[数字中国决赛 2025]数据删除与恢复
- @ 坐牢坐牢,yepyep
Part1
- ? 题目要求:找出给定账号密码中判断哪些用户在被删除后仍可以利用JWT进行登录,将找到的账号依次排序,用
_
连接并提交md5
加密后的字符串作为答案(其中有一个管理员账号)
账号 | 密码 |
---|---|
weibeizhen | v*3!weibeizhen |
lianliangshan | lianliangshan- |
changlinqi | changlinqir*8 |
bile | bilevkrxvvr! |
yinshan | yinshanv.8KB |
piyuanrong | Jpiyuanrong4j= |
xuqun | w=oxuqun |
biqing | Kbiqingiw017. |
baolang | !baolang |
wangguizhi | cimer15&wangguizhi |
fanjian | Uu21%fanjian |
xianglijuan | Vv22xianglijuan^ |
wanghong | Ww23wanghong& |
baiguizhuang | baiguizhuang! |
caozhengxiang | @caozhengxiang |
yunfuchao | yunfuchaoZ= |
wangyan | Ii9wangyan! |
ningxiurong | Mmningxiurong13% |
zhanglihua | Nn14zhanglihua^ |
feiliang | feiliangx@Cpi |
miaojinjuan | Emiaojinjuan-. |
heshuwan | !=heshuwanL |
lulongmu | @lulongmu |
anfuhui | yanfuhui-tz. |
suyufei | m9@suyufeih |
xibeilei | *xibeilei |
qiyingdi | !qiyingdi |
weiyingwan | y*weiyingwant |
zhangxiuyun | Gg7&zhangxiuyun |
shiqianming | F*shiqianming |
wuchun | @M!wuchun |
pingyimei | pingyimei! |
luwuhao | luwuhao* |
fengjun | !=yxjsfengjun |
zhuningmao | !zhuningmao |
huangzhiqiang | Ee5%huangzhiqiang |
zhangzehua | zhangzehua@cimer.. |
luhuiyi | C@gqPluhuiyiW |
qipingxian | qipingxian7=! |
wujiaqing | wujiaqing@ |
lepengfu | vo@vlepengfu |
miaogui | -mmiaogui |
wanghua | nwanghuao-! |
sushenghua | -7Jsushenghua |
panfeigu | !hpanfeiguk78 |
yuanzhencheng | @yuanzhencheng |
hanling | NhanlingJ1*W6 |
wanghua | wanghuaCc3cimer# |
jinguizhi | jinguizhiJj10@ |
douquanguang | douquanguang-! |
helingui | EwY!helingui |
panmeimei | panmeimei*o8 |
muhuile | Ze1@6Lmuhuile |
caoxingshu | caoxingshu- |
wuzhenghui | nwuzhenghuiL= |
feiqi | fP8.zqfeiqi |
douguang | douguang9!LR |
anlilin | 3anlilin! |
yuming | yumingksyx6y@M |
tangxiahui | .tangxiahuiT |
weifeng | -LpRut*weifeng |
xiaoguoyi | d@xiaoguoyikO |
mengpeng | Llmengpeng12$cimer |
guoxiaohong | guoxiaohongDd4$ |
sunjinhui | !sunjinhuicc |
langzhilang | !@langzhilangd |
muwanlu | O=FCKzmuwanlu |
huashanhui | .yhuashanhuiQO |
hebin | @AhebinopGkBYS |
douwuda | !douwuda |
zhourong | .zhourong |
cenboqiu | cenboqiu!z7 |
qidai | PQ@qidaikxBsL |
jianghuanyou | @-jianghuanyou |
zhangquanfan | P=zhangquanfan |
zhoulihai | -zhoulihai |
shifei | SStshifeiAX. |
wangming | Hhwangming8* |
renyizhi | renyizhi! |
mafengya | -=Cmafengya |
huangheli | *PDhuangheliq. |
haoyinghe | haoyinghe! |
yuyuanxue | yuyuanxueQ37g! |
anpinglu | JanpingluZW* |
yangemei | yangemei1Pm*o2 |
biannanhong | m.biannanhongh |
anxian | anxianUiJj!* |
langhaohong | @langhaohong!! |
shuiluxiu | @sshuiluxiuxsF |
weifutian | weifutian=m |
chenxin | chenxinAa1!cimer |
wuwen | cimer2@wuwen |
guxin | guxin-tI- |
lixiangli | Xlixiangli. |
zhaomeisi | AK@zhaomeisigq |
gantingting | Kk11gantingting# |
shishashun | 9v.shishashun |
yinzhenguo | yinzhenguo2R* |
狠狠手搓o( ̄ヘ ̄o#)
- !! 解答:打开
用户表.xlsx
发现100
条账号密码
我们把每一条账号密码都登录进去发现(账号:zhangzehua
密码:zhangzehua@cimer..
)是管理员(admin
)的登录密码
还发现5
个用户不存在(0del
)的提示,9
个可以登录进去的用户(user
)
比如下面这样表示可登录进去(其实这个没用)
用户不存在就是下面我标上的0del
,页面会提示该用户不存在(没截图)
管理员用户会在上图的基础上加一个后台管理按钮
其余用户登录不会有任何返回页面或提示
账号 | 密码 | 状态 |
---|---|---|
weibeizhen | v*3!weibeizhen | |
lianliangshan | lianliangshan- | |
changlinqi | changlinqir*8 | |
bile | bilevkrxvvr! | |
yinshan | yinshanv.8KB | |
piyuanrong | Jpiyuanrong4j= | |
xuqun | w=oxuqun | |
biqing | Kbiqingiw017. | |
baolang | !baolang | |
wangguizhi | cimer15&wangguizhi | 0del |
fanjian | Uu21%fanjian | |
xianglijuan | Vv22xianglijuan^ | |
wanghong | Ww23wanghong& | |
baiguizhuang | baiguizhuang! | |
caozhengxiang | @caozhengxiang | |
yunfuchao | yunfuchaoZ= | |
wangyan | Ii9wangyan! | user |
ningxiurong | Mmningxiurong13% | 0del |
zhanglihua | Nn14zhanglihua^ | 0del |
feiliang | feiliangx@Cpi | |
miaojinjuan | Emiaojinjuan-. | |
heshuwan | !=heshuwanL | |
lulongmu | @lulongmu | |
anfuhui | yanfuhui-tz. | |
suyufei | m9@suyufeih | |
xibeilei | *xibeilei | |
qiyingdi | !qiyingdi | |
weiyingwan | y*weiyingwant | |
zhangxiuyun | Gg7&zhangxiuyun | user |
shiqianming | F*shiqianming | |
wuchun | @M!wuchun | |
pingyimei | pingyimei! | |
luwuhao | luwuhao* | |
fengjun | !=yxjsfengjun | |
zhuningmao | !zhuningmao | |
huangzhiqiang | Ee5%huangzhiqiang | user |
zhangzehua | zhangzehua@cimer.. | admin |
luhuiyi | C@gqPluhuiyiW | |
qipingxian | qipingxian7=! | |
wujiaqing | wujiaqing@ | |
lepengfu | vo@vlepengfu | |
miaogui | -mmiaogui | |
wanghua | nwanghuao-! | |
sushenghua | -7Jsushenghua | |
panfeigu | !hpanfeiguk78 | |
yuanzhencheng | @yuanzhencheng | |
hanling | NhanlingJ1*W6 | |
wanghua | wanghuaCc3cimer# | user |
jinguizhi | jinguizhiJj10@ | user |
douquanguang | douquanguang-! | |
helingui | EwY!helingui | |
panmeimei | panmeimei*o8 | |
muhuile | Ze1@6Lmuhuile | |
caoxingshu | caoxingshu- | |
wuzhenghui | nwuzhenghuiL= | |
feiqi | fP8.zqfeiqi | |
douguang | douguang9!LR | |
anlilin | 3anlilin! | |
yuming | yumingksyx6y@M | |
tangxiahui | .tangxiahuiT | |
weifeng | -LpRut*weifeng | |
xiaoguoyi | d@xiaoguoyikO | |
mengpeng | Llmengpeng12$cimer | 0del |
guoxiaohong | guoxiaohongDd4$ | user |
sunjinhui | !sunjinhuicc | |
langzhilang | !@langzhilangd | |
muwanlu | O=FCKzmuwanlu | |
huashanhui | .yhuashanhuiQO | |
hebin | @AhebinopGkBYS | |
douwuda | !douwuda | |
zhourong | .zhourong | |
cenboqiu | cenboqiu!z7 | |
qidai | PQ@qidaikxBsL | |
jianghuanyou | @-jianghuanyou | |
zhangquanfan | P=zhangquanfan | |
zhoulihai | -zhoulihai | |
shifei | SStshifeiAX. | |
wangming | Hhwangming8* | user |
renyizhi | renyizhi! | |
mafengya | -=Cmafengya | |
huangheli | *PDhuangheliq. | |
haoyinghe | haoyinghe! | |
yuyuanxue | yuyuanxueQ37g! | |
anpinglu | JanpingluZW* | |
yangemei | yangemei1Pm*o2 | |
biannanhong | m.biannanhongh | |
anxian | anxianUiJj!* | |
langhaohong | @langhaohong!! | |
shuiluxiu | @sshuiluxiuxsF | |
weifutian | weifutian=m | |
chenxin | chenxinAa1!cimer | user |
wuwen | cimer2@wuwen | user |
guxin | guxin-tI- | |
lixiangli | Xlixiangli. | |
zhaomeisi | AK@zhaomeisigq | |
gantingting | Kk11gantingting# | 0del |
shishashun | 9v.shishashun | |
yinzhenguo | yinzhenguo2R* |
由此就我们找出了这些被删除了还能存有记录的账号
import hashlib
def md5_encrypt(input_string):
md5_obj = hashlib.md5()
md5_obj.update(input_string.encode('utf-8'))
return md5_obj.hexdigest()
input_str = "wangguizhi_ningxiurong_zhanglihua_mengpeng_gantingting"
md5_result = md5_encrypt(input_str)
print(f"MD5加密结果: {md5_result}")
#8429e825242b4e9063862b78da1e46dd
Part2
- ? 题目要求:因为管理员把数据库的私钥弄丢了,要求我们尝试用公钥解密
order
的数据,目标是找到第202502100811
号订单的充值前米币数量数据和实付金额数据 - !! 解答:首先我们根据
Part1
得到的管理员账号(账号:zhangzehua
密码:zhangzehua@cimer..
)登录进入后台,找到order
数据库,在其中我们发现两个内容,一个是公钥(有两个),一个是order
的加密数据,我们先导出来
PUBLIC_KEY1
-----BEGIN PUBLIC KEY-----
MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDRYAEL
-----END PUBLIC KEY-----
PUBLIC_KEY2
-----BEGIN PUBLIC KEY-----
MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDDgnJJ
-----END PUBLIC KEY-----
不难发现,这个PKCS
格式的RSA加密的n
是一样的
具体参考我的另一篇文章
证书修复[[证书修复]]
#1
import base64
common_key = '''MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDRYAEL'''
common_key = common_key.split("\n")
for i in common_key:
print(base64.b64decode(i).hex())
'''
30820224300d06092a864886f70d010101050003820211003082020c02820201009fce08d524ec3c634726c235223a88
6751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940c
ad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716c
ee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461
b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532
759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7
981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452
b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a6
8b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4
dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c
2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a2
4528970c524fc7ea1dd818fa6a0b390989020500d160010b
'''
#2
import base64
common_key = '''MIICJDANBgkqhkiG9w0BAQEFAAOCAhEAMIICDAKCAgEAn84I1STsPGNHJsI1IjqI
Z1F5KQYXXCDKx7K6PnpkBvBF3VFjLEGmdamSnsC34OkciEjhh2TmGdO6x5zes5QM
rW+4u/xgZV4WTSANCfpb+i+Oi3YFVmz0B1xAfOg9JiTOeKfFTGUSd92xqvpconFs
7n+4WfpmG15oXLzPP54yZW4MQJeTljZ+jFHM3ZL0ajxRzo3WiNsM7m3qewfSMiRh
ts5tchTF1Q3VT1niBvM0PmttI6v3Fzn3Zvta68UUZaNMtlGnmRyWLrgceO3zyRUy
dZvZpIHmQQ5f2dJ1l1PtyVYkwXA9TFC7iQvwT5sY1FBOH7gqgVgcWaEfNIoXIRHn
mBzmkkLu0ZBQ8BW0A5sLXEtzYiuESmUvKCau8ojahsPWcEcqELZTIb93Yj0BghRS
tBunPNUD6GGTyNfIB+BkCqfWuMxCv8bk76a0i/vrEpM1edJ/MTFQtN1RY75BiDim
iwtIwWUQ0nkOgn4FNqAsz3dkZIOKHk0BCki81MeS8uhjbFfcK9ekz+d86pT5F3j0
3ThgQCWfTutuQhF3oZEfYtWaZLjcQNHFkrsaWhleQbymDrfx3nuKQ6vIc5izwKhs
JGnveO/kfITFNAPk4piPdQE5TVcI4cFgRrQYh2CkTTn8pnonV9Q+v+V4VNr5b/Ki
RSiXDFJPx+od2Bj6ags5CYkCBQDDgnJJ'''
common_key = common_key.split("\n")
for i in common_key:
print(base64.b64decode(i).hex())
'''
30820224300d06092a864886f70d010101050003820211003082020c02820201009fce08d524ec3c634726c235223a88
6751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940c
ad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716c
ee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461
b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532
759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7
981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452
b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a6
8b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4
dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c
2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a2
4528970c524fc7ea1dd818fa6a0b390989020500c3827249
'''
n=int("09fce08d524ec3c634726c235223a886751792906175c20cac7b2ba3e7a6406f045dd51632c41a675a9929ec0b7e0e91c8848e18764e619d3bac79cdeb3940cad6fb8bbfc60655e164d200d09fa5bfa2f8e8b7605566cf4075c407ce83d2624ce78a7c54c651277ddb1aafa5ca2716cee7fb859fa661b5e685cbccf3f9e32656e0c40979396367e8c51ccdd92f46a3c51ce8dd688db0cee6dea7b07d2322461b6ce6d7214c5d50dd54f59e206f3343e6b6d23abf71739f766fb5aebc51465a34cb651a7991c962eb81c78edf3c91532759bd9a481e6410e5fd9d2759753edc95624c1703d4c50bb890bf04f9b18d4504e1fb82a81581c59a11f348a172111e7981ce69242eed19050f015b4039b0b5c4b73622b844a652f2826aef288da86c3d670472a10b65321bf77623d01821452b41ba73cd503e86193c8d7c807e0640aa7d6b8cc42bfc6e4efa6b48bfbeb12933579d27f313150b4dd5163be418838a68b0b48c16510d2790e827e0536a02ccf776464838a1e4d010a48bcd4c792f2e8636c57dc2bd7a4cfe77cea94f91778f4dd386040259f4eeb6e421177a1911f62d59a64b8dc40d1c592bb1a5a195e41bca60eb7f1de7b8a43abc87398b3c0a86c2469ef78efe47c84c53403e4e2988f7501394d5708e1c16046b4188760a44d39fca67a2757d43ebfe57854daf96ff2a24528970c524fc7ea1dd818fa6a0b390989".replace(" ", ""), 16)
print(n)
#651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
e1=int("00d160010b".replace(" ", ""), 16)
print(e1)
#3512729867
e2=int("00c3827249".replace(" ", ""), 16)
print(e2)
#3280106057
轻松恢复参数,接下来共模攻击
,而order
中的数据就是c1
和c2
扩展欧几里得
e1 = 3512729867
n = 651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
c1 = 455520981282387532676717274716388352368440660926365334916148072681764116892860884921488406070711454757928344800420542881183746391959356679027200037258786255440708028679142593131055799315503515994591732825311568926272127476331778438289367066943088620222708235950329139676726845791285638554183320625138554228412418602236473902697223632793200780447786763924828285069114317908732616631424776579074685866132079906869644490049060219194763340993910380968137064159234211941426106201453169371969865981414890187042882075730309208445502040739037708653331791193126807215951684651301149946032375218369322099201615986809316802138270582273761458689373198881559721513646662689826622136665595893819012649669089610447138619953310475518061996813864262276148796881080827484146738798217102416455117456619758431205790984867739982517711952992854521999493035661384208376865492023395692897635530948693012296859349789089532266945351544197157630244209003342649158072346022879572308249912090479731024665677002989990123817158168467761068889815618551120656071481777071721816813814284774737527002915422351308787508712896445494710247486617251080794973909933439282701827135391657345253124007396232780038752366194039852205301351104343128418965990002102290335821157803
e2 = 3280106057
c2 = 316046737603519845884753132937977364670750803918759945310447186223742231101322105614079178772507417319651406200430258339351871816922132433628260764308927030306788121841115056234329468168927912553327146674446271767578349571053454076543762542742540980694995918195068100985391321478056685508959420310078621643340855155342222812911195847241332052480126439523748548221123947438637404159751320751996142238755885748491965261143244563217548800499108477973929173661204539036615753876403580382939752744743592154312892069078838549072849822870617359300302164144393607747349611476176319331278017008758876613072366628229560094896734929937194226143190522382074762803226351773014143879700891536051202388073527082576364609141640108664186607947875281936802467266486641898753775337024744835880699755494164815601519495168038520219229794700431331665822565170595218996479937559714215823017131371786109471062800412993447001090503914102484616930473943257244008076630097973045149179771760209750043786848340801460584140241715117461924761014775058044022158014246537628845654739246894232423929097744167227061000762233904782875133326981951731731705564055316886731142637966312163322204246124439266440319775912667816568966555184352686996639497813793946582950495311
# 已知两者n相同,e不同,共模攻击
import gmpy2
from Crypto.Util.number import *
def egcd(a, b):
if b == 0:
return a, 0;
else:
x, y = egcd(b, a % b)
return y, x - (a // b) * y # 扩展欧几里得算法
s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
m = gmpy2.powmod(c1, s1, n) * gmpy2.powmod(c2, s2, n) % n
print(long_to_bytes(m))
#\xe8\xae\xa2\xe5\x8d\x95\xe5\x8f\xb7: 202502100811, \xe5\x95\x86\xe5\x93\x81\xe5\x90\x8d\xe7\xa7\xb0: \xe5\x85\x85\xe5\x80\xbc\xe7\xb1\xb3\xe5\xb8\x81, \xe5\x85\x85\xe5\x80\xbc\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa51000, \xe5\x85\x85\xe5\x80\xbc\xe5\x89\x8d\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 2511, \xe5\x85\x85\xe5\x80\xbc\xe5\x90\x8e\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 3511, \xe4\xbc\x98\xe6\x83\xa0\xe5\x88\xb8: 20, \xe5\xae\x9e\xe4\xbb\x98\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa5980
from urllib import parse
s = '\xe8\xae\xa2\xe5\x8d\x95\xe5\x8f\xb7: 202502100811, \xe5\x95\x86\xe5\x93\x81\xe5\x90\x8d\xe7\xa7\xb0: \xe5\x85\x85\xe5\x80\xbc\xe7\xb1\xb3\xe5\xb8\x81, \xe5\x85\x85\xe5\x80\xbc\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa51000, \xe5\x85\x85\xe5\x80\xbc\xe5\x89\x8d\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 2511, \xe5\x85\x85\xe5\x80\xbc\xe5\x90\x8e\xe7\xb1\xb3\xe5\xb8\x81\xe6\x95\xb0\xe9\x87\x8f: 3511, \xe4\xbc\x98\xe6\x83\xa0\xe5\x88\xb8: 20, \xe5\xae\x9e\xe4\xbb\x98\xe9\x87\x91\xe9\xa2\x9d: \xc2\xa5980'
s = s.encode('unicode_escape')
print("编码",s)
ss = s.decode('utf-8').replace('\\x', '%')
print("url解码",ss)
un = parse.unquote(ss)
print("解码",un)
#订单号: 202502100811, 商品名称: 充值米币, 充值金额: ¥1000, 充值前米币数量: 2511, 充值后米币数量: 3511, 优惠券: 20, 实付金额: ¥980
#2511_980
Part3
- ? 题目要求:进行数据核查,找到充值米币到账数量错误的交易,米币优惠幅度高于20%的交易,VIP到账天数错误的交易,实付金额错误的交易,VIP充值优惠幅度高于20%的交易并统计每种错误交易类型的数量,请选手按照答案标准格式的排列顺序,通过
_
拼接后,作为标准答案提交
注意:充值会员30天为月卡,金额为15元
充值会员90天为季卡,金额为30元
充值会员365天为年卡,金额为88元
米币价格与充值金额,交易换算为1:1
计算充值优惠幅度是否高于20%时,使用正确的价格(充值金额或充值天数对应的金额)进行计算,不能使用现有错误实付金额计算
- @ 【答案标准】例:若充值米币到账数量错误的交易为6笔,米币优惠幅度高于20%的交易为2笔,VIP到账天数错误的交易为3笔,实付金额错误的交易为4笔,VIP充值优惠幅度高于20%的交易为5笔,则提交最终答案为:6_2_3_4_5
- !! 解答:首先我们把所有的
order
都解密
import gmpy2
from Crypto.Util.number import *
from urllib import parse
e1 = 3512729867
n = 651946795233984780453133113767501340143039726948925889750647754647147931741761354321764653676445388026906630205091753645778362824764617095491489988318390620568241662633727630407151636916895640554866453552768440264042207764333319273377770208595917307712286329487108454958860504457985529048148053868047126703333365000815274344131109027354354731129128435334854252883659657903260482515375519970778251779085272670967613309890333554066976942884333546869278748226964177590983350295235408212636782786726682265784086028792595317329144018282089505082462680759301401858757987557690289906901667194009128836948914230885580428672646908394277074743931147411298048577325114955145618749180519246808089906629826393049823948886812110535445458262632225628585690527271718452845124399120465922102238244415579075362951156975547731139752596430307930467450515243245405422063193513255650685213636019830619680403040587987422292488228626751523688929212627802754657172153348082063100831603568449881498286244502944932137000831162073797233647615292745254566169189722454300530310902193672419268237203582486868826334580033144732094141151345920763459183836915710291981115347225923770609472484904131905082022614653326396440201973422572844520477628512497700217114134921
e2 = 3280106057
c1 = None
c2 = None
# 共模攻击函数
def egcd(a, b):
if b == 0:
return a, 0
else:
x, y = egcd(b, a % b)
return y, x - (a // b) * y
s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
# 读取 order.csv 文件并解密
with open('D:\\order.csv', 'r') as file:
lines = file.readlines()
for i, line in enumerate(lines):
if i == 0: # 跳过第一行
continue
parts = line.strip().split(';')
c1 = int(parts[1])
c2 = int(parts[2])
m = gmpy2.powmod(c1, s1, n) * gmpy2.powmod(c2, s2, n) % n
decrypted_data = long_to_bytes(m).decode('utf-8')
# 解码数据
decoded_data = parse.unquote(decrypted_data)
print(decoded_data)
print("解密和转码完成")
- @@ 得到以下数据:
3000条订单数据(省略)
订单号: 202502100001, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 4583, 充值后米币数量: 4683, 优惠券: 20, 实付金额: ¥80
订单号: 202502100002, 商品名称: 充值会员, 充值天数: 365, 充值前剩余天数: 6天, 充值后剩余天数: 371天, 优惠券: 15, 实付金额: ¥73
订单号: 202502100003, 商品名称: 充值会员, 充值天数: 90, 充值前剩余天数: 217天, 充值后剩余天数: 307天, 优惠券: 5, 实付金额: ¥25
订单号: 202502100004, 商品名称: 充值米币, 充值金额: ¥5000, 充值前米币数量: 2380, 充值后米币数量: 7380, 优惠券: 0, 实付金额: ¥5000
订单号: 202502100005, 商品名称: 充值会员, 充值天数: 30, 充值前剩余天数: 351天, 充值后剩余天数: 381天, 优惠券: 10, 实付金额: ¥5
……
接下来就是纯粹的分析理解了
with open("D:\\AAACTF题目\\数据分析.txt", "rb") as f:
data = f.read().decode().split("\n")
import re
A = 0 # 米币到账数量错误
B = 0 # 米币优惠幅度高于20%
C = 0 # VIP到账天数错误
D = 0 # 实付金额错误
E = 0 # VIP充值优惠幅度高于20%
# 定义VIP充值金额对应规则
vip_price = {30: 15, 90: 30, 365: 88}
# 检查充值米币的错误
for each in data:
s = re.findall(r"商品名称: 充值米币, 充值金额: ¥(\d+), 充值前米币数量: (\d+), 充值后米币数量: (\d+), 优惠券: (\d+), 实付金额: ¥(\d+)", each)
if s:
amount, pre_balance, post_balance, coupon, paid = map(int, s[0])
# 检查米币到账数量错误
if pre_balance + amount != post_balance:
print("米币到账数量错误", each)
A += 1
# 检查米币优惠幅度错误
if coupon / amount > 0.2:
print("米币优惠幅度高于20%", each)
B += 1
# 检查实付金额错误
expected_paid = amount - coupon
if paid != expected_paid:
print("米币实付金额错误", each)
D += 1
# 检查充值会员的错误
for each in data:
s = re.findall(r"商品名称: 充值会员, 充值天数: (\d+), 充值前剩余天数: (\d+)天, 充值后剩余天数: (\d+)天, 优惠券: (\d+), 实付金额: ¥(\d+)", each)
if s:
days, pre_days, post_days, coupon, paid = map(int, s[0])
# 检查VIP到账天数错误
if pre_days + days != post_days:
print("VIP到账天数错误", each)
C += 1
# 检查VIP充值优惠幅度错误
expected_price = vip_price.get(days, None)
if expected_price is None:
print("奇怪的天数", days)
else:
expected_paid = expected_price - coupon
# 只有当实付金额不等于预期的优惠后金额时,才算作错误
if paid != expected_paid:
print("VIP实付金额错误", each)
D += 1
if coupon / expected_price > 0.2:
print("VIP充值优惠幅度高于20%", each)
E += 1
print('_'.join((str(A), str(B), str(C), str(D), str(E))))
#3_142_3_4_612
米币到账数量错误 订单号: 202502100031, 商品名称: 充值米币, 充值金额: ¥500, 充值前米币数量: 4632, 充值后米币数量: 9632, 优惠券: 0, 实付金额: ¥5000
米币实付金额错误 订单号: 202502100031, 商品名称: 充值米币, 充值金额: ¥500, 充值前米币数量: 4632, 充值后米币数量: 9632, 优惠券: 0, 实付金额: ¥5000
米币优惠幅度高于20% 订单号: 202502100047, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 897, 充值后米币数量: 997, 优惠券: 50, 实付金额: ¥50
米币优惠幅度高于20% 订单号: 202502100067, 商品名称: 充值米币, 充值金额: ¥100, 充值前米币数量: 1793, 充值后米币数量: 1893, 优惠券: 50, 实付金额: ¥50
米币优惠幅度高于20% 订单号: 202502100072, 商品名称: 充值米币, 充值金额: ¥200, 充值前米币数量: 2164, 充值后米币数量: 2364, 优惠券: 50, 实付金额: ¥150
……
总结
- !! part1
8429e825242b4e9063862b78da1e46dd
- !! part2
2511_980
- !! part3
3_142_3_4_612
( ̄へ ̄)
又菜又爱玩(^・ω・^ )哈哈~