这道题目还是很有意思的,主要是逻辑上的漏洞,因为你的字符串是可以控制可以修改的,所以把字符串置空。这样每次就对服务器生成的字符串做MD5,而服务器的MD5是你可以获取的
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Date : 2017-10-18 21:42:48
# @Author : csu_vc
import requests
import re
from bs4 import BeautifulSoup
get_url = 'http://hack.lug.ustc.edu.cn/dynamic/3/'
session = requests.session()
html = session.get(get_url).content
soup = BeautifulSoup(html, 'html.parser')
string = soup.find_all("p")[6].get_text().split(':')[1]
print(string)
print(string[-1])
if int(string[-1], 16) % 2 == 0:
post_url = 'http://hack.lug.ustc.edu.cn/dynamic/3/'
payload = {'text': '', 'choice': 0, 'submit': '%E6%8F%90%E4%BA%A4'}
post = session.post(post_url, payload)
else:
post_url = 'http://hack.lug.ustc.edu.cn/dynamic/3/'
payload = {'text': '', 'choice': 1, 'submit': '%E6%8F%90%E4%BA%A4'}
post = session.post(post_url, payload)
for i in range(1,31):
soup1 = BeautifulSoup(post.text,'html.parser')
print('这是第'+str(i)+'次')
print(soup1)
if (i<30):
string1=soup1.find_all("p")[13].get_text().split(':')[1]
print(string1)
print(string1[-1])
else:
string1=soup1.find_all("body")
print(string1)
if int(string1[-1], 16) % 2 == 0:
post_url = 'http://hack.lug.ustc.edu.cn/dynamic/3/'
payload = {'text': '', 'choice': 0, 'submit': '%E6%8F%90%E4%BA%A4'}
post = session.post(post_url, payload)
else:
post_url = 'http://hack.lug.ustc.edu.cn/dynamic/3/'
payload = {'text': '', 'choice': 1, 'submit': '%E6%8F%90%E4%BA%A4'}
post = session.post(post_url, payload)