securityoverridehacking challenge 解题思路汇总——Programming
上一部分在steganography遇到了困难,直接跳过。于是就进入最拿手的programming部分了。这部分我是用python完成的,并且通过直接写入剪切板来提高提交速度。除了captcha的解析,其他基本都没什么难度。在这里我也不过多解释了,直接上代码,也没啥注释。
6 Programming
6.1 Basic String Manipulation
import sys,gtk
input = sys.argv[1];
result = ['a']* len(input)
result[0] = input[0]
for i in range(1,len(input)):
result[i] = input[len(input)-i]
result = "".join(result)
print result
clipboard = gtk.clipboard_get()
clipboard.set_text(result)
clipboard.store()6.2 Basic ASCII Manipulation
import sys,gtk
input = sys.argv[1];
sum = 0;
for c in input:
sum+=ord(c);
print sum
clipboard = gtk.clipboard_get()
clipboard.set_text(str(sum))
clipboard.store()
6.3 Word Unscrambling
import sys,gtk
file = open('list.txt','r')
dict = {}
for word in file.read().split(', '):
sum=0
for c in word:
index = ord(c)-96
sum = sum + index*index
# print sum,word
dict[sum] = word;
input = input("Enter the word list: ")
list = []
for word in input.split(', '):
sum=0
for c in word:
index = ord(c)-96
sum = sum + index*index
print word,dict[sum]
list.append(dict[sum])
print ', '.join(list)
clipboard = gtk.clipboard_get()
clipboard.set_text(', '.join(list))
clipboard.store()
6.4 Basic Geometry
import sys,math,gtk
length = float(sys.argv[1]);
print math.sqrt(length*length*5)
clipboard = gtk.clipboard_get()
clipboard.set_text(str(math.sqrt(length*length*5)))
clipboard.store()
6.5 String Positioning
import sys,gtk
file = open('data.txt','r')
list = []
row = 1
for line in file:
col = 0
for c in line:
if c == '@':
list.append('{0}-{1}'.format(row, col))
print '{0}-{1}'.format(row, col)
col+=1
row+=1
print ', '.join(list)
clipboard = gtk.clipboard_get()
clipboard.set_text(', '.join(list))
clipboard.store()
6.6 Trinomial Factoring
import sys,math,gtk
x = int(sys.argv[1])
y = int(sys.argv[2])
i = 1
while i < x:
if i*(x-i)==y:
print '(x+{0})(x+{1})'.format(i,y/i)
clipboard = gtk.clipboard_get()
clipboard.set_text('(x+{0})(x+{1})'.format(i,y/i))
clipboard.store()
exit()
i+=16.7 Prime Factorization
import sys,gtk
num = int(sys.argv[1])
i = 2
sum = 0
while num > 1:
if num%i == 0:
sum += i
num /= i
else:
i+=1
print sum
clipboard = gtk.clipboard_get()
clipboard.set_text(str(sum))
clipboard.store()6.8 Advanced Geometry
import sys,math,gtk
a = float(sys.argv[1]);
b = float(sys.argv[2]);
c = float(sys.argv[3])/2;
print a*a,b*b,c*c
b=b-math.sqrt(a*a-c*c)
print '%.3f'%math.sqrt(b*b+c*c)
clipboard = gtk.clipboard_get()
clipboard.set_text('%.3f' % math.sqrt(b*b+c*c))
clipboard.store()
6.9 Calender Algorithm
import sys,datetime,re,gtk
month = {'January':1,'February':2,'March':3,'April':4,'May':5,'June':6,\
'July':7,'August':8,'September':9,'October':10,'November':11,'December':12}
week = ['Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday']
result = []
input = sys.argv[1]
for date in input.split(';'):
g = re.search("([a-zA-Z]*) ([\d]*), ([\d]*)", date)
if g:
result.append(week[datetime.date(int(g.group(3)),month[g.group(1)],int(g.group(2))).isocalendar()[2]-1])
print '; '.join(result)
clipboard = gtk.clipboard_get()
clipboard.set_text('; '.join(result))
clipboard.store()
6.10 Crawler Script
import sys,urllib2,gtk
password = sys.argv[1].split("; ")
result = []
opener = urllib2.build_opener()
opener.addheaders = [("Host","securityoverride.org"),("User-Agent","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"),("Cookie","fusion_visited=yes; _ga=GA1.2.271230493.1440901337; fusion_user=20054.d30ac1dc453e1123b35cada839aa4cb1; PHPSESSID=33ced08d8edb04f818cef0eb7b1c4436; fusion_lastvisit=1443238804; _gat=1")]
for i in range(1,101):
content = opener.open("http://securityoverride.org/challenges/programming/10/moo/%d/"%i).read()
if content in password:
result.append("%d:%s"%(i,content))
print "; ".join(result)
clipboard = gtk.clipboard_get()
clipboard.set_text('; '.join(result))
clipboard.store()6.11 Captcha Cracking
这一题需要说明一下,因为我是没有做出来的。我尝试了多个开源的ocr库,最主要的就是gocr和tesseract-ocr,结果都不能保证百分百正确。主要是这题给的图片分辨率极低,因此很难准确识别。在我的代码中,我尝试了暴力破解,即自动下载图片,自动提交,但是跑了一个通宵也没有成功。基本上来说,错误是肯定的。看了下论坛里面的讨论,似乎做出来的人都是自己写的ocr算法,然后自己给sample解出来。这样子确实能够针对这个题目给出比较高的正确率,因为sample和实际图片是一致的。不过估计写这个算法耗时会比较多,兴趣不大,也就直接跳过了。
import sys,urllib2,gtk,os,urllib,time
opener = urllib2.build_opener()
opener.addheaders = [("Host","securityoverride.org"),("User-Agent","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"),("Cookie","fusion_visited=yes; _ga=GA1.2.271230493.1440901337; fusion_user=20054.d30ac1dc453e1123b35cada839aa4cb1; PHPSESSID=952a6630f6dbc8e747e0b9ce40da9c99; fusion_lastvisit=1443242238; _gat=1"),("Accept","image/png,image/*;q=0.8,*/*;q=0.5")]
while True:
time.sleep(20)
opener.open('http://securityoverride.org/challenges/programming/11/index.php').read()
content = opener.open("http://securityoverride.org/challenges/programming/11/php_captcha.php").read()
imageFile = open("captcha.jpeg","w")
imageFile.write(content)
imageFile.close()
os.system("convert -sharpen 2 -resize 120% captcha.jpeg captcha.pnm")
# os.system("export TESSDATA_PREFIX='/usr/share/tesseract-ocr';tesseract captcha.pnm out -l eng -psm 7 hexs")
# result = os.popen('cat out.txt').read()
result = os.popen('gocr -i captcha.jpeg -C 0-9a-f').read().replace('\n','').replace('\r','');
print result
values = {'string':result,'submitbutton':'12 seconds to Submit',"CSRF_TOKEN":""}
print values
post_data = urllib.urlencode(values)
response = opener.open('http://securityoverride.org/challenges/programming/11/index.php', post_data)
page_result = ""
finished = False
while not finished:
data = response.read()
page_result+=data
if not data:
finished = True
if "You have entered an incorrect string." not in page_result:
print page_result
break;
print "next round"
pass
6.12 (5 Variable Equation)^3
a=b=c=d=e=1
max = 10
while a < max:
b = 1
while b < max:
c = 1
while c < max:
d = 1
while d < max:
e=1
while e < max:
sum = a+b+c+d+e
result = a*10000+b*1000+c*100+d*10+e
# print resut
if sum*sum*sum == result:
print a,b,c,d,e
e+=1
d+=1
c+=1
b+=1
a+=1
print "none"6.12 Barcode Interpretation
def decode(list):
if list[0] == 3:
if list[1] == 2:
return 0
if list[1] == 1:
return 9
if list[0] == 2:
if list[1] == 2:
return 1
if list[1] == 1:
return 2
if list[0] == 1:
if list[1] == 4:
return 3
if list[1] == 3:
return 7
if list[1] == 2:
if list[2] == 3:
return 5
if list[2] == 1:
return 8
if list [1] == 1:
if list[2] == 3:
return 4
if list[2] == 1:
return 6
import sys,urllib2,gtk,os,urllib,time
from PIL import Image
opener = urllib2.build_opener()
opener.addheaders = [("Host","securityoverride.org"),("User-Agent","Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"),("Cookie","fusion_visited=yes; _ga=GA1.2.271230493.1440901337; fusion_user=20054.d30ac1dc453e1123b35cada839aa4cb1; PHPSESSID=952a6630f6dbc8e747e0b9ce40da9c99; fusion_lastvisit=1443242238; _gat=1"),("Accept","image/png,image/*;q=0.8,*/*;q=0.5")]
content = opener.open("http://securityoverride.org/challenges/programming/13/img.php").read()
imageFile = open("img.png","w")
imageFile.write(content)
imageFile.close()
os.system("convert img.png img.pnm")
im = Image.open('img.pnm')
pixels = list(im.getdata())
result = []
lastColor = 255
count = 0
for i in range(3,46):
if pixels[i][0] == lastColor:
count+=1
else:
result.append(count)
count = 1
lastColor = pixels[i][0]
lastColor = 0
count = 0
for i in range(50,87):
if pixels[i][0] == lastColor:
count+=1
else:
result.append(count)
count = 1
lastColor = pixels[i][0]
result = [decode(result[4*i:4*i+4]) for i in range(11)]
print result
sum = sum([result[i*2] for i in range(6)]) * 3 + sum(result[i*2+1] for i in range(5))
print "%d:%d"%(sum,sum/10*10+10-sum)
clipboard = gtk.clipboard_get()
clipboard.set_text("%d:%d"%(sum,sum/10*10+10-sum))
clipboard.store()