https://ringzer0team.com/challenges/13

分類：CodingChanllenge

題目的目標大概就是在兩秒內(nèi)提取Message悯仙，再decode，然后得到Flag盏浇。

然而顯然，手工兩秒內(nèi)提取是不現(xiàn)實的佑稠。

所以要用到腳本粗卜。

reference：https://github.com/professormahi/CTF/tree/master/ringzer0team/CodingChallenges/Hash%20me%20please

使用工具：curl，sha512sum

小知識普及：

SHA-2 ： https://en.wikipedia.org/wiki/SHA-2

curl ： https://curl.haxx.se/docs/manpage.html

sha512sum : https://linux.die.net/man/1/sha512sum

cat SHA512Hash | sha512sum | head -c 128

egrep & grep & fgrep : http://blog.chinaunix.net/uid-28584525-id-3510819.html

egrep后面跟的正則表達式：這個后面的“+”的前后是不能有空格的哦桥爽！

egrep '[[alnum]]+<br />'

sed :

egrep之后的結果如下

6h7WU0UBe8ek6JiEHsISK51yE4wweK6bR3YCUI3ZG89DHh7eAFXaBPz5JVsOwpQdjEF3cyTJxSc4Za9pFXq6CP2cBlQXAx1J1wD4VmEi4HdUHcadZras62uydbmEyddqAHklTOuOmxzTzzWpQWHNP2cT3onrrqHRXS3HxnmJLLsbbfqR1YvHQxqKLD23UAKIiDgGRsfs3yt4EKMwy73fujP6NIZy8A6g3cNLuS3ohnjLXV7mS1sdb7aOGZcEp9LjcoUx7OLf2UQQGO2pGksHislOiojxoUHq8rN66pbY9SEGxxV3IeARwMvF1F3fpAvoR9kOomCn47TsuFl3JLK6o6BfBukQUG5CFggTsJ7nGRF1mRUVsvRHrjMSDWyottQYzWISwF62nBUziFlB039hcLZGyoURIBG8neRJJNCWfnmoSyPJrPRuqG1OVLwtc2sq690GMttRGF5p3LZlqGGHcxlY8IibAAswAj3dCmU9RQpLseXJKtgNQsCP0KRrb9OBjHELTpLB61dp50YGj4k0nMFdnmvom9QvGl7pBJRxAUMwKB2UvcKJPgM2t7hF7X1D9ZTAyAYYkBkU2dEogeXVkzODxV9uJ1YIQH9e7X3hoe2hhwvoBiaMIOg5Agqa7fJOMISKwMSLQKSY7dczlccTRiPho6imbR0OpJoMl7n2H6RF9T4lW65DfLLuHTGJBxoR6DtiAHb8DSDDCxOouJSzkuTSeqsFOGmK9FTAcUyGD195pNkKn2aynUhrazWO68p6E9wHTVdmNdi2QsD4lDsynzPoZB3VAiR5heD1ZGeCJmvqEYlPsEdF4TUTlNFMWnH3raVhHZJhb5yGUJmcdpI79sRk5mXSzuLRvxY2myaotyUd86gbmO9l7Qw32jLsEn9ZKYSWnSaHhVLfSRh4wggtWDnONY6hc67MVPz8yAFGlgL3YTYkZ4ELyRpbGmiIjgk4WK3kayRmFtgtc4D1Z7CnPSol5xUeD49pF2AFqiRVBYfDSIvIGYVmGaxByhG1cFhH<br />

接下來我們的目的是去掉后面的<br />

略 | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' 

在這里我們使用了sed指令朱灿，這個-r是 use extended regular expressions in the script.

s/是用來替換的格式是's/A/B/'用B替換A！

/g是比表明是全面替換

< br />中多了一個\是因為指令中分辨不出來“/”钠四，所以用“\”標記出來盗扒。

所以指令的意思就是刪< br />,刪空格，刪\t

head : http://blog.csdn.net/u010585120/article/details/48027611

head -c N #顯示N個字節(jié)

chrome : 提取curl的一個小tip（ctrl + shift + I）（element）（network）

最終自己成功的腳本如下

注意里面的Cookie是自己提取的哦～

#!/bin/bash
set -x

curl 'https://ringzer0team.com/challenges/13' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: https://ringzer0team.com/challenges' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed --output cipher
cat cipher | egrep '[[:alnum:]]+<br />' | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' | head -c 1024 > res
cat res | sha512sum | head -c 128  > sha 

r=`cat sha`

curl "https://ringzer0team.com/challenges/13/$r" -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3; _ga=GA1.2.1964009795r1426406003' -H 'Accept-Language: en-US,en;q=0.8,fa;q=0.6' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' --compressed --output finalres

創(chuàng)建時間：2017.5.14