首页
社区
课程
招聘
[原创]KCTF2022秋季赛题目提交
2022-10-17 15:57 3371

[原创]KCTF2022秋季赛题目提交

2022-10-17 15:57
3371

战队名称:中午吃什么
参赛题目:CrackMe(Windows)
题目答案:14725KCTF83690

 

使用方案一(老规则)
需要穷举爆破随机数种子(0-99999,穷举时间一分钟以内)

 

运行流程:
输入序列号
输出success或error

 

详细的题目设计说明:
判断输入文本长度是否为14
将输入文本拆分为3份(5字节、4字节、5字节)
将2个5字节转为int,作为随机数种子调用srand
调用rand生成20个int数据
rand生成的数据和全局数组相等且4字节文本为KCTF则成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#include <stdio.h>
#include <stdlib.h>
 
unsigned int arrSeed_14725[] = {
    15356,
    8563 ,
    9659 ,
    14347,
    11283,
    30142,
    29542,
    18083,
    5057 ,
    5531 ,
    23391,
    21327,
    20023,
    14852,
    4865 ,
    23820,
    16725,
    18665,
    25042,
    24920 };
 
unsigned int arrSeed_83690[] = {
    11190,
    27482,
    980     ,
    5419 ,
    28164,
    9548 ,
    16558,
    22218,
    6113 ,
    21959,
    13889,
    11580,
    2625 ,
    19397,
    25139,
    8167 ,
    28165,
    3950 ,
    25496,
    27351 };
 
int my_strlen(const char* StrDest)
{
    return ('\0' != *StrDest) ? (1 + my_strlen(StrDest + 1)) : 0;
}
 
#if 0
//爆破代码
int main()
{
    int i, j;
    int isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_14725[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子1:[%d]\n", i);
            //break;
        }
    }
    isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_83690[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子2:[%d]\n", i);
            //break;
        }
    }
    system("pause");
    return 0;
}
 
#else
 
//题目程序
int main()
{
    int i = 0;
    char szBuffer[128] = { 0 };
    char szSeed1[6];
    unsigned int dwSeed1;
    char szKCTF[5];
    char szSeed2[6];
    unsigned int dwSeed2;
    int isSuccess1;
    int isSuccess2;
    int isSuccess3;
 
    //0-99999
    //14725KCTF83690
    printf("please input :\n");
    scanf_s("%s", szBuffer, sizeof(szBuffer) - 1);
    if (my_strlen(szBuffer) != 14)
    {
        printf("error\n");
        system("pause");
        return 0;
    }
 
    szSeed1[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed1[i] = szBuffer[i + 0];
    }
    dwSeed1 = atoi(szSeed1);
 
    szKCTF[4] = '\0';
    for (i = 0; i < 4; i++)
    {
        szKCTF[i] = szBuffer[i + 5];
    }
 
    szSeed2[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed2[i] = szBuffer[i + 5 + 4];
    }
    dwSeed2 = atoi(szSeed2);
    //printf("%d\n", dwSeed1);    //14725
    //printf("%s\n", szKCTF);    //KCTF
    //printf("%d\n", dwSeed2);    //83690
 
    isSuccess1 = 1;
    isSuccess2 = 1;
    isSuccess3 = 0;
    srand(dwSeed1);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_14725[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    srand(dwSeed2);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_83690[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    if (szKCTF[0] == 'K' &&
        szKCTF[1] == 'C' &&
        szKCTF[2] == 'T' &&
        szKCTF[3] == 'F')
    {
        isSuccess3 = 1;
    }
 
    if (isSuccess1 != 0 && isSuccess2 != 0 && isSuccess3 != 0)
    {
        printf("success : %s\n", szBuffer);
        system("pause");
        return 0;
    }
    printf("error\n");
    system("pause");
    return 0;
}
 
#endif

破解思路:
爆破2个5位数随机数种子(0-99999)
种子1+KCTF+种子2即为正确FALG


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

最后于 2022-11-29 13:26 被kanxue编辑 ,原因:
上传的附件:
收藏
免费 2
打赏
分享
最新回复 (1)
游客
登录 | 注册 方可回帖
返回