文章分类 - 安全
网络安全
摘要:思路: add(0,0x410)->free(0)->add(0,0x410)->show(0)->libc_addr 申请2个chunk:1,2->free(2)->edit(1)->覆盖到2的size位,修改2的fd为____free_hook地址,申请回来直到bins为空->edit(2),f
阅读全文
posted @ 2025-05-01 17:06
lethe311
摘要:int __cdecl main(int argc, const char **argv, const char **envp) { char buf[260]; // [esp+0h] [ebp-108h] BYREF init(); puts("Welcome to PolarD&N_CTF !
阅读全文
posted @ 2025-05-01 15:22
lethe311
摘要:from pwn import * from LibcSearcher import * def conn(): global r,Libc,elf #r = process("./pwn1q") Libc = ELF("./libc.so.6") r = remote("1.95.36.136",
阅读全文
posted @ 2025-05-01 14:39
lethe311
摘要:五千前,有一个小猫妖爱上一个僧人,可是僧人并不能将自己的爱给予给猫妖,僧人知道自己应该普爱众生,放弃自己的儿女情长,小猫妖为了追求僧人,竟然把上仙的七星宝珠偷了过来,想要送给僧人穿佛珠,不料被上仙发现,被抓到并处以极刑,为了救濒临死亡的小妖,僧人竟放下了自己的尊严,双手合十向上仙下跪,并口中吐到:"
阅读全文
posted @ 2025-05-01 13:41
lethe311
摘要:小A使用 RSA 算法生成了一对密钥,公钥为 (e,n)=(17,437)。他将一条消息使用 RSA 加密后得到了密文 c=123。你的任务是解密密文并获取原始消息,flag为原始消息的MD5值。 e = 17 n = 437 c = 123 exp: import sympy import has
阅读全文
posted @ 2025-05-01 13:09
lethe311
摘要:题目 题目描述: Alice选择了两个大素数 p 和 q,计算得到 n = 495917。她选择了一个较大的公钥指数 e = 65537。 Bob得知Alice的公钥 (n, e)后,使用该公钥对一条消息进行了加密,得到了密文 C = 482034927。 请你解密密文 C,并找到原始的消息 M。
阅读全文
posted @ 2025-05-01 12:46
lethe311
摘要:from pwn import * from LibcSearcher import * def conn(): global r,Libc,elf #r = process("./pwn14") Libc = ELF("./libc-2.23.so") r = remote("1.95.36.13
阅读全文
posted @ 2025-05-01 11:31
lethe311
摘要:from pwn import * from LibcSearcher import * def conn(): global r,Libc,elf #r = process("./pwn112") Libc = ELF("./libc-2.23.so") r = remote("1.95.36.1
阅读全文
posted @ 2025-04-30 23:52
lethe311
摘要:from pwn import * from LibcSearcher import * def conn(): global r,libc,elf #r = process("./pwn222") r = remote("1.95.36.136", 2129) #elf = ELF("./pwn1
阅读全文
posted @ 2025-04-30 20:01
lethe311
摘要:from pwn import * def conn(): global r,elf #r = process("./pwn11") r = remote("1.95.36.136", 2078) elf = ELF("./pwn11") def add(x): r.sendlineafter(b"
阅读全文
posted @ 2025-04-30 19:12
lethe311
摘要:题目: 最后flag=(flag1+flag2+flag3) from Crypto.Util.number import * from flag import * n1 = 14824267720565830614198366423536599666692078969408403530258418
阅读全文
posted @ 2025-04-29 23:22
lethe311
摘要:题目: n1= 2036700493361964032903179922677651483706168598166485428530811563290943567072459692012840217209816057654863986409852864481751636566064815298247
阅读全文
posted @ 2025-04-29 22:31
lethe311
摘要:import string flag = "" # digit = string.digits letter = string.ascii_uppercase # print(digit) print(letter) s = "44420122088421088810140108442" s = s
阅读全文
posted @ 2025-04-29 22:17
lethe311
摘要:题目 U2FsdGVkX1+2ohXvVEyY3J2P3xS6K1uQdbmRnTd2cEYaMPNEgl/mZJuM3+KGIh46 ZeKSgkr3IVCY8GhSGWRuh9qocOLTVO9bXHVqTTkXFf6+Pn68lihnaxXfgyyS0mPY X4YLnw8yug8OvjGRV
阅读全文
posted @ 2025-04-29 18:12
lethe311
摘要:先博福特解密,秘钥是bacon 埃特巴什码解密 大写转小写 str = "flag{THISBACONISREALLYDELICIOUS}" print(str.lower()) #flag{thisbaconisreallydelicious}
阅读全文
posted @ 2025-04-29 14:06
lethe311
摘要:题目 🙃💵🌿🎤🚪🌏🐎🥋🚫😆✅😇🦓🙃🌿🎈☀☂❓☀🚪☂👣🎅🚹☂🐍😎😆🚨🌉🌪😂☃🏎💵🎃☃✉❓🤣✖❓🌊€
阅读全文
posted @ 2025-04-29 13:53
lethe311
摘要:from pwn import * def conn(): global r #r = process("./pwn22") r = remote("1.95.36.136", 2050) context(arch="amd64") #r = remote("1.95.36.136", 2120)
阅读全文
posted @ 2025-04-29 13:10
lethe311
摘要:gdb调试:发现在执行r.sendlineafter(b"a:\n",b"520")后,rbp的值就是n+4的地址 from pwn import * from LibcSearcher import * def conn(): global r,libc,elf #r = process("./p
阅读全文
posted @ 2025-04-29 00:48
lethe311
摘要:题目 import libnum import gmpy2 import random from flag import * m = libnum.s2n(flag) n_list = [] c_list = [] q_list = [] p_list = [] for i in range(1,
阅读全文
posted @ 2025-04-28 22:12
lethe311
摘要:题目 assert(len(open('flag.txt', 'rb').read()) <= 50) assert(str(int.from_bytes(open('flag.txt', 'rb').read(), byteorder='big') << 10000).endswith('1673
阅读全文
posted @ 2025-04-28 20:45
lethe311
浙公网安备 33010602011771号