去找Todd
HMV Lab Temperance
Todd
  2024-06-04 08:36:09   2024-10-16 16:44:59  3.4k 字  20 分钟  

For people who plays CTF and wants to program some shit.

levelx00

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Connect to the host and receive the message / Conecta al host y recibes la intro general.
    print('Receiving Intro')
    data = s.recv(1024)
    print(data)

    # Send "levelx00" to choose the level / Envia levelx00 para elegir el nivel.
    s.send(b'levelx00')

    # Receive the challenge / Recibe el challenge.
    print('Receiving challenge.')
    data2 = s.recv(1024)
    print(data2)

    # Send the challenge solved / Envia el resultado del challenge.
    print('Envio reto')
    s.send(data2)

    # Receive the flag / Recibe la flag.
    print('Recibo flag')
    data3 = s.recv(1024)
    print(data3)


levelx01

1
2
3
4
5
6
7
8
9
10
11
12
13

# Codename: levelx01
# Mission: This mission is similar to the previous one, but adding a minimum of complexity :)
# You will receive a string, you must return the same string and you will
# receive another string which you must also return.
s.send(b'levelx01')
while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp)

levelx02

1
2
3
4
5
6
7
8
9
10
11
12

# Codename: levelx02
# Mission: In this mission you will receive a string and you must return the same string but converted to uppercase.
s.send(b'levelx02')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp.upper())

levelx03

1
2
3
4
5
6
7
8
9
10
11
# Codename: levelx03
# Mission: In this mission you will receive a string in base64, you must do the decode and return the result.

s.send(b'levelx03')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(base64.b64decode(temp))

levelx04

1
2
3
4
5
6
7
8
9
10
11
# Codename: levelx04
# Mission: In this mission you will receive a string and you must return it in reverse.
s.send(b'levelx04')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp[::-1])

levelx05

1
2
3
4
5
6
7
8
9
10
11
 # Codename: levelx05
# Mission: In this mission you will receive a string and you must return the last 5 chars.
s.send(b'levelx05')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp[-5:])

levelx06

1
2
3
4
5
6
7
8
9
10
11
# Codename: levelx06
# Mission: In this mission you will receive a string and you must return its length. (as string, not as int).

s.send(b'levelx06')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(str(len(temp)).encode())

levelx07

1
2
3
4
5
6
7
8
9
10
11
# Codename:levelx07
# Mission: In this mission you will receive a string in hexadecimal format, you must return it converted to ascii.
s.send(b'levelx07')
while True:
    temp = s.recv(1024)
    # 474b736a55527876496d7468446b6e65434c417a694f575062
    print(temp)

    if b'Flag' in temp:
        break
    s.send(bytes.fromhex(temp.decode()))

levelx08

1
2
3
4
5
6
7
8
9
10
11
12
# Codename:levelx08
# Mission: In this mission you will receive 2 numbers, you must return the result of adding both.

s.send(b'levelx08')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp = temp.split()
    s.send(str(int(temp[0]) + int(temp[1])).encode())

levelx09

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67


def decrypt_rot13(string):
    solvedArray = []
    for i in string:
        i = ord(i)
        if (i >= 97 and i <= 122):  # If ASCII letter is lowercase - ASCII Value from 97 till 122
            ogAns = chr(i)
            rot13_uni = int(i + 13)
            print("rot13_uni is: ", rot13_uni)
            if (rot13_uni > 122):
                ans = chr(i - 13)
                print("-------")
                print("13 is being deducted")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i - 13)
                solvedArray.append(ans)
            else:
                ans = chr(i + 13)
                print("-------")
                print("13 is being added")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i + 13)
                solvedArray.append(ans)
        elif (i >= 65 and i <= 90):  # or If ASCII letter is uppercase - ASCII Value from 65 till 90.
            ogAns = chr(i)
            rot13_uni = int(i + 13)
            print("rot13_uni is: ", rot13_uni)
            if (rot13_uni > 90):
                ans = chr(i - 13)
                print("-------")
                print("13 is being deducted")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i - 13)
                solvedArray.append(ans)
            else:
                ans = chr(i + 13)
                print("-------")
                print("13 is being added")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i + 13)
                solvedArray.append(ans)
        else:
            ans = chr(i)
            print("-------")
            print("SPECIAL CHARACTER: ", ans)  # In case of any other characters.
            solvedArray.append(ans)

    # Convert Array to string
    return "".join([str(i) for i in solvedArray])


# Codename:levelx09
# Mission: In this mission you will receive a string encrypted with ROT13, you must decode it and return the result.

s.send(b'levelx09')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(decrypt_rot13(temp.decode()).encode())

levelx10

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Codename:levelx10
# Mission: In this mission you will receive numbers separated by spaces, you must return them in order from
# smallest to largest and without separating them with spaces.

s.send(b'levelx10')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    temp2.sort()
    print(temp2)
    s.send(str.encode("".join(temp2)))

levelx11

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 # Codename: levelx11
# Mission: In this mission you will receive a string in Morse code, you must decode it and return it.
#
# Example:
# HMV(Input): .-- ...- .-. --.. -... --.. ... ..- ...-- .... ..--- -.- ...
# .-- --... .-- .... ---.. -..- ..-. .... .. ----. .-. ....
#
# Hacker(Output): WVRZBZSU3H2KSW7WH8XFHI9RH

s.send(b'levelx11')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    # Convert Morse code to text
    # Morse code dictionary
    morse_code_dict = {
        'A': '.-', 'B': '-...', 'C': '-.-.', 'D': '-..', 'E': '.', 'F': '..-.', 'G': '--.', 'H': '....',
        'I': '..', 'J': '.---', 'K': '-.-', 'L': '.-..', 'M': '--', 'N': '-.', 'O': '---', 'P': '.--.',
        'Q': '--.-', 'R': '.-.', 'S': '...', 'T': '-', 'U': '..-', 'V': '...-', 'W': '.--', 'X': '-..-',
        'Y': '-.--', 'Z': '--..',
        '0': '-----', '1': '.----', '2': '..---', '3': '...--', '4': '....-', '5': '.....', '6': '-....',
        '7': '--...', '8': '---..', '9': '----.'
    }
    # Convert Morse code to text
    solvedArray = []
    for i in temp2:
        for key, value in morse_code_dict.items():
            if i == value:
                solvedArray.append(key)
    # Convert Array to string
    s.send(str.encode("".join(solvedArray)))

levelx12

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

 # Codename: levelx12
# Mission: In this mission you receive a string and a number, you must return the string repeated n number of times.
#
# Example:
# HMV(Input): JwSIK 17
#
# Hacker(Output): JwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIK

s.send(b'levelx12')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    solvedArray = []
    for i in range(int(temp2[1])):
        solvedArray.append(temp2[0])
    s.send(str.encode("".join(solvedArray)))

levelx13

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 # Codename: levelx13
# Mission: In this mission you receive a list of strings, you must sort them alphabetically and return the last string in the list.
# The characters "[" and "]" must be removed.
#
# Example:
# HMV(Input): [QJIFc brxkaCWxRDNRMjMDNQBcYPi wpzZBxlRMrvchppNmZcsSsqnSxQd nWxEVnDjUIWObjfZ gfsqzTsgfYYVjx wDeVgobCvrlaM cLFTLXrpnmSYsVaaTDnVArG
# dRbEsX KenQzY ZhDilcASluwhjcHlOrrX nPVXUIZELLdcm RsSrmYVHvonLJnv]
#
# Hacker(Output): wpzZBxlRMrvchppNmZcsSsqnSxQd

s.send(b'levelx13')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    temp2.sort()
    print(temp2)
    s.send(str.encode("".join(temp2[-1].replace('[', '').replace(']', ''))))

levelx14

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Codename: levelx14
# Mission: In this mission you receive a string and a character, you must return the number
# of times the character is repeated in the string.
#
# Example:
# HMV(Input): Kd5vfizCyqgwN2HlEWq2ZOMkaZmar7rmyCl0ssGf078aJ5J3FJKvLzijiqSbsK8ChhLZ1AI3GVhWnYXixY7J4q7KqKSA8t
# VYsQo0LHjjsGSyLHM9lwi8nVhQA7EUBFo1MJ2gPGo2Nywsz7qlq9C7cKC2xyTdVXVhciK6gMVgRdlOktkx5IMXcnHOSbsnagqDBM56CF87MBT2X
# MvUAPRbiEuZsMSIFGpFcNYAPOGD04def3j6a15xCVosZ9wLJI5cAk07aUxULniLYzWjCk64ZDsvisGlG2wqIFpMwnMG24T52yHCQlwYYRNrTsLs
# awZzcUfeutE00WRvcAPyRAYsJRXqaFX9m9teOIA1UqoZfLkRdur3pla6cJxYGl1hi1REClkarFwCFmOAflXN2BZL8mzzK9wixxsvqx7iCL5ky79
# 0pF74MRXt8t09z2zW20qJTLg2UiAvl1ZQ8uB7JhVojRFY4LdW8bS6rQQ4iQGJwyeAzkNaPzwlQIFLdgt9UhdXIstPo7TotSSG60g1ln9G6w1OPU
# K951lrGrKmrCKEUvoGyL3HkToZtkywcL0eYyrW1BrkPTs95TvoUhLjp5Es3mqE x

s.send(b'levelx14')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    s.send(str.encode(str(temp2[0].count(temp2[1]))))

levelx15

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Codename: levelx15
# Mission: In this mission you receive a series of numbers, you must return what the next number in the series would be.
#
# Example:
# HMV(Input): 59 140 221 302 383
#
# Hacker(Output): 464

s.send(b'levelx15')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    s.send(str.encode(str(int(temp2[-1]) + int(temp2[1]) - int(temp2[0]))))


levelx16

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Codename: levelx16
# Mission: In this mission you receive a png encoded in base64, you must decode it and return
# the size in pixels of its width and height.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAADQAAABeCAYAAABsFzfXAAAAfUlEQVR4nOzPAQkAMBBFobH+oa/G46MN/G+MUJ1QnVCdU
# J1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVC
# dUN1c6AIAAP//yOQAvaQI2KYAAAAASUVORK5CYII=
#
# Hacker(Output): 52x94

s.send(b'levelx16')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

data = base64.b64decode(temp2)
img = Image.open(io.BytesIO(data))
print(img.size)
s.send(str.encode(str(img.size[0]) + 'x' + str(img.size[1])))

print(s.recv(1024))

levelx17

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Codename: levelx17
# Mission: In this mission you receive a 1 pixel png encoded in base64, you must decode it and return the last RGBA value.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAEUlEQVR4nGI6OPmFIiAAAP//Br0CYI/JSpAAAAAASUVORK5CYII=
#
# Hacker(Output): 33

s.send(b'levelx17')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

data = base64.b64decode(temp2)
img = Image.open(io.BytesIO(data))

print(img.getpixel((0, 0)))
s.send(str.encode(str(img.getpixel((0, 0))[-1])))
print(s.recv(1024))

levelx18

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# Codename: levelx18
    # Mission: In this mission you receive a string and you must return the string converted to binary.
    #
    # Example:
    # HMV(Input): gEmcaIqBNT1z7ikGg1y0RlWZ4ApGvzmOrMBNtHQuycspIMoWDk
    #
    # Hacker(Output): 0110011101000101011011010110001101100001010010010111000101000010010011100101010000
    # 110001011110100011011101101001011010110100011101100111001100010111100100110000010100100110110001010
    # 111010110100011010001000001011100000100011101110110011110100110110101001111011100100100110101000010
    # 010011100111010001001000010100010111010101111001011000110111001101110000010010010100110101101111010
    # 101110100010001101011

    s.send(b'levelx18')
    temp = s.recv(1024)
    print(temp)

    temp2 = temp.decode('utf-8')
    print(temp2)

    s.send(str.encode(''.join(format(ord(i), '08b') for i in temp2)))
    print(s.recv(1024))

levelx19

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  # Codename: levelx19
# Mission: In this mission you will receive a zip file encoded in base64, the zip file contains a .txt file
# which contains a string inside. You should return the string inside the .txt file.
#
# Example:
# HMV(Input): UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAHAAAASE1WLnR4dKpMCg7NTk5yC6+qCnANyckzt0j1Mwp2KgpK9
# kg1yw4K8TLNdPPPzjExqKzMyQlNLTfLAgQAAP//UEsHCMc6NsY4AAAAMgAAAFBLAQIUABQACAAIAAAAAADHOjbGOAAAADIAAAAHAAA
# AAAAAAAAAAAAAAAAAAABITVYudHh0UEsFBgAAAAABAAEANQAAAG0AAAAAAA==
#
# Hacker(Output): ybSUkcbFWzzPETln78eN2SBrRcHe6kRTJ5iFOkl40yyllUew6j

s.send(b'levelx19')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
import zipfile

data = base64.b64decode(temp2)
with open('temp.zip', 'wb') as f:
    f.write(data)
with zipfile.ZipFile('temp.zip', 'r') as z:
    with z.open(z.namelist()[0]) as f:
        str_data = f.read().decode('utf-8')
        print(str_data)
        s.send(str_data.encode('utf-8'))
print(s.recv(1024))

levelx20

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 # Codename: levelx20
# Mission: In this mission you receive some of the first 50 words from the Rockyou dictionary in MD5.
# You must send which word the md5 corresponds to.
#
# Example:
# HMV(Input): f25a2fc72690b780b2a14e140ef6a9e0
#
# Hacker(Output): iloveyou

s.send(b'levelx20')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)
import hashlib

# 读取./rockyou.txt 前 50 行
rockyou_md5_dic = {}
with open('./rockyou.txt', 'r', encoding='ISO-8859-1') as f:
    rockyou = f.readlines()[:50]
    for line in rockyou:
        rockyou_md5_dic.update({hashlib.md5(line.strip().encode()).hexdigest(): line.strip()})

print(len(rockyou_md5_dic))
find = rockyou_md5_dic.get(temp2)
print(find)
s.send(str.encode(find))
print(s.recv(1024))

levelx21

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Codename: levelx21
# Mission: In this mission you will receive a number and you must return what amount of KB that number corresponds to.
#
# Example:
# HMV(Input): 52321
#
# Hacker(Output): 51.09KB

s.send(b'levelx21')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

s.send(str.encode(calculate_kb(float(temp2))))

print(s.recv(1024))


levelx22

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Codename: levelx22
# Mission: In this mission you will receive a list of decimal numbers, you must return them converted into their value to ASCII.
#
# Example:
# HMV(Input): 56 116 110 76 90 70 119 49 103 66
#
# Hacker(Output): 8tnLZFw1gB

s.send(b'levelx22')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8').split(' ')
print(temp2)

result = ''
for i in temp2:
    result += chr(int(i))

print(result)
s.send(str.encode(result))
print(s.recv(1024))

levelx23

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 # Codename: levelx23
# Mission: In this mission you will receive a 5x1 pixel png encoded in base64, you must read the last RGBA
# value of each pixel, convert it to ascii and return the result.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAAUAAAABCAYAAAAW/mTzAAAAIklEQVR4nGJpk+BMd+Jkvbf
# n02/lr5f+c1U+5TwOCAAA//9bkgoL6P+/xQAAAABJRU5ErkJggg==
#
# Hacker(Output): gEhr9

s.send(b'levelx23')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

img = Image.open(io.BytesIO(base64.b64decode(temp2)))
print(img.size)

result = ''
for x in range(5):
    r, g, b, a = img.getpixel((x, 0))
    result += chr(a)

print(result)
s.send(str.encode(result))

print(s.recv(1024))

levelx24

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Codename: levelx24
# Mission: In this mission you will receive a URL which you must visit, you must return the string found on the web.
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/uwu/3312
#
# Hacker(Output): 4441514

s.send(b'levelx24')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
print(r.text)
s.send(str.encode(r.text))

print(s.recv(1024))


levelx25

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Codename: levelx25
# Mission: In this mission you will receive a URL which you must visit, you must return
# the value found in a header (HMV-Header).
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/head/673
#
# Hacker(Output): 917182

s.send(b'levelx25')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
print(r.headers)
s.send(str.encode(r.headers['Hmv-Code']))

print(s.recv(1024))

levelx26

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 # Codename: levelx26
# Mission: In this mission you will receive a png encoded in base64, you must decode it and send the number found in the image.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAJYAAAAyCAYAAAC+jCIaAAABL0lEQVR4nOzYQU6zQBiA4fbPfxWX3v8gL
# j1MTRcmhBQ6VN5azPNs1BkzkvAGv/LvBAFhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRA
# Wif97H3h5f7vcWj9/fJ7nvzNd27K3dN6WvZHr5MVNb+LS91v27q1/r63tjZ7Fi1qL5TQYwdYYHglLVPtKZ6zrzXr2v5ZHnki/c
# Z1/3e4zVunWjHX9Ol+fzmlLe7SysPZ+CszPm/689nfuXYOnVeMwrxvcfIbnnNFPhXsN4aOfNPm5p89Y8xloZO/WbLT0rmp+5to
# ecDCHmbE4FmGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWia8AAAD//6oWtSXo+kn1AAAAAElFTkSuQmCC
#
# Hacker(Output): 7006997

s.send(b'levelx26')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

img = Image.open(io.BytesIO(base64.b64decode(temp2)))
print(img.size)
# 写入图片
img.save('levelx26.png')
# import ddddocr
#
# ocr = ddddocr.DdddOcr(beta=True)
# result = ocr.classification(img, png_fix=True,)
# print(result)
# s.send(str.encode(result))

import pyocr
import pyocr.builders

tools = pyocr.get_available_tools()
if len(tools) == 0:
    print("No OCR tool found")
    exit(1)
ocr_tool = tools[0]
text = ocr_tool.image_to_string(
    img,
    lang='eng',
    builder=pyocr.builders.TextBuilder()
)
print(text)
s.send(str.encode(text))

print(s.recv(1024))

levelx27

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 # Codename: levelx27
# Mission: In this mission you will receive a URL which you must visit, in the body of the
# URL there is data from a /etc/passwd file, you must return the UID of the proxy user.
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/cumment/3390/
# HMV(Web Body): ---SNIP--- proxy:x:4735654:13:proxy:/bin:/usr/sbin/nologin ---SNIP---
#
# Hacker(Output): 4735654

s.send(b'levelx27')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
text = r.text
print(text)
for line in text.split('\n'):
    if 'proxy:' in line:
        print(line)
        print(line.split(':')[2])
        s.send(str.encode(line.split(':')[2]))

print(s.recv(1024))

levelx28

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Codename: levelx28
# Mission: In this mission you receive a JWT token. You must decode it and send the value of the HMVKey. (Default key).
#
# Example:
# HMV(Input): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJITVZLZXkiOiJVbHFlc0h0bHZIQVdEYVAifQ.65O1aZHiVaGep-QA0-LZRnWXcDF8bZT_E7BXvXaYMUI
#
# Hacker(Output): UlqesHtlvHAWDaP

s.send(b'levelx28')
temp = s.recv(1024)
print(temp)

import base64

temp2 = temp.decode('utf-8')
print(temp2)
parts = temp2.split('.')
print(parts)
payload_part = json.loads(decode_base64(parts[1]).decode())

print(payload_part)

s.send(str.encode(payload_part['HMVKey']))

print(s.recv(1024))

levelx29

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Codename: levelx29
# Mission: In this mission you receive 2 coordinates, you must calculate how many KM there are between them
# and return the result (with 3 decimal).
#
# Example:
# HMV(Input): Lat: 23 Lon: 21 - Lat: 25 Lon: 16
#
# Hacker(Output): 554.830

s.send(b'levelx29')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)
# Lat: 90 Lon: 38 - Lat: 24 Lon: 79
# 匹配出数字
import re

result = re.findall(r'\d+', temp2)
print(result)
# 计算距离
from geopy.distance import geodesic

pa = Point(latitude=result[0], longitude=result[1])
pb = Point(latitude=result[2], longitude=result[3])
print(geodesic(pa, pb).kilometers)
s.send(str.encode(str(round(geodesic(pa, pb).kilometers, 3))))

print(s.recv(1024))

levelx30

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 # Codename: levelx30
# Mission: In this mission we must use XOR and send the resulting string.(key=HMV)
#
# Example:
# HMV(Input): <49#0,)'%;:!0.!,
# ,�"?!/
#
# Hacker(Output): tyMafELksowokYfddVZjsswwxcwdDJMGsMKaENYVaLMJDjrRib

s.send(b'levelx30')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)

key = 'HMV'
result = ''
for i in range(len(temp2)):
    result += chr(ord(temp2[i]) ^ ord(key[i % len(key)]))

print(result)
s.send(str.encode(result))

print(s.recv(1024))

levelx31

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Codename: levelx31
# Mission: In this mission you receive a png encoded in base64, you must decode it, read the QR code found inside
# and return the string that indicates the QR.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAGQAAABkEAAAAAAFGRbLAAABn0lEQVR4nOyazW7EMAiEm2rf/5W3J1+IED8mzXg033GbxhnhERjz+
# X5/KPh9+wOmkBA0JAQNCUHjY3+4rt6LvHy03hf9fXc9mohICBo3jyyyNZi3x6037HP2/bvr0UREQtBwPbLw9mQ3b0ReqK63oImIhKARemSXyDNT0EREQtB
# 4zCPZGmwKmohICBqhR7p72Z5Dst7orkcTEQlBw/VIt9/kYT1jvbC7Hk1EJASNa7rm+a/zh4UmIhKChns/4vVsPdbzUX7o5g/1tU6DRkg6j0zt9YjoPsXLU
# zQRkRA02ueRqie8PZ69D4lqOJqISAga5VmU6kyJ54VqXlKtdRo0Qm4eiWoaS7ZPlX1vNn+p1kKHRsj2vFa1JvLY9Q5NRCQEjfG5324+6XpyQRMRCUFjfO4
# 3u/e7s42qtU6BRsj43K/9v6iflZ2dV1/rNGiEPDbTmO1nRbWY/d2DJiISgsbjc79RPvCeq575aSIiIWiMz/1m+1LReaP6HTQRkRA0xud+s3eJ1fyi88hp0
# AgZn/t9C5qISAgaEoKGhKDxFwAA//9Pk6bevZKZBwAAAABJRU5ErkJggg==
#
# Hacker(Output): xfZfsIM

s.send(b'levelx31')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)
import base64

imgdata = base64.b64decode(temp2)
filename = 'levelx31.png'
with open(filename, 'wb') as f:
    f.write(imgdata)

import cv2

img = cv2.imread(filename)
qrCodeDetector = cv2.QRCodeDetector()
data, bbox, straight_qrcode = qrCodeDetector.detectAndDecode(img)

s.send(str.encode(data))

print(s.recv(1024))

levelx32

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Codename: levelx32
# Mission: In this mission you receive an md5 and a string. You must permute the string until it matches md5 and return the string.
#
# Example:
# HMV(Input): c142e7e8b1d42f4d6f36dfa760174b3a KOSltuvxy
#
# Hacker(Output): OSylutxKv

s.send(b'levelx32')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)

import hashlib

parts = temp2.split(' ')
print(parts)
md5 = parts[0]
string = parts[1]

letters = list(string)
print(letters)
# 所有字母的排列组合
result = ''
import itertools

for perm in itertools.permutations(letters):
    result = ''.join(perm)
    if hashlib.md5(result.encode()).hexdigest() == md5:
        break

print(result)
s.send(str.encode(result))

print(s.recv(1024))

HMV Lab Temperance
2024/06/04/hmv-Temperance/
作者
Todd
发布于
2024-06-04 08:36
许可
  1. 1. levelx00
  2. 2. levelx01
  3. 3. levelx02
  4. 4. levelx03
  5. 5. levelx04
  6. 6. levelx05
  7. 7. levelx06
  8. 8. levelx07
  9. 9. levelx08
  10. 10. levelx09
  11. 11. levelx10
  12. 12. levelx11
  13. 13. levelx12
  14. 14. levelx13
  15. 15. levelx14
  16. 16. levelx15
  17. 17. levelx16
  18. 18. levelx17
  19. 19. levelx18
  20. 20. levelx19
  21. 21. levelx20
  22. 22. levelx21
  23. 23. levelx22
  24. 24. levelx23
  25. 25. levelx24
  26. 26. levelx25
  27. 27. levelx26
  28. 28. levelx27
  29. 29. levelx28
  30. 30. levelx29
  31. 31. levelx30
  32. 32. levelx31
  33. 33. levelx32
© 2018 - 2024    Todd
由 Hexo 驱动 & 主题 Keep
本站由 提供部署服务
总字数 74.6k 访客数 访问量
  1. 1. levelx00
  2. 2. levelx01
  3. 3. levelx02
  4. 4. levelx03
  5. 5. levelx04
  6. 6. levelx05
  7. 7. levelx06
  8. 8. levelx07
  9. 9. levelx08
  10. 10. levelx09
  11. 11. levelx10
  12. 12. levelx11
  13. 13. levelx12
  14. 14. levelx13
  15. 15. levelx14
  16. 16. levelx15
  17. 17. levelx16
  18. 18. levelx17
  19. 19. levelx18
  20. 20. levelx19
  21. 21. levelx20
  22. 22. levelx21
  23. 23. levelx22
  24. 24. levelx23
  25. 25. levelx24
  26. 26. levelx25
  27. 27. levelx26
  28. 28. levelx27
  29. 29. levelx28
  30. 30. levelx29
  31. 31. levelx30
  32. 32. levelx31
  33. 33. levelx32