CTF20 grab bag 300 write_up 及体会（二）

2012-07-01

CTF20 grab bag 300 write_up 及感受（二）?gb300，这个题是给了个ip和端口以及密码，自然就nc上去了，然后输入

CTF20 grab bag 300 write_up 及感受（二）

gb300，这个题是给了个ip和端口以及密码，自然就nc上去了，然后输入密码后会返回个这个东西

然后让你根据前三个来总结规律，找出第四个应该输入什么

规律就是

#! /usr/bin/env python#coding=utf-8import socketimport timefrom socket import *import os,sysimport re    ip=""port=""def nc():                 s = socket(AF_INET, SOCK_STREAM)    s.connect((ip, port))    s.send('5fd78efc6620f6\n')    #print 123    #time.sleep(0.5)            for i in xrange(4):        data = s.recv(1000)        #print data        data1 = s.recv(2000)        #print data1                data2 = s.recv(2000)        #print data2            str=data+data1+data2                                    if(str.find('Balance')!=-1):            break        str=filter(str)        print str        arrays=array(str)        str1=calc(arrays)                s.send(str1+'\n')                  data = s.recv(1000)            #print data    data1 = s.recv(2000)            #print data1    #data2 = s.recv(2000)            #print data2    data2=""    #s.send('withdraw\n')        str=data+data1+data2        print ('123')        print str            def calc(arr):    l1=getLocationArray(arr[0:6],arr[6][0])    l2=getLocationArray(arr[0:6],arr[6][1])    l3=getLocationArray(arr[0:6],arr[6][2])    l4=getLocationArray(arr[0:6],arr[6][3])        m1=getLocationArray(arr[10:16],arr[16][0])    m2=getLocationArray(arr[10:16],arr[16][1])    m3=getLocationArray(arr[10:16],arr[16][2])    m4=getLocationArray(arr[10:16],arr[16][3])    n1=getLocationArray(arr[20:26],arr[26][0])    n2=getLocationArray(arr[20:26],arr[26][1])    n3=getLocationArray(arr[20:26],arr[26][2])    n4=getLocationArray(arr[20:26],arr[26][3])        #print arr[28:32]    k1=getSame(l1,m1,n1)    k2=getSame(l2,m2,n2)    k3=getSame(l3,m3,n3)    k4=getSame(l4,m4,n4)        s=getPin(arr[28:34],k1,k2,k3,k4)    print s    return sdef getPin(array,k1,k2,k3,k4):    #print k1[0]    #print array    t1=array[k1[0]][k1[1]]      t2=array[k2[0]][k2[1]]     t3=array[k3[0]][k3[1]]     t4=array[k4[0]][k4[1]]     return t1+' '+t2+' '+t3+' '+t4 def getSame(a,b,c):    #print a    #print b    #print c    temp1 = [val for val in a if val in b]      temp2 = [val for val in temp1 if val in c]    if len(temp2)==0:        temp2=[(0,0)]    #print temp2[0]    return  temp2[0]def getLocationArray(arr,str):    list=[]    #print arr        for i in xrange(6):             for j,j1 in enumerate(arr[i]):                        if j1==str:                                list.append((i,j))                                    return list            def array(s):    arrays=s.split('\n')     a1=[]    for i in xrange(34):        temp=arrays[i].split(' ')        count=temp.count('')        for i in xrange(count):                        temp.remove('')        a1.append(temp)            return a1        def filter(s):    s=re.sub(r'\[.{7}m', '', s)    s=re.sub(r'Sun Jun.*2', '', s)    s=re.sub(r'User entered:', '', s)    s=re.sub(r'DD GOTP ATM skimmer.*1', '', s)    s=s.strip()    return s                            if __name__=='__main__':    ip="140.197.217.85"    port=10435    nc()

写得比较烂，将就看吧，在四次矩阵后，我们会得到一个的界面(当时忘了截图了,根据记忆写的)

************ ?VovXXX ATM**************?

Balance ：$9464698434584894345312564.33

1）withDraw

2）XXXX

3）XXXX

4）exit

然后答案就是9464698434584894345312564.33

热点排行

操作系统

CTF20 grab bag 300 write_up 及体会（二）