原理:

http://www.freebuf.com/articles/web/111927.html

https://blog.csdn.net/blues1021/article/details/45165777

在web的信息传输中,经常会有cookie值等,这其中运用了deflate压缩算法。当我们可以控制输入、且可以观察到输出时,我们就可以一位一位的暴力输入,观察输出的长度是否变化。在尝试过程中,长度缩小,说明该位爆破成功,可以进入下一位的爆破,从而得到想要的信息。


题目链接:

https://github.com/sonickun/ctf-crypto-writeups/blob/master/2016/hack.lu-ctf/cornelius1/server.rb


题目分析:

def get_auth(user)
  data = [user, "flag:"+File.read("flag.key").strip]
  json = JSON.dump(data)
  zip = Zlib.deflate(json)
  return Base64.strict_encode64(encrypt(zip))
end

这里是deflate压缩,且data的后一段字符前缀是flag:

所以,如果我们的user前缀也是flag:,那么会出现信息压缩,就可以从下一位开始爆破,出现一个短一点的说明爆破正确


题解链接:

http://73spica.tech/blog/hack-lu-ctf-2016-write-up-cornelius1/

https://ctf.rip/hack-lu-ctf-2016-cornelius1-crypto-challenge/

https://github.com/sonickun/ctf-crypto-writeups/blob/master/2016/hack.lu-ctf/cornelius1/solver.py

#!/usr/bin/python
import requests, string
url = "https://cthulhu.fluxfingers.net:1505/"
user = "flag:"
suffix1 = "BCDEFGHIJKL"
s = requests.Session()
baseline = []
while True:
    for i in range(50):
        r = s.get(url, params={'user':user+"#"+suffix1})
        auth = r.cookies['auth']
        baseline.append(len(auth))
        before = len(user)
        for c in string.printable:
            userfield = user+c+suffix1
            r = s.get(url, params={'user':userfield})
            auth = r.cookies['auth']
            if len(auth) < baseline[i]:
                user += c
                break
        if len(user) == before:
            print "[*] Flag: flag{"+user.replace('flag:','')+"}"
            quit()

贴了一个最好理解的代码放在这,来自第二个链接