打开链接“http://ctf5.shiyanbar.com/web/10/10.php”,从页面内容未发现明显信息,查看源代码发现“please post what you find with parameter:key”,f12看到返回response headers中有flag字样,看起来是base64加密,然后构造Post包,重新请求,即可获得flag

【实验吧】CTF_Web_天下武功唯快不破-LMLPHP

附Python3脚本

#coding:utf-8
import base64
import urllib.request
import urllib.parse url = 'http://ctf5.shiyanbar.com/web/10/10.php'
response = urllib.request.urlopen(url).info()
flag = response.get('FLAG')
flag1 = base64.b64decode(flag).decode()
flag2 = flag1.split(':')[1]
print(flag2)
req = urllib.parse.urlencode({'key':flag2}).encode()
print(req)
response1 = urllib.request.urlopen(url,data=req).read()
print(response1)
05-11 19:30