tags: `writeup`

ais3-2023

misc

welcome

打開pdf手動輸入

robot

手動計算

crypto

fernet

將ciphertext用base64 decode，即可取得經過fernet加密後的內容，再將前16個字元取出，則取得PBKDF2所需要的salt，後面字元則是加密內容，因此使用fernet.decrypt解密便可獲得明文。

import os
import base64
from cryptography.fernet import Fernet
from Crypto.Hash import SHA256
from Crypto.Protocol.KDF import PBKDF2
import re

myciphertext = b'iAkZMT9sfXIjD3yIpw0ldGdBQUFBQUJrVzAwb0pUTUdFbzJYeU0tTGQ4OUUzQXZhaU9HMmlOaC1PcnFqRUIzX0xtZXg0MTh1TXFNYjBLXzVBOVA3a0FaenZqOU1sNGhBcHR3Z21RTTdmN1dQUkcxZ1JaOGZLQ0E0WmVMSjZQTXN3Z252VWRtdXlaVW1fZ0pzV0xsaUM5VjR1ZHdj'
myciphertext=base64.b64decode(myciphertext)
salt=myciphertext[:16]
myciphertext=myciphertext[16:]

password = 'mysecretpassword'
key = PBKDF2(password.encode(), salt, 32, count=1000, hmac_hash_module=SHA256)  
f = Fernet(base64.urlsafe_b64encode(key))  

def decrypt(ciphertext):
    plaintext=f.decrypt(ciphertext).decode()
    return plaintext

plaintext = decrypt(myciphertext)
print(plaintext)

web

在login page輸入
Username: admin
Password: ' OR 1=1 --
進入2fa頁面，然後修改網址2fa成dashboard
即可進入dashboard取得flag

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.

tags: writeup

ais3-2023

misc

welcome

robot

crypto

fernet

web

Login Panelb

結果

tags: `writeup`