code-网络编程-正则表达式

某个CTF的python编程题: 1

nc 202.38.95.47 12009 连接后提示

1
2
You have only 30 seconds
(((8-2)|(6&135))^((24*31)*(8+3)))

有个坑,从52题起,里面夹杂着命令。 我不知道命令怎么计算,还以为是数据清洗,删除就好。 感谢朋友帮助,根据以前的答案推算出命令和数字的对应关系,然后替换就好。

2

re注意要点

以下字符使用时需要反斜杠转义。

1
2
3
4
\!
\(
\)
\?

源代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#coding:utf-8

import socket

import re



target_host = "202.38.95.47"

target_port = 12009



client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)



client.connect((target_host,target_port))

def pattern(Pattern,mystring): #delete pattern, out >>clean string

	strip_list = {"exit":"exit\(\)", \

	"find":"__import__\('os'\)\.system\('find ~'\)", \

	"print":"print\('\x1b\x5b\x33\x3b\x4a\x1b\x5b\x48\x1b\x5b\x32\x4a'\)", \

	"time":"__import__\('time'\)\.sleep\(100\)"}

	myre = strip_list[Pattern] #把正则表达式作为字典的值

	if Pattern == "find":

		middle = re.sub(myre,"2",mystring)

	elif Pattern == "print":

		middle = re.sub(myre,"12",mystring)

	elif Pattern == "time":

		middle = re.sub(myre,"0",mystring)

	elif Pattern == "exit":

		middle = re.sub(myre,"0",mystring)

	return middle

def send_it(result):

	result = eval(result.strip("\n"))

	print ("result "+": "+str(result))

	print ("------------------")

	client.send(bytes((str(result)+"\n"),encoding = 'utf-8'))

def decide(response):

	exist = [] # what pattern need to delete

	find_exist=["exit","find","print","time"]

	for i in find_exist:

		if i in response:

			exist.append(i)

			exist = list(set(exist))			

	print (exist)

	len_exist = len(exist) # decide how many times need to delete



	if len_exist == 1:

		it_result=pattern(exist[0],response)	

		print ("it_result:")

		print (it_result)

		send_it(it_result)

	elif len_exist == 2:

		one_result=pattern(exist[0],response)

		two_result=pattern(exist[1],one_result)

		print ("two_result")

		print (two_result)

		send_it(two_result)

	else:

		one_result=pattern(exist[0],response)

		two_result=pattern(exist[1],one_result)

		three_result=pattern(exist[2],two_result)

		print (three_result)

		send_it(three_result)



n=0

while 1:

	response = client.recv(40000)

	if str(response,encoding = 'utf-8') == "Timeout!\n":

		print ("quiting...")

		break

	elif str(response,encoding = 'utf-8') == "Your answer is wrong!\n":

		print (str(response,encoding = 'utf-8'))		

		break

	else:	

		n+=1

		print ("title"+str(n)+"\n"+str(response,encoding = 'utf-8'))

		if not str(response,encoding = 'utf-8').startswith("You"):

			if n >= 52:

				find_exist=["exit","find","print","time"]

				a=[i for i in find_exist if i in str(response,encoding = 'utf-8')]

				if a== []:

					send_it(str(response,encoding = 'utf-8'))

				else:

					decide(str(response,encoding = 'utf-8'))

					continue

			else:

				result = eval(str(response,encoding = 'utf-8').strip("\n"))

				print ("result "+str(n)+": "+str(result))

				print ("------------------")

				client.send(bytes((str(result)+"\n"),encoding  = 'utf-8'))