从朋友那里得来的附件,感觉题目有意思,简单复现一下

MISC

简单编码

1、题目信息

0122 061 1101011 0172 0122 0105 061 1011010 0127 0154 0144 0110 0122 1010100 1001110 1000101 0124 110000 064 0172 1010001 060 0144 1011010 0115 1101011 0122 0116 1010100 0153 1110000 1011000 1010010 060 1101100 1100001 0126 0106 1001110 1001110 0127 1101100 0160 1001000 0124 1010100 1001110 0105 1010010 060 065 0123 0126 0105 0144 0132 1001101 060 1010010 1001000 1010100 1010110 1110000 1011010 1010010 110000 110000 0172 1010010 0105 061 1001110 1010101 1101100 0122 1001000 0122 1010110 1110000 0125 0121 060 065 0123 1010110 1010101 1100100 1001110 1010111 0125 1010010 0110 0124 1101100 0112 0130 0122 061 0154 0141 1010110 0105 1010110 1001111 1010101 1101100 1010110 0110 0127 1010100 1001010 1000101 1010100 1010101 110001 1010011 0126 060 1100100 1010110 1001101 060 1010010 0110 0124 0126 0160 0141 0122 060 061 0141 1010110 1000101 061 1001111 1010011 0154 0122 1001000 0126 1010100 1001110 0105 1010010 110000 110001 1100001 0126 110000 1100100 0132 1010111 0126 1010010 1001000 0124 0154 1001010 1011001 1010100 0126 0105 071 0120 0124 060 111001 0120 1010100 110000 111101

2、解题方法

考察二进制和八进制转换

首先写个脚本把数据转化为字符串便于使用

data_str = "0122 061 1101011 0172 0122 0105 061 1011010 0127 0154 0144 0110 0122 1010100 1001110 1000101 0124 110000 064 0172 1010001 060 0144 1011010 0115 1101011 0122 0116 1010100 0153 1110000 1011000 1010010 060 1101100 1100001 0126 0106 1001110 1001110 0127 1101100 0160 1001000 0124 1010100 1001110 0105 1010010 060 065 0123 0126 0105 0144 0132 1001101 060 1010010 1001000 1010100 1010110 1110000 1011010 1010010 110000 110000 0172 1010010 0105 061 1001110 1010101 1101100 0122 1001000 0122 1010110 1110000 0125 0121 060 065 0123 1010110 1010101 1100100 1001110 1010111 0125 1010010 0110 0124 1101100 0112 0130 0122 061 0154 0141 1010110 0105 1010110 1001111 1010101 1101100 1010110 0110 0127 1010100 1001010 1000101 1010100 1010101 110001 1010011 0126 060 1100100 1010110 1001101 060 1010010 0110 0124 0126 0160 0141 0122 060 061 0141 1010110 1000101 061 1001111 1010011 0154 0122 1001000 0126 1010100 1001110 0105 1010010 110000 110001 1100001 0126 110000 1100100 0132 1010111 0126 1010010 1001000 0124 0154 1001010 1011001 1010100 0126 0105 071 0120 0124 060 111001 0120 1010100 110000 111101"

# 使用split()函数将字符串拆分为单个的数字

data_list = data_str.split()  

# 使用map()函数将每个数字转化为字符串,并在每个数字的外边加上引号

data_list = list(map(str, data_list))  

print(data_list)

然后进行转化

exp:

list = ['0122', '061', '1101011', '0172', '0122', '0105', '061', '1011010', '0127', '0154', '0144', '0110', '0122', '1010100', '1001110', '1000101', '0124', '110000', '064', '0172', '1010001', '060', '0144', '1011010', '0115', '1101011', '0122', '0116', '1010100', '0153', '1110000', '1011000', '1010010', '060', '1101100', '1100001', '0126', '0106', '1001110', '1001110', '0127', '1101100', '0160', '1001000', '0124', '1010100', '1001110', '0105', '1010010', '060', '065', '0123', '0126', '0105', '0144', '0132', '1001101', '060', '1010010', '1001000', '1010100', '1010110', '1110000', '1011010', '1010010', '110000', '110000', '0172', '1010010', '0105', '061', '1001110', '1010101', '1101100', '0122', '1001000', '0122', '1010110', '1110000', '0125', '0121', '060', '065', '0123', '1010110', '1010101', '1100100', '1001110', '1010111', '0125', '1010010', '0110', '0124', '1101100', '0112', '0130', '0122', '061', '0154', '0141',

'1010110', '0105', '1010110', '1001111', '1010101', '1101100', '1010110', '0110', '0127', '1010100', '1001010', '1000101', '1010100', '1010101', '110001', '1010011', '0126', '060', '1100100', '1010110', '1001101', '060', '1010010', '0110', '0124', '0126', '0160', '0141', '0122', '060', '061', '0141', '1010110', '1000101', '061', '1001111', '1010011', '0154', '0122', '1001000', '0126', '1010100', '1001110', '0105', '1010010', '110000', '110001', '1100001', '0126', '110000', '1100100', '0132', '1010111', '0126', '1010010', '1001000', '0124', '0154', '1001010', '1011001', '1010100', '0126', '0105', '071', '0120', '0124', '060', '111001', '0120', '1010100', '110000', '111101']

b = "234567"

flag = ""

for i in list:

    s = str(i)

    for j in s:

        if j in b:

            back = False

            break

    if back == False:

        tmp = int(i,8)

    else:

        tmp = int(i,2)

        if tmp < 32 or tmp > 127:

            tmp = int(i,8)

    flag = flag + "" + chr(tmp)

    back = True

print(flag)

得到

R1kzRE1ZWldHRTNET04zQ0dZMkRNTkpXR0laVFNNWlpHTTNER05SVEdZM0RHTVpZR00zRE1NUlRHRVpUQ05SVUdNWURHTlJXR1laVEVOUlVHWTJETU1SV0dVM0RHTVpaR01aVE1OSlRHVTNER01aV0dZWVRHTlJYTVE9PT09PT0=

Cyber解即可

神秘的base

1、题目信息

EvAzEwo6E9RO4qSAHq42E9KvEv5zHDt34GtdHGJaHD7NHG42bwd=

神奇密码:

xbQTZqjN8ERuwlzVfUIrPkeHd******LK697o2pSsGD+ncgm3CBh/Xy1MF4JAWta

2、解题方法

Base64换表爆破

exp:

import base64

import string

import itertools

string1 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'  #标准base64编码表

strings = "ivOY50"

all_colors = (itertools.permutations(strings, 6))

for i in all_colors:

    tmp = ''.join(i)

    string2 = f'xbQTZqjN8ERuwlzVfUIrPkeHd{tmp}LK697o2pSsGD+ncgm3CBh/Xy1MF4JAWta'  # 换表后base64编码表

    encode = 'EvAzEwo6E9RO4qSAHq42E9KvEv5zHDt34GtdHGJaHD7NHG42bwd='

    decode = base64.b64decode(encode.translate(str.maketrans(string1, string2)))

    if 'flag{' in str(decode) and '}' in str(decode):

        print(decode)

#flag{8ee3021432edffaa57527461952e632c}

签到

直接控制台运行

let r = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+=";

let cars = [25, 38, 49, 33, 25, 55, 45, 37, 12, 22, 24, 50, 12, 51, 24, 51, 13, 3, 16, 52, 13, 38, 25, 38, 13, 54, 4, 52, 13, 19, 20, 55, 12, 38, 8, 51, 12, 38, 16, 49, 14, 22, 8, 54, 13, 35, 37, 33, 12, 55, 52, 63];

let ff = "";

for (var iii = 0; iii < cars.length; iii++) {

ff = ff + r[cars[iii]];

}

/*this is flag*/

console.log(ff)

Stego

莫生气

1、题目信息

一张jpg图片

2、解题方法

010分析,发现尾部藏有png图片,但缺少头部消息

提取出来,补全头部

我们可以看到图片与原始一样,因此想到盲水印

B神工具一把梭,添加图片执行即可。

数独

1、题目信息

2、解题方法

先补全数独

#sage跑

n = 4

c = [0,0,0,0,

     2,0,0,0,

     0,0,1,0,

     0,4,0,3]

m = matrix(ZZ,n,c)

print(sudoku(m))

因为是隐写题,还是带密码的,想到LSB

B神工具直接梭,密码就是4132234132141423

flag{7d692a3c795478b16631eb9b43677075}

我应该去爱你

1、题目信息

一个mp3文件

2、解题方法

频谱图

取证

啊吧啊吧的数据包

打开数据包发现

命令的时间盲注,写脚本解决太麻烦,简单处理一下

手算即可

flag{3563bdb1a59309e1a4e93b65152bfbba}

金刚大战哥斯拉

根据题目信息,猜测是哥斯拉流量分析

写个脚本抽取数据包解码

<?php

function encode($D,$K){

    for($i=0;$i<strlen($D);$i++){

        $c = $K[$i+1&15];

        $D[$i] = $D[$i]^$c;

    }

    return $D;

}

$pass='DASCTF';

$payloadName='payload';

$key='9c2ffaf6a14493bf';

$data = 'fLluZmFmNmExNJEhWBG1b1XhCY%2BtGO2uCp6t3zK69FxYTKJQssNT1y5Cf45Hu3u%2Fivq08xw%2FbzMVDb2iVURKKXEgFjxjZzQ6kQjmUHpg8t9m09mKOdTLyE5V%2B%2Bzw83kQjtK%2Bl9yBKvzGCdNluDokRoC4jvtek8KVLXnlU3K366szlCn4XS%2BxolAu%2FzspbXO1wRZkj15en%2BXvDcX%2BrfySQnxMFJKl2bgedSVozzyNwPBUFxcUX3V2E%2FGyFHezDWxnihBUXutJRvu%2FuHjZwHGhu%2BpybShnSwTgYLjybXZRZC3M%2BmD04BA6ancVF5lirsWZ3gsqB3h9rvKzDvtwG3FoCM6ObODAYOcpOLtSO8xuGMciws40NV81hhXQV7ViZG9At06ypufihH4bSJ0xy1aL1T6WCPL6fcRbCaVn%2F7BYmCuoy3LzMlI3CHA0OXbds4Itwg7X0dQnKp7eiJKtV0MjJAMqAN50O9LVDaJnbQg%2Bgz2iJLLoMSCnR3v%2BbLMZAid5ESm8JoIgZk5BNpVZ5xOdquNNWFz%2BpLOR9W%2Fe%2BhjwxCiwdtfdaQj0QiC18L6TbTSMhl2qQWqZrd97KZDOI4gJ6ar1QWIgDk3D%2BO5oRFYMWRthsKfGFB38Hcn%2BqMDyOLrLqBFJXaw0Yv1YQaHyn9ycRJ7DEoWfsdCyOuH5HtW4MNp2Y72ptdqCI4RHgZryK142ucH2BCmN0oxVZr4zcMISfKEwXmyzwrX27r%2BZoYUqTwN%2FJ2NCE1%2FWNgPkChD08LLZKbS0dzIlZ3xFL2h7kbP%2FOHn8ceocxTV3q%2F%2BPjOrpsORuwQOj6pMoYB%2FSD5rUGN0KGeerrZQhUaw2u5%2FiZMj9rnlFiF3gyOtb3mTLt%2FN09poaFr9TidOFisTtU%2FnryDLT2GnIfIveQwKcwliQhVGLvWiEgIweDe3OmDeFYT8U68LU09%2BMrxGD2lYdh4tlvx9h2IttzPAc3yZna5tP%2BiZJJruPGgY40GVc9p%2Fw1%2Bixk%2F68RoLtOscCL%2FERCXz22P8xWmk9utDwSA8dyeCgj3hBQsr24nSbWJFu0%2FOSM5dOK00yD%2F8GE4fyxQ7U0IVVZ1rjdccA44j0Tt7ArMzs4d1a6k3SK2GiKM2X3dqqysh9oJ96r2iJA2R0jHvYwbKTSSLyhDT%2BpZc5Hl%2Fp6e6L5wTKuRZnhKxIDqpzpw%2BwQe6pVq0BuI5FoXQ%2F3mPydT2nkEjcLnLaxBDoVQSUd6Ba92MYcesUpZ13yAAgi%2F79ZKgithRVuwhrTCtNXAp5j6p7%2BBJdzJGV%2Bl2s33UnBjVeKqrAUATX9yY7NIql2E4SOWp4loycxh2nwR3Qe9Zi%2BKBaSmBHVy5liSgUFGOlmsWgM%2FstzXc%2F9SNQyUXALbOxa7s17A%2BDOkgUGLIBM7M6Va0Aa8A2xTnyr0SHwyQpUjE5E1x1t24X4MSADqqMIkQSEHPkgttSbALFUOd32Gko8djwakoi7rmXWAEKojSlDZffyPLwMJQjI%2B5%2FiXFfSasJP1zCbr5nl%2FKFBcomDDFy8gnLMG2zwvLRIrfDquVIhlTgF6Giq4JqWmI9ZSJG8ATh2y%2F9uXExyhdQ33b4O%2B4a9OJv%2F1MWz%2BYQqCLu9DhObYTQQThBtUcxAyF3hOD9B1Q0DWQNPu7UDMuLX57ThBw8CulWsahG7QBGOamGf23KVji%2FaQdKeXYGQohkA1oN%2FSOleQWuIJvSk1KrBDtQRU6AWG6WNqnl33Z%2B0cgBYUcg8noLHMByMkRefpLMqm%2BGH2zrdGpNgEcaCzk5ulYd9pHMdiYDfTp3sFjdsR%2FxplFSP4VfnbWpF7WsiT7WGZoPXtv%2F4gWI60ftEnJ1peYtXUlLDuv2tYt2wmpafCClt1Y0tfB51iBFGhUy7Bw%2FdbjtVxZJHB8FvsEzEGj5BWp45LAGFxpOUsKuUVdioTfyjp01%2F%2FIAsu%2FUG%2FxSpHdfR5TlGRLw0WNef7CnYxLURPTbp0ZF9MglFQGkN58Iq7RR4EFt4s4fP32AmuTUgyz7WNgqv0nswP0mPzMHiZwxBSIZTitjQ5QYbd1BlOX1cAM0TZRE2bOiDQnPjhvEC3jEp9L3ktZ1A%2BVcuXnAhInoy4Dq1%2F0%2FO5KITcyi0NR1ftNMsjzMwUZETqEcCyxr1d23lSNBEFTf4A4FJaCIfcvD0tbHoceynhSdHkRJBiUu8DULyBdcTeFFRq9jA3jwpjrbBmvYfvSBoNqYKbbPq2tErzqOA2fiPYHJkMiAPVsamUIDG4%2FzMD4SqKu6Uoj836CsY%2Fz7znvX5zh6LzB7vPoL8QUGmEd5E0SXk4vKieQkHX4vlQM%2FToQKpQRkdaMrOIs0LQFIp0D4vvEhdwJ7eK%2FmClCgCOPEpU%2F3zJhVfIZfUHgDrkUK4HOfT4piF4STR7SZCleaGDwHUkYRiLWNGrEiiNqwNPJhQ63gStGcBVIYFk%2B3F1neK32xH506xzsqjhFJnDHAbMPC47x6hXmMsm%2BTMBQNfgYyzmDyxERG3o9IuLB%2B3vzTJfaLv9bZ4aNTef%2BMwQDLojDSIiEK%2FDvw%2BuOHt5%2Fwk7cNiXWBhKCjULlR8Daukh7MFlCklEs3srvkifaW4VbF85SckpUhIjOTVTYZ4EgK1VYQ%2BK52O7kKt%2BT2kOkLDDE5JiDXApezQtbnw5yPM8WDh5c1DTaRqLsWxUTPWtVlcbzyge5D4VYWXJ0ICPpVfbeEQXutk0tMKBfY0q20%2Bo8CD6oHnm3wy5ELMeLsmXrspAmhwk2wr8d64CHizraARwvNAAX71VCPIUukAvgtEBblKi9EsFr4Or6s%2Fz1RtnxlaufSdlTCCwWTAe%2FeBK%2FKdehF4gIQ91hCWyrI6jJchH%2F5VA0sXxqVe1sBsZulTMJJJo3VZsFutboAetPCdcmEzqqIYUEuSuJf%2F5tXJm5hujq6EJ6rZbBXqnCeLDVWyhhZvy4kL9jKcF2Hp9ItvRBHP6hI%2FAEzBH%2B89XwS07WJsmlYkiQmHDYavnLbbm8sEAbGwbxCbTUJU7qKgTZff%2BWEBuQ%2BTg4mRab4%2B8SpRklCHU3QCeS1nIHPuJrdyOwMMGQ%2B%2BWEG0hDsiReJbkcG9f9mORbZpLegR5HDbiT0oYJG6GcvKxTNS6voIrE94nva0%2FeQvEgokgbBQQQoejcj1h7oStaWk5OdeWhBJaAgnFmtfGW6lyA0OQ%3D%3D';

echo base64_encode(gzdecode(encode(base64_decode(urldecode($data)),$key)));

得到

ZmlsZU5hbWUCHgAAAEM6L3BocHN0dWR5L1dXVy8xMTEvaW5kZXguaHRtbGZpbGVWYWx1ZQJUFAAAPCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8bWV0YSBjaGFyc2V0PSJVVEYtOCI+DQogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPg0KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iaWU9ZWRnZSI+DQogICAgPHRpdGxlPkRvY3VtZW50PC90aXRsZT4NCiAgICA8c3R5bGU+DQogICAgICAgICp7Ym94LXNpemluZzogYm9yZGVyLWJveDt9DQogICAgICAgIGJvZHl7DQogICAgICAgICAgICBiYWNrZ3JvdW5kOiAjMDAwOw0KICAgICAgICAgICAgbWFyZ2luOiAwOw0KICAgICAgICAgICAgcGFkZGluZzogMDsNCiAgICAgICAgICAgIG92ZXJmbG93OiBoaWRkZW47DQogICAgICAgICAgICB0ZXh0LXNoYWRvdzogMHB4IDBweCA4MHB4Ow0KICAgICAgICB9DQogICAgICAgIGgxew0KICAgICAgICAgICAgbWFyZ2luOiAwOw0KICAgICAgICAgICAgcGFkZGluZzogMDsNCiAgICAgICAgICAgIGNvbG9yOiAjMGZmOw0KICAgICAgICB9DQogICAgICAgIGF7Y29sb3I6ICNmZmY7fQ0KICAgICAgICAvKiDnm5LlrZDihpMgKi8NCiAgICAgICAgcHsNCiAgICAgICAgICAgIG1hcmdpbjogMDsNCiAgICAgICAgfQ0KICAgICAgICAuYm94ew0KICAgICAgICAgICAgLyog55uS5a2Q5a695bqm4oaTIC0tLeacgOWlveWIq+aUuSovDQogICAgICAgICAgICB3aWR0aDogNzAwcHg7DQogICAgICAgICAgICAvKiDorqnop4bpopHlsYXkuK3lr7npvZDihpMtLS3mnIDlpb3liKvliqggKi8NCiAgICAgICAgICAgIHRleHQtYWxpZ246IGNlbnRlcjsNCiAgICAgICAgICAgIC8qIGJvcmRlcjogMXB4IHNvbGlkICNmMDA7ICovDQogICAgICAgICAgICBjb2xvcjogI2ZmZjsNCiAgICAgICAgICAgIA0KICAgICAgICAgICAgcG9zaXRpb246IGFic29sdXRlOw0KICAgICAgICAgICAgbWFyZ2luOiAyMHB4IGF1dG8gMDsNCiAgICAgICAgICAgIHRvcDogMjBweDsNCiAgICAgICAgICAgIGxlZnQ6IDA7DQogICAgICAgICAgICByaWdodDogMDsNCiAgICAgICAgfQ0KICAgICAgICAvKiDlm77niYfmoLflvI/ihpMgKi8NCg0KICAgICAgICBpbWd7DQogICAgICAgICAgICAvKiDop4bpopHlrr3luqbihpMgLS0t5pyA5aW95LiN6KaB5aSn5LqO5LiK6Z2i55uS5a2Q55qE5a695bqmKi8NCiAgICAgICAgICAgIHdpZHRoOiA3MDBweDsNCiAgICAgICAgICAgIGhlaWdodDogMzkwcHg7DQogICAgICAgICAgICAvKiDngbDoibLnmoTmj4/ovrnihpMgLS0tcHjmmK/nspfnu4Ygc29saWTmmK/lrp7nur8gIzU1NeaYr+minOiJsuS7o+eggSDlj6/ku6Xnmb7luqZodG1s6aKc6Imy5Luj56CB5L+u5pS5Ki8NCiAgICAgICAgICAgIGJvcmRlcjogMnB4IHNvbGlkICMyMjI7DQogICAgICAgICAgICAvKiDlm77niYfnmoTlnIbop5IgKi8NCiAgICAgICAgICAgIGJvcmRlci1yYWRpdXM6IDVweDsNCiAgICAgICAgICAgIC8qIOWKqOeUu+aXtumXtCAqLw0KICAgICAgICAgICAgdHJhbnNpdGlvbjogMC44czsNCiAgICAgICAgfQ0KICAgICAgICAuaW1nMjpob3Zlcntib3JkZXI6IDJweCBzb2xpZCAjOTgwYjE4fQ0KDQogICAgICAgIC5ib3g+ZGl2ew0KICAgICAgICAgICAgcGFkZGluZzogMjBweDsNCiAgICAgICAgICAgIC8qIGJvcmRlcjogMXB4IHNvbGlkICNmMDA7ICovDQogICAgICAgIH0NCiAgICAgICAgLnN6ansNCiAgICAgICAgICAgIHBvc2l0aW9uOiBhYnNvbHV0ZTsNCiAgICAgICAgICAgIHRvcDogMDsNCiAgICAgICAgICAgIGxlZnQ6IDA7DQogICAgICAgICAgICBjb2xvcjogI2ZmZjsNCiAgICAgICAgICAgIHBhZGRpbmc6IDVweDsNCiAgICAgICAgICAgIGJvcmRlcjogMXB4IHNvbGlkICNlZWU7DQogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMCwwLDAsMC43KQ0KICAgICAgICB9DQogICAgICAgIC55bHsNCiAgICAgICAgICAgIGRpc3BsYXk6IGlubGluZTsNCiAgICAgICAgICAgIGJvcmRlci1ib3R0b206MXB4IGRvdHRlZCAjMGZmOw0KICAgICAgICB9DQogICAgICAgIC55bCBhew0KICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOw0KICAgICAgICAgICAgY29sb3I6I2M2ZDQ5MTsNCiAgICAgICAgICAgIA0KICAgICAgICB9DQogICAgICAgIC55bCBzcGFuew0KICAgICAgICAgICAgbWFyZ2luLXJpZ2h0OiA4cHg7DQogICAgICAgIH0NCiAgICA8L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHk+DQogICAgPGNhbnZhcyBpZD0iY2FudmFzIj48L2NhbnZhcz4NCiAgICA8ZGl2IGNsYXNzPSJib3giPg0KICAgICAgICA8IS0tIOWbvueJh+mDqOWIhiAtLT4NCiAgICAgICAgPGltZyBjbGFzcz0iaW1nMiIgc3JjPSJodHRwczovL3RpbWdzYS5iYWlkdS5jb20vdGltZz9pbWFnZSZxdWFsaXR5PTgwJnNpemU9Yjk5OTlfMTAwMDAmc2VjPTE1Njg2NDE0NzImZGk9OWRiYWNiNzVjZjI0NWQwZWI1N2U3NTdlMGQyMjQ3ZjcmaW1ndHlwZT1qcGcmZXI9MSZzcmM9aHR0cCUzQSUyRiUyRmltZzEuZG91YmFuaW8uY29tJTJGdmlldyUyRnBob3RvJTJGbCUyRnB1YmxpYyUyRnAyMjkwMDU5MTU3LmpwZyIgYWx0PSIiPg0KICAgICAgICA8ZGl2IGNsYXNzPSJ0ZXh0Ij4NCiAgICAgICAgICAgIDxoMT7mn5Dmn5Dlronlhajnu4Q8L2gxPg0KDQogICAgICAgICAgICA8YnI+DQoNCiAgICAgICAgICAgIDxzcGFuIHN0eWxlPSJjb2xvcjogIzBmMCI+5a6Y5pa5Uee+pO+8mjwvc3Bhbj48c3Bhbj48YSB0YXJnZXQ9InZpZXdfd2luZG93IiBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj4xMjM0NTY8L2E+PC9zcGFuPg0KPGJyPjxicj4NCg0KICAgICAgICAgICAgPHAgY2xhc3M9Imdsb3ciIHN0eWxlPSJjb2xvcjogI2YwMDsgZm9udC1zaXplOjIxcHg7Ij7lj4vmg4Xmo4DmtYvvvIzor7flj4rml7bkv67lpI08L3A+DQogICAgICAgICAgICA8cCBjbGFzcz0iZ2xvdyIgc3R5bGU9ImNvbG9yOiAjZjAwOyBmb250LXNpemU6MTBweDsiPuaIluiBlOezu+acrOS6uuS/ruWkjTwvcD4NCiAgICAgICAgICAgIDxicj4NCiAgICAgICAgICAgIDxzcGFuIHN0eWxlPSJjb2xvcjogIzNlZTVkZiI+5p+Q5p+Q5p+QUXHvvJo8L3NwYW4+PHNwYW4+PGEgIHN0eWxlPSJjb2xvcjogI2U1NzQzZTsiIHRhcmdldD0idmlld193aW5kb3ciIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZ1aW49Mjc2ODc3Njg5NSZzaXRlPXFxJm1lbnU9eWVzIj5mbGFnezIyN2FkMjQyZmM4MDEzYzhmZThmZjhmNDY3OTMzN2U0fTwvYT48L3NwYW4+DQogICAgICAgICAgICA8YnI+PGJyPg0KICAgICAgICAgICAgPFAgY2xhc3M9Imdsb3ciPuWuieWFqOS5i+i3r++8jOawuOS4jeWmpeWNjzwvUD4NCjxicj48YnI+PGJyPjxicj4NCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InlsIj48c3BhbiBzdHlsZT0iY29sb3I6ICNmMGYiPuWPi+aDhemTvuaOpe+8mjwvc3Bhbj48c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj7mn5DnvZHnq5k8L2E+PC9zcGFuPiA8c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj7mn5DnvZHnq5k8L2E+PC9zcGFuPjxzcGFuPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmJhaWR1LmNvbS8iPuafkOe9keermTwvYT48L3NwYW4+PC9kaXY+DQoNCiAgICAgICAgPC9kaXY+DQogICAgPC9kaXY+DQogICAgPGRpdiBjbGFzcz0ic3pqIj4NCjxwcmU+DQogIOWFpeS+teS4ieWtl+e7jw0KDQrov5vosLfmrYwg5om+5rOo5YWlDQoNCuayoeazqOWFpSDlsLHml4Hms6gNCg0K5rKh5peB5rOoIOeUqE9kYXkNCg0K5rKhT2RheSDnjJznm67lvZUNCg0K5rKh55uu5b2VIOWwseWXheaOog0KDQrniIbotKbmiLcg5om+5ZCO5Y+wDQoNCuS8oOWwj+mprCDmlL7lpKfpqawNCg0K5ou/5p2D6ZmQIOaMgumhtemdog0KDQo8L3ByZT4NCg0KICAgIA0KDQoNCiAgICA8IS0tIOmfs+S5kOmDqOWIhiAtLT4NCiAgICA8ZW1iZWQgaGVpZ2h0PSIwIiB3aWR0aD0iMCIgc3JjPSJodHRwczovL211c2ljLjE2My5jb20vb3V0Y2hhaW4vcGxheWVyP3R5cGU9MiZpZD0yOTQwMDkyNiZhdXRvPTEmaGVpZ2h0PTY2Ij48L2VtYmVkPg0KDQogICAgDQoNCg0KICAgIDwhLS0g5Lul5LiLanMgLS0+DQoNCg0KICAgIDxzY3JpcHQ+DQogICAgdmFyIGNhbnZhcyA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjYW52YXMnKTsNCgkJdmFyIGN0eCA9IGNhbnZhcy5nZXRDb250ZXh0KCcyZCcpOw0KDQoNCgkJY2FudmFzLmhlaWdodCA9IHdpbmRvdy5pbm5lckhlaWdodDsNCgkJY2FudmFzLndpZHRoID0gd2luZG93LmlubmVyV2lkdGg7DQogICAgICAgIC8vIOS4i+mdoueahOmbt+WGm+WwseaYr+S7o+eggembqOeahOaWh+Wtlw0KCQl2YXIgdGV4dHMgPSAn6Zu35YabJy5zcGxpdCgnJyk7DQoNCgkJdmFyIGZvbnRTaXplID0gMTY7DQoJCXZhciBjb2x1bW5zID0gY2FudmFzLndpZHRoL2ZvbnRTaXplOw0KCQkvLyDnlKjkuo7orqHnrpfovpPlh7rmloflrZfml7blnZDmoIfvvIzmiYDku6Xplb/luqbljbPkuLrliJfmlbANCgkJdmFyIGRyb3BzID0gW107DQoJCS8v5Yid5aeL5YC8DQoJCWZvcih2YXIgeCA9IDA7IHggPCBjb2x1bW5zOyB4Kyspew0KCQkJZHJvcHNbeF0gPSAxOw0KCQl9DQoNCgkJZnVuY3Rpb24gZHJhdygpew0KCQkJLy/orqnog4zmma/pgJDmuJDnlLHpgI/mmI7liLDkuI3pgI/mmI4NCgkJCWN0eC5maWxsU3R5bGUgPSAncmdiYSgwLCAwLCAwLCAwLjA1KSc7DQoJCQljdHguZmlsbFJlY3QoMCwgMCwgY2FudmFzLndpZHRoLCBjYW52YXMuaGVpZ2h0KTsNCgkJCS8v5paH5a2X6aKc6ImyDQoJCQljdHguZmlsbFN0eWxlID0gJyMwRjAnOw0KCQkJY3R4LmZvbnQgPSBmb250U2l6ZSArICdweCBhcmlhbCc7DQoJCQkvL+mAkOihjOi+k+WHuuaWh+Wtlw0KCQkJZm9yKHZhciBpID0gMDsgaSA8IGRyb3BzLmxlbmd0aDsgaSsrKXsNCgkJCQl2YXIgdGV4dCA9IHRleHRzW01hdGguZmxvb3IoTWF0aC5yYW5kb20oKSp0ZXh0cy5sZW5ndGgpXTsNCgkJCQljdHguZmlsbFRleHQodGV4dCwgaSpmb250U2l6ZSwgZHJvcHNbaV0qZm9udFNpemUpOw0KDQoJCQkJaWYoZHJvcHNbaV0qZm9udFNpemUgPiBjYW52YXMuaGVpZ2h0IHx8IE1hdGgucmFuZG9tKCkgPiAwLjk1KXsNCgkJCQkJZHJvcHNbaV0gPSAwOw0KCQkJCX0NCg0KCQkJCWRyb3BzW2ldKys7DQoJCQl9DQoJCX0NCglzZXRJbnRlcnZhbChkcmF3LCAzMyk7DQo8L3NjcmlwdD4NCjwvYm9keT4NCjwvaHRtbD5tZXRob2ROYW1lAgoAAAB1cGxvYWRGaWxl

base64解一下得到flag

小刘的硬盘

R-STUDIO扫描发现被删除掉的flag.zip,恢复一下

但是压缩的时候有密码,给了提示。太好了

属于是掩码爆破

flag{8ddeed0126f2523ae14a8a492528c9a0}

CRYPTO

小试牛刀

1、题目信息

ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97

2、解题方法

变异凯撒

exp:

from Crypto.Util.number import *

c=b'ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97'

a=3

flag=''

for i in c:

    flag+=chr(i-a)

    a+=1

print(flag)

#flag{CaSer_1s_VerY_E4sY}

easyRSA

1、题目信息

from Crypto.Util.number import getPrime,bytes_to_long

from random import randint

from gmpy2 import *

m = bytes_to_long(b'flag{xxxxxxxxxxxxxxxxxxxxxx}')

xxxxxxxxxx

p=getPrime(1024)

q=getPrime(1024)

n = p*q

e = 65537

c = pow(m,e,n)

p_2=((p>>128)<<128)

Result = []

Divisor = []

for i in range(12):

    Divisor.append(getPrime(128))

for i in range(12):

    Result.append(p_2%Divisor[i])

print(c,n,Divisor,Result)

'''

output:

16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

[205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]

[108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]

'''

2、解题方法

中国剩余定理+coppersmith

先通过CRT求出p_2

from Crypto.Util.number import *

from gmpy2 import *

from functools import reduce

c=16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

Divisor=[205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]

Result=[108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]

def basic_CRT(ai,mi):

    assert reduce(gmpy2.gcd,mi) == 1

    assert len(ai) == len(mi)

    N = reduce(lambda x,y:x * y,mi)

    ans = 0

    for a,m in zip(ai,mi):

        t = N // m

        ans += a * t * gmpy2.invert(t,m)

    return ans % N,N

result = basic_CRT(Result,Divisor)

print(result)
(mpz(157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112), 115343256339804438488541860602807499768350592243111732022419431132087583829952557330993478731619075521301706171847716910739807488266701790937805652553244788024534230754162298101105496772540567818850570512144853594488579606954797182360716688344137783051055690460297099575344944650143959946929880492674974780957995559861235099499367407389543136733028684627735422306472504011232051138891022767098404805311381687759832357323075065923241564165806258181141497530683119)

然后再梭coppersmith

p_high=157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

PR.<x> = PolynomialRing(Zmod(n))

f = x + p_high

roots = f.small_roots(X=2^128, beta=0.4)

if roots:

    p = p_high+int(roots[0])

    print("n="+str(n))

    print("p="+str(p))

    print("q="+str(n//p))

#n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

#p = 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117

#q = 146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

最后正常解就行

import gmpy2

from Crypto.Util.number import long_to_bytes

c=16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

p=157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117

q=146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

e=65537

phi = (p-1) * (q-1)

n = p * q

d = gmpy2.invert(e, phi)

m = pow(c, d, n)

print(':',long_to_bytes(m))

#: b'flag{2233747d3bf06f070048e80300dac75f}'

RE

人生模拟

找到加密逻辑后,跟着跑一遍就行

exp:

v15=[0]*38

v15[0] = 432;

v15[1] = 408;

v15[2] = 429;

v15[3] = 438;

v15[4] = 452;

v15[5] = 246;

v15[6] = 243;

v15[7] = 417;

v15[8] = 423;

v15[9] = 444;

v15[10] = 240;

v15[11] = 231;

v15[12] = 203;

v15[13] = 447;

v15[14] = 207;

v15[15] = 435;

v15[16] = 253;

v15[17] = 224;

v15[18] = 204;

v15[19] = 443;

v15[20] = 419;

v15[21] = 248;

v15[22] = 442;

v15[23] = 241;

v15[24] = 203;

v15[25] = 251;

v15[26] = 445;

v15[27] = 239;

v15[28] = 441;

v15[29] = 254;

v15[30] = 417;

v15[31] = 246;

v15[32] = 203;

v15[33] = 245;

v15[34] = 255;

v15[35] = 445;

v15[36] = 248;

v15[37] = 478;

for i in range(len(v15)):

    print(chr((v15[i]>>2)^0xa),end='')

#flag{76bce638e9f529db4d684e1d5b7875e4}

"科来杯"第十届山东省大学生网络安全技能大赛决赛复现WP的更多相关文章

  1. 2019"深思杯"山东省大学生网络安全技能大赛部分wp

    签到 载入OD查看字符串 上下左右 这道题出来的时候真的是一点思路都没有,一直以为是什么编码来着,看了大佬们的 wp 原来是画图 拿大佬的脚本: from PIL import Image im = ...

  2. 2021陕西省大学生网络安全技能大赛 Web ez_checkin

    web ez_checkin 进去看了一会,啥也没找到,直接上dirsearch 扫到一个index.php~,打开看一看,是php审计 <?php error_reporting(0); in ...

  3. 第十届国际用户体验创新大赛携Mockplus走进校园

    今日立夏,万木并秀,生生不息,第十届国际用户体验创新大赛即将拉开序幕.5月5日下午,一场用户体验设计经验分享活动携带众多嘉宾降临成都理工大学,为西南赛区首站赛事宣讲. 本次宣讲活动邀请了华为技术有限公 ...

  4. 蓝桥杯第十届真题B组(2019年)

    2019年第十届蓝桥杯大赛软件类省赛C/C++大学B组# 试题 A:组队# 本题总分:5分[问题描述]作为篮球队教练,你需要从以下名单中选出 1号位至 5号位各一名球员,组成球队的首发阵容.每位球员担 ...

  5. 第十届Mockplus ▪ UXPA用户体验西南赛区决赛成功举行

    九月的重庆,秋意渐浓. 伴随着凉爽的秋风,第十届Mockplus·UXPA国际用户体验创新大赛(UXD Award2018)西南赛区决赛于9月16日下午在四川美术学院-虎溪校区成功举办.来自西南区域各 ...

  6. 第十届山东省acm省赛补题(2)

    http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemCode=4124 L Median Time Limit: 1 Second      ...

  7. 第十届山东省acm省赛补题(1)

    今天第一场个人训练赛的题目有点恐怖啊,我看了半个小时多硬是一道都不会写.我干脆就直接补题去了.... 先补的都是简单题,难题等我这周末慢慢来吧... A Calandar Time Limit: 1 ...

  8. 蓝桥杯第十届C组试题C

    从0开始,从右到左给这些字符串的每一位字母起个名字. 比如:A(1位)A(0位) A(2位)A(1位)A(0位) AA = 27, 可以看成(26 * 1)+ A(1) 因为:字母每经过一个轮回,可就 ...

  9. 第十届山东省赛L题Median(floyd传递闭包)+ poj1975 (昨晚的课程总结错了,什么就出度出度,那应该是叫讨论一个元素与其余的关系)

    Median Time Limit: 1 Second Memory Limit: 65536 KB Recall the definition of the median of elements w ...

  10. 第三届“传智杯”全国大学生IT技能大赛(初赛A组)题解

    留念 C - 志愿者 排序..按照题目规则说的排就可以.wa了两发我太菜了qwq #include<bits/stdc++.h> using namespace std; const in ...

随机推荐

  1. Flex布局常用属性详解

    1. Flex布局与响应式布局 1.1 为什么需要响应式布局? 在电脑PC端,使用浮动,定位同时使用像素px单位就可以完成大部分布局,而且布局完之后不会有大问题,但是到了移动端,移动设备的屏幕尺寸多种 ...

  2. Asp-Net-Core学习笔记:gRPC快速入门

    前言 此前,我在做跨语言调用时,用的是 Facebook 的 Thrift,挺轻量的,还不错. Thrift是一种接口描述语言和二进制通讯协议,它被用来定义和创建跨语言的服务.它被当作一个远程过程调用 ...

  3. 《Among Us》火爆全球,实时语音助力派对游戏开启第二春

    今年在全球"宅经济"的影响下,社交派对类游戏意外的迎来了爆发. 8月份,<糖豆人:终极淘汰赛>突然爆火,创造了首日150万玩家.首周Steam 200万销量.单周Twi ...

  4. pe文件对齐

    PE中规定了三类对齐:数据在内存中的对齐. 数据在文件中的对齐.资源文件资源数据的对齐. 1.内存对齐 由于windows操作系统对内存属性的设置以也为单位,所以通常情况下,节在内存中的对齐单位必须至 ...

  5. Linux 函数: my_func

    # A man and his 'fuctions' ;) # quick use ipmitool cmd to do something ipmi-ip-cmd () { local ip=$1 ...

  6. Linux 命令:grub2-mkconfig

    检索这个命令的,肯定都知道 grub 是 bootloader 程序,用于引导系统启动.配置文件是 grub.conf,现在一般的 grub 版本是grub2. 当机器上安装有多个内核.或者多个操作系 ...

  7. Truncate 和 Delete 的区别与选择

    1)事务和日志 delete   语句执行删除的过程是每次从表中删除一行,并且同时将该行的删除操作作为事务记录在日志中保存以便进行回滚操作. truncate table  则 一次性地从表中删除所有 ...

  8. error: failed to push some refs to 'https://gitee.com/xxxxxxxxx/xxxxxxxt'

    原因是ReadMe文件不在本地中, 此时我们要执行git pull --rebase origin master命令README.md拉到本地, 任何然后执行git push origin maste ...

  9. QPushButton按钮的使用

    1 import sys 2 from PyQt5.QtCore import * 3 from PyQt5.QtGui import * 4 from PyQt5.QtWidgets import ...

  10. 面试再也不怕问ThreadLocal了

    要解决多线程并发问题,常见的手段无非就几种.加锁,如使用synchronized,ReentrantLock,加锁可以限制资源只能被一个线程访问:CAS机制,如AtomicInterger,Atomi ...