-
-
[原创]KCTF 2025 第七题 危局初现wp
-
发表于: 2025-8-27 16:20
-
体感上是比较简单的一道题,出题人用了极为少见的系统环境,出了一道很linux的爆破题
输入字符并按照16进制方式转化为数字
混淆用的字符到数字函数
将数字按照一定转化方法填入v40和v41两个不同size的二维表
进行两种不同的校验以确定flag范围
最后四个字符需要为asas
结合转化表,可以得出v40中每个字符对应的input字符
然后就只是列式寻找可行项目
ai帮忙分析了校验2部分,源码中呈现为
最终使用的就是找出来的第一个解
实际上下面这些应该都行?没测试
84bfd4ffa6asas
84bfe5fe96asas
84bff6fd86asas
85bfd5efa6asas
85bfe6ee96asas
85bff7ed86asas
85ced4ff96asas
85cee5fe86asas
85cef6fd76asas
86bfd6dfa6asas
86bfe7de96asas
86bff8dd86asas
86ced5ef96asas
86cee6ee86asas
86cef7ed76asas
86ddd4ff86asas
v24 = v41[0] + v41[3] * v41[2] * v41[1] * v41[4] + (v39 & 0x80); v25 = string_to_code("reset") + 1; if ( is != v24 + v25 * ~string_to_code("reset") - 9 ) is_true = 0;v24 = v41[0] + v41[3] * v41[2] * v41[1] * v41[4] + (v39 & 0x80); v25 = string_to_code("reset") + 1; if ( is != v24 + v25 * ~string_to_code("reset") - 9 ) is_true = 0;def solve_optimized(): solutions = [] cases = [(8, 6), (9, 14)] # 第二种check得出 for x0, x9 in cases: for x1 in range(16): for x2 in range(16): for x3 in range(16): # Group 0: x0 + x2 + x3 == 34 if x0 + x2 + x3 != 34: continue for x4 in range(16): for x5 in range(16): for x6 in range(16): # Group 1: x1 + x3 + x6 == 34 if x1 + x3 + x6 != 34: continue for x7 in range(16): # Group 4: x5 + x6 + x7 == 34 if x5 + x6 + x7 != 34: continue for x8 in range(16): # Group 2: x2 + x4 + x8 == 34 if x2 + x4 + x8 != 34: continue # Group 3: x4 + x7 + x9 == 34 if x4 + x7 + x9 != 34: continue # 所有条件满足 solutions.append([x0, x1, x2, x3, x4, x5, x6, x7, x8, x9]) for in1 in solutions: for i in in1: print(hex(i)[2:], end="") print("asas") return solutionssolutions = solve_optimized()print(f"共找到 {len(solutions)} 个解")def solve_optimized(): solutions = [] cases = [(8, 6), (9, 14)] # 第二种check得出 for x0, x9 in cases: for x1 in range(16): for x2 in range(16): for x3 in range(16):[培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
|
|
|---|---|
