CTF_EXP01: BugkuCTF 秋名山老司机
题目:BugkuCTF 秋名山老司机
提示为通过POST方式传入变量value的值,
构造如下Python脚本:
import requests
import re
s = requests.Session()
source = s.get('http://123.206.87.240:8002/qiumingshan/')
result = eval(re.search(r'(\d+[+\-*])+(\d+)', source.text).group())
print(s.post(url, data={'value': result}).text)
多运行几次得到flag:Bugku{YOU_DID_IT_BY_SECOND}
EXP如下:
# -*- coding:utf-8 -*-
# name: Meng
# mail: 614886708@qq.com
# ctf_exp01: BugkuCTF 秋名山老司机
import requests
import re
class Driver:
def __init__(self, url_input):
self.url = url_input # 输入链接
self.s = requests.Session()
self.expression = '' # 计算表达式
self.result = '' # 传参后结果
self.flag = '' # flag
def compute(self):
while True:
try:
# 获取计算表达式
source = self.s.get(self.url).text
self.expression = re.search(r'(\d+[+*/-])+(\d+)', source).group()
# 计算表达式并POST传参
data = {'value': eval(self.expression)}
self.result = self.s.post(self.url, data=data).text
# 过滤结果 只保留flag内容
self.flag = re.search(r'Bugku\{.+\}', self.result).group()
except AttributeError:
print('未发现flag! 重试中!')
else:
break
def run(self):
self.compute()
return self.flag
if __name__ == '__main__':
print('ctf_exp01: BugkuCTF 秋名山老司机')
url_input = input('请输入题目链接:')
print(Driver(url_input).run())
input() # 防止退出cmd
输入题目链接,得到flag: