当前位置：网站首页>Jarvis OJ shell traffic analysis

Jarvis OJ shell traffic analysis

2022-07-05 16:46:00 【[mzq]】

shell Flow analysis

Title Attachment : https://dn.jarvisoj.com/challengefiles/+_+.rar.977e2c637dc492fb9a7cf7595c852044
Insert picture description here

Use strings Find keywords ctf I found one of them python Encryption and decryption script

Insert picture description here

use wireshark analysis tcp There are encrypted and decrypted in the stream python2 Script

Insert picture description here

 Also found a string base64 Encrypted string , Try to decrypt and get garbled code

Insert picture description here

Guess after decryption python Script decryption

Insert picture description here

from Crypto import Random
from Crypto.Cipher import AES
import sys
import base64
def decrypt(encrypted, passphrase):
  IV = encrypted[:16]
  aes = AES.new(passphrase, AES.MODE_CBC, IV)
  return aes.decrypt(encrypted[16:])
def encrypt(message, passphrase):
  IV = message[:16]
  length = 16
  count = len(message)
  padding = length - (count % length)
  message = message + '\0' * padding
  aes = AES.new(passphrase, AES.MODE_CBC, IV)
  return aes.encrypt(message)
IV = 'YUFHJKVWEASDGQDH'
message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}'
#print len(message)
#example = encrypt(message, 'Qq4wdrhhyEWe4qBF')
#print example
example = "mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA=="
example = base64.b64decode(example)
example = decrypt(example, 'Qq4wdrhhyEWe4qBF') 
print example

flag is hctf{
    n0w_U_w111_n0t_f1nd_me}

原网站

版权声明
本文为[[mzq]]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/186/202207051605457937.html

当前位置：网站首页>Jarvis OJ shell traffic analysis

Jarvis OJ shell traffic analysis

shell Flow analysis

边栏推荐

猜你喜欢

随机推荐