首页
社区
课程
招聘
[原创]KCTF2022秋季赛题目提交
发表于: 2022-10-17 15:57 3852

[原创]KCTF2022秋季赛题目提交

2022-10-17 15:57
3852

战队名称:中午吃什么
参赛题目:CrackMe(Windows)
题目答案:14725KCTF83690

使用方案一(老规则)
需要穷举爆破随机数种子(0-99999,穷举时间一分钟以内)

运行流程:
输入序列号
输出success或error

详细的题目设计说明:
判断输入文本长度是否为14
将输入文本拆分为3份(5字节、4字节、5字节)
将2个5字节转为int,作为随机数种子调用srand
调用rand生成20个int数据
rand生成的数据和全局数组相等且4字节文本为KCTF则成功

破解思路:
爆破2个5位数随机数种子(0-99999)
种子1+KCTF+种子2即为正确FALG

 
 
 
#include <stdio.h>
#include <stdlib.h>
 
unsigned int arrSeed_14725[] = {
    15356,
    8563 ,
    9659 ,
    14347,
    11283,
    30142,
    29542,
    18083,
    5057 ,
    5531 ,
    23391,
    21327,
    20023,
    14852,
    4865 ,
    23820,
    16725,
    18665,
    25042,
    24920 };
 
unsigned int arrSeed_83690[] = {
    11190,
    27482,
    980     ,
    5419 ,
    28164,
    9548 ,
    16558,
    22218,
    6113 ,
    21959,
    13889,
    11580,
    2625 ,
    19397,
    25139,
    8167 ,
    28165,
    3950 ,
    25496,
    27351 };
 
int my_strlen(const char* StrDest)
{
    return ('\0' != *StrDest) ? (1 + my_strlen(StrDest + 1)) : 0;
}
 
#if 0
//爆破代码
int main()
{
    int i, j;
    int isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_14725[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子1:[%d]\n", i);
            //break;
        }
    }
    isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_83690[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子2:[%d]\n", i);
            //break;
        }
    }
    system("pause");
    return 0;
}
 
#else
 
//题目程序
int main()
{
    int i = 0;
    char szBuffer[128] = { 0 };
    char szSeed1[6];
    unsigned int dwSeed1;
    char szKCTF[5];
    char szSeed2[6];
    unsigned int dwSeed2;
    int isSuccess1;
    int isSuccess2;
    int isSuccess3;
 
    //0-99999
    //14725KCTF83690
    printf("please input :\n");
    scanf_s("%s", szBuffer, sizeof(szBuffer) - 1);
    if (my_strlen(szBuffer) != 14)
    {
        printf("error\n");
        system("pause");
        return 0;
    }
 
    szSeed1[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed1[i] = szBuffer[i + 0];
    }
    dwSeed1 = atoi(szSeed1);
 
    szKCTF[4] = '\0';
    for (i = 0; i < 4; i++)
    {
        szKCTF[i] = szBuffer[i + 5];
    }
 
    szSeed2[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed2[i] = szBuffer[i + 5 + 4];
    }
    dwSeed2 = atoi(szSeed2);
    //printf("%d\n", dwSeed1);    //14725
    //printf("%s\n", szKCTF);    //KCTF
    //printf("%d\n", dwSeed2);    //83690
 
    isSuccess1 = 1;
    isSuccess2 = 1;
    isSuccess3 = 0;
    srand(dwSeed1);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_14725[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    srand(dwSeed2);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_83690[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    if (szKCTF[0] == 'K' &&
        szKCTF[1] == 'C' &&
        szKCTF[2] == 'T' &&
        szKCTF[3] == 'F')
    {
        isSuccess3 = 1;
    }
 
    if (isSuccess1 != 0 && isSuccess2 != 0 && isSuccess3 != 0)
    {
        printf("success : %s\n", szBuffer);
        system("pause");
        return 0;
    }
    printf("error\n");
    system("pause");
    return 0;
}
 
#endif
#include <stdio.h>
#include <stdlib.h>
 
unsigned int arrSeed_14725[] = {
    15356,
    8563 ,
    9659 ,
    14347,
    11283,
    30142,
    29542,
    18083,
    5057 ,
    5531 ,
    23391,
    21327,
    20023,
    14852,
    4865 ,
    23820,
    16725,
    18665,
    25042,
    24920 };
 
unsigned int arrSeed_83690[] = {
    11190,
    27482,
    980     ,
    5419 ,
    28164,
    9548 ,
    16558,
    22218,
    6113 ,
    21959,
    13889,
    11580,
    2625 ,
    19397,
    25139,
    8167 ,
    28165,
    3950 ,
    25496,
    27351 };
 
int my_strlen(const char* StrDest)
{
    return ('\0' != *StrDest) ? (1 + my_strlen(StrDest + 1)) : 0;
}
 
#if 0
//爆破代码
int main()
{
    int i, j;
    int isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_14725[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子1:[%d]\n", i);
            //break;
        }
    }
    isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_83690[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

最后于 2022-11-29 13:26 被kanxue编辑 ,原因:
上传的附件:
收藏
免费 2
支持
分享
最新回复 (1)
游客
登录 | 注册 方可回帖
返回
//