WEEK1
web
Classic Childhood Game
一眼顶真,直接翻js文件,在Events.js中找到mota(),猜测是获取flag,var a = ['\x59\x55\x64\x6b\x61\x47\x4a\x58\x56\x6a\x64\x61\x62\x46\x5a\x31\x59\x6d\x35\x73\x53\x31\x6c\x59\x57\x6d\x68\x6a\x4d\x6b\x35\x35\x59\x56\x68\x43\x4d\x45\x70\x72\x57\x6a\x46\x69\x62\x54\x55\x31\x56\x46\x52\x43\x4d\x46\x6c\x56\x59\x7a\x42\x69\x56\x31\x59\x35'];送去解密
两层base64解密
Become A Member
题目要求提供身份证明(Cute-Bunny),猜测改User-Agent: Cute-Bunny
按要求一步步来
拿到flag
Guess Who I Am
查看页面源代码得到Hint,拿到Vidar历代火影json信息,先存起来。测试网站逻辑,抓包发现
/api/getQuestion 获取问题
/api/getScore 获取score
/api/verifyAnswer 发送答案
结合上面拿到的json文件,写py脚本自动问答
点击查看代码
import json
import requests
j_data = '''
[{
"id": "ba1van4",
"intro": "21级 / 不会Re / 不会美工 / 活在梦里 / 喜欢做不会的事情 / ◼◻粉",
"url": "https://ba1van4.icu"
},
{
"id": "yolande",
"intro": "21级 / 非常菜的密码手 / 很懒的摸鱼爱好者,有点呆,想学点别的但是一直开摆",
"url": "https://y01and3.github.io/"
},
{
"id": "t0hka",
"intro": "21级 / 日常自闭的Re手",
"url": "https://blog.t0hka.top/"
},
{
"id": "h4kuy4",
"intro": "21级 / 菜鸡pwn手 / 又菜又爱摆",
"url": "https://hakuya.work"
},
{
"id": "kabuto",
"intro": "21级web / cat../../../../f*",
"url": "https://www.bilibili.com/video/BV1GJ411x7h7/"
},
{
"id": "R1esbyfe",
"intro": "21级 / 爱好歪脖 / 究极咸鱼一条 / 热爱幻想 / 喜欢窥屏水群",
"url": "https://r1esbyfe.top/"
},
{
"id": "tr0uble",
"intro": "21级 / 喜欢肝原神的密码手",
"url": "https://clingm.top"
},
{
"id": "Roam",
"intro": "21级 / 入门级crypto",
"url": "#"
},
{
"id": "Potat0",
"intro": "20级 / 摆烂网管 / DN42爱好者",
"url": "https://potat0.cc/"
},
{
"id": "Summer",
"intro": "20级 / 歪脖手 / 想学运维 / 发呆业务爱好者",
"url": "https://blog.m1dsummer.top"
},
{
"id": "chuj",
"intro": "20级 / 已退休不再参与大多数赛事 / 不好好学习,生活中就会多出许多魔法和奇迹",
"url": "https://cjovi.icu"
},
{
"id": "4nsw3r",
"intro": "20级会长 / re / 不会pwn",
"url": "https://4nsw3r.top/"
},
{
"id": "4ctue",
"intro": "20级 / 可能是IOT的MISC手 / 可能是美工 / 废物晚期",
"url": "#"
},
{
"id": "0wl",
"intro": "20级 / Re手 / 菜",
"url": "https://0wl-alt.github.io"
},
{
"id": "At0m",
"intro": "20级 / web / 想学iot",
"url": "https://homeboyc.cn/"
},
{
"id": "ChenMoFeiJin",
"intro": "20级 / Crypto / 摸鱼学代师",
"url": "https://chenmofeijin.top"
},
{
"id": "Klrin",
"intro": "20级 / WEB / 菜的抠脚 / 想学GO",
"url": "https://blog.mjclouds.com/"
},
{
"id": "ek1ng",
"intro": "20级 / Web / 还在努力",
"url": "https://ek1ng.com"
},
{
"id": "latt1ce",
"intro": "20级 / Crypto&BlockChain / Plz V me 50 eth",
"url": "https://lee-tc.github.io/"
},
{
"id": "Ac4ae0",
"intro": "*级 / 被拐卖来接盘的格子 / 不可以乱涂乱画哦",
"url": "https://twitter.com/LAttic1ng"
},
{
"id": "Akira",
"intro": "19级 / 不会web / 半吊子运维 / 今天您漏油了吗",
"url": "https://4kr.top"
},
{
"id": "qz",
"intro": "19级 / 摸鱼美工 / 学习图形学、渲染ing",
"url": "https://fl0.top/"
},
{
"id": "Liki4",
"intro": "19级 / 脖子笔直歪脖手",
"url": "https://github.com/Liki4"
},
{
"id": "0x4qE",
"intro": "19级 / </p><p>Web",
"url": "https://github.com/0x4qE"
},
{
"id": "xi4oyu",
"intro": "19级 / 骨瘦如柴的胖手",
"url": "https://www.xi4oyu.top/"
},
{
"id": "R3n0",
"intro": "19级 / bin底层选手",
"url": "https://r3n0.top"
},
{
"id": "m140",
"intro": "19级 / 不会re / dl萌新 / 太弱小了,没有力量 / 想学游戏",
"url": "#"
},
{
"id": "Mezone",
"intro": "19级 / 普通的binary爱好者。",
"url": "#"
},
{
"id": "d1gg12",
"intro": "19级 / 游戏开发 /
标签:Web,url,top,HGAME,intro,https,WP,week1,id
From: https://www.cnblogs.com/F12-home/p/17030467.html