当前位置:网站首页>Jarvis OJ shell traffic analysis
Jarvis OJ shell traffic analysis
2022-07-05 16:46:00 【[mzq]】
shell Flow analysis
Title Attachment : https://dn.jarvisoj.com/challengefiles/+_+.rar.977e2c637dc492fb9a7cf7595c852044
Use strings Find keywords ctf I found one of them python Encryption and decryption script
use wireshark analysis tcp There are encrypted and decrypted in the stream python2 Script
Also found a string base64 Encrypted string , Try to decrypt and get garbled code
Guess after decryption python Script decryption
from Crypto import Random
from Crypto.Cipher import AES
import sys
import base64
def decrypt(encrypted, passphrase):
IV = encrypted[:16]
aes = AES.new(passphrase, AES.MODE_CBC, IV)
return aes.decrypt(encrypted[16:])
def encrypt(message, passphrase):
IV = message[:16]
length = 16
count = len(message)
padding = length - (count % length)
message = message + '\0' * padding
aes = AES.new(passphrase, AES.MODE_CBC, IV)
return aes.encrypt(message)
IV = 'YUFHJKVWEASDGQDH'
message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}'
#print len(message)
#example = encrypt(message, 'Qq4wdrhhyEWe4qBF')
#print example
example = "mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA=="
example = base64.b64decode(example)
example = decrypt(example, 'Qq4wdrhhyEWe4qBF')
print example
flag is hctf{
n0w_U_w111_n0t_f1nd_me}
边栏推荐
- APICloud云调试解决方案
- 【刷题篇】鹅厂文化衫问题
- 为季前卡牌游戏 MotoGP Ignition Champions 做好准备!
- Can you help me see what the problem is? [ERROR] Could not execute SQL stateme
- [brush title] goose factory shirt problem
- Solve cmakelist find_ Package cannot find Qt5, ECM cannot be found
- Hiengine: comparable to the local cloud native memory database engine
- Record a 'very strange' troubleshooting process of cloud security group rules
- Basic introduction to the control of the row component displaying its children in the horizontal array (tutorial includes source code)
- sqlserver 做cdc 要对数据库性能有什么要求么
猜你喜欢
Research and development efficiency measurement index composition and efficiency measurement methodology
用键盘输入一条命令
How to set the WiFi password of the router on the computer
Android privacy sandbox developer preview 3: privacy, security and personalized experience
《21天精通TypeScript-3》-安装搭建TypeScript开发环境.md
Detailed explanation of use scenarios and functions of polar coordinate sector diagram
Desci: is decentralized science the new trend of Web3.0?
數據訪問 - EntityFramework集成
极坐标扇图使用场景与功能详解
Flet教程之 09 NavigationRail 基础入门(教程含源码)
随机推荐
Flet tutorial 12 stack overlapping to build a basic introduction to graphic and text mixing (tutorial includes source code)
Seaborn draws 11 histograms
How was the middle table destroyed?
Sentinel flow guard
【漏洞预警】CVE-2022-26134 Confluence 远程代码执行漏洞POC验证与修复过程
[vulnerability warning] cve-2022-26134 conflict Remote Code Execution Vulnerability POC verification and repair process
践行自主可控3.0,真正开创中国人自己的开源事业
How to use FRP intranet penetration +teamviewer to quickly connect to the intranet host at home when mobile office
今日睡眠质量记录79分
ES6 drill down - ES6 generator function
Oneforall installation and use
The database of the server is not connected to 200310060 "unknown error" [the service is up, the firewall is off, the port is on, and the netlent port is not connected]
Spring Festival Limited "forget trouble in the year of the ox" gift bag waiting for you to pick it up~
详解SQL中Groupings Sets 语句的功能和底层实现逻辑
[echart] resize lodash to realize chart adaptation when window is zoomed
Raspberry pie 4B installation pytorch1.11
漫画:什么是MapReduce?
The new version of effect editor is online! 3D rendering, labeling, and animation, this time an editor is enough
挖财股票开户安全吗?怎么开股票账户是安全?
Using graylog alarm function to realize the regular work reminder of nail group robots