2020 | 强网杯 | 强网先锋
bank
解题思路
nc连过去,要求输入三个字符, 其与剩下的随机字符串进行 SHA256 加密的结果等于等号后的随机字符串
| $ nc 39.101.134.52 8005
sha256(XXX+f2DXa00fbrrtXrZAV) == fad0b6f4dc03f907b999f15db8b467b17139189d2cc61f9fc37e213d91d0a2aa
Give me XXX:
|
- 使用 Python 破解
| from hashlib import sha256
import itertools
table = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
for ch in itertools.permutations(table, 3):
m = ''.join(ch) + 'f2DXa00fbrrtXrZAV'
h = sha256(m.encode()).hexdigest()
if (h == 'fad0b6f4dc03f907b999f15db8b467b17139189d2cc61f9fc37e213d91d0a2aa'):
print(m[0:3])
|
- 进入系统后,要求输入名字,随便输一个就可以
| Welcome to the challenge!
give me your name:yanhui
your cash:10
you can choose: transact, view records, provide a record, get flag, hint
|
- 首先选择
get flag查看,提示现金不足
| > get flag
you need pay 1000 for the flag!
don't have enough money!
|
- 查看
hint,给出了transact的加密方式
| def transact_ecb(key, sender, receiver, amount):
aes = AES.new(key, AES.MODE_ECB)
ct = b""
ct += aes.encrypt(sender)
ct += aes.encrypt(receiver)
ct += aes.encrypt(amount)
return ct
|
view records给出的是经过加密的交易记录,provide a record则给出My system is secure if you can give me other records, the receiver can also get the money.- 首要目标是要获得足够的现金,看看交易
| > transact
please give me the trader and the amount(for example:Alice 1)
> Alice 1
16afee8cc0a88bf0478fefe229e68418a9a0627e2da31f1d055e01d7000a3b3a1794bbe06d2ed80b02b1c90ba2c4606f
your cash:9
you can choose: transact, view records, provide a record, get flag, hint
> transact
please give me the trader and the amount(for example:Alice 1)
> Alice 0
16afee8cc0a88bf0478fefe229e68418a9a0627e2da31f1d055e01d7000a3b3ab55eefd708d39ed2b4ce4d561c34e5ec
your cash:9
|
- 输入金额为 \(0\) 的话,交易也可以成功进行!尝试一下负数,看能不能获得现金
| > transact
please give me the trader and the amount(for example:Alice 1)
> Alice -1
dd664379452c6af73b382cc5cd076754c70214708e2c0071ed74906852ecc510f2f0bd5754e02a2b03c635178e0200c5
your cash:11
|
- 发现可以成功增加持有现金,并没有被过滤之类的,获得足够现金之后就可以『购买』Flag 了!【之前还以为要考虑 ECB 加密……】
最后更新:
2020年10月26日 10:36:26