连接:http://www.pythonchallenge.com/pc/hex/idiot2.html
登陆密码;(butter,fly)
______________________________________________________________________________________
标题:go away!
图片上面的提示:private properties beyond this fence
图片下面的字:but inspecting it carefully is allowed.
所以这里有问题,我们来访问一下详细情况
——————————————————————————————————————————————————
打开网页源码,点开图片unreal.jp在这个网页里面http://www.pythonchallenge.com/pc/hex/unreal.jpg,网页头部有个信息
'Content-Range': 'bytes 0-30202/2123456789',
说明这个网页显示的内容为:0-30202,总大小为:2123456789
关于断点续传:http断点续传原理:http头 Range、Content-Range
所以http头部的range设置为:Range: bytes=0-801 //一般请求下载整个文件是bytes=0- 或不用这个头
———————————————————————————————————————
所以我们按照这个序列,试试搜索一下接下来的网页
import requests
import re
url='http://www.pythonchallenge.com/pc/hex/unreal.jpg'
def next_page(url,start=0,end=''):
#添加的头部请求
content_range={'Range':'bytes={0}-{1}'.format(start,end)}
# 登陆信息
auth = ('butter', 'fly')
#发送请求
req = requests.get(url, auth=auth,headers=content_range)
head=req.headers
con_range=head.get('Content-Range')
'''
打印网站连接状态,Content-Range,文件大小,文件前100个字节内容
'''
print('Status Code:',req.status_code)
print('Content-Range:', con_range)
print('content-size: ', len(req.content))
print('content[:100]: ', str(req.content[:100]))
#如果Content-Range存在,就寻找结尾并且把信息保存到first.txt
if con_range:
index = re.search(r'-(\d+)/', con_range).group(1)
text=req.content
with open('first.txt','ab') as f:
f.write(con_range.encode('utf-8')+b'\n')
f.write(text)
f.write(b'************************************* \n')
if __name__=='__main__':
next_page(url,30203)
——————————————————————————————————————————————————————————
分别替换函数中的数字,得到的结果为:
bytes 30203-30236/2123456789
Why don't you respect my privacy?
*************************************bytes 30237-30283/2123456789
we can go on in this way for really long time.
*************************************
bytes 30284-30294/2123456789
stop this!
*************************************
bytes 30295-30312/2123456789
invader! invader!
*************************************
bytes 30313-30346/2123456789
ok, invader. you are inside now.
*************************************
——————————————————————————————————————————————————————
使用30347就没有了
——————————————————————————————————————————————————————
接下来,该如何进行呢?百度了一下,从前面开始不行,那么别人说是反过来,得到的结果是
*************************************
bytes 2123456744-2123456788/2123456789
esrever ni emankcin wen ruoy si drowssap eht #反过来就是''the password is your new nickname in reverse'
*************************************
bytes 2123456712-2123456743/2123456789
and it is hiding at 1152983631.
*************************************
打开
1152983631
会有很大235kb的数据,保存为dat数据文件。不知道它是什么类型的,但是在linux中可以使用命令
$file first.dat
查看这是一个zip文件,所以我们解压的时候需要密码。上面提示'the password is your new nickname in reverse'
而在更上面。有这个单词出现了几次:
invader,所以反过来就是:'redavni'
解压后,发现两个文件。其中打开readme.txt
Yes! This is really level 21 in here.
And yes, After you solve it, you'll be in level 22!
Now for the level:
* We used to play this game when we were kids
* When I had no idea what to do, I looked backwards.
_____________________________________________________________________________________________________
所以这是两关
在另一个文件,package.pack,从文件名可以想到需要解压数据,使用winhex查看文件数据开头的数据属于zlib 78 9c
——————————————————————————————————————————————————————————————
所以如下:
import zlib
import binascii
import bz2
#判断十六进制是否能被解析成ascii码
def readword(c):
if c.isalpha() or c.isdigit():
return c
#显示数据的长度,十六进制表示,字符串表示
def show(data,length=24):
print('data length: ' ,len(data))
x=binascii.hexlify(data[:length])
y=map(readword,[chr(i) for i in list(data[:length])])
print('hex: ',x)
print('str: ',list(y))
if __name__=='__main__':
#读取文件内容
file=open('package.pack','rb').read()
#解压
data=zlib.decompress(file)
show(data)
logs=''
#根据提示一循环解压
while True:
if data[:2]==b'\x78\x9c': #开头两个字符十六进制,也可以写成b'x\x9c',因为‘x'的十六进制为\x78
data = zlib.decompress(data)
logs+=' '
elif data[:2]==b'\x42\x5a': #bz2文件开头十六进制, 表示:BZ
data = bz2.decompress(data)
logs += '#'
elif data[-2:] == b'\x9c\x78': #这个来自于第二个提示:往回看就代表反向操作
data = zlib.decompress(data[::-1])
logs += '\n'
else:
break
show(data)
print(data[::-1])
print(logs)
——————————————————————————————————————————————————————————————————————————
显示的结果为:
b'look at your logs' #<span style="font-family: Arial, Helvetica, sans-serif;">print(data[::-1])</span>
操作完后显示,那么怎么知道logs字符串该添加‘# \n'这些呢?只有先添加成三个字符,例如,a,,b,c,然后查看他们的次数,查看规律
C:\Users\Administrator\AppData\Local\Programs\Python\Python35\python.exe G:/python/server.py
data length: 239113
hex: b'789c000740f8bf789c000640f9bf789c00ff3f00c0789c00'
str: ['x', None, None, None, None, 'ø', None, 'x', None, None, None, None, 'ù', None, 'x', None, None, 'ÿ', None, None, 'À', 'x', None, None]
data length: 17
hex: b'73676f6c2072756f79207461206b6f6f6c'
str: ['s', 'g', 'o', 'l', None, 'r', 'u', 'o', 'y', None, 't', 'a', None, 'k', 'o', 'o', 'l']
b'look at your logs'
### ### ######## ######## ########## ########
####### ####### ######### ######### ######### #########
## ## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##
## ## ## ######### ######### ######## #########
## ## ## ######## ######## ######## ########
## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ##
####### ####### ## ## ######### ## ##
### ### ## ## ########## ## ##
——————————————————————————————————————————————————————————————————