axb_2019_fmt32 Involved Knowledge format string Checksec Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) Program Hello,I am a computer Repeater updated. After a lot of machine learning,I know that the essence of man is a reread machine! So I'll answer whatever you say! Please tell me:123 Repeater:123 Analyze main int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { char s[257]; // ...

Description 今天做题的时候遇到一个$n = p^2*q$这么一个情况的题，记录一下 Attack 简而言之，我们只需要注意是针对$n = p^2q$的情况，$\phi_n=p(p-1)*(q-1)$就行了其他的攻击步骤照常

这道题记录一个疑问 Involved Knowledge RSA Private key decryption Topic public.key -----BEGIN PUBLIC KEY----- MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQMlsYv184kJfRcjeGa7Uc/4 3pIkU3SevEA7CZXJfA44bUbBYcrf93xphg2uR5HCFM+Eh6qqnybpIKl3g0kGA4rv tcMIJ9/PP8npdpVE+U4Hzf4IcgOaOmJiEWZ4smH7LWudMlOekqFTs2dWKbqzlC59 NeMPfu9avxxQ15fQzIjhvcz9GhLqb373XDcn298ueA80KK6Pek+3qJ8YSjZQMrFT +EJehFdQ6yt6vALcFc4CB1B6qVCGO7hICngCjdYpeZRNbGM/r6ED5Nsozof1oMbt Si8mZEJ/Vlx3gathkUVtlxx/+jlScjdM7AFV5fkRi...

Involved Knowledge RSA Shared prime number Topic public1.pub -----BEGIN PUBLIC KEY----- MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAQAma/gXML+bivU20mJu55PZ SjNAE6S0PQ2WV5sYIA7ZLbJ6lshW8cfohErN0TUIv+6O+hXSMFd4wrv27+f6akPE qeNL6LWjKqcnC9I03vbyYDZuLkfeoPwM9UHIuRUfU/l/LDOCkjkOkHN5SMufg66y OGc4wLDi9f8sET4QMerAVF/HZ7acpYYCu8QoWnOSy9KiVzKQMzKkaL+WcN2sbLsA 61zjixv7ybMHDmcyMKHb5VbfPsqMW19roYLV5luY3SlrhTogmyGg19Q3k7hYW3ca Jc7WLEbPD/OnlHMDLArNUYMyB9t0CdLNZZCHE6pbiMaNGS+rwGcqxHbWC...

Involved Knowledge RSA Adjacent Element Description import hashlib import sympy from Crypto.Util.number import * flag = 'GWHT{******}' secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half] flag2 = flag[half:] secret_num = getPrime(1024) * bytes_to_long(secret) p = sympy.nextprime(secret_num) q = sympy.nextprime(p) N = p * q e = 0x10001 F1 = bytes_to_long(flag1) F2 = bytes_to_long(flag2) c1 = F1 + F2 c2 = pow(F1, 3) + pow(F2, 3) assert(c2 <...

Involved Knowledge retlibc The leak of the write function checksec Arch: amd64-64-little RELRO: No RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) 开启了NX，不能写入shellcode，一般这种情况下我们就往ROP上面考虑了 Running Program Input: 123(用户输入) Hello, World! Analyze main int __cdecl main(int argc, const char **argv, const char **envp) { vulnerable_function(argc, argv, envp); return write(1, "Hello, World!\n", 0xEuLL); } 执行vulnerable_function函数，然后输出Hello World! 我...

最近这段时间应该会陆陆续续补上以前做的pwn题的wp，再来复习一下 Involved Knowledge Format String Stackoverflow ret2libc Checksec Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) 64位，开启了Canary(金丝雀)和NX(堆栈不可执行)，那么如果有canary的话，我们在进行rop时首先就是要泄露canary Analyze main int __cdecl main(int argc, const char **argv, const char **envp) { init(argc, argv, envp); gift(); vuln(); return 0; } main函数里面依次执行三个函数init(),gift(),vuln()，依次跟进 init() unsigned...