美文网首页
CTF学习记录01 HashMePlease

CTF学习记录01 HashMePlease

作者: DeamoV | 来源:发表于2017-05-14 14:52 被阅读127次

    https://ringzer0team.com/challenges/13

    分类:CodingChanllenge

    题目的目标大概就是在两秒内提取Message,再decode,然后得到Flag。
    然而显然,手工两秒内提取是不现实的。
    所以要用到脚本。
    reference:https://github.com/professormahi/CTF/tree/master/ringzer0team/CodingChallenges/Hash%20me%20please

    使用工具:curl,sha512sum

    小知识普及:

    SHA-2 : https://en.wikipedia.org/wiki/SHA-2
    curl : https://curl.haxx.se/docs/manpage.html
    sha512sum : https://linux.die.net/man/1/sha512sum
    cat SHA512Hash | sha512sum | head -c 128
    
    egrep & grep & fgrep : http://blog.chinaunix.net/uid-28584525-id-3510819.html
    egrep后面跟的正则表达式:这个后面的“+”的前后是不能有空格的哦!
    egrep '[[alnum]]+<br />'
    
    sed :
    egrep之后的结果如下
    6h7WU0UBe8ek6JiEHsISK51yE4wweK6bR3YCUI3ZG89DHh7eAFXaBPz5JVsOwpQdjEF3cyTJxSc4Za9pFXq6CP2cBlQXAx1J1wD4VmEi4HdUHcadZras62uydbmEyddqAHklTOuOmxzTzzWpQWHNP2cT3onrrqHRXS3HxnmJLLsbbfqR1YvHQxqKLD23UAKIiDgGRsfs3yt4EKMwy73fujP6NIZy8A6g3cNLuS3ohnjLXV7mS1sdb7aOGZcEp9LjcoUx7OLf2UQQGO2pGksHislOiojxoUHq8rN66pbY9SEGxxV3IeARwMvF1F3fpAvoR9kOomCn47TsuFl3JLK6o6BfBukQUG5CFggTsJ7nGRF1mRUVsvRHrjMSDWyottQYzWISwF62nBUziFlB039hcLZGyoURIBG8neRJJNCWfnmoSyPJrPRuqG1OVLwtc2sq690GMttRGF5p3LZlqGGHcxlY8IibAAswAj3dCmU9RQpLseXJKtgNQsCP0KRrb9OBjHELTpLB61dp50YGj4k0nMFdnmvom9QvGl7pBJRxAUMwKB2UvcKJPgM2t7hF7X1D9ZTAyAYYkBkU2dEogeXVkzODxV9uJ1YIQH9e7X3hoe2hhwvoBiaMIOg5Agqa7fJOMISKwMSLQKSY7dczlccTRiPho6imbR0OpJoMl7n2H6RF9T4lW65DfLLuHTGJBxoR6DtiAHb8DSDDCxOouJSzkuTSeqsFOGmK9FTAcUyGD195pNkKn2aynUhrazWO68p6E9wHTVdmNdi2QsD4lDsynzPoZB3VAiR5heD1ZGeCJmvqEYlPsEdF4TUTlNFMWnH3raVhHZJhb5yGUJmcdpI79sRk5mXSzuLRvxY2myaotyUd86gbmO9l7Qw32jLsEn9ZKYSWnSaHhVLfSRh4wggtWDnONY6hc67MVPz8yAFGlgL3YTYkZ4ELyRpbGmiIjgk4WK3kayRmFtgtc4D1Z7CnPSol5xUeD49pF2AFqiRVBYfDSIvIGYVmGaxByhG1cFhH<br />
    
    接下来我们的目的是去掉后面的<br />
    略 | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' 
    
    在这里我们使用了sed指令,这个-r是 use extended regular expressions in the script.
    s/是用来替换的格式是's/A/B/'用B替换A!
    /g是比表明是全面替换
    < br />中多了一个\是因为指令中分辨不出来“/”,所以用“\”标记出来。
    所以指令的意思就是删< br />,删空格,删\t
    head : http://blog.csdn.net/u010585120/article/details/48027611
    head -c N #显示N个字节
    
    chrome : 提取curl的一个小tip(ctrl + shift + I)(element)(network)

    最终自己成功的脚本如下

    注意里面的Cookie是自己提取的哦~
    #!/bin/bash
    set -x
    
    curl 'https://ringzer0team.com/challenges/13' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: https://ringzer0team.com/challenges' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed --output cipher
    cat cipher | egrep '[[:alnum:]]+<br />' | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' | head -c 1024 > res
    cat res | sha512sum | head -c 128  > sha 
    
    r=`cat sha`
    
    curl "https://ringzer0team.com/challenges/13/$r" -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3; _ga=GA1.2.1964009795r1426406003' -H 'Accept-Language: en-US,en;q=0.8,fa;q=0.6' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' --compressed --output finalres
    
    

    创建时间:2017.5.14

    相关文章

      网友评论

          本文标题:CTF学习记录01 HashMePlease

          本文链接:https://www.haomeiwen.com/subject/mqeqxxtx.html