Xyctf2025

Zsm published on 2025-04-07 included in CTF

前言

25年开始以来打的最高质量的密码了？

题目

Division

抢了个血，怪不好意思的 task.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37


import random 
print('----Welcome to my division calc----')
print('''
menu:
      [1]  Division calc
      [2]  Get flag
''')
while True:
    choose = input(': >>> ')
    if choose == '1':
        try:
            denominator = int(input('input the denominator: >>> '))
        except:
            print('INPUT NUMBERS')
            continue
        nominator = random.getrandbits(32)
        if denominator == '0':
            print('NO YOU DONT')
            continue
        else:
            print(f'{nominator}//{denominator} = {nominator//denominator}')
    elif choose == '2':
        try:
            ans = input('input the answer: >>> ')
            rand1 = random.getrandbits(11000)
            rand2 = random.getrandbits(10000)
            correct_ans = rand1 // rand2
            if correct_ans == int(ans):
                print('WOW')
                with open('flag', 'r') as f:
                    print(f'Here is your flag: {f.read()}')
            else:
                print(f'NOPE, the correct answer is {correct_ans}')
        except:
            print('INPUT NUMBERS')
    else:
        print('Invalid choice')

第一时间拿到就知道是mt19937预测随机数，1里面输入1就可以拿到每次的随机数从而预测了 exp.py

Study nodejs 「4」

Zsm published on 2025-04-06 included in Nodejs

Redis

docker部署

本地是mac，加上初学不想污染环境，就用docker试试

1
2
3
4
5


docker pull redis
docker run -p 6379:6379 -d - redis-server --appendonly yes
docker rename funny_buck redis
docker exec -it redis redis-cli
//vsc中Database Client可以可视化

字符串命令

1

SET key value [NX|XX] [EX seconds] [PX milliseconds] [GET]

key：要设置的键名。 value：要设置的值。 NX：可选参数，表示只在键不存在时才设置值。 XX：可选参数，表示只在键已经存在时才设置值。 EX seconds：可选参数，将键的过期时间设置为指定的秒数。 PX milliseconds：可选参数，将键的过期时间设置为指定的毫秒数。 GET：可选参数，返回键的旧值。

Study nodejs「3」

Zsm published on 2025-04-06 included in Nodejs

MVC

这真的很java吧（）

安装依赖

npm install inversify reflect-metadata express inversify-express-util prisma class-validator class-transformer

(数据库的东西用的还是上次的，懒得搞了，然后有个版本问题，npm install inversify-express-utils要求inversify@6.0.3express@4.21.1 )

Study nodejs「2」

Zsm published on 2025-04-01 included in Nodejs

nodejs&mysql

现在学mysql和sqlserver(学校老师强制要求的)比较多，就先拿这些举例子了

mysql2

一个把nodejs&mysql&express连接的包，顺便使用js-yaml去写配置

Tamuctf2025

Zsm published on 2025-03-31 included in CTF

前言

这是一个国外学校的比赛，密码质量很高

题目

ECC

Can you get the secret key from the following two signed messages?

1st Message: “The secp256r1 curve was used.”

2nd Message: “k value may have been re-used.”

1st Signature r value: 91684750294663587590699225454580710947373104789074350179443937301009206290695

1st Signature s value: 8734396013686485452502025686012376394264288962663555711176194873788392352477

2nd Signature r value: 91684750294663587590699225454580710947373104789074350179443937301009206290695

2nd Signature s value: 96254287552668750588265978919231985627964457792323178870952715849103024292631

The flag is the secret key used to sign the messages. It will be in the flag format. task

Study Nodejs「1」

Zsm published on 2025-03-31 included in Nodejs

为什么学nodejs

可能是后面要接手一些项目，或者是些javaspring烦了，学学nodejs玩，目前感觉nodejs的生态还是不错的

npm的生命周期

第一开始也没想到这个还有生命周期的，就记录一下