Zh3R0 CTF+Shell CTF

Note : A JOURNEY TO GAIN KNOWLEDGE

I can not do both of challenges without my master support. Thanks a bunch LTTN <3.

#alice_bob_dave

from Crypto.Util.number import *
from secret import msg_a,msg_b

e=65537
p,q,r=[getStrongPrime(1024,e) for _ in range(3)]
pt_a=bytes_to_long(msg_a)
pt_b=bytes_to_long(msg_b)

n_a=p*q
n_b=p*r
phin_a=(p-1)*(q-1)
phin_b=(p-1)*(r-1)
d_a=inverse(e,phin_a)
d_b=inverse(e,phin_b)

ct_a=pow(pt_a,e,n_a)
ct_b=pow(pt_b,e,n_b)

print(f"{ct_a=}\n{ct_b=}\n{d_a=}\n{d_b=}\n{e=}")

ct_a=1991374644522844726604723395302447678829362766488998002689642863876589167224123634868869407586265887639572846618361378190717796457675877867002990630200549839187693737176043693114429036857443618075597595356236777647214186597416429862630588853297534066191784060030827904725960955181749644590885127762513958644117342351741609981560458367036971039921421548984093411630930209440031060634872093143755813835906517674672118355461511837533783279547447855290393938723966500874359457216314821548439555245649159786182924722770460929014017979622168454175758261065999271764594369618940918533185330319317089809708951104047147411596
ct_b=11560415492145861207516424108577715664730529386805857287246533744961821151018194362544284902991666685182413092786353089517543091603274250128250910669110530206320138191614471688310529571895441809729559056935543845898702106837033971935287923495445981173899073238286288875669342754013550227359718814123485311705960547980778357375585882146296937739196745327987012437076826111202650212821723168353665944362122152786549834258495316372518691633486765982945106049194892430437710982481105051765183397588927444843790029563399175420351710322220501327577415113508236805750358567711052779340011355629159610689505604941700815518380
d_a=12007894588345817095001901772235818535532128075248502006167506715501613386280619988757005912270381074208611126718938214462213079931302423653355153363846803336576965899104058007549509604040316897464770127372797630135493394807353800174267249408200186888724103432412296802728616667116382243738519746110159825921676647202689661952040602841752466515868580858475210918168761862255041985423595605698941150797550252491451770611246462256935118062094973933183288422900540413805923476283359196218128607678993284504582128505198491110084905108072190837781925478455984417366202863689318005069821086805269764308054632708127147397685
d_b=15309121030008789112453654624398278092026139678301334759817236349957760197277968332173160272007689043235997494440248487531238644015060915059836861728115118555482791561589562225055947155368216166612774271639118879220806859714069050410034235487298164832205885978355955618431606156727831992132535894020870312453902803351757466444078059503362362343138846985263572980446344678973847354860739168547872456538618897496981232096868408852088578700314051200160980186449222946973789039336701174360592471866811887750298968395798446811465432587371913161943176018766518394820191044593922558127924048562996714970537749736086175516533
e=65537

Idea : we can easily look that GCD of both polynomials is (p-1) ,we have to find MAX GCD of phi1 and phi 2 then brute force p-1 with k1*phi1 = e*d1-1 and k2*phi2 = e*d2-1 brute force to find MAX GCD of k1*phi1, k2*phi2 ,from p we easily brute force r and q

#Vul-AES

#!/usr/bin/env python3

import base64
from Crypto.Cipher import AES

secret_code = "<flag>"

def pad(message):
    if len(message) % 16 != 0:
        message = message + '0'*(16 - len(message)%16 )    #block-size = 16
    return message

def encrypt(key, plain):
    cipher = AES.new( key, AES.MODE_ECB )
    return cipher.encrypt(plain)

sitrep = str(input("Crewmate! enter your situation report: "))
message = '''sixteen byte AES{sitrep}{secret_code}'''.format(sitrep = sitrep, secret_code = secret_code) #the message is like [16-bytes]/[report]/[flag]

message = pad(message)
message1 = bytes(message,'utf-8')

cipher = encrypt( b'sixteen byte key', message1 )
cipher = base64.b64encode(cipher)
print(cipher.decode('ascii'))

Connect to sever and type any character which you want Output : "xX+NDjg0X9tmJLobdQv9k9ds/4i9bLo8u6OoRjBMuldg6rjc+L5XlwAejtua+qoK" (may be different depending characters) key = b'sixteen byte key'

from Crypto.Cipher import AES
import base64
enc = "xX+NDjg0X9tmJLobdQv9k9ds/4i9bLo8u6OoRjBMuldg6rjc+L5XlwAejtua+qoK"
key = b'sixteen byte key'
cipher=AES.new(key,AES.MODE_ECB)
enc = base64.b64decode(enc)
flag = cipher.decrypt(enc)
print(flag)

b'sixteen byte AESashell{kinda_sus}000000000000000'

Thanks for reading. Have a good day <3

PreviousCTF2021

Last updated 4 years ago

Was this helpful?