alexCTF sock题目

2019-11-11 07:22:52

字体：大中小

来源：转载

供稿：网友

alex CTF 一道题目的半解过程

nc 连接返回结果

__________ ______/ ________ /______ _/ ____________ /_ _/____________ ____________/_/ ___________ / / ___________ /

/ /XXXXXXXXXXX/ // /XXXXXXXXXXX/ / / /############/ ############/ / | /XXXXXXXXXXX/ _ _ /XXXXXXXXXXX/ | |___ _ // / /|__ [_ / / X X / / _] | / / / / | [_ / / / _____ / / / __] / / / //||.||.||.||.||// / / / _ / / ||.||.||.||.|| / / _/ / / ||.||.||.||.|| / / _ |||||||||| _/ / …….. / ________________/

Our system system has detected human traffic from your ip! Please PRove you are a bot Question 1 : 108105798751584311773236747225139 - 35165179661324135973895883980449 =

利用程序来返回结果

思路：将nc反弹结果写在记事本里，然后找到 =所在行，以及两个数字（题目中的一个数字在两行里），将计算结果发送给服务器端，然后再打印flag。遇到一个很奇怪的事情：- -！ 当对一个字符串进行查找判断后再进行分割就找不到字符了

import socketimport resock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)sock.connect(('195.154.53.62',1337))filename='nc.txt'y=''res=''test=''while True: m=sock.recv(100) test=test+m print len(m) if len(m)<60: breakf=open(filename,'a')f.write(test)f.close()f=open(filename,'r')lines=f.readlines()for line in lines: if line.find(":"): try: x,y=line.split(":/n") except: pass if line.count('=')==1: try: line=line.replace('=/n','') line=line.replace(' ', '') line=line.replace('=','') if line.find('+')!=-1: print line.split('+'),'1' a=line.split('+')[0] b=line.split('+')[1] a=y+a res=int(a)+int(b) if line.find('-')!=-1: print line.split('-'),'2' a = line.split('-')[0] b= line.split('-')[1] a=y+a res =int(a) -int(b) if line.find('*')!=-1: print line.split('*'),'3' a = line.split('*')[0] b= line.split('*')[1] a=y+a res = int(a) *int(b) if line.find('/')!=-1: print line.split('/'),'4' a = line.split('/')[0] b= line.split('/')[1] a=y+a res = int(a) / int(b) if line.find('%')!=-1: print line.split('%'),'5' a = line.split('%')[0] b= line.split('%')[1] a=y+a res = int(a) % int(b) print 'asd',a print 'res',res sock.send(str(res)) print sock.recv(2048) print line except Exception, e: print esock.send(str(res))print sock.recv(100)f.close()

参考大牛的 writeup http://www.cnblogs.com/huangjacky/p/3859786.html

找到一位日本友人的代码，只能说明个人能力太渣 http://kataware.hatenablog.jp/

import socket,telnetlibimport math# common funcs ---def sock(remoteip, remoteport): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((remoteip,remoteport)) return s, s.makefile('rw',bufsize=0)def read_until(f,delim='/n'): data = '' while not data.endswith(delim): data+= f.read(1) return datadef ans(): r= '' # Questionの文字まで読み込む while "Question" not in r: r += f.read(1) print(r) r = '' # Question番号まで読み込む while "/n" not in r: r += f.read(1) print(r) r = '' first = '' second = '' r = read_until(f) print(r) # 問題を読み込む lis = r.split(' ') first = long(lis[0]) ope = lis[1] second = long(lis[2]) # math if ope == "+": ret = int(first + second) elif ope == "-": ret = int(first - second) elif ope== "*": ret = first * second elif ope== "/": ret = math.floor(first/second) elif ope== "%": ret = int(first % second) if ret == int(ret): ret = int(ret) f.write(ret) f.write("/n") print(str(ret)+"/n")# mains, f = sock('195.154.53.62', 1337)r = ''for i in range(10000): ans()

上一篇：poj1182食物链

下一篇：HashMap