[数字中国决赛2025]数据删除与恢复

[数字中国决赛 2025]数据删除与恢复

  • @ 坐牢坐牢,yepyep

Part1

  • ? 题目要求:找出给定账号密码中判断哪些用户在被删除后仍可以利用JWT进行登录,将找到的账号依次排序,用_连接并提交md5加密后的字符串作为答案(其中有一个管理员账号)
账号密码
weibeizhenv*3!weibeizhen
lianliangshanlianliangshan-
changlinqichanglinqir*8
bilebilevkrxvvr!
yinshanyinshanv.8KB
piyuanrongJpiyuanrong4j=
xuqunw=oxuqun
biqingKbiqingiw017.
baolang!baolang
wangguizhicimer15&wangguizhi
fanjianUu21%fanjian
xianglijuanVv22xianglijuan^
wanghongWw23wanghong&
baiguizhuangbaiguizhuang!
caozhengxiang@caozhengxiang
yunfuchaoyunfuchaoZ=
wangyanIi9wangyan!
ningxiurongMmningxiurong13%
zhanglihuaNn14zhanglihua^
feiliangfeiliangx@Cpi
miaojinjuanEmiaojinjuan-.
heshuwan!=heshuwanL
lulongmu@lulongmu
anfuhuiyanfuhui-tz.
suyufeim9@suyufeih
xibeilei*xibeilei
qiyingdi!qiyingdi
weiyingwany*weiyingwant
zhangxiuyunGg7&zhangxiuyun
shiqianmingF*shiqianming
wuchun@M!wuchun
pingyimeipingyimei!
luwuhaoluwuhao*
fengjun!=yxjsfengjun
zhuningmao!zhuningmao
huangzhiqiangEe5%huangzhiqiang
zhangzehuazhangzehua@cimer..
luhuiyiC@gqPluhuiyiW
qipingxianqipingxian7=!
wujiaqingwujiaqing@
lepengfuvo@vlepengfu
miaogui-mmiaogui
wanghuanwanghuao-!
sushenghua-7Jsushenghua
panfeigu!hpanfeiguk78
yuanzhencheng@yuanzhencheng
hanlingNhanlingJ1*W6
wanghuawanghuaCc3cimer#
jinguizhijinguizhiJj10@
douquanguangdouquanguang-!
helinguiEwY!helingui
panmeimeipanmeimei*o8
muhuileZe1@6Lmuhuile
caoxingshucaoxingshu-
wuzhenghuinwuzhenghuiL=
feiqifP8.zqfeiqi
douguangdouguang9!LR
anlilin3anlilin!
yumingyumingksyx6y@M
tangxiahui.tangxiahuiT
weifeng-LpRut*weifeng
xiaoguoyid@xiaoguoyikO
mengpengLlmengpeng12$cimer
guoxiaohongguoxiaohongDd4$
sunjinhui!sunjinhuicc
langzhilang!@langzhilangd
muwanluO=FCKzmuwanlu
huashanhui.yhuashanhuiQO
hebin@AhebinopGkBYS
douwuda!douwuda
zhourong.zhourong
cenboqiucenboqiu!z7
qidaiPQ@qidaikxBsL
jianghuanyou@-jianghuanyou
zhangquanfanP=zhangquanfan
zhoulihai-zhoulihai
shifeiSStshifeiAX.
wangmingHhwangming8*
renyizhirenyizhi!
mafengya-=Cmafengya
huangheli*PDhuangheliq.
haoyinghehaoyinghe!
yuyuanxueyuyuanxueQ37g!
anpingluJanpingluZW*
yangemeiyangemei1Pm*o2
biannanhongm.biannanhongh
anxiananxianUiJj!*
langhaohong@langhaohong!!
shuiluxiu@sshuiluxiuxsF
weifutianweifutian=m
chenxinchenxinAa1!cimer
wuwencimer2@wuwen
guxinguxin-tI-
lixiangliXlixiangli.
zhaomeisiAK@zhaomeisigq
gantingtingKk11gantingting#
shishashun9v.shishashun
yinzhenguoyinzhenguo2R*

狠狠手搓o( ̄ヘ ̄o#)

  • !! 解答:打开用户表.xlsx发现100条账号密码

我们把每一条账号密码都登录进去发现(账号:zhangzehua密码:zhangzehua@cimer..)是管理员(admin)的登录密码

还发现5个用户不存在(0del)的提示,9个可以登录进去的用户(user)

比如下面这样表示可登录进去(其实这个没用)

用户不存在就是下面我标上的0del,页面会提示该用户不存在(没截图)

管理员用户会在上图的基础上加一个后台管理按钮

其余用户登录不会有任何返回页面或提示

账号密码状态
weibeizhenv*3!weibeizhen
lianliangshanlianliangshan-
changlinqichanglinqir*8
bilebilevkrxvvr!
yinshanyinshanv.8KB
piyuanrongJpiyuanrong4j=
xuqunw=oxuqun
biqingKbiqingiw017.
baolang!baolang
wangguizhicimer15&wangguizhi0del
fanjianUu21%fanjian
xianglijuanVv22xianglijuan^
wanghongWw23wanghong&
baiguizhuangbaiguizhuang!
caozhengxiang@caozhengxiang
yunfuchaoyunfuchaoZ=
wangyanIi9wangyan!user
ningxiurongMmningxiurong13%0del
zhanglihuaNn14zhanglihua^0del
feiliangfeiliangx@Cpi
miaojinjuanEmiaojinjuan-.
heshuwan!=heshuwanL
lulongmu@lulongmu
anfuhuiyanfuhui-tz.
suyufeim9@suyufeih
xibeilei*xibeilei
qiyingdi!qiyingdi
weiyingwany*weiyingwant
zhangxiuyunGg7&zhangxiuyunuser
shiqianmingF*shiqianming
wuchun@M!wuchun
pingyimeipingyimei!
luwuhaoluwuhao*
fengjun!=yxjsfengjun
zhuningmao!zhuningmao
huangzhiqiangEe5%huangzhiqianguser
zhangzehuazhangzehua@cimer..admin
luhuiyiC@gqPluhuiyiW
qipingxianqipingxian7=!
wujiaqingwujiaqing@
lepengfuvo@vlepengfu
miaogui-mmiaogui
wanghuanwanghuao-!
sushenghua-7Jsushenghua
panfeigu!hpanfeiguk78
yuanzhencheng@yuanzhencheng
hanlingNhanlingJ1*W6
wanghuawanghuaCc3cimer#user
jinguizhijinguizhiJj10@user
douquanguangdouquanguang-!
helinguiEwY!helingui
panmeimeipanmeimei*o8
muhuileZe1@6Lmuhuile
caoxingshucaoxingshu-
wuzhenghuinwuzhenghuiL=
feiqifP8.zqfeiqi
douguangdouguang9!LR
anlilin3anlilin!
yumingyumingksyx6y@M
tangxiahui.tangxiahuiT
weifeng-LpRut*weifeng
xiaoguoyid@xiaoguoyikO
mengpengLlmengpeng12$cimer0del
guoxiaohongguoxiaohongDd4$user
sunjinhui!sunjinhuicc
langzhilang!@langzhilangd
muwanluO=FCKzmuwanlu
huashanhui.yhuashanhuiQO
hebin@AhebinopGkBYS
douwuda!douwuda
zhourong.zhourong
cenboqiucenboqiu!z7
qidaiPQ@qidaikxBsL
jianghuanyou@-jianghuanyou
zhangquanfanP=zhangquanfan
zhoulihai-zhoulihai
shifeiSStshifeiAX.
wangmingHhwangming8*user
renyizhirenyizhi!
mafengya-=Cmafengya
huangheli*PDhuangheliq.
haoyinghehaoyinghe!
yuyuanxueyuyuanxueQ37g!
anpingluJanpingluZW*
yangemeiyangemei1Pm*o2
biannanhongm.biannanhongh
anxiananxianUiJj!*
langhaohong@langhaohong!!
shuiluxiu@sshuiluxiuxsF
weifutianweifutian=m
chenxinchenxinAa1!cimeruser
wuwencimer2@wuwenuser
guxinguxin-tI-
lixiangliXlixiangli.
zhaomeisiAK@zhaomeisigq
gantingtingKk11gantingting#0del
shishashun9v.shishashun
yinzhenguoyinzhenguo2R*

由此就我们找出了这些被删除了还能存有记录的账号

import hashlib

def md5_encrypt(input_string):
    md5_obj = hashlib.md5()
    md5_obj.update(input_string.encode('utf-8'))
    return md5_obj.hexdigest()

input_str = "wangguizhi_ningxiurong_zhanglihua_mengpeng_gantingting"
md5_result = md5_encrypt(input_str)
print(f"MD5加密结果: {md5_result}")
#8429e825242b4e9063862b78da1e46dd

Part2

  • ? 题目要求:因为管理员把数据库的私钥弄丢了,要求我们尝试用公钥解密order的数据,目标是找到第202502100811号订单的充值前米币数量数据和实付金额数据
  • !! 解答:首先我们根据Part1得到的管理员账号(账号:zhangzehua密码:zhangzehua@cimer..)登录进入后台,找到order数据库,在其中我们发现两个内容,一个是公钥(有两个),一个是order的加密数据,我们先导出来

PUBLIC_KEY1

-----BEGIN PUBLIC KEY-----
MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDRYAEL
-----END PUBLIC KEY-----

PUBLIC_KEY2

-----BEGIN PUBLIC KEY-----
MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDDgnJJ
-----END PUBLIC KEY-----

不难发现,这个PKCS格式的RSA加密的n是一样的

具体参考我的另一篇文章

证书修复[[证书修复]]

#1
import base64

common_key = '''MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDRYAEL'''
common_key = common_key.split("\n")
for i in common_key:
    print(base64.b64decode(i).hex())
'''
30820224300d06092a864886f70d010101050003820211003082020c02820201009fce08d524ec3c634726c235223a88
6751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940c
ad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716c
ee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461
b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532
759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7
981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452
b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a6
8b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4
dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c
2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a2
4528970c524fc7ea1dd818fa6a0b390989020500d160010b
'''

#2
import base64

common_key = '''MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDDgnJJ'''
common_key = common_key.split("\n")
for i in common_key:
    print(base64.b64decode(i).hex())
'''
30820224300d06092a864886f70d010101050003820211003082020c02820201009fce08d524ec3c634726c235223a88
6751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940c
ad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716c
ee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461
b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532
759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7
981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452
b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a6
8b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4
dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c
2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a2
4528970c524fc7ea1dd818fa6a0b390989020500c3827249
'''

n=int("09fce08d524ec3c634726c235223a886751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940cad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716cee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a68b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a24528970c524fc7ea1dd818fa6a0b390989".replace(" ", ""), 16)
print(n)
#651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
e1=int("00d160010b".replace(" ", ""), 16)
print(e1)
#3512729867
e2=int("00c3827249".replace(" ", ""), 16)
print(e2)
#3280106057

轻松恢复参数,接下来共模攻击,而order中的数据就是c1c2
扩展欧几里得

e1 = 3512729867
n = 651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
c1 = 455520981282387532676717274716388352368440660926365334916148072681764116892860884921488406070711454757928344800420542881183746391959356679027200037258786255440708028679142593131055799315503515994591732825311568926272127476331778438289367066943088620222708235950329139676726845791285638554183320625138554228412418602236473902697223632793200780447786763924828285069114317908732616631424776579074685866132079906869644490049060219194763340993910380968137064159234211941426106201453169371969865981414890187042882075730309208445502040739037708653331791193126807215951684651301149946032375218369322099201615986809316802138270582273761458689373198881559721513646662689826622136665595893819012649669089610447138619953310475518061996813864262276148796881080827484146738798217102416455117456619758431205790984867739982517711952992854521999493035661384208376865492023395692897635530948693012296859349789089532266945351544197157630244209003342649158072346022879572308249912090479731024665677002989990123817158168467761068889815618551120656071481777071721816813814284774737527002915422351308787508712896445494710247486617251080794973909933439282701827135391657345253124007396232780038752366194039852205301351104343128418965990002102290335821157803

e2 = 3280106057
c2 = 316046737603519845884753132937977364670750803918759945310447186223742231101322105614079178772507417319651406200430258339351871816922132433628260764308927030306788121841115056234329468168927912553327146674446271767578349571053454076543762542742540980694995918195068100985391321478056685508959420310078621643340855155342222812911195847241332052480126439523748548221123947438637404159751320751996142238755885748491965261143244563217548800499108477973929173661204539036615753876403580382939752744743592154312892069078838549072849822870617359300302164144393607747349611476176319331278017008758876613072366628229560094896734929937194226143190522382074762803226351773014143879700891536051202388073527082576364609141640108664186607947875281936802467266486641898753775337024744835880699755494164815601519495168038520219229794700431331665822565170595218996479937559714215823017131371786109471062800412993447001090503914102484616930473943257244008076630097973045149179771760209750043786848340801460584140241715117461924761014775058044022158014246537628845654739246894232423929097744167227061000762233904782875133326981951731731705564055316886731142637966312163322204246124439266440319775912667816568966555184352686996639497813793946582950495311

# 已知两者n相同,e不同,共模攻击
import gmpy2
from Crypto.Util.number import *

def egcd(a, b):
    if b == 0:
        return a, 0;
    else:
        x, y = egcd(b, a % b)
        return y, x - (a // b) * y  # 扩展欧几里得算法

s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
m = gmpy2.powmod(c1, s1, n) * gmpy2.powmod(c2, s2, n) % n
print(long_to_bytes(m))
#\xe8\xae\xa2\xe5\x8d\x95\xe5\x8f\xb7: 202502100811, \xe5\x95\x86\xe5\x93\x81\xe5\x90\x8d\xe7\xa7\xb0: \xe5\x85\x85\xe5\x80\xbc\xe7\xb1\xb3\xe5\xb8\x81, \xe5\x85\x85\xe5\x80\xbc\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa51000, \xe5\x85\x85\xe5\x80\xbc\xe5\x89\x8d\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 2511, \xe5\x85\x85\xe5\x80\xbc\xe5\x90\x8e\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 3511, \xe4\xbc\x98\xe6\x83\xa0\xe5\x88\xb8: 20, \xe5\xae\x9e\xe4\xbb\x98\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa5980

from urllib import parse

s = '\xe8\xae\xa2\xe5\x8d\x95\xe5\x8f\xb7: 202502100811, \xe5\x95\x86\xe5\x93\x81\xe5\x90\x8d\xe7\xa7\xb0: \xe5\x85\x85\xe5\x80\xbc\xe7\xb1\xb3\xe5\xb8\x81, \xe5\x85\x85\xe5\x80\xbc\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa51000, \xe5\x85\x85\xe5\x80\xbc\xe5\x89\x8d\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 2511, \xe5\x85\x85\xe5\x80\xbc\xe5\x90\x8e\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 3511, \xe4\xbc\x98\xe6\x83\xa0\xe5\x88\xb8: 20, \xe5\xae\x9e\xe4\xbb\x98\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa5980'
s = s.encode('unicode_escape')
print("编码",s)
ss = s.decode('utf-8').replace('\\x', '%')
print("url解码",ss)
un = parse.unquote(ss)
print("解码",un)
#订单号: 202502100811, 商品名称: 充值米币, 充值金额: ¥1000, 充值前米币数量: 2511, 充值后米币数量: 3511, 优惠券: 20, 实付金额: ¥980
#2511_980

Part3

  • ? 题目要求:进行数据核查,找到充值米币到账数量错误的交易,米币优惠幅度高于20%的交易,VIP到账天数错误的交易,实付金额错误的交易,VIP充值优惠幅度高于20%的交易并统计每种错误交易类型的数量,请选手按照答案标准格式的排列顺序,通过_拼接后,作为标准答案提交

注意:充值会员30天为月卡,金额为15元

充值会员90天为季卡,金额为30元

充值会员365天为年卡,金额为88元

米币价格与充值金额,交易换算为1:1

计算充值优惠幅度是否高于20%时,使用正确的价格(充值金额或充值天数对应的金额)进行计算,不能使用现有错误实付金额计算

  • @ 【答案标准】例:若充值米币到账数量错误的交易为6笔,米币优惠幅度高于20%的交易为2笔,VIP到账天数错误的交易为3笔,实付金额错误的交易为4笔,VIP充值优惠幅度高于20%的交易为5笔,则提交最终答案为:6_2_3_4_5
  • !! 解答:首先我们把所有的order都解密
import gmpy2
from Crypto.Util.number import *
from urllib import parse

e1 = 3512729867
n = 651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
e2 = 3280106057
c1 = None
c2 = None

# 共模攻击函数
def egcd(a, b):
    if b == 0:
        return a, 0
    else:
        x, y = egcd(b, a % b)
        return y, x - (a // b) * y

s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]

# 读取 order.csv 文件并解密
with open('D:\\order.csv', 'r') as file:
    lines = file.readlines()
    for i, line in enumerate(lines):
        if i == 0:  # 跳过第一行
            continue
        parts = line.strip().split(';')
        c1 = int(parts[1])
        c2 = int(parts[2])

        m = gmpy2.powmod(c1, s1, n) * gmpy2.powmod(c2, s2, n) % n
        decrypted_data = long_to_bytes(m).decode('utf-8')

        # 解码数据
        decoded_data = parse.unquote(decrypted_data)
        print(decoded_data)

print("解密和转码完成")
  • @@ 得到以下数据:
    3000条订单数据(省略)
订单号: 202502100001, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 4583, 充值后米币数量: 4683, 优惠券: 20, 实付金额: ¥80
订单号: 202502100002, 商品名称: 充值会员, 充值天数: 365, 充值前剩余天数: 6天, 充值后剩余天数: 371天, 优惠券: 15, 实付金额: ¥73
订单号: 202502100003, 商品名称: 充值会员, 充值天数: 90, 充值前剩余天数: 217天, 充值后剩余天数: 307天, 优惠券: 5, 实付金额: ¥25
订单号: 202502100004, 商品名称: 充值米币, 充值金额: ¥5000, 充值前米币数量: 2380, 充值后米币数量: 7380, 优惠券: 0, 实付金额: ¥5000
订单号: 202502100005, 商品名称: 充值会员, 充值天数: 30, 充值前剩余天数: 351天, 充值后剩余天数: 381天, 优惠券: 10, 实付金额: ¥5
……

接下来就是纯粹的分析理解了

with open("D:\\AAACTF题目\\数据分析.txt", "rb") as f:
    data = f.read().decode().split("\n")

import re

A = 0  # 米币到账数量错误
B = 0  # 米币优惠幅度高于20%
C = 0  # VIP到账天数错误
D = 0  # 实付金额错误
E = 0  # VIP充值优惠幅度高于20%

# 定义VIP充值金额对应规则
vip_price = {30: 15, 90: 30, 365: 88}

# 检查充值米币的错误
for each in data:
    s = re.findall(r"商品名称: 充值米币, 充值金额: ¥(\d+), 充值前米币数量: (\d+), 充值后米币数量: (\d+), 优惠券: (\d+), 实付金额: ¥(\d+)", each)
    if s:
        amount, pre_balance, post_balance, coupon, paid = map(int, s[0])
        # 检查米币到账数量错误
        if pre_balance + amount != post_balance:
            print("米币到账数量错误", each)
            A += 1
        # 检查米币优惠幅度错误
        if coupon / amount > 0.2:
            print("米币优惠幅度高于20%", each)
            B += 1
        # 检查实付金额错误
        expected_paid = amount - coupon
        if paid != expected_paid:
            print("米币实付金额错误", each)
            D += 1

# 检查充值会员的错误
for each in data:
    s = re.findall(r"商品名称: 充值会员, 充值天数: (\d+), 充值前剩余天数: (\d+)天, 充值后剩余天数: (\d+)天, 优惠券: (\d+), 实付金额: ¥(\d+)", each)
    if s:
        days, pre_days, post_days, coupon, paid = map(int, s[0])
        # 检查VIP到账天数错误
        if pre_days + days != post_days:
            print("VIP到账天数错误", each)
            C += 1
        # 检查VIP充值优惠幅度错误
        expected_price = vip_price.get(days, None)
        if expected_price is None:
            print("奇怪的天数", days)
        else:
            expected_paid = expected_price - coupon
            # 只有当实付金额不等于预期的优惠后金额时,才算作错误
            if paid != expected_paid:
                print("VIP实付金额错误", each)
                D += 1
            if coupon / expected_price > 0.2:
                print("VIP充值优惠幅度高于20%", each)
                E += 1

print('_'.join((str(A), str(B), str(C), str(D), str(E))))
#3_142_3_4_612
米币到账数量错误 订单号: 202502100031, 商品名称: 充值米币, 充值金额: ¥500, 充值前米币数量: 4632, 充值后米币数量: 9632, 优惠券: 0, 实付金额: ¥5000
米币实付金额错误 订单号: 202502100031, 商品名称: 充值米币, 充值金额: ¥500, 充值前米币数量: 4632, 充值后米币数量: 9632, 优惠券: 0, 实付金额: ¥5000
米币优惠幅度高于20% 订单号: 202502100047, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 897, 充值后米币数量: 997, 优惠券: 50, 实付金额: ¥50
米币优惠幅度高于20% 订单号: 202502100067, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 1793, 充值后米币数量: 1893, 优惠券: 50, 实付金额: ¥50
米币优惠幅度高于20% 订单号: 202502100072, 商品名称: 充值米币, 充值金额: ¥200, 充值前米币数量: 2164, 充值后米币数量: 2364, 优惠券: 50, 实付金额: ¥150
……

总结

  • !! part1

8429e825242b4e9063862b78da1e46dd

  • !! part2

2511_980

  • !! part3

3_142_3_4_612

( ̄へ ̄)

又菜又爱玩(^・ω・^ )哈哈~

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇