[LOS] Level14: assassin ํฌ์ŠคํŒ… ์ธ๋„ค์ผ ์ด๋ฏธ์ง€

War Games/Lord of SQLInjection

[LOS] Level14: assassin

Lord Of SQLInjection: lv.14 assassin assassin์ž…๋‹ˆ๋‹ค. ๋ณด๋ฉด ์‹ฑ๊ธ€์ฟผ๋ฆฌ๊ฐ€ ๊ฑธ๋Ÿฌ์ง€๊ณ  ์žˆ๋„ค์š”. ์ด๊ฑธ๋ณด๊ณ  ์‹ฑ๊ธ€์ฟผ๋ฆฌ๋ฅผ ์šฐํšŒํ•  ๋ฐฉ๋ฒ•์„ ์ฐพ๊ณ  ์žˆ์—ˆ๋Š”๋ฐ, ๊ฒฐ๊ตญ ์ฐพ์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค... ๊ทธ๋ž˜์„œ = ๋Œ€์‹  ์“ฐ์ธ like๋ฅผ ๋ณด์•˜์Šต๋‹ˆ๋‹ค. ๋ณด์•„ํ•˜๋‹ˆ like์˜ ์˜ต์…˜ ์ค‘ %์™€ _๊ฐ€ ์žˆ๋”๋ผ๊ตฌ์š”(์ •ํ™•ํ•˜๊ฒŒ๋Š” ์™€์ผ๋“œ์นด๋“œ๋ผ๊ณ  ํ•ฉ๋‹ˆ๋‹ค) %๋Š” ํ•ด๋‹นํ•˜๋Š” ๋ฌธ์ž์—ด์ด ํฌํ•จ๋œ ๋ชจ๋“  db์ค‘ ์ฒซ ๋ฒˆ์งธ db๋ฅผ ์ถœ๋ ฅํ•ด์ฃผ๊ณ , (linux์˜ *๊ณผ ๋Š๋‚Œ ๋น„์Šทํ•จ) _๋Š” ํ•ด๋‹นํ•˜๋Š” ๋ฌธ์ž์—ด์ด ์ •ํ™•ํžˆ ํฌํ•จ๋œ db๋ฅผ ์ถœ๋ ฅํ•ด์ค๋‹ˆ๋‹ค. ๊ธ€๋กœ๋Š” ์•Œ๊ธฐ ํž˜๋“œ๋‹ˆ ์˜ˆ์‹œ๋กœ ๋ด…์‹œ๋‹ค. A% : 'A'๋กœ ์‹œ์ž‘ํ•˜๋Š” ๋ชจ๋“  ๋ฌธ์ž์—ด %A% : 'A'๊ฐ€ ํฌํ•จ๋œ ๋ชจ๋“  ๋ฌธ์ž์—ด _A% : ๋‘ ๋ฒˆ์งธ ๋ฌธ์ž๊ฐ€ 'A'์ธ ๋ชจ๋“  ๋ฌธ์ž์—ด ์ฐธ๊ณ ๋กœ ์™€์ผ๋“œ์นด๋“œ์ค‘์— [](๋ฒ”์œ„ ์ •ํ•ด์ฃผ๋Š”๊ฑฐ)๋„ ์žˆ๋˜๋ฐ ์™ ..

2020.01.12 ๊ฒŒ์‹œ๋จ

[LOS] Level4: orc ํฌ์ŠคํŒ… ์ธ๋„ค์ผ ์ด๋ฏธ์ง€

War Games/Lord of SQLInjection

[LOS] Level4: orc

Lord Of SQLInjection: lv.4 orc orc์ž…๋‹ˆ๋‹ค. pw๋ฅผ ์ž…๋ ฅ๋ฐ›์•„์„œ admin์˜ ๋น„๋ฐ€๋ฒˆํ˜ธ์™€ ๊ฐ™์€์ง€ ๋น„๊ตํ•ด ๋ฌธ์ œ๋ฅผ ํ‘ธ๋Š” ๋ฐฉ์‹์˜ los๋„ค์š”. ์ด ๊ฒฝ์šฐ์—๋Š” ์ „์ˆ˜์กฐ์‚ฌ๋ฅผ ํ†ตํ•ด ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ํ•œ๊ธ€์ž์”ฉ ์•Œ์•„๋‚ด์•ผํ•˜๋Š”๋ฐ, ์ €๋Š” python์ฝ”๋”ฉ์„ ์ด์šฉํ–ˆ์Šต๋‹ˆ๋‹ค.(ver.2.7.15๊ธฐ์ค€) import httplib headers = {'Content-Type':'application/x-www-form-urlencoded', 'Cookie':'PHPSESSID=h8vk5n8gafml7kmsgv87809itt'} conn = httplib.HTTPSConnection('los.rubiya.kr', 443) pw = '' for i in range(10): for j in range(32, 127): conn.r..

2020.01.01 ๊ฒŒ์‹œ๋จ

[LOS] Level1: gremlin ํฌ์ŠคํŒ… ์ธ๋„ค์ผ ์ด๋ฏธ์ง€

War Games/Lord of SQLInjection

[LOS] Level1: gremlin

Lord Of SQLInjection LOS์‹œ์ž‘! ์ €๊ธฐ enter to the dungeon ํด๋ฆญํ•˜๋ฉด ์ฒ˜์Œ์ด๋ฉด join, or loginํ•ฉ์‹œ๋‹ค ์šฐ์„  ์ฒซ๋ฒˆ์งธ ๋‹จ๊ณ„์ธ gremlin๋‹จ๊ณ„์— ๋“ค์–ด๊ฐ€๋ฉด ๋‹ค์Œ๊ณผ ๊ฐ™์€ ํŽ˜์ด์ง€๊ฐ€ ๋œน๋‹ˆ๋‹ค.

2019.12.30 ๊ฒŒ์‹œ๋จ