python-study

0x01 MD5 encrypt this string

image-20210129112157855

提取字符串,进行md5加密,并提交。我还是太慢了,学学脚本。网络有点卡多提交几次

from hack the box web1

自己结合网上的学习了两种方法,re.search和re.findall,个人感觉还是比较喜欢第二种方法,感觉法二挺方便的

  • 法一
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import requests
import hashlib
import re #字符串匹配

head = {
"Referer": "http://159.65.87.50:32588/",
"Cookie": "PHPSESSID=1nd51s259e9epagvhkgolgm5h7",
"Content-Type": "application/x-www-form-urlencoded",
"Origin": "http://159.65.87.50:32588"}
url1 = "http://159.65.87.50:32588/"
req1 = requests.get(url=url1,headers=head)
str1= re.search("<h3 align='center'>(.)*</h3>",req1.text)
str2=str1.group(0).replace("<h3 align='center'>","").replace("</h3>","")

#print (str2)
h1=hashlib.md5()
h1.update(str2.encode(encoding='utf-8'))
md5 =h1.hexdigest()
#print(md5)
postdata="hash="+md5

req2=requests.post(data=postdata,url=url1,headers=head)
print(req2.text)

  • 法二
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# -*- coding:utf-8 -*-   
# hack the box web1 re.findall

import requests
import re
import hashlib
def md5_str(str):
md=hashlib.md5();
md.update(str.encode(encoding='utf-8'))
return md.hexdigest()


url = "http://138.68.182.108:31255/"
head = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0",
"Cookie": "PHPSESSID=3brhsrsfuq7k869bg9s7bae6u4",
"Content-Type": "application/x-www-form-urlencoded",
"Origin": "http://138.68.182.108:31255"
}

req1 = requests.get(url,headers=head)
str = re.findall(r'<h3 align=.*>(.*?)</h3>',req1.text,re.S)[0]
#print(str)
mdstr=md5_str(str)
#print(mdstr)
req2=requests.post(url,headers=head,data="hash="+mdstr)
#print(req2.text)
flag="HTB{"+re.findall('HTB\{(.*?)\}',req2.text,re.S)[0]+"}"
print(flag)

1.1

0x02 scan_dir目录扫描

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import requests
import sys

headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0'}
url = sys.argv[1]
zidian = sys.argv[2]
result = sys.argv[3]

with open(zidian,"r") as f:
for line in f.readlines():
line = line.strip()
r =requests.get(url+line,headers=headers)
if r.status_code == 200:
print("url:"+r.url+"\n exist")
with open(result,"a") as f1:
f1.write("url:"+r.url+" exist\n") //写入result.txt
else:print("url:"+r.url +"\n false")

python scan_dir.py http://www.shmilying.top/ F:\pycharm\python-study\zidian.txt F:\pycharm\python-study\result.txt

result:

2.0

2.1

0x03 file_open_r/w/a

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
***read***
with open("zidian.txt") as f:
for a in f():
print(a.strip()) #最实用,方便,而且效果和下面的一样。


with open("zidian.txt","r") as f:
for line in f.readlines():
print(line.strip()) #比较方便


f = open("zidian.txt","r")
for line in f.readlines(): #读取全部 == for line in f:
print(line)
print(line.strip()) #去除空行
f.close() #记得关闭


f = open("zidian.txt","r")
line1 = f.readline() #读一行
print(line1)
f.close()

f = open("zidian.txt","r")
line2 = f.read(1) #读字节
print(line2)
f.close()


***write***

f = open("zidian.txt","a") #open("zidian.txt","a") 在末尾追加,不影响原来的
f.write('\nxxxxx') #open("zidian.txt","w") w:写入内容会覆盖原有内容
f.close()

f2 = open("zidian.txt")
for line in f2.readlines():
print(line.strip())
f2.close()

总结:

1
2
3
4
f = open("c:\filename","mode")   //mode:r/w/a
xxxxxxx
xxxxxxx
f.close()

0x04 awd_sendflag

学习的大佬脚本,批量sendflag。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import requests
import time
def result-flag(flag): //自定义函数

url="http://xx.xxx.xxx.xx:8080/api/v1/challenges/attempt"
#data={"challenge_id":2,"submission":""+flag+""}
data='{"challenge_id":2,"submission":"'+flag+'"}'
h = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
"Accept-Encoding": "gzip, deflate",
"CSRF-Token":"e9817606c5e5373499bd7e43b64c045b60a276b839b340c4f4a37c2eb27f4e8a",
"Connection": "keep-alive",
"Content-Type": "application/json"
}
cookies={"session":"2deefa03-cda6-41fc-be25-a986067c7048","PHPSESSID":"jnr3quolg5o2ohlifbdld6bku5"}
req=requests.post(url=url,data=data,cookies=cookies,headers=h)
print(req.text) //result

def flagtxt():
with open("web1-flag.txt") as f:
for a in f:
print(a.strip())
time.sleep(1)
result-flag(a.strip())

flagtxt()



0x05 生成以指定字符为开头的md5值

  • 百度的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# -*- coding:utf-8 -*-
# 脚本功能:生成以指定字符为开头的md5值(x位数字)

import hashlib
import random

def encryption(chars):
return hashlib.md5(chars.encode("utf8")).hexdigest()
def generate():
return str(random.randint(11111111,99999999)) #爆破范围
def main():
start = "66666" #md5指定前几位
while True:
strs = generate()
print("Test %s " % strs)
if encryption(strs).startswith(start):
print ("yes!")
print ("[+] %s " % strs + "%s " % encryption(strs))
break
else:
print ("no!")
if __name__ == '__main__':
main()
print ('完成!')

结果如下

1
2
3
yes!
[+] 43650254 66666b9c81d0d15f983ad8963908ce10
完成!

0x06 多线程

  • 1
1
2
3
4
5
6
7
8
9
10
from threading import Thread
import time
def test(name):
time.sleep(2)
print('%s say hello' %name)

if __name__ == '__main__':
t=Thread(target=test,args=('egon',))
t.start()
print('主线程')
  • 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
from threading import Thread

import time

class test(Thread):
def __init__(self,name):
super().__init__()
self.name = name
def run(self):
time.sleep(2)
print("%s good night" %self.name)

if __name__ == '__main__':
t = test('lihua')
t.start()
print("zhuxiancheng")

0x07 proxy

1
2
3
4
5
import requests
url = "https://home.firefoxchina.cn/"
proxies= {'http':'http://127.0.0.1:8080','https':'https://127.0.0.1:8080'}
r=requests.get(url,proxies=proxies,verify=False) ###verify 避免证书检测
print(r.status_code)
  • Copyrights © 2020-2023 Shmily-ing
  • Visitors: | Views:

请我喝杯咖啡吧~

支付宝
微信