- 来源:Root-Me
- 题型:Programming
- 题目:Encoded string
- 分数:10 Points
水题,与 Go back to college 一模一样的解题方法,只是跟 robot 的交互消息改变了而已。
可以去参考 Go back to college 的解题报告,这两题的代码基本一模一样。
这题不再是计算 robot Candy 给出的数值,而是要求对 Candy 给出的密文进行解码。
样例的密文是 Um9vdE1l,明文是 RootMe,由于不需要密钥,很简单就试出来是使用 Base64 编码进行的加密。
换言之我们直接做 Base64 解码就好,解题代码贴在下面(python 版本为 3.5.2):
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import base64
import re
import socket
CHARSET = 'utf-8'
def send_cmd(irc_sock, cmd) :
"""
发送命令到 IRC 服务器
Args:
irc_sock: 与 IRC 服务器的 socket 连接
cmd: 待发送的命令(不需 \r\n 结束符,会自动补全)
Returns:
None
"""
print(' => %s' % cmd)
irc_sock.send(('%s\r\n' % cmd).encode(CHARSET))
return
def send_msg(irc_sock, to, msg) :
"""
发送 PRIVMSG 私信命令到 IRC 服务器
Args:
irc_sock: 与 IRC 服务器的 socket 连接
to: 接收私信的对象
msg: 待发送的私信内容
Returns:
None
"""
cmd = 'PRIVMSG %s :%s' % (to, msg)
send_cmd(irc_sock, cmd)
return
def conn_irc(irc_host, irc_port, irc_chan, username, anywords) :
"""
连接到 IRC 服务器的指定聊天频道
Args:
irc_host: IRC 服务器主机
irc_port: IRC 服务端口
irc_chan: IRC 聊天频道
username: 在 IRC 聊天室标识自己身份的昵称(任意值均可,只要未被他人在 IRC 上使用即可)
anywords: 首次加入 IRC 聊天室后用于打招呼的语句,任意即可
Returns:
irc_sock: 与 IRC 服务器的 socket 连接
"""
irc_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
irc_sock.connect((irc_host, irc_port))
# NICK 和 USER 命令必须先发送,以声明自己身份
# (注意同一个 IP 不能同时开两次以上的连接,否则只有第一次能够注册成功)
send_cmd(irc_sock, 'NICK %s' % username)
send_cmd(irc_sock, 'USER %s %s %s :%s' % (username, username, username, anywords))
send_cmd(irc_sock, 'JOIN %s' % irc_chan) # 加入频道
return irc_sock
def interface(irc_sock, bot_name, username) :
"""
在 IRC 聊天室与 robot 进行消息交互
Args:
irc_sock: 与 IRC 服务器的 socket 连接
bot_name: 机器人的昵称
username: 自己的昵称
Returns:
None
"""
finish = False
while finish == False :
rsp_data = irc_sock.makefile(encoding=CHARSET)
# 逐行解析响应数据
for line in rsp_data:
print(line, end='')
if line.startswith('PING') :
send_cmd(irc_sock, line.replace('PING', 'PONG'))
# :EXP!EXP@hzv-tsd.o51.eaqa1b.IP MODE EXP +x
elif line.startswith(':%s' % username) :
send_msg(irc_sock, bot_name, '!ep2')
# :Candy!Candy@root-me.org PRIVMSG EXP :WGdVSXdIaG5kOW9Vd3JQWkJzQXVsUnRqbWw=
elif line.startswith(':%s' % bot_name) :
mth = re.match(r':.+?:(\S+)$', line)
if mth :
cipher = mth.group(1)
byte = base64.b64decode(cipher) # base64 解码
plain = bytes.decode(byte, CHARSET) # byte 转字符串
send_msg(irc_sock, bot_name, '!ep2 -rep %s' % plain)
else :
send_cmd(irc_sock, 'QUIT') # 退出聊天频道
finish = True
break
return
if __name__ == '__main__' :
irc_host = 'irc.root-me.org'
irc_port = 6667
irc_chan = '#root-me_challenge'
bot_name = 'Candy'
username = 'EXP'
anywords = 'http://exp-blog.com'
# 连接到 ROOTME 的 IRC 聊天室并加入 CHALLENGE 聊天频道
irc_sock = conn_irc(irc_host, irc_port, irc_chan, username, anywords)
# 在聊天室与 robot 进行消息交互
interface(irc_sock, bot_name, username)
# 关闭 IRC 的 socket 连接
irc_sock.shutdown(2)
irc_sock.close()
需要注意的是,python3 的 Base64 解码出来是 byte ,需要转换成字符串后再发送到 IRC 。
运行代码后,结果如下:
# encoded_string.py
=> NICK EXP
=> USER EXP EXP EXP :http://exp-blog.com
=> JOIN #root-me_challenge
:irc.hackerzvoice.net NOTICE Auth :*** Looking up your hostname...
:irc.hackerzvoice.net 451 JOIN :You have not registered
:irc.hackerzvoice.net NOTICE Auth :*** Could not resolve your hostname: Domain name not found; using your IP address (223.74.73.30) instead.
:irc.hackerzvoice.net NOTICE Auth :Welcome to HackerzVoice!
:irc.hackerzvoice.net 001 EXP :Welcome to the HackerzVoice IRC Network EXP!EXP@223.74.73.30
:irc.hackerzvoice.net 002 EXP :Your host is irc.hackerzvoice.net, running version InspIRCd-2.0
:irc.hackerzvoice.net 003 EXP :This server was created 19:52:09 Aug 12 2013
:irc.hackerzvoice.net 004 EXP irc.hackerzvoice.net InspIRCd-2.0 BHIRSWcghiorswx FLMNPRSYabcefhijklmnopqrstvz FLYabefhjkloqv
:irc.hackerzvoice.net 005 EXP AWAYLEN=200 CALLERID=g CASEMAPPING=rfc1459 CHANMODES=be,k,FLfjl,MNPRScimnprstz CHANNELLEN=64 CHANTYPES=# CHARSET=ascii ELIST=MU EXCEPTS=e EXTBAN=,NRSUcjmz FNC KICKLEN=255 MAP :are supported by this server
:irc.hackerzvoice.net 005 EXP MAXBANS=60 MAXCHANNELS=20 MAXPARA=32 MAXTARGETS=20 MODES=20 NETWORK=HackerzVoice NICKLEN=31 OVERRIDE PREFIX=(Yqaohv)!~&@%+ SECURELIST SSL=0.0.0.0:6697 STARTTLS STATUSMSG=!~&@%+ :are supported by this server
:irc.hackerzvoice.net 005 EXP TOPICLEN=307 USERIP VBANLIST WALLCHOPS WALLVOICES :are supported by this server
:irc.hackerzvoice.net 042 EXP 959AAU9WF :your unique ID
:irc.hackerzvoice.net 375 EXP :irc.hackerzvoice.net message of the day
:irc.hackerzvoice.net 372 EXP :- ██████████ ╻ ╻┏━┓┏━╸╻┏ ┏━╸┏━┓╺━┓╻ ╻┏━┓╻┏━╸┏━╸
:irc.hackerzvoice.net 372 EXP :- ████████ ██ ┣━┫┣━┫┃ ┣┻┓┣╸ ┣┳┛┏━┛┃┏┛┃ ┃┃┃ ┣╸
:irc.hackerzvoice.net 372 EXP :- ██ ██ ██ ╹ ╹╹ ╹┗━╸╹ ╹┗━╸╹┗╸┗━╸┗┛ ┗━┛╹┗━╸┗━╸
:irc.hackerzvoice.net 372 EXP :- ██████████████
:irc.hackerzvoice.net 372 EXP :- ██████████ IRC network at irc.hackerzvoice.net.
:irc.hackerzvoice.net 372 EXP :- ██ ██ ██ HZV will never die.
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- Bienvenue sur l'irc HackerzVoice !
:irc.hackerzvoice.net 372 EXP :- ==================================
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- - Besoin d'aide ? Rejoignez nous sur #help : /join #help
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- ----- Règles du serveur --------------------------------------
:irc.hackerzvoice.net 372 EXP :- [+] No flooding
:irc.hackerzvoice.net 372 EXP :- [+] No DoS bots
:irc.hackerzvoice.net 372 EXP :- [+] No clones
:irc.hackerzvoice.net 372 EXP :- [+] No spamming
:irc.hackerzvoice.net 372 EXP :- [+] No takeovers
:irc.hackerzvoice.net 372 EXP :- [+] No whiners
:irc.hackerzvoice.net 372 EXP :- --------------------------------------------------------------
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- Il est possible de se connecter à ce serveur :
:irc.hackerzvoice.net 372 EXP :- - irc.hackerzvoice.net:6667
:irc.hackerzvoice.net 372 EXP :- - irc.hackerzvoice.net:6697 (SSL)
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- ### Contact
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- Admin : Hackira (hackira@hzv.fr)
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- #### Sites web
:irc.hackerzvoice.net 372 EXP :- - https://www.hackerzvoice.net/
:irc.hackerzvoice.net 372 EXP :- - https://www.lehack.org/
:irc.hackerzvoice.net 372 EXP :-
:irc.hackerzvoice.net 372 EXP :- #### Réseaux sociaux
:irc.hackerzvoice.net 372 EXP :- - Twitter : https://www.twitter.com/asso_hzv
:irc.hackerzvoice.net 376 EXP :End of message of the day.
:irc.hackerzvoice.net 251 EXP :There are 251 users and 85 invisible on 2 servers
:irc.hackerzvoice.net 252 EXP 2 :operator(s) online
:irc.hackerzvoice.net 254 EXP 107 :channels formed
:irc.hackerzvoice.net 255 EXP :I have 316 clients and 1 servers
:irc.hackerzvoice.net 265 EXP :Current Local Users: 316 Max: 355
:irc.hackerzvoice.net 266 EXP :Current Global Users: 336 Max: 375
:irc.hackerzvoice.net 396 EXP hzv-tsd.o51.eaqa1b.IP :is now your displayed host
:EXP!EXP@hzv-tsd.o51.eaqa1b.IP MODE EXP +x
=> PRIVMSG Candy :!ep2
:Candy!Candy@root-me.org PRIVMSG EXP :WGdVSXdIaG5kOW9Vd3JQWkJzQXVsUnRqbWw=
=> PRIVMSG Candy :!ep2 -rep XgUIwHhnd9oUwrPZBsAulRtjml
:Candy!Candy@root-me.org PRIVMSG EXP :You dit it! You can validate the challenge with the password Viv3l"64
=> QUIT
Process finished with exit code 0其实前面一大段 :irc.hackerzvoice.net ****** 都是连接到 IRC 聊天室后自动返回的画屏信息,最后几行才是真正的交互内容。显然地,我计算出了结果并成功得到了密码。
注:若网络不好导致 2秒内 没有发送成功, IRC 会提示
too late,多试几次就好
答案下载
flag 下载后的 flagzip 的文件需要手动更改后缀为
*.zip,然后解压即可(为了避免直接刷答案)
