🥇 Kedu ihe ụbụrụ nwa akwụkwọ na-amụta maka ụwa kọmputa nwere ike

Ụdị oge nke ụbọchị.

Mgbe m dechara edemede ọzọ na Bash, achọpụtara m na ihe niile kwesịrị ịdị iche kpamkpam, mana ihe niile na-arụ ọrụ. Achọrọ m igosi gị ihe rụrụ arụ na crutches m dere iji dozie nsogbu ahụ, ma na-enwebeghị ụgbọ ala nke ihe ọmụma. N'ikwu ya n'ụzọ ọzọ, caricature nke mmemme.

Ebumnuche

Ihe dị mkpa iji:

Egosipụtara ọtụtụ ukwe maka okwu ahụ, ewezuga n'ámá
Gafere ọtụtụ ukwe nke okwu abụọ

Maka gịnị? Ọfọn, ọ bụ ya - na ọ bụ ya.
Onye na-amaghị, a square uda (na nkịtị okwu - a square) bụ okwu abụọ ndị ikpeazụ akwụkwọ ozi abụọ na mkpoputa kwekọọ, nke (mgbe, nke a bụ nanị ihe) na-eme ka ha bụrụ uda. Dịka ọmụmaatụ, Roses na-eju oyi; taya - ụgbọ ala. Ojiji nke square na nsụgharị ọgbara ọhụrụ anabataghị nke ọma site na ndị mmadụ, n'ihi oge ochie ha.

mkpebi

Ọ dị m ka ihe kacha dịrị mfe bụ ide edemede na Bash nke na-eji generator rhyme dị adị - HOST, nke na-ahọrọ ha site na nkwenye, ọ bụghị site na mkpoputa. Kedu ụdị HOST? N'ihi na ọ bụrụ na ị gosi ezigbo aha saịtị ahụ, ha ga-asị na ọ bụ mgbasa ozi. Gịnị ma ị nọgide na-eji ya? Nke mbụ, n'agbanyeghị uru ọ na-ahọrọ n'ụda ndị dabere na consonances, ọ ka na-emepụta square. Nke abuo, ị ka ga-eji ụbụrụ gị chee echiche, wepụta oge na-agbanwe n'etiti taabụ, na ume n'isi okwu ugboro ugboro n'ime ndepụta iji chọta udiri okwu abụọ.

Inweta ukwe siri ike

Kedu ihe m maara? Amaara m maka ịba uru wget, nke na-ebudata ibe na URL akọwapụtara. Ọ dị mma, ka anyị mee arịrịọ ahụ - anyị nwetara ibe HTML n'ime faịlụ aha ya na okwu na-ada ụda. Dịka ọmụmaatụ, ka anyị chọọ okwu a "ebe a":

wget https://HOST/rifma/здесь

Mana naanị m chọrọ ndepụta okwu, kedu ka m ga-esi wepụ ihe ọ bụla ọzọ? Anyị na-ele anya na-ahụ na a na-ahazi ndepụta okwu, n'agbanyeghị otú ọ pụrụ isi dị ịtụnanya, n'ụdị ndepụta, na okwu ndị dị na mkpado. Ọfọn, anyị nwere ezigbo uru. sed - ka anyị dee ya dị ka nke a:

cat $word | grep '<li>' | sed -e "s%<li>%%" | sed -e "s%</li>%%" | sed -e "s/ //g" | sed -e "/^$/d" 1> $word

Nke mbụ, anyị na-ahọrọ ahịrị site na faịlụ okwu nwere mkpado - anyị na-enweta ụyọkọ nke mkpado efu na ahịrị nwere okwu. Anyị na-ewepụ mkpado ahụ n'onwe ya na nke mmechi ya - ebe a ka a na-eji akara pasentị karịa slashes n'ihi na mkpado onwe ya enweela slash, ya mere. sed Aghọtaghị gị ntakịrị. Na ihe niile dị mma na mmasị. Anyị na-ewepụ oghere niile na faịlụ ahụ, wepụ ahịrị efu. Voila - ndepụta okwu dị njikere.

Iji wepu mkpụrụokwu ndị na-eji mkpụrụedemede ikpeazụ, họrọ mkpụrụedemede abụọ ikpeazụ n'okwu mbụ wee kpochapụ ndepụta ahụ:

squad=${word:((${#word}-2)):2}
cat $word | sed -e "/.$squad$/d" 1> $word

Anyị na-ele anya, anyị na-agbalị - ihe niile na-arụ ọrụ ... yabụ, ebee ka ndepụta okwu ahụ bụ "egwu" dị? Na maka okwu a "m na-aga"? Faịlụ efu! Nke a bụkwa n’ihi na okwu ndị a bụ ngwaa, anyị makwa ihe ha na-eme ndị na-eji ngwaa eme. Ngwaa ngwaa dị njọ karịa ọbụna ụda square, n'ihi na asụsụ Russian nwere ọtụtụ ngwaa, na ha niile nwere otu njedebe, nke mere na ha anọghị na faịlụ ikpeazụ mgbe ha nyochachara njedebe.

Agbanyeghị, anyị anaghị eme ngwa ngwa. Maka okwu ọ bụla, e nwere ọ bụghị naanị ukwe, kamakwa assonances, nke mgbe ụfọdụ na-ada nnọọ mma karịa ukwe - ya mere ha ji bụrụ assonances (French assonance, si Latin assono - m ụda na ụda).

Anyị na-enweta ndụmọdụ

Nke a bụ ebe ihe ọchị na-amalite: assonances pụtara na URL dị iche, yana n'otu ibe ahụ, site na ịme edemede, izipu arịrịọ HTTP na ịnweta nzaghachi. Kedu ka m ga-esi kwuo wget'Ị pịa bọtịnụ? Ma ọ dịghị ụzọ. N'ụzọ dị mwute.

N'ịchọpụta na URL dị n'ahịrị ahụ na-agbanwe n'ụzọ ụfọdụ, depụtaghachiri m ihe dị ebe ahụ ka m gbanwee gaa na assonances wee mado ya na taabụ nchọgharị ọhụrụ - rhymes siri ike meghere. Ọ bụghị nke ahụ.

N'ezie, echere m, ọ bụghị ihe gbasara ihe nkesa ma e mezuru ederede na-ezigara ya arịrịọ, ma ọ bụ ma onye ahụ ejiri aka dee ya. Ya mere? Onye maara, ka anyị gaa lelee ya.

Ebe izipu? Kedu ihe ị ga-eziga? Arịrịọ HTTP na IP nkesa, enwere ihe dị ka GET ... mgbe ahụ enwere ihe HTTP / 1.1 ... Anyị kwesịrị ịhụ ihe nchọgharị na-eziga na ebe. Wụnye wireshark, lee anya okporo ụzọ:

0040 37 5d a3 84 27 e7 fb 13 6d 93 ed cd 56 04 9d 82 7]£.'çû.m.íÍV... 0050 32 7c fb 67 46 71 dd 36 4d 42 3d f3 62 1b e0 ad 2|ûgFqÝ6MB=ób.à. 0060 ef 87 be 05 6a f9 e1 01 41 fc 25 5b c0 77 d3 94 ï.¾.jùá.Aü%[ÀwÓ.
Um... gini? Ee ee, anyị nwere HTTPS. Ihe a ga-eme? Ewelite mwakpo MITM wara onwe gị? Dị ka o kwesịrị, onye ahụ a tara ahụhụ n'onwe ya ga-enyere anyị aka.

N'ozuzu, ebe m kpebiri ịgagharị ihe nchọgharị ahụ, emechara m chọta arịrịọ ahụ n'onwe ya na onye adreesị. Gaa:

Mkparịta ụka na ọnụ

telnet IP PORT
Trying IP...
Connected to IP.
Escape character is '^]'.
GET /rifma/%D0%BC%D0%B0%D1%82%D1%8C?mode=block&type=asn HTTP/1.1
Host: HOST
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Connection: close

HTTP/1.1 400 Bad Request
Server: nginx/1.8.0
Date: Sun, 03 Nov 2019 20:06:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 270
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
Connection closed by foreign host.

Hey. Hehehe. N'ezie, nke ahụ bụ ihe m tụrụ anya mgbe m na-eziga arịrịọ HTTP efu na ọdụ ụgbọ mmiri HTTPS. Anyị kwesịrị izochi ya ugbu a? Ihe a niile nwere igodo RSA, wee jiri SHA256. Ntak, e nwere OpenSSL maka ihe ndị dị otú ahụ. Ọ dị mma, anyị amatalarị ihe anyị ga-eme, anyị ga-ebu ụzọ wepụ mpaghara Referer na kuki - echere m na ha agaghị emetụta okwu ahụ nke ukwuu:

Mkparịta ụka na ọnụ

openssl s_client -connect IP:PORT
{Всякие ключи, сертификаты}
GET /rifma/%D0%B7%D0%B4%D0%B5%D1%81%D1%8C?mode=block&type=asn HTTP/1.1
Host: HOST
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/javascript,text/html,application/xml,text/xml,*/*
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Status: 200 OK
Date: Sun, 03 Nov 2019 20:34:33 GMT
Set-Cookie: COOKIE
X-Powered-By: Phusion Passenger 5.0.16
Server: nginx/1.8.0 + Phusion Passenger 5.0.16
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: block-all-mixed-content
Content-Encoding: gzip

Gịnị bụ ihe a, na-aṅụ iyi na ihe nkesa? Ọfọn, opekata mpe, ha zara m 200 OK, nke pụtara na kuki na onye na-ezo aka anaghị emetụta ihe ọ bụla. Mkpakọ bụ gzip, mana mgbe ị na-edegharị, a na-eṅomi mkpụrụedemede ASCII. N'ezie, ị nwere ike wepu ahịrị Nabata-ndokwa. Ihe niile dị mma - anyị na-enweta akwụkwọ HTML, ugbu a na assonances. Mana ebe a bụ ajụjụ abụọ: otu esi agba OpenSSL wee nyefee data na ya site na iji edemede? Na otu esi agụ mmepụta ma ọ bụrụ na mgbe anyị natara nzaghachi anyị na-anọgide, dị ka a pụrụ isi kwuo ya, na OpenSSL "shell"? Ọ bụrụ na ị nwere ike iwepụta ihe na nke abụọ, mana na nke mbụ ...

Ọ dị mma na e nwere Habrebe m gụrụ gbasara uru ahụ atụ anya, nke na-emezi usoro nke imekọrịta ihe na mmemme na-atụ anya mmekọrịta mmadụ na ibe ya. Inwe otu na-adọrọ adọrọ karịa ichere anya, na-amụba atụ anya script dabere na omume gị. Ọfọn, anyị na-amalite ya, mee ihe a niile ma ebe a bụ edemede emechara. Naanị ya bụ nnọọ nnukwu, na ihe niile n'ihi na OpenSSL na-egosiputa asambodo, igodo, na atụ anya na-echere mmepụta ihe a niile. Anyị chọrọ nke a? Mba. Anyị na-ewepụ ngwa ngwa mbụ niile, na-ahapụ naanị nkwụsị akara ikpeazụ 'r'. Anyị na-ewepụkwa onye ọrụ-onye nnọchi anya wee nabata ubi na arịrịọ anyị - ha anaghị emetụta ihe ọ bụla. Yabụ, ka anyị malite. Egburu edemede a, mana kedu ebe akwụkwọ HTML ahụ bara uru dị? na-atụ anya rie ya. Iji mee ka ọ gbasaa ya, ịkwesịrị itinye:

set results $expect_out(buffer)

tupu njedebe nke edemede - nke a bụ otú a ga-esi dee mmepụta nke executable atụ anya'om iwu na-egosipụta na ihuenyo. Na nchịkọta, ihe dị ka nke a:

expect'a script

#!/usr/bin/expect -f

set timeout -1
spawn openssl s_client -connect IP:PORT
match_max 100000
expect -exact "
---r
"
send -- "GET /rifma/%d0%b7%d0%b4%d0%b5%d1%81%d1%8c?mode=block&type=asn HTTP/1.1rHost: HOSTrAccept-Language: en-US,en;q=0.5rX-Requested-With: XMLHttpRequestrConnection: close"
expect -exact "GET /rifma/%d0%b7%d0%b4%d0%b5%d1%81%d1%8c?mode=block&type=asn HTTP/1.1r
Host: HOSTr
Accept-Language: en-US,en;q=0.5r
X-Requested-With: XMLHttpRequestr
Connection: close"
send -- "r"
set results $expect_out(buffer)
expect -exact "r
"
send -- "r"
expect eof

Ma nke ahụ abụghị naanị! Dị ka ị na-ahụ, na ihe atụ niile, arịrịọ URL kwụ ọtọ, mana ọ bụ URL na-ahụ maka okwu a ga-ejikọta ya na assonances. Ya mere ọ na-apụta na anyị ga-achọ okwu ahụ "% d0%b7%d0%b4%d0%b5%d1%81%d1%8c" na ASCII ma ọ bụ "ebe a" na UTF-8. Ihe a ga-eme? N'ezie, dị nnọọ nanị mepụta ọhụrụ script oge ọ bụla, enyi! Ọ bụghịkwa ọzọ ichere anya'om, na site n'enyemaka nkuzi mgbamejije, n'ihi na Na ọhụrụ anyị, ọ dịghị ihe na-agbanwe ma e wezụga okwu. Na ogologo ndụ nsogbu ọhụrụ: kedu ka anyị ga-esi jiri amamihe tụgharịa otu okwu sitere na Cyrillic ka ọ bụrụ usoro URL? Ọ dịghị ihe pụrụ iche maka ọnụ ma. Ọfọn, ọ dị mma, anyị nwere ike ime ya, nri? Nwere ike:

Lee ihe m nwere ike ime!

function furl {
furl=$(echo "$word" | sed 's:А:%d0%90:g;s:Б:%d0%91:g;s:В:%d0%92:g;s:Г:%d0%93:g;s:Д:%d0%94:g;s:Е:%d0%95:g;s:Ж:%d0%96:g;s:З:%d0%97:g;s:И:%d0%98:g;s:Й:%d0%99:g;s:К:%d0%9a:g;s:Л:%d0%9b:g;s:М:%d0%9c:g;s:Н:%d0%9d:g;s:О:%d0%9e:g;s:П:%d0%9f:g;s:Р:%d0%a0:g;s:С:%d0%a1:g;s:Т:%d0%a2:g;s:У:%d0%a3:g;s:Ф:%d0%a4:g;s:Х:%d0%a5:g;s:Ц:%d0%a6:g;s:Ч:%d0%a7:g;s:Ш:%d0%a8:g;s:Щ:%d0%a9:g;s:Ъ:%d0%aa:g;s:Ы:%d0%ab:g;s:Ь:%d0%ac:g;s:Э:%d0%ad:g;s:Ю:%d0%ae:g;s:Я:%d0%af:g;s:а:%d0%b0:g;s:б:%d0%b1:g;s:в:%d0%b2:g;s:г:%d0%b3:g;s:д:%d0%b4:g;s:е:%d0%b5:g;s:ж:%d0%b6:g;s:з:%d0%b7:g;s:и:%d0%b8:g;s:й:%d0%b9:g;s:к:%d0%ba:g;s:л:%d0%bb:g;s:м:%d0%bc:g;s:н:%d0%bd:g;s:о:%d0%be:g;s:п:%d0%bf:g;s:р:%d1%80:g;s:с:%d1%81:g;s:т:%d1%82:g;s:у:%d1%83:g;s:ф:%d1%84:g;s:х:%d1%85:g;s:ц:%d1%86:g;s:ч:%d1%87:g;s:ш:%d1%88:g;s:щ:%d1%89:g;s:ъ:%d1%8a:g;s:ы:%d1%8b:g;s:ь:%d1%8c:g;s:э:%d1%8d:g;s:ю:%d1%8e:g;s:я:%d1%8f:g;s:ё:%d1%91:g;s:Ё:%d0%81:g')}

Na mkpokọta, anyị nwere edemede na-atụgharị otu okwu ka ọ bụrụ ederede ASCII, na-ewepụta edemede ọzọ nke na-arịọ ibe saịtị nwere ndụmọdụ sitere na sava site na OpenSSL. Mgbe ahụ, anyị na-emegharị mmepụta nke edemede ikpeazụ na faịlụ na, n'ụzọ ochie, gafere ya "nzacha" oghere ndị ọzọ ma dee ha na faịlụ ahụ.

Njikọ nke ọtụtụ. N'okpuru ala

N'ezie, nke a bụ kpọmkwem ihe na-akpata obere nsogbu. Anyị na-eme usoro ndị a dị n'elu maka okwu abụọ, mgbe ahụ site na listi abụọ ahụ, anyị na-atụnyere okwu ọ bụla na nke ọ bụla ma ọ bụrụ na achọta otu egwuregwu, anyị na-ewepụta ya. Ugbu a, anyị nwere edemede nke na-ewe okwu abụọ dị ka ntinye na-egosiputa ndepụta okwu ndị na-ejikọta ha abụọ, na ọbụna na-eburu n'uche assonances, na ihe a nile na-enweghị iji aka gbanwee n'etiti taabụ anọ na icheta okwu "site na anya" - niile anakọtara, gua. maka ma tụfuo ya na-akpaghị aka. magburu onwe ya.

Ihe mere e ji bipụta akwụkwọ a bụ iji gosi na ọ bụrụ na mmadụ chọrọ ihe, na ọ ga-eme ya. Na-adịghị arụ ọrụ nke ukwuu, gbagọrọ agbagọ, na-asọ oyi, ma ọ ga-arụ ọrụ.

isi: www.habr.com

Kedu ihe ụbụrụ nwa akwụkwọ na-amụta banyere ụwa kọmputa nwere ike ime?

Ebumnuche

mkpebi

Inweta ukwe siri ike

Anyị na-enweta ndụmọdụ

Njikọ nke ọtụtụ. N'okpuru ala

Tinye a comment Отменить ответ