之前做过的题,现在使用Python编写脚本跑flag
解题链接: http://ctf5.shiyanbar.com/web/10/10.php
之前的解题思路比较笨,比手速,还是用burpsuite加解密尝试好多次才成功。
题目提示:看响应头
发现有一段base64的密文,解密后得到大概这种格式P0ST_THIS_T0_CH4NGE_FL4G:OBjO42meW
再结合f12响应内容提示:<!-- please post what you find with parameter:key -->
意思很明显post一个参数:key=(P0ST_THIS_T0_CH4NGE_FL4G:OBjO42meW)类似的值
接下是编写的脚本:
import re
import requests
import base64
import io
import sys
r = requests.Session()#因为reqests请求的和post提交的数据要保持一致
sys.stdout = io.TextIOWrapper(sys.stdout.buffer,encoding='utf-8')#改变默认输出的编码
html = r.head('http://ctf5.shiyanbar.com/web/10/10.php')
result = html.headers
results = result['FLAG']
print(results)
de_results = str(base64.b64decode(results.encode('utf-8')))
print(de_results)
data = de_results.split(':',1)[1]
datas = data.replace('\'', '')
print(datas)
flag = {'key':datas}
flags = r.post('http://ctf5.shiyanbar.com/web/10/10.php', data=flag)
print(flags.text)