log4j2 反弹shell
RSA解密方案
已有公钥,解密文本
公钥与私钥的产生
##计算过程
目的是得到 N e p q 从而解密
使用openssl计算模数N和指数e
openssl rsa -pubin -text -modulus -in warmup -in <public key file>
使用yafu对N进行因数分解
关于yafu的安装使用,请看这篇帖子:http://blog.shenghuo2.top/index.php/archives/40/
或者使用在线网站查询结果 http://factordb.com/
得到p q
使用脚本解密
import gmpy2
import rsa
p =
q =
N =
e =
d = int(gmpy2.invert((e,p - 1) * (q - 1)))
privatekey = rsa.PrivateKey(N,e,d,p,q)
s = open("xxx.enc","rb")
print rsa.decrypt(s.read().privatekey).decode()
yafu的安装与使用
介绍
YAFU (with assistance from other free software) uses the most powerful modern algorithms (and implementations of them) to factor input integers in a completely automated way. The automation within YAFU is state-of-the-art, combining factorization algorithms in an intelligent and adaptive methodology that minimizes the time to find the factors of arbitrary input integers. It is most optimized for general inputs up to 160 digits in size, although there is support for inputs much larger than that, if they have a special form. There are also specialized functions for handling lists of inputs and ranges of contiguous smaller inputs.
YAFU is primarily a command-line driven tool. You provide the number to factor and, via screen output and log files, YAFU will provide you the factors. But that’s not all! You also get an interactive environment similar to MATLAB or PARI/GP, where you can type commands and store results. The functionality of this interface is limited, but perhaps useful, and I have plans to make it better. YAFU also provides a vast amount of flexibility, through many many options and a very capable expression interpreter. If you know what you are doing, or if you read the documentation enough, you can customize the operation of YAFU a great deal. You should have received a copy of docfile.txt, which explains in some detail all of the available functions, how to use them, and how to influence their behavior.