pythonchallenge(20)

2014年10月18日 星期六 晴 http://www.pythonchallenge.com/pc/hex/idiot2.html

title：go away! 图片：private property, beyond this fence 提示：but inspecting it carefully is allowed. 图片本身没什么特别的内容，HTML Source也没有其他提示了，这段是暗示人入侵吧。

我喜欢用Firebug看，cookie还是上回做的了，the flowers are on their way。不过发现图片的响应头信息有这么一段Content-Range bytes 0-30202/2123456789，我觉得就是让人Hack这一段。

我们在headers加上Range，改变请求范围试试，之前是到30202，下意识就从30203开始了。我后来试过30202开始，程序崩溃了，提示urllib2.HTTPError: HTTP Error 416: Requested Range Not Satisfiable。

[code]def Challenge20(): import urllib2,base64 url = ‘http://www.pythonchallenge.com/pc/hex/unreal.jpg' req = urllib2.Request(url = url, headers={‘Range’: ‘bytes=30203-30204’,‘Authorization’: ‘Basic ’ + base64.b64encode(‘butter:fly’)}) rsp = urllib2.urlopen(req) print rsp.read() print rsp.info() [/code] 打印出 Why don’t you respect my privacy?

X-Powered-By: PHP/5.3.3-7+squeeze17 Content-Type: application/octet-stream Content-Transfer-Encoding: binary Content-Range: bytes 30203-30236/2123456789 Connection: close Transfer-Encoding: chunked Date: Sat, 18 Oct 2014 16:31:16 GMT Server: lighttpd/1.4.28

按照新的Content-Range30203-30236再试，发现还是30203-30236；又用30236-30237试，又提示我urllib2.HTTPError: HTTP Error 416: Requested Range Not Satisfiable，那肯定是要从30237开始了，试了一下，果然又变成30237-30283了，另外打印的信息是we can go on in this way for really long time.。到这里就明白了，出题者又要玩这种循环的游戏了。

[code]def Challenge20(): import urllib2,base64 url = ‘http://www.pythonchallenge.com/pc/hex/unreal.jpg' start = 30203 end = start + 1

range_obj = re.compile(‘‘‘bytes \d+-(\d+)/\d+’’’)

while 1: req = urllib2.Request(url = url, headers={‘Range’: ‘bytes=%d-%d’ % (int(start),int(end)),‘Authorization’: ‘Basic ’ + base64.b64encode(‘butter:fly’)}) rsp = urllib2.urlopen(req) print rsp.read() print rsp.info().dict[‘content-range’] objs = range_obj.findall(rsp.info().dict[‘content-range’]) if objs: start = int(objs[0]) + 1 end = start + 1 print start,end else: break[/code]

打印结果： Why don’t you respect my privacy?

30237 30238 we can go on in this way for really long time.

30284 30285 stop this!

30295 30296 invader! invader!

30313 30314 ok, invader. you are inside now.

30347 30348 Traceback (most recent call last): File “D:\code\pythonchallenge.py”, line 405, in main() File “D:\code\pythonchallenge.py”, line 402, in main Challenge20() File “D:\code\pythonchallenge.py”, line 388, in Challenge20 rsp = urllib2.urlopen(req) File “D:\Python27\lib\urllib2.py”, line 127, in urlopen return _opener.open(url, data, timeout) File “D:\Python27\lib\urllib2.py”, line 410, in open response = meth(req, response) File “D:\Python27\lib\urllib2.py”, line 523, in http_response ‘http’, request, response, code, msg, hdrs) File “D:\Python27\lib\urllib2.py”, line 448, in error return self._call_chain(*args) File “D:\Python27\lib\urllib2.py”, line 382, in _call_chain result = func(*args) File “D:\Python27\lib\urllib2.py”, line 531, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) urllib2.HTTPError: HTTP Error 416: Requested Range Not Satisfiable

没有得到预期结果，也根本不是longtime，才几次。这是为什么呢？不得其解，又试了试2123456789开始，打印出 esrever ni emankcin wen ruoy si drowssap eht 2123456789 2123456790

我看了这句话，我突然发现我对语言很敏感，尤其是第一个单词，esrever我一开始是从第三个字母开始看的，然后就能看成是reverse，但是其他单词没有这个规律，才发现是倒过来念的。

python就一句话的事情，print ’esrever ni emankcin wen ruoy si drowssap eht’[::-1] 得出the password is your new nickname in reverse。

ok, invader. you are inside now. –》nickname is invader，so password is redavni. 不知道是啥密码，把之前的fly改为redavni，提示我没权限，应该不是这个密码。

把print rsp.info().dict[‘content-range’]打印出来后发现总是提示bytes 2123456744-2123456788/2123456789

[code]def Challenge20(): import urllib2,base64 url = ‘http://www.pythonchallenge.com/pc/hex/unreal.jpg' start = 2123456789 end = start + 1

range_obj = re.compile(‘‘‘bytes (\d+)-\d+/\d+’’’)

while 1: req = urllib2.Request(url = url, headers={‘Range’: ‘bytes=%d-%d’ % (int(start),int(end)),‘Authorization’: ‘Basic ’ + base64.b64encode(‘butter:fly’)}) rsp = urllib2.urlopen(req) print rsp.read() print rsp.info().dict[‘content-range’] objs = range_obj.findall(rsp.info().dict[‘content-range’]) if objs: end = int(objs[0]) - 1 start = end - 1 print start,end else: break[/code] 有看到and it is hiding at 1152983631 .跟之前的信息不一样了，手动把start改为1152983631试试，打印出pk etx eot的字样，放狗搜索得知这是zip file的格式，也想明白了那个密码是zipfile的密码。

从1152983631到2123456789是不成功的，while循环打印出bytes 1152983631-1153223363/2123456789，于是要从1152983631读到1153223363。

[code]def Challenge20(): import urllib2,base64 url = ‘http://www.pythonchallenge.com/pc/hex/unreal.jpg' start = 1152983631 end = 2123456789

#range_obj = re.compile(‘‘‘bytes (\d+)-\d+/\d+’’’) while 1: req = urllib2.Request(url = url, headers={‘Range’: ‘bytes=%d-%d’ % (int(start),int(end)),‘Authorization’: ‘Basic ’ + base64.b64encode(‘butter:fly’)}) rsp = urllib2.urlopen(req) content = rsp.read() print rsp.info().dict[‘content-range’] #objs = range_obj.findall(rsp.info().dict[‘content-range’]) with open(‘Challenge20.zip’,‘wb’) as f: f.write(content) break[/code]

获得zipfile，输入redavni，读到文本内容：

Yes! This is really level 21 in here. And yes, After you solve it, you’ll be in level 22!

Now for the level:

• We used to play this game when we were kids
• When I had no idea what to do, I looked backwards.

没有看到Level22的url，看来就是要解决package.pack了。