{"id":127,"date":"2026-04-21T21:32:07","date_gmt":"2026-04-21T13:32:07","guid":{"rendered":"https:\/\/blog.lmoon.cn\/?p=127"},"modified":"2026-04-21T21:49:43","modified_gmt":"2026-04-21T13:49:43","slug":"%e5%b9%bf%e6%92%ad%e6%94%bb%e5%87%bb","status":"publish","type":"post","link":"https:\/\/blog.lmoon.cn\/index.php\/2026\/04\/21\/%e5%b9%bf%e6%92%ad%e6%94%bb%e5%87%bb\/","title":{"rendered":"\u5e7f\u64ad\u653b\u51fb"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u9898\u76ee\u9644\u4ef6<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>from Crypto.Util.number import *\nimport os\n\nflag = os.getenv('FLAG')\nm = bytes_to_long(flag.encode())\ne = 127\n\ndef enc():\n    p = getPrime(512)\n    q = getPrime(512)\n    n = p * q\n    c = pow(m, e, n)\n    print(f\"n: {n}\")\n    print(f\"c: {c}\")\n\ndef main():\n    while True:\n        opt = int(input('input&gt; '))\n        if opt == 1:\n            enc()\n\nmain()<\/code><\/pre>\n\n\n\n<p>\u8fd9\u4e2a\u9898\u76ee\u662f\u4e00\u4e2a nc \u4ea4\u4e92\u9898\u3002\u8f93\u5165 <code>1<\/code> \u540e\uff0c\u4f1a\u8fd4\u56de\u4e00\u7ec4 <code>n<\/code> \u548c <code>c<\/code>\u3002\u6574\u4f53\u53ef\u4ee5\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>nc \u4ea4\u4e92\u83b7\u53d6\u591a\u7ec4\u6570\u636e<\/li>\n\n\n\n<li>\u5e7f\u64ad\u653b\u51fb\u6838\u5fc3\u6062\u590d\u601d\u8def<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">\u6838\u5fc3\u89e3\u9898\u601d\u8def<\/h2>\n\n\n\n<p>\u5148\u53d6 3 \u7ec4\u6837\u4f8b\u6570\u636e\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>n1 =70844145380729121689042179671798733881975329856761939850171752214823212246819254325085137523878838518683033486321140227564195821302470530087298175180779444846735655805185383888454159481670053851137632425200706587102387363498091099168844742773157191513054556569633400401836921550623390278705902041689110628821\nc1 =39377557129230727331588492964128705313365217735794107700022103774211600867964055418333428743450465576975381733419385246472201501289956353670502547893054521741083727113137880753972968308414646985751514893276199015704408639367429204858772444283716022166480015468762528236678841923434863415407096045428958200104\n\nn2 =104661596971729125609664258071225101020901182352881021435283223313361149923035006105660951920227284897624330191260013324092215299042837083191330316682595017058617742766260572441602301402032303173578154206734148898468443309695082495748636535931931663677696921827743890264879554581651729546858628147274513669423\nc2 =52201025883492290928072490395999196214244709544941261790925153003812278762067495185462224994894251408010283429336786117173672349595411486994806941575001044727554731633048817689219991055145211130781041824473253604936377910160563108876708194964220125756515332220992925726544025195546700629851687175750317940351\n\nn3 =160052091746750258656931530936337101822651205964654375395268842062518806679785546572535030895643797832480239353681805541497458614613079714911961444355640405823071959997481914694149355383698738729483372311724190558913687059151889524221341892049588622681521612731548573660764940041062640546023864845618929295021\nc3 =52201025883492290928072490395999196214244709544941261790925153003812278762067495185462224994894251408010283429336786117173672349595411486994806941575001044727554731633048817689219991055145211130781041824473253604936377910160563108876708194964220125756515332220992925726544025195546700629851687175750317940351<\/code><\/pre>\n\n\n\n<p>\u5bf9\u4e8e\u6bcf\u4e00\u7ec4\u6570\u636e\uff0c\u90fd\u6ee1\u8db3\uff1a<\/p>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nm^e \\equiv c_i \\pmod{n_i}\n\n<\/span>\n\n\n\n<p>\u4e5f\u5c31\u662f\u8bf4\u540c\u4e00\u4e2a\u660e\u6587\u5bf9\u5e94\u7684 <span class=\"katex-eq\" data-katex-display=\"false\">m^e<\/span> \u5bf9\u6bcf\u4e2a <span class=\"katex-eq\" data-katex-display=\"false\">n_i<\/span> \u53d6\u6a21\u540e\u90fd\u80fd\u56de\u5230\u5bf9\u5e94\u7684 <span class=\"katex-eq\" data-katex-display=\"false\">c_i<\/span>\u3002<\/p>\n\n\n\n<p>\u7b49\u4ef7\u5199\u6cd5\u662f\uff1a<\/p>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nc_i \\equiv m^e \\pmod{n_i}\n\n<\/span>\n\n\n\n<p>\u73b0\u5728\u6784\u9020\u5355\u9879\u5f0f <span class=\"katex-eq\" data-katex-display=\"false\">T_i<\/span>\uff1a<\/p>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nT_i = c_i \\cdot M_i \\cdot y_i\n\n<\/span>\n\n\n\n<p>\u5176\u4e2d\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span class=\"katex-eq\" data-katex-display=\"false\">N = \\prod_{j=1}^{k} n_j<\/span><\/li>\n\n\n\n<li><span class=\"katex-eq\" data-katex-display=\"false\">M_i = \\dfrac{N}{n_i}<\/span><\/li>\n\n\n\n<li><span class=\"katex-eq\" data-katex-display=\"false\">y_i<\/span> \u662f <span class=\"katex-eq\" data-katex-display=\"false\">M_i<\/span> \u5728\u6a21 <span class=\"katex-eq\" data-katex-display=\"false\">n_i<\/span> \u4e0b\u7684\u9006\u5143\uff0c\u5373\uff1a<\/li>\n<\/ul>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nM_i y_i \\equiv 1 \\pmod{n_i}\n\n<\/span>\n\n\n\n<p>\u4e8e\u662f\u53ef\u5f97\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5f53\u9a8c\u8bc1\u7b2c <span class=\"katex-eq\" data-katex-display=\"false\">i<\/span> \u7ec4\u65f6\uff0c<span class=\"katex-eq\" data-katex-display=\"false\">T_i \\equiv c_i \\pmod{n_i}<\/span><\/li>\n\n\n\n<li>\u5bf9\u4e8e\u5176\u4ed6\u7ec4\uff0c\u56e0 <span class=\"katex-eq\" data-katex-display=\"false\">M_i<\/span> \u542b\u5bf9\u5e94\u6a21\u56e0\u5b50\uff0c\u8d21\u732e\u5728\u8be5\u6a21\u4e0b\u4e3a <span class=\"katex-eq\" data-katex-display=\"false\">0<\/span><\/li>\n<\/ul>\n\n\n\n<p>\u6700\u540e\u628a\u6240\u6709 <span class=\"katex-eq\" data-katex-display=\"false\">T_i<\/span> \u76f8\u52a0\uff1a<\/p>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nX = \\sum_{i=1}^{k} c_i M_i y_i\n\n<\/span>\n\n\n\n<p>\u5219\u6709\uff1a<\/p>\n\n\n<span class=\"katex-eq\" data-katex-display=\"true\">\n\nX \\equiv c_i \\pmod{n_i}, \\quad i = 1,2,\\dots,k\n\n<\/span>\n\n\n\n<p>\u56e0\u6b64\u53ef\u7531\u4e2d\u56fd\u5269\u4f59\u5b9a\u7406\u91cd\u6784\u51fa <span class=\"katex-eq\" data-katex-display=\"false\">m^e<\/span>\uff0c\u518d\u5f00 <span class=\"katex-eq\" data-katex-display=\"false\">e<\/span> \u6b21\u65b9\u6062\u590d <span class=\"katex-eq\" data-katex-display=\"false\">m<\/span>\u3002\u53e6\u5916\u8981\u4fdd\u8bc1\u6536\u96c6\u5230\u7684\u7ec4\u6570\u81f3\u5c11\u6ee1\u8db3\u653b\u51fb\u9700\u6c42\uff08\u901a\u5e38\u9700\u8db3\u591f\u591a\u7ec4\uff0c\u4e14\u6a21\u6570\u6761\u4ef6\u6ee1\u8db3\uff09\u3002<\/p>\n\n\n\n<p>\u540e\u9762\u5c31\u662f\u4ee3\u7801\u9a8c\u8bc1\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>T = 0\nN = 1\nfor i in n_list:\n    N *= i\n\n# \u6c42 T\nfor i in range(len(c_list)):\n    M = N \/\/ n_list&#091;i]\n    y = gmpy2.invert(M, n_list&#091;i])\n    T += (M * y * c_list&#091;i]) % N\n    T = T % N\n\nprint(T)\nm = iroot(T, e)\nprint(m&#091;1])\nprint(long_to_bytes(m&#091;0]))<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u7ec8\u7aef\u4ea4\u4e92<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>import gmpy2\nfrom gmpy2 import iroot\nfrom pwn import *\nimport re\n\nfrom Crypto.Util.number import long_to_bytes\n\nn_list = &#091;]\nc_list = &#091;]\ne = 127\n\nio = remote('10.10.70.220', 60271)\nfor i in range(e):\n    io.recvuntil(b\"input&gt;\")\n    io.sendline(b\"1\")\n    io.recvline()\n    data = io.recvline()\n    data += io.recvline()\n    data_str = data.decode()\n\n    n = re.search(r'n&#091;:=]\\s*(\\d+)', data_str)\n    c = re.search(r'c&#091;:=]\\s*(\\d+)', data_str)\n    if n and c:\n        n_list.append(int(n.group(1)))\n        c_list.append(int(c.group(1)))\n\nio.close()\n\nprint(len(n_list))\nprint(len(c_list))<\/code><\/pre>\n\n\n\n<p>\u6574\u5408\u7248\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>import gmpy2\nfrom gmpy2 import iroot\nfrom pwn import *\nimport re\n\nfrom Crypto.Util.number import long_to_bytes\n\nn_list = &#091;]\nc_list = &#091;]\ne = 127\n\nio = remote('', )\nfor i in range(e):\n    io.recvuntil(b\"input>\")\n    io.sendline(b\"1\")\n    io.recvline()\n    data = io.recvline()\n    data += io.recvline()\n    data_str = data.decode()\n\n    n = re.search(r'n&#091;:=]\\s*(\\d+)', data_str)\n    c = re.search(r'c&#091;:=]\\s*(\\d+)', data_str)\n    if n and c:\n        n_list.append(int(n.group(1)))\n        c_list.append(int(c.group(1)))\n\nio.close()\n\nprint(len(n_list))\nprint(len(c_list))\n\nT = 0\nN = 1\nfor i in n_list:\n    N *= i\n\n# \u6c42 T\nfor i in range(len(c_list)):\n    M = N \/\/ n_list&#091;i]\n    y = gmpy2.invert(M, n_list&#091;i])\n    T += (M * y * c_list&#091;i]) % N\n    T = T % N\n\nprint(T)\nm = iroot(T, e)\nprint(m&#091;1])\nprint(long_to_bytes(m&#091;0]))<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u9898\u76ee\u9644\u4ef6 \u8fd9\u4e2a\u9898\u76ee\u662f\u4e00\u4e2a nc \u4ea4\u4e92\u9898\u3002\u8f93\u5165 1 \u540e\uff0c\u4f1a\u8fd4\u56de\u4e00\u7ec4 n \u548c c\u3002\u6574\u4f53\u53ef\u4ee5\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a \u6838\u5fc3\u89e3\u9898 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":129,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-127","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-learn"],"_links":{"self":[{"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/posts\/127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/comments?post=127"}],"version-history":[{"count":5,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/posts\/127\/revisions"}],"predecessor-version":[{"id":141,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/posts\/127\/revisions\/141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/media\/129"}],"wp:attachment":[{"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/media?parent=127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/categories?post=127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lmoon.cn\/index.php\/wp-json\/wp\/v2\/tags?post=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}