当你遇到奇怪的IO问题时,你就老实了。❤_❤
Dealing with Data
10. Encoding Practice
pwntools 的API说明:Pwntools Cheatsheet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| from pwn import *
def encode(s):
s = u64(s, endianness='big')
print(s)
binary = bin(s).replace('0b','')
return binary
p = process("/challenge/runme")
correct_password = b"\x96\x92\xa9\xd6\xec\x83\xe3\xba"
correct_password = encode(correct_password)
print(correct_password)
p.write(correct_password)
print(p.readall())
|
11. Hex-encoding Practice
1
2
3
4
5
| from pwn import *
correct_password = b"hveetgwy"
correct_password = enhex(correct_password)
print(correct_password)
|
12. Nested Encoding
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| from pwn import *
p = process('/challenge/runme')
correct_password = b"arumrhnj"
correct_password = enhex(correct_password)
correct_password = correct_password.encode("l1")
correct_password = enhex(correct_password)
correct_password = correct_password.encode("l1")
correct_password = enhex(correct_password)
correct_password = correct_password.encode("l1")
correct_password = enhex(correct_password)
correct_password = correct_password.encode("l1")
print(correct_password)
p.write(correct_password)
print(p.readall())
|
13. Hex-encoding UTF-8
1
2
3
4
5
6
7
8
| from pwn import *
p = process('/challenge/runme')
correct_password = "📐 🌍 🍗 🔵".encode("utf-8")
correct_password = enhex(correct_password)
print(correct_password)
p.write(correct_password)
print(p.readall())
|
14. UTF Mixups
1
2
3
4
5
6
7
8
| from pwn import *
correct_password = b"amoozuff"
correct_password = correct_password.decode("latin1")
correct_password = correct_password.encode("utf-16")
print(correct_password)
with open('okeu', 'wb') as file:
file.write(correct_password)
|
15. Modifying Encoded Data
1
2
3
4
5
6
7
8
9
| from pwn import *
correct_password = b"\xf1~\xe6P\xc0\x9a\x1f\xa6"
correct_password = enhex(correct_password)
correct_password = correct_password[::-1]
print(correct_password)
p = process('/challenge/runme')
p.write(correct_password)
print(p.readall())
|
16. Decoding Base64
1
2
3
4
5
6
7
8
9
| from pwn import *
correct_password = b"iAb/uzx0uJQ="
correct_password = b64d(correct_password)
print(correct_password)
p = process('/challenge/runme')
p.write(correct_password)
print(p.readall())
|
17. Encoding Base64
1
2
3
4
5
6
7
8
| from pwn import *
correct_password = b"\\\x0fz\xf4\xe27\xe4\xf3"
correct_password = b64e(correct_password)
print(correct_password)
p = process('/challenge/runme')
p.write(correct_password)
print(p.readall())
|
18. Dealing with Obfuscation
1
2
3
4
5
6
7
8
9
10
11
| from pwn import *
correct_password = b"\x9c\xebn\xb4\xd1\xe5r\x05"
correct_password = correct_password.hex().encode("l1")
correct_password = base64.b64encode(correct_password)
correct_password = correct_password[::-1]
correct_password = correct_password.hex().encode("l1")
print(correct_password)
p = process('/challenge/runme')
p.write(correct_password)
print(p.readall())
|
19. Dealing with Obfuscation 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| from pwn import *
def encode_to_bits(s):
return b"".join(format(c, "08b").encode("latin1") for c in s)
correct_password = b"V\x04\x93\x98\x05\xd4^\r"
correct_password = encode_to_bits(correct_password)
correct_password = base64.b64encode(correct_password)
correct_password = b64e(correct_password)
correct_password = correct_password[::-1]
print(correct_password)
correct_password = b64e(correct_password.encode("l1"))
correct_password = correct_password[::-1]
correct_password = correct_password[::-1]
correct_password = b64e(correct_password.encode('l1'))
p = process('/challenge/runme')
p.write(correct_password)
print(p.readall())
|