Python Challenge[20]

[Level 20]

Title: go away!

图片中显示

PRIVATE PROPERTY BEYOND THIS FENCE

图片下有一段话

but inspecting it carefully is allowed.

信息大概就这么多，然后各种尝试，无果。没办法，搜索了下，原来突破口是响应头里的Content-Range:bytes 0-30202/2123456789。那么然后呢？改变范围。

import httplib2,re
h = httplib2.Http('.Cache')
url = 'http://www.pythonchallenge.com/pc/hex/unreal.jpg'
headers = {'Authorization':'Basic YnV0dGVyOmZseQ=='}
pattern = re.compile(r'-(\d+)')
start = 30203
while True:
  headers['Range'] = 'bytes={0}-'.format(start)
  resp, content = h.request(url,headers=headers)
  if content:
    start = int(pattern.search(resp['content-range']).group(1)) + 1
    print(content)
    content = ''
  else:
    break

收获invader关键字，但invader.html显示Yes! that's you!，没什么用。范围还能倒过来开始？

start = 2123456789
while True:
  headers['Range'] = 'bytes={0}-'.format(start)
  resp, content = h.request(url,headers=headers)
  if content:
    start = int(pattern.search(resp['content-range']).group(1)) - 1
    print(content)
    content = ''
  else:
    break

得到两条信息，esrever ni emankcin wen ruoy si drowssap eht和and it is hiding at 1152983631.。第一条信息反转后为the password is your new nickname in reverse，nickname是invader，1152983631呢？

headers['Range'] = 'bytes=1152983631-'
content = h.request(url,headers=headers)[1]

内容打印出来是长字节，无法解读，写入文件吧。

with open('data','wb') as f:
  f.write(content)

修改为图片后缀，无法打开。以文本形式打开，可以看到PK和readme.txt字样，猜测是压缩文件。修改后缀，可以打开，[Level 21]的内容就在里面。

小结

认证信息可以这样：

import base64
headers = {'Authorization':'Basic {0}'.format(base64.b64encode(b'butter:fly').decode())}

使用urllib.request请求网页：

import urllib.request
request = urllib.request.Request(url)
request.add_header('Authorization', 'Basic YnV0dGVyOmZseQ==')
request.headers['Range'] = 'bytes=30203-'
response = urllib.request.urlopen(request)

Python Challenge Wiki