历经曲折的writeup：实验吧<百米>

原题链接

上脚本：

#!/usr/bin/python3
# -*- coding:utf-8 -*-
#实验吧编程题_百米
import requests
import bs4
import re

url = "http://ctf5.shiyanbar.com/jia"
session = requests.session()
r = session.get(url)

soup = bs4.BeautifulSoup(r.content,'html.parser')#转换为BeautifulSoup对象
goal = [x for x in soup.p.div]#本题所需要的目标信息
goal2 = goal[0]#转换为字符串
g = eval(goal2.replace("x",'*'))转换为有效式

r2 = session.post('http://ctf5.shiyanbar.com/jia/index.php?action=check_pass',data ={'pass_key':g})
r3 = bs4.BeautifulSoup(r2.content,'html.parser')
print(r2.text)

特别注意：

本题脚本中的get和post一定要用session完成，因为用requests相当于重开网页，导致原页面丢失，上传数据无效，而用session就可与原网页保持连接。

其实还可以对代码进行优化，直接输出结果，做题时考虑到本题限时且网页原代码不多，暂未做优化

优化后如下

#!/usr/bin/python3

#实验吧编程题_百米
import requests
import bs4
import re

url = "http://ctf5.shiyanbar.com/jia"
session = requests.session()
r = session.get(url)

soup = bs4.BeautifulSoup(r.content,'html.parser')
goal = [x for x in soup.p.div]#本题所需要的目标信息
goal2 = goal[0]
g = eval(goal2.replace("x",'*'))

r2 = session.post('http://ctf5.shiyanbar.com/jia/index.php?action=check_pass',data ={'pass_key':g})
r3 = bs4.BeautifulSoup(r2.content,'html.parser')
#感谢我的师兄们提供的优化代码和讲解
maybe = ['flag','FLAG','Flag','key','KEY','Key']#设置flag可能的开头
for i in maybe:
    if i in str(r2.text):
        res = re.search(i,str(r2.text)).span()
        print("Maybe find flag ok")
        print(str(r2.text)[res[0]:int(res[-1])+8])