93b6fd74ed82fed7dbfc3a84b0a425f52503ab71908a13ac11a9d52211042290ae2886626f67935dc78b7d86ba76d3c5e085a003dff06f914187acc368f904613cbd3d52f36c8b0535f9dfeec2737744ad8be51f66e1d470261a7fd7c6da277dbd2f213b44d9e8242a8a5b121acc8710baed3d244004e4ca560d58e756ba7

e = 65537 (0x10001)

d =
87803a2b0b44dbfa8e354a74b41371a2f3cce4c74f965cc85e9c1745c03bd15f2f320d8e0eb4907fd289a9a16642fff1aa4f0577ba6051a8aea12272e3600e60da0489dcf4058dc942fce337c0870841f956f6a59fd085c01f43c9d474755660f81283178d0a1ed31c98d9014a6414105657acb74c26a3316676062354a80a70335a670675f439dec08803def4892c4d99e20fbe1975d7673679ac6f16835307ce59971c865d71edeea9ed1a93c70a37e283f270dea8499271268d86f7fc4a1b4f64041833c62a057dfb0b48f1c4f6d351673238a3de3b4506eb2472aaf90b914e791c3a723464d9169d5eab8e0a3f8a42dedb065829e8b533a89dd3ba0a00a1

p =
cd8872868e62777d31e8cf8a694df3096bfa246463d4cfbda7f22f31d0b0f2d6d99996a099c79f312915018c475b2a5090f08ffa67400985dbbc8c04466ddf07414b40be264b98f8422ae053dfd53d4845eda2fda826cabb9237bb432f9e99862c6b75aeebc1b79e3a780fd813e05e73c9bbb521c05539e998031c876a2e7497

q = fe1a2971eee591830144ccb525befca29aa5a84c7b63510c60a491f09a185a787250bc5ea8c024896a4ec6312a8bf391fe76e15a50d7609cfb27ac18342b7dfd3d20ed94a85d62f83454ea77aa26471881aad95c63b0e890daabc71991f8051c2ec5956f8855a13e34c1e11e3a8d9abc43d813c6f9f42e34e0c75b35d2f15371

Fast Hashing Passwords

母鸡

就是给了一个简单密码表,顺着跑个散列值表,然后排序,找出散列值最大最小的两个

有点考验电脑

Python写的排序那一步会有Memory Error(主要是ACM遗留下来的习惯,写算法写cpp比较习惯)

首先是下载rockyou list,算SHA-256值(其实这里没必要,但是我觉得可能会有用,所以算一个保存着了)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
import hashlib

def hash(strings):
    return str(hashlib.sha256(strings).hexdigest())

f = open(r"rockyou.txt", "rb")
w = open(r"rawsha256.txt", "w")

s = f.readline()[:-1]
arr = []
print(hash("".encode()))
i = 1
while s != "":
    w.write(hash(s)+'n')
    arr.append(hash(s))
    s = f.readline()[:-1]

f.close()
w.close()

然后排序输出最低最高的位置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
#include <bits/stdc++.h>
using namespace std;
int arr[14344391];
vector<string> st;
inline bool cmp(int a, int b){
	return st[a]<st[b];
}
int main()
{
	ios::sync_with_stdio(0); //加速输入输出用,其实为了效率应该考虑用scanf/printf + char*的组合,不过也能接受了
	freopen("rawsha256.txt", "r", stdin);
	string a;
	int pos=0;
	while(cin>>a){
		st.push_back(a);
		arr[pos]=pos;
		++pos;
	}
	sort(arr,arr+14344391,cmp);
	cout<<arr[0]<<endl<<arr[14344390]<<endl;
	return 0;
}

//2637658
//9682632
//--------------------------------
//Process exited after 67.14 seconds with return value 0

然后找到对应单词测试一下就行

1
2
3
4
5
6
7
8
 
>>> import hashlib
>>> def hash(strings):
...     return str(hashlib.sha256(strings.encode()).hexdigest())
...
>>> print(hash("yame1bore"))
0000010e433cfc497373957df2ea9af41ec17edc43672c413558f62d09842190
>>> print(hash("bert7quinn,3"))
fffffdaa4034dadd8b4cf8a18f92a230a92423ee24ad6dfb24adb758a8487ca2

Vigenère

多表,工具即可

https://f00l.de/hacking/vigenere.php

成功

You already solved this one! Solution: BARLEY

Monoalphabetic Cipher

单表,工具解决

https://quipqiup.com/

成功

You already solved this one! Solution: c21c7f2384dabd723c6d265b1315ddb5

Salt Alone Won't Save You

暴力?字典暴力?

是字典

先去hashcat了解了形式以后,写个脚本读

1
2
3
4
5
6
7
8
9
10
 
import base64, binascii
f = open("crack.txt", "r")
s = f.readlines()
f.close()
f = open("crack.txt", "w")
for ss in s:
	ss = ss.split("$")[1:]
	ss[1] = ss[1][:-1]
	f.write(binascii.hexlify(base64.b64decode(ss[1])).decode('ascii')+':'+ss[0]+'n')
f.close()

然后上hashcat

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
A:DownloadsCompressedhashcat-4.1.0
λ hashcat64.exe -m 1410 crack.txt rockyou.txt
hashcat (v4.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: Intel's OpenCL runtime (GPU only) is currently broken.
             We are waiting for updated OpenCL drivers from Intel.
             You can use --force to override, but do not report related errors.
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 965M, 512/2048 MB allocatable, 8MCU

OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: Intel(R) HD Graphics 530, skipped.
* Device #3: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz, skipped.

Hashes: 7 digests; 7 unique digests, 7 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Iterated
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimim salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Dictionary cache built:
* Filename..: rockyou.txt
* Passwords.: 14344390
* Bytes.....: 139921496
* Keyspace..: 14344383
* Runtime...: 1 sec

0603ae874b416862ad705b1c42f770141b1c802fa960a5b5aa91430f04c94400:kPD)T)=~1K{r:totoloco1990
6f2da1836ac6d7c40a93da4ca9afc56fdbe7279fcd12f479aa983d495772de73:4.9.mHSbiQ]^:phuck123
97ddc547c46af1af9821475c0b629d6a47bbfeb952535cc0afff72022459548d:b*.m,%~&<"^6:nc27360
e91ba9f0ff28267c4af7c6976bc1e119138b76fc2cf719a06b097baec8761391:(y3]<+9zmi4|:imberly1999
573fa001661fffc3c82aeec82f16951670dc342cc071eadc8bc71a8826209b66:{4[1m"WqdR0s:cowmen7
Cracking performance lower than expected?

* Append -O to the commandline.
  This lowers the maximum supported password- and salt-length (typically down to 32).

* Append -w 3 to the commandline.
  This can cause your screen to lag.

* Update your OpenCL runtime / driver the right way:
  https://hashcat.net/faq/wrongdriver

* Create more work items to make use of your parallelization power:
  https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: sha256($pass.$salt)
Hash.Target......: crack.txt
Time.Started.....: Fri May 11 15:37:43 2018 (5 secs)
Time.Estimated...: Fri May 11 15:37:48 2018 (0 secs)
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 11989.9 kH/s (9.69ms) @ Accel:128 Loops:1 Thr:384 Vec:1
Recovered........: 5/7 (71.43%) Digests, 5/7 (71.43%) Salts
Progress.........: 100410681/100410681 (100.00%)
Rejected.........: 0/100410681 (0.00%)
Restore.Point....: 14344383/14344383 (100.00%)
Candidates.#1....: $HEX[3032313342] -> $HEX[042a0337c2a156616d6f732103]
HWMon.Dev.#1.....: Temp: 63c Util: 50% Core:1151MHz Mem:2505MHz Bus:16

Started: Fri May 11 15:37:31 2018
Stopped: Fri May 11 15:37:48 2018

排序输入得到答案

CCA on Textbook RSA

RSA的选择密文攻击。

假设爱丽丝创建了密文 $C=P^emodn$并且把 $C$ 发送给鲍勃,同时假设我们要对爱丽丝加密后的任意密文解密,而不是只解密 $C$,那么我们可以拦截$ C$,并运用下列步骤求出 $P$:

  1. 选择任意的 $X∈Z^∗_n$,即 $X$ 与 $N$ 互素
  2. 计算 $Y=C×X^emod n$
  3. 由于我们可以进行选择密文攻击,那么我们求得 $Y$ 对应的解密结果 $Z=Y^d$
  4. 那么,由于 $Z=Y^d=(C×X^e)^d=C^dX=P^{ed}X=PXmodn$,由于 $X$ 与 $N$ 互素,我们很容易求得相应的逆元,进而可以得到 $P$

于是先读公钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
λ openssl rsa -pubin -in pubkey.pem -text -modulus
Public-Key: (2048 bit)
Modulus:
    00:a9:a9:60:8d:4b:d1:be:ee:e3:ce:11:51:cc:2d:
    1a:72:b8:76:df:63:e4:9f:70:aa:c8:da:e5:04:f5:
    91:7c:aa:f7:9f:5a:16:ae:5a:0b:8f:c2:e5:59:b6:
    46:8f:b4:9b:64:8d:02:96:6e:a2:30:03:f2:08:d7:
    56:b6:31:11:2d:86:ae:85:5e:04:82:e7:df:db:d5:
    e9:0d:06:d5:6b:58:12:36:db:9a:9b:d5:24:2f:2e:
    ca:82:b5:c2:f9:52:88:50:ad:be:78:b7:d1:83:e2:
    b1:ee:3b:2e:89:f2:45:33:9e:88:04:67:40:a0:d0:
    50:49:f5:76:a3:7a:ca:a9:45:0c:51:c7:7c:f5:b5:
    ba:85:e5:72:39:c2:a0:55:8e:eb:a1:f0:e6:06:7a:
    d3:b9:c6:50:08:7b:6b:35:ea:72:eb:8a:c6:8c:00:
    5d:4a:38:a4:c7:d8:d4:0c:b2:91:59:4a:83:21:ff:
    6c:08:78:81:2a:65:9a:83:59:f7:67:65:cd:55:97:
    15:96:ec:20:1a:30:63:8f:39:c5:23:08:5e:13:c7:
    55:9d:07:22:44:ea:70:df:84:f3:7b:a8:13:19:51:
    76:fc:62:c7:58:63:78:38:3f:5a:52:93:b0:3f:54:
    43:26:5d:f8:e7:50:5f:27:9f:e5:60:6d:36:bc:f1:
    47:f9
Exponent: 65537 (0x10001)
Modulus=A9A9608D4BD1BEEEE3CE1151CC2D1A72B876DF63E49F70AAC8DAE504F5917CAAF79F5A16AE5A0B8FC2E559B6468FB49B648D02966EA23003F208D756B631112D86AE855E0482E7DFDBD5E90D06D56B581236DB9A9BD5242F2ECA82B5C2F9528850ADBE78B7D183E2B1EE3B2E89F245339E88046740A0D05049F576A37ACAA9450C51C77CF5B5BA85E57239C2A0558EEBA1F0E6067AD3B9C650087B6B35EA72EB8AC68C005D4A38A4C7D8D40CB291594A8321FF6C0878812A659A8359F76765CD55971596EC201A30638F39C523085E13C7559D072244EA70DF84F37BA813195176FC62C7586378383F5A5293B03F5443265DF8E7505F279FE5606D36BCF147F9
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqalgjUvRvu7jzhFRzC0a
crh232Pkn3CqyNrlBPWRfKr3n1oWrloLj8LlWbZGj7SbZI0Clm6iMAPyCNdWtjER
LYauhV4Eguff29XpDQbVa1gSNtuam9UkLy7KgrXC+VKIUK2+eLfRg+Kx7jsuifJF
M56IBGdAoNBQSfV2o3rKqUUMUcd89bW6heVyOcKgVY7rofDmBnrTucZQCHtrNepy
64rGjABdSjikx9jUDLKRWUqDIf9sCHiBKmWag1n3Z2XNVZcVluwgGjBjjznFIwhe
E8dVnQciROpw34Tze6gTGVF2/GLHWGN4OD9aUpOwP1RDJl3451BfJ5/lYG02vPFH
+QIDAQAB
-----END PUBLIC KEY-----
 
1
2
3
4
5
6
7
8
9
 
λ python
Python 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> n =0xA9A9608D4BD1BEEEE3CE1151CC2D1A72B876DF63E49F70AAC8DAE504F5917CAAF79F5A16AE5A0B8FC2E559B6468FB49B648D02966EA23003F208D756B631112D86AE855E0482E7DFDBD5E90D06D56B581236DB9A9BD5242F2ECA82B5C2F9528850ADBE78B7D183E2B1EE3B2E89F245339E88046740A0D05049F576A37ACAA9450C51C77CF5B5BA85E57239C2A0558EEBA1F0E6067AD3B9C650087B6B35EA72EB8AC68C005D4A38A4C7D8D40CB291594A8321FF6C0878812A659A8359F76765CD55971596EC201A30638F39C523085E13C7559D072244EA70DF84F37BA813195176FC62C7586378383F5A5293B03F5443265DF8E7505F279FE5606D36BCF147F9
>>> x = 3
>>> c = 0x912fcd40a901aa4b7b60ec37ce6231bb87783b0bf36f824e51fe77e9580ce1adb5cf894410ff87684969795525a63e069ee962182f3ff876904193e5eb2f34b20cfa37ec7ae0e9391bec3e5aa657246bd80276c373798885e5a986649d27b9e04f1adf8e6218f3c805c341cb38092ab771677221f40b72b19c75ad312b6b95eafe2b2a30efe49eb0a5b19a75d0b31849535b717c41748a6edd921142cfa7efe692c9a776bb4ece811afbd5a1bbd82251b76e76088d91ed78bf328c6b608bbfd8cf1bdf388d4dfa4d4e034a54677a16e16521f7d0213a3500e91d6ad4ac294c7a01995e1128a5ac68bfc26304e13c60a6622c1bb6b54b57c8dcfa7651b81576fc
>>> d = pow(x,0x10001,n)*c%n
>>> hex(d)
'0x5eff6db089a86b058bbfd34f01cbe256fc9cc5b18c0999bd215048f8ca3de6f3250191417e502ea15aac5c7cf167c9be60944361163b13b96b1262dfc4bcbd695a61dcedd74192d9bfc5c0b9c8399cba3f6e6fc9f4adaf6d65b0594c696a32ab53913c06be6de9ee68b030b0aaef65bec0cbec7ad2439057cf30f7cd083138f98be11e93e54168acbc4bacb6b87b0a4a3d84e761f58e7605a0ae01b72c1344e96d7c5401be91bbe78a3527672c073c4c355ee340a1d2ea5d178c31c40561bccfb9ef47e0c984bd8227a187f492489b0292b506edf992950c009b59d2093b43f5601affa6b5b0b39a4b848c654ad242c55e62b358c03d91f889e7ab5e5d7e7f02'

提到网站去,得到1395d5d50ae8d8e24572a393c628b3c4b335a30298b305d396e8b2a388e302d602a245d3c4e4a8e335990a88e5a302a5a30478de8244b36305690938b512d32

求$3^{-1}modn$,最后计算得到明文0x687474703a2f2f6172636869762e696e667365632e6574687a2e63682f656475636174696f6e2f667330382f73656373656d2f4d616e67657230312e706466

AES-CTR with Nonce Reuse

就是Two-Time-Pad攻击咯

Bad Entropy

就是爆破咯

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
from hashlib import md5
from Crypto.Cipher import AES
import binascii
c = binascii.unhexlify("a99210d796a1e37503febf65c329c1b2")
print(c)

i = 1453651200
while i <= 1454169600:
    s = md5(str(i).encode()).hexdigest()
    s = binascii.unhexlify(s)
    cipher = AES.new(s, AES.MODE_ECB)
    try:
        cipher.decrypt(c).decode('ascii')
        print(cipher.decrypt(c))
        a = input()
        if int(a) == 0:
            print(i)
            break
    except:
        pass
    i += 1

爆破成功,密钥时间是1453862488

Rainbow Table Hash Chain

直觉告诉我hashcat可解

Elliptic Curve Private Key Recovery

貌似是公钥选得腊鸡?但是我需要复(yu)习一下ECC

ECDSA Nonce Recovery

同上

Double Strength Affine

直觉告诉我,暴力依然可以解

Slightly harder passwords

Twitter上有hint,直觉告诉我说hashcat可以解决

Upgraded Affine

这个的CBC需要考虑一下子了

Fvtavat Xrl Erpbirel

印象里是RSA,慢慢来把

Insufficient Key Size

这题这么水还放这么后面……yafu/factordb秒解好吧

都懒得写WP了……看到这里还不会的可以退群了(明示【误

Håstad's Broadcast Attack

RSA广播攻击诶,好嗦

CBC Padding Attack

标题明示,我要慢慢学习去

Breaking PDF Passwords

Vigenère + Rail Fence

手动一个个试,然后得到密钥是21,trader

Recover the secret phone number

这题还是比较有意思的

首先很明显是一个base64

1
2
3
4
5
6
7
8
 
λ python
Python 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> a = "H4sIAIq6o1cAAy2QS5OiMBSF9/yaIDrVLnrRQfJS000gAbILhCJAUMryMfrrB6tndRf3u+ecexR2nuLQNxF3eiU7u0IvitWtitimIcLrGEamFGdKxNmUx64hqq+xHyi++jZbd3JSQx1p3/QQBAbLBWCznRDQGbzocuws/ug0VkNz8g8br/fxKO51b8Ei+GwzCOon7JuTevNTHbFhmcBg/woo3t704qCWhM0kT80TurqHvir5rEv6TrpZmNDG7wP1fLNFsQ0p5m9uMsVmpNiDQ3feB4cMXA9ZGAtpWd7DVEl2zOSxy4DSvzuwz6WLLBCikPOhDmdmiB7yEQkhWSwlSqrSwsUUBtnkYF4yYxJdfOPHJc2VaPF2rkox1IPjlVep9VAJoJzuZtJOi8aKsQa7hEdfF0H4VO/4TxbZW6B2ycbsPMyIpy2+Si7/mpzwtUX6zndfoRmT1/4FYROKix05q4mjQvE/sbdeK9cLUN3b0X3LhIWBJLBKw5kuL5CjfDyKUnkl5cYixESCRCrp/n8VKB/TTiIV54nf0eSKit8arnH3+Rn8A9M9NCIXAgAA"
>>> import base64
>>> f = open("file","wb")
>>> f.write(base64.b64decode(a))
429

然后去鉴定去

1
2
3
4
5
 
root@kali:~# binwalk file

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             gzip compressed data, from Unix, last modified: 2016-08-04 21:58:34

接着解压

1
 
root@kali:~# gzip -d file

接着又是很明显的base64,解出来是个公钥

去分解一下,成功了

求得私钥解出号码

Optimal Backpack Allocation

Insecure PRNG

Playfair

CRIMEs against TLS

Bleichenbacher's CCA2 on RSA

Backdoored PRNG

Not So Safe Primes

DSA with LCG nonces

id0-rsa WP合集的更多相关文章

  1. SecureCRT 下载,安装,绝佳配色,实用配置,上传下载配置合集

    SecureCRT 下载,安装,绝佳配色,实用配置,上传下载配置合集 chocoball 发布于 2年前,共有 3 条评论 SecureCRT 是一款支持 SSH2.SSH1.Telnet.Telne ...

  2. SQL Server技术内幕笔记合集

    SQL Server技术内幕笔记合集 发这一篇文章主要是方便大家找到我的笔记入口,方便大家o(∩_∩)o Microsoft SQL Server 6.5 技术内幕 笔记http://www.cnbl ...

  3. 【Android】开发中个人遇到和使用过的值得分享的资源合集

    Android-Classical-OpenSource Android开发中 个人遇到和使用过的值得分享的资源合集 Trinea的OpenProject 强烈推荐的Android 开源项目分类汇总, ...

  4. [Erlang 0122] Erlang Resources 2014年1月~6月资讯合集

    虽然忙,有些事还是要抽时间做; Erlang Resources 小站 2014年1月~6月资讯合集,方便检索.      小站地址: http://site.douban.com/204209/   ...

  5. [Erlang 0114] Erlang Resources 小站 2013年7月~12月资讯合集

    Erlang Resources 小站 2013年7月~12月资讯合集,方便检索.     附 2013上半年盘点: Erlang Resources 小站 2013年1月~6月资讯合集    小站地 ...

  6. SQL用法操作合集

    SQL用法操作合集   一.表的创建 1.创建表 格式: 1 CREATE TABLE 表名 2 (列名 数据类型(宽度)[DEFAULT 表达式][COLUMN CONSTRAINT], 3 ... ...

  7. Python学习路径及练手项目合集

    Python学习路径及练手项目合集 https://zhuanlan.zhihu.com/p/23561159

  8. Lucene搜索方式大合集

    package junit; import java.io.File; import java.io.IOException; import java.text.ParseException; imp ...

  9. [Erlang 0105] Erlang Resources 小站 2013年1月~6月资讯合集

    很多事情要做,一件一件来; Erlang Resources 小站 2013年1月~6月资讯合集,方便检索.      小站地址: http://site.douban.com/204209/     ...

随机推荐

  1. 堆排序算法以及python实现

    堆满足的条件:1,是一颗完全二叉树.2,大根堆:父节点大于各个孩子节点.每个节点都满足这个道理.小根堆同理. parent = (i-1)/2    #i为当前节点 left = 2*i+1 righ ...

  2. 通过编写c语言程序,运行时实现打印另一个程序的源代码和行号

    2017年6月1日程序编写说明: 1.实现行号的打印,实现代码的读取和输出,理解主函数中的参数含义. 2.对fgets函数理解不够 3.对return(1); return 0的含义理解不够 4.未实 ...

  3. kubectl 常用命令一

    1.kubectl logs <options>  <PodName> -f -p, --previous --since= No. --since-time= --tail ...

  4. 有几个水洼(DFS)

    #include <iostream> #include<cstdio> using namespace std; #define maxn 105 char field[ma ...

  5. MySQL--OPTIMIZE TABLE碎片整理

    参考:http://blog.51yip.com/mysql/1222.html BLOB和TEXT值会引起一些性能问题,特别是在执行了大量的删除操作时.删除操作会在数据表中留下很大的空洞,以后填入这 ...

  6. feign声明式客户端

    参考地址: https://blog.csdn.net/qq_30643885/article/details/85341275 Feign是一个声明式的Web服务客户端,使得编写Web服务客户端变得 ...

  7. Windows10配置Jmeter环境

    注:在安装Jmeter之前,请先检查下电脑有没有装JDK:[Win+R]然后输入cmd->进入命令行界面,输入java -version 出现以下信息就是此电脑已安装了JDK.由于jmeter要 ...

  8. 关于UDP通信的参考目录

    1.IP头,TCP头,UDP头,MAC帧头定义 2.深入理解TCP/UDP通信原理 其内部有提到关于wireshark抓包分析工具的使用 3.udp通讯中的connect()和bind()函数 其中有 ...

  9. linux xargs详解

    xargs  [-0prtx] [-E  eof-str] [-e[eof-str]] [--eof[=eof-str]] [--null] [-d delimiter] [--delimiter d ...

  10. 学习ECC及Openssl下ECC生成密钥的部分源代码心得

    一.ECC的简介 椭圆曲线算法可以看作是定义在特殊集合下数的运算,满足一定的规则.椭圆曲线在如下两个域中定义:Fp域和F2m域. Fp域,素数域,p为素数: F2m域:特征为2的有限域,称之为二元域或 ...