攻防世界WEB进阶之web2

攻防世界WEB进阶之bugweb2

  • 1、描述
  • 2、实操
  • 3、答案

1、描述

难度系数:2星
题目来源: NSCTF
题目描述:解密
题目场景: http://111.198.29.45:35597
题目附件: 暂无

2、实操

 
$miwen="a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws"; 

function encode($str){ 
    $_o=strrev($str); 
    // echo $_o; 
         
    for($_0=0;$_0<strlen($_o);$_0++){ 
        
        $_c=substr($_o,$_0,1); 
        $__=ord($_c)+1; 
        $_c=chr($__); 
        $_=$_.$_c;    
    }  
    return str_rot13(strrev(base64_encode($_))); 
} 

highlight_file(__FILE__); 
/* 
   逆向加密算法,解密$miwen就是flag 
*/ 
?> 

source:a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws

rot13 : n1mYotDfPRFRVdEYjhDNlZjYld2Y5IjOkdTN3EDNlhzM0gzZiFTZ2MjO4gjf

def rot13(crypt_str):
    # coding:utf-8

    import string

    def decoder(crypt_str, shift):
        crypt_list = list(crypt_str)
        plain_str = ""
        num = int(shift)
        for ch in crypt_list:
            ch = ord(ch)
            if ord('a') <= ch and ch <= ord('z'):
                ch = ch + num
                if ch > ord('z'):
                    ch -= 26
            if ord('A') <= ch and ch <= ord('Z'):
                ch = ch + num
                if ch > ord('Z'):
                    ch -= 26
            a = chr(ch)
            plain_str += a

        print(plain_str)
    shift = 13
    decoder(crypt_str, shift)

strrev : fjg4OjM2ZTFiZzg0MzhlNDE3NTdkOjI5Y2dlYjZlNDhjYEdVRFRPfDtoYm1n


echo strrev("n1mYotDfPRFRVdEYjhDNlZjYld2Y5IjOkdTN3EDNlhzM0gzZiFTZ2MjO4gjf");
?>

base64 : ~88:36e1bg8438e41757d:29cgeb6e48c`GUDTO|;hbmg

直接在网址解码fjg4OjM2ZTFiZzg0MzhlNDE3NTdkOjI5Y2dlYjZlNDhjYEdVRFRPfDtoYm1n即可
http://tool.oschina.net/encrypt?type=3

对编码进行逆向操作,这里使用python语言:

"""
for($_0=0;$_0

def reverse(strings):
    now = ''
    for i in range(len(strings)):
        temp = strings[i]
        temp_ord = ord(temp) - 1
        temp_chr = chr(temp_ord)
        now += temp_chr
    ans = now[::-1]
    return ans


if __name__ == '__main__':
    string = "~88:36e1bg8438e41757d:29cgeb6e48c`GUDTO|;hbmg"
    print(reverse(string))

3、答案

最终答案为:
在这里插入图片描述
flag:{NSCTF_b73d5adfb819c64603d7237fa0d52977}

你可能感兴趣的:(攻防世界web进阶,渗透,安全,攻防世界,python,攻防世界)