USTCHackergame2018之”我是谁”
第一次参加这种夺旗赛,以前没接触过,马上上网查查资料,也只能做简单的题,花了两天,战果如下。
做出来的都是不需要很多知识的体力题,也是通过人数最多的那些。
“我是谁”这题好多人做出来,我是两天后才做出来。。
解题
显示
Who am I?
「我是谁?」「我从哪里来?」
「将到哪里去?」
据说有这样三个有趣的哲学问题。
现在,请帮我回答第一个问题吧。
Can you tell me who I am?
submit
让提交一个字符串
如果随便填,会跳转到
http://202.38.95.46:12005/identity
显示
I am not really sure whether your answer is right.
You should probably try again.
之前一直以为信息在这个网页。。
User-Agent,Server,Cookie都试过了,不是
其实在原网页按F12查看Network
就可发现
Status Code:418 I’M A TEAPOT
填入 TEAPOT 提交,正确!!
显示
Yes, I finally realized that I am a teapot!
This is my gift for you:
flag{i_canN0t_BReW_c0ffEE!}
Come to This Link, help me brew some tea, and you can get the 2nd FLAG!
得到第一个Flag
flag{i_canN0t_BReW_c0ffEE!}
点This Link进入
http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea
显示
Brewing tea is not so easy.
Try using other methods to request this page.
http请求的method包括get post head等
用python写代码
import requests as re
response=re.request("post","http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea/")
print(response.status_code)
print(response.text)
print(response.headers)
输出了
200
<p>The method "POST" is deprecated.</p> <p>See RFC-7168 for more information.</p>{‘Content-Type’: ‘text/html; charset=utf-8’, ‘Content-Length’: ‘107’, ‘Server’: ‘Werkzeug/0.14.1 Python/3.6.6’, ‘Date’: ‘Fri, 12 Oct 2018 06:46:43 GMT’}
418
上网搜索RFC-7168,官网为https://tools.ietf.org/html/rfc7168
发现是一个恶搞的协议,茶壶协议
The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA)
类似的一个协议是RFC-2324,咖啡壶协议
Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)
HTCPCP继承了HTTP,
但新增了method
2.1. BREW and POST Methods
Control of a TEA-capable pot is performed, as described in the base
HTCPCP specification, through the sending of BREW requests. POST
requests are treated equivalently, but they remain deprecated. Tea
production differs from coffee, however, in that a choice of teas is
often provided for client selection before the tea is brewed. To
this end, a TEA-capable pot that receives a BREW message of content
type “message/teapot” MUST respond in accordance with the URI
requested, as below.
并且
The “message/coffeepot” media type
The entity body of a POST or BREW request MUST be of Content-Type
“message/coffeepot”. Since most of the information for controlling
the coffee pot is conveyed by the additional headers, the content of
“message/coffeepot” contains only a coffee-message-body:coffee-message-body = “start” | “stop”
header需要加Content-Type = "message/coffeepot"
修改python代码
import requests as re
headers={'Content-Type':'message/teapot'}
response=re.request("brew","http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea/black_tea",headers=headers)
print(response.status_code)
print(response.text)
print(response.headers)
输出了
300
Supported tea type:
{‘Content-Type’: ‘text/html; charset=utf-8’, ‘Content-Length’: ‘19’, ‘Alternates’: ‘{“/the_super_great_hidden_url_for_brewing_tea/black_tea” {type message/teapot}}’, ‘Server’: ‘Werkzeug/0.14.1 Python/3.6.6’, ‘Date’: ‘Fri, 12 Oct 2018 07:56:21 GMT’}
修改python代码,路径添加black_tea
import requests as re
headers={'Content-Type':'message/teapot'}
response=re.request("brew","http://202.38.95.46:12005/the_super_great_hidden_url_for_brewing_tea/black_tea",headers=headers)
print(response.status_code)
print(response.text)
print(response.headers)
输出了
200
Here is your tea: flag{delivering_tea_to_DaLa0}
{‘Content-Type’: ‘text/html; charset=utf-8’, ‘Content-Length’: ‘47’, ‘Server’: ‘Werkzeug/0.14.1 Python/3.6.6’, ‘Date’: ‘Fri, 12 Oct 2018 07:33:46 GMT’}
得到第二个Flag
flag{delivering_tea_to_DaLa0}