本日進度:
題目有把檢查密碼的程式給出來,那就直接叫輸入是他檢查的密碼,然後就可以得到 flag 了
把原本程式中的 def level_2_pw_check()
改成這樣:
def level_2_pw_check():
# user_pw = input("Please enter correct password for flag: ")
if( user_pw := chr(0x64) + chr(0x65) + chr(0x37) + chr(0x36) ):
print("Welcome back... your flag, user:")
decryption = str_xor(flag_enc.decode(), user_pw)
print(decryption)
return
print("That password is incorrect")
然後執行就會有答案摟~
好像不小心先做到第二題了 xd ,這題跟上一題一樣,就是把答案改成他想要的文字就好了,差異是上一題是用 ASCII 編碼,這邊是直接給字串,但對我來說都沒差,反正我都用海象 \owo/
def level_1_pw_check():
# user_pw = input("Please enter correct password for flag: ")
if( user_pw := "1e1a"):
print("Welcome back... your flag, user:")
decryption = str_xor(flag_enc.decode(), user_pw)
print(decryption)
return
print("That password is incorrect")
這題要使用 MD5 Hash,因為不知道他是甚麼所以我查了一下,大概是這樣子:
MD5 這個演算法他會將任意長度的數據映射為一個固定 128 位元的輸出,那他做的步驟如下:
A = floor(2^32 * abs(sin(1))) = 0x67452301
B = floor(2^32 * abs(sin(2))) = 0xefcdab89
C = floor(2^32 * abs(sin(3))) = 0x98badcfe
D = floor(2^32 * abs(sin(4))) = 0x10325476
因為想說可以用昨天剛學的 pwn.remote
來玩玩看,所以就寫了個程式:
import hashlib
import pwn
io = pwn.remote("saturn.picoctf.net", 51742)
while True:
try:
io.recvuntil(b"quotes: '")
input_string = io.recvline().decode()[:-3]
md5_hex = hashlib.md5(input_string.encode()).hexdigest()
print(f"{input_string} : {md5_hex}")
io.sendline(md5_hex.encode())
except:
io.recvuntil(b"Correct.\r\n")
flag = io.recv()
print(flag.decode().strip())
break
io.interactive()
就簡單把它傳出來的字串和字元丟到 python 裡就是答案了
直接把判別是砍掉,就會直接輸出 flag 了
if flag = "":
print('String XOR encountered a problem, quitting.')
else:
print('That is correct! Here\'s your flag: ' + flag)
變成
print('That is correct! Here\'s your flag: ' + flag)
又不小心先寫了第二題,這題更簡單,就把錯誤的縮排改正就好了
print('That is correct! Here\'s your flag: ' + flag)
變成
print('That is correct! Here\'s your flag: ' + flag)