base解码可得压缩包密码
二分法盲注
python
import urllib.parse,re
with open(r'access.log','r') as f:
log=f.readlines()
dict1={}
count=0
#判断逻辑,最后一个fasle则取自身;最后一个为true则加1;
for each in log:
res=re.findall(r'flag\),(\d+),1\)\)>(\d+) HTTP/1.1\" (\d+) (\d+)',urllib.parse.unquote(each))
if res and res[0][3]=='699' :#last 404 ,the char will add to dict
dict1[res[0][0]]=chr(int(res[0][1])+1)
if res and res[0][3]=='704' :#last 404 ,the char will add to dict
dict1[res[0][0]]=chr(int(res[0][1]))
count+=1
print(dict1,len(dict1))
print(''.join(dict1.values()))
其实是个zip 文件
DASCTF{fd67c1798e9cb29e8fc467e9dcefbd7f}