http://www.cn-hack.cn/qs/5.htm
第一关
按着本来的套路是应该先看一波源代码,然后再进行分析,后来发现只要我一点击右键就会弹框,很可能他禁用了右键,我就把这个题放下了,昨天晚上看了看别人的操作,原来可以先随意查看一个网页的源代码,再把上面的网址进行修改
eg:原网页 https://www.baidu.com/
源代码页 view-source:https://www.baidu.com/
我们就可以直接输入 view-source:http://www.cn-hack.cn/qs/5.htm
就可以看到网页的源代码了
找到第二关的地址
第二关
给了一张图片,想要下载下来分析,但是还是禁用了右键,只好用和第一关同样的操作来进行
修改后缀为txt在文档中发现了第三关的地址
第三关
给了一段加密后的字符串,一看就是url编码,所以直接解码就能得到第四关的地址
第四关
让输入用户名和密码的提示框,在想着爆破密码之前,我先看一看源码,发现根本没有提交数据这一操作,也就是,无论你提交什么东西上去,全都会返回用户名和密码错误。但是在源码中间我们看到一个1.htm的网页,命名就很奇怪,点进去发现第五关的地址
第五关
只让输入两个字母作为密码,第一时间想到的就是爆破,爆破就要写字典
附上刚学会的垃圾脚本
with open("1.txt","w") as f:
A=["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]
B=["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]
for i in A:
for j in B :
f.write("%s%s"%(i,j)+"\n")然后看返回的信息为200的页面,为什么要看返回信息是200
http statusCode(状态码):
200-206都表示服务器成功处理了请求代码
300-3007表示的意思是:要完成请求,您需要进一步进行操作。通常,这些状态代码是永远重定向的。
https://www.douban.com/note/218418718/