2022 数据安全大赛 部分题目 Writeup
数据安全
问卷调查
填完问卷即可
sneakshot
肉眼观察发现,绝密两个字下面有疑似文字,但是需要调整对比度
使用 StegSolve Random Color Map 重复 Random 直到清晰可见
肉眼读出 Flag 得 flag{22538e2282}
你这ECB保熟吗
题目
#!/usr/local/bin/python -u
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad
from Crypto.Util.strxor import strxor
from more_itertools import ichunked
BLOCK = AES.block_size
FLAG = open('flag.txt', 'rb').read().strip()
def encrypt_block(k, pt):
cipher = AES.new(k, AES.MODE_ECB)
return cipher.encrypt(pt)
def encrypt(k, pt):
assert len(k) == BLOCK
pt = pad(pt, BLOCK)
ct = b''
for bk in ichunked(pt, BLOCK):
ct += strxor(encrypt_block(k, k), bytes(bk))
return ct
def main():
k = get_random_bytes(BLOCK)
enc = encrypt(k, FLAG)
print(f'> {enc.hex()}')
pt = bytes.fromhex(input('< '))[:BLOCK]
enc = encrypt(k, pt)
print(f'> {enc.hex()}')
if __name__ == '__main__':
main()这里程序会先输出一个加密的flag,然后再读取输入再加密一次并输出,两次的key都是一样的,再看加密操作其实就是一个异或,那我再加密一次密文就可以异或回去得到flag了,写wp的时候环境关了,flag好像是flag{U_got_it}?记不太清了
数据分析
泄露溯源定位 1
查看 Wireshark 的流追踪,在 Stream 11 里找到数据库用户
泄露溯源定位 2
通过 GitHub 查找 dataUser3 在 Python 语言内找到疑似泄漏点
表名符合题目中的流量数据,
即可得
https://github.com/Tristan-Hao/Green-Berry/blob/main/catalogue.py
SQLpacket1
浏览 Wireshark,有个执行 ls 的命令,查看原始数据丢到 CyberChef,解 Gzip 得
Stream 185
SQLpacket2
在逛流量包的时候发现了一个单 HTTP 大流量包
Stream 197
转成原始数据提取数据段
Hex 转 明文 发现是 base64 而不是之前 behinder 流量然后解 base64 发现是 hex,hex 解密后在结尾发现了 secret1
SQLpacket5
在207的时候看到
所以往前找几个发现201中有东西,解码得出文件名
账号泄密追踪1
记得昨天的溯源题就是Green Barry 直接把代码拉下来,全局搜索找到
url: https://github.com/Tristan-Hao/Green-Berry/blob/main/scrubbers.py
账号泄密追踪2
搜索qingmei找到https://gitee.com/datasecurity-qunzhong/qing-mei-login/blob/master/scrubbers.py
账号泄密追踪3
搜索dataUser3找到
在登录验证找到
账号泄密追踪4
知乎搜qingmei后台 https://zhuanlan.zhihu.com/p/521587651
账号泄密追踪5
bing搜索引擎直接搜key就搜到了https://blog.csdn.net/haoxin1983/article/details/125905827
BlueTeam1
在Security.evtx中看到有好几个用户,有newguset,ming,link3,miao等
通过process monitor 看到如下
用户ming通过word.exe ,执行了命令,所以这里就是ming
BlueTeam2
这里再Security.evtx筛选4624(登录成功),4625(登录失败)
再一堆连续登录失败后迎来一波登录成功
查看首次登录的信息
可以看到logonType 为10 即RDP ,所以为192.168.13.1:3389
BlueTeam3
第一问中看到通过word这里弹了个cmd,并且去执行whoami,所以猜测这里应该是个word文档,最后找到
helper.doc
BlueTeam4
两个可疑进程
在进程树中找到验证了答案
BlueTeam5
找到了这些,试了几个最后尝试身份证信息时出了
数据算法
敏感数据识别
给了个文本,需要在其中提取出PhoneNo、IMEI、BankCard、IPv4、Email五种数据类型
对于Email,首先利用正则匹配表达式:
([\\w-]+(\\.[\\w-]+)*@[\\w-]+(\\.[\\w-]+)+)
以上表达式匹配出来的邮箱包括 cox.net.These 、 1.125 等经过提交测试发现是错误的格式,可以直接剔除
匹配邮箱代码
# 邮箱
if '@' in content:
#ret=get_findAll_emails(content)
# print(ret)
reg_str1 = r'([\\w-]+(\\.[\\w-]+)*@[\\w-]+(\\.[\\w-]+)+)'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
# for item in items:
# if isyx(item[0]):
# pH_label_file.write(str(cnt)+",Email,"+item[0]+"\\n")
for item in items:
if "cox.net.These" in item[0]:
print(item[0])
continue
#print(item[0])
if isyx(item[0]):
if "1.125" in item[0]:
break
pH_label_file.write(str(cnt)+",Email,"+item[0]+"\\n")
break
对于Email,首先利用正则匹配表达式:
\\D(?:\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D
(\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D
\\D(\\d{1,3}\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)$
((25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)
匹配IP代码:
def getip(str):
result = re.findall(r'\\D(?:\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D', str)
ret_start = re.match(r'(\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D', str)
if ret_start:
result.append(ret_start.group())
ret_end = re.search(r'\\D(\\d{1,3}\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)$', str)
if ret_end:
result.append(ret_end.group())
ip_list = []
for r in result:
ret = re.search(r'((25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)', r)
if ret:
ip_list.append(ret.group())
return ip_list
# 处理IPv4
arr=getip(content)
for ip in arr:
pH_label_file.write(str(cnt)+",IPv4,"+ip+"\\n")
接下来匹配电话号码,存在xxx-xxx-xxx或xxx xxx xxx或xxx/xxx/xxx 或+86之类的格式,正则表达式:
然后利用题目限制的前缀进行筛选
匹配电话号码代码:
# 电话号码
reg_str1 = r'[\\d|\\ |\\-|\\+|\\(|\\)|\\/]{11,210}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
item=item.lstrip('-')
item=item.lstrip(' ')
item=item.lstrip('-')
item=item.lstrip('/')
item=item.lstrip('-')
item=item.lstrip(' ')
item=item.lstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip(' ')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('/')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip(' ')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
try:
sum2=0
sum3=0
sum4=0
for i in item:
if i=='-':
sum2=sum2+1
if i==' ':
sum3=sum3+1
if i=='+':
sum4=sum4+1
if sum2>2 or sum2==1 or sum4>=2:
#print(item)
continue
if "(+86)" in item:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
continue
strr=item
if item[0]=='8' and item[1]=='6':
strr=item[2:]
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
elif item[1]=='8' and item[2]=='6' and item[0]=='+':
strr=item[3:]
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
else:
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
except:
#print("cuowu")
#print(item)
pass
再然后匹配IMEI
可以利用前后文信息进行筛选,长度为15,但存在空格所以匹配表达式:
[\\d | ]{14,20}
py代码
# IMEI信息
reg_str1 = r'[\\d | ]{14,20}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
if "BankCard" in content or "bankCard" in content or "bankNo" in content or "cardNo" in content:
cntt=cntt+1
continue
item=item.rstrip()
item=item.lstrip()
if "imei" in content:
pH_label_file.write(str(cnt)+",IMEI,"+item+"\\n")
continue
# if "id" in content:
# continue
stttt=item.replace(" ","")
cj=stttt[0]+stttt[1]
num=int(cj)
flag=0
for id in mime:
if id==num:
flag=1
break
stt=item
stt=stt.replace("-","")
stt=stt.replace(" ","")
if len(stt)!=15:
#print(stt+"66666666->"+str(flag))
continue
if flag==1 and checkLuhn(item):
pH_label_file.write(str(cnt)+",IMEI,"+item+"\\n")
continue
最后是银行卡信息,13-16位或19位,存在-,所以匹配表达式:
[\\d|-]{13,25}
也可以利用前后文信息进行筛选,py代码:
#银行卡信息
reg_str1 = r'[\\d|-]{13,25}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
if "imei" in content:
continue
if "BankCard" in content or "bankCard" in content or "bankNo" in content or "cardNo" in content:
pH_label_file.write(str(cnt)+",BankCard,"+item+"\\n")
continue
flag=0
sum2=0
for i in item:
if(isnum(i)):
flag=1
if i=='-':
sum2=sum2+1
if flag==0:
continue
if item[0]=='-' or item[1]=='-' or item[2]=='-':
continue
num=int(item[0])*100+int(item[1])*10+int(item[2])
flag=0
for id in banks:
if id==str(num):
flag=1
break
ssss=item.replace(" ","")
ssss=ssss.replace("-","")
ssss=ssss.replace("/","")
if len(ssss)>=17 and len(ssss)<=18:
continue
if len(ssss)<=11:
continue
stmp=item[0:]
if stmp[0]=='8' and stmp[1]=='6':
num2=int(stmp[2])*100+int(stmp[3])*10+int(stmp[4])
for idd in phone:
if idd==num2:
flag=0
break
if sum2!=2 and flag==1 and checkLuhn(item):
stt=item
stt=stt.replace(" ","")
if len(stt)==15:
sumsum=0
for ii in item:
if ii==' ':
sumsum=sumsum+1
if sumsum<3:
continue
else:
print(item)
pH_label_file.write(str(cnt)+",BankCard,"+item+"\\n")
py总代码 最终得分944分
from operator import le
from pickle import FALSE, TRUE
import re
import string
from turtle import st
import ipaddress
import sys
def valid_ip(ip):
try:
#判断 python 版本
if sys.version_info[0] == 2:
ipaddress.ip_address(ip.strip().decode("utf-8"))
elif sys.version_info[0] == 3:
ipaddress.ip_address(bytes(ip.strip().encode("utf-8")))
return True
except Exception as e:
return False
file2=open(r'C:\\Users\\ouyunfeng\\Desktop\\pyacm.txt','r')
file2_contents=file2.readlines()
banks=[]
for content in file2_contents:
content=content.replace("\\n","")
banks.append(content)
mime=[11,12,13,14,15,16,20,21,22,23,24,25,27,31,32,3637,38,39,40,41,42,43,48,60,61,62,63,72,85,87]
phone=[230,
231,
232,
233,
234,
235,
236,
237,
238,
245,
246,
247,
248,
250,
251,
252,
253,
255,
256,
257,
258,
262,
265,
266,
267,
270,
271,
272,
273,
274,
275,
276,
277,
278,
280,
281,
282,
283,
284,
285,
286,
287,
288,
290,
291,
292,
295,
296,
297,
298
]
def isisbank(strr):
strr2=strr.replace(" ","")
strr2=strr2.replace("-","")
strr2=strr2.replace("/","")
if len(strr2)<2:
return False
st0t=strr2[0]+strr2[1]+strr2[3]
num=st0t
for id in banks:
if str(id)==num:
return True
print(num)
return False
def isisimie(strr):
strr2=strr.replace(" ","")
strr2=strr2.replace("-","")
strr2=strr2.replace("/","")
if len(strr2)<2:
return False
st0t=strr2[0]+strr2[1]
num=int(st0t)
for id in mime:
if id==num:
return True
return False
def isnum(s):
try:
float(s)
return True
except ValueError:
pass
try:
import unicodedata
unicodedata.numeric(s)
return True
except (TypeError, ValueError):
pass
return False
def luhn(stt):
card_no=stt.replace("-","")
digits = [int(x) for x in reversed(card_no)]
even_digits = [d * 2 for d in digits[1::2]]
even_digits = [d // 10 + d % 10 for d in even_digits]
even_sum = sum(even_digits)
odd_sum = sum(digits[::2])
if (odd_sum + even_sum) % 10 == 0:
return True
else:
return False
def luhn_checksum(stt):
card_number=stt.replace("-","")
def digits_of(n):
return [int(d) for d in str(n)]
digits = digits_of(card_number)
odd_digits = digits[-1::-2]
even_digits = digits[-2::-2]
checksum = 0
checksum += sum(odd_digits)
for d in even_digits:
d_0 = 2*d
d_1 = d_0 // 10
d_2 = d_0 % 10
checksum += d_1
checksum += d_2
return checksum % 10
def isimei(imei):
try:
imeiChar = list(imei)
resultInt = 0
i = 0
while i < len(imeiChar) - 1:
a = int(imeiChar[i])
i += 1
temp = int(imeiChar[i]) * 2
b = (temp - 9, temp)[temp < 10]
resultInt += a + b
i += 1
resultInt %= 10
resultInt = (10 - resultInt, 0)[resultInt == 0]
crc = int(imeiChar[14])
return resultInt == crc
except:
return False
def checkLuhn(purportedCC=''):
purportedCC=purportedCC.replace(" ","")
purportedCC=purportedCC.replace("-","")
try:
sum_ = 0
parity = len(purportedCC) % 2
for i, digit in enumerate([int(x) for x in purportedCC]):
if i % 2 == parity:
digit *= 2
if digit > 9:
digit -= 9
sum_ += digit
return sum_ % 10 == 0
except:
# print(purportedCC)
pass
def getip(str):
result = re.findall(r'\\D(?:\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D', str)
ret_start = re.match(r'(\\d{1,3}\\.){3}(?:25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\D', str)
if ret_start:
result.append(ret_start.group())
ret_end = re.search(r'\\D(\\d{1,3}\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)$', str)
if ret_end:
result.append(ret_end.group())
ip_list = []
for r in result:
ret = re.search(r'((25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)\\.){3}(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]?\\d)', r)
if ret:
ip_list.append(ret.group())
return ip_list
def isyx(strr2):
strr=r'^[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+){0,4}$'
if re.match(strr,strr2):
return True
def get_findAll_emails(text):
"""
:param text: 文本
:return: 返回电子邮件列表
"""
emails = re.findall(r'([\\w\\.-]+)@([\\w\\.-]+)(\\.[\\w\\.]+)', text)
print(emails[0])
return emails
file=open(r'C:\\Users\\ouyunfeng\\Desktop\\数据文件样例\\sens_data.txt','r')
file_contents=file.readlines()
pH_label_file=open(r'C:\\Users\\ouyunfeng\\Desktop\\数据文件样例\\result.txt','w')
cnt=0
cntt=0
for content in file_contents:
cnt=cnt+1
# 处理IPv4
arr=getip(content)
for ip in arr:
pH_label_file.write(str(cnt)+",IPv4,"+ip+"\\n")
# 邮箱
if '@' in content:
#ret=get_findAll_emails(content)
# print(ret)
reg_str1 = r'([\\w-]+(\\.[\\w-]+)*@[\\w-]+(\\.[\\w-]+)+)'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
# for item in items:
# if isyx(item[0]):
# pH_label_file.write(str(cnt)+",Email,"+item[0]+"\\n")
for item in items:
if "cox.net.These" in item[0]:
print(item[0])
continue
#print(item[0])
if isyx(item[0]):
if "1.125" in item[0]:
break
pH_label_file.write(str(cnt)+",Email,"+item[0]+"\\n")
break
# IMEI信息
reg_str1 = r'[\\d | ]{14,20}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
if "BankCard" in content or "bankCard" in content or "bankNo" in content or "cardNo" in content:
cntt=cntt+1
continue
item=item.rstrip()
item=item.lstrip()
if "imei" in content:
pH_label_file.write(str(cnt)+",IMEI,"+item+"\\n")
continue
# if "id" in content:
# continue
stttt=item.replace(" ","")
cj=stttt[0]+stttt[1]
num=int(cj)
flag=0
for id in mime:
if id==num:
flag=1
break
stt=item
stt=stt.replace("-","")
stt=stt.replace(" ","")
if len(stt)!=15:
#print(stt+"66666666->"+str(flag))
continue
if flag==1 and checkLuhn(item):
pH_label_file.write(str(cnt)+",IMEI,"+item+"\\n")
continue
# 电话号码
reg_str1 = r'[\\d|\\ |\\-|\\+|\\(|\\)|\\/]{11,210}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
item=item.lstrip('-')
item=item.lstrip(' ')
item=item.lstrip('-')
item=item.lstrip('/')
item=item.lstrip('-')
item=item.lstrip(' ')
item=item.lstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip(' ')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('/')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip(' ')
item=item.rstrip(')')
item=item.rstrip('(')
item=item.rstrip('-')
item=item.rstrip(')')
item=item.rstrip('(')
try:
sum2=0
sum3=0
sum4=0
for i in item:
if i=='-':
sum2=sum2+1
if i==' ':
sum3=sum3+1
if i=='+':
sum4=sum4+1
if sum2>2 or sum2==1 or sum4>=2:
#print(item)
continue
if "(+86)" in item:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
continue
strr=item
if item[0]=='8' and item[1]=='6':
strr=item[2:]
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
elif item[1]=='8' and item[2]=='6' and item[0]=='+':
strr=item[3:]
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
else:
strr=strr.replace(" ","")
strr=strr.replace("-","")
strr=strr.replace("/","")
if len(strr)!=11:
continue
num=int(strr[0])*100+int(strr[1])*10+int(strr[2])
flag=0
for id in phone:
if num==id:
flag=1
break
if flag==1:
pH_label_file.write(str(cnt)+",PhoneNo,"+item+"\\n")
except:
#print("cuowu")
#print(item)
pass
#银行卡信息
reg_str1 = r'[\\d|-]{13,25}'
str1=content
mod = re.compile(reg_str1)
items = mod.findall(str1)
for item in items:
if "imei" in content:
continue
if "BankCard" in content or "bankCard" in content or "bankNo" in content or "cardNo" in content:
pH_label_file.write(str(cnt)+",BankCard,"+item+"\\n")
continue
flag=0
sum2=0
for i in item:
if(isnum(i)):
flag=1
if i=='-':
sum2=sum2+1
if flag==0:
continue
if item[0]=='-' or item[1]=='-' or item[2]=='-':
continue
num=int(item[0])*100+int(item[1])*10+int(item[2])
flag=0
for id in banks:
if id==str(num):
flag=1
break
ssss=item.replace(" ","")
ssss=ssss.replace("-","")
ssss=ssss.replace("/","")
if len(ssss)>=17 and len(ssss)<=18:
continue
if len(ssss)<=11:
continue
stmp=item[0:]
if stmp[0]=='8' and stmp[1]=='6':
num2=int(stmp[2])*100+int(stmp[3])*10+int(stmp[4])
for idd in phone:
if idd==num2:
flag=0
break
if sum2!=2 and flag==1 and checkLuhn(item):
stt=item
stt=stt.replace(" ","")
if len(stt)==15:
sumsum=0
for ii in item:
if ii==' ':
sumsum=sumsum+1
if sumsum<3:
continue
else:
print(item)
pH_label_file.write(str(cnt)+",BankCard,"+item+"\\n")
# print(cntt)
感谢观看我的博客~
2022 数据安全大赛 部分题目 Writeup
https://www.wd-ljt.com/post/1026/906.html
来源于问谛居,转载记得联系作者哟~
2022 数据安全大赛 部分题目 Writeup
https://www.wd-ljt.com/post/1026/906.html
来源于问谛居,转载记得联系作者哟~
THE END
0
二维码
海报
2022 数据安全大赛 部分题目 Writeup
2022 全国首届数据安全大赛 Writeup ,有部分题目的 Writeup 。敏感数据泄露题实在是太折腾了,改了不知道多少次,直接一个人改了 2 天最后也就 90% 的正确率。
共有 0 条评论