当前位置:网站首页>Jarvis OJ shell流量分析
Jarvis OJ shell流量分析
2022-07-05 16:06:00 【[mzq]】
shell流量分析
题目附件 : https://dn.jarvisoj.com/challengefiles/+_+.rar.977e2c637dc492fb9a7cf7595c852044
使用strings 查找关键字 ctf 发现里面有一个python加解密脚本
用wireshark分析 tcp流中有加密解密的python2 脚本
还找到一串base64加密字符串,尝试解密得到乱码
猜测解密后用python 脚本解密
from Crypto import Random
from Crypto.Cipher import AES
import sys
import base64
def decrypt(encrypted, passphrase):
IV = encrypted[:16]
aes = AES.new(passphrase, AES.MODE_CBC, IV)
return aes.decrypt(encrypted[16:])
def encrypt(message, passphrase):
IV = message[:16]
length = 16
count = len(message)
padding = length - (count % length)
message = message + '\0' * padding
aes = AES.new(passphrase, AES.MODE_CBC, IV)
return aes.encrypt(message)
IV = 'YUFHJKVWEASDGQDH'
message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}'
#print len(message)
#example = encrypt(message, 'Qq4wdrhhyEWe4qBF')
#print example
example = "mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA=="
example = base64.b64decode(example)
example = decrypt(example, 'Qq4wdrhhyEWe4qBF')
print example
flag is hctf{
n0w_U_w111_n0t_f1nd_me}
边栏推荐
- Apple 已弃用 NavigationView,使用 NavigationStack 和 NavigationSplitView 实现 SwiftUI 导航
- Transaction rollback exception
- Google Earth Engine(GEE)——Kernel核函数简单介绍以及灰度共生矩阵
- DeSci:去中心化科学是Web3.0的新趋势?
- CISP-PTE之PHP伪协议总结
- HiEngine:可媲美本地的云原生内存数据库引擎
- EDI许可证和ICP经营性证有什么区别
- Single merchant v4.4 has the same original intention and strength!
- 【深度学习】深度学习如何影响运筹学?
- 企业级备份软件Veritas NetBackup(NBU) 8.1.1服务端的安装部署
猜你喜欢
Global Data Center released DC brain system, enabling intelligent operation and management through science and technology
数据湖(十四):Spark与Iceberg整合查询操作
The new version of effect editor is online! 3D rendering, labeling, and animation, this time an editor is enough
降本40%!Redis多租户集群的容器化实践
Convert obj set to entity set
Android 隐私沙盒开发者预览版 3: 隐私安全和个性化体验全都要
单商户 V4.4,初心未变,实力依旧!
HiEngine:可媲美本地的云原生内存数据库引擎
公司自用的国产API管理神器
PSPNet | 语义分割及场景分析
随机推荐
Explain in detail the functions and underlying implementation logic of the groups sets statement in SQL
Pits encountered in the use of boolean type in development
Single merchant v4.4 has the same original intention and strength!
【学术相关】多位博士毕业去了三四流高校,目前惨不忍睹……
Seaborn绘制11个柱状图
Research and development efficiency measurement index composition and efficiency measurement methodology
Cartoon: what is MapReduce?
[graduation season] as a sophomore majoring in planning, I have something to say
Practice independent and controllable 3.0 and truly create the open source business of the Chinese people
[js] 技巧 简化if 判空
效果编辑器新版上线!3D渲染、加标注、设置动画,这次一个编辑器就够了
降本40%!Redis多租户集群的容器化实践
File operation --i/o
[js] skill simplification if empty judgment
国泰君安网上开户安全吗
yarn 常用命令
Reduce the cost by 40%! Container practice of redis multi tenant cluster
Accès aux données - intégration du cadre d'entité
Query the latest record in SQL
OneForAll安装使用