题目

certs

image-20210409201344604

下载CybearsTest.crt,双击打开证书。在详细信息的颁发者中的CN属性,用base64解密后得到flag

image-20210409201546364

flag

cybears{c3rt_f13ld_0f_dr34mz!}

deebee

image-20210409201740155

nc连接后,实际是一个sqlite的console

这题主要考验sqlite语法,通过sqlite语句求A、B、C三个问题的答案

A:

select year_introduced,count(*) from toys group by year_introduced order by count(*) desc limit 0,1;

B:

select sum(like),name from likes join toys on toys.id =likes.toyid group by toyid order by sum(like) desc limit 0,1;

C:

select name,max(number) from toys order by max(number) desc limit 0,1;

flag

A:1990,B:Direct-Hit,C:Optimus Prime

全部转小写,并去符号空格,最终flag为cybears{1990directhitoptimusprime}

Password Safe

image-20210409220434222

题目说密钥少了两个字节,需要找到密钥对密文解密后得到flag

直接穷举法

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

from Crypto.Cipher import AES

if __name__ == '__main__':
    c = "3f24b052ee4ce98a849e954d5b0c9859344d870af49b233a78cd83860e339ee4228b1d76b054e9239bf3b3c29d0cef91"
    key = "1af7ecfac3596c6425ce4f403c44"
    for i in range(0x100):
        for j in range(0x100):
            b = bytes([i,j])
            k=bytes.fromhex(key)+b
            aes = AES.new(k, AES.MODE_ECB)  # 初始化加密器
            try:
                decrypted_text = aes.decrypt(bytes.fromhex(c))  # 解密
                print(decrypted_text.decode("utf8"))
                print(k)
            finally:
                continue
flag

cybears{y0u_sh0uld_r34lly_u53_4_l0ng_p455phr453}