攻防世界 Crypto 新手练习区 1-12 全详解

it2025-10-23 8

前言

本篇是攻防世界 Crypto 新手练习区的全解

1、base64

下下来一个txt 打开是最基础的base64

直接解就是了

2、Caesar

下下来一个txt

由小写字母，{}，_构成结合题目应该是凯撒加密即明文中的所有字母都在字母表上向后（或向前）按照一个固定数目进行偏移后被替换成密文

做一番尝试

得到flag

3、Morse

下下来一个txt

根据题目是摩斯密码 1换为- 0换为. 得到

-- --- .-. ... . -.-. --- -.. . .. ... ... --- .. -. - . .-. . ... - .. -. --.

解密得到flag 注意下提交时的格式

4、幂数加密

下下来的txt如下

题目说有8位字符数了下有7个0 猜测是作为间隔

朴素的想法剩下的数字加起来表示字母

脚本

a = "8842101220480224404014224202480122" a = a.split("0") flag = '' for w in a: sum = 0 for i in w: sum += int(i) flag += chr(sum + 64) print(flag)

得到 flag

查了查这叫云影密码

5、Railfence

下下来txt

栅栏密码直接解发现不对没有符合的flag

查了查有个w变种

解码工具

得到flag

6、不仅仅是Morse

下下来txt

--/.-/-.--/..--.-/-..././..--.-/..../.-/...-/./..--.-/.-/-./---/-/...././.-./..--.-/-.././-.-./---/-.././..../..../..../..../.-/.-/.-/.-/.-/-.../.-/.-/-.../-.../-.../.-/.-/-.../-.../.-/.-/.-/.-/.-/.-/.-/.-/-.../.-/.-/-.../.-/-.../.-/.-/.-/.-/.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../-.../.-/.-/.-/-.../-.../.-/.-/-.../.-/.-/.-/.-/-.../.-/-.../.-/.-/-.../.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/-.../-.../.-/.-/-.../-.../-.../.-/-.../.-/.-/.-/-.../.-/-.../.-/-.../-.../.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/.-/.-/.-/-.../-.../.-/-.../-.../.-/.-/-.../-.../.-/.-/-.../.-/.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/-.../.-/.-/-.../-.../.-/-.../.-/.-/.-/.-/-.../-.../.-/-.../.-/.-/-.../-.../.-

肯定跟摩斯密码有关先解码看看解码工具

看到一个小提示和一堆ab

瞅着跟二进制有关要么培根密码要么进制转换

先试试培根密码得到flag

7、混合编码

下下来txt

JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzk7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM2ODsmIzY5OyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjNTI7JiM3NjsmIzEyMjsmIzEwNzsmIzUzOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc3OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiMxMDc7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzg7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjODQ7JiM2OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzUwOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc4OyYjMTA1OyYjNTY7JiM1MzsmIzc4OyYjMTIxOyYjNTY7JiM1MzsmIzc5OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM5OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjNjk7JiMxMTk7JiM3NzsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjNjU7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM2OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjMTA3OyYjNTM7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM4NDsmIzEwNzsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzEyMDsmIzc2OyYjMTIyOyYjNjk7JiMxMjA7JiM3ODsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjMTAzOyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjMTE5Ow==

瞅着是base64

得到

LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMTAxLzExNi8xMTEvOTcvMTE2LzExNi85Ny85OS8xMDcvOTcvMTEwLzEwMC8xMDAvMTAxLzEwMi8xMDEvMTEwLzk5LzEwMS8xMTkvMTExLzExNC8xMDgvMTAw

再次base64

/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100

都大于等于97小于等于119 ascii码

import re r="/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100" r=re.split("/",r) flag="" for i in range(1,len(r)): flag=flag+chr(int(r[i])) print flag

得到

welcometoattackanddefenceworld

8、easy_RSA

下下来txt

找个工具直接算注意下进制问题得到flag

9、easychallenge

下下来一个pyc文件用uncompyle6反编译

得到

# uncompyle6 version 3.5.0 # Python bytecode 2.7 (62211) # Decompiled from: Python 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)] # Embedded file name: ans.py # Compiled at: 2018-08-09 11:29:44 import base64 def encode1(ans): s = '' for i in ans: x = ord(i) ^ 36 x = x + 25 s += chr(x) return s def encode2(ans): s = '' for i in ans: x = ord(i) + 36 x = x ^ 36 s += chr(x) return s def encode3(ans): return base64.b32encode(ans) flag = ' ' print 'Please Input your flag:' flag = raw_input() final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E===' if encode3(encode2(encode1(flag))) == final: print 'correct' else: print 'wrong'

反向

import base64 def decode1(ans): s = '' for i in ans: x = ord(i) - 25 x = x ^ 36 s += chr(x) return s def decode2(ans): s = '' for i in ans: x = i^ 36 x = x - 36 s += chr(x) return s def decode3(ans): return base64.b32decode(ans) final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E===' flag=decode1(decode2(decode3(final))) print(flag)

得到flag

10、转轮机加密

下下来txt

密钥是1-13的重排列意思是按这个顺序排列行数然后根据密文调整每一行使得第一列是密文

过程如下

得到flagfireinthehole

脚本

import re sss='''1: < ZWAXJGDLUBVIQHKYPNTCRMOSFE < 2: < KPBELNACZDTRXMJQOYHGVSFUWI < 3: < BDMAIZVRNSJUWFHTEQGYXPLOCK < 4: < RPLNDVHGFCUKTEBSXQYIZMJWAO < 5: < IHFRLABEUOTSGJVDKCPMNZQWXY < 6: < AMKGHIWPNYCJBFZDRUSLOQXVET < 7: < GWTHSPYBXIZULVKMRAFDCEONJQ < 8: < NOZUTWDCVRJLXKISEFAPMYGHBQ < 9: < XPLTDSRFHENYVUBMCQWAOIKZGJ < 10: < UDNAJFBOWTGVRSCZQKELMXYIHP < 11 < MNBVCXZQWERTPOIUYALSKDJFHG < 12 < LVNCMXZPQOWEIURYTASBKJDFHG < 13 < JZQAWSXCDERFVBGTYHNUMKILOP < ''' m="NFQKSEVOQOFNP" content=re.findall(r'< (.*?) <',sss,re.S) iv=[2,3,7,5,13,12,9,1,8,10,4,11,6] vvv=[] ans="" for i in range(13): index=content[iv[i]-1].index(m[i]) vvv.append(index) for i in range(0,26): flag="" for j in range(13): flag+=content[iv[j]-1][(vvv[j]+i)%26] print(flag)

11、Normal_RSA

下下来两个文件

瞅着一个是密文一个是密钥查了下

正规思路

使用 openssl 解密 pem 中参数参数十六进制转换为十进制利用 factor 对大整数进行分解，得到 p 和 q用 rsatool 生成私钥文件: private.pem用 private.pem 解密 flag.enc

不过找到了一个很好用的工具 CTF-RSA-tool

python2 solve.py --verbose -k ./pubkey.pem --decrypt ./flag.enc

直接得到flag

12、easy_ECC

下下来txt

椭圆曲线加密直接ecctool

再根据题目要求计算 x+y=13957031351290+5520194834100=19477226185390 得到flag

脚本

# encoding=utf-8 p = 15424654874903 a = 16546484 b = 4548674875 def add(A, B): if A == (0, 0): return B if B == (0, 0): return A x1, y1 = A x2, y2 = B if A != B: λ = (y2 - y1) * pow((x2 - x1), p-2, p) else: λ = (x1*x1*3 + a) * pow(2*y1, p-2, p) x3 = λ * λ - x1 - x2 y3 = λ * (x1 - x3) - y1 return (x3 % p, y3 % p) G = (6478678675,5636379357093) k = 546768 C = (0, 0) for i in range(k): C = add(C, G) print(C) print("cyberpeace{%d}"%(C[0]+C[1]))

结语

了解了好多密码知识以及好些好用的工具得进一步学习以后自己写工具

知识点

base64凯撒密码摩斯密码，解码工具云影密码栅栏密码，w变种，解码工具培根密码，解码工具RSApyc反编译转轮机加密ssl，CTF-RSA-tool椭圆曲线加密，ecctool

最新回复(0)