大吉杯DJBCTF - re - 部分WP

A-Maze-In

迷宮題，WDLR控制上下左右，數(shù)組是328的
映射的迷宮是88的，我理解為每四位顯示著該位置的上下左右能不能走，為1能走為0不能走
寫深度優(yōu)先搜索腳本

import syssys.setrecursionlimit(100000) # 遞歸限制 mkey = [0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00,0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00,0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01,0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00,0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00,0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00,0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00,0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00,0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01,0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01,0x00, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01,0x01, 0x00, 0x01, 0x00 ] road = [] flag = 0def smaze(row, col, n):global flagglobal roadif row == 7 and col == 4:flag = 1if flag == 1:if len(road)==34:print("".join(road))return 1if mkey[32 * row + col * 4 + 0] == 1 and n != 'D':if row > 0:road.append('U')smaze(row - 1, col, 'U')if mkey[32 * row + col * 4 + 1] == 1 and n != 'U':if row < 7:road.append('D')smaze(row + 1, col, 'D')if mkey[32 * row + col * 4 + 2] == 1 and n != 'R':if col > 0:road.append('L')smaze(row, col-1, 'L')if mkey[32 * row + col * 4 + 3] == 1 and n != 'L':if col < 7:road.append('R')smaze(row, col+1, 'R')if len(road) != 0:road.pop()#print(road)if __name__ == '__main__':smaze(0,3,'0')# LLDRRDLLLDRDLDDDRRULURRULURRDDDLDR

nc得到flag

Matara Okina

def andr():ans = "@lgvjocWzihodmXov[EWO"se = [i for i in ans]for i in range(len(ans)//2):k = i+1se[i] = chr(ord(ans[i])^k)i = len(ans)-1-ise[i] = chr(ord(ans[i])^k)print(''.join(se))andr()

解出來

Android_scheme_is_FUN

參考博客https://www.cnblogs.com/whoislcj/p/5825333.html

構(gòu)造出鏈接

<a href="sh0w://p4th/70/1nput?secret=Android_scheme_is_FUN">打開APP</a>

得到flagflag{sh0w://p4th/70/1nput?secret=Android_scheme_is_FUN_1635b71e036d}

anniu

用灰色按鈕克星得到flag

warmup

程序里有個數(shù)組，會將輸入變換后依次填入數(shù)組的0xFF位

驗證數(shù)組

是個數(shù)獨游戲，16x16的數(shù)獨……

自己輸入了半天輸入錯了還，就用selenium寫了個自動輸入

from selenium import webdriver from time import sleep map = [0x08, 0x0E, 0xFF, 0x0C, 0x09, 0x0D, 0xFF, 0x01, 0x0A, 0x0F, 0x03, 0x0B,0x00, 0x02, 0xFF, 0x04, 0x01, 0x06, 0x03, 0x02, 0x05, 0x0A, 0x07, 0x00,0x08, 0x09, 0xFF, 0x04, 0x0F, 0x0E, 0x0B, 0x0D, 0x0A, 0x00, 0xFF, 0x0D,0x04, 0x0F, 0x03, 0x0B, 0x07, 0x05, 0x0E, 0x02, 0x06, 0x08, 0x0C, 0x01,0x04, 0x0B, 0x05, 0x0F, 0xFF, 0x02, 0xFF, 0x0C, 0x06, 0x0D, 0x01, 0x00,0xFF, 0x0A, 0x03, 0x09, 0x02, 0x0A, 0xFF, 0x03, 0x0D, 0x00, 0x0B, 0x05,0x0C, 0xFF, 0x09, 0x01, 0xFF, 0x0F, 0x07, 0x0E, 0x0D, 0x07, 0x0C, 0x0B,0x0F, 0x0E, 0x0A, 0x08, 0x00, 0xFF, 0x05, 0x03, 0x09, 0x06, 0x01, 0x02,0xFF, 0x01, 0x0F, 0xFF, 0x0C, 0x09, 0x04, 0x06, 0x02, 0x0E, 0x0D, 0xFF,0xFF, 0x03, 0x0A, 0xFF, 0x09, 0x04, 0x06, 0x0E, 0x02, 0x07, 0x01, 0x03,0x0B, 0x08, 0x0A, 0x0F, 0x05, 0xFF, 0x00, 0x0C, 0xFF, 0x03, 0x0A, 0x07,0x0E, 0x08, 0x0C, 0x04, 0x09, 0xFF, 0x00, 0x0D, 0x02, 0xFF, 0x06, 0xFF,0x0C, 0x09, 0x01, 0xFF, 0x0B, 0x03, 0x0F, 0x0D, 0x0E, 0x0A, 0xFF, 0xFF,0x08, 0x00, 0x04, 0x07, 0x06, 0x0D, 0x00, 0x08, 0x0A, 0x01, 0x02, 0xFF,0xFF, 0x07, 0x04, 0x05, 0x0C, 0x0B, 0xFF, 0x0F, 0x0B, 0x02, 0x0E, 0xFF,0x00, 0xFF, 0x05, 0xFF, 0x0F, 0x01, 0xFF, 0x0C, 0x0A, 0x09, 0x0D, 0x03,0xFF, 0x0F, 0x0B, 0xFF, 0x03, 0x0C, 0xFF, 0x0E, 0x05, 0xFF, 0xFF, 0x09,0xFF, 0x04, 0x08, 0x0A, 0x0E, 0x08, 0xFF, 0xFF, 0x07, 0x05, 0x0D, 0x0F,0x04, 0x03, 0xFF, 0xFF, 0x01, 0x0C, 0x09, 0x00, 0xFF, 0x05, 0x0D, 0x09,0x06, 0x04, 0x08, 0x0A, 0x01, 0x0C, 0x0F, 0x0E, 0xFF, 0x07, 0x02, 0x0B,0x03, 0xFF, 0x04, 0x0A, 0xFF, 0x0B, 0x09, 0x02, 0x0D, 0x00, 0xFF, 0x08,0x0E, 0xFF, 0x0F, 0x06 ] l = [] key = []def warmup():for i in range(16):for j in range(16):k = map[16 * i + j]if k != 0xFF:print(k + 1, '\t', end="")l.append(k + 1)else:print('#\t', end='')l.append("")key.append(16 * i + j)print('')warmup() # 4 自定義設(shè)置chrome路徑，并用chromedriver控制 options = webdriver.ChromeOptions() #options.add_argument('--headless') #options.add_argument('--disable-gpu')# chrome可執(zhí)行文件的路徑，需要修改chrome文件名 options.binary_location = r'F:\palmer\MiniSoftware\RunningCheeseChrome\App\chrom.exe' bro = webdriver.Chrome(executable_path='./chromedriver.exe',chrome_options=options) bro.get('https://sudokuspoiler.azurewebsites.net/Sudoku/Sudoku16') # page_source 獲取瀏覽器當(dāng)前頁面的html源碼數(shù)據(jù) page_text = bro.page_source input_list = bro.find_elements_by_tag_name('input') print(input_list) for i in range(256):input_list[i].send_keys(l[i]) but = bro.find_element_by_xpath('//*[@id="solveButton"]') sleep(1) but.click() sleep(5) nflag = [] for i in key:nflag.append(input_list[i].get_attribute('value')) print(nflag) # nflag = ['8', '7', '6', '13', '10', '9', '15', '8', '9', '7', '5', '5', '6', '1', '8', '12', '9', '14', '16', '12', '2', '6', '6', '3', '7', '10', '4', '15', '5', '7', '8', '9', '8', '2', '1', '3', '7', '14', '3', '7', '12', '11', '1', '4', '13', '2', '8', '6'] flag = "" for i in nflag:i = int(i, 10) - 1if i < 10:flag += (str(i))else:flag += (chr(87 + i)) print('flag{' + flag + '}') # flag{765c98e78644507b8dfb1552693e467871026d26ba03c175} bro.quit()

總結(jié)

以上是生活随笔為你收集整理的re学习笔记（71）大吉杯DJBCTF - re - 部分WP的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。