CTF-BUGKU-WEB(初級問題)解答記録
4450 ワード
BUGKU-WEB 1.秋名山車神
2.文字?正則題目提示:入力IDは正則表現に符合する
間違った構造:?id=/keykeyaaakey:/akeya:正しい構造:?id=keykeyaaaakeykey:/a/keya:
PHP_encrypt_1(ISCCCTF) fR4aHWwuFCYYVydFRxMqHhhCKBseH1dbFygrRxIWJ1UYFhotFjA=
問題を解く
import requests
import re
s = requests.Session()
r = s.get("http://123.206.87.240:8002/qiumingshan/")
searchObj = re.search(r'(\d+[+\-*])+(\d+)', r.text)
d = {
"value": eval(searchObj.group(0))
}
r = s.post("http://123.206.87.240:8002/qiumingshan/", data=d)
print(r.text)
print(" ")
2.文字?正則題目提示:入力IDは正則表現に符合する
間違った構造:?id=/keykeyaaakey:/akeya:正しい構造:?id=keykeyaaaakeykey:/a/keya:
PHP_encrypt_1(ISCCCTF) fR4aHWwuFCYYVydFRxMqHhhCKBseH1dbFygrRxIWJ1UYFhotFjA=
問題を解く
$value) { //
$i = $key;
if($i >= strlen($mkey)) {$i = $i - strlen($mkey);}
$dd = $value;
$od = ord($mkey[$i]);
array_push($md_data_source,$dd);
$data1 .= chr(($dd+128)-$od); // , +128-key
$data2 .= chr($dd-$od); // , -key
}
print "data1 => ".$data1."
";
print "data2 => ".$data2."
";
}
$str = "fR4aHWwuFCYYVydFRxMqHhhCKBseH1dbFygrRxIWJ1UYFhotFjA=";
decrypt($str);
?>
# -*- coding: UTF-8 -*-
import base64
# import hashlib
'''
def eccrypt(data):
key = hashlib.md5('ISCC').hexdigest()
# print 'key-->', key
x = 0
char = ''
data_len = len(data) # data
key_len = len(key) # key
for i in range(data_len):
if x == key_len:
x = 0
char += key[x]
x += 1
# print 'char-->', char
flag = ''
for i in range(data_len):
flag += chr((ord(data[i]))+(ord(char[i])) % 128)
# print 'flag-->', flag
return base64.b64encode(flag)
'''
def detrcy(b64):
int_b64 = []
b64de = base64.b64decode(b64)
# print 'b64de-->', b64de
# print 'len_b64de-->', len(b64de)
for i in range(len(b64de)):
int_b64.append(ord(b64de[i]))
# print 'int_b64-->',int_b64
# print 'len_int_b64-->', len(int_b64)
key = '729623334f0aa2784a1599fd374c120d729623' # data
int_key = []
for i in range(len(key)):
int_key.append(ord(key[i]))
# print 'int_key-->', int_key
flag = ''
for i in range(len(int_b64)):
flag += chr((int_b64[i]-int_key[i]+128) % 128)
print flag
if __name__ == '__main__':
# str_b64 = eccrypt('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
# print 'str_b64-->', str_b64
str_b64 = 'fR4aHWwuFCYYVydFRxMqHhhCKBseH1dbFygrRxIWJ1UYFhotFjA='
# print 'str_b64-->', str_b64
detrcy(str_b64)