Python Wrangling

link: https://play.picoctf.org/practice/challenge/166

題目

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

題目內連結

this Python script
this password
the flag

解法

這題考的就是會不會使用 Python 而已。

不過可以額外學到一些 Python 工具撰寫,是學習上的好題目。

總之,下載檔案:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

習慣用 wget 下載

wget https://mercury.picoctf.net/static/1b247b1631eb377d9392bfa4871b2eb1/ende.py wget https://mercury.picoctf.net/static/1b247b1631eb377d9392bfa4871b2eb1/pw.txt wget https://mercury.picoctf.net/static/1b247b1631eb377d9392bfa4871b2eb1/flag.txt.en

然後我們先來看看 Python 的 code:

import sys import base64 from cryptography.fernet import Fernet usage_msg = "Usage: "+ sys.argv[0] +" (-e/-d) [file]" help_msg = usage_msg + "\n" +\ "Examples:\n" +\ " To decrypt a file named 'pole.txt', do: " +\ "'$ python "+ sys.argv[0] +" -d pole.txt'\n" if len(sys.argv) < 2 or len(sys.argv) > 4: print(usage_msg) sys.exit(1) if sys.argv[1] == "-e": if len(sys.argv) < 4: sim_sala_bim = input("Please enter the password:") else: sim_sala_bim = sys.argv[3] ssb_b64 = base64.b64encode(sim_sala_bim.encode()) c = Fernet(ssb_b64) with open(sys.argv[2], "rb") as f: data = f.read() data_c = c.encrypt(data) sys.stdout.write(data_c.decode()) elif sys.argv[1] == "-d": if len(sys.argv) < 4: sim_sala_bim = input("Please enter the password:") else: sim_sala_bim = sys.argv[3] ssb_b64 = base64.b64encode(sim_sala_bim.encode()) c = Fernet(ssb_b64) with open(sys.argv[2], "r") as f: data = f.read() data_c = c.decrypt(data.encode()) sys.stdout.buffer.write(data_c) elif sys.argv[1] == "-h" or sys.argv[1] == "--help": print(help_msg) sys.exit(1) else: print("Unrecognized first argument: "+ sys.argv[1]) print("Please use '-e', '-d', or '-h'.")

可以注意到他有 -e/-d 選項,猜測 -e 代表加密,而 -d 代表解密。

不過其實也不用這麼麻煩,因為這個工具還有 -h

所以我們就 key -h 來看看:

python ende.py -h # Usage: ende.py (-e/-d) [file] # Examples: # To decrypt a file named 'pole.txt', do: '$ python ende.py -d pole.txt'

如果不能使用,請見進階探討

總之,就是按照他的說明使用其實就可以了!

$ cat pw.txt dbd1bea4dbd1bea4dbd1bea4dbd1bea4 $ python ende.py -d flag.txt.en Please enter the password:dbd1bea4dbd1bea4dbd1bea4dbd1bea4 picoCTF{4p0110_1n_7h3_h0us3_dbd1bea4}

這邊我用 $ 表示 prompt 藉以區分指令跟輸出。

就得到答案了。

進階探討

我們可以來看一下關於這個 Python 程式:

from cryptography.fernet import Fernet

這個 cryptography 函式庫並非內建函式,如果沒有預裝的話,請記得先在自己的環境下預裝。

pip install cryptography

我是使用其提供的 webshell ,內建很多好用的 library,因此不用特別裝。

這個函式庫我也還在研究,感覺上應該滿有用的!

後面再來慢慢探討。

結語

picoCTF的 webshell 的 python 裝了不少 library,但是因為太長,所以請自己上去看:

pip list

但是滿有參考價值的啦!