[原创]KCTF2022秋季赛题目提交-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]KCTF2022秋季赛题目提交

2022-10-17 15:57 2486

[原创]KCTF2022秋季赛题目提交

wx_孤城

2022-10-17 15:57

2486

战队名称：中午吃什么
参赛题目：CrackMe(Windows)
题目答案：14725KCTF83690

使用方案一（老规则）
需要穷举爆破随机数种子（0-99999，穷举时间一分钟以内）

运行流程：
输入序列号
输出success或error

详细的题目设计说明：
判断输入文本长度是否为14
将输入文本拆分为3份(5字节、4字节、5字节)
将2个5字节转为int，作为随机数种子调用srand
调用rand生成20个int数据
rand生成的数据和全局数组相等且4字节文本为KCTF则成功

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

#include <stdio.h>
#include <stdlib.h>
 
unsigned int arrSeed_14725[] = {
    15356,
    8563 ,
    9659 ,
    14347,
    11283,
    30142,
    29542,
    18083,
    5057 ,
    5531 ,
    23391,
    21327,
    20023,
    14852,
    4865 ,
    23820,
    16725,
    18665,
    25042,
    24920 };
 
unsigned int arrSeed_83690[] = {
    11190,
    27482,
    980     ,
    5419 ,
    28164,
    9548 ,
    16558,
    22218,
    6113 ,
    21959,
    13889,
    11580,
    2625 ,
    19397,
    25139,
    8167 ,
    28165,
    3950 ,
    25496,
    27351 };
 
int my_strlen(const char* StrDest)
{
    return ('\0' != *StrDest) ? (1 + my_strlen(StrDest + 1)) : 0;
}
 
#if 0
//爆破代码
int main()
{
    int i, j;
    int isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_14725[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子1:[%d]\n", i);
            //break;
        }
    }
    isSuccess = 0;
    for (i = 0; i < 99999; i++)
    {
        isSuccess = 1;
        //printf("0x%08x\n", i);
        srand(i);
        for (j = 0; j < 20; j++)
        {
            if (rand() != arrSeed_83690[j])
            {
                isSuccess = 0;
                break;
            }
        }
        if (isSuccess != 0)
        {
            printf("种子2:[%d]\n", i);
            //break;
        }
    }
    system("pause");
    return 0;
}
 
#else
 
//题目程序
int main()
{
    int i = 0;
    char szBuffer[128] = { 0 };
    char szSeed1[6];
    unsigned int dwSeed1;
    char szKCTF[5];
    char szSeed2[6];
    unsigned int dwSeed2;
    int isSuccess1;
    int isSuccess2;
    int isSuccess3;
 
    //0-99999
    //14725KCTF83690
    printf("please input :\n");
    scanf_s("%s", szBuffer, sizeof(szBuffer) - 1);
    if (my_strlen(szBuffer) != 14)
    {
        printf("error\n");
        system("pause");
        return 0;
    }
 
    szSeed1[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed1[i] = szBuffer[i + 0];
    }
    dwSeed1 = atoi(szSeed1);
 
    szKCTF[4] = '\0';
    for (i = 0; i < 4; i++)
    {
        szKCTF[i] = szBuffer[i + 5];
    }
 
    szSeed2[5] = '\0';
    for (i = 0; i < 5; i++)
    {
        szSeed2[i] = szBuffer[i + 5 + 4];
    }
    dwSeed2 = atoi(szSeed2);
    //printf("%d\n", dwSeed1);    //14725
    //printf("%s\n", szKCTF);    //KCTF
    //printf("%d\n", dwSeed2);    //83690
 
    isSuccess1 = 1;
    isSuccess2 = 1;
    isSuccess3 = 0;
    srand(dwSeed1);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_14725[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    srand(dwSeed2);
    for (i = 0; i < 20; i++)
    {
        if (rand() != arrSeed_83690[i])
        {
            isSuccess1 = 0;
            break;
        }
    }
    if (szKCTF[0] == 'K' &&
        szKCTF[1] == 'C' &&
        szKCTF[2] == 'T' &&
        szKCTF[3] == 'F')
    {
        isSuccess3 = 1;
    }
 
    if (isSuccess1 != 0 && isSuccess2 != 0 && isSuccess3 != 0)
    {
        printf("success : %s\n", szBuffer);
        system("pause");
        return 0;
    }
    printf("error\n");
    system("pause");
    return 0;
}
 
#endif