文章目錄
MISC
簽到
賽博德國人
MISC520
Baby_Forenisc
Crypto
Bigrsa
Ring Ring Ring
MISC
簽到
題目描述:猜數字01-30,數字序列以Sanfor{md5(**-**-**-**)}形式提交
附件為一張gif

猛猜
圖1 28準則
圖2 8卦陣
圖3 30而立之年
圖4 北斗7星
圖5 4大才子
圖6 殲-20
圖7 2只黃鸝鳴翠柳
圖8 17來看流星雨
圖9 23號喬丹
圖10 1馬當先
圖11 12黃道
圖12 新聞聯播每晚19點首播
得到序列
md5(28-08-30-07-04-20-02-17-23-01-12-19)
#SangFor{d93b7da38d89c19f481e710ef1b3558b}
賽博德國人
winrar打開題目附件,驚喜發現hint

解壓之后為一個CyberGerman.pcapng流量包,打開之后發現里面有兩檔案

分別追蹤TCP資料流匯出

拿到一個codebook.pdf以及encrypyed.txt
嘗試打開codebook.pdf,居然還是加密的

回去找密文,在流量包里發現疑似密文的資料

codebook.pdf輸入密碼后果然對了,打開發現像是一個密碼表,
查看encrypyed.txt
0911 = 1tle = 1tl = 350(長度) = RZS NAJ(PKS) =
nkfgp roqad boprv yrdhy zwamf qsrhb owqvt jzotr ffcjq snpqh kpwzm fprru gufez xsuws aohyw xbreu pifbz kagxj blbha jzixj zrasn zxkay lpaza ejwou itcip dfdgp rbjnv xuqzq qhtya xwwik wyybx kdgrc slrkj pgjay aidwa jeszp pbqat njojg jrplb kkhot joqpg vwecj soabm aupsr fenug ybxmr jloch kmjgc tznxl tnrqx pbeph fwymn gpoor pjkkb plkwb kxzeq quorp ipuvs utyae qyzgp mqnai iysse gzsht tsrmv crrkr opuxj tqshv ypdrw rvnzt cstlj
又是一堆看不懂的東西,這時候就要上百度谷歌了,查閱資料
二戰德軍 Enigma 密碼機原理演示與破解
Military Use of the Enigma
?????Virtual 3 wheel Army/Air Force Enigma by Tony Sale
[ENiGMA] - a pictured step-by-step-howto about encryption
得知加密為恩尼格瑪密碼機,
在密碼學史中,恩尼格瑪密碼機(德語:Enigma,又譯啞枚訓,或“謎”式密碼機)是一種用于加密與解密檔案的密碼機,確切地說,恩尼格瑪是對二戰時期納粹德國使用的一系列相似的轉子機械加解密機器的統稱,它包括了許多不同的型號,為密碼學對稱加密演算法的流加密,
開始破譯
#encrypted.txt
0911 = 1tle = 1tl = 350 = RZS NAJ=
nkfgp roqad boprv yrdhy zwamf qsrhb owqvt jzotr ffcjq snpqh kpwzm fprru gufez xsuws aohyw xbreu pifbz kagxj blbha jzixj zrasn zxkay lpaza ejwou itcip dfdgp rbjnv xuqzq qhtya xwwik wyybx kdgrc slrkj pgjay aidwa jeszp pbqat njojg jrplb kkhot joqpg vwecj soabm aupsr fenug ybxmr jloch kmjgc tznxl tnrqx pbeph fwymn gpoor pjkkb plkwb kxzeq quorp ipuvs utyae qyzgp mqnai iysse gzsht tsrmv crrkr opuxj tqshv ypdrw rvnzt cstlj
對于encrypted.txt結構分析
0911 猜測為接受到資訊的日期
1tle 為發送方姓名
1tl 為接收方姓名
350 為密文長度為350位
RZS NAJ 為加密轉子起始位置解密信號
首先確認資訊發送的日期
密碼段的前五位為標志位,通常為設定的三個字母加上任意的兩個字母組成
前五個資料為nkfgp,去codebook.pdf中尋找
|Tag | Walzenlage |Ringstellung| Steckerverbindungen | Kenngruppen |
| 10 | II III I | 05 21 25 | AT BV CF EN GY HO IW LU MZ QX | SUW FGP OGA CRB |
確認到10號的Kenngruppen一欄中含有FGP,鎖定資訊發送的日期,開始破譯,
祭出模擬軟體,
繼續破譯
|Tag | Walzenlage |Ringstellung| Steckerverbindungen | Kenngruppen |
| 10 | II III I | 05 21 25 | AT BV CF EN GY HO IW LU MZ QX | SUW FGP OGA CRB |
調整密碼機模式Kriegsmarine M3 - UKW = C(我也不知道為什么,亂試出來的)
選取轉子序號II III I
將三個轉子分別調整到05 21 25對應'E' 'U' 'Y'
隨后按照Steckerverbindungen對字母進行連線
按照Steckerverbindungen對字母進行連線
根據encrypted.txt的第一行資訊 = RZS NAJ =確認破譯轉子起始位置,確認方法:配置好設備后將表面三個轉盤調整至RZS,隨后往密碼機中鍵入NAJ(直接點模擬機中的鍵盤也可),密碼機輸出PKS,其中PKS代表譯文轉子起始位置,

隨后將表面三個轉盤調整至PKS就可以開始快樂列印了,記得把前五個標志位nkfgp去除
#列印得到資訊
VIERSIEBENFUENFSIEBENVIERACHTFUENFVIERSIEBENBERTADREISECHSSECHSZWEIDREINEUNDREISECHSDREISIEBENDREIZWEIDREINULLDREIFUENFSECHSSECHSSECHSFUENFDREISIEBENDREIFUENFDREISIEBENDREINEUNDREIFUENFSECHSSECHSDREIEINSDREINULLDREIVIERDREIACHTDREIFUENFDREISIEBENDREIEINSSECHSDREISECHSSECHSDREIVIERSECHSDREISECHSSECHSSECHSZWEIDREISIEBENDREINULLDREIDREISIEBENDORA
猜測為德語,直接百度德語數字

使用Notepad++文本替換
475748547BERTA36623936373230356665373537393566313034383537316366346366623730337DORA
其中BERTA為b,DORA為d,顯而易見16進制轉文本

MISC520
題目描述:有一天,zip愛上了pcap,zip為了能與pcap創造更多機會,不斷地將自己的能力表現出來,可是,LSBSteg卻突然殺了出來,將pcap吞并于png中,不放出來
,zip看到了png,多喝熱水少做夢,zip例外的憤怒,不斷地用自己的能力去報復png,不讓png逃走,至今,zip仍未釋懷,
好家伙,一看就是套娃題,什么zip、pcap、lsb、png...一個個來
首先給了一個壓縮包520.zip,解壓后得到519.zip和story,story打開和題目描述一樣,519.zip解壓后是518.zip和一樣的story(套娃),

寫腳本解壓
import zipfile
# 解壓檔案夾
file_input = 'D:/2021.9羊城杯/misc520-2fee7e6e-92ea-46f9-b382-e8ca5e7534ba/1/'
# 解壓目標檔案夾
file_output = 'D:/2021.9羊城杯/misc520-2fee7e6e-92ea-46f9-b382-e8ca5e7534ba/1/'
def zip_file(zip_name):
# print(zip_name)
r = zipfile.is_zipfile(zip_name)
if r:
fz = zipfile.ZipFile(zip_name, 'r')
for file in fz.namelist():
fz.extract(file, file_output)
for i in range(519, 0, -1):
zip_file(file_input + "{}.zip".format(i))
story = open(file_input + "story", 'r', encoding='UTF-8').read()
if 'png' in story:
pass
else:
print(story)
#print
"""
這都被你發現了?
我這故事不錯吧,嘻嘻嘻
那就把flag給你吧
oh,不,還有一半藏在了pcap的心里,快去找找吧
左心房右心房,撲通撲通的心,咿呀咿呀的?
72, 89, 75, 88, 128, 93, 58, 116, 76, 121, 120, 63, 108,
"""
拿到一串數字,提示去找另一串,解壓完所有檔案后拿到張圖flag.png,打開Stegsolve
0通道有東西

Data Extract嘗試后找到PK頭

匯出壓縮包資料,發現是個加密的壓縮包,里面有flag.pcap,沒找到密碼嘗試弱密碼爆破,

打開flag.pcap,認定為USB流量隱寫,Leftover Capture Data為4位元組,鎖定滑鼠流量,
使用tshark命令把該流量分析包輸出為一個名為usbdata的文本
tshark -r flag.pcap -T fields -e usb.capdata > usbdata.txt
祭腳本
#將資料0005fa00轉化為00:05:fa:00四位元組格式
#第一位元組為00代表滑鼠按鍵未按下,01代表滑鼠左鍵按下,02代表滑鼠右鍵按下
#第二位元組為滑鼠水平移動距離
#第三位元組為滑鼠垂直移動距離
while 1:
a=f.readline().strip()
if 1:
if len(a)==8: # 滑鼠流量的話len改為8
out=''
for i in range(0,len(a),2):
if i+2 != len(a):
out+=a[i]+a[i+1]+":"
else:
out+=a[i]+a[i+1]
fi.write(out)
fi.write('\n')
else:
break
fi.close()
將16進制的usbdata.txt轉為坐標
nums = []
keys = open('usbdata.txt','r')
f = open('xy.txt','w')
posx = 0
posy = 0
for line in keys:
if len(line) != 12 :
continue
x = int(line[3:5],16)
y = int(line[6:8],16)
if x > 127 :
x -= 256
if y > 127 :
y -= 256
posx += x
posy += y
btn_flag = int(line[0:2],16) # 1 for left , 2 for right , 0 for nothing
if btn_flag != 0 : # 輸出滑鼠有按鍵按下后的坐標
f.write(str(posx))
f.write(' ')
f.write(str(posy))
f.write('\n')
f.close()
上gnuplot,把xy.txt文本里的坐標轉化為圖片
gnuplot.exe plot "xy.txt"

最后拿到數字串
72, 89, 75, 88, 128, 93, 58, 116, 76, 121, 120, 63, 108, 130, 63, 111, 94, 51, 134, 119, 146
好了,開始和出題人對腦電波,題目flag格式GWHT{},對比猜測為ASCII碼加密,每位減去相應位數,如72為第一位chr(72-1)='G',89為第二位chr(89-2)='W'等等,
a = [72, 89, 75, 88, 128, 93, 58, 116, 76, 121, 120, 63, 108, 130, 63, 111, 94, 51, 134, 119, 146]
flag = ''
for i in range(len(a)):
flag = flag + chr(a[i] - i - 1)
print(flag)
#GWHT{W3lCom3_t0_M!sc}
Baby_Forenisc
記憶體取證題目,題目給了一個raw檔案,上kali打開volatility常規檢測,
python vol.py -f 1.raw --profile=WinXPSP2x86 cmdscan
Volatility Foundation Volatility Framework 2.6.1
CommandProcess: csrss.exe Pid: 580
CommandHistory: 0x566bb8 Application: cmd.exe Flags: Allocated, Reset
CommandCount: 5 LastAdded: 4 LastDisplayed: 4
FirstCommand: 0 CommandCountMax: 50
ProcessHandle: 0x4cc
Cmd #0 @ 0x3689ed8: git push -u origin master
Cmd #1 @ 0x566148: ok....
Cmd #2 @ 0x56aa08: then delete .git and flagfile
Cmd #3 @ 0x368a798: You can never find my account
Cmd #4 @ 0x56a580: hahaha!
提示東西在git上,找找能不能找到涉及到git具體倉庫的資訊,
python vol.py -f 1.raw --profile=WinXPSP2x86 filescan|grep "txt"
Volatility Foundation Volatility Framework 2.6.1
0x00000000020bf6a0 1 0 RW-r-- \Device\HarddiskVolume1\Documents and Settings\Owner\桌面\ssh.txt
0x00000000021c01b0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\ssh.txt
0x000000000231d6b0 4 2 -W-rw- \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\VMware\VMware VGAuth\logfile.txt.0
找ssh.txt檔案,dump出來改檔案后綴為txt,
python vol.py -f 1.raw --profile=WinXPSP2x86 dumpfiles -Q 0x00000000020bf6a0 -D ./
#ssh.txt
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAmw8eqi/h23ABuRhhmx83LuRhw6m8C8k76Me0s7MNdvDP2ZB5hJUU
fZ4HxR5sEoQf6NyIcCDeznb8FAYAktm3cBlgof847aL661F0R5FtIfOJC/MwklRmXjYr46
6HNjQ0Ouu12znqBPJAaMkAaZXknqlEAxCRvyOQhg0bPSR3xxCM39TxpXRKd3tzhlBUQHZi
upgt6CF3TkBuIcKUPgZ7OgJ/7ES3FaiUOlpZdUYf/H3VwwQumuXPPwvT5QdRA9Myv/zbee
R9ddLJL84raHK6unuHjngGvWjhXUUQulta49HH55pyrFUViIvH1tfns/6BglTrYWRlFX3A
TNOVy2igHkhZI8M9GK5VUBwEo3kXcWRiK85vAWwmddBd9+c0NERahRg+SNbodsd1JFu0C9
kqJ8/HlOnDfPBsUpD0EY/EbzW5PKbkksp2Vp3z+S0y1aVpX2EJRhq2S5kEEU+V4LLN6uqu
CJzVLeG5Lpnn4V/Ekf/ZpJmmk1Pp9KGFw3tlOqTLAAAFkNMuPgLTLj4CAAAAB3NzaC1yc2
EAAAGBAJsPHqov4dtwAbkYYZsfNy7kYcOpvAvJO+jHtLOzDXbwz9mQeYSVFH2eB8UebBKE
H+jciHAg3s52/BQGAJLZt3AZYKH/OO2i+utRdEeRbSHziQvzMJJUZl42K+OuhzY0NDrrtd
s56gTyQGjJAGmV5J6pRAMQkb8jkIYNGz0kd8cQjN/U8aV0Snd7c4ZQVEB2YrqYLeghd05A
biHClD4GezoCf+xEtxWolDpaWXVGH/x91cMELprlzz8L0+UHUQPTMr/823nkfXXSyS/OK2
hyurp7h454Br1o4V1FELpbWuPRx+eacqxVFYiLx9bX57P+gYJU62FkZRV9wEzTlctooB5I
WSPDPRiuVVAcBKN5F3FkYivObwFsJnXQXffnNDREWoUYPkjW6HbHdSRbtAvZKifPx5Tpw3
zwbFKQ9BGPxG81uTym5JLKdlad8/ktMtWlaV9hCUYatkuZBBFPleCyzerqrgic1S3huS6Z
5+FfxJH/2aSZppNT6fShhcN7ZTqkywAAAAMBAAEAAAGAdfojEsorxpKKPRLX8PbnPb52xD
C46x7Jfmu0iaWKcRz4iEjsrHvhg1JiBxEGmW/992cUSHw6Ck1trq6CcTlF4PzuEVPnNKf0
0ma/WlTD/DkX5Qe7xRqCaNw+uJVqO0utEceWLp7595l6eD+3GJ77u9x96vcIba3ZoKUIPJ
UqrUNibEvRMFoy7oX3eBJWiFWK+P4gr6YG6HsNUJKDyE2WJKUSP+pogwoo/d0Qg7I/VBVK
N39PFnwUG5wcNP5EHezqWQVVln/dltDgOc5IldknTRt4Q3NDrSyNsRpv0EYI2gz+yRu/IE
RR9PHYjH5l6uYwowW34iGi/xloSxG5bDEWOe0eEANCjowiYYrmTLffIQ/AU9w4te/+eWd2
WV56LUuC6k4mEdNhtljMZR/0A+C5EkPzgsTEJEmYLYvqrNejM7Y1UKz3+YZ8m8rT4XcNmf
j5wfJd1TbCu0hB5kZC1DkybYQaMRNnZ3+PjwU2hZBTuh02F787nG5NFkpI96qkWxTBAAAA
wBdaxLNzl/7Dig/neTUAQLa/C1F2cpQt6RcJbzHodgxm8n75a/wdRI4/oCvGJkRgyAnyCE
tgfMnTQ4opmHf5k0U0R/wmCGivcGhg5KIBSSnp9mWt6qclJ8O6vZ5L3rKIgreWzGUDk8IT
W3Lcl5EO0sskpVvp65xncEdv3CefxXVTlkgp4PXgXcxPao633hWA6TAm2zZx7R6fJt0Ex4
x3lVG68ghRE/ZFbF48s8Gy+zRDyA5JEGPWxWddO623IVgG6AAAAMEAyX4CJKSxE5gvJdrw
lhx8dBbVQxw06fPoVlu/z/JTwkPdliuAdp30SV8WbmXUhLvv457WdqAMCwlGs/7xrCW21U
84+VeD9aGM61nSsT7kUzGjdvbjQiHCmys7dwuy/thCrpWFTxI4fjOEYHc3N8S+hBHQRJKk
mEYyBoI3eJ3NhUsGHr1V4LONBKkoUZyC+LjKev06m9qM6R0/0k4cB09pkDVinuFuGk5iDy
YKyjAGiAxFI9ACiZ5NLKTsdaEqtCPfAAAAwQDFAXbSxwbLYWDacBNUm4E7FZsYKkqoIAWQ
3uEQP5Sp7GrCU5dWraGB2wOkX+irMYGDfTk5qG8NLyYoSKVIZwA6ijDliWekL6XdPGJfKK
7xw64Nx6syc7oD7scSzTGNH0m1z+T2rjP3dMDDVhYMHksYcSxikyHNzLR9Z51hCOHeKb1O
8LNW4IrC6AYeXt8sHizSLIagncOuPtSkKiGdR5fn65fHomMzaVQsSJYvwNeSrKXu36NSJm
27AuL6DDE2vJUAAAAUc29uZzU1MjA4NTEwN0BxcS5jb20BAgMEBQYH
base64解密,看到最后包含一個郵箱song552085107@qq.com,接下來直接上Github,
openssh-key-v1nonenone�ssh-rsa���/��p�a�7.�a�;�?��
v��?y��}��l��?p ��v��?p`��8����QtG�m!��0�Tf^6+?644:��9��@h�i�?D��#��
=$w�����tJw{s�PT@vb��-�!wN@n!>{:�D���:ZYuF�}��.���?��Q�2���y�}u��/�+hr��{��x�h�]E�[Z����r�U���������T�ade}�L?�h�HY#�=�UP�yqdb+�ol&u�]��44DZ�>H��v�u$[��*'�ǔ��|�lR����o5�<���vV���-2?i_a F�K�O�������-�.���_?�?���S�����{e:����.>�.>ssh-rsa���/��p�a�7.�aé��;�?��
v��?y��}��l��?p ��v��?p`��8����QtG�m!��0�Tf^6+?644:��9��@h�i�?D��#��
=$w�����tJw{s�PT@vb��-�!wN@n!>{:�D���:ZYuF�}��.���?��Q�2���y�}u��/�+hr��{��x�h�]E�[Z����r�U���������T�ade}�L?�h�HY#�=�UP�yqdb+�ol&u�]��44DZ�>H��v�u$[��*'�ǔ��|�lR����o5�<���vV���-2?i_a F�K�O�������-�.���_?�?���S�����{e:���u�#�+?�=����=�v�0���~k����q��H�{�Rb�o��gH|:
Mm���q9E���S�4���f�ZT��9����h�>��j;K�ǖ.����zx?�����}��m�?�<�*�CblK�0Z2��xV�U��� ���{
P���M�$�?�h�
(����?TJ7O|�4�D��YU�?��9�H��'MxCsC�,��o�F���� DQ��?~e��0���!��hK�l19�B��"a��L��!�S�8���ygvY^z-K��N&�a�X�e��C���$I�-��?3�5P����|����w
�����]�6?HA�FB�92m�1gg��6��S�6�;�nMJH���[��Z?s��ê�y5@��Qvr�-� o1�vf�~�k�D�?�+�&D`� �K`|��C�)�w��E4G�&h�ph`�I)��e��%'ú��K?�����e��[r?���$�[��gpGo�'��uS�H)���]�Oj�����0&�6q��&�?w�Q��Q�El^<����4C�Ic��g];��!X���~$���/%��|t�C4���V[���S�C?+�v��I_ne?����v� F���%��O8�W�����Y?>�S1�v��B!+;w���B���O8~3�`w77?��D���F2�7x�?K�U?�(Q�����z�:�?�?�NOi�5b��nNb&
�0�E#���M,��u�*�#���v���a`�pT��;�*J� ���?���j�S�V�����_�1��}99�o
/&(H�Hg:�0�g�/��<b_(��?
?2s����1�I�����3�t��VKq,b�!�?}g�a��)�N�V����^�,,�,���?>?*!�G���?c3iT,H�/�?���?R&m���16��song552085107@qq.com


Notepad++打開_APP_,開始翻檔案找找找,找到熟悉的,

繼續Base64解密
U2FuZ0ZvcntTMF8zYXp5XzJfY3JhY2tfbm9vYl9wbGF5ZXJ9
#base64:SangFor{S0_3azy_2_crack_noob_player}
Crypto
Bigrsa
題目:
from Crypto.Util.number import *
from flag import *
n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
e = 65537
m = bytes_to_long(flag)
c = pow(m, e, n1)
c = pow(c, e, n2)
print("c = %d" % c)
# output
# c = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
嘗試發現n1與n2存在公因數,分別計算分解出各自pq,常規RSA解密,
import binascii
import gmpy2
n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
e = 65537
c = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
p = gmpy2.gcd(n1, n2)
q1 = n1 // p
q2 = n2 // p
phi1 = (p - 1) * (q1 - 1)
phi2 = (p - 1) * (q2 - 1)
d1 = gmpy2.invert(e, phi1)
d2 = gmpy2.invert(e, phi2)
m = pow(pow(c, d2, n2), d1, n1)
print(binascii.unhexlify(hex(m)[2:].strip("L")))
#SangFor{qSccmm1WrgvIg2Uq_cZhmqNfEGTz2GV8}
Ring Ring Ring
VPN連接服務器(這vpn卡了半天進進不去),后過hash認證,要求輸入100組abcde滿足
乍一看,abcde沒限制條件,妙哇,直接爆破,令a=b=c=d,則
上exp
from pwn import *
import string
from hashlib import *
context.log_level='debug'
io=remote('ip',port)
str1=string.digits+string.ascii_letters
io.recvuntil('Please find a string that md5(str + ')
end=io.recvuntil(')')[:-1].decode()
io.recvuntil(' == ')
sha=io.recv(5).decode()
print(end,sha)
def pow(end,sha):
for i in str1:
for j in str1:
for k in str1:
for l in str1:
str2=(i+j+k+l+end).encode()
if md5(str2).hexdigest()[:5]==sha:
return i+j+k+l
v=pow(end,sha)
io.recvuntil('[>] Give me xxxxx:')
io.sendline(v)
for i in range(1,101):
io.recvuntil('[>] a:')
io.sendline(str(i))
io.recvuntil('[>] b:')
io.sendline(str(i))
io.recvuntil('[>] c:')
io.sendline(str(i))
io.recvuntil('[>] d:')
io.sendline(str(i))
io.recvuntil('[>] e:')
io.sendline(str(2*i*i))
io.recvall()
flag:GWHT{a_funny_equation}
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/299927.html
標籤:其他
下一篇:單例模式的七種寫法,你都知道嗎?
