Uncategorized
1.6k words
axb_2019_fmt32 Involved Knowledge format string Checksec Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) Program Hello,I am a computer Repeater updated. After a lot of machine learning,I know that the essence of man is a reread machine! So I'll answer whatever you say! Please tell me:123 Repeater:123 Analyze main int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { char s[257]; // ...
Uncategorized
110 words
Description 今天做题的时候遇到一个$n = p^2*q$这么一个情况的题,记录一下 Attack 简而言之,我们只需要注意是针对$n = p^2q$的情况,$\phi_n=p(p-1)*(q-1)$就行了其他的攻击步骤照常
Uncategorized
6k words
这道题记录一个疑问 Involved Knowledge RSA Private key decryption Topic public.key -----BEGIN PUBLIC KEY----- MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQMlsYv184kJfRcjeGa7Uc/4 3pIkU3SevEA7CZXJfA44bUbBYcrf93xphg2uR5HCFM+Eh6qqnybpIKl3g0kGA4rv tcMIJ9/PP8npdpVE+U4Hzf4IcgOaOmJiEWZ4smH7LWudMlOekqFTs2dWKbqzlC59 NeMPfu9avxxQ15fQzIjhvcz9GhLqb373XDcn298ueA80KK6Pek+3qJ8YSjZQMrFT +EJehFdQ6yt6vALcFc4CB1B6qVCGO7hICngCjdYpeZRNbGM/r6ED5Nsozof1oMbt Si8mZEJ/Vlx3gathkUVtlxx/+jlScjdM7AFV5fkRi...
Uncategorized
5.1k words
Involved Knowledge RSA Shared prime number Topic public1.pub -----BEGIN PUBLIC KEY----- MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAQAma/gXML+bivU20mJu55PZ SjNAE6S0PQ2WV5sYIA7ZLbJ6lshW8cfohErN0TUIv+6O+hXSMFd4wrv27+f6akPE qeNL6LWjKqcnC9I03vbyYDZuLkfeoPwM9UHIuRUfU/l/LDOCkjkOkHN5SMufg66y OGc4wLDi9f8sET4QMerAVF/HZ7acpYYCu8QoWnOSy9KiVzKQMzKkaL+WcN2sbLsA 61zjixv7ybMHDmcyMKHb5VbfPsqMW19roYLV5luY3SlrhTogmyGg19Q3k7hYW3ca Jc7WLEbPD/OnlHMDLArNUYMyB9t0CdLNZZCHE6pbiMaNGS+rwGcqxHbWC...
Uncategorized
1.4k words
Involved Knowledge RSA Adjacent Element Description import hashlib import sympy from Crypto.Util.number import * flag = 'GWHT{******}' secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half] flag2 = flag[half:] secret_num = getPrime(1024) * bytes_to_long(secret) p = sympy.nextprime(secret_num) q = sympy.nextprime(p) N = p * q e = 0x10001 F1 = bytes_to_long(flag1) F2 = bytes_to_long(flag2) c1 = F1 + F2 c2 = pow(F1, 3) + pow(F2, 3) assert(c2 <...
Uncategorized
2.1k words
Involved Knowledge retlibc The leak of the write function checksec Arch: amd64-64-little RELRO: No RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) 开启了NX,不能写入shellcode,一般这种情况下我们就往ROP上面考虑了 Running Program Input: 123(用户输入) Hello, World! Analyze main int __cdecl main(int argc, const char **argv, const char **envp) { vulnerable_function(argc, argv, envp); return write(1, "Hello, World!\n", 0xEuLL); } 执行vulnerable_function函数,然后输出Hello World! 我...
Uncategorized
2.8k words
最近这段时间应该会陆陆续续补上以前做的pwn题的wp,再来复习一下 Involved Knowledge Format String Stackoverflow ret2libc Checksec Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) 64位,开启了Canary(金丝雀)和NX(堆栈不可执行),那么如果有canary的话,我们在进行rop时首先就是要泄露canary Analyze main int __cdecl main(int argc, const char **argv, const char **envp) { init(argc, argv, envp); gift(); vuln(); return 0; } main函数里面依次执行三个函数init(),gift(),vuln(),依次跟进 init() unsigned...