Bugku_就五层你能解开吗 解法
链接: http://pan.baidu.com/s/1i4TQoz7 密码: w65m
提示:第一层:CRC32 碰撞
第二层:维吉尼亚密码
第三层:sha1 碰撞
第四层:md5 相同文件不同
第五层:RSA
第一层:CRC32碰撞
工具地址:https://github.com/theonlypwner/crc32
得到_CRC32_i5_n0t_s4f3
= = 呵呵。。
第二层:维吉尼亚密码
你知道维吉尼亚密码吗?
我们给了keys.txt,唯一的密钥就在其中,那么解密ciphertext.txt里的密文吧!
解压密码就在明文里,祝你好运!
Do you know the Vigenére Ciphers?
We gave the keys.txt, Only have a key in it, So decrypts ciphertext.txt!
Unzip Password in plaintext, good luck to you!
from pycipher import Vigenere
a=open('ciphertext.txt').read()
for i in open('keys.txt'):
i=i.replace('\n','')
if 'PASSWORD' in Vigenere(i).decipher(a):
print Vigenere(i).decipher(a)
THEVIGENERECIPHERISAMETHODOFENCRYPTINGALPHABETICTEXTBYUSINGASERIESOFDIFFERENTCAESARCIPHERSBASEDONTHELETTERSOFAKEYWORDITISASIMPLEFORMOFPOLYALPHABETICSUBSTITUTIONSOPASSWORDISVIGENERECIPHERFUNNY
其实要全部打印出来,搜索关键字,我直接搜索了,可以看到:
PASSWORDISVIGENERECIPHERFUNNY
PASSWORD IS VIGENERE CIPHER FUNNY
vigenere cipher funny
网上还有这么做的:
第三层:sha1 碰撞
恭喜!
现在我们遇到一个问题,我们有一个zip文件,但我们不知道完整的解压密码。
幸好我们知道解压密码的一部分sha1值。
你能帮我们找到的密码吗?
不完整的密码:"*7*5-*4*3?" *代表可打印字符
不完整的sha1:"619c20c*a4de755*9be9a8b*b7cbfa5*e8b4365*" *代表可打印字符
人生苦短,我用Python。
Congratulations!
Now we run into a problem,We have a zip file, but we don't know the complete unzip password.
Fortunately, we know that part of the unzip password of sha1 value.
can you help us to find the password?
Incomplete password is "*7*5-*4*3?" * in the range of ASCII printable characters
Incomplete sha1 is "619c20c*a4de755*9be9a8b*b7cbfa5*e8b4365*" * in the range of ASCII printable characters
Life is short, you need Python.
import string
import hashlib
a=string.maketrans('', '')[33:127] #ascii can see
for key1 in a:
for key2 in a:
for key3 in a:
for key4 in a:
keys=key1+"7"+key2+"5"+"-"+key3+"4"+key4+"3"+"?"
sha1=hashlib.sha1(keys)
flag=sha1.hexdigest()
if "619c20c" and "a4de755" and "9be9a8b" and "b7cbfa5"and "e8b4365"in flag:
print keys
break
I7~5-s4F3?
第四层:md5 相同文件不同
Hello World ;-)
MD5校验真的安全吗?
有没有两个不同的程序MD5却相同呢?
如果有的话另一个程序输出是什么呢?
解压密码为单行输出结果。
Hello World ;-)
MD5 check is really safe?
There are two different procedures MD5 is the same?
If so what is the output of another program?
The decompression password is a single-line output.
https://www.cnblogs.com/alexyuyu/articles/3508110.html
老生常谈:从王小云教授成功破解MD5说起
下面要说的“MD5碰撞”,简而言之就是:先得出一个字符串的MD5值,再根据这个值,逆算出另外一个不同的字符串——但是它们的MD5检验值是完全一致的!
或许你会觉得,不同的字符串可以得出相同的MD5,也不算什么了不起的事情吧。这只不过是世上万千奇怪的数学题的一种而已。
但是!你可曾想过,有没有可能,让两个程序文件的MD5一致,却又都能正常运行,并且可以做完全不同的事情么?
答案是:还真的可以!
http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe
http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe
Goodbye World :-(
第五层:RSA
flag.enc
是密文,而ras_public_key.pem
是公钥。
先分解公钥得到n
和e
# -*- coding: utf-8 -*-
from Crypto.PublicKey import RSA
pub=RSA.importKey(open('rsa_public_key.pem').read())
n=long(pub.n)
e=long(pub.e)
print e
print n
print "n=",hex(n)
print "e=",hex(e)
其实还可以这样
openssl rsa - pubin -inform PEM -text -noout -in rsa_public_key.pem
“`
n= 0x28fff9dd3e6fe9781649eb7fe5e9303cf696347c4110bc4ba3969f0b11669840c51d81a6842b6df2b090f21cd76d4371a8c0e47048c965eca5b46913afbb8da052072a0566d7039c618aba9065759b059e29e485dc5061a16ac63129438d9354e65df5747546b85db3d699819c4b7732df927c7084a5d52d6e6d6aac144623425L
e= 0x1f8fba410052df7eda3462f1aacd69e40760433ca335767cd7305a3d090805a5fd405dd6eea70e98f0ca1e1cf254748671bf0c98006c20eee1d6279043509fe7a98238b439160a5612da71e904514e81280617e307c3cd3313fa4c6fca33159d0441fbb18d83caf4bd46f6b9297a80a142dd69bf1a357ccb5e4c200b6d90f15a3L
因为`n`很大,跑的时候很慢。。。

在RSA中如果n确定,e非常大,会导致d很小,从而出现维纳攻击,使用连分式(Continued fraction)去求得d。
基于维纳攻击的工具链接:https://github.com/pablocelayes/rsa-wiener-attack
在这个项目写一个脚本:
```Python
#!/usr/bin/python
import ContinuedFractions,Arithmetic
import time
import sys
import binascii
sys.setrecursionlimit(100000)
# modulus from the RSA public key
n=input("input n:")
# exponent from the RSA public key
e=input("input e:")
def hack_RSA(e,n):
print "Performing Wiener's attack. Don't Laugh..."
time.sleep(1)
frac = ContinuedFractions.rational_to_contfrac(e, n)
convergents = ContinuedFractions.convergents_from_contfrac(frac)
for (k,d) in convergents:
#check if d is actually the key
if k!=0 and (e*d-1)%k == 0:
phi = (e*d-1)//k
s = n - phi + 1
# check if the equation x^2 - s*x + n = 0
# has integer roots
discr = s*s - 4*n
if(discr>=0):
t = Arithmetic.is_perfect_square(discr)
if t!=-1 and (s+t)%2==0:
return d
hacked_d = hack_RSA(e, n)
print "d=" + str(hacked_d)
得到d
的值,8264667972294275017293339772371783322168822149471976834221082393409363691895
。
用rsatool
生成私钥:
python rsatool.py -d 8264667972294275017293339772371783322168822149471976834221082393409363691895 -n 0x28fff9dd3e6fe9781649eb7fe5e9303cf696347c4110bc4ba3969f0b11669840c51d81a6842b6df2b090f21cd76d4371a8c0e47048c965eca5b46913afbb8da052072a0566d7039c618aba9065759b059e29e485dc5061a16ac63129438d9354e65df5747546b85db3d699819c4b7732df927c7084a5d52d6e6d6aac144623425 -e 0x1f8fba410052df7eda3462f1aacd69e40760433ca335767cd7305a3d090805a5fd405dd6eea70e98f0ca1e1cf254748671bf0c98006c20eee1d6279043509fe7a98238b439160a5612da71e904514e81280617e307c3cd3313fa4c6fca33159d0441fbb18d83caf4bd46f6b9297a80a142dd69bf1a357ccb5e4c200b6d90f15a3 -o key.pem -f PEM
然后用openssl
和私钥解密
openssl rsautl -decrypt -in flag.enc -inkey key.pem -out flag.txt
flag{W0rld_Of_Crypt0gr@phy}