[VNCTF 2022]ezmath wp

One sha256 Blast + A mathematical problem , You can go to baidu , The answer is num * 4, But looking at the source code, you can find that you want to submit 777 Secondary answer , So we can only write scripts to solve , This kind of interactive question is generally to nc The server , You can also use python Third party Library in pwntools.

exp

from hashlib import sha256
import random
from pwn import *
import string

#  Create a dictionary of upper and lower case letters and numbers 
dir = string.ascii_letters + string.digits
#  Change the environment yourself 
p = remote("node4.buuoj.cn", 27166)


p.recvuntil('[+] sha256(XXXX+')
salt = p.recv(16).strip().decode()
p.recvuntil(') == ')
hash = p.recv(64).strip().decode()

print('salt: %s' % salt)
print('target hash: %s' % hash)

#  Burst four digit string 
while True:
    rand_str = (''.join([random.choice(dir) for _ in range(4)])) + salt
    if sha256(rand_str.encode()).hexdigest() == hash:
        print(rand_str[:4])
        p.sendlineafter('[+] Plz Tell Me XXXX :', rand_str[:4])
        break

#  Decryption of mathematical problems 
for i in range(777):
    p.recvuntil("plz give me the ")
    count = p.recv(10).strip().decode()
    count = int(count)
    res = str(count*4)
    p.recvuntil('th (n) that satisfying (2^n-1) % 15 == 0 (the 1st 2^n-1 is 15):')
    p.sendline(res)
p.recvuntil('You get flag!')
print(p.recvlines(2))