WeChall 的1分题记录

Training:Get Sourced

似乎只有F12能看到

会有一行注释

WeChall 的1分题记录

答案就是:html_sourcecode

Training:Stegano I

有一个bmp,用二进制读一下,然后直接输出就可以看到

with open("./img/stegano1.bmp","rb") as f :
    p = f.read()
    print(str(p)) 

这么一段

b'BMf\x00\x00\x00\x00\x00\x00\x006\x00\x00\x00(\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x18\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Look what the hex-edit revealed: passwd:steganoI'

所以答案:steganoI

Trainging:Crypto - Caesar I

凯撒密码就是写好一句话,把每个字母替换为自已之后的第k个,于是枚举就好了

s = "UIF RVJDL CSPXO GPY KVNQT PWFS UIF MBAZ EPH PG DBFTBS BOE ZPVS VOJRVF TPMVUJPO JT BJOMEENGQGEQ"

for i in range(26) :
    print("".join([chr(ord('A') + (ord(x) - ord('A') + i) % 26) if(ord(x) >= ord('A') and ord(x) <= ord('Z')) else x for x in s]))

然后结果是

UIF RVJDL CSPXO GPY KVNQT PWFS UIF MBAZ EPH PG DBFTBS BOE ZPVS VOJRVF TPMVUJPO JT BJOMEENGQGEQ
VJG SWKEM DTQYP HQZ LWORU QXGT VJG NCBA FQI QH ECGUCT CPF AQWT WPKSWG UQNWVKQP KU CKPNFFOHRHFR
WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ RI FDHVDU DQG BRXU XQLTXH VROXWLRQ LV DLQOGGPISIGS
XLI UYMGO FVSAR JSB NYQTW SZIV XLI PEDC HSK SJ GEIWEV ERH CSYV YRMUYI WSPYXMSR MW EMRPHHQJTJHT
YMJ VZNHP GWTBS KTC OZRUX TAJW YMJ QFED ITL TK HFJXFW FSI DTZW ZSNVZJ XTQZYNTS NX FNSQIIRKUKIU
ZNK WAOIQ HXUCT LUD PASVY UBKX ZNK RGFE JUM UL IGKYGX GTJ EUAX ATOWAK YURAZOUT OY GOTRJJSLVLJV
AOL XBPJR IYVDU MVE QBTWZ VCLY AOL SHGF KVN VM JHLZHY HUK FVBY BUPXBL ZVSBAPVU PZ HPUSKKTMWMKW
BPM YCQKS JZWEV NWF RCUXA WDMZ BPM TIHG LWO WN KIMAIZ IVL GWCZ CVQYCM AWTCBQWV QA IQVTLLUNXNLX
CQN ZDRLT KAXFW OXG SDVYB XENA CQN UJIH MXP XO LJNBJA JWM HXDA DWRZDN BXUDCRXW RB JRWUMMVOYOMY
DRO AESMU LBYGX PYH TEWZC YFOB DRO VKJI NYQ YP MKOCKB KXN IYEB EXSAEO CYVEDSYX SC KSXVNNWPZPNZ
ESP BFTNV MCZHY QZI UFXAD ZGPC ESP WLKJ OZR ZQ NLPDLC LYO JZFC FYTBFP DZWFETZY TD LTYWOOXQAQOA
FTQ CGUOW NDAIZ RAJ VGYBE AHQD FTQ XMLK PAS AR OMQEMD MZP KAGD GZUCGQ EAXGFUAZ UE MUZXPPYRBRPB
GUR DHVPX OEBJA SBK WHZCF BIRE GUR YNML QBT BS PNRFNE NAQ LBHE HAVDHR FBYHGVBA VF NVAYQQZSCSQC
HVS EIWQY PFCKB TCL XIADG CJSF HVS ZONM RCU CT QOSGOF OBR MCIF IBWEIS GCZIHWCB WG OWBZRRATDTRD
IWT FJXRZ QGDLC UDM YJBEH DKTG IWT APON SDV DU RPTHPG PCS NDJG JCXFJT HDAJIXDC XH PXCASSBUEUSE
JXU GKYSA RHEMD VEN ZKCFI ELUH JXU BQPO TEW EV SQUIQH QDT OEKH KDYGKU IEBKJYED YI QYDBTTCVFVTF
KYV HLZTB SIFNE WFO ALDGJ FMVI KYV CRQP UFX FW TRVJRI REU PFLI LEZHLV JFCLKZFE ZJ RZECUUDWGWUG
LZW IMAUC TJGOF XGP BMEHK GNWJ LZW DSRQ VGY GX USWKSJ SFV QGMJ MFAIMW KGDMLAGF AK SAFDVVEXHXVH
MAX JNBVD UKHPG YHQ CNFIL HOXK MAX ETSR WHZ HY VTXLTK TGW RHNK NGBJNX LHENMBHG BL TBGEWWFYIYWI
NBY KOCWE VLIQH ZIR DOGJM IPYL NBY FUTS XIA IZ WUYMUL UHX SIOL OHCKOY MIFONCIH CM UCHFXXGZJZXJ
OCZ LPDXF WMJRI AJS EPHKN JQZM OCZ GVUT YJB JA XVZNVM VIY TJPM PIDLPZ NJGPODJI DN VDIGYYHAKAYK
PDA MQEYG XNKSJ BKT FQILO KRAN PDA HWVU ZKC KB YWAOWN WJZ UKQN QJEMQA OKHQPEKJ EO WEJHZZIBLBZL
QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD LC ZXBPXO XKA VLRO RKFNRB PLIRQFLK FP XFKIAAJCMCAM
RFC OSGAI ZPMUL DMV HSKNQ MTCP RFC JYXW BME MD AYCQYP YLB WMSP SLGOSC QMJSRGML GQ YGLJBBKDNDBN
SGD PTHBJ AQNVM ENW ITLOR NUDQ SGD KZYX CNF NE BZDRZQ ZMC XNTQ TMHPTD RNKTSHNM HR ZHMKCCLEOECO
THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG OF CAESAR AND YOUR UNIQUE SOLUTION IS AINLDDMFPFDP

所以答案是:AINLDDMFPFDP

Training:WWW-Robots

Robots exlusion standard……机器人拒绝标准?

或者就是一个单纯的robots.txt(*如是说)

于是维基还说这个东西通常在root of the web site hierarchy 例如:https://www.example.com/robots.txt

是一个限制爬虫爬取的东西

在下面的Security里还说,“很多网络机器人根本不尊重这些,甚至把不允许爬取的目录当做爬取的导航”

哦,那好吧,我们输入http://www.wechall.net/robots.txt

发现

User-agent: *
Disallow: /challenge/training/www/robots/T0PS3CR3T


User-agent: Yandex
Disallow: *

disallow的东西必然要访问一下啦,于是再输入http://www.wechall.net/challenge/training/www/robots/T0PS3CR3T

就过了

Training:ASCII

ASCII码就是数字和字母对应的表吧,写个程序

s = "84, 104, 101, 32, 115, 111, 108, 117, 116, 105, 111, 110, 32, 105, 115, 58, 32, 102, 102, 98, 108, 98, 104, 104, 104, 100, 100, 112, 109"

print("".join([chr(int(x.strip())) for x in s.split(",")]))

输出就是

The solution is: ffblbhhhddpm

(答案越来越随机串了呢……)

Encodings:URL

URL解码(%xx)的形式就是URL啦

from urllib.parse import unquote

s  = "%59%69%70%70%65%68%21%20%59%6F%75%72%20%55%52%4C%20%69%73%20%63%68%61%6C%6C%65%6E%67%65%2F%74%72%61%69%6E%69%6E%67%2F%65%6E%63%6F%64%69%6E%67%73%2F%75%72%6C%2F%73%61%77%5F%6C%6F%74%69%6F%6E%2E%70%68%70%3F%70%3D%70%6C%69%73%73%69%65%65%69%63%6E%69%26%63%69%64%3D%35%32%23%70%61%73%73%77%6F%72%64%3D%66%69%62%72%65%5F%6F%70%74%69%63%73%20%56%65%72%79%20%77%65%6C%6C%20%64%6F%6E%65%21"

print(unquote(s))
Yippeh! Your URL is challenge/training/encodings/url/saw_lotion.php?p=plissieeicni&cid=52#password=fibre_optics Very well done!

输进浏览器就可以了

上一篇:极客日报第 69 期:库克对话何同学:苹果很多功能来自中国消费者反馈;高通、微软、谷歌联合施压监管方:反对NVIDIA收购ARM;饿了么申请注册 “饿魔”相关商标


下一篇:老码农的自我修养:三十岁后要转管理?69岁老程序员说不!