https://ringzer0team.com/challenges/13

分类：CodingChanllenge

题目的目标大概就是在两秒内提取Message，再decode，然后得到Flag。

然而显然，手工两秒内提取是不现实的。

所以要用到脚本。

reference：https://github.com/professormahi/CTF/tree/master/ringzer0team/CodingChallenges/Hash%20me%20please

使用工具：curl，sha512sum

小知识普及：

SHA-2 ： https://en.wikipedia.org/wiki/SHA-2

curl ： https://curl.haxx.se/docs/manpage.html

sha512sum : https://linux.die.net/man/1/sha512sum

cat SHA512Hash | sha512sum | head -c 128

egrep & grep & fgrep : http://blog.chinaunix.net/uid-28584525-id-3510819.html

egrep后面跟的正则表达式：这个后面的“+”的前后是不能有空格的哦！

egrep '[[alnum]]+<br />'

sed :

egrep之后的结果如下

6h7WU0UBe8ek6JiEHsISK51yE4wweK6bR3YCUI3ZG89DHh7eAFXaBPz5JVsOwpQdjEF3cyTJxSc4Za9pFXq6CP2cBlQXAx1J1wD4VmEi4HdUHcadZras62uydbmEyddqAHklTOuOmxzTzzWpQWHNP2cT3onrrqHRXS3HxnmJLLsbbfqR1YvHQxqKLD23UAKIiDgGRsfs3yt4EKMwy73fujP6NIZy8A6g3cNLuS3ohnjLXV7mS1sdb7aOGZcEp9LjcoUx7OLf2UQQGO2pGksHislOiojxoUHq8rN66pbY9SEGxxV3IeARwMvF1F3fpAvoR9kOomCn47TsuFl3JLK6o6BfBukQUG5CFggTsJ7nGRF1mRUVsvRHrjMSDWyottQYzWISwF62nBUziFlB039hcLZGyoURIBG8neRJJNCWfnmoSyPJrPRuqG1OVLwtc2sq690GMttRGF5p3LZlqGGHcxlY8IibAAswAj3dCmU9RQpLseXJKtgNQsCP0KRrb9OBjHELTpLB61dp50YGj4k0nMFdnmvom9QvGl7pBJRxAUMwKB2UvcKJPgM2t7hF7X1D9ZTAyAYYkBkU2dEogeXVkzODxV9uJ1YIQH9e7X3hoe2hhwvoBiaMIOg5Agqa7fJOMISKwMSLQKSY7dczlccTRiPho6imbR0OpJoMl7n2H6RF9T4lW65DfLLuHTGJBxoR6DtiAHb8DSDDCxOouJSzkuTSeqsFOGmK9FTAcUyGD195pNkKn2aynUhrazWO68p6E9wHTVdmNdi2QsD4lDsynzPoZB3VAiR5heD1ZGeCJmvqEYlPsEdF4TUTlNFMWnH3raVhHZJhb5yGUJmcdpI79sRk5mXSzuLRvxY2myaotyUd86gbmO9l7Qw32jLsEn9ZKYSWnSaHhVLfSRh4wggtWDnONY6hc67MVPz8yAFGlgL3YTYkZ4ELyRpbGmiIjgk4WK3kayRmFtgtc4D1Z7CnPSol5xUeD49pF2AFqiRVBYfDSIvIGYVmGaxByhG1cFhH<br />

接下来我们的目的是去掉后面的<br />

略 | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' 

在这里我们使用了sed指令，这个-r是 use extended regular expressions in the script.

s/是用来替换的格式是's/A/B/'用B替换A！

/g是比表明是全面替换

< br />中多了一个\是因为指令中分辨不出来“/”，所以用“\”标记出来。

所以指令的意思就是删< br />,删空格，删\t

head : http://blog.csdn.net/u010585120/article/details/48027611

head -c N #显示N个字节

chrome : 提取curl的一个小tip（ctrl + shift + I）（element）（network）

最终自己成功的脚本如下

注意里面的Cookie是自己提取的哦～

#!/bin/bash
set -x

curl 'https://ringzer0team.com/challenges/13' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: https://ringzer0team.com/challenges' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed --output cipher
cat cipher | egrep '[[:alnum:]]+<br />' | sed -r 's/<br \/>//g' | sed 's/ //g' | sed 's/\t//g' | head -c 1024 > res
cat res | sha512sum | head -c 128  > sha 

r=`cat sha`

curl "https://ringzer0team.com/challenges/13/$r" -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Cookie: PHPSESSID=3h4ckdskpiego50h3r11njf8g3; _ga=GA1.2.1964009795r1426406003' -H 'Accept-Language: en-US,en;q=0.8,fa;q=0.6' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36' --compressed --output finalres

创建时间：2017.5.14