Let's first look at the 114 challenge: POST Practice in CTFLEARN
This website requires authentication, via POST. However, it seems as if someone has defaced our site.Maybe there is still some way to authenticate? http://165.227.106.113/post.php
Check the source code of the http://165.227.106.113/post.php page, you can find username: admin | password: 71urlkufpsdnlkadsf, in simple terms, this question requires us to send a post request to http://165.227.106.113/post.php , submit the username and password parameters to get the flag.
Solution 1: Use python's requests to send post requests
import requests
userinfo = {
"username": "admin",
"password": "71urlkufpsdnlkadsf"
}
# 方法1,使用data发送,此题的正确答案
response = requests.post("http://165.227.106.113/post.php", data=userinfo)
print(response.text)
# 方法2: 使用json
# response = requests.post("http://165.227.106.113/post.php", json=userinfo)
# print(response.text)
# 方法3:直接在url上加参数
# response = requests.post("http://165.227.106.113/post.php?username=admin&password=71urlkufpsdnlkadsf")
# print(response.text)
# 方法4: 使用params参数,和方法3等同
# response = requests.post("http://165.227.106.113/post.php", params="username=admin&password=71urlkufpsdnlkadsf")
# print(response.text)
What is the difference between the four methods in python? The author guggle (someone from ancient csdn) found that the difference between these four request methods lies in: the URL of the request, the Content-Type in the request header, and the body of the request are different.
If you are interested, you can also refer to the article I wrote before: [Original] When Python uses requests to send post requests, does it use data? Or json? (Moved from my short book blog)
Method 1: use data
url: http://165.227.106.113/post.php
header中的Content-Type:application/x-www-form-urlencoded
body:username=admin&password=71urlkufpsdnlkadsf
Method 2: use json
url: http://165.227.106.113/post.php
header中的Content-Type:application/json
body:{“username”: “admin”, “password”: “71urlkufpsdnlkadsf”}
Method 3 and Method 4: Add parameters directly to the url and use params
url: http://165.227.106.113/post.php?username=admin&password=71urlkufpsdnlkadsf
Content-Type in header: no declaration
body: none
Solution 2: use curl
curl http://165.227.106.113/post.php -X POST -d “username=admin&password=71urlkufpsdnlkadsf”
PS: Be sure to use double quotes! ! ! , using single quotes, prompt 'password' is not recognized as an internal or external command, operable program or batch file.
The json request method of curl, the author guggle (csdn ancient someone) has not tried it for the time being, so I will not post the writing method, please Baidu by yourself, if you encounter it, the author guggle (csdn ancient someone) will add it