Study nodejs「2」

Zsm published on 2025-04-01 included in Nodejs

nodejs&mysql

现在学mysql和sqlserver(学校老师强制要求的)比较多，就先拿这些举例子了

mysql2

一个把nodejs&mysql&express连接的包，顺便使用js-yaml去写配置

Tamuctf2025

Zsm published on 2025-03-31 included in CTF

前言

这是一个国外学校的比赛，密码质量很高

题目

ECC

Can you get the secret key from the following two signed messages?

1st Message: “The secp256r1 curve was used.”

2nd Message: “k value may have been re-used.”

1st Signature r value: 91684750294663587590699225454580710947373104789074350179443937301009206290695

1st Signature s value: 8734396013686485452502025686012376394264288962663555711176194873788392352477

2nd Signature r value: 91684750294663587590699225454580710947373104789074350179443937301009206290695

2nd Signature s value: 96254287552668750588265978919231985627964457792323178870952715849103024292631

The flag is the secret key used to sign the messages. It will be in the flag format. task

Study Nodejs「1」

Zsm published on 2025-03-31 included in Nodejs

为什么学nodejs

可能是后面要接手一些项目，或者是些javaspring烦了，学学nodejs玩，目前感觉nodejs的生态还是不错的

npm的生命周期

第一开始也没想到这个还有生命周期的，就记录一下

HTB Alert&LinkVortex&code

Zsm published on 2025-03-24 included in 靶场

靶场链接

https://app.hackthebox.com/machines/Alert https://app.hackthebox.com/machines/LinkVortex code是本周靶机哎

笔记

HTB的靶场质量都很高，不想像其他的一样写很多没用的东西，主要写学到的东西和靶机概况

whatweb

可以自动分析网站的响应并识别出使用的Web框架、CMS、服务器、JavaScript库等技术组件，一般情况下whatweb -v输出的比较详细，而且好看， WhatWeb 有 4 种扫描级别，通过数字 1~4 选择，默认为1：

2025PolarCTF春季赛

Zsm published on 2025-03-22 included in CTF

前言

去南京的路上，顺手写写

题目

crypto

RSA1-2

task

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76


import os
from Crypto.Util.number import *
from typing import Union
from flag import flag

bits = 512


def polar(msg: Union[bytes, bytearray], length: int) -> bytes:
    assert length > len(msg), "指定的长度必须大于原始消息长度加 1。"
    return bytes(msg) + b'\x00' + os.urandom(length - len(msg) - 1)


def unpolar(msg: Union[bytes, bytearray]) -> bytes:
    msg = bytes(msg)
    assert b'\x00' in msg, "输入的字节串中不包含分隔符。"
    return msg.split(b'\x00')[0]


def getflag1(m):
    result = []
    for i in range(2):
        result.append(getPrime(bits))
    p, q = result
    if p <= q:
        p, q = q, p
    e = 0x10001
    n = p * q
    c = pow(m, e, n)
    hint = pow(2024 * p + 2025, q, n)
    print('---------- getflag 1 ----------')
    print(f'{c = }')
    print(f'{n = }')
    print(f'{hint = }')


def getflag2(m):
    result = []
    for i in range(2):
        result.append(getPrime(bits))
    p, q = result
    n = p * q
    hint1 = pow(m, p, n)
    hint2 = pow(m, q, n)
    print('---------- getflag 2 ----------')
    print(f'{hint1 = }')
    print(f'{hint2 = }')
    print(f'{n = }')



def getflag3(m):
    result = []
    for i in range(2):
        result.append(getPrime(bits))
    p, q = result
    e = 0x10001
    n = p * q
    g = 20242025
    hint = pow(g + p * 1111, e, n)
    c = pow(m, e, n)
    print('---------- getflag 3 ----------')
    print(f'{c = }')
    print(f'{n = }')
    print(f'{hint = }')


assert len(flag) == 42
mm = []
for i in range(0, 42, 14):
    mm.append(bytes_to_long(polar(flag[i:i + 14], bits // 4 - 1)))

m1, m2, m3 = mm
getflag1(m1)
getflag2(m2)
getflag3(m3)

三个很经典的数论题堆到了一起，额，后面补长度，其实没啥区别，直接写就行了，如果想看细节推导的话，可以等我下周写（

Hgctf2025

Zsm published on 2025-03-09 included in CTF

前言

质量挺高的一场新生赛，老登大乱斗（），这里只写一部分wp

crypto题目

baby_factor

task

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16


from Crypto.Util.number import *
def create():
    pl  = []
    for i in range(3):
        pl.append(getPrime(1024))
    return sorted(pl)
pl = create()
m=b'NSSCTF{xxx}'
p,q,r = pl[0],pl[1],pl[2]
e = 65537
n = p*q*r
phi = (p-1)*(q-1)*(r-1)
c=pow(bytes_to_long(m),e,n)
print(f'n={n}')
print(f'phi={phi}')
print(f'c={c}')

好像是出题人数据问题 exp