【2019看雪CTF】Q1赛季 第十题 初入好望角 WP

DOTNET程序，反编后代码如下：

private static void a(string[] A_0)
    {
        Console.WriteLine("Please Input Serial:");
        if (global::a.a(Console.ReadLine(), "Kanxue2019") == "4RTlF9Ca2+oqExJwx68FiA==")
        {
            Console.WriteLine("Congratulations!  : )");
            Console.ReadLine();
        }
    }

    // Token: 0x06000005 RID: 5 RVA: 0x000020D4 File Offset: 0x000002D4
    public static string a(string A_0, string A_1)
    {
        byte[] bytes = Encoding.UTF8.GetBytes("Kanxue2019CTF-Q1");
        byte[] bytes2 = Encoding.UTF8.GetBytes(A_0);
        byte[] bytes3 = new PasswordDeriveBytes(A_1, null).GetBytes(32);
        ICryptoTransform transform = new RijndaelManaged
        {
            Mode = CipherMode.CBC
        }.CreateEncryptor(bytes3, bytes);
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream expr_4F = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write);
        expr_4F.Write(bytes2, 0, bytes2.Length);
        expr_4F.FlushFinalBlock();
        byte[] inArray = memoryStream.ToArray();
        memoryStream.Close();
        expr_4F.Close();
        return Convert.ToBase64String(inArray);
    }

AES加密，解密如下：

k = 'Kanxue2019CTF-Q1'
key = ''.join([chr(i) for i in [0x6D, 0xDE, 0xF7, 0xA4, 0x3C, 0x00, 0x4F, 0x7D, 0x69, 0x83, 0x04, 0x4B, 0x1E, 0x36, 0xA9, 0x34, 0x59, 0xF1, 0x8B, 0xC8, 0x37, 0xC4, 0x6E, 0xAF, 0x32, 0x11, 0x32, 0x73, 0x41, 0x63, 0xA0, 0xB4]])
ci = AES.new(key,AES.MODE_CBC,k)
ci.decrypt(d)

最终flag为Kanxue2019Q1CTF。

[培训]二进制漏洞攻防（第3期）；满10人开班；模糊测试与工具使用二次开发；网络协议漏洞挖掘；Linux内核漏洞挖掘与利用；AOSP漏洞挖掘与利用；代码审计。