今天写的三道CTF题的Python脚本 | Dayu's Blog

今天写的三道CTF题的Python脚本

0x01 快速口算

小明要参加一个高技能比赛,要求每个人都要能够快速口算四则运算,2秒钟之内就能够得到结果,但是小明就是一个小学生没有经过特殊的培训,那小明能否通过快速口算测验呢?
题目地址:

1
http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php

代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import urllib
import urllib.request

def main():
url='http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php'
req = urllib.request.Request(url)
req.add_header("Cookie","PHPSESSID=dc45c388824b53d0bc61b03b153b4813")
response = urllib.request.urlopen(req)
html = response.read().decode('utf-8')
a = html.find('<br/>')
b = html.find('=',a)
res= eval(html[a+7:b])
params = {'v':res};
params = urllib.parse.urlencode(params).encode('utf-8')
response = urllib.request.urlopen(req, params)
print (response.read().decode('utf-8'))

main()

0x02 百米

100米你能跑多快? 预备,跑!
题目地址:

1
http://ctf5.shiyanbar.com/jia/

代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import urllib
import urllib.request

def main():
url='http://ctf5.shiyanbar.com/jia/index.php'
req = urllib.request.Request(url)
req.add_header("Cookie","PHPSESSID=09jdaa5u9n5u481iujpd56i7u6; Hm_lvt_34d6f7353ab0915a4c582e4516dffbc3=1505970002,1505987900; Hm_lpvt_34d6f7353ab0915a4c582e4516dffbc3=1505991328; Hm_cv_34d6f7353ab0915a4c582e4516dffbc3=1*visitor*80725%2CnickName%3A%E5%A4%A7%E5%AE%87")
response = urllib.request.urlopen(req)
html = response.read().decode('gbk')
a = html.find('my_expr')
b = html.find('</div>',a)
str = html[a+9:b-1]
str = str.replace("x","*")
str = eval(str)
params = {'pass_key':str};
params = urllib.parse.urlencode(params).encode('gbk')
response = urllib.request.urlopen(req, params)
print (response.read().decode('gbk'))

main()

0x03 速度爆破

看你编程能力怎么样,2秒钟提交应该都会吧。So easy, come on, baby!
格式:CTF{}
题目地址:

1
http://ctf5.shiyanbar.com/jia/

代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import urllib
import urllib.request
import hashlib

def main():
url = 'http://ctf5.shiyanbar.com/ppc/sd.php'
req = urllib.request.Request(url)
req.add_header("Cookie","PHPSESSID=xxxxxxxxxx")
response = urllib.request.urlopen(req)
html = response.read().decode('utf-8')
a = html.find('color:red">')
b = html.find('</div>',a)
res = html[a+11:b]
for i in range(1,100001):
i = str(i)
m = hashlib.md5()
m.update(i.encode("utf-8"))
fin = m.hexdigest()
fin = hashlib.sha1(fin.encode("utf-8")).hexdigest()
if(fin == res):
params = {'inputNumber': i};
params = urllib.parse.urlencode(params).encode('utf-8')
response = urllib.request.urlopen(req, params)
print(response.read().decode('utf-8'))
break

main()