题目说明:pyscript
1.打开链接后,界面如图所示,提示要输入密码并提交
2.重新访问首页,并对其抓包–>send to repeater–>go
在响应头中得到Ciphertext
在响应内容中得到一些题目提示
3.根据题目说明,这道题就是写python脚本
import hashlib
import requests
import re
def sha1(data):
s = hashlib.sha1()
s.update(data)
p = m.hexdigest()
return p
r01 = requests.get('http://106.75.108.111:1111')
b = r01.headers['Ciphertext']
cookie = r01.cookies
print b
code01 = r01.content
print code01
rex01 = re.findall(r'\+.{30}',code01)
print rex01
a = rex01[0][1:]
print a
num = '0123456789'
c = ''
for x in num:
for y in num:
for z in num:
if sha1(x+y+z+a)==b:
c = x+y+z
print c
password = c
print password
r02 = requests.post('http://106.75.108.111:1111',data={'pass':password},cookies=cookie)
code02 = r02.content
print code02
rex02 = re.findall(r'[0-9\*\+\-]+\s{1}-->',code02)
print rex02
print rex02[0][:-4]
key = eval(rex02[0][:-4])
r03 = requests.post('http://106.75.108.111:1111',data={'pass':key},cookies=cookie)
print r03.content4.在编写脚本,运行脚本的过程中发现,进入了首页还不能get flag,还要再对返回页面中的一串式子进行数学计算
运行脚本,get flag!
